SDK (admin)
SDK (admin)
Section titled “SDK (admin)”The admin SDK is the programmatic surface for managing TapPass resources.
Create orgs, attach projects, author pipelines, push policies, rotate keys, query audit trails — all from Python (and, eventually, TypeScript).
Note on the two SDKs. TapPass ships two SDKs and they are not the same thing:
- Runtime SDK (existing —
tappass-sdkon PyPI) — what customer agents import to make governed calls. Hits/v1/messages, etc.- Admin SDK (this card) — what operators use to manage TapPass itself. Hits
/api/v1/admin/*.Different consumers, different scope, different release cadences. They share authentication primitives but no shared data model.
At a glance
Section titled “At a glance”| Talks to | the control-plane API (/api/v1/admin/*) |
| Auth | scoped admin API key (or session JWT for interactive flows) |
| Coverage | every resource the Admin UI and MCP server expose |
| Languages | Python (first); TypeScript (planned) |
| Status | later |
What it covers
Section titled “What it covers”The admin SDK is generated (or kept in lock-step) from the OpenAPI surface of the control plane:
from tappass.admin import Admin
a = Admin(api_key=os.environ["TAPPASS_ADMIN_KEY"])
# Resourcesteam = a.teams.create(name="Risk Engineering")proj = a.projects.create(team_id=team.id, name="Customer support")agent = a.agents.create(project_id=proj.id, name="support-emailer-bot")
# Pipelines / policiespipe = a.pipelines.create(project_id=proj.id, steps=[...])a.policies.attach_check_pack(pipe.id, pack="pii-redaction")
# Sessions / auditfor s in a.sessions.list(agent_id=agent.id, since="2026-05-01"): print(s.id, s.tool_footprint)
# Compliancereport = a.compliance.report(framework="iso-42001", scope="org")Why this concept exists separately
Section titled “Why this concept exists separately”The runtime SDK and the admin SDK have different blast radius:
| Runtime SDK | Admin SDK | |
|---|---|---|
| Used by | customer agents in production | operators / CI / IaC |
| Calls | /v1/messages, /v1/chat/completions | /api/v1/admin/* |
| Failure mode | call rejected → agent retries | mutation failed → human intervenes |
| Versioning | strict semver, slow major bumps | follows control-plane evolution closely |
| Audience | every customer | operators only |
Bundling them would force the runtime SDK (which must stay tiny + stable for customer integrations) to depend on admin types it doesn't use.
Surfaces
Section titled “Surfaces”| Persona | Surface | What they do |
|---|---|---|
| Platform engineer | Python script / CI job | Bulk-onboard projects from CSV; sync agents from internal registry |
| Compliance team | Notebook | Run quarterly compliance pack reports across the org |
| IaC owner | Terraform provider (planned) | Treat TapPass resources as declarative infra |
Related concepts
Section titled “Related concepts”- distinct from ↔ runtime SDK (
tappass-sdkon PyPI) — different consumers, different scope - calls → control-plane API (the same routes the Admin UI uses)
- complementary to ↔ MCP server — same operations, different surface
- emits → Audit log — every mutation recorded