Gatekeeper is the auth and authorization control plane for Orkait.
It owns the hard parts: identity, API keys, quotas, billing rules, crypto, mail delivery, and storage primitives.
- Auth: signup, login, refresh tokens, email verification, Google auth
- Authorization: central policy and access-control building blocks
- API keys: lifecycle, validation, scopes, and quota-aware usage
- Quotas and billing: usage tracking, idempotency, and pricing strategies
- Infra primitives: crypto, mail, database, analytics, and shared contracts
This repo is package-first:
| Package | Purpose |
|---|---|
auth |
user auth flows and token lifecycle |
apikeys |
API key management |
quota |
usage and quota enforcement |
billing-strategies |
pricing logic |
crypto |
JWT, JWKS, hashing, passwords, randomness |
database |
SQL, KV, Redis, R2, Dynamo abstractions |
mailer |
templates, providers, delivery strategies |
analytics |
event contracts and transport behavior |
common |
shared constants, types, helpers |
bun install
bun run ciUseful commands:
bun run type-check
bun run test:coverage
bun run test:apiTests use vitest. Bun is used for install and workspace task execution, not for the test runner.
- TypeScript across all packages
vitestcoverage enforced per packageturboworkspace orchestration- root gate:
bun run ci
If behavior changes, tests should lock the contract, not just move the coverage number.
MIT