@sylphx/sdk 0.0.1 → 0.2.1

package/README.md

@@ -5,9 +5,11 @@
 [![TypeScript](https://img.shields.io/badge/TypeScript-5.0-blue?logo=typescript)](https://www.typescriptlang.org/)
 [![docs](https://img.shields.io/badge/docs-sylphx.com%2Fdocs-green)](https://sylphx.com/docs)
 
-Complete SDK for integrating apps with the Sylphx Platform. Get auth, billing, analytics, AI, storage, and more with minimal setup.
+Auth, billing, analytics, AI, storage, and more — in one SDK.
 
-📖 **Full documentation:** [sylphx.com/docs](https://sylphx.com/docs)
+📖 **Full docs:** [sylphx.com/docs](https://sylphx.com/docs)
+
+---
 
 ## Installation
 
@@ -15,32 +17,76 @@ Complete SDK for integrating apps with the Sylphx Platform. Get auth, billing, a
 npm install @sylphx/sdk
 # or
 pnpm add @sylphx/sdk
-# or
 bun add @sylphx/sdk
 ```
 
+---
+
 ## Quick Start (Next.js)
 
 ### 1. Environment Variables
 
+Two keys from your [Platform Console](https://sylphx.com/console):
+
 ```bash
 # .env.local
-SYLPHX_APP_ID=your-app-slug
-SYLPHX_APP_SECRET=sk_dev_xxxxxxxxxxxx
-SYLPHX_PLATFORM_URL=https://sylphx.com
+SYLPHX_SECRET_KEY=sk_dev_xxxxxxxxxxxxxxxxxxxx        # server-only
+NEXT_PUBLIC_SYLPHX_APP_ID=app_dev_xxxxxxxxxxxx        # safe to expose
 ```
 
-### 2. Add Provider to Layout
+That's it. No other config needed.
+
+> **Key formats**
+> - `sk_dev_*` / `sk_stg_*` / `sk_prod_*` — Secret key (server only, never expose)
+> - `app_dev_*` / `app_stg_*` / `app_prod_*` — App ID (safe for client-side)
+>
+> Get both from **Console → Your App → API Keys**.
+
+---
+
+### 2. Middleware
+
+Handles auth routes (`/auth/callback`, `/auth/signout`) and route protection automatically.
+
+```ts
+// middleware.ts
+import { createSylphxMiddleware } from '@sylphx/sdk/nextjs'
+
+export default createSylphxMiddleware({
+  publicRoutes: ['/', '/about', '/pricing', '/login'],
+})
+
+export const config = {
+  matcher: ['/((?!_next|.*\\..*).*)', '/'],
+}
+```
+
+No manual `/api/auth/*` routes needed — the middleware handles everything.
+
+---
+
+### 3. Root Layout
+
+Fetch config server-side once, pass to the provider:
 
 ```tsx
 // app/layout.tsx
+import { getAppConfig } from '@sylphx/sdk/server'
 import { SylphxProvider } from '@sylphx/sdk/react'
 
-export default function RootLayout({ children }) {
+export default async function RootLayout({ children }: { children: React.ReactNode }) {
+  const config = await getAppConfig({
+    secretKey: process.env.SYLPHX_SECRET_KEY!,
+    appId: process.env.NEXT_PUBLIC_SYLPHX_APP_ID!,
+  })
+
   return (
     <html>
       <body>
-        <SylphxProvider appId={process.env.NEXT_PUBLIC_SYLPHX_APP_ID!}>
+        <SylphxProvider
+          config={config}
+          appId={process.env.NEXT_PUBLIC_SYLPHX_APP_ID!}
+        >
           {children}
         </SylphxProvider>
       </body>
@@ -49,384 +95,325 @@ export default function RootLayout({ children }) {
 }
 ```
 
-### 3. Add Middleware
+---
 
-```ts
-// middleware.ts
-import { authMiddleware } from '@sylphx/sdk/nextjs'
+### 4. Protect Pages (Server Components)
 
-export default authMiddleware({
-  appId: process.env.SYLPHX_APP_ID!,
-  publicRoutes: ['/', '/login', '/signup', '/api/auth/callback'],
-})
+```tsx
+// app/dashboard/page.tsx
+import { currentUser } from '@sylphx/sdk/nextjs'
+import { redirect } from 'next/navigation'
 
-export const config = {
-  matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],
+export default async function Dashboard() {
+  const user = await currentUser()
+  if (!user) redirect('/login')
+
+  return <h1>Hello, {user.name}</h1>
 }
 ```
 
