@soulcraft/sdk 2.4.1 → 2.6.0

package/dist/modules/auth/sveltekit.d.ts

@@ -0,0 +1,208 @@
+/**
+ * @module modules/auth/sveltekit
+ * @description Opinionated SvelteKit auth integration for Soulcraft products.
+ *
+ * `createSoulcraftAuth()` returns everything a SvelteKit product needs for auth:
+ * a `Handle` hook, a backchannel-logout request handler, and a logout request handler.
+ * One function, zero choices.
+ *
+ * ## What it does
+ *
+ * - **Session resolution** — reads the IdP cross-domain cookie, verifies via
+ *   `createRemoteSessionVerifier` (30s LRU cache) in production or
+ *   `createDevCookieVerifier` in dev mode
+ * - **Stale cookie recovery** — detects "cookie present but session null" and
+ *   clears the stale cookie via `Set-Cookie: Max-Age=0`, breaking redirect loops
+ * - **CSRF bypass** — rewrites the `origin` header for `POST /api/auth/backchannel-logout`
+ *   so SvelteKit's built-in CSRF check doesn't block server-to-server IdP calls
+ * - **User enrichment** — optional `enrichUser` callback for product-specific
+ *   role resolution (e.g. Venue staff lookup, Portal admin check)
+ * - **Backchannel logout** — verifies the HS256 JWT logout token from the IdP
+ * - **Logout** — clears local cookies and returns the IdP end-session URL
+ *
+ * ## Usage
+ *
+ * ```typescript
+ * // hooks.server.ts
+ * import { createSoulcraftAuth } from '@soulcraft/sdk/server'
+ *
+ * const auth = createSoulcraftAuth({ product: 'venue' })
+ * export const handle = auth.handle
+ *
+ * // routes/api/auth/backchannel-logout/+server.ts
+ * export const POST = auth.backchannelHandler
+ *
+ * // routes/api/auth/logout/+server.ts
+ * export const POST = auth.logoutHandler
+ * ```
+ *
+ * @example With user enrichment (Venue staff role)
+ * ```typescript
+ * const auth = createSoulcraftAuth({
+ *   product: 'venue',
+ *   enrichUser: async (user, event) => {
+ *     const staff = await lookupStaff(event.locals.brain, user.id)
+ *     return { ...user, role: staff?.role ?? 'customer' }
+ *   }
+ * })
+ * ```
+ */
+import type { SessionVerifier } from './middleware.js';
+import type { SoulcraftSessionUser } from './types.js';
+/**
+ * Minimal SvelteKit RequestEvent shape. Structurally compatible with
+ * `@sveltejs/kit`'s `RequestEvent` without requiring it as a dependency.
+ */
+export interface SvelteKitEvent {
+    request: Request;
+    url: URL;
+    locals: Record<string, unknown>;
+    cookies: {
+        delete(name: string, opts?: {
+            path?: string;
+        }): void;
+    };
+}
+/**
+ * Minimal SvelteKit Handle function shape. Structurally compatible with
+ * `@sveltejs/kit`'s `Handle` type.
+ */
+export type SvelteKitHandle = (input: {
+    event: SvelteKitEvent;
+    resolve: (event: SvelteKitEvent) => Promise<Response>;
+}) => Promise<Response>;
+/**
+ * Minimal SvelteKit RequestHandler shape for `+server.ts` exports.
+ */
+export type SvelteKitRequestHandler = (event: SvelteKitEvent) => Promise<Response>;
+/**
+ * @description Configuration for `createSoulcraftAuth()`.
+ */
+export interface SoulcraftAuthOptions {
+    /**
+     * The product identifier. Used as the OIDC `client_id` when building the
+     * IdP end-session URL for logout. Also used as the default for
+     * `SOULCRAFT_OIDC_CLIENT_ID` when the env var is not set.
+     */
+    product: string;
+    /**
+     * Optional session verifier override. When omitted, the verifier is
+     * auto-selected based on environment:
+     * - `SOULCRAFT_IDP_URL` set → `createRemoteSessionVerifier`
+     * - `SOULCRAFT_IDP_URL` unset → `createDevCookieVerifier`
+     */
+    verifier?: SessionVerifier;
+    /**
+     * Optional callback to enrich the user object with product-specific fields
+     * after session resolution. Called on every authenticated request.
+     *
+     * The returned object replaces `event.locals.user`. Return the original
+     * user (or a superset) — never return null.
+     *
+     * @param user - The resolved `SoulcraftSessionUser` from the IdP.
+     * @param event - The SvelteKit request event (access `locals`, `url`, etc.).
+     * @returns The enriched user object to store in `event.locals.user`.
+     *
+     * @example Venue staff role lookup
+     * ```typescript
+     * enrichUser: async (user, event) => {
+     *   const staff = await findStaffByAuthId(event.locals.brain, user.id)
+     *   return { ...user, role: staff?.role ?? 'customer' }
+     * }
+     * ```
+     */
+    enrichUser?: (user: SoulcraftSessionUser, event: SvelteKitEvent) => Promise<Record<string, unknown>> | Record<string, unknown>;
+    /**
+     * Name of the dev session cookie. Must match the cookie name used by
+     * `/api/dev/login` in the product. Default: `'soulcraft_dev_session'`.
+     */
+    devCookieName?: string;
+    /**
+     * Path prefix for the backchannel-logout endpoint. The CSRF bypass
+     * rewrites the origin header for POST requests to this path.
+     * Default: `'/api/auth/backchannel-logout'`.
+     */
+    backchannelPath?: string;
+}
+/**
+ * @description The return value of `createSoulcraftAuth()`.
+ */
+export interface SoulcraftAuth {
+    /**
+     * SvelteKit `Handle` hook that resolves sessions, clears stale cookies,
+     * and bypasses CSRF for the backchannel-logout endpoint.
+     *
+     * Use with `sequence()` if you have other hooks:
+     * ```typescript
+     * export const handle = sequence(auth.handle, myOtherHook)
+     * ```
+     */
+    handle: SvelteKitHandle;
+    /**
+     * SvelteKit request handler for `POST /api/auth/backchannel-logout`.
+     *
+     * Verifies the HS256 JWT logout token from the IdP. Returns 200 on
+     * success, 400 for malformed tokens. Since SvelteKit products hold no
+     * local sessions (auth state lives at the IdP), this endpoint only
+     * verifies the token and acknowledges receipt.
+     *
+     * Mount in `routes/api/auth/backchannel-logout/+server.ts`:
+     * ```typescript
+     * export const POST = auth.backchannelHandler
+     * ```
+     */
+    backchannelHandler: SvelteKitRequestHandler;
+    /**
+     * SvelteKit request handler for `POST /api/auth/logout`.
+     *
+     * Clears the local session cookie (dev or guest) and returns the IdP
+     * end-session URL as `{ redirect: string }`. The client navigates to
+     * this URL to complete platform-wide sign-out.
+     *
+     * Mount in `routes/api/auth/logout/+server.ts`:
+     * ```typescript
+     * export const POST = auth.logoutHandler
+     * ```
+     */
+    logoutHandler: SvelteKitRequestHandler;
+    /**
+     * The session verifier function, exposed for direct use in server load
+     * functions or API routes that need session data outside the hook.
+     */
+    verifySession: SessionVerifier;
+}
+/**
+ * @description Creates the complete SvelteKit auth integration for a Soulcraft product.
+ *
+ * Returns a `handle` hook, a `backchannelHandler`, and a `logoutHandler` — everything
+ * needed for auth in a SvelteKit product. One function call replaces ~100 lines of
+ * hand-rolled auth code in each product's hooks.server.ts.
+ *
+ * **Environment variables read:**
+ * - `SOULCRAFT_IDP_URL` — IdP base URL. Present → production mode. Absent → dev mode.
+ * - `SOULCRAFT_OIDC_CLIENT_ID` — OIDC client ID. Falls back to `options.product`.
+ * - `SOULCRAFT_OIDC_CLIENT_SECRET` — OIDC client secret. Required for backchannel logout.
+ * - `BETTER_AUTH_URL` — This product's base URL. Used for `post_logout_redirect_uri`.
+ *
+ * @param options - Product name, optional verifier override, optional user enrichment.
+ * @returns `{ handle, backchannelHandler, logoutHandler, verifySession }`.
+ *
+ * @example Minimal setup (Workshop, Academy)
+ * ```typescript
+ * const auth = createSoulcraftAuth({ product: 'workshop' })
+ * export const handle = auth.handle
+ * ```
+ *
+ * @example With enrichment (Venue)
+ * ```typescript
+ * const auth = createSoulcraftAuth({
+ *   product: 'venue',
+ *   enrichUser: async (user, event) => {
+ *     const staff = await findStaff(event.locals.brain, user.id)
+ *     return { ...user, role: staff?.role ?? 'customer' }
+ *   }
+ * })
+ * ```
+ */
+export declare function createSoulcraftAuth(options: SoulcraftAuthOptions): SoulcraftAuth;
+//# sourceMappingURL=sveltekit.d.ts.map

