Introduction
Suprbox is the door between your documents and any AI agent that wants to read them. The SDK is the client-side runtime your agent calls to make every request go through that door.
What is Suprbox?#what-is
Suprbox is a Next.js application that sits between your documents and any AI agent that needs to read them. You upload documents into vaults, attach rules to those vaults, and hand each agent a scoped API key. The agent calls Suprbox — never your file system or object store directly — and Suprbox decides what comes back.
Every request is identified, evaluated against your rules, and recorded in an audit log before a single byte leaves the vault.
It is a gateway, not a database#gateway
Suprbox is not a vector store, not a memory fabric, and not a model runtime. It does one thing well: it governs read access to documents. Your existing storage stays where it is; the SDK gives you a single REST surface in front of it that:
- Authenticates the agent via API key.
- Optionally attaches a per-vault session lease.
- Loads policy for the vault + document + operation.
- Returns the requested payload (metadata, excerpt, full content, or original bytes), redacted or capped per policy.
- Writes an audit row regardless of outcome.
The pieces#pieces
require_approval.How the SDK fits in#sdk-fit
The suprbox-sdk package is a thin TypeScript client. It serializes your call into the right HTTP shape, attaches the bearer token and any session id, parses the response, and surfaces the X-Policy-* headers as a typed policy object on every response.
It runs anywhere fetch exists — Node 18+, modern browsers, edge runtimes — and ships as a single ES module with no runtime dependencies.