-### 4. Create Callback Route
-
-```ts
-// app/api/auth/callback/route.ts
-import { handleCallback } from '@sylphx/sdk/nextjs'
-
-export const GET = handleCallback()
-```
+---
 
-### 5. Use the SDK
+### 5. Auth UI (Client Components)
 
 ```tsx
-// app/page.tsx
 'use client'
+import { useUser, SignedIn, SignedOut, UserButton } from '@sylphx/sdk/react'
 
-import { useUser, SignedIn, SignedOut, SignIn, UserButton } from '@sylphx/sdk/react'
-
-export default function Home() {
+export default function Header() {
   const { user } = useUser()
 
   return (
-    <div>
+    <header>
       <SignedOut>
-        <SignIn mode="embedded" afterSignInUrl="/dashboard" />
+        <a href="/login">Sign in</a>
       </SignedOut>
-
       <SignedIn>
-        <h1>Hello, {user?.name}</h1>
-        <UserButton />
+        <span>Hello, {user?.name}</span>
+        <UserButton afterSignOutUrl="/" />
       </SignedIn>
-    </div>
+    </header>
   )
 }
 ```
 
 ---
 
-## React Hooks
+## Server-Side
 
-### Authentication
+### Get Current User
 
 ```tsx
-import { useUser, useAuth, useSession } from '@sylphx/sdk/react'
+import { auth, currentUser, currentUserId } from '@sylphx/sdk/nextjs'
 
-// Get current user
-const { user, isLoading, isSignedIn } = useUser()
+// Full auth state
+const { userId, user, sessionToken } = await auth()
 
-// Auth actions
-const { signIn, signUp, signOut, resetPassword } = useAuth()
+// Just the user object (null if not signed in)
+const user = await currentUser()
 
-// Session management
-const { session, refresh } = useSession()
+// Just the user ID
+const userId = await currentUserId()
 ```
 
-### Billing
-
-```tsx
-import { useBilling } from '@sylphx/sdk/react'
+### Server API Client
 
-const { subscription, isPremium, plans, createCheckout, openPortal } = useBilling()
+```ts
+import { createServerClient } from '@sylphx/sdk/server'
 
-// Check premium status
-if (isPremium) {
-  // Show premium features
-}
+const client = createServerClient({
+  secretKey: process.env.SYLPHX_SECRET_KEY!,
+})
 
-// Start checkout (returns URL to redirect to)
-const checkoutUrl = await createCheckout('pro', 'monthly')
-window.location.href = checkoutUrl
+// GET /billing/plans
+const plans = await client.GET('/billing/plans')
 
-// Open billing portal to manage subscription
-await openPortal()
+// POST /analytics/track
+await client.POST('/analytics/track', {
+  body: { events: [{ event: 'purchase', properties: { amount: 99 } }] },
+})
 ```
 
-### Analytics
-
-```tsx
-import { useAnalytics } from '@sylphx/sdk/react'
-
-const { track, identify, pageView } = useAnalytics()
-
-// Track custom event
-track('button_clicked', { buttonId: 'signup' })
+### Prefetch App Config
 
-// Identify user
-identify({ name: 'John', email: 'john@example.com' })
+```ts
+import {
+  getAppConfig,    // All config in one call (recommended)
+  getPlans,        // Billing plans
+  getFeatureFlags, // Feature flag definitions
+  getConsentTypes, // GDPR consent config
+} from '@sylphx/sdk/server'
+
+const config = await getAppConfig({
+  secretKey: process.env.SYLPHX_SECRET_KEY!,
+  appId: process.env.NEXT_PUBLIC_SYLPHX_APP_ID!,
+})
+// config.plans, config.featureFlags, config.oauthProviders, config.consentTypes
 ```
 
-### AI
+### Verify Webhooks
 
-```tsx
-import { useChat, useCompletion, useEmbedding } from '@sylphx/sdk/react'
+```ts
+import { verifyWebhook } from '@sylphx/sdk/server'
 
-// Chat completion
-const { messages, send, isLoading } = useChat({
-  model: 'anthropic/claude-3.5-sonnet',
-})
+export async function POST(request: Request) {
+  const body = await request.text()
 
