@eidentic/nextjs 0.1.0

package/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative
+          Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work, excluding
+          those notices that do not pertain to any part of the Derivative
+          Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and do
+          not modify the License. You may add Your own attribution notices
+          within Derivative Works that You distribute, alongside or as an
+          addendum to the NOTICE text from the Work, provided that such
+          additional attribution notices cannot be construed as modifying
+          the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2026 Baran Özdemir
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -0,0 +1,61 @@
+# @eidentic/nextjs
+
+Next.js App Router integration for Eidentic — `withEidentic` wraps an agent as a
+`POST` route handler that emits an AI SDK UI-compatible stream, and `eidenticNextConfig`
+patches your `next.config.ts` to prevent native-addon bundling errors (`better-sqlite3`,
+etc.). Works with `useChat` from the Vercel AI SDK out of the box.
+
+## Install
+
+```bash
+pnpm add @eidentic/nextjs @eidentic/libsql
+```
+
+> Use `@eidentic/libsql` (pure-JS) instead of `@eidentic/sqlite` (native addon) in Next.js
+> and other bundler environments.
+
+## Usage
+
+```ts
+// next.config.ts
+import { eidenticNextConfig } from "@eidentic/nextjs";
+import type { NextConfig } from "next";
+
+export default eidenticNextConfig({} satisfies NextConfig);
+```
+
+```ts
+// app/api/chat/route.ts
+import { withEidentic } from "@eidentic/nextjs";
+import { Agent, AIModel } from "eidentic";
+import { LibsqlStore } from "@eidentic/libsql";
+import { anthropic } from "@ai-sdk/anthropic";
+
+export const runtime = "nodejs";
+
+const agent = new Agent({
+  id: "support",
+  model: new AIModel(anthropic("claude-sonnet-4-5")),
+  store: new LibsqlStore("file:eidentic.db"),
+});
+
+export const POST = withEidentic(agent);
+```
+
+```tsx
+// Any React component
+import { useChat } from "ai/react";
+
+export function Chat() {
+  const { messages, input, handleInputChange, handleSubmit } = useChat({ api: "/api/chat" });
+  return (/* render messages and input */);
+}
+```
+
+## Links
+
+- [GitHub](https://github.com/eidentic/eidentic)
+- [Issue tracker](https://github.com/eidentic/eidentic/issues)
+- [Root README](https://github.com/eidentic/eidentic#readme)
+
+Apache-2.0

package/dist/index.cjs

@@ -0,0 +1,170 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  eidenticNextConfig: () => eidenticNextConfig,
+  withEidentic: () => withEidentic
+});
+module.exports = __toCommonJS(index_exports);
+var import_server = require("@eidentic/server");
+function toHeaders(h) {
+  if (h instanceof Headers) return h;
+  return new Headers(h);
+}
+var DEFAULT_MAX_BODY_BYTES = 1048576;
+function withEidentic(agent, opts = {}) {
+  const protocol = opts.protocol ?? "ai-sdk-ui";
+  const maxBodyBytes = opts.maxBodyBytes ?? DEFAULT_MAX_BODY_BYTES;
+  return async function handler(req) {
+    const contentLength = req.headers.get("content-length");
+    if (contentLength !== null) {
+      const bytes = parseInt(contentLength, 10);
+      if (!isNaN(bytes) && bytes > maxBodyBytes) {
+        return new Response(
+          JSON.stringify({ error: `Request body too large (max ${maxBodyBytes} bytes)` }),
+          { status: 413, headers: { "Content-Type": "application/json" } }
+        );
+      }
+    }
+    let rawText;
+    try {
+      const reader = req.body?.getReader();
+      if (!reader) {
+        rawText = "";
+      } else {
+        const decoder = new TextDecoder();
+        const chunks = [];
+        let totalBytes = 0;
+        while (true) {
+          const { done, value } = await reader.read();
+          if (done) break;
+          if (value) {
+            totalBytes += value.byteLength;
+            if (totalBytes > maxBodyBytes) {
+              reader.cancel().catch(() => {
+              });
+              return new Response(
+                JSON.stringify({ error: `Request body too large (max ${maxBodyBytes} bytes)` }),
+                { status: 413, headers: { "Content-Type": "application/json" } }
+              );
+            }
+            chunks.push(value);
+          }
+        }
+        rawText = decoder.decode(
+          chunks.length === 1 ? chunks[0] : chunks.reduce((acc, c) => {
+            const merged = new Uint8Array(acc.byteLength + c.byteLength);
+            merged.set(acc, 0);
+            merged.set(c, acc.byteLength);
+            return merged;
+          }, new Uint8Array(0))
+        );
+      }
+    } catch {
+      return new Response(
+        JSON.stringify({ error: "Invalid JSON body" }),
+        { status: 400, headers: { "Content-Type": "application/json" } }
+      );
+    }
+    let body;
+    try {
+      body = JSON.parse(rawText);
+    } catch {
+      return new Response(
+        JSON.stringify({ error: "Invalid JSON body" }),
+        { status: 400, headers: { "Content-Type": "application/json" } }
+      );
+    }
+    const input = body.input ?? body.message;
+    if (typeof input !== "string" || input.trim() === "") {
+      return new Response(
+        JSON.stringify({ error: "Missing or invalid 'input' (or 'message') field" }),
+        { status: 400, headers: { "Content-Type": "application/json" } }
+      );
+    }
+    const sessionId = typeof body.sessionId === "string" && body.sessionId.length > 0 ? body.sessionId : crypto.randomUUID();
+    let userId;
+    let orgId;
+    if (opts.identify) {
+      const principal = await opts.identify(req);
+      userId = principal.userId;
+      orgId = principal.orgId;
+    } else {
+      userId = typeof body.userId === "string" && body.userId.length > 0 ? body.userId : void 0;
+    }
+    const signal = req.signal;
+    const events = agent.query(input, { sessionId, userId, orgId, signal });
+    if (protocol === "ai-sdk-ui") {
+      const streamOpts = {};
+      if (opts.headers) {
+        streamOpts.headers = toHeaders(opts.headers);
+      }
+      return (0, import_server.toUIMessageStreamResponse)(events, streamOpts);
+    }
+    const extraHeaders = opts.headers ? toHeaders(opts.headers) : new Headers();
+    extraHeaders.set("Content-Type", "application/x-ndjson");
+    extraHeaders.set("Transfer-Encoding", "chunked");
+    const stream = new ReadableStream({
+      async start(controller) {
+        const encoder = new TextEncoder();
+        try {
+          for await (const ev of events) {
+            if (signal.aborted) break;
+            controller.enqueue(encoder.encode(JSON.stringify(ev) + "\n"));
+          }
+        } catch (err) {
+          if (!signal.aborted) {
+            const msg = err instanceof Error ? err.message : String(err);
+            controller.enqueue(
+              encoder.encode(
+                JSON.stringify({
+                  type: "result",
+                  subtype: "error",
+                  output: msg,
+                  usage: { inputTokens: 0, outputTokens: 0 },
+                  numTurns: 0,
+                  sessionId
+                }) + "\n"
+              )
+            );
+          }
+        } finally {
+          controller.close();
+        }
+      }
+    });
+    return new Response(stream, { headers: extraHeaders });
+  };
+}
+function eidenticNextConfig(userConfig = {}) {
+  const existing = Array.isArray(userConfig.serverExternalPackages) ? userConfig.serverExternalPackages : [];
+  const eidentic = ["better-sqlite3"];
+  const merged = [.../* @__PURE__ */ new Set([...existing, ...eidentic])];
+  return {
+    ...userConfig,
+    serverExternalPackages: merged
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  eidenticNextConfig,
+  withEidentic
+});

package/dist/index.d.cts

@@ -0,0 +1,213 @@
+import { Agent } from '@eidentic/core';
+
+/**
+ * @eidentic/nextjs — Next.js App Router integration for Eidentic agents.
