Utility clients
Initialize with
initializeFromShyConfig. All utility clients follow the sealer-governed pattern —deriveSealerKeyrequired.
Utility clients wrap storeClient semantics for specific hardware or network surfaces. They share the same bucket lifecycle, sealed submission, and biometric recovery model as storeClient. Configure via app.product_type in the shyconfig rather than a distinct contract_version.
hopClient
Seals follow-up destination metadata (next-hop address, port, transport) so route destinations are structurally absent from canonical state.
import { initializeFromShyConfig } from 'shyware/sdk/web/hopClient.js'
await client.sealFollowUpDestination({ scopingId, destination_address, destination_port, transport, ttl_ms })
await client.revealFollowUpDestination({ scopingId, submissionId })
await client.rotateFollowUpDestination({ scopingId, submissionId, newDestination })
product_type: shyhop | shystream | shycam | shyiot
shyhop improves canonical-state confidentiality for destination metadata. It does not hide first-hop network metadata at the transport layer.
camClient
Seals attested observation and liveness proofs as utility records.
import { initializeFromShyConfig } from 'shyware/sdk/web/camClient.js'
await client.sealObservationProof({ scopingId, payload })
await client.revealObservationProof({ scopingId, submissionId })
await client.rotateObservationProof({ scopingId, submissionId, newPayload })
product_type: shycam | shycustody | shystream | shyhop
IoTClient
Seals telemetry and device event payloads as utility records.
import { initializeFromShyConfig } from 'shyware/sdk/web/IoTClient.js'
await client.sealTelemetryRecord({ scopingId, payload })
await client.revealTelemetryRecord({ scopingId, submissionId })
await client.rotateTelemetryRecord({ scopingId, submissionId, newPayload })
product_type: shyiot | shycam
Shared manifest requirements
All utility clients require in the shyconfig:
storeblock presentanon_layer.black_box_required: true- At least one of
anon_layer.shyPayload: trueoranon_layer.shyIDV: true(defaults toshyPayloadif neither set) signing.required: true