package/dist/modules/auth/sveltekit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sveltekit.d.ts","sourceRoot":"","sources":["../../../src/modules/auth/sveltekit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AACtD,OAAO,KAAK,EAAE,oBAAoB,EAAoB,MAAM,YAAY,CAAA;AAMxE;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAA;IAChB,GAAG,EAAE,GAAG,CAAA;IACR,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC/B,OAAO,EAAE;QACP,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE;YAAE,IAAI,CAAC,EAAE,MAAM,CAAA;SAAE,GAAG,IAAI,CAAA;KACrD,CAAA;CACF;AAED;;;GAGG;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,KAAK,EAAE;IACpC,KAAK,EAAE,cAAc,CAAA;IACrB,OAAO,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;CACtD,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;AAEvB;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,KAAK,EAAE,cAAc,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;AAMlF;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;;;OAIG;IACH,OAAO,EAAE,MAAM,CAAA;IAEf;;;;;OAKG;IACH,QAAQ,CAAC,EAAE,eAAe,CAAA;IAE1B;;;;;;;;;;;;;;;;;;OAkBG;IACH,UAAU,CAAC,EAAE,CACX,IAAI,EAAE,oBAAoB,EAC1B,KAAK,EAAE,cAAc,KAClB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAE/D;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAA;IAEtB;;;;OAIG;IACH,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;;;;;;;OAQG;IACH,MAAM,EAAE,eAAe,CAAA;IAEvB;;;;;;;;;;;;OAYG;IACH,kBAAkB,EAAE,uBAAuB,CAAA;IAE3C;;;;;;;;;;;OAWG;IACH,aAAa,EAAE,uBAAuB,CAAA;IAEtC;;;OAGG;IACH,aAAa,EAAE,eAAe,CAAA;CAC/B;AAuFD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,oBAAoB,GAAG,aAAa,CAiJhF"}

