Official SDKs

Five official clients for every workflow - Python, Node.js, Go, a powerful CLI, and an MCP server for AI agents. All authenticate with QUANTASEAL_API_KEY and handle token refresh automatically.

Overview#

All SDKs use the X-API-Key header on every request. API keys are scoped per tenant and look like qs_live_....

Python SDK

pip install quantaseal

Python 3.9+

Node.js SDK

npm install @quantaseal/sdk

Node.js 18+ / TypeScript 5+

Go SDK

go get github.com/quantaseal/sdk-go

Go 1.21+

CLI (qs)

npm install -g @quantaseal/cli

Node.js 18+

MCP Server

npm install -g @quantaseal/mcp-server

Node.js 18+

Python SDK#

Requires Python 3.9+. Supports both synchronous and async usage.

pip install quantaseal

python

import os
from quantaseal import QuantaSealClient

client = QuantaSealClient(api_key=os.getenv("QUANTASEAL_API_KEY"))

# Encrypt with ML-KEM-768 + AES-256-GCM
result = client.encryption.encrypt(
    data="sensitive PII",
    algorithm="ML-KEM-768",
)
print(result.ciphertext_kem)   # 1088 bytes base64

# Sign with ML-DSA-65 + HMAC-SHA-512
sig = client.encryption.sign(data="payload")
ok  = client.encryption.verify(
    data="payload",
    pqc_signature=sig.pqc_signature,
    hmac_signature=sig.hmac_signature,
)

# Vault - seal a credential
entry = client.vault.seal(
    name="stripe-key",
    credential_type="api_key",
    values={"key": "sk_live_..."},
)
credential = client.vault.unseal(entry.credential_id)

# Compliance report
report = client.compliance.report(framework="soc2")
print(report.score, report.pdf_url)

GitHub: github.com/quantaseal/sdk-python

Node.js SDK#

Requires Node.js 18+ and TypeScript 5+. Fully typed with Zod schema validation.

npm install @quantaseal/sdk

typescript

import { QuantaSealClient } from '@quantaseal/sdk';

const client = new QuantaSealClient({
  apiKey: process.env.QUANTASEAL_API_KEY!,
});

// Encrypt with ML-KEM-768 + AES-256-GCM
const encrypted = await client.encryption.encrypt({
  data: 'sensitive PII',
  algorithm: 'ML-KEM-768',
});

// Sign with ML-DSA-65 + HMAC-SHA-512
const sig = await client.encryption.sign({ data: 'payload' });
const valid = await client.encryption.verify({
  data: 'payload',
  pqcSignature: sig.pqcSignature,
  hmacSignature: sig.hmacSignature,
});

// Vault - seal a credential
const entry = await client.vault.seal({
  name: 'stripe-key',
  credentialType: 'api_key',
  values: { key: 'sk_live_...' },
});

// Compliance report
const report = await client.compliance.report({ framework: 'soc2' });
console.log(report.score, report.pdfUrl);

GitHub: github.com/quantaseal/sdk-nodejs

Go SDK#

Requires Go 1.21+. Uses context for cancellation and connection pooling.

go get github.com/quantaseal/sdk-go

package main

import (
	"context"
	"fmt"
	"os"

	qsclient "github.com/quantaseal/sdk-go/client"
)

func main() {
	c := qsclient.New(os.Getenv("QUANTASEAL_API_KEY"))
	ctx := context.Background()

	// Encrypt with ML-KEM-768 + AES-256-GCM
	enc, err := c.Encryption.Encrypt(ctx, qsclient.EncryptRequest{
		Data:      "sensitive PII",
		Algorithm: "ML-KEM-768",
	})
	if err != nil {
		panic(err)
	}
	fmt.Println(enc.CiphertextKEM)

	// Vault - seal a credential
	entry, _ := c.Vault.Seal(ctx, qsclient.VaultSealRequest{
		Name:           "stripe-key",
		CredentialType: "api_key",
		Values:         map[string]string{"key": "sk_live_..."},
	})
	fmt.Println(entry.CredentialID)
}

GitHub: github.com/quantaseal/sdk-go

CLI#

The qs CLI is ideal for CI/CD pipelines, shell scripting, and quick operations. Requires Node.js 18+.

