EdgeVault's docs are young. What's on this page is checked against the real packages — when it stops being true, it comes off the page.
One environment-scoped key, zero code changes: edgevault run fetches your environment and execs your command with everything injected. Secrets ride along only when the key carries the secrets:read scope — and the CLI says so plainly when they don't.
# real commands — @edgevault/cli npm install -g @edgevault/cli export EDGEVAULT_API_KEY=ev_… $ edgevault run -- node server.js edgevault: injected 14 values $ edgevault get checkout-timeout-ms 5000
The API key is environment-scoped (shown once at creation). flag() never throws — a missing flag returns your fallback, because a flags outage should degrade, not crash. Reads hit an in-process cache (15 s default) before they ever leave your worker.
# once npm install @edgevault/sdk // anywhere import { EdgeVault } from '@edgevault/sdk' const edgevault = new EdgeVault({ apiKey: process.env.EDGE_KEY }) const timeout = await edgevault.value<number>('timeout-ms') const checkout = await edgevault.flag('checkout-v2', false)
// real signatures — @edgevault/sdk/react import { useFlag } from '@edgevault/sdk/react' const { enabled, loading } = useFlag(edgevault, 'checkout-v2')
Also useConfig(client, key) and useValue<T>(client, key) — each returns { data, loading, error } and never tears down your component over a delivery hiccup.
Config, flag, and secret events stream from your workspace's Durable Object over hibernatable WebSockets — the console's live dashboard uses the same client.
// real signatures — @edgevault/realtime import { useWorkspaceEvents } from '@edgevault/realtime/react' // url: wss://api.edgevault.io/.../ws?token=… (null = stay disconnected) const status = useWorkspaceEvents(wsUrl, (event) => { refresh(event) // 'config.changed' | 'promotion.completed' | … })
# verified against the repo's package.json git clone https://github.com/blakebauman/edgevault cd edgevault pnpm install # installs git hooks too pnpm dev # all workers locally (turbo + wrangler) pnpm test # vitest in the real Workers runtime
Provisioning real Cloudflare resources is documented in DEPLOYMENT.md; optional providers (OAuth, Stripe) in ACTIVATION.md. Both live in the repo, next to the code they describe.
From zero to an edge read in five minutes — create a workspace, mint an environment key, and read your first value.
Five workers, two Durable Object classes, and exactly one source of truth per workspace — where EdgeVault stores what, and why.
edgevault run / pull / get — inject configs, flags, and secrets into any process, zero runtime dependencies, one environment-scoped key.
@edgevault/sdk — the typed consumer client for the edge read plane: every constructor option, method, hook, and error.
@edgevault/realtime — subscribe to config, flag, and secret changes over hibernatable WebSockets instead of polling.
EdgeVault speaks Model Context Protocol over Streamable HTTP — your agents operate config with the same authz as your humans.
Run the MIT core on your own Cloudflare account — same workers, same Durable Objects, your bill, no telemetry.
The control-plane HTTP API reference and the promotion-workflow guide are still repo-level docs. The repo is private during the rebuild — repo links go live with the public release.