-// Text completion
-const { complete, completion, isLoading } = useCompletion()
+  const result = await verifyWebhook({
+    payload: body,
+    signatureHeader: request.headers.get('x-webhook-signature'),
+    secret: process.env.SYLPHX_SECRET_KEY!,
+  })
 
-// Embeddings
-const { embed, embedding } = useEmbedding()
-```
+  if (!result.valid) {
+    return new Response('Unauthorized', { status: 401 })
+  }
 
-### Database
+  const { event, data } = result.payload!
+  // handle event...
+  return Response.json({ received: true })
+}
+```
 
-Server-side access to your Sylphx managed Postgres database with full type safety.
+Or use the handler factory:
 
 ```ts
-import { createSylphx } from '@sylphx/sdk'
-
-const sylphx = createSylphx({
-  appId: process.env.SYLPHX_APP_ID!,
-  appSecret: process.env.SYLPHX_APP_SECRET!,
+import { createWebhookHandler } from '@sylphx/sdk/server'
+
+export const POST = createWebhookHandler({
+  secret: process.env.SYLPHX_SECRET_KEY!,
+  handlers: {
+    'user.created': async (data) => { /* ... */ },
+    'subscription.updated': async (data) => { /* ... */ },
+  },
 })
+```
 
-// Execute raw SQL (returns typed rows)
-const users = await sylphx.database.query<{ id: string; email: string }>(
-  'SELECT id, email FROM users WHERE active = true LIMIT $1',
-  [100],
-)
+### JWT Verification
 
-// Run migrations (idempotent)
-await sylphx.database.migrate()
+```ts
+import { verifyAccessToken } from '@sylphx/sdk/server'
 
-// Get connection string for ORMs (Prisma, Drizzle, etc.)
-const connectionUrl = sylphx.database.connectionUrl()
+const payload = await verifyAccessToken(token, {
+  secretKey: process.env.SYLPHX_SECRET_KEY!,
+})
+// payload.sub, payload.email, payload.role, payload.app_id
 ```
 
-> **Tip:** Use the connection URL with your favourite ORM for full type-safety.
-> The platform manages connection pooling automatically.
-
-### Storage
+---
 
-```tsx
-import { useStorage } from '@sylphx/sdk/react'
+## React Hooks
 
-const { upload, uploadAvatar, deleteFile, getUrl, isUploading, progress } = useStorage()
+### Auth
 
-// Upload avatar (special handling for profile images)
-const avatarUrl = await uploadAvatar(file)
+```tsx
+import { useUser, useAuth } from '@sylphx/sdk/react'
 
-// Upload file with optional path
-const fileUrl = await upload(file, { path: 'documents/' })
+const { user, isLoading, isSignedIn } = useUser()
+const { signIn, signUp, signOut, forgotPassword } = useAuth()
 
-// Show progress while uploading
-if (isUploading) {
-  console.log(`Upload progress: ${progress}%`)
-}
+await signIn({ email: 'user@example.com', password: '...' })
+await signOut()
 ```
 
-### More Hooks
+### Billing
 
 ```tsx
-// Feature flags - check if features are enabled
-import { useFeatureFlag, useFeatureFlags } from '@sylphx/sdk/react'
-const { isEnabled, variant, isLoading } = useFeatureFlag('new-dashboard')
-const flags = useFeatureFlags(['dark-mode', 'beta-features'])
-
-// Error tracking - capture exceptions and breadcrumbs
-import { useErrorTracking } from '@sylphx/sdk/react'
-const { captureException, addBreadcrumb, setRoute } = useErrorTracking()
-
-// Referrals - referral program management
-import { useReferral } from '@sylphx/sdk/react'
+import { useBilling } from '@sylphx/sdk/react'
 
-// Privacy/consent - GDPR consent management
-import { useConsent } from '@sylphx/sdk/react'
+const { subscription, isPremium, plans, createCheckout, openPortal } = useBilling()
 
-// Background jobs - async task management
-import { useJobs } from '@sylphx/sdk/react'
+// Check access
+if (!isPremium) return <UpgradePrompt />
 
-// Organizations - multi-tenant support
-import { useOrganization } from '@sylphx/sdk/react'
+// Start checkout
+const url = await createCheckout('pro', 'monthly')
+window.location.href = url
 
