JSPM

@vocoweb/kernel

1.0.1
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 7
  • Score
    100M100P100Q34938F
  • License MIT

Production-ready authentication, payments, and compliance kernel for B2B SaaS

Package Exports

  • @vocoweb/kernel
  • @vocoweb/kernel/react

Readme

@vocoweb/kernel

npm version License: MIT

Production-ready authentication, payments, and compliance kernel for B2B SaaS applications.

Overview

@vocoweb/kernel is a proprietary governance kernel that automates the hardest parts of EU software compliance:

  • Authentication - Secure Supabase auth wrapper with pre-built components
  • Payments & VAT - Stripe integration with EU VAT validation (VIES)
  • Legal Compliance - GDPR-compliant legal components and data export
  • GDPR Deletion - Cascading deletion engine with external API cleanup
  • Accessibility - WCAG 2.1 AA compliant components (EAA 2025 ready)
  • Data Residency - Egress blocking for EU data compliance
  • Audit Logging - Enterprise-grade shadow recording

Installation

npm install @vocoweb/kernel

Quick Start

Server-Side (API Routes)

import { auth, billing } from '@vocoweb/kernel';

// Protect API routes
export async function GET(request: Request) {
  const user = await auth.requireUser(request);
  return Response.json({ user });
}

// Create Stripe checkout with VAT validation
export async function POST(request: Request) {
  const { priceId, vatNumber } = await request.json();
  const user = await auth.requireUser(request);

  const session = await billing.createCheckoutSession({
    priceId,
    userId: user.id,
    vatNumber, // Optional: EU VAT number for reverse charge
    successUrl: '/dashboard?checkout=success',
    cancelUrl: '/pricing?checkout=cancelled',
  });

  return Response.json({ url: session.url });
}

Client-Side (React Components)

import { VocoAuth, CookieConsent } from '@vocoweb/kernel/react';

export default function Layout({ children }: { children: React.ReactNode }) {
  return (
    <html>
      <body>
        <CookieConsent />
        {children}
      </body>
    </html>
  );
}

// Login page
export default function LoginPage() {
  return <VocoAuth redirectUrl="/dashboard" />;
}

Modules

Module A: Vault (Authentication)

Secure Supabase authentication with pre-built components.

import { auth } from '@vocoweb/kernel';

// Client-side
await auth.loginWithGoogle();
await auth.logout();

// Server-side
const user = await auth.requireUser(request);
const token = await auth.verifyToken(request);

Module B: Register (Payments & Billing)

Stripe integration with EU VAT validation.

import { billing } from '@vocoweb/kernel';

// Create checkout with VAT validation
const session = await billing.createCheckoutSession({
  priceId: 'price_...',
  userId: user.id,
  vatNumber: 'DE123456789', // Validates against VIES
});

// Validate VAT number
const isValid = await billing.validateVat('DE123456789');

// Get user invoices
const invoices = await billing.getInvoices(userId);

GDPR-compliant legal components.

import { PrivacyPolicy, TermsOfService } from '@vocoweb/kernel/react';

<PrivacyPolicy
  companyName="Acme Inc"
  email="privacy@acme.com"
  updatedAt="2025-01-01"
/>

<TermsOfService
  companyName="Acme Inc"
  email="legal@acme.com"
  jurisdiction="Delaware, USA"
/>

Module 1: Erasure Engine (GDPR)

One-click user deletion with cascading cleanup.

import { privacy } from '@vocoweb/kernel';

// GDPR Article 17 - Right to be Forgotten
const result = await privacy.obliterate(userId);
// Deletes from: users, projects, websites, logs
// Anonymizes: invoices
// Calls: SendGrid, OpenAI APIs

// Export user data (GDPR request)
const data = await privacy.exportUserData(userId);

Module 2: EAA Enforcer (Accessibility)

WCAG 2.1 AA compliant components.

import { VocoButton, VocoInput, VocoForm } from '@vocoweb/kernel/react';

<VocoButton aria-label="Submit form">Submit</VocoButton>
// Automatically validates ARIA labels and contrast

<VocoInput
  label="Email"
  type="email"
  required
  // Automatic label association and error handling
/>

Module 3: Sovereignty Shield (Data Residency)

Block data from leaving the EU region.

import { residency } from '@vocoweb/kernel';

// middleware.ts
export { middleware } from '@vocoweb/kernel/residency';

// All outgoing requests are validated
// Non-EU destinations are blocked

Module 4: Audit Log (Enterprise)

Shadow recording for all database mutations.

import { VocoAuditLog } from '@vocoweb/kernel/react';

<VocoAuditLog
  userId={user.id}
  filters={{ action: 'UPDATE', table: 'projects' }}
/>

Environment Variables

# Supabase (Required)
NEXT_PUBLIC_SUPABASE_URL=your_supabase_url
NEXT_PUBLIC_SUPABASE_ANON_KEY=your_supabase_anon_key
SUPABASE_SERVICE_ROLE_KEY=your_service_role_key

# Stripe (Required)
STRIPE_SECRET_KEY=sk_...
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_...
STRIPE_WEBHOOK_SECRET=whsec_...

# App Configuration
NEXT_PUBLIC_APP_URL=https://yourapp.com
NEXT_PUBLIC_APP_NAME=Your App
SUPPORT_EMAIL=support@yourapp.com
LEGAL_EMAIL=legal@yourapp.com

# Data Residency (Optional)
VOCO_DATA_RESIDENCY_ENABLED=true
VOCO_DATA_REGION=eu
VOCO_RESIDENCY_STRICT_MODE=true

# Accessibility (Optional)
VOCO_ENFORCE_CONTRAST=true
VOCO_ENFORCE_ARIA=true
VOCO_CONTRAST_RATIO=4.5

Philosophy

The VocoWeb Kernel is built on the principle that AI should not write auth, payments, or compliance code.

These domains require:

  • Deep security knowledge
  • Legal compliance expertise
  • Production hardening
  • Continuous updates for regulations

By providing pre-built, tested, and compliant modules, we enable AI to focus on business logic while ensuring the critical infrastructure is secure and compliant.

License

MIT © VocoWeb

Support

Built with care by VocoWeb