package/dist/modules/auth/sveltekit.js

@@ -0,0 +1,263 @@
+/**
+ * @module modules/auth/sveltekit
+ * @description Opinionated SvelteKit auth integration for Soulcraft products.
+ *
+ * `createSoulcraftAuth()` returns everything a SvelteKit product needs for auth:
+ * a `Handle` hook, a backchannel-logout request handler, and a logout request handler.
+ * One function, zero choices.
+ *
+ * ## What it does
+ *
+ * - **Session resolution** — reads the IdP cross-domain cookie, verifies via
+ *   `createRemoteSessionVerifier` (30s LRU cache) in production or
+ *   `createDevCookieVerifier` in dev mode
+ * - **Stale cookie recovery** — detects "cookie present but session null" and
+ *   clears the stale cookie via `Set-Cookie: Max-Age=0`, breaking redirect loops
+ * - **CSRF bypass** — rewrites the `origin` header for `POST /api/auth/backchannel-logout`
+ *   so SvelteKit's built-in CSRF check doesn't block server-to-server IdP calls
+ * - **User enrichment** — optional `enrichUser` callback for product-specific
+ *   role resolution (e.g. Venue staff lookup, Portal admin check)
+ * - **Backchannel logout** — verifies the HS256 JWT logout token from the IdP
+ * - **Logout** — clears local cookies and returns the IdP end-session URL
+ *
+ * ## Usage
+ *
+ * ```typescript
+ * // hooks.server.ts
+ * import { createSoulcraftAuth } from '@soulcraft/sdk/server'
+ *
+ * const auth = createSoulcraftAuth({ product: 'venue' })
+ * export const handle = auth.handle
+ *
+ * // routes/api/auth/backchannel-logout/+server.ts
+ * export const POST = auth.backchannelHandler
+ *
+ * // routes/api/auth/logout/+server.ts
+ * export const POST = auth.logoutHandler
+ * ```
+ *
+ * @example With user enrichment (Venue staff role)
+ * ```typescript
+ * const auth = createSoulcraftAuth({
+ *   product: 'venue',
+ *   enrichUser: async (user, event) => {
+ *     const staff = await lookupStaff(event.locals.brain, user.id)
+ *     return { ...user, role: staff?.role ?? 'customer' }
+ *   }
+ * })
+ * ```
+ */
+import { createRemoteSessionVerifier, createDevCookieVerifier } from './middleware.js';
+// ─────────────────────────────────────────────────────────────────────────────
+// Constants
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * The cross-subdomain session cookie name set by the IdP.
+ * better-auth prefixes with `__Secure-` when `useSecureCookies: true`.
+ */
+const SESSION_COOKIE = '__Secure-better-auth.session_token';
+/**
+ * Set-Cookie header value that expires the stale session cookie.
+ * Attributes mirror the IdP's original cookie so the browser accepts it.
+ */
+const CLEAR_SESSION_COOKIE = `${SESSION_COOKIE}=; Domain=.soulcraft.com; Path=/; Max-Age=0; Secure; HttpOnly; SameSite=Lax`;
+/** OIDC Back-Channel Logout event URI (per spec). */
+const BACKCHANNEL_LOGOUT_EVENT = 'http://schemas.openid.net/event/backchannel-logout';
+// ─────────────────────────────────────────────────────────────────────────────
+// JWT verification (Web Crypto API — no external deps)
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Verify an HS256 JWT using the Web Crypto API.
+ *
+ * @param token - Raw JWT string (`header.payload.signature`).
+ * @param secret - HMAC secret for signature verification.
+ * @returns The decoded payload if the signature is valid, or null.
+ */
+async function verifyHS256JWT(token, secret) {
+    const parts = token.split('.');
+    if (parts.length !== 3)
+        return null;
+    const [headerB64, payloadB64, sigB64] = parts;
+    let key;
+    try {
+        key = await crypto.subtle.importKey('raw', new TextEncoder().encode(secret), { name: 'HMAC', hash: 'SHA-256' }, false, ['verify']);
+    }
+    catch {
+        return null;
+    }
+    const signingInput = `${headerB64}.${payloadB64}`;
+    let sigBytes;
+    try {
+        sigBytes = Uint8Array.from(atob(sigB64.replace(/-/g, '+').replace(/_/g, '/')), (c) => c.charCodeAt(0));
+    }
+    catch {
+        return null;
+    }
+    const valid = await crypto.subtle.verify('HMAC', key, sigBytes.buffer, new TextEncoder().encode(signingInput));
+    if (!valid)
+        return null;
+    try {
+        const padded = payloadB64.replace(/-/g, '+').replace(/_/g, '/') +
+            '=='.slice(0, (4 - (payloadB64.length % 4)) % 4);
+        return JSON.parse(atob(padded));
+    }
+    catch {
+        return null;
+    }
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// createSoulcraftAuth
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * @description Creates the complete SvelteKit auth integration for a Soulcraft product.
+ *
+ * Returns a `handle` hook, a `backchannelHandler`, and a `logoutHandler` — everything
+ * needed for auth in a SvelteKit product. One function call replaces ~100 lines of
+ * hand-rolled auth code in each product's hooks.server.ts.
+ *
+ * **Environment variables read:**
+ * - `SOULCRAFT_IDP_URL` — IdP base URL. Present → production mode. Absent → dev mode.
+ * - `SOULCRAFT_OIDC_CLIENT_ID` — OIDC client ID. Falls back to `options.product`.
+ * - `SOULCRAFT_OIDC_CLIENT_SECRET` — OIDC client secret. Required for backchannel logout.
+ * - `BETTER_AUTH_URL` — This product's base URL. Used for `post_logout_redirect_uri`.
+ *
+ * @param options - Product name, optional verifier override, optional user enrichment.
+ * @returns `{ handle, backchannelHandler, logoutHandler, verifySession }`.
+ *
+ * @example Minimal setup (Workshop, Academy)
+ * ```typescript
+ * const auth = createSoulcraftAuth({ product: 'workshop' })
+ * export const handle = auth.handle
+ * ```
+ *
+ * @example With enrichment (Venue)
+ * ```typescript
+ * const auth = createSoulcraftAuth({
+ *   product: 'venue',
+ *   enrichUser: async (user, event) => {
+ *     const staff = await findStaff(event.locals.brain, user.id)
+ *     return { ...user, role: staff?.role ?? 'customer' }
+ *   }
+ * })
+ * ```
+ */
+export function createSoulcraftAuth(options) {
+    const { product, enrichUser, devCookieName = 'soulcraft_dev_session', backchannelPath = '/api/auth/backchannel-logout', } = options;
+    // ── Session verifier selection ──────────────────────────────────────────
+    const idpUrl = process.env['SOULCRAFT_IDP_URL'];
+    const verifySession = options.verifier
+        ?? (idpUrl
+            ? createRemoteSessionVerifier({ idpUrl })
+            : createDevCookieVerifier(devCookieName));
+    // ── Handle hook ─────────────────────────────────────────────────────────
+    const handle = async ({ event, resolve }) => {
+        // CSRF bypass for backchannel-logout — the IdP sends server-to-server
+        // POST requests without a browser origin header. Rewrite it so
+        // SvelteKit's CSRF check passes. The endpoint itself verifies the JWT.
+        if (event.url.pathname === backchannelPath &&
+            event.request.method === 'POST') {
+            const headers = new Headers(event.request.headers);
+            headers.set('origin', event.url.origin);
+            event.request = new Request(event.request, { headers });
+        }
+        // Resolve session
+        const cookieHeader = event.request.headers.get('cookie') ?? '';
+        const session = await verifySession(cookieHeader);
+        // Stale cookie recovery — if cookie present but session null, clear it
+        const hasSessionCookie = cookieHeader.includes(SESSION_COOKIE);
+        if (hasSessionCookie && !session) {
+            const response = await resolve(event);
+            response.headers.append('Set-Cookie', CLEAR_SESSION_COOKIE);
+            return response;
+        }
+        // Attach session and user to locals
+        event.locals['session'] = session
+            ? { sessionId: session.sessionId, expiresAt: session.expiresAt }
+            : null;
+        if (session) {
+            const user = enrichUser
+                ? await enrichUser(session.user, event)
+                : session.user;
+            event.locals['user'] = user;
+        }
+        else {
+            event.locals['user'] = null;
+        }
+        return resolve(event);
+    };
+    // ── Backchannel logout handler ──────────────────────────────────────────
+    const backchannelHandler = async ({ request }) => {
+        const clientSecret = process.env['SOULCRAFT_OIDC_CLIENT_SECRET'];
+        const idpUrlEnv = process.env['SOULCRAFT_IDP_URL'];
+        const clientId = process.env['SOULCRAFT_OIDC_CLIENT_ID'] ?? product;
+        // Only operates in OIDC client mode
+        if (!clientSecret || !idpUrlEnv) {
+            return new Response(null, { status: 200 });
+        }
+        // Parse logout_token from form body
+        let logoutToken = null;
+        try {
+            const body = await request.text();
+            const params = new URLSearchParams(body);
+            logoutToken = params.get('logout_token');
+        }
+        catch {
+            return new Response('malformed request body', { status: 400 });
+        }
+        if (!logoutToken) {
+            return new Response('missing logout_token', { status: 400 });
+        }
+        // Verify JWT signature and claims
+        const payload = await verifyHS256JWT(logoutToken, clientSecret);
+        if (!payload) {
+            return new Response('invalid logout_token', { status: 400 });
+        }
+        // Validate issuer
+        const expectedIss = idpUrlEnv.replace(/\/$/, '');
+        if (payload['iss'] !== expectedIss) {
+            return new Response('invalid issuer', { status: 400 });
+        }
+        // Validate audience
+        const aud = payload['aud'];
+        const audList = Array.isArray(aud) ? aud : [String(aud ?? '')];
+        if (!audList.includes(clientId)) {
+            return new Response('invalid audience', { status: 400 });
+        }
+        // Validate events claim
+        const events = payload['events'];
+        if (!events || !(BACKCHANNEL_LOGOUT_EVENT in events)) {
+            return new Response('missing backchannel-logout event claim', { status: 400 });
+        }
+        // Validate sub claim
+        if (!payload['sub'] || typeof payload['sub'] !== 'string') {
+            return new Response('missing sub claim', { status: 400 });
+        }
+        // SvelteKit products hold no local sessions — auth state lives at the IdP.
+        // The SDK verifier's 30s LRU cache will expire naturally.
+        return new Response(null, { status: 200 });
+    };
+    // ── Logout handler ──────────────────────────────────────────────────────
+    const logoutHandler = async ({ cookies, url }) => {
+        const idpUrlEnv = process.env['SOULCRAFT_IDP_URL'];
+        if (!idpUrlEnv) {
+            // Dev mode — clear the dev session cookie and redirect home
+            cookies.delete(devCookieName, { path: '/' });
+            return new Response(JSON.stringify({ redirect: '/' }), {
+                headers: { 'Content-Type': 'application/json' },
+            });
+        }
+        // OIDC mode — build the IdP end-session URL
+        const clientId = process.env['SOULCRAFT_OIDC_CLIENT_ID'] ?? product;
+        const baseUrl = process.env['BETTER_AUTH_URL'] ?? `${url.protocol}//${url.host}`;
+        const params = new URLSearchParams({
+            client_id: clientId,
+            post_logout_redirect_uri: `${baseUrl}/`,
+        });
+        const endSessionUrl = `${idpUrlEnv}/api/auth/oauth2/endsession?${params}`;
+        return new Response(JSON.stringify({ redirect: endSessionUrl }), {
+            headers: { 'Content-Type': 'application/json' },
+        });
+    };
+    return { handle, backchannelHandler, logoutHandler, verifySession };
+}
+//# sourceMappingURL=sveltekit.js.map