npm install -g @quantaseal/cli

bash

# Configure
qs config set api-key qs_live_...

# Encrypt (ML-KEM-768 + AES-256-GCM)
qs encrypt --text "my secret data"

# Vault operations
qs vault list
qs vault seal --name "stripe-key" --type api_key
qs vault unseal cred_abc123
qs vault rotate cred_abc123

# Compliance (9 frameworks)
qs compliance report --framework soc2
qs compliance all

# Audit
qs audit logs --event-type CREDENTIAL_UNSEALED --hours 24
qs audit verify-chain

See the full CLI reference for all commands, flags, and CI/CD examples.

MCP Server#

18 MCP tools for Claude Desktop, Cursor, and any MCP-compatible AI agent. Supports stdio and SSE transports.

npm install -g @quantaseal/mcp-server

json

// Claude Desktop claude_desktop_config.json
{
  "mcpServers": {
    "quantaseal": {
      "command": "node",
      "args": [
        "/usr/local/lib/node_modules/@quantaseal/mcp-server/dist/server.js"
      ],
      "env": {
        "QUANTASEAL_API_KEY": "qs_live_..."
      }
    }
  }
}

See the full MCP server documentation for all 18 tools and the SSE transport guide.

Feature Comparison#

All five SDKs cover the core PQC operations. Choose based on your runtime and workflow.

Feature	Python	Node.js	Go	CLI	MCP
Encryption (ML-KEM-768)	✓	✓	✓	✓	✓
Signing (ML-DSA-65)	✓	✓	✓	✓	✓
Vault seal/unseal	✓	✓	✓	✓	✓
Compliance reports	✓	✓	✓	✓	✓
Audit log query	✓	✓	✓	✓	✓
Async / concurrent	✓	✓	✓	-	-
Auto token refresh	✓	✓	✓	✓	✓
Type safety	✓	✓	✓	-	-
Claude Desktop	-	-	-	-	✓
SSE transport	-	-	-	-	✓

MCP Server API Reference

Official SDKs

Five official clients for every workflow - Python, Node.js, Go, a powerful CLI, and an MCP server for AI agents. All authenticate with QUANTASEAL_API_KEY and handle token refresh automatically.

Overview#

All SDKs use the X-API-Key header on every request. API keys are scoped per tenant and look like qs_live_....

Python SDK

pip install quantaseal

Python 3.9+

Node.js SDK

npm install @quantaseal/sdk

Node.js 18+ / TypeScript 5+

Go SDK

go get github.com/quantaseal/sdk-go

Go 1.21+

CLI (qs)

npm install -g @quantaseal/cli

Node.js 18+

MCP Server

npm install -g @quantaseal/mcp-server

Node.js 18+

Python SDK#

Requires Python 3.9+. Supports both synchronous and async usage.

pip install quantaseal

python

import os
from quantaseal import QuantaSealClient

client = QuantaSealClient(api_key=os.getenv("QUANTASEAL_API_KEY"))

# Encrypt with ML-KEM-768 + AES-256-GCM
result = client.encryption.encrypt(
    data="sensitive PII",
    algorithm="ML-KEM-768",
)
print(result.ciphertext_kem)   # 1088 bytes base64

# Sign with ML-DSA-65 + HMAC-SHA-512
sig = client.encryption.sign(data="payload")
ok  = client.encryption.verify(
    data="payload",
    pqc_signature=sig.pqc_signature,
    hmac_signature=sig.hmac_signature,
)

# Vault - seal a credential
entry = client.vault.seal(
    name="stripe-key",
    credential_type="api_key",
    values={"key": "sk_live_..."},
)
credential = client.vault.unseal(entry.credential_id)

# Compliance report
report = client.compliance.report(framework="soc2")
print(report.score, report.pdf_url)

GitHub: github.com/quantaseal/sdk-python

Node.js SDK#

Requires Node.js 18+ and TypeScript 5+. Fully typed with Zod schema validation.

npm install @quantaseal/sdk

typescript

import { QuantaSealClient } from '@quantaseal/sdk';

const client = new QuantaSealClient({
  apiKey: process.env.QUANTASEAL_API_KEY!,
});

