Production-ready Node.js API build framework — opinionated, layered, and ready to ship. Composable packages covering everything from structured logging and typed HTTP clients to JWT auth, Fastify plugins, and feature flags.
Two complementary repos — the framework itself and a full demo monorepo built on top of it.
A pnpm monorepo of eight composable packages that cover everything a production API needs: typed HTTP errors, structured JSON logging with correlation IDs, a resilient HTTP client with circuit breaker and retry, Zod-validated env config, JWT and API key auth, a full Fastify plugin suite, remote feature flags, and shared test helpers. Two example services — a public-facing user API and an internal order service — demonstrate the full stack end-to-end.
Learn more →A Turborepo monorepo that shows exactly how to consume and compose the CC API Framework packages in a real multi-service product. Includes shared Zod contracts as a single source of truth, a public user API with JWT auth, CORS, and rate limiting, and an internal order service with service-token auth. Shared testing utilities with a JWT factory and fixtures make writing integration tests fast and consistent across every service.
Learn more →Each package is independently versioned and composable. Use what you need.
Typed HTTP error hierarchy — NotFoundError, UnauthorizedError, ValidationError — that map cleanly to HTTP status codes.
Structured JSON logging via Pino with AsyncLocalStorage-backed correlation ID propagation across async call chains.
HTTP client built on undici — full-jitter retry, circuit breaker, OAuth bearer injection, and typed ApiResponse discriminated union.
Zod-validated defineConfig() that validates process.env at startup and throws a human-readable error rather than failing silently.
JWT verification (HS256, RS256, JWKS auto-fetch & cache), API key plugin, and OAuth 2.0 client credentials / refresh token store.
Production plugin suite — correlation ID, request logger, error handler, CORS, rate limiter, graceful shutdown, OpenAPI 3.1, and service auth.
Remote feature flag configuration loaded from a JSON endpoint with a local fallback — no infrastructure dependency required.
Shared test helpers — MockNetworkingClient, withCorrelationContext(), and buildTestApp() — keeping test code DRY across services.
Front-end services handle public auth and rate limiting. Core services stay internal-only — no CORS, no public JWT.
Sparse API Monolith — work in a Fortune 1000 monorepo without downloading everything. Ghost folders, dependency resolution, impact analysis.
Zero-config HTTP/HTTPS debugging proxy with a real-time dashboard. Inspect and export API traffic between your app and any backend.