+ *
+ * ## Quick start
+ *
+ * ```ts
+ * // app/api/chat/route.ts
+ * import { withEidentic } from "@eidentic/nextjs";
+ * import { myAgent } from "@/lib/agent";
+ *
+ * export const runtime = "nodejs"; // Required: Eidentic uses Node.js APIs
+ * export const POST = withEidentic(myAgent);
+ * ```
+ *
+ * ## next.config setup
+ *
+ * Avoid native-module bundling errors with `eidenticNextConfig`:
+ *
+ * ```ts
+ * // next.config.ts
+ * import { eidenticNextConfig } from "@eidentic/nextjs";
+ * import type { NextConfig } from "next";
+ *
+ * const nextConfig: NextConfig = {};
+ * export default eidenticNextConfig(nextConfig);
+ * ```
+ *
+ * If you use `@eidentic/sqlite` (which depends on `better-sqlite3`, a native
+ * addon), the config helper ensures it is not bundled by the Next.js Webpack
+ * pipeline.  Prefer `@eidentic/libsql` in serverless/edge environments since
+ * it has no native addon.
+ */
+
+/**
+ * Wire protocol for the route handler response.
+ *
+ * - `"ai-sdk-ui"` (default) — AI SDK v6 UI message-stream format.
+ *   Compatible with `useChat` from `@ai-sdk/react`.  This is the recommended
+ *   default: structured, typed, and compatible with the entire AI SDK
+ *   ecosystem.
+ *
+ * - `"ndjson"` — Raw NDJSON stream of `StreamEvent` objects, one per line.
+ *   Use this with `@eidentic/react`'s `useEidenticStream`.  Choose this when you
+ *   need access to low-level Eidentic events (tool results, session metadata,
+ *   cost/usage) that the AI SDK UI protocol does not surface.
+ */
+type EidenticProtocol = "ai-sdk-ui" | "ndjson";
+interface WithEidenticOptions {
+    /**
+     * Stream protocol.  Defaults to `"ai-sdk-ui"`.
+     *
+     * Use `"ai-sdk-ui"` when the frontend uses `useChat` (AI SDK / CopilotKit).
+     * Use `"ndjson"` when the frontend uses `@eidentic/react`'s `useEidenticStream`
+     * or when you need raw `StreamEvent` access.
+     *
+     * @default "ai-sdk-ui"
+     */
+    protocol?: EidenticProtocol;
+    /**
+     * Extra HTTP headers to include in the streaming response.
+     * Forwarded to `toUIMessageStreamResponse` (for `"ai-sdk-ui"` protocol) or
+     * set on the raw `Response` (for `"ndjson"` protocol).
+     */
+    headers?: Headers | Record<string, string>;
+    /**
+     * Maximum allowed request body size in bytes. Requests with a `Content-Length`
+     * header exceeding this limit are rejected with HTTP 413 before the body is
+     * parsed. Defaults to 1 MB (1_048_576 bytes).
+     *
+     * @default 1_048_576
+     */
+    maxBodyBytes?: number;
+    /**
+     * Derive the trusted principal identity server-side from the incoming request.
+     * When provided, the returned `userId` and `orgId` are used instead of any
+     * values supplied in the request body, preventing clients from spoofing their
+     * identity.
+     *
+     * IMPORTANT: This is the recommended way to set `userId` in multi-tenant
+     * deployments. Always derive identity from your application's authenticated
+     * session (e.g. via cookies, JWT, or a session store), NOT from the request
+     * body, which is caller-controlled.
+     *
+     * @example
+     * ```ts
+     * export const POST = withEidentic(agent, {
+     *   async identify(req) {
+     *     const session = await getServerSession(req); // your auth helper
+     *     return { userId: session.user.id };
+     *   },
+     * });
+     * ```
+     */
+    identify?: (req: Request) => {
+        userId?: string;
+        orgId?: string;
+    } | Promise<{
+        userId?: string;
+        orgId?: string;
+    }>;
+}
+/**
+ * Creates a Next.js App Router POST route handler that streams a Eidentic
+ * agent's response to the client.
