npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@atlasnomos/atlas

v10.0.3

Published

Production-grade AI governance kernel for autonomous agents with fail-closed security and cryptographic audit trails

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

atlas.devatlas.dev

Keywords

aigovernanceattestationsecuritycompliancecode-generationllmagentautonomous

Readme

🦅 ATLAS — The Governance Kernel for AI Agents

Release: v10.0.0 License: AGPL v3 Status: PROD READY

v10.0.0 — KERNEL PRODAGPL-3.0 License

ATLAS is a Ring-0 Governance Kernel for autonomous AI operations. It sits between an Agent and the World, strictly enforcing institutional policies, audit logging, and fail-close security boundaries.

ATLAS is not a wrapper. It is an immutable compliance hypervisor that panics and halts execution upon violation.

🏛️ Governance Status: PROD READY

As of Q1 2026, ATLAS v10 is fully hardened and certified for production.

| Component | Status | Guarantee | |-----------|--------|-----------| | Kernel | 🟢 Hardened | Fail-Close, Ring-Isolated | | Execution | 🟢 Deterministic | Bit-for-bit Replay, Unforgeable Logs | | Trust Root | 🟢 Sealed | Config Hashed at Boot, Signed by Sentinel | | Sandbox | 🟢 Isolated | No Network, Mocked Time/Entropy |

👉 View Official Governance Reports (CAP)

🏗️ Architecture: The Ring Model

ATLAS employs a strictly layered "Ring" architecture to isolate decision-making from execution.

  1. Ring-0 (The Kernel):

    • The Constitution: Immutable invariants (Fail-Close).
    • The Sentinel: Cryptographic authority (Ed25519 Signatures).
    • The Log: Hash-chained, framed, atomic audit trails.
    • Nothing in Ring-0 can be bypassed.

  2. Ring-1 (The Bridge):

    • Safe I/O handling.
    • Policy translation.

  3. Ring-2 (The Agent):

    • LLM Cognition (Untrusted).
    • The Agent proposes actions; the Kernel approves or denies them.

🛡️ Key Features

🔒 Deny-by-Default

If the Kernel cannot prove an action is safe and authorized, it STOPS. There are no warnings in PROD. There are no "soft fails".

🔎 Deterministic Replay

Every execution is mathematically deterministic.

  • Seeding: Entropy is derived from SHA256(Input + Code).
  • Time: Mocked and frozen relative to the seed.
  • Audit: An auditor can replay the log and get the exact same result.

✍️ Sentinel Authority

Every high-risk action requires a Sentinel Signature.

  • The Sentinel is an external authority (Policy Server / HSM).
  • ATLAS verifies the signature against a local Trusted Key Registry.
  • The Kernel refuses to boot if the Registry is missing or tampered.

⚡ AURORA+ (Automation Support)

AURORA+ enables governed automation via Sentinel-signed delegation.

  • Not a scheduler: Automation is delegated authority, not cron jobs.
  • PROD-only: Completely blocked in DEV mode.
  • Kernel-enforced: Frequency, cost, and scope limits enforced at Ring-0.
  • Replay-verifiable: All executions are hash-chained and deterministic.

| Property | Guarantee | |----------|-----------| | Authority Source | Sentinel-signed grants | | Frequency Limit | Kernel-enforced (INV-AUTO-FREQ-001) | | Scope Limit | Panic on violation | | Revocation | Snapshot at boot |

👉 AURORA+ User GuideTechnical Reports

� Modes: DEV vs PROD

ATLAS operates in two distinct modes. A DEV success does not guarantee PROD success.

| Feature | 🟡 DEV MODE | 🟢 PROD MODE | | :--- | :--- | :--- | | Enforcement | Advisory (Warn Log) | Fail-Close (Panic/Halt) | | Sentinel | Optional / Bypassed | MANDATORY (Hard Dependency) | | Hardware | Simulated | MANDATORY (TPM/HSM) | | Config Integrity | Warn on Change | PANIC on Change | | Symlinks | Allowed | PANIC (Security Violation) | | Log Durability | Standard | Atomic / Fsync |

🟢 PROD Mode (Production)

  • Role: Governance Hypervisor.
  • Behavior: Deny-by-Default. If the Kernel suspects anything is wrong (network flake, config drift, bad signature), it halts execution immediately.
  • Use Case: Live operations, high-value asset handling.

🟡 DEV Mode (Development)

  • Role: Rapid Iteration Sandbox.
  • Behavior: Permissive. Allows ATLAS_DEV_BYPASS to skip Sentinel, uses mock time/randomness, and tolerates config changes.
  • Use Case: Unit testing, local debugging.

CRITICAL: Never treat DEV mode as a security boundary. It is a velocity tool.

�📦 Documentation

All governance documentation is centralized in the Compliance Assurance Package (CAP).

🚀 Quick Start (DEV Mode)

WARNING: DEV mode is for experimentation only. It bypasses critical security checks.

1. Install

npm install -g @atlasnomos/atlas

2. Check Health

atlas doctor

3. Run a Task

atlas build "Analyze this codebase for security flaws"

📄 License

ATLAS is licensed under the GNU Affero General Public License v3.0.

  • Commercial Use: Allowed.
  • Modification: Allowed (must stay open source if networked).
  • Distribution: Allowed.

See LICENSE for full terms.

ATLAS NOMOS — 2026. Authority. Governance. Control.