SDK contract
TrustPlane Auth SDKs are caller-side helpers for creating proof-bound requests. They help a caller build the same transcript-v1 request material that verifiers rebuild, then attach TrustPlane headers that bind a short-lived passport to the exact method, authority, path, query, selected headers, body hash, nonce, audience, route, passport ID, issued-at bucket, and key binding.
The first public SDK module is the Go preview module:
go get github.com/trustplane-dev/trustplane-auth-sdk-go@v0.1.0-rc.1
This is a preview release candidate. Pin the version explicitly and keep conformance checks in your integration tests.
What an SDK does
- Builds canonical transcript-v1 request material.
- Computes the request body SHA-256 value used in TrustPlane headers.
- Reads passport-bound fields such as audience, passport ID, issued-at time, key ID, key binding, and passport public key from the passport.
- Signs the transcript digest with caller-owned key material.
- Returns adapter-ready headers for a protected request.
What an SDK does not do
An SDK is not a verifier, Control API client, enrollment client, gateway plugin, policy engine, broker, or bundle distribution system. It does not decide whether a request should be allowed. The verifier path still owns passport validation, transcript rebuild, route/source policy, freshness, and replay consume-on-accept.
Language availability
| Language | Status |
|---|---|
| Go | Public preview module at github.com/trustplane-dev/trustplane-auth-sdk-go@v0.1.0-rc.1. |
| TypeScript | Future SDK lane. Do not cite an npm package as available yet. |
| Python | Future SDK lane. Do not cite a PyPI package as available yet. |
Use the conformance vectors to verify SDK behavior across implementations.