@brokr/sdk 1.0.0

package/dist/auth.js

@@ -0,0 +1,175 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/runtime.ts
+var BrokrError;
+var init_runtime = __esm({
+  "src/runtime.ts"() {
+    "use strict";
+    BrokrError = class extends Error {
+      constructor(message, code, capability, retryable = false) {
+        super(message);
+        this.code = code;
+        this.capability = capability;
+        this.retryable = retryable;
+        this.name = "BrokrError";
+      }
+    };
+  }
+});
+
+// src/auth.ts
+var auth_exports = {};
+__export(auth_exports, {
+  BrokrAuthClient: () => BrokrAuthClient,
+  authMiddleware: () => authMiddleware
+});
+module.exports = __toCommonJS(auth_exports);
+function parseCookies(cookieHeader) {
+  const cookies = /* @__PURE__ */ new Map();
+  for (const pair of cookieHeader.split(";")) {
+    const eqIdx = pair.indexOf("=");
+    if (eqIdx === -1) continue;
+    const name = pair.slice(0, eqIdx).trim();
+    const value = pair.slice(eqIdx + 1).trim();
+    if (name) cookies.set(name, value);
+  }
+  return cookies;
+}
+function authMiddleware(options) {
+  const { protectedRoutes = [], publicOnlyRoutes = [] } = options;
+  return async function middleware(request) {
+    const url = new URL(request.url);
+    const pathname = url.pathname;
+    const isProtected = protectedRoutes.some((route) => pathname.startsWith(route));
+    const isPublicOnly = publicOnlyRoutes.some((route) => pathname.startsWith(route));
+    if (!isProtected && !isPublicOnly) return void 0;
+    const cookieHeader = request.headers.get("cookie") ?? "";
+    const cookies = parseCookies(cookieHeader);
+    const hasSession = cookies.has("better-auth.session_token");
+    if (isProtected && !hasSession) {
+      return Response.redirect(new URL("/sign-in", request.url).toString(), 302);
+    }
+    if (isPublicOnly && hasSession) {
+      return Response.redirect(new URL("/", request.url).toString(), 302);
+    }
+    return void 0;
+  };
+}
+var BrokrAuthClient;
+var init_auth = __esm({
+  "src/auth.ts"() {
+    init_runtime();
+    BrokrAuthClient = class {
+      constructor(token, gatewayUrl, appUrl) {
+        this._token = token;
+        this._gatewayUrl = gatewayUrl;
+        this._appUrl = appUrl ?? (typeof process !== "undefined" ? process.env.BETTER_AUTH_URL : void 0);
+      }
+      /**
+       * Get current user from an incoming request's cookies.
+       * Calls the local Better Auth API (runs inside your app).
+       */
+      async currentUser(request) {
+        const session = await this.getSession(request);
+        return session?.user ?? null;
+      }
+      /**
+       * Get the full session (user + metadata) from an incoming request.
+       * Calls the local Better Auth API.
+       */
+      async getSession(request) {
+        const appUrl = this._appUrl;
+        if (!appUrl) {
+          throw new BrokrError(
+            "[brokr] BETTER_AUTH_URL is not set. Auth may not be provisioned.",
+            "AUTH_NOT_CONFIGURED",
+            "auth"
+          );
+        }
+        const cookieHeader = request.headers.get("cookie") ?? "";
+        if (!cookieHeader) return null;
+        const res = await fetch(`${appUrl}/api/auth/get-session`, {
+          method: "GET",
+          headers: { cookie: cookieHeader }
+        });
+        if (!res.ok) return null;
+        const data = await res.json();
+        if (!data?.user || !data?.session) return null;
+        return {
+          user: {
+            id: data.user.id,
+            email: data.user.email,
+            name: data.user.name ?? null,
+            avatarUrl: data.user.image ?? null,
+            emailVerified: data.user.emailVerified ? /* @__PURE__ */ new Date() : null
+          },
+          sessionId: data.session.id,
+          expiresAt: new Date(data.session.expiresAt)
+        };
+      }
+      /**
+       * Generate an OAuth authorization URL.
+       */
+      async getOAuthUrl(provider, options) {
+        const appUrl = this._appUrl;
+        if (!appUrl) {
+          throw new BrokrError("[brokr] BETTER_AUTH_URL is not set.", "AUTH_NOT_CONFIGURED", "auth");
+        }
+        const redirectTo = options?.redirectTo ?? "/";
+        if (!redirectTo.startsWith("/") || redirectTo.startsWith("//")) {
+          throw new BrokrError("[brokr] redirectTo must be a relative path (start with /)", "INVALID_REDIRECT", "auth");
+        }
+        const params = new URLSearchParams({ callbackURL: redirectTo });
+        return { redirectUrl: `${appUrl}/api/auth/sign-in/social?provider=${provider}&${params}` };
+      }
+      /**
+       * Send a magic link email (requires email capability).