package/dist/modules/auth/sveltekit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sveltekit.js","sourceRoot":"","sources":["../../../src/modules/auth/sveltekit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAEH,OAAO,EAAE,2BAA2B,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAA;AAmJtF,gFAAgF;AAChF,YAAY;AACZ,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,cAAc,GAAG,oCAAoC,CAAA;AAE3D;;;GAGG;AACH,MAAM,oBAAoB,GACxB,GAAG,cAAc,6EAA6E,CAAA;AAEhG,qDAAqD;AACrD,MAAM,wBAAwB,GAAG,oDAAoD,CAAA;AAErF,gFAAgF;AAChF,uDAAuD;AACvD,gFAAgF;AAEhF;;;;;;GAMG;AACH,KAAK,UAAU,cAAc,CAC3B,KAAa,EACb,MAAc;IAEd,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAEnC,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,MAAM,CAAC,GAAG,KAAiC,CAAA;IAEzE,IAAI,GAAc,CAAA;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACjC,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,EAChC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAA;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;IAED,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAA;IACjD,IAAI,QAAoB,CAAA;IACxB,IAAI,CAAC;QACH,QAAQ,GAAG,UAAU,CAAC,IAAI,CACxB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,EAClD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CACvB,CAAA;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CACtC,MAAM,EACN,GAAG,EACH,QAAQ,CAAC,MAAqB,EAC9B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CACvC,CAAA;IACD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IAEvB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;YAC7D,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;QAClD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAA4B,CAAA;IAC5D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,sBAAsB;AACtB,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAA6B;IAC/D,MAAM,EACJ,OAAO,EACP,UAAU,EACV,aAAa,GAAG,uBAAuB,EACvC,eAAe,GAAG,8BAA8B,GACjD,GAAG,OAAO,CAAA;IAEX,2EAA2E;IAC3E,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;IAC/C,MAAM,aAAa,GAAoB,OAAO,CAAC,QAAQ;WAClD,CAAC,MAAM;YACR,CAAC,CAAC,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC;YACzC,CAAC,CAAC,uBAAuB,CAAC,aAAa,CAAC,CAAC,CAAA;IAE7C,2EAA2E;IAC3E,MAAM,MAAM,GAAoB,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE;QAC3D,sEAAsE;QACtE,+DAA+D;QAC/D,uEAAuE;QACvE,IACE,KAAK,CAAC,GAAG,CAAC,QAAQ,KAAK,eAAe;YACtC,KAAK,CAAC,OAAO,CAAC,MAAM,KAAK,MAAM,EAC/B,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;YAClD,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;YACvC,KAAK,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,CAAC,CAAA;QACzD,CAAC;QAED,kBAAkB;QAClB,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;QAC9D,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,YAAY,CAAC,CAAA;QAEjD,uEAAuE;QACvE,MAAM,gBAAgB,GAAG,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;QAC9D,IAAI,gBAAgB,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,CAAA;YACrC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAA;YAC3D,OAAO,QAAQ,CAAA;QACjB,CAAC;QAED,oCAAoC;QACpC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,OAAO;YAC/B,CAAC,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE;YAChE,CAAC,CAAC,IAAI,CAAA;QAER,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,UAAU;gBACrB,CAAC,CAAC,MAAM,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC;gBACvC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAA;YAChB,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,CAAA;QAC7B,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,CAAA;QAC7B,CAAC;QAED,OAAO,OAAO,CAAC,KAAK,CAAC,CAAA;IACvB,CAAC,CAAA;IAED,2EAA2E;IAC3E,MAAM,kBAAkB,GAA4B,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;QACxE,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAA;QAChE,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;QAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,IAAI,OAAO,CAAA;QAEnE,oCAAoC;QACpC,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;YAChC,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC5C,CAAC;QAED,oCAAoC;QACpC,IAAI,WAAW,GAAkB,IAAI,CAAA;QACrC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAA;YACjC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAA;YACxC,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,QAAQ,CAAC,wBAAwB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAChE,CAAC;QAED,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,QAAQ,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC9D,CAAC;QAED,kCAAkC;QAClC,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,YAAY,CAAC,CAAA;QAC/D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,QAAQ,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC9D,CAAC;QAED,kBAAkB;QAClB,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;QAChD,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,WAAW,EAAE,CAAC;YACnC,OAAO,IAAI,QAAQ,CAAC,gBAAgB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QACxD,CAAC;QAED,oBAAoB;QACpB,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAA;QAC1B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAe,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,CAAA;QAC1E,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,OAAO,IAAI,QAAQ,CAAC,kBAAkB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC1D,CAAC;QAED,wBAAwB;QACxB,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAwC,CAAA;QACvE,IAAI,CAAC,MAAM,IAAI,CAAC,CAAC,wBAAwB,IAAI,MAAM,CAAC,EAAE,CAAC;YACrD,OAAO,IAAI,QAAQ,CAAC,wCAAwC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAChF,CAAC;QAED,qBAAqB;QACrB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,OAAO,OAAO,CAAC,KAAK,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1D,OAAO,IAAI,QAAQ,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC3D,CAAC;QAED,2EAA2E;QAC3E,0DAA0D;QAC1D,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAC5C,CAAC,CAAA;IAED,2EAA2E;IAC3E,MAAM,aAAa,GAA4B,KAAK,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,EAAE;QACxE,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;QAElD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,4DAA4D;YAC5D,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAA;YAC5C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE;gBACrD,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CAAC,CAAA;QACJ,CAAC;QAED,4CAA4C;QAC5C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,IAAI,OAAO,CAAA;QACnE,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,IAAI,EAAE,CAAA;QAChF,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,QAAQ;YACnB,wBAAwB,EAAE,GAAG,OAAO,GAAG;SACxC,CAAC,CAAA;QAEF,MAAM,aAAa,GAAG,GAAG,SAAS,+BAA+B,MAAM,EAAE,CAAA;QACzE,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,EAAE;YAC/D,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;SAChD,CAAC,CAAA;IACJ,CAAC,CAAA;IAED,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,aAAa,EAAE,aAAa,EAAE,CAAA;AACrE,CAAC"}

package/dist/server/index.d.ts

@@ -1,28 +1,35 @@
 /**
  * @module @soulcraft/sdk/server
  * @description Server entry point for @soulcraft/sdk. Exports everything needed to
- * run the SDK in a product backend (Hono, SvelteKit, or any Bun/Node server).
+ * run the SDK in a product backend (SvelteKit, Bun, Hono, or any server).
  *
- * Use `createSoulcraftRouter()` to mount a single Hono router that handles ALL
- * 25 SDK namespaces via a unified `/api/rpc` endpoint. Products configure which
- * namespaces are active via `NamespaceProviders`.
+ * ## RPC Handler (recommended)
  *
- * This entry point must never be imported in browser bundles — it has hard
- * server-only dependencies (`@soulcraft/brainy`, `lru-cache`, `crypto`, `fs`).
+ * Use `createRpcHandler()` to get a framework-agnostic `(Request) => Response`
+ * handler for the unified `/api/rpc` endpoint. Works with any server that speaks
+ * Web Standard `Request`/`Response` — no framework dependency.
  *
- * @example Unified router
  * ```typescript
- * import { createSoulcraftRouter, BrainyInstancePool } from '@soulcraft/sdk/server'
- *
- * const pool = new BrainyInstancePool({ storage: 'filesystem', dataPath: './data', strategy: 'per-user' })
+ * import { createRpcHandler } from '@soulcraft/sdk/server'
  *
- * const router = createSoulcraftRouter({
+ * const handleRpc = createRpcHandler({
  *   resolveBrain: async (ctx) => pool.forUser(ctx.user.emailHash, ctx.workspaceId),
  *   authenticate: async (ctx) => verifySession(ctx.request),
- *   providers: { ai: { client: anthropic }, billing, hall, ... },
+ *   providers: { graph: graphHandler, search: searchHandler },
  * })
- * app.route('', router)
+ *
+ * // SvelteKit: export const POST = ({ request }) => handleRpc(request)
+ * // Bun:       Bun.serve({ fetch: (req) => handleRpc(req) })
+ * // Hono:      app.post('/api/rpc', (c) => handleRpc(c.req.raw))
  * ```
+ *
+ * ## Hono Router (legacy)
+ *
+ * `createSoulcraftRouter()` returns a Hono app — use if your server is Hono-based.
+ * Requires `hono` as a peer dependency.
+ *
+ * This entry point must never be imported in browser bundles — it has hard
+ * server-only dependencies (`@soulcraft/brainy`, `lru-cache`, `crypto`, `fs`).
  */
 export { BrainyInstancePool, computeEmailHash, } from './instance-pool.js';
 export type { InstancePoolConfig, InstancePoolStats, } from './instance-pool.js';
@@ -34,6 +41,8 @@ export { createAuthMiddleware, createRemoteSessionVerifier, createDevSessionVeri
 export type { AuthMiddlewareOptions, AuthMiddleware, AuthContext, BetterAuthLike, SessionVerifier, RemoteSessionVerifierOptions, DevSessionVerifierOptions, DevLoginHandlerOptions, GuestSessionHandlerOptions, } from '../modules/auth/middleware.js';
 export { createBackchannelLogoutHandler } from '../modules/auth/backchannel.js';
 export type { BackchannelLogoutConfig, BackchannelAuthLike, } from '../modules/auth/backchannel.js';
+export { createSoulcraftAuth } from '../modules/auth/sveltekit.js';
+export type { SoulcraftAuthOptions, SoulcraftAuth, SvelteKitHandle, SvelteKitEvent, SvelteKitRequestHandler, } from '../modules/auth/sveltekit.js';
 export { verifyServiceToken, extractBearerToken, } from '../modules/auth/service-token.js';
 export { SOULCRAFT_USER_FIELDS, SOULCRAFT_SESSION_CONFIG, getAuthMode, getOIDCClientConfig, } from '../modules/auth/config.js';
 export { SOULCRAFT_PRODUCTS, deriveOrigins, deriveRedirectUrls, } from '../modules/auth/products.js';
@@ -55,6 +64,8 @@ export { createNamespaceRouter } from './namespace-router.js';
 export type { NamespaceRouterConfig, NamespaceRouter, NamespaceProvider, NamespaceProviders, RequestContext, UserContext, HandlerContext, PreAuthenticatedContext, DispatchResult, } from './namespace-router.js';
 export { createNamespaceWsHandler } from './ws-handler.js';
 export type { NamespaceWsHandlerConfig, NamespaceWsHandler, WsSession, } from './ws-handler.js';
+export { createRpcHandler } from './rpc-handler.js';
+export type { RpcHandlerConfig } from './rpc-handler.js';
 export { createSoulcraftRouter } from './hono-router.js';
 export type { SoulcraftRouterConfig } from './hono-router.js';
 export { createAnnotationsHandler, createAuthHandler, createChatHandler, createCertificationHandler, createCollectionsHandler, createCommerceHandler, createConfigHandler, createExportHandler, createFormatsHandler, createGraphHandler, createImportHandler, createMediaHandler, createProjectHandler, createPublishHandler, createPulseHandler, createRealtimeHandler, createSearchHandler, createSessionHandler, createSettingsHandler, createWorkspaceHandler, } from './handlers/index.js';