+ *
+ * **SECURITY NOTICE — this function performs NO authentication or authorization.**
+ * It is a low-level convenience wrapper that reads the request body and starts
+ * an agent run. In any multi-tenant deployment you MUST:
+ *
+ * 1. Authenticate the caller BEFORE the handler runs (e.g. via Next.js middleware,
+ *    or an `identify` option that reads your session cookie / JWT).
+ * 2. Derive `userId` and `sessionId` from your application's authenticated session,
+ *    NOT from the request body (`body.userId` / `body.sessionId` are caller-controlled
+ *    and can be forged). Use the `identify` option for this.
+ * 3. Never expose this handler on a public route without protecting it.
+ *
+ * @example
+ * ```ts
+ * // app/api/chat/route.ts
+ * import { withEidentic } from "@eidentic/nextjs";
+ * import { myAgent } from "@/lib/agent";
+ *
+ * // IMPORTANT: Eidentic requires the Node.js runtime (SQLite, crypto, etc.).
+ * // Add this export to every route file that uses withEidentic.
+ * export const runtime = "nodejs";
+ *
+ * // Simple (single-tenant / no auth):
+ * export const POST = withEidentic(myAgent);
+ *
+ * // Multi-tenant — derive userId server-side from the authenticated session:
+ * export const POST = withEidentic(myAgent, {
+ *   async identify(req) {
+ *     const session = await getServerSession(req); // your auth helper
+ *     if (!session) throw new Error("Unauthenticated"); // or return 401 yourself
+ *     return { userId: session.user.id };
+ *   },
+ * });
+ * // or with options:
+ * // export const POST = withEidentic(myAgent, { protocol: "ndjson" });
+ * ```
+ *
+ * ### Request body (JSON)
+ *
+ * | Field       | Type     | Required | Description                              |
+ * |-------------|----------|----------|------------------------------------------|
+ * | `input`     | `string` | yes*     | The user message                         |
+ * | `message`   | `string` | yes*     | Alias for `input` (useChat default name) |
+ * | `sessionId` | `string` | no       | Resume an existing session               |
+ * | `userId`    | `string` | no       | User ID for memory scoping (see WARNING) |
+ *
+ * *One of `input` or `message` must be present and non-empty.
+ *
+ * WARNING: `userId` and `sessionId` in the request body are caller-controlled.
+ * Always derive identity server-side via the `identify` option in multi-tenant
+ * deployments — do not rely on client-supplied values for access control.
+ *
+ * ### Protocol: `"ai-sdk-ui"` (default)
+ *
+ * The response uses the Vercel AI SDK v6 UI message-stream SSE format.
+ * Wire it up with `useChat` from `@ai-sdk/react`:
+ *
+ * ```tsx
+ * import { useChat } from "@ai-sdk/react";
+ * const { messages, input, handleInputChange, handleSubmit } = useChat({
+ *   api: "/api/chat",
+ * });
+ * ```
+ *
+ * ### Protocol: `"ndjson"`
+ *
+ * Each line is a JSON-serialised `StreamEvent` followed by `\n`.
+ * Content-Type is `application/x-ndjson`.
+ * Use `@eidentic/react`'s `useEidenticStream` on the client.
+ */
+declare function withEidentic(agent: Agent, opts?: WithEidenticOptions): (req: Request) => Promise<Response>;
+/**
+ * Merges Eidentic-required Next.js config onto a user-supplied base config.
+ *
+ * What it does:
+ * - Appends `"better-sqlite3"` to `serverExternalPackages` so the Webpack
+ *   bundler never tries to bundle the native addon (which would fail).
+ *
+ * **If you use `@eidentic/libsql` instead of `@eidentic/sqlite`** you don't need
+ * this (libsql has no native addon), but it's harmless to include anyway.
+ *
+ * @example
+ * ```ts
+ * // next.config.ts
+ * import { eidenticNextConfig } from "@eidentic/nextjs";
+ * import type { NextConfig } from "next";
+ *
+ * const baseConfig: NextConfig = {
+ *   // your existing config here
+ * };
+ *
+ * export default eidenticNextConfig(baseConfig);
+ * ```
+ */
+declare function eidenticNextConfig(userConfig?: NextConfigShape): NextConfigShape;
+/**
+ * Minimal shape of Next.js config that this package touches.
