SDK Factory watches your OpenAPI schema and publishes a typed TypeScript SDK to npm, GitHub Packages, or your private registry — every time the contract changes. No code in your repo. No manual steps.
p95 schema-change → published SDK: under 10 minutes
The problem
Platform teams lose a full engineer-week per quarter just keeping client libraries in sync with their own APIs. Here's what that actually costs you.
New endpoint ships Monday. SDK update ships next sprint. Consumers build against stale types for two weeks.
Backend merges a schema diff. Someone has to open the SDK repo, regenerate, test, bump, publish, tag. That someone forgets.
A field becomes required, a type narrows, a path changes casing. Hand-maintained SDKs lose invariants the compiler can't warn you about.
README examples compile against last quarter's types. Onboarding a new consumer means rediscovering which docs still match reality.
When a publish breaks prod, recovering means reading git blame, republishing an old commit, dealing with dist-tags by hand.
Our answer
Mini demo
Sit back and watch the pipeline walk itself. Same OpenAPI on the left, progressively richer SDK on the right. Click any step to pause.
openapi: 3.1.0
info:
title: Payments API
version: 1.3.0
paths:
/payments:
post:
operationId: createPayment
requestBody:
content:
application/json:
schema: { $ref: '#/components/schemas/PaymentRequest' }
responses:
'201': { $ref: '#/components/responses/Payment' }
components:
schemas:
PaymentRequest:
type: object
required: [amount, currency]
properties:
amount: { type: integer, minimum: 1 }
currency: { type: string, enum: [USD, EUR, BRL] }// SDK Factory is watching this schema. // Change the hash → the pipeline kicks off. // 0s hash matches last publish — skipped // 5m hash changed — deployment queued // ...
1. You ship the schema
step 1 / 4
Your API already has an OpenAPI document — we only need its URL. No new files in your repo, no decorators, no sidecar config. We poll every five minutes, canonicalize the spec (sorted keys, stable refs) and SHA-256 it. Same hash as last check? Nothing happens. Different hash? The pipeline wakes up.
How it works
A single webhook, a single poller, and a single publish path — so you get the same contract whether the change is a one-character fix or a full rewrite.
Paste an OpenAPI 3.x URL and the package name. That's the whole setup.
Every 5 minutes we fetch, canonicalize and hash the spec. No change, no build.
On a new hash we generate TypeScript + Zod, build ESM+CJS+dts, pack a tarball, and store it in S3 for rollback.
Result is classified as PUBLISHED, CONFLICT or FAILED — linked to the Trigger.dev run so you can inspect logs.
Pricing
Unlimited engineers on every plan. You're billed on the pipelines you automate, not on how many people log in.
Every side project, every spike.
For small teams that ship a few SDKs.
Unlimited apps + rollback. For the long haul.
SSO, on-prem, SLA guarantees.
All plans include SOC 2-aligned infrastructure, AES-GCM token encryption and full artifact audit in S3. Cancel anytime.
What you get
Every feature here is load-bearing. Click through to see the concrete mechanism behind each one.
We canonicalize the OpenAPI document (sorted keys, stable refs, no whitespace) before hashing with SHA-256. Identical APIs produce identical hashes even if the source was reformatted, converted between YAML and JSON, or reordered.
canonicalize(doc) → sha256 → "deadbeef..." # same hash as last check? skip. # different hash? queue build.
Tokens are encrypted at rest with AES-256-GCM using a keyring — you can rotate the master key without re-entering per-registry credentials. Tokens never appear in logs, run metadata, or error reports.
Registry.token =
key_id.iv.ciphertext # AES-GCM envelope
↑
rotateable via keyringPlug us in today, stop shipping stale SDKs tomorrow.
Contact
Enterprise deals, custom registries, self-hosted deployments — anything that doesn't fit the standard plans. A real engineer reads every message.
mapree@mapree.dev
Company
Mapree · São Paulo, Brazil
Response time
Under 24h on business days
One email a month: SDK publishing patterns, registry benchmarks, what we’re shipping. No spam, one-click unsubscribe, zero “content marketing” fluff.