package/dist/server/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAGH,OAAO,EACL,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,oBAAoB,CAAA;AAG3B,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAA;AAG/D,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,UAAU,EACV,eAAe,GAChB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,qBAAqB,EACrB,UAAU,EACV,sBAAsB,EACtB,kBAAkB,EAClB,iBAAiB,EACjB,qBAAqB,EACrB,eAAe,GAChB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,QAAQ,EACR,cAAc,EACd,gBAAgB,EAChB,WAAW,EACX,YAAY,EACZ,iBAAiB,EACjB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,yBAAyB,EACzB,WAAW,EACX,gBAAgB,EAChB,SAAS,EACT,eAAe,EACf,eAAe,EACf,eAAe,EACf,WAAW,EACX,oBAAoB,EACpB,sBAAsB,EACtB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,qBAAqB,GACtB,MAAM,0BAA0B,CAAA;AAGjC,OAAO,EACL,oBAAoB,EACpB,2BAA2B,EAC3B,wBAAwB,EACxB,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,yBAAyB,EACzB,aAAa,GACd,MAAM,+BAA+B,CAAA;AACtC,YAAY,EACV,qBAAqB,EACrB,cAAc,EACd,WAAW,EACX,cAAc,EACd,eAAe,EACf,4BAA4B,EAC5B,yBAAyB,EACzB,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAA;AAC/E,YAAY,EACV,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,gCAAgC,CAAA;AAGvC,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,kCAAkC,CAAA;AAGzC,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,WAAW,EACX,mBAAmB,GACpB,MAAM,2BAA2B,CAAA;AAGlC,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,kBAAkB,GACnB,MAAM,6BAA6B,CAAA;AACpC,YAAY,EACV,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,6BAA6B,CAAA;AAGpC,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AACjE,YAAY,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AACjE,YAAY,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AAC7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAC3D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAA;AAG7E,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AACjE,YAAY,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAA;AAC3D,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACxF,YAAY,EAAE,4BAA4B,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACpG,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AAGvD,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAA;AAClG,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AAGlG,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAC7D,YAAY,EACV,qBAAqB,EACrB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EACd,WAAW,EACX,cAAc,EACd,uBAAuB,EACvB,cAAc,GACf,MAAM,uBAAuB,CAAA;AAG9B,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAA;AAC1D,YAAY,EACV,wBAAwB,EACxB,kBAAkB,EAClB,SAAS,GACV,MAAM,iBAAiB,CAAA;AAGxB,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAA;AACxD,YAAY,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAA;AAI7D,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,iBAAiB,EACjB,0BAA0B,EAC1B,wBAAwB,EACxB,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,oBAAoB,EACpB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,qBAAqB,CAAA;AAC5B,YAAY,EACV,kBAAkB,EAClB,yBAAyB,EACzB,kBAAkB,EAClB,YAAY,EACZ,oBAAoB,EACpB,cAAc,EACd,YAAY,EACZ,oBAAoB,EACpB,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,aAAa,EACb,aAAa,EACb,eAAe,EACf,oBAAoB,EACpB,MAAM,EACN,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,uBAAuB,EACvB,gBAAgB,EAChB,sBAAsB,EACtB,kBAAkB,EAClB,kBAAkB,EAClB,yBAAyB,EACzB,eAAe,EACf,sBAAsB,EACtB,aAAa,EACb,oBAAoB,EACpB,oBAAoB,EACpB,cAAc,EACd,oBAAoB,EACpB,eAAe,EACf,qBAAqB,EACrB,cAAc,EACd,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,SAAS,EACT,qBAAqB,EACrB,cAAc,EACd,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,qBAAqB,EACrB,aAAa,EACb,sBAAsB,EACtB,cAAc,EACd,oBAAoB,EACpB,sBAAsB,EACtB,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,0BAA0B,EAC1B,YAAY,EACZ,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,WAAW,EACX,sBAAsB,GACvB,MAAM,qBAAqB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAGH,OAAO,EACL,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,oBAAoB,CAAA;AAG3B,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAA;AAG/D,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,UAAU,EACV,eAAe,GAChB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,qBAAqB,EACrB,UAAU,EACV,sBAAsB,EACtB,kBAAkB,EAClB,iBAAiB,EACjB,qBAAqB,EACrB,eAAe,GAChB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,QAAQ,EACR,cAAc,EACd,gBAAgB,EAChB,WAAW,EACX,YAAY,EACZ,iBAAiB,EACjB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,yBAAyB,EACzB,WAAW,EACX,gBAAgB,EAChB,SAAS,EACT,eAAe,EACf,eAAe,EACf,eAAe,EACf,WAAW,EACX,oBAAoB,EACpB,sBAAsB,EACtB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,qBAAqB,GACtB,MAAM,0BAA0B,CAAA;AAGjC,OAAO,EACL,oBAAoB,EACpB,2BAA2B,EAC3B,wBAAwB,EACxB,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,yBAAyB,EACzB,aAAa,GACd,MAAM,+BAA+B,CAAA;AACtC,YAAY,EACV,qBAAqB,EACrB,cAAc,EACd,WAAW,EACX,cAAc,EACd,eAAe,EACf,4BAA4B,EAC5B,yBAAyB,EACzB,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAA;AAC/E,YAAY,EACV,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,gCAAgC,CAAA;AAGvC,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAA;AAClE,YAAY,EACV,oBAAoB,EACpB,aAAa,EACb,eAAe,EACf,cAAc,EACd,uBAAuB,GACxB,MAAM,8BAA8B,CAAA;AAGrC,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,kCAAkC,CAAA;AAGzC,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,WAAW,EACX,mBAAmB,GACpB,MAAM,2BAA2B,CAAA;AAGlC,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,kBAAkB,GACnB,MAAM,6BAA6B,CAAA;AACpC,YAAY,EACV,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,6BAA6B,CAAA;AAGpC,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AACjE,YAAY,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AACjE,YAAY,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AAC7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAC3D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAA;AAG7E,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AACjE,YAAY,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAA;AAC3D,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACxF,YAAY,EAAE,4BAA4B,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACpG,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AAGvD,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAA;AAClG,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AAGlG,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAC7D,YAAY,EACV,qBAAqB,EACrB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EACd,WAAW,EACX,cAAc,EACd,uBAAuB,EACvB,cAAc,GACf,MAAM,uBAAuB,CAAA;AAG9B,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAA;AAC1D,YAAY,EACV,wBAAwB,EACxB,kBAAkB,EAClB,SAAS,GACV,MAAM,iBAAiB,CAAA;AAGxB,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AACnD,YAAY,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AAGxD,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAA;AACxD,YAAY,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAA;AAI7D,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,iBAAiB,EACjB,0BAA0B,EAC1B,wBAAwB,EACxB,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,oBAAoB,EACpB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,qBAAqB,CAAA;AAC5B,YAAY,EACV,kBAAkB,EAClB,yBAAyB,EACzB,kBAAkB,EAClB,YAAY,EACZ,oBAAoB,EACpB,cAAc,EACd,YAAY,EACZ,oBAAoB,EACpB,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,aAAa,EACb,aAAa,EACb,eAAe,EACf,oBAAoB,EACpB,MAAM,EACN,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,uBAAuB,EACvB,gBAAgB,EAChB,sBAAsB,EACtB,kBAAkB,EAClB,kBAAkB,EAClB,yBAAyB,EACzB,eAAe,EACf,sBAAsB,EACtB,aAAa,EACb,oBAAoB,EACpB,oBAAoB,EACpB,cAAc,EACd,oBAAoB,EACpB,eAAe,EACf,qBAAqB,EACrB,cAAc,EACd,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,SAAS,EACT,qBAAqB,EACrB,cAAc,EACd,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,qBAAqB,EACrB,aAAa,EACb,sBAAsB,EACtB,cAAc,EACd,oBAAoB,EACpB,sBAAsB,EACtB,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,0BAA0B,EAC1B,YAAY,EACZ,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,WAAW,EACX,sBAAsB,GACvB,MAAM,qBAAqB,CAAA"}