+       */
+      async sendMagicLink(email, options) {
+        const appUrl = this._appUrl;
+        if (!appUrl) {
+          throw new BrokrError("[brokr] BETTER_AUTH_URL is not set.", "AUTH_NOT_CONFIGURED", "auth");
+        }
+        const res = await fetch(`${appUrl}/api/auth/magic-link/send`, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ email, callbackURL: options?.redirectTo ?? "/" })
+        });
+        if (!res.ok) {
+          const data = await res.json().catch(() => ({}));
+          throw new BrokrError(
+            data.message ?? `[brokr] Failed to send magic link (HTTP ${res.status})`,
+            "AUTH_MAGIC_LINK_FAILED",
+            "auth"
+          );
+        }
+      }
+    };
+  }
+});
+init_auth();
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  BrokrAuthClient,
+  authMiddleware
+});

package/dist/auth.mjs

@@ -0,0 +1,151 @@
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+
+// src/runtime.ts
+var BrokrError;
+var init_runtime = __esm({
+  "src/runtime.ts"() {
+    "use strict";
+    BrokrError = class extends Error {
+      constructor(message, code, capability, retryable = false) {
+        super(message);
+        this.code = code;
+        this.capability = capability;
+        this.retryable = retryable;
+        this.name = "BrokrError";
+      }
+    };
+  }
+});
+
+// src/auth.ts
+function parseCookies(cookieHeader) {
+  const cookies = /* @__PURE__ */ new Map();
+  for (const pair of cookieHeader.split(";")) {
+    const eqIdx = pair.indexOf("=");
+    if (eqIdx === -1) continue;
+    const name = pair.slice(0, eqIdx).trim();
+    const value = pair.slice(eqIdx + 1).trim();
+    if (name) cookies.set(name, value);
+  }
+  return cookies;
+}
+function authMiddleware(options) {
+  const { protectedRoutes = [], publicOnlyRoutes = [] } = options;
+  return async function middleware(request) {
+    const url = new URL(request.url);
+    const pathname = url.pathname;
+    const isProtected = protectedRoutes.some((route) => pathname.startsWith(route));
+    const isPublicOnly = publicOnlyRoutes.some((route) => pathname.startsWith(route));
+    if (!isProtected && !isPublicOnly) return void 0;
+    const cookieHeader = request.headers.get("cookie") ?? "";
+    const cookies = parseCookies(cookieHeader);
+    const hasSession = cookies.has("better-auth.session_token");
+    if (isProtected && !hasSession) {
+      return Response.redirect(new URL("/sign-in", request.url).toString(), 302);
+    }
+    if (isPublicOnly && hasSession) {
+      return Response.redirect(new URL("/", request.url).toString(), 302);
+    }
+    return void 0;
+  };
+}
+var BrokrAuthClient;
+var init_auth = __esm({
+  "src/auth.ts"() {
+    init_runtime();
+    BrokrAuthClient = class {
+      constructor(token, gatewayUrl, appUrl) {
+        this._token = token;
+        this._gatewayUrl = gatewayUrl;
+        this._appUrl = appUrl ?? (typeof process !== "undefined" ? process.env.BETTER_AUTH_URL : void 0);
+      }
+      /**
+       * Get current user from an incoming request's cookies.
+       * Calls the local Better Auth API (runs inside your app).
+       */
+      async currentUser(request) {
+        const session = await this.getSession(request);
+        return session?.user ?? null;
+      }
+      /**
+       * Get the full session (user + metadata) from an incoming request.
+       * Calls the local Better Auth API.
+       */
+      async getSession(request) {
+        const appUrl = this._appUrl;
+        if (!appUrl) {
+          throw new BrokrError(
+            "[brokr] BETTER_AUTH_URL is not set. Auth may not be provisioned.",
+            "AUTH_NOT_CONFIGURED",
+            "auth"
+          );
+        }
+        const cookieHeader = request.headers.get("cookie") ?? "";
+        if (!cookieHeader) return null;
+        const res = await fetch(`${appUrl}/api/auth/get-session`, {
+          method: "GET",
+          headers: { cookie: cookieHeader }
+        });
+        if (!res.ok) return null;
+        const data = await res.json();
+        if (!data?.user || !data?.session) return null;
+        return {
+          user: {
+            id: data.user.id,
+            email: data.user.email,
+            name: data.user.name ?? null,
+            avatarUrl: data.user.image ?? null,
+            emailVerified: data.user.emailVerified ? /* @__PURE__ */ new Date() : null
+          },
+          sessionId: data.session.id,
+          expiresAt: new Date(data.session.expiresAt)
+        };
+      }
+      /**
+       * Generate an OAuth authorization URL.