+ * Using a loose record type avoids a `next` peer dep at the type level,
+ * so the package builds correctly in environments where `next` is only
+ * available at runtime.
+ */
+interface NextConfigShape {
+    serverExternalPackages?: string[];
+    [key: string]: unknown;
+}
+
+export { type EidenticProtocol, type NextConfigShape, type WithEidenticOptions, eidenticNextConfig, withEidentic };

package/dist/index.d.ts

@@ -0,0 +1,213 @@
+import { Agent } from '@eidentic/core';
+
+/**
+ * @eidentic/nextjs — Next.js App Router integration for Eidentic agents.
+ *
+ * ## Quick start
+ *
+ * ```ts
+ * // app/api/chat/route.ts
+ * import { withEidentic } from "@eidentic/nextjs";
+ * import { myAgent } from "@/lib/agent";
+ *
+ * export const runtime = "nodejs"; // Required: Eidentic uses Node.js APIs
+ * export const POST = withEidentic(myAgent);
+ * ```
+ *
+ * ## next.config setup
+ *
+ * Avoid native-module bundling errors with `eidenticNextConfig`:
+ *
+ * ```ts
+ * // next.config.ts
+ * import { eidenticNextConfig } from "@eidentic/nextjs";
+ * import type { NextConfig } from "next";
+ *
+ * const nextConfig: NextConfig = {};
+ * export default eidenticNextConfig(nextConfig);
+ * ```
+ *
+ * If you use `@eidentic/sqlite` (which depends on `better-sqlite3`, a native
+ * addon), the config helper ensures it is not bundled by the Next.js Webpack
+ * pipeline.  Prefer `@eidentic/libsql` in serverless/edge environments since
+ * it has no native addon.
+ */
+
+/**
+ * Wire protocol for the route handler response.
+ *
+ * - `"ai-sdk-ui"` (default) — AI SDK v6 UI message-stream format.
+ *   Compatible with `useChat` from `@ai-sdk/react`.  This is the recommended
+ *   default: structured, typed, and compatible with the entire AI SDK
+ *   ecosystem.
+ *
+ * - `"ndjson"` — Raw NDJSON stream of `StreamEvent` objects, one per line.
+ *   Use this with `@eidentic/react`'s `useEidenticStream`.  Choose this when you
+ *   need access to low-level Eidentic events (tool results, session metadata,
+ *   cost/usage) that the AI SDK UI protocol does not surface.
+ */
+type EidenticProtocol = "ai-sdk-ui" | "ndjson";
+interface WithEidenticOptions {
+    /**
+     * Stream protocol.  Defaults to `"ai-sdk-ui"`.
+     *
+     * Use `"ai-sdk-ui"` when the frontend uses `useChat` (AI SDK / CopilotKit).
+     * Use `"ndjson"` when the frontend uses `@eidentic/react`'s `useEidenticStream`
+     * or when you need raw `StreamEvent` access.
+     *
+     * @default "ai-sdk-ui"
+     */
+    protocol?: EidenticProtocol;
+    /**
+     * Extra HTTP headers to include in the streaming response.
+     * Forwarded to `toUIMessageStreamResponse` (for `"ai-sdk-ui"` protocol) or
+     * set on the raw `Response` (for `"ndjson"` protocol).
+     */
+    headers?: Headers | Record<string, string>;
+    /**
+     * Maximum allowed request body size in bytes. Requests with a `Content-Length`
+     * header exceeding this limit are rejected with HTTP 413 before the body is
+     * parsed. Defaults to 1 MB (1_048_576 bytes).
+     *
+     * @default 1_048_576
+     */
+    maxBodyBytes?: number;
+    /**
+     * Derive the trusted principal identity server-side from the incoming request.
+     * When provided, the returned `userId` and `orgId` are used instead of any
+     * values supplied in the request body, preventing clients from spoofing their
+     * identity.