package/dist/server/index.js

@@ -1,28 +1,35 @@
 /**
  * @module @soulcraft/sdk/server
  * @description Server entry point for @soulcraft/sdk. Exports everything needed to
- * run the SDK in a product backend (Hono, SvelteKit, or any Bun/Node server).
+ * run the SDK in a product backend (SvelteKit, Bun, Hono, or any server).
  *
- * Use `createSoulcraftRouter()` to mount a single Hono router that handles ALL
- * 25 SDK namespaces via a unified `/api/rpc` endpoint. Products configure which
- * namespaces are active via `NamespaceProviders`.
+ * ## RPC Handler (recommended)
  *
- * This entry point must never be imported in browser bundles — it has hard
- * server-only dependencies (`@soulcraft/brainy`, `lru-cache`, `crypto`, `fs`).
+ * Use `createRpcHandler()` to get a framework-agnostic `(Request) => Response`
+ * handler for the unified `/api/rpc` endpoint. Works with any server that speaks
+ * Web Standard `Request`/`Response` — no framework dependency.
  *
- * @example Unified router
  * ```typescript
- * import { createSoulcraftRouter, BrainyInstancePool } from '@soulcraft/sdk/server'
- *
- * const pool = new BrainyInstancePool({ storage: 'filesystem', dataPath: './data', strategy: 'per-user' })
+ * import { createRpcHandler } from '@soulcraft/sdk/server'
  *
- * const router = createSoulcraftRouter({
+ * const handleRpc = createRpcHandler({
  *   resolveBrain: async (ctx) => pool.forUser(ctx.user.emailHash, ctx.workspaceId),
  *   authenticate: async (ctx) => verifySession(ctx.request),
- *   providers: { ai: { client: anthropic }, billing, hall, ... },
+ *   providers: { graph: graphHandler, search: searchHandler },
  * })
- * app.route('', router)
+ *
+ * // SvelteKit: export const POST = ({ request }) => handleRpc(request)
+ * // Bun:       Bun.serve({ fetch: (req) => handleRpc(req) })
+ * // Hono:      app.post('/api/rpc', (c) => handleRpc(c.req.raw))
  * ```
+ *
+ * ## Hono Router (legacy)
+ *
+ * `createSoulcraftRouter()` returns a Hono app — use if your server is Hono-based.
+ * Requires `hono` as a peer dependency.
+ *
+ * This entry point must never be imported in browser bundles — it has hard
+ * server-only dependencies (`@soulcraft/brainy`, `lru-cache`, `crypto`, `fs`).
  */
 // ── Instance pool ─────────────────────────────────────────────────────────────
 export { BrainyInstancePool, computeEmailHash, } from './instance-pool.js';
@@ -33,6 +40,8 @@ export { createHallModule, createHallMediaClient, generateTurnCredentials, HallC
 // ── Auth middleware + session factories ───────────────────────────────────────
 export { createAuthMiddleware, createRemoteSessionVerifier, createDevSessionVerifier, createDevLoginHandler, createDevCookieVerifier, createGuestSessionHandler, createGuestCookieVerifier, AUTH_USER_KEY, } from '../modules/auth/middleware.js';
 export { createBackchannelLogoutHandler } from '../modules/auth/backchannel.js';
+// ── SvelteKit auth integration ────────────────────────────────────────────────
+export { createSoulcraftAuth } from '../modules/auth/sveltekit.js';
 // ── Service token verification ────────────────────────────────────────────────
 export { verifyServiceToken, extractBearerToken, } from '../modules/auth/service-token.js';
 // ── Auth config helpers ──────────────────────────────────────────────────────
@@ -52,7 +61,9 @@ export { createCachedDispatch, LruCacheProvider, DEFAULT_CACHEABLE_METHODS } fro
 export { createNamespaceRouter } from './namespace-router.js';
 // ── Namespace WebSocket handler ─────────────────────────────────────────────
 export { createNamespaceWsHandler } from './ws-handler.js';
-// ── Hono router factory ─────────────────────────────────────────────────────
+// ── RPC handler (framework-agnostic, recommended) ───────────────────────────
+export { createRpcHandler } from './rpc-handler.js';
+// ── Hono router factory (legacy — requires hono as peer dependency) ─────────
 export { createSoulcraftRouter } from './hono-router.js';
 // ── Namespace handler factories ──────────────────────────────────────────────
 // Each factory creates a NamespaceProvider wired into `providers` on the router.

package/dist/server/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,iFAAiF;AACjF,OAAO,EACL,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAA;AAM3B,iFAAiF;AACjF,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAA;AAE/D,gFAAgF;AAChF,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,UAAU,EACV,eAAe,GAChB,MAAM,oBAAoB,CAAA;AA4C3B,iFAAiF;AACjF,OAAO,EACL,oBAAoB,EACpB,2BAA2B,EAC3B,wBAAwB,EACxB,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,yBAAyB,EACzB,aAAa,GACd,MAAM,+BAA+B,CAAA;AAYtC,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAA;AAM/E,iFAAiF;AACjF,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,kCAAkC,CAAA;AAEzC,gFAAgF;AAChF,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,WAAW,EACX,mBAAmB,GACpB,MAAM,2BAA2B,CAAA;AAElC,gFAAgF;AAChF,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,kBAAkB,GACnB,MAAM,6BAA6B,CAAA;AAMpC,gFAAgF;AAChF,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AAEjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AAEjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAC3D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAA;AAK7E,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AAExF,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AAEvD,iFAAiF;AACjF,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAA;AAGlG,gFAAgF;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAa7D,+EAA+E;AAC/E,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAA;AAO1D,+EAA+E;AAC/E,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAA;AAGxD,gFAAgF;AAChF,iFAAiF;AACjF,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,iBAAiB,EACjB,0BAA0B,EAC1B,wBAAwB,EACxB,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,oBAAoB,EACpB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,qBAAqB,CAAA;AA4D5B,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,0BAA0B,EAC1B,YAAY,EACZ,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,WAAW,EACX,sBAAsB,GACvB,MAAM,qBAAqB,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,iFAAiF;AACjF,OAAO,EACL,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAA;AAM3B,iFAAiF;AACjF,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAA;AAE/D,gFAAgF;AAChF,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,UAAU,EACV,eAAe,GAChB,MAAM,oBAAoB,CAAA;AA4C3B,iFAAiF;AACjF,OAAO,EACL,oBAAoB,EACpB,2BAA2B,EAC3B,wBAAwB,EACxB,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,yBAAyB,EACzB,aAAa,GACd,MAAM,+BAA+B,CAAA;AAYtC,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAA;AAM/E,iFAAiF;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAA;AASlE,iFAAiF;AACjF,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,kCAAkC,CAAA;AAEzC,gFAAgF;AAChF,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,WAAW,EACX,mBAAmB,GACpB,MAAM,2BAA2B,CAAA;AAElC,gFAAgF;AAChF,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,kBAAkB,GACnB,MAAM,6BAA6B,CAAA;AAMpC,gFAAgF;AAChF,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AAEjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AAEjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAC3D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAA;AAK7E,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AAExF,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AAEvD,iFAAiF;AACjF,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAA;AAGlG,gFAAgF;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAa7D,+EAA+E;AAC/E,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAA;AAO1D,+EAA+E;AAC/E,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AAGnD,+EAA+E;AAC/E,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAA;AAGxD,gFAAgF;AAChF,iFAAiF;AACjF,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,iBAAiB,EACjB,0BAA0B,EAC1B,wBAAwB,EACxB,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,oBAAoB,EACpB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,qBAAqB,CAAA;AA4D5B,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,0BAA0B,EAC1B,YAAY,EACZ,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,WAAW,EACX,sBAAsB,GACvB,MAAM,qBAAqB,CAAA"}