-// Notifications - in-app notification center
-import { useNotifications } from '@sylphx/sdk/react'
+// Manage subscription
+await openPortal()
 ```
 
----
+### Analytics
 
-## UI Components
+```tsx
+import { useAnalytics } from '@sylphx/sdk/react'
 
-### Auth Components
+const { track, identify, page } = useAnalytics()
 
-```tsx
-import {
-  SignIn,
-  SignUp,
-  UserButton,
-  ForgotPassword,
-  ResetPassword,
-  VerifyEmail,
-} from '@sylphx/sdk/react'
-
-// Embedded sign-in form
-<SignIn mode="embedded" afterSignInUrl="/dashboard" />
-
-// Modal sign-in
-<SignIn mode="modal" />
-
-// User avatar with dropdown menu
-<UserButton afterSignOutUrl="/" />
+track('button_clicked', { button: 'upgrade' })
+identify({ name: 'John', email: 'john@example.com' })
 ```
 
-### Protected Routes
+### Feature Flags
 
 ```tsx
-import { SignedIn, SignedOut, ProtectedRoute, Protect } from '@sylphx/sdk/react'
-
-// Show only to signed-in users
-<SignedIn>
-  <Dashboard />
-</SignedIn>
-
-// Show only to signed-out users
-<SignedOut>
-  <SignIn mode="embedded" />
-</SignedOut>
+import { useFeatureFlag } from '@sylphx/sdk/react'
 
-// Role-based access
-<Protect role="admin">
-  <AdminPanel />
-</Protect>
+const { isEnabled } = useFeatureFlag('new-dashboard')
+if (isEnabled) return <NewDashboard />
 ```
 
-### Billing Components
+### AI
 
 ```tsx
-import { PricingTable, BillingCard, CheckoutButton } from '@sylphx/sdk/react'
+import { useChat, useCompletion } from '@sylphx/sdk/react'
 
-// Show pricing plans
-<PricingTable plans={plans} />
-
-// Current subscription card
-<BillingCard />
+const { messages, send, isLoading } = useChat({
+  model: 'anthropic/claude-3.5-sonnet',
+})
 
-// Checkout button
-<CheckoutButton planSlug="pro" interval="monthly">
-  Upgrade to Pro
-</CheckoutButton>
+await send('What is the meaning of life?')
 ```
 
-### Organization Components
+### Storage
 
 ```tsx
-import { OrganizationSwitcher, MembersList, InviteMember } from '@sylphx/sdk/react'
-
-// Switch between orgs
-<OrganizationSwitcher />
+import { useStorage } from '@sylphx/sdk/react'
 
-// Show org members
-<MembersList />
+const { upload, uploadAvatar, isUploading, progress } = useStorage()
 
-// Invite form
-<InviteMember onInvite={(email) => console.log(email)} />
+const url = await upload(file, { path: 'documents/' })
+const avatarUrl = await uploadAvatar(imageFile)
 ```
 
----
-
-## Server-Side (Next.js)
-
-### Get Current User
+### More Hooks
 
 ```tsx
-// In Server Components
-import { auth, currentUser } from '@sylphx/sdk/nextjs'
+import { useConsent }       from '@sylphx/sdk/react' // GDPR consent
+import { useFeatureFlags }  from '@sylphx/sdk/react' // All flags at once
+import { useNotifications } from '@sylphx/sdk/react' // In-app notifications
+import { useReferral }      from '@sylphx/sdk/react' // Referral program
+import { useOrganization }  from '@sylphx/sdk/react' // Multi-tenant orgs
+import { useJobs }          from '@sylphx/sdk/react' // Background jobs
+import { useErrorTracking } from '@sylphx/sdk/react' // Error capture
+```
 
-export default async function Page() {
-  const user = await currentUser()
+---
 
-  if (!user) {
-    redirect('/login')
-  }
+## UI Components
 
-  return <div>Hello, {user.name}</div>
-}
+### Auth
 
-// With full auth details
-export default async function Page() {
-  const { userId, accessToken } = await auth()
+```tsx
+import { SignIn, SignUp, UserButton, SignedIn, SignedOut } from '@sylphx/sdk/react'
 
-  // Use accessToken for API calls
-}
+<SignedOut><SignIn mode="embedded" afterSignInUrl="/dashboard" /></SignedOut>
+<SignedIn><UserButton afterSignOutUrl="/" /></SignedIn>
 ```
 
