$ sdks
SDKs in six languages.
Drop-in clients for the languages most people writing desktop software
actually use. Each SDK ships an AGENTS.md in the repo for AI
coding tools, integration tests, an example app, and a stable public API
versioned with semver.
| Language | Install | Runtime | Links |
|---|---|---|---|
| Python | pip install authforge-sdk | Python 3.9+ | docs · repo |
| Node.js | npm install @authforgecc/sdk | Node 18+ (TypeScript types included) | docs · repo |
| Go | go get github.com/AuthForgeCC/authforge-go | Go 1.21+ | docs · repo |
| Rust | cargo add authforge | Rust 1.70+ | docs · repo |
| C# | dotnet add package AuthForge | .NET 6.0+ | docs · repo |
| C++ | cmake-fetched header + libsodium | C++17 | docs · repo |
What every SDK includes
The clients share one feature set across all six languages. Names differ by language convention, but the behavior is the same.
- Ed25519 signature verification on every validate and heartbeat response.
- Signing-key rotation: configure a multi-key trust list (array or comma-separated) so server keys rotate with no downtime.
- Nonce anti-replay: a fresh nonce per validate request with an echoed-nonce check.
- HWID fingerprinting (MAC / CPU / disk / hostname) plus
hwid_overridefor identity binding (tg:,discord:). - Seat enforcement via per-license HWID slots, including shared (unlimited-seat) keys.
- SERVER and LOCAL heartbeat modes; LOCAL continues a verified session offline until the session TTL expires (not persistent offline licensing).
- Self-ban (pre- and post-session) for anti-tamper response.
- Configurable session TTL with server-side clamping.
- App and license variables for feature flags and tiered licensing.
- Automatic retries on rate-limited / transient failures, with a configurable failure model.
Two integration patterns
Every SDK supports both modes. Pick whichever matches your app's runtime model. You can mix them across products on the same account; the credit pool doesn't care.
Stateful: login + heartbeat
App calls validate_license() on launch (1 credit), then
calls heartbeat() on a recurring interval (typically
every 5–15 minutes) to keep the session alive.
Best for: long-running desktop apps, productivity tools, games, or anything where session-level concurrent-use enforcement matters. Heartbeats bill at 10:1, so the marginal cost is small.
Stateless: one-shot validate
App calls validate_license() once per launch (or once
per privileged operation) and skips heartbeats entirely.
Best for: short-lived CLI tools, command-line utilities, scripts that run once-per-invocation, or any flow where there's no long-lived session to monitor.
SDK we don't have? Build your own.
The wire protocol is documented in full at docs.authforge.cc/api/runtime . You need an HTTPS client and an Ed25519 verify primitive; almost every modern stdlib has both. The signed validation page has verification snippets you can lift directly.