Plus / Pro Feature

Ephos SDK

The Ephos SDK is a zero-knowledge, zero-trust Identity Broker wrapper designed for autonomous AI agents. To maintain maximum security and transparency, we provide the SDK as a Self-Service Source File rather than a compiled package.

Access Restricted: The official Ephos SDK source is available exclusively to Plus and Pro users. You can download the latest version directly from your Dashboard after upgrading.

1. Implementation

Create a file named ephos-sdk.ts in your project and copy the source code directly from your Ephos Dashboard under the SDK tab.

2. Basic Usage

Initialize the EphosVault with your Scoped Identity and Token Secret. The SDK will automatically perform the Salt Handshake and local key derivation.

⚠️ Casing Requirement: The service parameter (e.g. 'TAVILY [DEV]') is case-sensitive and must match the service name defined in your Ephos Dashboard exactly. If the casing does not match exactly, the execution gateway will reject the request with a 400 Bad Request (Token not scoped for this service) error.

Why Local Derivation Matters: Ephos avoids transmitting long-lived decryption material across the network. Execution credentials are derived locally inside the agent runtime and used only for delegated proxy execution.

import { EphosVault } from './ephos-sdk'; const vault = new EphosVault({ token: 'et_live_...', // Scoped Identity (EPHOS_TOKEN) secret: 'ps_live_...' // Delegated Execution Secret (TOKEN_SECRET) }); // Initialize derivation (100k PBKDF2 iterations) await vault.init(); // Execute a proxied request const response = await vault.execute({ service: 'OpenAI [PROD]', targetUrl: 'https://api.openai.com/v1/chat/completions', method: 'POST', body: { model: 'gpt-4', messages: [{ role: 'user', content: 'Secure request via Ephos' }] } });

3. Runtime Compatibility

The Ephos SDK is completely runtime-agnostic. Rather than relying on platform-specific libraries, it uses the standard W3C Web Cryptography API (crypto.subtle). This allows the exact same SDK source file to run without modification in:

  • Node.js (v16+): Native standard support with an automatic dynamic fallback to the built-in webcrypto module for compatibility.
  • Bun & Deno: Natively supported out of the box with zero external dependencies.
  • Modern Browsers: Direct integration in React, Vue, Svelte, or vanilla JS applications (Chrome, Safari, Firefox, Edge).
  • Edge & Serverless: Native execution within Cloudflare Workers (V8 isolates), Vercel Edge, Netlify Edge, and AWS Lambda.

Delegated Execution Security

  • Zero-Knowledge Derivation: Your master decryption key is never transmitted. It is derived just-in-time within your application's volatile memory.
  • Hardened PBKDF2: The SDK enforces 100,000 iterations of PBKDF2-HMAC-SHA256 to increase resistance against offline credential cracking and intercepted secret material.
  • Ephemeral Lifecycle: The derived key is non-persistent and is cleared from memory as soon as the execution lifecycle completes.