[{"data":1,"prerenderedAt":401},["ShallowReactive",2],{"navigation":3,"\u002Fecosystem":89,"\u002Fecosystem-surround":396},[4,40,63,76],{"title":5,"path":6,"stem":7,"children":8,"icon":39},"Getting Started","\u002Fgetting-started","1.getting-started\u002F1.index",[9,11,15,19,23,27,31,35],{"title":10,"path":6,"stem":7},"Introduction",{"title":12,"path":13,"stem":14},"Quick Start: Service Provider","\u002Fgetting-started\u002Fquickstart-sp","1.getting-started\u002F2.quickstart-sp",{"title":16,"path":17,"stem":18},"Quick Start: Identity Provider","\u002Fgetting-started\u002Fquickstart-idp","1.getting-started\u002F3.quickstart-idp",{"title":20,"path":21,"stem":22},"Quick Start: Agent","\u002Fgetting-started\u002Fquickstart-agent","1.getting-started\u002F4.quickstart-agent",{"title":24,"path":25,"stem":26},"Quick Start","\u002Fgetting-started\u002Finstallation","1.getting-started\u002F5.installation",{"title":28,"path":29,"stem":30},"How It Works","\u002Fgetting-started\u002Fhow-it-works","1.getting-started\u002F6.how-it-works",{"title":32,"path":33,"stem":34},"For Service Providers","\u002Fgetting-started\u002Ffor-service-providers","1.getting-started\u002F7.for-service-providers",{"title":36,"path":37,"stem":38},"CLI (apes & ape-shell)","\u002Fgetting-started\u002Fcli","1.getting-started\u002F8.cli",false,{"title":41,"path":42,"stem":43,"children":44,"icon":39},"Ecosystem","\u002Fecosystem","2.ecosystem\u002F1.index",[45,47,51,55,59],{"title":46,"path":42,"stem":43},"Overview",{"title":48,"path":49,"stem":50},"OpenApe Auth","\u002Fecosystem\u002Fauth","2.ecosystem\u002F2.auth",{"title":52,"path":53,"stem":54},"OpenApe Grants","\u002Fecosystem\u002Fgrants","2.ecosystem\u002F3.grants",{"title":56,"path":57,"stem":58},"nuxt-auth-sp","\u002Fecosystem\u002Fnuxt-auth-sp","2.ecosystem\u002F4.nuxt-auth-sp",{"title":60,"path":61,"stem":62},"escapes","\u002Fecosystem\u002Fescapes","2.ecosystem\u002F5.escapes",{"title":64,"icon":39,"path":65,"stem":66,"children":67,"page":39},"Security","\u002Fsecurity","3.security",[68,72],{"title":69,"path":70,"stem":71},"Compliance","\u002Fsecurity\u002Fcompliance","3.security\u002F1.compliance",{"title":73,"path":74,"stem":75},"Threat Model","\u002Fsecurity\u002Fthreat-model","3.security\u002F2.threat-model",{"title":77,"icon":39,"path":78,"stem":79,"children":80,"page":39},"Guides","\u002Fguides","4.guides",[81,85],{"title":82,"path":83,"stem":84},"Capabilities & Grants","\u002Fguides\u002Fcapabilities","4.guides\u002F1.capabilities",{"title":86,"path":87,"stem":88},"Delegation","\u002Fguides\u002Fdelegation","4.guides\u002F2.delegation",{"id":90,"title":46,"body":91,"description":389,"extension":390,"links":391,"meta":392,"navigation":393,"path":42,"seo":394,"stem":43,"__hash__":395},"docs\u002F2.ecosystem\u002F1.index.md",{"type":92,"value":93,"toc":381},"minimark",[94,98,102,107,118,122,236,240,327,331],[95,96,41],"h1",{"id":97},"ecosystem",[99,100,101],"p",{},"OpenApe isn't a monolith — it's a set of small, focused packages you compose as needed. Use one. Use all. Each works standalone.",[103,104,106],"h2",{"id":105},"architecture","Architecture",[108,109,114],"pre",{"className":110,"code":112,"language":113},[111],"language-text","┌─────────────────────────────────────────────┐\n│            Framework Modules                │\n│  nuxt-auth-idp  nuxt-auth-sp  nuxt-grants  │\n├─────────────────────────────────────────────┤\n│            Protocol Packages                │\n│         @openape\u002Fauth    @openape\u002Fgrants    │\n├─────────────────────────────────────────────┤\n│              Foundation                     │\n│              @openape\u002Fcore                  │\n└─────────────────────────────────────────────┘\n","text",[115,116,112],"code",{"__ignoreMap":117},"",[103,119,121],{"id":120},"packages","Packages",[123,124,125,141],"table",{},[126,127,128],"thead",{},[129,130,131,135,138],"tr",{},[132,133,134],"th",{},"Package",[132,136,137],{},"Description",[132,139,140],{},"Framework",[142,143,144,158,170,182,195,207,219],"tbody",{},[129,145,146,152,155],{},[147,148,149],"td",{},[115,150,151],{},"@openape\u002Fcore",[147,153,154],{},"DNS discovery, crypto, PKCE, JWT utilities",[147,156,157],{},"None",[129,159,160,165,168],{},[147,161,162],{},[115,163,164],{},"@openape\u002Fauth",[147,166,167],{},"OIDC login protocol — IdP and SP sides",[147,169,157],{},[129,171,172,177,180],{},[147,173,174],{},[115,175,176],{},"@openape\u002Fgrants",[147,178,179],{},"Grant lifecycle, AuthZ-JWT issuance",[147,181,157],{},[129,183,184,189,192],{},[147,185,186],{},[115,187,188],{},"@openape\u002Fnuxt-auth-idp",[147,190,191],{},"Drop-in Nuxt module: run your own IdP",[147,193,194],{},"Nuxt",[129,196,197,202,205],{},[147,198,199],{},[115,200,201],{},"@openape\u002Fnuxt-auth-sp",[147,203,204],{},"Drop-in Nuxt module: login via OpenApe",[147,206,194],{},[129,208,209,214,217],{},[147,210,211],{},[115,212,213],{},"@openape\u002Fnuxt-grants",[147,215,216],{},"Drop-in Nuxt module: grant management",[147,218,194],{},[129,220,221,230,233],{},[147,222,223,226,227,229],{},[115,224,225],{},"openape-escapes"," (",[115,228,60],{},")",[147,231,232],{},"Rust binary for privilege elevation",[147,234,235],{},"OS-level",[103,237,239],{"id":238},"combinations","Combinations",[123,241,242,251],{},[126,243,244],{},[129,245,246,249],{},[132,247,248],{},"Use Case",[132,250,121],{},[142,252,253,262,272,282,294,305,316],{},[129,254,255,258],{},[147,256,257],{},"App with OpenApe login",[147,259,260],{},[115,261,56],{},[129,263,264,267],{},[147,265,266],{},"Run your own IdP",[147,268,269],{},[115,270,271],{},"nuxt-auth-idp",[129,273,274,277],{},[147,275,276],{},"Agent permissions",[147,278,279],{},[115,280,281],{},"nuxt-grants",[129,283,284,287],{},[147,285,286],{},"Full IdP + Grants",[147,288,289,291,292],{},[115,290,271],{}," + ",[115,293,281],{},[129,295,296,299],{},[147,297,298],{},"SP with grant requests",[147,300,301,291,303],{},[115,302,56],{},[115,304,281],{},[129,306,307,310],{},[147,308,309],{},"Non-Nuxt integration",[147,311,312,291,314],{},[115,313,164],{},[115,315,176],{},[129,317,318,321],{},[147,319,320],{},"Local privilege elevation",[147,322,323,226,325,229],{},[115,324,225],{},[115,326,60],{},[103,328,330],{"id":329},"design-principles","Design Principles",[332,333,334,342,348,354,360,366],"ol",{},[335,336,337,341],"li",{},[338,339,340],"strong",{},"Separation"," — Auth ≠ Grants. Not every app needs both.",[335,343,344,347],{},[338,345,346],{},"Layered"," — Core → Protocol packages → Framework modules → Apps",[335,349,350,353],{},[338,351,352],{},"Stateless SP"," — Service providers need zero server storage.",[335,355,356,359],{},[338,357,358],{},"Framework-agnostic core"," — Nuxt modules are convenience, not requirement.",[335,361,362,365],{},[338,363,364],{},"Passkeys-only"," — No passwords. NIS2 compliant by design.",[335,367,368,371,372,376,377,380],{},[338,369,370],{},"Minimal tokens"," — AuthN says ",[373,374,375],"em",{},"who",", AuthZ says ",[373,378,379],{},"what may they do",".",{"title":117,"searchDepth":382,"depth":383,"links":384},1,2,[385,386,387,388],{"id":105,"depth":383,"text":106},{"id":120,"depth":383,"text":121},{"id":238,"depth":383,"text":239},{"id":329,"depth":383,"text":330},"The OpenApe package ecosystem.","md",null,{},true,{"title":46,"description":389},"20daO27ds4q0pCc4TH80JG7PzRGjmZcpTtbfuQPSVQE",[397,399],{"title":36,"path":37,"stem":38,"description":398,"children":-1},"Install and use the apes command-line interface and the ape-shell wrapper.",{"title":48,"path":49,"stem":50,"description":400,"children":-1},"DNS-based identity for humans and agents.",1776885316420]