// Encrypt with ML-KEM-768 + AES-256-GCM
const encrypted = await client.encryption.encrypt({
  data: 'sensitive PII',
  algorithm: 'ML-KEM-768',
});

// Sign with ML-DSA-65 + HMAC-SHA-512
const sig = await client.encryption.sign({ data: 'payload' });
const valid = await client.encryption.verify({
  data: 'payload',
  pqcSignature: sig.pqcSignature,
  hmacSignature: sig.hmacSignature,
});

// Vault - seal a credential
const entry = await client.vault.seal({
  name: 'stripe-key',
  credentialType: 'api_key',
  values: { key: 'sk_live_...' },
});

// Compliance report
const report = await client.compliance.report({ framework: 'soc2' });
console.log(report.score, report.pdfUrl);

GitHub: github.com/quantaseal/sdk-nodejs

Go SDK#

Requires Go 1.21+. Uses context for cancellation and connection pooling.

go get github.com/quantaseal/sdk-go

package main

import (
	"context"
	"fmt"
	"os"

	qsclient "github.com/quantaseal/sdk-go/client"
)

func main() {
	c := qsclient.New(os.Getenv("QUANTASEAL_API_KEY"))
	ctx := context.Background()

	// Encrypt with ML-KEM-768 + AES-256-GCM
	enc, err := c.Encryption.Encrypt(ctx, qsclient.EncryptRequest{
		Data:      "sensitive PII",
		Algorithm: "ML-KEM-768",
	})
	if err != nil {
		panic(err)
	}
	fmt.Println(enc.CiphertextKEM)

	// Vault - seal a credential
	entry, _ := c.Vault.Seal(ctx, qsclient.VaultSealRequest{
		Name:           "stripe-key",
		CredentialType: "api_key",
		Values:         map[string]string{"key": "sk_live_..."},
	})
	fmt.Println(entry.CredentialID)
}

GitHub: github.com/quantaseal/sdk-go

CLI#

The qs CLI is ideal for CI/CD pipelines, shell scripting, and quick operations. Requires Node.js 18+.

npm install -g @quantaseal/cli

bash

# Configure
qs config set api-key qs_live_...

# Encrypt (ML-KEM-768 + AES-256-GCM)
qs encrypt --text "my secret data"

# Vault operations
qs vault list
qs vault seal --name "stripe-key" --type api_key
qs vault unseal cred_abc123
qs vault rotate cred_abc123

# Compliance (9 frameworks)
qs compliance report --framework soc2
qs compliance all

# Audit
qs audit logs --event-type CREDENTIAL_UNSEALED --hours 24
qs audit verify-chain

See the full CLI reference for all commands, flags, and CI/CD examples.

MCP Server#

18 MCP tools for Claude Desktop, Cursor, and any MCP-compatible AI agent. Supports stdio and SSE transports.

npm install -g @quantaseal/mcp-server

json

// Claude Desktop claude_desktop_config.json
{
  "mcpServers": {
    "quantaseal": {
      "command": "node",
      "args": [
        "/usr/local/lib/node_modules/@quantaseal/mcp-server/dist/server.js"
      ],
      "env": {
        "QUANTASEAL_API_KEY": "qs_live_..."
      }
    }
  }
}

See the full MCP server documentation for all 18 tools and the SSE transport guide.

Feature Comparison#

All five SDKs cover the core PQC operations. Choose based on your runtime and workflow.

Feature	Python	Node.js	Go	CLI	MCP
Encryption (ML-KEM-768)	✓	✓	✓	✓	✓
Signing (ML-DSA-65)	✓	✓	✓	✓	✓
Vault seal/unseal	✓	✓	✓	✓	✓
Compliance reports	✓	✓	✓	✓	✓
Audit log query	✓	✓	✓	✓	✓
Async / concurrent	✓	✓	✓	-	-
Auto token refresh	✓	✓	✓	✓	✓
Type safety	✓	✓	✓	-	-
Claude Desktop	-	-	-	-	✓
SSE transport	-	-	-	-	✓

MCP Server API Reference