package/dist/server/rpc-handler.d.ts

@@ -0,0 +1,79 @@
+/**
+ * @module server/rpc-handler
+ * @description Framework-agnostic RPC request handler for the Soulcraft SDK.
+ *
+ * Creates a standard `(request: Request) => Promise<Response>` handler that
+ * parses the JSON body, validates RPC fields, dispatches to the namespace
+ * router, and serializes the result — all using Web Standard APIs only.
+ *
+ * No framework dependency (no Hono, no Express, no SvelteKit). Works with
+ * any server that speaks `Request`/`Response`:
+ *
+ * @example SvelteKit
+ * ```typescript
+ * import { createRpcHandler } from '@soulcraft/sdk/server'
+ *
+ * const handleRpc = createRpcHandler({ resolveBrain, authenticate, providers })
+ *
+ * export const POST: RequestHandler = ({ request }) => handleRpc(request)
+ * ```
+ *
+ * @example Bun.serve
+ * ```typescript
+ * const handleRpc = createRpcHandler({ resolveBrain, authenticate, providers })
+ *
+ * Bun.serve({
+ *   fetch(req) {
+ *     if (new URL(req.url).pathname === '/api/rpc') return handleRpc(req)
+ *     return new Response('Not found', { status: 404 })
+ *   }
+ * })
+ * ```
+ *
+ * @example Hono (if you still use it)
+ * ```typescript
+ * const handleRpc = createRpcHandler({ resolveBrain, authenticate, providers })
+ *
+ * app.post('/api/rpc', (c) => handleRpc(c.req.raw))
+ * ```
+ */
+import type { NamespaceRouterConfig } from './namespace-router.js';
+import type { RpcCacheConfig } from './rpc-cache.js';
+/**
+ * @description Configuration for {@link createRpcHandler}.
+ * Extends {@link NamespaceRouterConfig} with optional RPC response caching.
+ */
+export interface RpcHandlerConfig extends NamespaceRouterConfig {
+    /**
+     * Optional RPC response cache configuration.
+     * When provided, cacheable read methods are served from an in-process LRU cache
+     * with singleflight deduplication. Write methods flush the scope automatically.
+     *
+     * @see {@link RpcCacheConfig}
+     */
+    cache?: RpcCacheConfig;
+}
+/**
+ * Creates a framework-agnostic RPC request handler.
+ *
+ * Takes a standard Web `Request`, parses the JSON body, validates the RPC
+ * envelope, dispatches to the namespace router, and returns a standard `Response`.
+ * Streaming results are delivered as SSE (`text/event-stream`).
+ *
+ * @param config - Namespace router configuration (auth, brain resolution, providers).
+ * @returns An async function: `(request: Request) => Promise<Response>`.
+ *
+ * @example
+ * ```typescript
+ * const handleRpc = createRpcHandler({
+ *   resolveBrain: async (ctx) => pool.forUser(ctx.user!.emailHash, ctx.workspaceId),
+ *   authenticate: async (ctx) => verifySession(ctx.request),
+ *   providers: { graph: graphHandler, search: searchHandler },
+ * })
+ *
+ * // Use in any server framework:
+ * const response = await handleRpc(request)
+ * ```
+ */
+export declare function createRpcHandler(config: RpcHandlerConfig): (request: Request) => Promise<Response>;
+//# sourceMappingURL=rpc-handler.d.ts.map

package/dist/server/rpc-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rpc-handler.d.ts","sourceRoot":"","sources":["../../src/server/rpc-handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAIH,OAAO,KAAK,EAAE,qBAAqB,EAAkB,MAAM,uBAAuB,CAAA;AAClF,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAA;AAGpD;;;GAGG;AACH,MAAM,WAAW,gBAAiB,SAAQ,qBAAqB;IAC7D;;;;;;OAMG;IACH,KAAK,CAAC,EAAE,cAAc,CAAA;CACvB;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,gBAAgB,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAsClG"}