+       */
+      async getOAuthUrl(provider, options) {
+        const appUrl = this._appUrl;
+        if (!appUrl) {
+          throw new BrokrError("[brokr] BETTER_AUTH_URL is not set.", "AUTH_NOT_CONFIGURED", "auth");
+        }
+        const redirectTo = options?.redirectTo ?? "/";
+        if (!redirectTo.startsWith("/") || redirectTo.startsWith("//")) {
+          throw new BrokrError("[brokr] redirectTo must be a relative path (start with /)", "INVALID_REDIRECT", "auth");
+        }
+        const params = new URLSearchParams({ callbackURL: redirectTo });
+        return { redirectUrl: `${appUrl}/api/auth/sign-in/social?provider=${provider}&${params}` };
+      }
+      /**
+       * Send a magic link email (requires email capability).
+       */
+      async sendMagicLink(email, options) {
+        const appUrl = this._appUrl;
+        if (!appUrl) {
+          throw new BrokrError("[brokr] BETTER_AUTH_URL is not set.", "AUTH_NOT_CONFIGURED", "auth");
+        }
+        const res = await fetch(`${appUrl}/api/auth/magic-link/send`, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ email, callbackURL: options?.redirectTo ?? "/" })
+        });
+        if (!res.ok) {
+          const data = await res.json().catch(() => ({}));
+          throw new BrokrError(
+            data.message ?? `[brokr] Failed to send magic link (HTTP ${res.status})`,
+            "AUTH_MAGIC_LINK_FAILED",
+            "auth"
+          );
+        }
+      }
+    };
+  }
+});
+init_auth();
+export {
+  BrokrAuthClient,
+  authMiddleware
+};

package/dist/brokr_runtime.py

@@ -0,0 +1,333 @@
+"""
+Brokr Runtime SDK — Python
+==========================
+
+Drop-in client for apps provisioned by Brokr.
+Reads BROKR_TOKEN from env — auto-injected at deploy time.
+
+Usage::
+
+    from brokr_runtime import Brokr
+
+    brokr = Brokr()
+    reply = brokr.ai.chat([{"role": "user", "content": "Hello"}])
+    print(reply.content)
+
+No dependencies beyond the Python standard library. Requires Python 3.8+.
+"""
+
+import json
+import os
+import urllib.error
+import urllib.request
+from dataclasses import dataclass
+from typing import Any, Dict, List, Optional, Union
+
+_GATEWAY_URL = "https://api.brokr.sh"
+_DEFAULT_TIMEOUT = 30
+
+
+# ---------------------------------------------------------------------------
+# Error hierarchy
+# ---------------------------------------------------------------------------
+
+
+class BrokrError(Exception):
+    """Base Brokr SDK error."""
+
+    def __init__(self, message: str, code: str = "UNKNOWN", capability: str = "",
+                 retryable: bool = False):
+        super().__init__(message)
+        self.code = code
+        self.capability = capability
+        self.retryable = retryable
+
+
+class BrokrAuthError(BrokrError):
+    """Token missing or invalid."""
+
+    def __init__(self, message: str, code: str = "BROKR_TOKEN_MISSING"):
+        super().__init__(message, code, "auth", False)
+
+
+class BrokrRateLimitError(BrokrError):
+    """HTTP 429 — rate limited."""
+
+    def __init__(self, message: str, retry_after: int = 60, capability: str = ""):
+        super().__init__(message, "RATE_LIMITED", capability, True)
+        self.retry_after = retry_after
+
+
+class BrokrNetworkError(BrokrError):
+    """Gateway unreachable."""