+     *
+     * IMPORTANT: This is the recommended way to set `userId` in multi-tenant
+     * deployments. Always derive identity from your application's authenticated
+     * session (e.g. via cookies, JWT, or a session store), NOT from the request
+     * body, which is caller-controlled.
+     *
+     * @example
+     * ```ts
+     * export const POST = withEidentic(agent, {
+     *   async identify(req) {
+     *     const session = await getServerSession(req); // your auth helper
+     *     return { userId: session.user.id };
+     *   },
+     * });
+     * ```
+     */
+    identify?: (req: Request) => {
+        userId?: string;
+        orgId?: string;
+    } | Promise<{
+        userId?: string;
+        orgId?: string;
+    }>;
+}
+/**
+ * Creates a Next.js App Router POST route handler that streams a Eidentic
+ * agent's response to the client.
+ *
+ * **SECURITY NOTICE — this function performs NO authentication or authorization.**
+ * It is a low-level convenience wrapper that reads the request body and starts
+ * an agent run. In any multi-tenant deployment you MUST:
+ *
+ * 1. Authenticate the caller BEFORE the handler runs (e.g. via Next.js middleware,
+ *    or an `identify` option that reads your session cookie / JWT).
+ * 2. Derive `userId` and `sessionId` from your application's authenticated session,
+ *    NOT from the request body (`body.userId` / `body.sessionId` are caller-controlled
+ *    and can be forged). Use the `identify` option for this.
+ * 3. Never expose this handler on a public route without protecting it.
+ *
+ * @example
+ * ```ts
+ * // app/api/chat/route.ts
+ * import { withEidentic } from "@eidentic/nextjs";
+ * import { myAgent } from "@/lib/agent";
+ *
+ * // IMPORTANT: Eidentic requires the Node.js runtime (SQLite, crypto, etc.).
+ * // Add this export to every route file that uses withEidentic.
+ * export const runtime = "nodejs";
+ *
+ * // Simple (single-tenant / no auth):
+ * export const POST = withEidentic(myAgent);
+ *
+ * // Multi-tenant — derive userId server-side from the authenticated session:
+ * export const POST = withEidentic(myAgent, {
+ *   async identify(req) {
+ *     const session = await getServerSession(req); // your auth helper
+ *     if (!session) throw new Error("Unauthenticated"); // or return 401 yourself
+ *     return { userId: session.user.id };
+ *   },
+ * });
+ * // or with options:
+ * // export const POST = withEidentic(myAgent, { protocol: "ndjson" });
+ * ```
+ *
+ * ### Request body (JSON)
+ *
+ * | Field       | Type     | Required | Description                              |
+ * |-------------|----------|----------|------------------------------------------|
+ * | `input`     | `string` | yes*     | The user message                         |
+ * | `message`   | `string` | yes*     | Alias for `input` (useChat default name) |
+ * | `sessionId` | `string` | no       | Resume an existing session               |
+ * | `userId`    | `string` | no       | User ID for memory scoping (see WARNING) |
+ *
+ * *One of `input` or `message` must be present and non-empty.
+ *
+ * WARNING: `userId` and `sessionId` in the request body are caller-controlled.
+ * Always derive identity server-side via the `identify` option in multi-tenant
+ * deployments — do not rely on client-supplied values for access control.
+ *
+ * ### Protocol: `"ai-sdk-ui"` (default)
+ *
+ * The response uses the Vercel AI SDK v6 UI message-stream SSE format.
+ * Wire it up with `useChat` from `@ai-sdk/react`:
+ *
+ * ```tsx
+ * import { useChat } from "@ai-sdk/react";
+ * const { messages, input, handleInputChange, handleSubmit } = useChat({
+ *   api: "/api/chat",
+ * });
+ * ```
+ *
+ * ### Protocol: `"ndjson"`
+ *
+ * Each line is a JSON-serialised `StreamEvent` followed by `\n`.
+ * Content-Type is `application/x-ndjson`.
+ * Use `@eidentic/react`'s `useEidenticStream` on the client.
+ */
+declare function withEidentic(agent: Agent, opts?: WithEidenticOptions): (req: Request) => Promise<Response>;
+/**
+ * Merges Eidentic-required Next.js config onto a user-supplied base config.