package/dist/server/rpc-handler.js

@@ -0,0 +1,185 @@
+/**
+ * @module server/rpc-handler
+ * @description Framework-agnostic RPC request handler for the Soulcraft SDK.
+ *
+ * Creates a standard `(request: Request) => Promise<Response>` handler that
+ * parses the JSON body, validates RPC fields, dispatches to the namespace
+ * router, and serializes the result — all using Web Standard APIs only.
+ *
+ * No framework dependency (no Hono, no Express, no SvelteKit). Works with
+ * any server that speaks `Request`/`Response`:
+ *
+ * @example SvelteKit
+ * ```typescript
+ * import { createRpcHandler } from '@soulcraft/sdk/server'
+ *
+ * const handleRpc = createRpcHandler({ resolveBrain, authenticate, providers })
+ *
+ * export const POST: RequestHandler = ({ request }) => handleRpc(request)
+ * ```
+ *
+ * @example Bun.serve
+ * ```typescript
+ * const handleRpc = createRpcHandler({ resolveBrain, authenticate, providers })
+ *
+ * Bun.serve({
+ *   fetch(req) {
+ *     if (new URL(req.url).pathname === '/api/rpc') return handleRpc(req)
+ *     return new Response('Not found', { status: 404 })
+ *   }
+ * })
+ * ```
+ *
+ * @example Hono (if you still use it)
+ * ```typescript
+ * const handleRpc = createRpcHandler({ resolveBrain, authenticate, providers })
+ *
+ * app.post('/api/rpc', (c) => handleRpc(c.req.raw))
+ * ```
+ */
+import { createNamespaceRouter } from './namespace-router.js';
+import { createCachedDispatch } from './rpc-cache.js';
+/**
+ * Creates a framework-agnostic RPC request handler.
+ *
+ * Takes a standard Web `Request`, parses the JSON body, validates the RPC
+ * envelope, dispatches to the namespace router, and returns a standard `Response`.
+ * Streaming results are delivered as SSE (`text/event-stream`).
+ *
+ * @param config - Namespace router configuration (auth, brain resolution, providers).
+ * @returns An async function: `(request: Request) => Promise<Response>`.
+ *
+ * @example
+ * ```typescript
+ * const handleRpc = createRpcHandler({
+ *   resolveBrain: async (ctx) => pool.forUser(ctx.user!.emailHash, ctx.workspaceId),
+ *   authenticate: async (ctx) => verifySession(ctx.request),
+ *   providers: { graph: graphHandler, search: searchHandler },
+ * })
+ *
+ * // Use in any server framework:
+ * const response = await handleRpc(request)
+ * ```
+ */
+export function createRpcHandler(config) {
+    const baseRouter = createNamespaceRouter(config);
+    const router = config.cache
+        ? createCachedDispatch(baseRouter, config.cache)
+        : baseRouter;
+    return async (request) => {
+        // ── Parse JSON body ────────────────────────────────────────────────────
+        let body;
+        try {
+            body = await request.json();
+        }
+        catch {
+            return _jsonResponse({ error: { code: 'BAD_REQUEST', message: 'Request body must be valid JSON' } }, 400);
+        }
+        // ── Validate required RPC fields ───────────────────────────────────────
+        if (typeof body.ns !== 'string' || typeof body.method !== 'string' || !Array.isArray(body.args)) {
+            return _jsonResponse({ error: { code: 'BAD_REQUEST', message: '{ ns: string, method: string, args: unknown[] } required' } }, 400);
+        }
+        const rpc = {
+            id: typeof body.id === 'string' ? body.id : crypto.randomUUID(),
+            ns: body.ns,
+            method: body.method,
+            args: body.args,
+            stream: body.stream ?? false,
+        };
+        // ── Dispatch ──────────────────────────────────────────────────────────
+        const result = await router.dispatch(rpc, request);
+        return _toResponse(result);
+    };
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Response helpers (framework-agnostic, Web Standard only)
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Converts a {@link DispatchResult} into a standard Web `Response`.
+ *
+ * @param result - The dispatch result from the namespace router.
+ * @returns A Response — JSON for normal results, SSE for streaming results.
+ */
+function _toResponse(result) {
+    if (result.type === 'response') {
+        const { response } = result;
+        const status = response.error ? _errorStatusCode(response.error.code) : 200;
+        const headers = { 'Content-Type': 'application/json' };
+        // Merge cache headers (Cache-Control, ETag, X-Cache) when present.
+        if (result.headers) {
+            for (const [key, value] of Object.entries(result.headers)) {
+                headers[key] = value;
+            }
+        }
+        return new Response(JSON.stringify(response), { status, headers });
+    }
+    // Streaming result — deliver as SSE.
+    const { id, iterable } = result;
+    const stream = new ReadableStream({
+        async start(controller) {
+            const encoder = new TextEncoder();
+            try {
+                for await (const chunk of iterable) {
+                    const frame = { id, chunk };
+                    controller.enqueue(encoder.encode(`data: ${JSON.stringify(frame)}\n\n`));
+                }
+                const doneFrame = { id, done: true };
+                controller.enqueue(encoder.encode(`data: ${JSON.stringify(doneFrame)}\n\n`));
+            }
+            catch (err) {
+                const message = err instanceof Error ? err.message : String(err);
+                const errorFrame = { id, error: message };
+                controller.enqueue(encoder.encode(`data: ${JSON.stringify(errorFrame)}\n\n`));
+            }
+            finally {
+                controller.close();
+            }
+        },
+    });
+    return new Response(stream, {
+        status: 200,
+        headers: {
+            'Content-Type': 'text/event-stream',
+            'Cache-Control': 'no-cache',
+            'Connection': 'keep-alive',
+        },
+    });
+}
+/**
+ * Creates a JSON Response with the given status code.
+ *
+ * @param data - The response body.
+ * @param status - HTTP status code.
+ * @returns A Response with `Content-Type: application/json`.
+ */
+function _jsonResponse(data, status) {
+    return new Response(JSON.stringify(data), {
+        status,
+        headers: { 'Content-Type': 'application/json' },
+    });
+}
+/**
+ * Maps RPC error codes to HTTP status codes.
+ *
+ * @param code - The error code from the dispatch result.
+ * @returns HTTP status code.
+ */
+function _errorStatusCode(code) {
+    switch (code) {
+        case 'UNAUTHORIZED':
+        case 'AUTH_ERROR':
+            return 401;
+        case 'FORBIDDEN':
+            return 403;
+        case 'NAMESPACE_NOT_FOUND':
+        case 'METHOD_NOT_FOUND':
+            return 404;
+        case 'BRAIN_UNAVAILABLE':
+            return 503;
+        case 'BAD_REQUEST':
+            return 400;
+        default:
+            return 500;
+    }
+}
+//# sourceMappingURL=rpc-handler.js.map

package/dist/server/rpc-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rpc-handler.js","sourceRoot":"","sources":["../../src/server/rpc-handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAC7D,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAoBrD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAwB;IACvD,MAAM,UAAU,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAA;IAChD,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK;QACzB,CAAC,CAAC,oBAAoB,CAAC,UAAU,EAAE,MAAM,CAAC,KAAK,CAAC;QAChD,CAAC,CAAC,UAAU,CAAA;IAEd,OAAO,KAAK,EAAE,OAAgB,EAAqB,EAAE;QACnD,0EAA0E;QAC1E,IAAI,IAAuF,CAAA;QAC3F,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAA;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,aAAa,CAClB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,iCAAiC,EAAE,EAAE,EAC9E,GAAG,CACJ,CAAA;QACH,CAAC;QAED,0EAA0E;QAC1E,IAAI,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAChG,OAAO,aAAa,CAClB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,0DAA0D,EAAE,EAAE,EACvG,GAAG,CACJ,CAAA;QACH,CAAC;QAED,MAAM,GAAG,GAAiB;YACxB,EAAE,EAAE,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,EAAE;YAC/D,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,KAAK;SAC7B,CAAA;QAED,yEAAyE;QACzE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;QAClD,OAAO,WAAW,CAAC,MAAM,CAAC,CAAA;IAC5B,CAAC,CAAA;AACH,CAAC;AAED,gFAAgF;AAChF,2DAA2D;AAC3D,gFAAgF;AAEhF;;;;;GAKG;AACH,SAAS,WAAW,CAAC,MAAsB;IACzC,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/B,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;QAC3B,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAA;QAC3E,MAAM,OAAO,GAA2B,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAA;QAE9E,mEAAmE;QACnE,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1D,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;YACtB,CAAC;QACH,CAAC;QAED,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAA;IACpE,CAAC;IAED,qCAAqC;IACrC,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;IAE/B,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC;QAChC,KAAK,CAAC,KAAK,CAAC,UAAU;YACpB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;YAEjC,IAAI,CAAC;gBACH,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;oBACnC,MAAM,KAAK,GAAuB,EAAE,EAAE,EAAE,KAAK,EAAE,CAAA;oBAC/C,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAA;gBAC1E,CAAC;gBAED,MAAM,SAAS,GAAuB,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;gBACxD,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAA;YAC9E,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;gBAChE,MAAM,UAAU,GAAuB,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAA;gBAC7D,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;YAC/E,CAAC;oBAAS,CAAC;gBACT,UAAU,CAAC,KAAK,EAAE,CAAA;YACpB,CAAC;QACH,CAAC;KACF,CAAC,CAAA;IAEF,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE;QAC1B,MAAM,EAAE,GAAG;QACX,OAAO,EAAE;YACP,cAAc,EAAE,mBAAmB;YACnC,eAAe,EAAE,UAAU;YAC3B,YAAY,EAAE,YAAY;SAC3B;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,aAAa,CAAC,IAAa,EAAE,MAAc;IAClD,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QACxC,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAChD,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,IAAY;IACpC,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,cAAc,CAAC;QACpB,KAAK,YAAY;YACf,OAAO,GAAG,CAAA;QACZ,KAAK,WAAW;YACd,OAAO,GAAG,CAAA;QACZ,KAAK,qBAAqB,CAAC;QAC3B,KAAK,kBAAkB;YACrB,OAAO,GAAG,CAAA;QACZ,KAAK,mBAAmB;YACtB,OAAO,GAAG,CAAA;QACZ,KAAK,aAAa;YAChB,OAAO,GAAG,CAAA;QACZ;YACE,OAAO,GAAG,CAAA;IACd,CAAC;AACH,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@soulcraft/sdk",
-  "version": "2.4.1",
+  "version": "2.6.0",
   "description": "The unified Soulcraft platform SDK — data, auth, AI, billing, and notifications",
   "type": "module",
   "publishConfig": {
@@ -41,6 +41,7 @@
     "@soulcraft/kit-schema": ">=2.0.0",
     "@soulcraft/kits": ">=1.0.0",
     "better-auth": ">=1.0.0",
+    "hono": ">=4.0.0",
     "stripe": ">=20.0.0"
   },
   "peerDependenciesMeta": {
@@ -61,6 +62,9 @@
     },
     "stripe": {
       "optional": true
+    },
+    "hono": {
+      "optional": true
     }
   },
   "dependencies": {