For: Backend devs adding policy guardrails to an existing Node service

Node.js — first signed decision in 5 minutes

~5 min · prereqs: Node.js 20+ · Docker (for the daemon)

  1. 1

    Install the SDK

    TypeScript + ESM bundle, ~14 KB gzipped, no native deps.

    pnpm add @sbo3l/sdk
  2. 2

    Start the daemon

    SQLite-backed local daemon. Auth bypassed by default for dev.

    docker compose up sbo3l -d
curl -fsS http://localhost:8730/v1/healthz
    {"status":"ok"}
  3. 3

    Issue your first decision

    Wraps tool-use intent in an APRP envelope, daemon decides + signs the receipt.

    import { Sbo3lClient } from "@sbo3l/sdk";

const sbo3l = new Sbo3lClient({ url: "http://localhost:8730" });

const decision = await sbo3l.decide({
  agent_id: "research-01",
  intent: { kind: "erc20.transfer", to: "0xabc...", token: "USDC", amount: 100 },
});

console.log(decision.outcome, decision.receipt.signature.slice(0, 16) + "...");
    allow ed25519:9aF3-2bC7-8eD1-...
  4. 4

    Verify the capsule offline

    WASM verifier — same Rust code as the daemon, runs in Node + browser.

    import { verifyCapsule } from "@sbo3l/wasm-verifier";

const ok = verifyCapsule(decision.capsule);
console.log(ok ? "✓ all 6 strict-mode checks passed" : "✗ rejected");
    ✓ all 6 strict-mode checks passed