The shadcn registry distributes the generic SaaS-backend modules as code you own, wired over the @suluk/* packages (own the wiring, npm the logic). Install any item with:
admin — An Effect-TS Admin service exposing GET /api/admin/stats — the admin-scoped ops/usage aggregate. Wraps @suluk/credits' ledgerStats (credits issued vs spent + outstanding balance stay upstream) + the module-owned credit_transaction row count. Admin-scope is enforced globally by the contract's enforceApiKeyScope on /api/admin, so the route does no gating. A stateless read: no schema, no provision (reads existing tables). Own the wiring, npm the aggregate.
app — The base Hono app (error handling + health) plus the Effect-TS Db service every feature module depends on. The foundation feature services build on.
audit — Dev/CI tooling (no runtime mount): a single conformance script that consolidates @suluk/cockpit's lifecycle gates + @suluk/harden's input-hardening security grade + schema-fact readiness grade into one unified ship-readiness pass/fail. Loads your v4 contract and exits non-zero when a gate blocks or the combined grade falls below the floor — the one command your pipeline gates on.
auth — The auth foundation: buildAuth (drizzle adapter + openAPI/apiKey/passkey plugins, parametrized), mountAuthRoutes (the Hono handler), and a CurrentUser Effect service. Owns the user + apikey tables. The schema is reconciled against Better Auth v1.6.23 (canonical) — regenerate with npx @better-auth/cli generate if you change plugins/version. The signup hook (onUserCreated) wires to the credits module.
billing — An Effect-TS Billing service over @suluk/billing (which runs on @suluk/payments' agnostic connector + client-token surface): ensure-customer, Payment-Element + add-card sessions, saved cards, billing portal. The webhook dispatch + pricing matrix stay in your app (C046/C048).
contract — The keystone: declares the base API surface as @suluk/hono RouteContracts (with x-suluk-access scopes + zod request schemas) and DERIVES everything downstream consumes — apiDocument(principal?) (the per-principal v4 doc via emitV4), SCOPE_BY_OP + PUBLIC_OPS (the scope facets the scope gate / MCP read), the enforceApiKeyScope gate, the validateRequest body gate, and GET /api/openapi.json projected to the caller's scopes. Own the wiring, npm the derivation. Stateless — no schema, no provision.
cost — An Effect-TS Cost service over @suluk/cost (the storage-agnostic cost algebra: integer micro-USD, per-source breakdowns, background-event attribution + at-least-once dedup stay upstream). Persists live-request + fired-event costs into D1 and reads the raw ledger picture back (total, by principal/operation/action/source). This module owns the cost_event + cost_dedup tables; the projection logic is npm.
credits — An Effect-TS Credits service (Context.Tag + Layer) wrapping @suluk/credits (the atomic debit CAS + idempotent grant stay upstream), its Hono routes, schema re-export, and a provision fragment for the D1 tables. The hybrid pattern: own the service wiring, npm the money logic.
email — An Effect-TS Email service over @suluk/email (the EmailProvider transport, the Resend/console impls, and the branded lifecycle templates stay upstream). Reads the provider config from env, picks console in dev / Resend in prod, and exposes send + verify + reset — wire verify/reset into Better Auth's sendVerificationEmail + sendResetPassword. A stateless binding: no schema, no provision fragment (C052).
erasure — An Effect-TS Erasure service over @suluk/better-auth's beforeDeleteCascade (the fail-closed GDPR orchestrator — abort rather than half-erase — stays upstream). Runs an ordered delete/anonymize cascade across the core Suluk tables when a user is erased, wireable into Better Auth's deleteUser.beforeDelete hook, and writes an erasure_receipt audit row. You pick the posture (delete vs anonymize) and trim the cascade to the modules you installed.
i18n — A locale/direction negotiation MIDDLEWARE over @suluk/i18n (the q-weighted Accept-Language matcher, the cookie parser, and the config/direction model stay upstream). Owns only the wiring: the app's default locale set + a Hono middleware that resolves each request's locale (?lang > cookie > Accept-Language) and stashes locale + dir on the context. mountI18n(app) applies it globally via app.use. A stateless binding — no schema, no provision (C052).
journeys — Dev/CI tooling (no runtime mount): author plain-Gherkin user journeys against the step vocabulary @suluk/journeys projects from your v4 contract, then bind + grade coverage as a bun:test gate. The binder resolves each step exact-or-unbound and grades contract→authored coverage; unbound steps are your worklist. Ships a config, an example feature, and the coverage harness.
keys — An Effect-TS Keys service over @suluk/keys (the abuse-proof pooled-headroom cap + cascade revocation stay upstream): lineage subtree, cascade revoke, and the pooled headroom over a chain. Key creation is Better Auth's apikey plugin (the auth module); this manages the delegation tree.
logs — A fully-owned Effect-TS activity log over an append-only table: record an action, read a principal's recent activity. No @suluk logic package — the whole module is yours to extend.
mcp — The API-as-MCP surface: mounts @suluk/mcp's mcpApp at /api/mcp with the contract's apiDocument(scopes) as the per-caller tool list (a caller only sees the tools its principal can call — the contract-first payoff), executes tools in-process via appExec, exposes the OAuth /.well-known discovery (Better Auth's mcp plugin, enabled in auth via opts.mcp), and manages MCP connections (list/update/revoke; session-only) over an owned mcp_connection table. Own the wiring, npm the protocol + OAuth server.
rate-credit — A credit-backed free-tier rate limiter alongside the fixed-window rate-limit: a per-principal token bucket denominated in µ$ (the same unit as a route's COGS in cost). Each free-tier request debits a small fixed cost; 429 (RFC-9457 via @suluk/core) when the bucket is empty. C052: the µ$ bucket math is app-owned policy (ported here, not a package); only the RFC-9457 envelope is npm. State is one KV binding env.RATE_CREDIT_KV (a binding, not an owned D1 table — no provision fragment). Lazy epoch-ms regen (no cron), FAIL-OPEN on KV error or an unbound namespace. mountRateCredit(app) applies globally after identity resolves; keys by c.var.user?.id else cf-connecting-ip; skips /api/health + /api/webhooks.
rate-limit — A principal-aware rate-limit MIDDLEWARE over @suluk/hono's enforceRateLimit (the fixed-window bucket math, the swappable RateLimitStore, MemoryRateLimitStore, and the 429 + Retry-After RFC-9457 envelope stay upstream). Owns only the wiring: a keyer that keys by the authenticated user id off the Hono context (else client IP) + the store choice (MemoryRateLimitStore in dev; swap a KV/DO-backed store for prod). mountRateLimit(app) applies it globally via app.use. A stateless binding — no schema, no provision (C052).
reference — An API reference PAGE rendered by @suluk/reference (the complete v4-native renderer: cost badges, access View-as projection, hardening, try-it) over apiDocument() — the SAME per-principal v4 document the contract keystone derives. GET /api/reference renders the full doc; GET /api/reference/:tool projects it to one operation (by its by-name handle). Own the wiring, npm the renderer. Derived + stateless — no schema, no provision.
webhooks — An Effect-TS Webhooks service over @suluk/payments' inbound Stripe surface (SDK-free HMAC-SHA256 signature verification + a typed event router stay upstream). Verifies the RAW request body against the stripe-signature header + the signing secret, dedups on the Stripe event id against an owned webhook_event table (Stripe is at-least-once, so redelivery is a no-op), then routes the verified event through webhookRouter. Ships a documented STUB handler set the app fills with fulfillment (e.g. credits.grant) — kept decoupled from @suluk/credits. Owns the webhook_event table; verification + routing is npm.