Ecosystem
Overview
The OpenApe package ecosystem.
Ecosystem
OpenApe isn't a monolith β it's a set of small, focused packages you compose as needed. Use one. Use all. Each works standalone.
Architecture
βββββββββββββββββββββββββββββββββββββββββββββββ
β Framework Modules β
β nuxt-auth-idp nuxt-auth-sp nuxt-grants β
βββββββββββββββββββββββββββββββββββββββββββββββ€
β Protocol Packages β
β @openape/auth @openape/grants β
βββββββββββββββββββββββββββββββββββββββββββββββ€
β Foundation β
β @openape/core β
βββββββββββββββββββββββββββββββββββββββββββββββ
Packages
| Package | Description | Framework |
|---|---|---|
@openape/core | DNS discovery, crypto, PKCE, JWT utilities | None |
@openape/auth | OIDC login protocol β IdP and SP sides | None |
@openape/grants | Grant lifecycle, AuthZ-JWT issuance | None |
@openape/nuxt-auth-idp | Drop-in Nuxt module: run your own IdP | Nuxt |
@openape/nuxt-auth-sp | Drop-in Nuxt module: login via OpenApe | Nuxt |
@openape/nuxt-grants | Drop-in Nuxt module: grant management | Nuxt |
openape-sudo (apes) | Rust binary for privilege elevation | OS-level |
Combinations
| Use Case | Packages |
|---|---|
| App with OpenApe login | nuxt-auth-sp |
| Run your own IdP | nuxt-auth-idp |
| Agent permissions | nuxt-grants |
| Full IdP + Grants | nuxt-auth-idp + nuxt-grants |
| SP with grant requests | nuxt-auth-sp + nuxt-grants |
| Non-Nuxt integration | @openape/auth + @openape/grants |
| Local privilege elevation | openape-sudo (apes) |
Design Principles
- Separation β Auth β Grants. Not every app needs both.
- Layered β Core β Protocol packages β Framework modules β Apps
- Stateless SP β Service providers need zero server storage.
- Framework-agnostic core β Nuxt modules are convenience, not requirement.
- Passkeys-only β No passwords. NIS2 compliant by design.
- Minimal tokens β AuthN says who, AuthZ says what may they do.