PRAMPTA SDK

Pre-generation authorization for AI applications. Verify rights before generating content.

Install

npm install @prampta/sdk

Quick Start

import { Prampta } from "@prampta/sdk";

const pg = new Prampta({
  baseUrl: "https://api2.prampta.com",
  providerId: "your-provider-id",
  licenseeId: "your-licensee-id",
  token: process.env.PRAMPTA_TOKEN,
});

// Throws PramptaRefusalError if denied
await pg.assertAllowed("leonardo-da-vinci", {
  prompt: "Da Vinci in a documentary",
  modality: "image",
  model: "gpt-image-1",
});

// If we reach here — generation is authorized

Safe Wrapper (Recommended)

The withAuthorization wrapper verifies, executes generation, and attaches provenance metadata automatically.

const result = await pg.withAuthorization(
  {
    subjectId: "prampta-brand",
    prompt: "Prampta product shot",
    modality: "image",
  },
  async (decision) => {
    return generateImage({
      prompt: "Prampta product shot",
      obligations: decision.obligations,
      metadata: {
        prampta_decision_id: decision.decisionId,
      },
    });
  }
);

// result.output — your generated content
// result.decision — signed PG decision
// result.metadata — provenance to attach

Configuration

const pg = new Prampta({
  baseUrl: "https://api2.prampta.com", // PRAMPTA registry URL
  providerId: "provider-openai",        // Your provider ID
  licenseeId: "licensee-acme",          // Licensee ID
  token: "pair-token",                  // Pair auth token
  timeoutMs: 3000,                      // Request timeout (default: 3000)
  maxRetries: 2,                        // Retries for transient errors — network, timeout, 429, 5xx (default: 2)
  retryBackoffMs: 200,                  // Base backoff, doubles each retry (default: 200)
  failClosed: true,                     // Deny on errors (default: true)
  verifyDecisionSignature: true,        // Verify signatures (default: true)
});

// Or use environment variables:
// PRAMPTA_BASE_URL, PRAMPTA_PROVIDER_ID,
// PRAMPTA_LICENSEE_ID, PRAMPTA_TOKEN

Error Handling

import {
  PramptaRefusalError,
  PramptaFailClosedError,
  PramptaTimeoutError,
  PramptaNetworkError,
} from "@prampta/sdk";

try {
  await pg.assertAllowed("subject-id", { prompt, modality: "image" });
} catch (e) {
  if (e instanceof PramptaRefusalError) {
    if (e.isHardRefusal) {
      // PG_SUBJECT_OPTED_OUT, PG_IMMUTABLE_DENIAL, etc.
      // Cannot be overridden — stop permanently
      console.log("Hard refusal:", e.reason);
    } else {
      // PG_NO_LICENSE, PG_SCOPE_VIOLATION
      // Can be resolved — request a license
      await pg.requestLicense({
        subjectId: "subject-id",
        useCase: "commercial",
        purpose: "Product campaign",
      });
    }
  }
  if (e instanceof PramptaFailClosedError) {
    // Backend unreachable — generation blocked by default
  }
}

API Reference

pg.verifyGeneration(request)

Low-level verification — returns signed decision without throwing

pg.assertAllowed(subjectId, options)

Throws PramptaRefusalError if denied (recommended)

pg.withAuthorization(request, fn)

Verify + execute + attach metadata in one call

pg.getSubject(subjectId)

Look up subject info (rules, status, visibility)

pg.requestLicense(input)

Request a license from a subject owner

pg.createOutputMetadata(decision)

Build provenance metadata for generated content

pg.health()

Check if PRAMPTA registry is reachable

pg.version()

Get operator info and protocol version

Prampta.hashPrompt(prompt)

Hash a prompt (same algorithm as SDK uses internally)

Refusal Codes

PG_NO_LICENSEsoftNo valid license — request one
PG_SCOPE_VIOLATIONsoftIntended use outside license scope
PG_SUBJECT_OPTED_OUThardSubject opted out of AI generation
PG_IMMUTABLE_DENIALhardCategory permanently denied
PG_INVALID_SIGNATUREhardLicense signature verification failed
PG_SUBJECT_DISPUTEDhardSubject under dispute
PG_SUBJECT_WITHDRAWNhardSubject withdrawn from registry
PG_EXTENSION_REFUSEDsoftExtension constraint not met

Security Principles

  • Private keys never touch the SDK or PRAMPTA servers
  • Prompts are SHA-256 hashed — raw text is never sent or stored
  • Fail-closed by default — backend unavailable = generation denied
  • Signed decisions are cryptographically verifiable
  • Empty prompt hashes are rejected to prevent unbound decisions

MCP Server

For AI agents using Model Context Protocol, PRAMPTA provides an MCP server with tools for verification, subject lookup, license requests, and audit.

// claude_desktop_config.json
{
  "mcpServers": {
    "prampta": {
      "command": "prampta-mcp",
      "env": {
        "PRAMPTA_API_URL": "https://api2.prampta.com",
        "PRAMPTA_PROVIDER_ID": "your-provider-id",
        "PRAMPTA_LICENSEE_ID": "your-licensee-id",
        "PRAMPTA_PAIR_TOKEN": "your-pair-token"
      }
    }
  }
}

Try it live

Send a real verification request against this registry and inspect the signed decision.

Verification Playground

Test the 7-stage verification pipeline. Simulates an AI provider's POST /verify request.

Request Parameters

Response

Run a verification to see the result.

PRAMPTA — Generative Rights Registry