Three APIs, three source shapes
AvaTax, Statsig, and Auth0 expand the factory without weakening its source discipline.
Adding three SDKs at once is a useful test of whether a software factory is a system or merely a successful first batch. AvaTax, Statsig, and Auth0 all publish official machine-readable contracts. They still stress very different parts of the pipeline.
Authority comes first
Each implementation pins an immutable commit from a separate source repository. Those repositories mirror only the official artifact: Avalara’s AvaTax REST v2 Swagger, Statsig’s dated Console API OpenAPI, and Auth0’s Management API OpenAPI.
No prose scraping. No community schema substituted for a vendor contract. No generated output fetched during package installation.
Why use an Effect-native SDK?
A generated TypeScript client can autocomplete a request and still leave the hard parts to every caller. Distilled moves those parts into a shared, composable runtime:
Validate at the boundary
Effect schemas decode requests and responses at runtime, so an upstream shape change becomes a typed failure instead of quietly contaminating application state.
Handle failure deliberately
Vendor errors, parse failures, retry categories, and Retry-After behavior are values your Effect program can compose, test, trace, and recover from.
Know what you shipped
Every operation comes from an exact official source pin. Generated code is committed, so source and generator updates produce an ordinary reviewable diff.
The practical pitch is simple: use the vendor’s API without building another private layer for configuration, redacted credentials, response validation, typed errors, retries, and observability.
Why the AvaTax SDK?
Tax integrations are broad, consequential, and full of operational edge cases. @kevinmichaelchen/distilled-avalara gives an Effect application 470 generated AvaTax operations—from address validation and tax calculation to transactions, exemptions, filings, and reports—through one consistent runtime. It supports both bearer tokens and Avalara’s account/license-key credentials, redacts secrets, preserves rate-limit guidance, and can switch between production and sandbox through configuration.
import * as Effect from "effect/Effect";
import * as Layer from "effect/Layer";
import * as FetchHttpClient from "effect/unstable/http/FetchHttpClient";
import { CredentialsFromEnv, ping } from "@kevinmichaelchen/distilled-avalara";
const AvaTaxLive = Layer.mergeAll(FetchHttpClient.layer, CredentialsFromEnv);
const checkAvaTaxConnection = ping({}).pipe(Effect.provide(AvaTaxLive));
Statsig brings the same model to feature-management automation: typed Console API operations, a pinned API version, and composable failure handling. Auth0 does it for tenant administration, where identity-management changes benefit from validated responses and explicit, observable errors.
What differed
| API | Source shape | Generated operations | Provider policy |
|---|---|---|---|
| AvaTax | Large Swagger 2 document | 470 | bearer or account/license-key authentication |
| Statsig | OpenAPI 3 without operation IDs | 312 | API key plus version header |
| Auth0 | Large OpenAPI 3.1 document | 451 | tenant URL plus Management API bearer token |
Statsig exposed the only genuinely shared gap: all 312 operations omit operationId. The fix belongs in the common generator, so Distilled now derives deterministic names from tags and summaries and rejects collisions. That change shipped as @kevinmichaelchen/distilled@0.1.1.
The other irregularities stayed where Alchemy’s architecture says they should. AvaTax’s credential alternatives live in its provider package. Auth0’s enormous union schemas pass through the generator’s existing safety limit. Binary responses without upstream schemas remain unknown instead of receiving fabricated types.
What shipped
- Avalara:
npm·SDK·official-spec mirror - Statsig:
npm·SDK·official-spec mirror - Auth0:
npm·SDK·official-spec mirror
Each SDK has its own private implementation repository, private source mirror, committed generated operations, CI, and npm trusted-publishing workflow. The factory expanded; its boundaries did not blur.