Skip to content

[FEATURE] Feature · Node.js SDK (P1 — Current Focus) #5

Description

@contexa73

Feature · Node.js SDK (P1 — Current Focus)

Labels: enhancement, help-wanted
Assignee: @contexa73
Type: Feature
Parent: #1 (Roadmap 2027) · Phase 1 — current priority

Why Node.js first

Among the three planned non-JVM runtimes, Node.js is being prioritized because:

  • Largest single language community (~16 M developers)
  • Dominant in API gateways, BFF (Backend-for-Frontend), and SaaS startups — exactly where post-authentication runtime control delivers immediate value
  • TypeScript type system aligns naturally with our strict contracts (5-action enum, sealed evidence schema)
  • Operator UI and Express middleware integration is the most common deployment shape we see in early conversations

Realistic timeline

The Java reference implementation took ~12 months solo. Node.js is expected to take 9–12 months at the same staffing level (single developer). Hiring would compress this materially.

2027-01  →  Express middleware (core, MVP)
2027-04  →  TypeScript types finalized
2027-06  →  Fastify plugin
2027-08  →  Koa middleware
2027-10  →  NestJS guard
2027-12  →  v1.0 ship + npm publish

Hiring or community contribution can shift Fastify / Koa / NestJS into earlier slots.

Scope

Surface Status Notes
Express middleware TODO Core MVP, baseline for all later work
Fastify plugin TODO High-performance alternative
Koa middleware TODO async / await native
NestJS guard TODO Decorator-based DI integration
TypeScript types TODO First-class TS definitions, strict mode
OAuth2 / JWT bridge TODO Compatible with mcp-auth-server
Evidence sealing TODO SHA-256 8-section package

Acceptance criteria

  • All 5 actions integrate correctly across Express / Fastify / Koa / NestJS
  • HTTP status code parity (200 / 401 / 403 / 423 / 503)
  • npm package under @contexa-security/contexa (TBD)
  • Node.js 20+ supported (LTS)
  • Strict TypeScript types — passes tsc --strict
  • No CommonJS fallback required; ESM-first
  • Sealed evidence SHA-256 verification round-trip passes

How to contribute

This is the single most impactful contribution path right now. Reply with:

  • Your Node.js framework focus (Express / Fastify / Koa / NestJS)
  • Whether you can lead one specific surface from MVP to v1.0
  • Production constraints we should not break (e.g. specific TypeScript version, ESM-only stacks)

NestJS guard work especially needs experienced contributors because it requires decorator metadata depth that the JVM core does not expose directly.

Reference

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requesthelp wantedExtra attention is needed

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions