Quick Start
Get started with SOVR in under 5 minutes. The SDK provides a complete execution firewall for AI agents, enforcing gate checks, approval workflows, permit signing, receipt submission, and trust bundle export.
import { SOVRClient } from '@sovr/sdk';
const sovr = new SOVRClient({
apiKey: process.env.SOVR_API_KEY,
endpoint: 'https://sovr-ai-mkzgqqeh.manus.space',
mode: 'cloud',
});
// 1. Gate Check — 检查操作是否允许
const gate = await sovr.gateCheck({
action: 'send_payment',
resource: 'stripe/charge',
context: { amount: 5000, currency: 'usd' },
});
console.log(gate.allowed); // true/false
console.log(gate.risk_score); // 0-100
console.log(gate.requires_approval); // true if human review needed
if (!gate.allowed) {
console.error('Blocked:', gate.reason);
process.exit(1);
}
// 2. Grant Permit — 获取执行许可证
const permit = await sovr.grantPermit({
decision_id: gate.decision_id,
ttl_seconds: 300,
});
// 3. Submit Receipt — 提交执行回执
const receipt = await sovr.submitReceipt({
decision_id: gate.decision_id,
permit_id: permit.permit_id,
external_ref: 'ch_abc123',
status: 'success',
started_at: Date.now() - 1000,
finished_at: Date.now(),
output_hash: 'sha256:...',
artifact_refs: ['charge:ch_abc123'],
idempotency_key: `pay_${Date.now()}`,
});
// 4. Export Bundle — 导出信任包
const bundle = await sovr.exportBundle({
decision_id: gate.decision_id,
include_merkle_proof: true,
include_signatures: true,
});
console.log('Trust chain sealed:', bundle.bundle_hash);Core Concepts
SOVR enforces a 5-step trust chain for every AI action. Each step produces cryptographic evidence that is chained together into an immutable audit trail.
Any past decision can be replayed against the current policy version using replayDecision(). This detects policy drift and ensures historical consistency.
Installation
npm install @sovr/sdk
# or
pnpm add @sovr/sdk
# or
yarn add @sovr/sdkRequirements: Node.js 18+ or any runtime with fetch support (Deno, Bun, Cloudflare Workers). The SDK has zero dependencies and uses the native fetch API.
Configuration
import { SOVRClient } from '@sovr/sdk';
const sovr = new SOVRClient({
apiKey: process.env.SOVR_API_KEY, // sovr_sk_... or admin key
endpoint: 'https://sovr-ai-mkzgqqeh.manus.space',
mode: 'cloud', // 'cloud' or 'mcp'
timeout: 30000, // ms (default: 30000)
maxRetries: 2, // transient error retries
});SOVR_API_KEYAPI key (sovr_sk_... or admin key)SOVR_API_ENDPOINTBase URL of the SOVR APISOVR_API_MODE'cloud' or 'mcp' (default: 'mcp')Cloud mode routes to /api/sovr/v1/cloud/* — use this for server-to-server integrations.
MCP mode routes to /api/mcp/* — use this for MCP tool integrations (Claude, Cursor, etc.).
SDK: Core Methods
The core trust chain methods. These are the primary API for enforcing the SOVR execution firewall.
SDK: OpenGuard Content Scanning
Scan content for security vulnerabilities, hallucinations, and policy violations.
SDK: Kill Switch
Emergency shutdown controls. Requires human approval by default.
SDK: Policy Management
SDK: Budget Management
Track and enforce budgets for human time, errors, model costs, and monetary spend.
SDK: Audit Trail
SDK: Monitoring
REST API Reference
Base URL: https://sovr-ai-mkzgqqeh.manus.space/api/sovr/v1/rest
Authentication: X-SOVR-API-Key: your_key or Authorization: Bearer your_key
REST: API Key Management
Manage per-tenant API keys programmatically. Requires admin-level API key.
Error Handling
The SDK throws SOVRError for all API errors. The error includes HTTP status code, error message, and retry information.
import { SOVRClient, SOVRError } from '@sovr/sdk';
const sovr = new SOVRClient({ /* ... */ });
try {
const gate = await sovr.gateCheck({
action: 'delete_database',
resource: 'production/users',
});
} catch (error) {
if (error instanceof SOVRError) {
switch (error.status) {
case 401:
console.error('Invalid API key');
break;
case 403:
console.error('Insufficient permissions');
break;
case 429:
console.error('Rate limited. Retry after:', error.retryAfter, 'seconds');
break;
case 500:
console.error('Server error:', error.message);
// SDK auto-retries transient errors (maxRetries config)
break;
default:
console.error('SOVR error:', error.status, error.message);
}
} else {
console.error('Network error:', error);
}
}Full Examples
Complete end-to-end example showing the full trust chain: Gate → Approval → Permit → Execute → Receipt → Bundle → Replay.
import { SOVRClient } from '@sovr/sdk';
async function executeWithSOVR(action: string, resource: string, context: Record<string, unknown>) {
const sovr = new SOVRClient({
apiKey: process.env.SOVR_API_KEY!,
endpoint: 'https://sovr-ai-mkzgqqeh.manus.space',
mode: 'cloud',
});
// Step 1: Gate Check
const gate = await sovr.gateCheck({ action, resource, context });
if (!gate.allowed) {
throw new Error(`Action blocked: ${gate.reason} (risk=${gate.risk_score})`);
}
// Step 2: If approval required, request it
if (gate.requires_approval) {
const approval = await sovr.requestApproval({
decision_id: gate.decision_id,
justification: `Automated ${action} on ${resource}`,
urgency: 'high',
notify_channels: ['telegram'],
});
console.log('Approval requested:', approval.approval_url);
console.log('Estimated wait:', approval.estimated_wait_seconds, 'seconds');
// In production: poll approval status or wait for webhook
return { status: 'pending_approval', approval };
}
// Step 3: Grant Permit
const permit = await sovr.grantPermit({
decision_id: gate.decision_id,
ttl_seconds: 300,
});
// Step 4: Execute the actual operation
const startedAt = Date.now();
let execResult: { success: boolean; ref: string; error?: string };
try {
// ... your business logic here ...
execResult = { success: true, ref: 'txn_xyz789' };
} catch (err: any) {
execResult = { success: false, ref: '', error: err.message };
}
// Step 5: Submit Receipt
const receipt = await sovr.submitReceipt({
decision_id: gate.decision_id,
permit_id: permit.permit_id,
external_ref: execResult.ref,
status: execResult.success ? 'success' : 'failure',
started_at: startedAt,
finished_at: Date.now(),
output_hash: 'sha256:placeholder',
artifact_refs: [execResult.ref],
idempotency_key: `${action}_${Date.now()}`,
error_code: execResult.error ? 'EXEC_FAILED' : undefined,
error_message: execResult.error,
});
// Step 6: Export Trust Bundle
const bundle = await sovr.exportBundle({
decision_id: gate.decision_id,
include_merkle_proof: true,
include_signatures: true,
});
// Step 7: (Optional) Replay Decision for audit
const replay = await sovr.replayDecision({
decision_id: gate.decision_id,
include_diff: true,
});
return {
decision_id: gate.decision_id,
allowed: gate.allowed,
receipt_id: receipt.receipt_id,
bundle_hash: bundle.bundle_hash,
replay_match: replay.match,
drift_detected: replay.drift_detected,
};
}
// Usage
const result = await executeWithSOVR(
'send_payment',
'stripe/charge',
{ amount: 5000, currency: 'usd', customer: 'cus_abc' }
);
console.log(result);