@vendoai/vendo/server.
principal(req) resolves null, each client gets its own ephemeral session
principal, carried by a signed httpOnly cookie scoped to the wire base. Sessions
are per client, never persisted, and reset on process restart.
The composition registers app capability tools in actions and guard-binds every
tool registry passed to agent, apps, and automations.
handler is framework-agnostic. nextVendoHandler(vendo) adapts it to a
Next.js route module. Mount it at /api/vendo/[...] unless the client uses a
different base URL.
emit(event, payload, principal) is the host-event seam. It returns the ids of
runs started for enabled automations owned by that principal.
eraseStore
@vendoai/vendo/server re-exports eraseStore(store, target), the sanctioned
deletion path across every store table and the ephemeral overlay. It is the
only supported way to delete rows from the append-only vendo_audit table.
bySubject, byApp, or byAge. The call returns a map
of per-table deleted counts. byAge retains any row whose lifecycle extends
past the cutoff (for example, an unexpired standing grant or a recently
rotated secret). See Persistence for the
full semantics.