@duckviz/sdk 0.1.0

package/dist/next.d.cts

@@ -0,0 +1,51 @@
+/**
+ * @duckviz/sdk/next — thin Next.js App Router handler that proxies requests
+ * to DuckViz Cloud with the server's token attached.
+ *
+ * Usage:
+ *   // app/api/duckviz/[...route]/route.ts
+ *   import { createDuckvizHandlers } from "@duckviz/sdk/next";
+ *   export const { POST } = createDuckvizHandlers({
+ *     token: process.env.DUCKVIZ_TOKEN!,
+ *   });
+ *
+ * What it does:
+ *   - Forwards the request body 1:1 to `${baseUrl}/api/<catchall>`.
+ *   - Attaches `Authorization: Bearer <token>` server-side. Browser never
+ *     sees the token.
+ *   - Pass-through SSE without buffering: returns `new Response(upstream.body, …)`
+ *     so events stream straight through to the browser.
+ *   - Forwards AbortSignal both ways, so a browser disconnect tears down the
+ *     upstream request.
+ *
+ * Hard rules (see consumer platform plan):
+ *   - Never mutate the request body.
+ *   - Never buffer SSE responses.
+ *   - Never log the token.
+ */
+interface DuckvizHandlerOptions {
+    /** Server-only DuckViz personal access token (`dvz_live_...`). */
+    token: string;
+    /** Override DuckViz Cloud base URL. */
+    baseUrl?: string;
+    /** Optional hook called before each upstream request. Return false to reject. */
+    onRequest?: (ctx: {
+        path: string;
+        request: Request;
+    }) => void | boolean | Promise<void | boolean>;
+    /** Injectable fetch — used in tests. */
+    fetch?: typeof fetch;
+}
+type NextRouteContext = {
+    params: Promise<{
+        route?: string[];
+    }> | {
+        route?: string[];
+    };
+};
+declare function createDuckvizHandlers(options: DuckvizHandlerOptions): {
+    POST: (request: Request, ctx: NextRouteContext) => Promise<Response>;
+    GET: (request: Request, ctx: NextRouteContext) => Promise<Response>;
+};
+
+export { type DuckvizHandlerOptions, createDuckvizHandlers };

package/dist/next.d.ts

@@ -0,0 +1,51 @@
+/**
+ * @duckviz/sdk/next — thin Next.js App Router handler that proxies requests
+ * to DuckViz Cloud with the server's token attached.
+ *
+ * Usage:
+ *   // app/api/duckviz/[...route]/route.ts
+ *   import { createDuckvizHandlers } from "@duckviz/sdk/next";
+ *   export const { POST } = createDuckvizHandlers({
+ *     token: process.env.DUCKVIZ_TOKEN!,
+ *   });
+ *
+ * What it does:
+ *   - Forwards the request body 1:1 to `${baseUrl}/api/<catchall>`.
+ *   - Attaches `Authorization: Bearer <token>` server-side. Browser never
+ *     sees the token.
+ *   - Pass-through SSE without buffering: returns `new Response(upstream.body, …)`
+ *     so events stream straight through to the browser.
+ *   - Forwards AbortSignal both ways, so a browser disconnect tears down the
+ *     upstream request.
+ *
+ * Hard rules (see consumer platform plan):
+ *   - Never mutate the request body.
+ *   - Never buffer SSE responses.
+ *   - Never log the token.
+ */
+interface DuckvizHandlerOptions {
+    /** Server-only DuckViz personal access token (`dvz_live_...`). */
+    token: string;
+    /** Override DuckViz Cloud base URL. */
+    baseUrl?: string;
+    /** Optional hook called before each upstream request. Return false to reject. */
+    onRequest?: (ctx: {
+        path: string;
+        request: Request;
+    }) => void | boolean | Promise<void | boolean>;
+    /** Injectable fetch — used in tests. */
+    fetch?: typeof fetch;
+}
+type NextRouteContext = {
+    params: Promise<{
+        route?: string[];
+    }> | {
+        route?: string[];
+    };
+};
+declare function createDuckvizHandlers(options: DuckvizHandlerOptions): {
+    POST: (request: Request, ctx: NextRouteContext) => Promise<Response>;
+    GET: (request: Request, ctx: NextRouteContext) => Promise<Response>;
+};
+
+export { type DuckvizHandlerOptions, createDuckvizHandlers };

package/dist/next.js

@@ -0,0 +1,78 @@
+import { DEFAULT_BASE_URL } from './chunk-WYWQAALZ.js';
+
+// src/next.ts
+function createDuckvizHandlers(options) {
+  if (!options.token) {
+    throw new Error("createDuckvizHandlers: `token` is required");
+  }
+  const baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\/$/, "");
+  const fetchImpl = options.fetch ?? globalThis.fetch;
+  async function proxy(request, ctx) {
+    const params = await Promise.resolve(ctx.params);
+    const route = Array.isArray(params.route) ? params.route : [];
+    if (route.length === 0) {
+      return json({ error: "Missing route path" }, 400);
+    }
+    const incomingUrl = new URL(request.url);
+    const qs = incomingUrl.search;
+    const path = `/api/${route.join("/")}${qs}`;
+    if (options.onRequest) {
+      const result = await options.onRequest({ path, request });
+      if (result === false) {
+        return json({ error: "Request rejected" }, 403);
+      }
+    }
+    const method = request.method;
+    const hasBody = method !== "GET" && method !== "HEAD";
+    let upstream;
+    try {
+      const init = {
+        method,
+        headers: {
+          Authorization: `Bearer ${options.token}`,
+          ...hasBody && {
+            "Content-Type": request.headers.get("content-type") ?? "application/json"
+          }
+        },
+        signal: request.signal
+      };
+      if (hasBody) {
+        init.body = request.body;
+        init.duplex = "half";
+      }
+      upstream = await fetchImpl(`${baseUrl}${path}`, init);
+    } catch (err) {
+      return json(
+        {
+          error: err instanceof Error ? `Upstream fetch failed: ${err.message}` : "Upstream fetch failed"
+        },
+        502
+      );
+    }
+    const outHeaders = new Headers();
+    const ct = upstream.headers.get("content-type");
+    if (ct) outHeaders.set("Content-Type", ct);
+    const cc = upstream.headers.get("cache-control");
+    if (cc) outHeaders.set("Cache-Control", cc);
+    const ra = upstream.headers.get("retry-after");
+    if (ra) outHeaders.set("Retry-After", ra);
+    if (ct?.includes("text/event-stream")) {
+      outHeaders.set("Cache-Control", "no-cache, no-transform");
+      outHeaders.set("Connection", "keep-alive");
+      outHeaders.set("X-Accel-Buffering", "no");
+    }
+    return new Response(upstream.body, {
+      status: upstream.status,
+      headers: outHeaders
+    });
+  }
+  return { POST: proxy, GET: proxy };
+}
+function json(body, status) {
+  return new Response(JSON.stringify(body), {
+    status,
+    headers: { "Content-Type": "application/json" }
+  });
+}
+
+export { createDuckvizHandlers };

package/package.json

@@ -0,0 +1,49 @@
+{
+  "name": "@duckviz/sdk",
+  "version": "0.1.0",
+  "type": "module",
+  "description": "DuckViz SDK — LangChain-style composable classes for DuckViz AI endpoints. Node-only; never import from browser code.",
+  "main": "dist/index.cjs",
+  "module": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "browser": false,
+  "engines": {
+    "node": ">=18"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    },
+    "./next": {
+      "types": "./dist/next.d.ts",
+      "import": "./dist/next.js",
+      "require": "./dist/next.cjs"
+    },
+    "./express": {
+      "types": "./dist/express.d.ts",
+      "import": "./dist/express.js",
+      "require": "./dist/express.cjs"
+    }
+  },
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  },
+  "files": ["dist", "README.md"],
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "check-types": "tsc --noEmit",
+    "test": "bun test",
+    "lint": "echo 'lint ok'"
+  },
+  "dependencies": {},
+  "devDependencies": {
+    "@duckviz/typescript-config": "workspace:*",
+    "@types/node": "^22.0.0",
+    "tsup": "^8.4.0",
+    "typescript": "5.9.2"
+  }
+}