+
+    def __init__(self, message: str, capability: str = ""):
+        super().__init__(message, "NETWORK_ERROR", capability, True)
+
+
+# ---------------------------------------------------------------------------
+# Response dataclasses
+# ---------------------------------------------------------------------------
+
+
+@dataclass
+class TokenUsage:
+    prompt_tokens: int
+    completion_tokens: int
+
+
+@dataclass
+class ChatResponse:
+    content: str
+    model: str
+    usage: TokenUsage
+
+
+@dataclass
+class UploadResult:
+    key: str
+    url: str
+
+
+@dataclass
+class EmailResult:
+    id: str
+
+
+# ---------------------------------------------------------------------------
+# Internal helpers
+# ---------------------------------------------------------------------------
+
+
+def _validate_token(token: Optional[str], capability: str) -> str:
+    if not token:
+        raise BrokrAuthError(
+            "[brokr] BROKR_TOKEN is not set.\n"
+            "Brokr injects this automatically at deploy time.\n"
+            "For local development, run: brokr env pull --stack <name>"
+        )
+    return token
+
+
+def _gateway_request(
+    gateway_url: str, token: str, path: str, payload: dict, capability: str,
+    timeout: int = _DEFAULT_TIMEOUT,
+) -> Any:
+    data = json.dumps(payload).encode()
+    req = urllib.request.Request(
+        f"{gateway_url}{path}",
+        data=data,
+        headers={
+            "Content-Type": "application/json",
+            "Authorization": f"Bearer {token}",
+        },
+        method="POST",
+    )
+    try:
+        with urllib.request.urlopen(req, timeout=timeout) as resp:
+            return json.loads(resp.read())
+    except urllib.error.HTTPError as e:
+        if e.code == 429:
+            raise BrokrRateLimitError(
+                f"[brokr] Rate limited on {capability}.",
+                retry_after=60,
+                capability=capability,
+            ) from e
+        if e.code == 401:
+            raise BrokrAuthError("[brokr] Invalid or expired BROKR_TOKEN.",
+                                 "BROKR_TOKEN_INVALID") from e
+        raise BrokrError(
+            f"[brokr] {capability} request failed: HTTP {e.code}",
+            f"{capability.upper()}_FAILED",
+            capability,
+        ) from e
+    except (urllib.error.URLError, OSError) as e:
+        raise BrokrNetworkError(
+            f"[brokr] Could not reach Brokr gateway: {e}",
+            capability,
+        ) from e
+
+
+# ---------------------------------------------------------------------------
+# BrokrAI
+# ---------------------------------------------------------------------------
+
+
+class BrokrAI:
+    def __init__(self, token: Optional[str], gateway_url: str) -> None:
+        self._token = token
+        self._gateway_url = gateway_url
+
+    def chat(
+        self,
+        messages: List[Dict[str, str]],
+        *,
+        model: Optional[str] = None,
+        max_tokens: Optional[int] = None,
+        temperature: Optional[float] = None,
+    ) -> ChatResponse:
+        """
+        Send messages to the Brokr AI gateway.
+
+        Returns a ChatResponse dataclass with .content, .model, and .usage.
+        """
+        token = _validate_token(self._token, "ai")
+        payload: Dict[str, Any] = {"messages": messages}
+        if model:
+            payload["model"] = model
+        if max_tokens:
+            payload["max_tokens"] = max_tokens
+        if temperature is not None:
+            payload["temperature"] = temperature
+
+        body = _gateway_request(self._gateway_url, token,
+                                "/v1/chat/completions", payload, "ai")
+
+        choices = body.get("choices") or [{}]
+        usage_raw = body.get("usage", {})
+
+        return ChatResponse(
+            content=choices[0].get("message", {}).get("content", ""),
+            model=body.get("model", ""),
+            usage=TokenUsage(
+                prompt_tokens=usage_raw.get("prompt_tokens", 0),
+                completion_tokens=usage_raw.get("completion_tokens", 0),
+            ),
+        )
+
+    @property
+    def base_url(self) -> str:
+        """OpenAI-SDK compatible base URL."""
+        return f"{self._gateway_url}/v1"
+
+    @property
+    def api_key(self) -> str:
+        """Returns BROKR_TOKEN — use as api_key with the openai package."""
+        return _validate_token(self._token, "ai")
+
+
+# ---------------------------------------------------------------------------
+# BrokrStorage
+# ---------------------------------------------------------------------------
+
+
+class BrokrStorage:
+    def __init__(self, token: Optional[str], gateway_url: str) -> None:
+        self._token = token
+        self._gateway_url = gateway_url
+
+    def get_upload_url(
+        self, filename: str, content_type: str = "application/octet-stream",
+    ) -> Dict[str, Any]:
+        """Get a presigned upload URL + object key."""
+        token = _validate_token(self._token, "storage")
+        return _gateway_request(
+            self._gateway_url, token, "/v1/storage/sign-upload",
+            {"filename": filename, "contentType": content_type}, "storage",
+        )
+
+    def upload(
+        self, data: Union[bytes, str], filename: str,
+        content_type: str = "application/octet-stream",
+    ) -> UploadResult:
+        """Upload data to R2 storage."""