+ *
+ * What it does:
+ * - Appends `"better-sqlite3"` to `serverExternalPackages` so the Webpack
+ *   bundler never tries to bundle the native addon (which would fail).
+ *
+ * **If you use `@eidentic/libsql` instead of `@eidentic/sqlite`** you don't need
+ * this (libsql has no native addon), but it's harmless to include anyway.
+ *
+ * @example
+ * ```ts
+ * // next.config.ts
+ * import { eidenticNextConfig } from "@eidentic/nextjs";
+ * import type { NextConfig } from "next";
+ *
+ * const baseConfig: NextConfig = {
+ *   // your existing config here
+ * };
+ *
+ * export default eidenticNextConfig(baseConfig);
+ * ```
+ */
+declare function eidenticNextConfig(userConfig?: NextConfigShape): NextConfigShape;
+/**
+ * Minimal shape of Next.js config that this package touches.
+ * Using a loose record type avoids a `next` peer dep at the type level,
+ * so the package builds correctly in environments where `next` is only
+ * available at runtime.
+ */
+interface NextConfigShape {
+    serverExternalPackages?: string[];
+    [key: string]: unknown;
+}
+
+export { type EidenticProtocol, type NextConfigShape, type WithEidenticOptions, eidenticNextConfig, withEidentic };

package/dist/index.js

@@ -0,0 +1,146 @@
+// src/index.ts
+import {
+  toUIMessageStreamResponse
+} from "@eidentic/server";
+function toHeaders(h) {
+  if (h instanceof Headers) return h;
+  return new Headers(h);
+}
+var DEFAULT_MAX_BODY_BYTES = 1048576;
+function withEidentic(agent, opts = {}) {
+  const protocol = opts.protocol ?? "ai-sdk-ui";
+  const maxBodyBytes = opts.maxBodyBytes ?? DEFAULT_MAX_BODY_BYTES;
+  return async function handler(req) {
+    const contentLength = req.headers.get("content-length");
+    if (contentLength !== null) {
+      const bytes = parseInt(contentLength, 10);
+      if (!isNaN(bytes) && bytes > maxBodyBytes) {
+        return new Response(
+          JSON.stringify({ error: `Request body too large (max ${maxBodyBytes} bytes)` }),
+          { status: 413, headers: { "Content-Type": "application/json" } }
+        );
+      }
+    }
+    let rawText;
+    try {
+      const reader = req.body?.getReader();
+      if (!reader) {
+        rawText = "";
+      } else {
+        const decoder = new TextDecoder();
+        const chunks = [];
+        let totalBytes = 0;
+        while (true) {
+          const { done, value } = await reader.read();
+          if (done) break;
+          if (value) {
+            totalBytes += value.byteLength;
+            if (totalBytes > maxBodyBytes) {
+              reader.cancel().catch(() => {
+              });
+              return new Response(
+                JSON.stringify({ error: `Request body too large (max ${maxBodyBytes} bytes)` }),
+                { status: 413, headers: { "Content-Type": "application/json" } }
+              );
+            }
+            chunks.push(value);
+          }
+        }
+        rawText = decoder.decode(
+          chunks.length === 1 ? chunks[0] : chunks.reduce((acc, c) => {
+            const merged = new Uint8Array(acc.byteLength + c.byteLength);
+            merged.set(acc, 0);
+            merged.set(c, acc.byteLength);
+            return merged;
+          }, new Uint8Array(0))
+        );
+      }
+    } catch {
+      return new Response(
+        JSON.stringify({ error: "Invalid JSON body" }),
+        { status: 400, headers: { "Content-Type": "application/json" } }
+      );
+    }
+    let body;
+    try {
+      body = JSON.parse(rawText);
+    } catch {
+      return new Response(
+        JSON.stringify({ error: "Invalid JSON body" }),
+        { status: 400, headers: { "Content-Type": "application/json" } }
+      );
+    }
+    const input = body.input ?? body.message;
+    if (typeof input !== "string" || input.trim() === "") {
+      return new Response(
