Feature · Node.js SDK (P1 — Current Focus)
Labels: enhancement, help-wanted
Assignee: @contexa73
Type: Feature
Parent: #1 (Roadmap 2027) · Phase 1 — current priority
Why Node.js first
Among the three planned non-JVM runtimes, Node.js is being prioritized because:
- Largest single language community (~16 M developers)
- Dominant in API gateways, BFF (Backend-for-Frontend), and SaaS startups — exactly where post-authentication runtime control delivers immediate value
- TypeScript type system aligns naturally with our strict contracts (5-action enum, sealed evidence schema)
- Operator UI and Express middleware integration is the most common deployment shape we see in early conversations
Realistic timeline
The Java reference implementation took ~12 months solo. Node.js is expected to take 9–12 months at the same staffing level (single developer). Hiring would compress this materially.
2027-01 → Express middleware (core, MVP)
2027-04 → TypeScript types finalized
2027-06 → Fastify plugin
2027-08 → Koa middleware
2027-10 → NestJS guard
2027-12 → v1.0 ship + npm publish
Hiring or community contribution can shift Fastify / Koa / NestJS into earlier slots.
Scope
| Surface |
Status |
Notes |
| Express middleware |
TODO |
Core MVP, baseline for all later work |
| Fastify plugin |
TODO |
High-performance alternative |
| Koa middleware |
TODO |
async / await native |
| NestJS guard |
TODO |
Decorator-based DI integration |
| TypeScript types |
TODO |
First-class TS definitions, strict mode |
| OAuth2 / JWT bridge |
TODO |
Compatible with mcp-auth-server |
| Evidence sealing |
TODO |
SHA-256 8-section package |
Acceptance criteria
How to contribute
This is the single most impactful contribution path right now. Reply with:
- Your Node.js framework focus (Express / Fastify / Koa / NestJS)
- Whether you can lead one specific surface from MVP to v1.0
- Production constraints we should not break (e.g. specific TypeScript version, ESM-only stacks)
NestJS guard work especially needs experienced contributors because it requires decorator metadata depth that the JVM core does not expose directly.
Reference
Feature · Node.js SDK (P1 — Current Focus)
Labels:
enhancement,help-wantedAssignee: @contexa73
Type: Feature
Parent: #1 (Roadmap 2027) · Phase 1 — current priority
Why Node.js first
Among the three planned non-JVM runtimes, Node.js is being prioritized because:
Realistic timeline
The Java reference implementation took ~12 months solo. Node.js is expected to take 9–12 months at the same staffing level (single developer). Hiring would compress this materially.
Hiring or community contribution can shift Fastify / Koa / NestJS into earlier slots.
Scope
mcp-auth-serverAcceptance criteria
@contexa-security/contexa(TBD)tsc --strictHow to contribute
This is the single most impactful contribution path right now. Reply with:
NestJS guard work especially needs experienced contributors because it requires decorator metadata depth that the JVM core does not expose directly.
Reference
spring-boot-starter-contexaZeroTrustActionenum