Operator SDK

@kapable/ops-sdk (TypeScript) and kapable-ops-sdk (Rust) wrap the operator/platform tier: the deploy, CI, hosting, and admin surfaces that the customer SDK deliberately excludes. It mirrors the kapable (customer) vs kapable-ops (operator) CLI trust split.

Trust perimeter is enforced at construction

The operator client is constructed only with a service token (st_*), a shared infra token, or an sk_admin_ platform key. It rejects customer keys (sk_live_/sk_test_) at construction time — fail-fast, so an operator credential can never be swapped for a customer one by accident. The reverse is also true: operator endpoints are never reachable from @kapable/sdk.

Installation

# One-time: point the @kapable scope at the Kapable registry
echo '@kapable:registry=https://git.kapable.dev/api/packages/kapable/npm/' >> .npmrc

bun add @kapable/ops-sdk

# One-time: .cargo/config.toml
[registries.kapable]
index = "sparse+https://git.kapable.dev/api/packages/kapable/cargo/"

# Cargo.toml
[dependencies]
kapable-ops-sdk = { registry = "kapable", version = "0.1" }

What It Wraps

Module	Surface
`berth`	Process manager: binaries, deploys (Ed25519-signed, signing helper included), slots, canary/rollout, freeze, audit
`foreman`	CI: runners, recipes, recipe runs, tasks, metrics
`host`	Container/app hosting lifecycle
`gateway`	Route management (gateway_services)
`harbor`	Admin release/product/feature/tier mutations
`data`	The PlatformAdmin SQL query proxy
`burrow`	Reverse-tunnel registry
`auth`	launchpad/admin, metrics, beta, provisioning

Full module/method listing ships in the package READMEs; the customer-facing endpoint reference at llms-full.txt deliberately excludes this tier.

Quick Start

import { OpsClient } from '@kapable/ops-sdk';

const ops = new OpsClient({
  baseUrl: 'http://localhost:3100',   // berth, on the platform host
  token: process.env.BERTH_API_TOKEN, // st_* / sk_admin_ / platform_staff kses_
});

const binaries = await ops.berth.listBinaries();
console.log(`${binaries.length} managed services`);

use kapable_ops_sdk::OpsClient;

// Fallible constructor — errors on sk_live_/sk_test_ credentials
let ops = OpsClient::new(
    "http://localhost:3100",
    &std::env::var("BERTH_API_TOKEN").unwrap(),
)?;

let binaries = ops.berth().list_binaries().await?;
println!("{} managed services", binaries.len());

Operator endpoints are not on api.kapable.ai

The public gateway serves the customer tier only (operator paths return 404 at the edge). Operator clients run on or tunnel to the platform host and target each control-plane service directly.