-### Server API Client
+### Billing
 
 ```tsx
-import { createSylphx } from '@sylphx/sdk'
+import { PricingTable, CheckoutButton } from '@sylphx/sdk/react'
 
-const sylphx = createSylphx({
-  appId: process.env.SYLPHX_APP_ID!,
-  appSecret: process.env.SYLPHX_APP_SECRET!,
-})
+<PricingTable plans={plans} />
+<CheckoutButton planSlug="pro" interval="monthly">Upgrade</CheckoutButton>
+```
 
-// Track events (tRPC-style with full type inference)
-await sylphx.analytics.track.mutate({
-  event: 'purchase_completed',
-  userId: user.id,
-  properties: { amount: 99.99 },
-})
+### Route Protection
 
-// Get subscription
-const subscription = await sylphx.billing.getSubscription.query()
+```tsx
+import { Protect } from '@sylphx/sdk/react'
 
-// Check feature flag
-const isEnabled = await sylphx.flags.check.query({ key: 'new-feature' })
+<Protect role="admin">
+  <AdminPanel />
+</Protect>
 ```
 
 ---
 
-## API Reference
+## Pure Functions (Server or Client)
 
-### `createSylphx(config)`
-
-Creates a server-side API client with full TypeScript inference.
+For non-React environments or maximum control:
 
 ```ts
-const sylphx = createSylphx({
-  appId: string,          // Your app slug
-  appSecret: string,      // sk_dev_*, sk_stg_*, or sk_prod_*
-  platformUrl?: string,   // Default: https://sylphx.com
-  accessToken?: string,   // User access token (optional)
-})
-```
+import { createConfig, signIn, track, getPlans } from '@sylphx/sdk'
 
-> **Note**: `createPlatformAPI` is deprecated. Use `createSylphx` instead.
+const config = createConfig({ secretKey: process.env.SYLPHX_SECRET_KEY! })
 
-**Available Namespaces:**
+// Auth
+const tokens = await signIn(config, { email, password })
+const authedConfig = withToken(config, tokens.accessToken)
 
-All methods use tRPC patterns: `.query()` for reads, `.mutate()` for writes.
+// Analytics
+await track(config, { event: 'purchase', properties: { amount: 99 } })
 
-| Namespace | Methods |
-|-----------|---------|
-| `auth` | `login`, `register`, `logout`, `verifyMfa`, `forgotPassword`, `resetPassword` |
-| `user` | `getProfile`, `updateProfile`, `changePassword`, `getSecuritySettings`, `getLoginHistory`, `deleteAccount` |
-| `billing` | `getPlans`, `getSubscription`, `createCheckout`, `createPortalSession`, `cancelSubscription` |
-| `analytics` | `track`, `trackBatch`, `identify`, `pageView` |
-| `notifications` | `list`, `markRead`, `getUnreadCount`, `getPreferences` |
-| `referrals` | `getMyCode`, `redeem`, `getStats` |
-| `flags` | `check`, `getAll`, `checkWithDetail`, `getAllWithDetail` |
-| `storage` | `getUploadUrl`, `uploadAvatar` |
-| `jobs` | `submit`, `getStatus`, `cancel`, `list` |
+// Billing
+const plans = await getPlans(config)
+```
 
 ---
 
 ## Entry Points
 
-| Import | Use For |
-|--------|---------|
-| `@sylphx/sdk` | Server-side API client |
-| `@sylphx/sdk/react` | React hooks, components, provider |
-| `@sylphx/sdk/nextjs` | Next.js middleware, auth helpers |
+| Import path | Use for |
+|---|---|
+| `@sylphx/sdk` | Pure functions (server or client, no React) |
+| `@sylphx/sdk/react` | React hooks, components, `SylphxProvider` |
+| `@sylphx/sdk/server` | JWT verification, webhook verification, server client |
+| `@sylphx/sdk/nextjs` | `createSylphxMiddleware`, `auth()`, `currentUser()` |
 
 ---
 
 ## TypeScript
 
-Full type support included. No additional packages needed.
+All types are fully inferred. Import them directly:
 
-```tsx
-import type { User, Plan, Subscription } from '@sylphx/sdk'
+```ts
+import type { User, Plan, Subscription, AppConfig } from '@sylphx/sdk'
+import type { AuthResult } from '@sylphx/sdk/nextjs'
 ```
+
+---
+
+## Self-Hosting
+
+If you're running your own Sylphx Platform deployment:
+
+```bash
+# .env.local — only needed for self-hosting
+SYLPHX_PLATFORM_URL=https://platform.your-domain.com
+```
+
+You will not need this if you're using the hosted platform at [sylphx.com](https://sylphx.com).