AuthSec SDK provides enterprise authentication, authorization, service access, delegated trust, CIBA, and SPIFFE helpers for Python and TypeScript.
This repository is a monorepo. The root README is the landing page. Language-specific usage lives in the package READMEs.
| Package | Language | Install | Docs |
|---|---|---|---|
authsec-sdk |
Python | python3 -m pip install authsec-sdk |
packages/python-sdk/README.md |
@authsec/sdk |
TypeScript / JavaScript | npm install @authsec/sdk |
packages/typescript-sdk/README.md |
| Capability | Python | TypeScript |
|---|---|---|
| MCP OAuth + RBAC enforcement | Yes | Yes |
| Public MCP tool registration | Yes | Yes |
| Hosted service credential access | Yes | Yes |
| Trust delegation for AI agents | Yes | Yes |
| CIBA / passwordless auth | Yes | Yes |
| SPIFFE / workload identity | Yes | Yes |
- Building or securing a Python MCP server:
Use
packages/python-sdk/README.md - Building or securing a TypeScript MCP server:
Use
packages/typescript-sdk/README.md - Building an agent that uses delegated trust: Read the trust delegation section in the package README for your language
Python:
python3 -m pip install -U authsec-sdkTypeScript:
npm install @authsec/sdkFrom this monorepo:
Python editable install:
python3 -m pip install -e packages/python-sdkTypeScript local build:
cd packages/typescript-sdk
npm install
npm run buildpackages/python-sdk: published Python packagepackages/typescript-sdk: published TypeScript package
- Make SDK changes in the relevant package.
- Keep the root README short and package-neutral.
- Keep the Python and TypeScript package READMEs authoritative for code samples and environment variables.
- When a feature exists in one SDK and should exist in the other, update the capability matrix and both package READMEs together.
Python:
cd packages/python-sdk
python3 -m pip install --upgrade build twine
python3 -m build
python3 -m twine check dist/*
python3 -m twine upload dist/*TypeScript:
cd packages/typescript-sdk
npm install
npm run clean
npm run build
npm pack
npm publish --access public- The
origin/stablebranch is a regression reference only. - Package READMEs should describe real published capabilities, not aspirational ones.
- App-specific dependencies such as
openaibelong in the consuming application, not in these SDK packages.