@thewhateverapp/platform

> ⚠️ Beta Release (v0.0.1): This package is in early preview. Backend platform API is in development. Use mock: true mode for local development and testing. Production mode will be available when the platform API is deployed.

Universal SDK for building apps on The Whatever App platform. Provides domain-specific services for storage, AI, database, analytics, identity, and more.

Features

- Auth Service: OAuth-like permission system for app access to user data
- Storage Service: Persistent KV storage scoped per app
- Database Service: MongoDB-compatible document storage
- AI Service: Multi-provider AI access (Claude, GPT, Gemini)
- Analytics Service: Event tracking and metrics
- Identity Service: User authentication across apps
- Assets Service: File storage with CDN delivery
- Social Service: Comments, likes, shares across apps

$3

- Payments Service: Accept payments (Stripe + crypto) - _Feature gated_
- Notifications Service: Email, push, and in-app notifications - _Feature gated_

Installation

``bash
npm install @thewhateverapp/platform
`

Quick Start

`typescript
import { createPlatform } from '@thewhateverapp/platform';

// In your app's worker
export default {
async fetch(request, env, ctx) {
const platform = createPlatform({
env,
request,
waitUntil: ctx.waitUntil
});

const { storage, db, ai, analytics } = platform.getServices();

// Use services
await storage.set('user:123', { score: 100 });
const user = await db.collection('users').findOne({ _id: '123' });
const response = await ai.ask('Generate a greeting');
await analytics.track('page_view', { path: '/home' });

return new Response('Hello from Whatever!');
}
};
`

Architecture

`
App Code (using @thewhateverapp/platform)
↓
WhateverPlatform Container (DI)
↓
7 Services (abstracted)
↓
Platform API (platform.thewhatever.app)
↓
Backend Microservices (Kubernetes)
↓
MongoDB + Cloudflare
`

Services

$3

OAuth-like permission system where apps start with minimal access (user ID only) and request additional permissions.

`typescript
import { AuthAPI } from '@thewhateverapp/platform';

const auth = new AuthAPI({
apiUrl: 'https://api.thewhatever.app/platform',
apiKey: env.PLATFORM_API_KEY
});

// Verify user access token from tile SDK
const payload = await auth.verifyUserToken(token);
console.log(payload.userId, payload.scopes);

// Get user context with granted scopes
const user = await auth.getUserContext(userId, ['profile', 'email']);
console.log(user.username, user.email);

// Check what permissions user granted
const perms = await auth.checkPermissions(userId, tileId, ['email', 'wallet']);
console.log(perms.granted, perms.pending, perms.denied);

// Grant permissions (called by parent window)
await auth.grantPermissions(userId, tileId, ['profile', 'email']);

// Revoke app permissions
await auth.revokePermissions(userId, tileId);
`

Permission Scopes:
- id - User ID (always granted)
- profile - Username, avatar, display name
- email - Email address
- wallet - Wallet addresses
- analytics:read - View user analytics
- analytics:write - Track analytics (auto-granted)
- storage:read - Read storage (auto-granted)
- storage:write - Write storage (auto-granted)

$3


`typescript
await storage.set('key', value, { ttl: 3600 });
const data = await storage.get('key');
await storage.delete('key');
const keys = await storage.list({ prefix: 'user:' });
`

$3

`typescript
const users = db.collection('users');
await users.insertOne({ name: 'Alice', score: 100 });
const user = await users.findOne({ name: 'Alice' });
await users.updateOne({ name: 'Alice' }, { $inc: { score: 50 } });
`

$3

`typescript
const response = await ai.ask('What is the meaning of life?', {
provider: 'anthropic',
maxTokens: 500
});

const result = await ai.prompt({
prompt: 'Analyze this image',
capabilities: ['vision'],
images: [{ type: 'url', data: 'https://...' }]
});
`

$3


`typescript
await analytics.track('button_click', { button: 'submit' });
await analytics.pageView('/home');
const metrics = await analytics.getMetrics('7d');
`

$3

`typescript
const { userId, isNew } = await identity.resolve({
email: 'user@example.com'
});

await identity.link(userId, { walletAddress: '0x...' });
const user = await identity.getUser(userId);
`

$3


`typescript
const result = await assets.upload('images/avatar.jpg', buffer, {
contentType: 'image/jpeg'
});

const url = assets.getUrl('images/avatar.jpg');
await assets.delete('images/avatar.jpg');
`

$3


`typescript
const session = await payments.createCheckout({
amount: 999, // cents
currency: 'USD',
description: 'Premium feature'
});

const status = await payments.getStatus(session.id);
`

$3


`typescript
await notifications.send({
userId: 'user_123',
channel: 'email',
template: 'welcome',
data: { name: 'Alice' }
});

await notifications.schedule({
userId: 'user_123',
channel: 'push',
message: 'Your report is ready',
scheduledFor: '2025-12-25T10:00:00Z'
});
`

$3


`typescript
await social.addComment({
entityId: 'post_123',
userId: 'user_456',
content: 'Great post!'
});

await social.like('post_123', 'user_456');
const likes = await social.getLikes('post_123');
const comments = await social.getComments('post_123');
``

Security

- All services are automatically scoped by app ID
- Rate limiting enforced per app
- API keys never exposed to client
- All data isolated between apps
- Type-safe APIs with full TypeScript support

License

Proprietary - All rights reserved