Skip to main content

Headless Mode

Headless mode enables server-side and CLI execution of RowOps pipelines without a browser environment. This page describes the invocation model, license modes, and operational constraints.

Headless execution is implemented and actively used, but evolving.

Invocation Model

Initialization

import { initHeadless } from '@rowops/headless';

await initHeadless({
  projectId: "proj_123",
  secretKey: "sk_live_...",
  endpoint: "https://api.rowops.dev/api/license/verify",
  licenseMode: "strict",
});
import { initHeadless } from '@rowops/headless';

await initHeadless({
  projectId: "proj_123",
  entitlementToken: process.env.ROWOPS_ENTITLEMENT_TOKEN!,
  licenseMode: "strict",
});

Required Parameters

ParameterDescription
projectIdProject identifier from dashboard
secretKeySecret API key (required unless entitlementToken is provided)

Optional Parameters

ParameterDefaultDescription
endpointhttps://api.rowops.dev/api/license/verifyLicense verification endpoint (full URL)
licenseModestrictLicense enforcement behavior
entitlementTokenundefinedSigned token for offline verification (skips network exchange)
wasmPathundefinedExplicit WASM path override (Node/containers)
wasmBytesundefinedExplicit WASM bytes (edge/serverless)
fileAdapterundefinedFile adapter for cache + WASM resolution

Use wasmBytes with a custom fileAdapter in edge/serverless environments to avoid filesystem resolution.

Authentication Flow

  1. If entitlementToken is provided, verify it locally using the public key
  2. Otherwise, validate secret key format and call /api/license/verify
  3. Tier and feature limits derived from the verified token
  4. Processing engine initialized with tier gate configuration

License Modes

Strict Mode (Default)

licenseMode: 'strict'
  • Verified entitlements required before pipeline execution
  • Invalid or expired token falls back to Free tier
  • Network exchange required only when entitlementToken is not provided

Demo Mode

licenseMode: 'demo'
  • Skips license verification
  • 100-row limit enforced
  • Watermark applied to exports
  • Suitable for testing and development

Network Dependencies

Required (Strict Mode)

EndpointPurpose
/api/license/verifyLicense and tier verification (when using secretKey)

Optional

EndpointPurpose
Sync targetsUser-configured delivery endpoints
Webhook endpointsEvent notification delivery

Network-Free Usage

Provide a signed entitlementToken to run in strict mode without network access. Demo mode remains available with a 100-row limit and watermarking.

Observed Behavior

Design Intent

The pipeline aims to produce deterministic results given identical inputs, schema, and configuration. This supports replay scenarios where the same file can be re-processed to yield the same results.

Fail-Closed on Errors

In tested paths:

  • Masking failures throw MaskingFailedError and halt execution
  • Transform failures throw TransformFailedError and halt execution
  • No partial results are produced on failure

Constraints

  • Row-filtering transforms are explicitly disallowed in headless mode
  • Determinism and fail-closed behavior are not asserted as universal guarantees across all modules and configurations
  • Some operations may behave differently than browser mode

What Headless Mode Does Not Provide

  • UI components: No React components or visual interface
  • Domain locking: Secret keys are not domain-restricted
  • Session management: No user sessions or authentication state
  • Browser APIs: No DOM or browser-specific APIs
  • Guaranteed determinism: Determinism is a design goal, not a verified property

Error Handling

Initialization Errors

ErrorCause
Invalid secret key formatKey does not start with sk_
License verification failedNetwork error or invalid credentials
Engine initialization failedConfiguration error

Pipeline Errors

Error TypeBehavior
MaskingFailedErrorPipeline halts, no fallback
TransformFailedErrorPipeline halts, no fallback
Validation errorsRows marked invalid, pipeline continues
Parse errorsPipeline halts with parse error