npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@agenshield/broker

v0.7.2

Published

AgenShield broker daemon with Unix socket and HTTP fallback

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

davidfronteggdavidfrontegg

Keywords

Readme

@agenshield/broker

Core broker daemon for AgenShield. It enforces security policies and performs privileged operations on behalf of sandboxed agents.

Purpose

  • Enforce policy decisions for network, file, and exec operations.
  • Provide a Unix socket JSON-RPC API for local, privileged actions.
  • Offer a restricted HTTP fallback for environments that cannot use Unix sockets.
  • Emit auditable logs for every operation.

Key Components

  • src/main.ts - Broker daemon entry point.
  • src/server.ts - Unix socket JSON-RPC server (newline-delimited JSON).
  • src/http-fallback.ts - Restricted HTTP JSON-RPC server (/rpc).
  • src/handlers/* - Operation handlers (http_request, file_*, exec, etc.).
  • src/policies/* - Policy enforcement and built-in rules.
  • src/audit/logger.ts - JSONL audit log with rotation.
  • src/secrets/vault.ts - Encrypted secret storage for secret_inject.
  • src/client/broker-client.ts - Type-safe client for code integrations.
  • src/client/shield-client.ts - CLI client (shield-client).

Operations (JSON-RPC methods)

  • http_request - Proxy HTTP requests.
  • file_read, file_write, file_list - File system operations.
  • exec - Execute a command.
  • open_url - Open a URL in the default browser (macOS open).
  • secret_inject - Read a secret from the vault (socket-only).
  • ping - Health check.

Usage

Run the broker

agenshield-broker

# Custom socket path
AGENSHIELD_SOCKET=/tmp/agenshield.sock agenshield-broker

# Disable HTTP fallback
AGENSHIELD_HTTP_ENABLED=false agenshield-broker

Use the client library

import { BrokerClient } from '@agenshield/broker/client';

const client = new BrokerClient({
  socketPath: '/var/run/agenshield.sock',
});

const response = await client.httpRequest({
  url: 'https://api.example.com/data',
  method: 'GET',
});

const file = await client.fileRead({ path: '/path/to/file.txt' });
const execResult = await client.exec({ command: 'ls', args: ['-la'] });

Use the CLI client

shield-client ping
shield-client http GET https://api.example.com/data
shield-client file read /path/to/file.txt
shield-client exec ls -la

Configuration

The broker loads configuration from a file (default: /opt/agenshield/config/shield.json) and overlays environment variables.

Environment variables:

  • AGENSHIELD_CONFIG - Config file path.
  • AGENSHIELD_SOCKET - Unix socket path (default: /var/run/agenshield.sock).
  • AGENSHIELD_HTTP_ENABLED - true/false to enable HTTP fallback.
  • AGENSHIELD_HTTP_HOST - HTTP fallback host (default: localhost).
  • AGENSHIELD_HTTP_PORT - HTTP fallback port (default: 5200).
  • AGENSHIELD_POLICIES - Policies directory (default: /opt/agenshield/policies).
  • AGENSHIELD_AUDIT_LOG - Audit log path (default: /var/log/agenshield/audit.log).
  • AGENSHIELD_LOG_LEVEL - debug|info|warn|error.
  • AGENSHIELD_FAIL_OPEN - true to allow on policy-check failure.

Config file fields (subset):

{
  "socketPath": "/var/run/agenshield.sock",
  "httpEnabled": true,
  "httpHost": "localhost",
  "httpPort": 5200,
  "policiesPath": "/opt/agenshield/policies",
  "auditLogPath": "/var/log/agenshield/audit.log",
  "logLevel": "info",
  "failOpen": false,
  "socketMode": 504
}

Policy Model

  • Policies are loaded from policiesPath/default.json plus any JSON files in policiesPath/custom/.
  • Rules are allowlist/denylist with glob-style matching and priority ordering.
  • File and network constraints can enforce allowed paths/hosts/ports.
  • Policies are reloaded on a timer (every 60 seconds).

HTTP Fallback Constraints

The HTTP fallback server is intentionally restricted:

  • Allowed: http_request, file_read, file_list, open_url, ping.
  • Denied: exec, file_write, secret_inject.
  • Only accepts POST /rpc from localhost.
  • GET /health returns a simple health response.

Limitations and Caveats

  • No authentication layer; security relies on Unix socket permissions and policy rules.
  • HTTP fallback is localhost-only and still policy-enforced but should be treated as a last resort.
  • open_url is macOS-specific (uses open).
  • exec output is capped at 10MB and does not stream.
  • The secret vault stores a .key file alongside the encrypted vault; it does not integrate with OS keychains.
  • Policy reload is timer-based; updates are not immediate.

Roadmap (Ideas)

  • Per-client identity from socket credentials and scoped policies.
  • Optional auth and mTLS for the HTTP fallback.
  • Streaming responses for large outputs.
  • Cross-platform URL opening.

Development

# Build
npx nx build shield-broker

Contribution Guide

  • When adding a new operation, update:
    • src/handlers/* (handler implementation)
    • src/server.ts and src/http-fallback.ts (method routing + HTTP allowlist)
    • @agenshield/ipc operation types and schemas
  • Keep all handler errors mapped to a stable error code.
  • Audit entries should include a deterministic target field for policy visibility.

Agent Notes

  • BrokerClient enforces socket-only channels for exec, file_write, and secret_inject.
  • The policy enforcer merges built-in rules with user rules; custom policies are additive.
  • AuditLogger is append-only JSONL with rotation; use it for operational forensics.
  • Any changes to JSON-RPC method names must be mirrored in @agenshield/ipc.