Package Compatibility Tiers
GuideKit uses a tiered release model so core integrations stay stable while optional platform packages evolve independently.
Tier A — Integrated (lockstep semver)
These packages ship together for breaking API changes:
| Package | Role |
|---|---|
@guidekit/core | Pipeline orchestrator, DOM, LLM, context |
@guidekit/react | Provider, hooks, widget |
@guidekit/server | JWT auth, LLM/STT/TTS proxy, session store |
@guidekit/vanilla | IIFE bundle for non-React apps |
Rule: Bump all Tier A packages together when pipeline options, proxy routes, or provider props change incompatibly.
Tier B — Extensions (peer on core)
| Package | Role |
|---|---|
@guidekit/intelligence | Semantic scan, hallucination guard |
@guidekit/knowledge | BM25/TF-IDF RAG |
@guidekit/plugins | Plugin registry and hooks |
Rule: Minor bumps when core types change. Optional — zero bundle cost when not imported.
Tier C — Experimental subpaths
| Export | Role |
|---|---|
@guidekit/core/cognitive | QueryRouter, ModelRouter, CognitiveEngine |
@guidekit/core/telemetry | Pipeline span instrumentation |
Rule: May change more frequently; tree-shakeable subpath exports.
Multi-instance deployments
For horizontal scaling, use RedisSessionStore from @guidekit/server/redis:
import Redis from 'ioredis';
import { RedisSessionStore } from '@guidekit/server/redis';
import { createGuideKitHandler } from '@guidekit/server';
const redis = new Redis(process.env.REDIS_URL!);
const sessionStore = new RedisSessionStore({ redis });
const handler = createGuideKitHandler({
signingSecret: process.env.GUIDEKIT_SECRET!,
sessionStore,
createTokenOptions: () => ({
llmApiKey: process.env.LLM_API_KEY!,
expiresIn: '15m',
}),
});
// In your HTTP framework:
// await handler(request, 'llm')Each app instance shares session keys via Redis while the client holds only a short-lived JWT.
Semver governance (1.0)
| Tier | Version policy |
|---|---|
| Tier A | Lockstep — bump @guidekit/core, @guidekit/react, @guidekit/server, @guidekit/vanilla together on breaking changes |
| Tier B | Optional peers — require @guidekit/core@^1.0.0 when using intelligence/knowledge/plugins |
| Tier C | Experimental — @guidekit/core/cognitive and /telemetry may change without Tier A bumps |
SessionStore (1.0 breaking change)
SessionStore methods are fully async in 1.0:
const keys = await sessionStore.get(sessionId);
await sessionStore.set(sessionId, providerKeys, expiresAt);
await sessionStore.delete(sessionId);Production security checklist
- Use
tokenEndpoint+proxy.llm— never ship provider API keys to the browser. - Store keys in
SessionStoreserver-side only. - Enable rate limiting middleware on proxy routes.
- Run
pnpm audit --audit-level highin CI (enabled by default).
Last updated on