+        result = self.get_upload_url(filename, content_type)
+        body = data if isinstance(data, bytes) else data.encode()
+        put_req = urllib.request.Request(
+            result["url"], data=body,
+            headers={"Content-Type": content_type}, method="PUT",
+        )
+        try:
+            with urllib.request.urlopen(put_req, timeout=_DEFAULT_TIMEOUT):
+                pass
+        except urllib.error.HTTPError as e:
+            raise BrokrError(f"[brokr] Upload failed: HTTP {e.code}",
+                             "STORAGE_UPLOAD_FAILED", "storage") from e
+
+        return UploadResult(key=result["key"], url=result["url"])
+
+    def url(self, key: str, expires_in: Optional[int] = None) -> Dict[str, Any]:
+        """Get a presigned download URL for a stored object key."""
+        token = _validate_token(self._token, "storage")
+        payload: Dict[str, Any] = {"key": key}
+        if expires_in is not None:
+            payload["expiresIn"] = expires_in
+        return _gateway_request(
+            self._gateway_url, token, "/v1/storage/sign-download",
+            payload, "storage",
+        )
+
+    def get_url(self, key: str, expires_in: Optional[int] = None) -> Dict[str, Any]:
+        """Deprecated — use url() instead."""
+        return self.url(key, expires_in)
+
+
+# ---------------------------------------------------------------------------
+# BrokrEmail
+# ---------------------------------------------------------------------------
+
+
+class BrokrEmail:
+    """Routes email through the Brokr gateway — only BROKR_TOKEN required."""
+
+    def __init__(self, token: Optional[str], gateway_url: str) -> None:
+        self._token = token
+        self._gateway_url = gateway_url
+
+    def send(
+        self,
+        to: Union[str, List[str]],
+        subject: str,
+        *,
+        html: Optional[str] = None,
+        text: Optional[str] = None,
+        from_: Optional[str] = None,
+    ) -> EmailResult:
+        """Send an email via the Brokr gateway."""
+        token = _validate_token(self._token, "email")
+        payload: Dict[str, Any] = {"to": to, "subject": subject}
+        if from_:
+            payload["from"] = from_
+        if html:
+            payload["html"] = html
+        if text:
+            payload["text"] = text
+
+        result = _gateway_request(
+            self._gateway_url, token, "/v1/email/send", payload, "email",
+        )
+        return EmailResult(id=result.get("id", ""))
+
+
+# ---------------------------------------------------------------------------
+# Brokr (top-level)
+# ---------------------------------------------------------------------------
+
+
+class Brokr:
+    """
+    Brokr runtime client. Zero config required.
+
+    All env vars are injected automatically by Brokr at provision time.
+
+    Example::
+
+        from brokr_runtime import Brokr
+
+        brokr = Brokr()
+        reply = brokr.ai.chat([{"role": "user", "content": "Summarize this..."}])
+        print(reply.content)
+    """
+
+    def __init__(
+        self,
+        *,
+        token: Optional[str] = None,
+        gateway_url: Optional[str] = None,
+    ) -> None:
+        _token = token or os.environ.get("BROKR_TOKEN")
+        _gateway = gateway_url or _GATEWAY_URL
+
+        self.ai = BrokrAI(_token, _gateway)
+        self.storage = BrokrStorage(_token, _gateway)
+        self.email = BrokrEmail(_token, _gateway)

package/dist/index.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Brokr SDK — root entry point
+ *
+ * Runtime client (for deployed apps):
+ *   import { createBrokr } from '@brokr/sdk';
+ *
+ * Management client (for CLI / provisioning tools):
+ *   import { createBrokrClient } from '@brokr/sdk';
+ */
+export { createBrokr, BrokrRuntime, BrokrAIClient, BrokrStorageClient, BrokrEmailClient, BrokrError } from './src/runtime';
+export type { ChatMessage, ChatResponse, EmailParams, UploadResult, RuntimeOptions } from './src/runtime';
+export { authMiddleware } from './src/auth';
+export type { AuthUser, AuthSession } from './src/auth';
+export { BrokrClient, create, default as createBrokrClient } from './src/management';
+export type { BrokrConfig } from './src/management';
+export type { StackResponse, ProviderResponse, CreateStackInput, AddProviderInput } from './types';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3H,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAG1G,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAGxD,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrF,YAAY,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAGpD,YAAY,EAAE,aAAa,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC"}