+        JSON.stringify({ error: "Missing or invalid 'input' (or 'message') field" }),
+        { status: 400, headers: { "Content-Type": "application/json" } }
+      );
+    }
+    const sessionId = typeof body.sessionId === "string" && body.sessionId.length > 0 ? body.sessionId : crypto.randomUUID();
+    let userId;
+    let orgId;
+    if (opts.identify) {
+      const principal = await opts.identify(req);
+      userId = principal.userId;
+      orgId = principal.orgId;
+    } else {
+      userId = typeof body.userId === "string" && body.userId.length > 0 ? body.userId : void 0;
+    }
+    const signal = req.signal;
+    const events = agent.query(input, { sessionId, userId, orgId, signal });
+    if (protocol === "ai-sdk-ui") {
+      const streamOpts = {};
+      if (opts.headers) {
+        streamOpts.headers = toHeaders(opts.headers);
+      }
+      return toUIMessageStreamResponse(events, streamOpts);
+    }
+    const extraHeaders = opts.headers ? toHeaders(opts.headers) : new Headers();
+    extraHeaders.set("Content-Type", "application/x-ndjson");
+    extraHeaders.set("Transfer-Encoding", "chunked");
+    const stream = new ReadableStream({
+      async start(controller) {
+        const encoder = new TextEncoder();
+        try {
+          for await (const ev of events) {
+            if (signal.aborted) break;
+            controller.enqueue(encoder.encode(JSON.stringify(ev) + "\n"));
+          }
+        } catch (err) {
+          if (!signal.aborted) {
+            const msg = err instanceof Error ? err.message : String(err);
+            controller.enqueue(
+              encoder.encode(
+                JSON.stringify({
+                  type: "result",
+                  subtype: "error",
+                  output: msg,
+                  usage: { inputTokens: 0, outputTokens: 0 },
+                  numTurns: 0,
+                  sessionId
+                }) + "\n"
+              )
+            );
+          }
+        } finally {
+          controller.close();
+        }
+      }
+    });
+    return new Response(stream, { headers: extraHeaders });
+  };
+}
+function eidenticNextConfig(userConfig = {}) {
+  const existing = Array.isArray(userConfig.serverExternalPackages) ? userConfig.serverExternalPackages : [];
+  const eidentic = ["better-sqlite3"];
+  const merged = [.../* @__PURE__ */ new Set([...existing, ...eidentic])];
+  return {
+    ...userConfig,
+    serverExternalPackages: merged
+  };
+}
+export {
+  eidenticNextConfig,
+  withEidentic
+};

package/package.json

@@ -0,0 +1,65 @@
+{
+  "name": "@eidentic/nextjs",
+  "version": "0.1.0",
+  "type": "module",
+  "license": "Apache-2.0",
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/eidentic/eidentic.git",
+    "directory": "packages/nextjs"
+  },
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "sideEffects": false,
+  "files": [
+    "dist",
+    "LICENSE",
+    "README.md"
+  ],
+  "dependencies": {
+    "@eidentic/core": "0.1.0",
+    "@eidentic/server": "0.1.0",
+    "@eidentic/types": "0.1.0"
+  },
+  "peerDependencies": {
+    "next": ">=14"
+  },
+  "peerDependenciesMeta": {
+    "next": {
+      "optional": false
+    }
+  },
+  "description": "Next.js App Router integration for Eidentic — `withEidentic` route helper and `eidenticNextConfig` for native-addon bundling.",
+  "keywords": [
+    "ai",
+    "agents",
+    "typescript",
+    "eidentic",
+    "nextjs",
+    "app-router",
+    "server-components",
+    "streaming"
+  ],
+  "homepage": "https://github.com/eidentic/eidentic#readme",
+  "bugs": {
+    "url": "https://github.com/eidentic/eidentic/issues"
+  },
+  "engines": {
+    "node": ">=22"
+  },
+  "scripts": {
+    "build": "tsup src/index.ts --format esm,cjs --dts --clean",
+    "typecheck": "tsc --noEmit"
+  }
+}