Standalone vs Platform
The Sekuire SDK operates in two modes: standalone and platform. This guide explains the differences and helps you choose the right mode for your use case.
Overview
| Standalone | Platform | |
|---|---|---|
| Network required | No | Yes (API connection) |
| Identity | Local BLAKE3 + Ed25519 | Same, plus registry-verified |
| Policy enforcement | Local sekuire.yml or policy.json | Remote workspace policies |
| Audit logging | Local file / stdout | Central audit trail |
| A2A communication | Direct peer-to-peer | Routed through workspace |
| Multi-agent | In-process discovery | Fleet management + discovery |
| Cost | Free, forever | Free tier + paid plans |
Standalone Mode
Standalone mode is the default. No account, no API keys, no network calls to Sekuire. The SDK reads configuration from local files and enforces policies in-process.
import { getAgent } from '@sekuire/sdk';
const agent = await getAgent('assistant');
const response = await agent.chat('Hello!');
Everything the agent needs comes from sekuire.yml:
agents:
assistant:
model: gpt-4o
system_prompt: prompt.md
tools: tools.json
provider: openai
policy:
tools:
allowed_tools:
- web_search
- calculator
blocked_tools:
- shell_exec
permissions:
network:
enabled: true
require_tls: true
allowed_domains:
- "*.openai.com"
What works standalone
- Agent identity computation (SekuireID)
- Ed25519 key generation, signing, and verification
- Policy enforcement (all 6 categories)
- LLM provider integration (OpenAI, Anthropic, Google, Ollama)
- Built-in tools with policy-gated execution
- Streaming responses
- Memory (buffer and window modes)
- A2A server and client (direct peer connections)
- Logging and telemetry (local exporters)
When to use standalone
- Development and testing
- Single-agent applications
- Air-gapped or offline environments
- Open-source projects that want governance without vendor lock-in
- Evaluating the SDK before committing to a platform
Platform Mode
Platform mode activates when you set SEKUIRE_INSTALL_TOKEN. The SDK connects to the Sekuire API for centralized identity verification, remote policy management, fleet operations, and audit logging.
export SEKUIRE_INSTALL_TOKEN=skt_abc123
export SEKUIRE_API_URL=https://api.sekuire.ai
import { getAgent } from '@sekuire/sdk';
import { createWorker } from '@sekuire/sdk';
import { createBeacon } from '@sekuire/sdk';
const agent = await getAgent('assistant');
const worker = createWorker({ apiBaseUrl: process.env.SEKUIRE_API_URL!, agentId: agent.sekuireId, installToken: process.env.SEKUIRE_INSTALL_TOKEN });
worker.onTask('summarize', async (ctx, input) => {
return agent.chat(input.prompt as string);
});
await worker.start();
What platform adds
- Registry: Publish agents to a searchable registry with verification badges
- Remote policies: Workspace-level policies managed via dashboard or API
- Fleet management: Pause, resume, terminate agents across deployments
- Central audit: All agent actions logged to a tamper-evident audit trail
- A2A routing: Skill-based discovery and delegation across workspace agents
- Kill switch: Emergency stop via beacon heartbeat
- Credential rotation: Automatic runtime token refresh
- Role-based access: Owner, admin, member, viewer roles per workspace
When to use platform
- Production deployments requiring centralized governance
- Multi-agent orchestration across services
- Compliance requirements (SOC2, HIPAA, GDPR, PCI-DSS)
- Teams that need visibility into agent behavior
- Organizations managing multiple agent deployments
Feature Comparison by Category
Identity
| Feature | Standalone | Platform |
|---|---|---|
| SekuireID computation | Local | Local + registered |
| Ed25519 signing | Local keypair | Local + registry-verified |
| Agent card | In-memory | Published to registry |
Policy
| Feature | Standalone | Platform |
|---|---|---|
| Policy source | sekuire.yml / policy.json | Remote workspace policy |
| Enforcement | In-process | In-process + gateway |
| Policy updates | Edit file, restart | Hot-reload via heartbeat |
| Custom rules | YAML config | Dashboard + API |
Observability
| Feature | Standalone | Platform |
|---|---|---|
| Audit events | Local logger | Central audit trail |
| Telemetry | Local OTLP exporter | Platform collector |
| Metrics | console.log | Dashboard charts |
Agent Communication
| Feature | Standalone | Platform |
|---|---|---|
| A2A protocol | Direct peer connections | Routed through workspace |
| Discovery | Manual configuration | Automatic skill-based |
| Delegation | In-process | Cross-service via SSE |
Mixing Modes
You can run some agents standalone and others on the platform within the same application. The SDK detects the mode per-agent based on whether platform credentials are available.
// This agent runs standalone (no install token)
const localAgent = await getAgent('helper');
// This agent connects to the platform
const worker = createWorker({
apiBaseUrl: 'https://api.sekuire.ai',
agentId: localAgent.sekuireId,
installToken: 'skt_abc123',
});
Next Steps
- Upgrade from Standalone - Migration guide
- Policy Enforcement - Runtime policy enforcement
- Workers - Background task processing
- Beacon - Heartbeat and kill switch