Developers
Build on hardware-rooted device trust
Root Herald moves the trust anchor below the attacker's reach — into the TPM, Secure Enclave, or StrongBox the device already has. You get one integration that returns a verifiable answer to "is this a real, distinct, healthy device?" — without CAPTCHAs, fingerprint scripts, or PII.
What you build
One integration, one question answered: is this a real, distinct, healthy device? Shield is a drop-in device-verification call you put in front of the actions abuse targets.
Core concepts (the whole model in 90 seconds)
- Device — a physical machine identified by its hardware key (TPM Endorsement Key, Secure Enclave key, or Android attestation key). Enrolled once.
- Attestation— the device's state (boot chain, PCRs, or platform attestation) is appraised against a policy. IETF RATS Background-Check is the default: a dumb client collects an opaque evidence blob (no keys, no Root Herald contact) and hands it to your server; your server calls Root Herald server→server with its
rh_sk_secret key and a named policy, and gets the verdict back directly. The Passport model (the client mints a portable token your server verifies offline) remains as the backend-less badge fallback — for a SPA with no server to hold a secret key. - TPM class — the root of trust:
hardware,firmware-tpm,cloud-vtpm,mobile-hardware,emulated. You decide which classes you accept; full table in the taxonomy reference. - Acceptance policy — a named ruleset that decides which classes and assurance levels pass. The default (
rootherald:builtin:strict-hardware) rejects every virtual / emulated TPM. - Verdict— what your server gets back. Under Background-Check it's returned directly by
rh.verify()(server→server) — no token to verify. The optionaltokenyou can request withreturnToken: true(and the badge-tier token) is itself verifiable offline withverifyAttestationToken(). Either way it's a typedAttestationVerdictcarryingacr, a stabledevice.ueid,device.verdict(pass/warn/fail),device.earStatus,device.attestationType, and an EAR trustworthiness vector.
the verdict you get back (AttestationVerdict)json
{
"acr": "urn:rootherald:device:high",
"device": {
"ueid": "2f9c8a14…", // stable per-tenant device id (no PII)
"verdict": "pass", // pass | warn | fail
"earStatus": "affirming", // affirming | warning | contraindicated
"attestationType": "tpm20",
"secureBootVerified": true,
"trustworthinessVector": { "hardware": 2, "configuration": 2 }
}
}Get started
SDKs
JavaScript
Coming soon@rootherald/browser · browser
React
Coming soon@rootherald/react · <RootHeraldGate>
Node.js
Available@rootherald/node · server-side
.NET
In developmentRootHerald.AspNetCore · ASP.NET Core
Java
In developmentSpring Boot starter · @RootHeraldGuard
Go
In developmentchi + gin middleware · sentinel errors
PHP
In developmentLaravel · Symfony · WordPress
Ruby
In developmentRails controller concern
Python (server)
In developmentFastAPI + Flask · pip install rootherald
Native C++
In developmentRootHerald.lib / .a static-link
Native C#
In developmentP/Invoke for desktop .NET
Android (Kotlin)
Coming soonKey Attestation · StrongBox
iOS (Swift)
Coming soonApp Attest · iOS 14+
React Native
Coming soonExpo · token mint hook
Unity
Coming soonUPM plugin · all platforms
Unreal Engine
Coming soonUE5 plugin · Blueprint + C++
Transport modes & wire protocol
Reference
Guides by use case
Device trust — enroll only your devices
Trusted-enrollment pattern: gate with your own secret, persist the hardware id.
Web3 — Sybil-resistant airdrops
One-wallet-one-device enforcement.
Games — anti-cheat & smurf control
Device-rooted ban list under your anti-cheat.
AI — protect a free tier
Keep credits real without phone-OTP heuristics.
Cuckoo defense (cloud-permissive)
Accept cloud vTPMs without falling to replay.
Embedded game SDK
Wire the native SDK into a launcher.