Restructure ReiStandard as single-package SDK with pluggable database adapters

[Copilot]

ReiStandard required copy-pasting 10 files, manually swapping database drivers, and re-implementing client-side encryption per project. This converts the repo to a monorepo with a publishable SDK package while preserving examples/ as-is.

Monorepo & Build

• Root package.json with workspaces: ["packages/*", "examples"]
• tsup builds 3 entry points (server, client, sw) to CJS + ESM + .d.ts
• browser field in package exports blocks bundlers from pulling Node.js server code into frontend builds

Database Adapter Layer

• Unified DbAdapter interface with 13 methods extracted from the 7 API handlers
• Factory pattern (createAdapter({ driver, connectionString })) with neon and pg implementations — uses dynamic import() to lazily load only the selected driver, so projects only need to install the adapter they use
• Shared schema.js for DDL/index definitions

Server SDK

• createReiServer(config) (async) injects a context object (adapter, encryption key, VAPID, secrets) into all 7 handler factories — no more process.env scattered across files
• Encryption lib functions now take masterKey as a parameter instead of reading env directly
• message-processor receives its dependencies via context, not module-level globals; uses crypto.randomUUID() for guaranteed-unique notification message IDs
• initSecret is required for the init-database handler — the handler returns 500 INIT_SECRET_MISSING when not configured (no hardcoded fallback)
• messages handler validates limit and offset query parameters, returning 400 for invalid values
• update-message handler returns 409 UPDATE_CONFLICT when the database update yields no result (race condition / concurrent deletion), and returns 400 INVALID_JSON for malformed request bodies
• schedule-message handler checks VAPID configuration before inserting the task row for instant messages, preventing orphaned pending rows when VAPID is missing

Client SDK & SW Plugin

• ReiClient — Web Crypto API encryption, auto-encrypted requests, push subscription helper
• installReiSW(self) — drop-in push/notification-click handlers for Service Workers

import { createReiServer } from 'rei-standard/server';

const rei = await createReiServer({
  db: { driver: 'neon', connectionString: process.env.DATABASE_URL },
  encryptionKey: process.env.ENCRYPTION_KEY,
  cronSecret: process.env.CRON_SECRET,
  vapid: { email: '...', publicKey: '...', privateKey: '...' },
  initSecret: process.env.INIT_SECRET,
});

// Each handler returns { status, body }
const result = await rei.handlers.getMasterKey.GET({ 'x-user-id': 'u1' });

Security

• Fixed SQL injection in cleanupOldTasks — replaced string-interpolated INTERVAL '${days} days' with parameterized make_interval(days => $1)
• CodeQL: 0 alerts

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.