npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@codezero-io/cordon

v0.3.1

Published

A local proxy that transparently injects API credentials into outbound HTTPS requests. Your apps and AI agents never hold real secrets.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

lightcaplightcap

Keywords

proxycredentialssecrets1passwordai-agentsecurity

Readme

Cordon by Codezero

The missing credential containment layer.

Credentials are encrypted at rest in vaults and secrets managers, encrypted in transit over TLS, and then handed to applications in plaintext. Once inside a runtime, they leak through logs, crash dumps, environment variables, child processes, debug endpoints, dependency supply chains, and memory dumps. No amount of protection at rest helps once a secret is in memory and the application (or one of its dependencies) can read it.

AI agents are making this exponentially worse. They execute code, install packages, call APIs, and spawn subprocesses autonomously. Every tool an agent invokes is another runtime where a credential can be captured, exfiltrated, or misused. The attack surface grows with every agent you deploy, and traditional secret management was never designed for runtimes you don't fully control.

Possession is the vulnerability. The only way to eliminate it is to keep credentials out of the runtime entirely.

Cordon is a credential containment layer that sits between the systems that protect credentials (vaults, identity providers, policy engines) and the systems that consume them (applications, AI agents, developer environments, CI/CD pipelines). Instead of handing secrets to a runtime, Cordon mediates every credential use at the exact moment of need, injecting credentials in transit, per-request, so they never enter the consuming runtime. The layer scales from a developer's laptop to shared team environments to enterprise-wide deployments. Same containment model, wider boundary.

Developer Edition

This package contains the Developer Edition of Cordon: a free local gateway that runs on your machine. It intercepts outbound HTTP/HTTPS requests and TCP connections (PostgreSQL today, more protocols coming) and injects credentials from 1Password or your OS keyring at the network layer. Applications and AI agents make normal network calls through the proxy and never hold a single credential.

Your App  ──HTTPS_PROXY──▶  Cordon  ──real credentials──▶  api.stripe.com
Your App  ──TCP connect──▶  Cordon  ──real credentials──▶  db.example.com:5432
                                      (from 1Password
                                       or OS keyring)

No code changes. No SDK wrappers. Credentials are applied in transit and never enter your runtime.

Install

npm install -g @codezero-io/cordon

This automatically installs a platform-specific binary package for your OS and architecture. Requires macOS (ARM64/x64) or Linux (x64/ARM64) and Node.js 20.18.1+.

Quick Start

cordon setup

One command. The setup wizard generates CA certificates, creates your config, detects available secret providers, and walks you through adding your first route and secret. Prefer cordon setup and the cordon route / cordon listener commands over hand-editing config files; they validate fields and write safer defaults. For AI agent integrations, use cordon setup claude-code (or codex, hermes) to also configure the tool's proxy and trust settings.

Then start the proxy:

cordon start

See the Quickstart guide for a complete walkthrough.

AI Agent Integrations

Cordon has dedicated setup for AI coding agents. Each configures proxy environment variables, CA trust, and tool-specific settings:

cordon setup claude-code   # Claude Code
cordon setup codex         # OpenAI Codex
cordon setup hermes        # Hermes Agent

See the integration guides for details.

Security

Cordon is designed so that security properties are structural, not configuration-dependent. There are no flags or options that weaken the security posture.

  • Credentials stay out of your runtime. HTTP route credentials are fetched from your secret store per request and injected at the network layer. PostgreSQL listener credentials are held by the local proxy while the listener runs. Cordon has no credential database or on-disk API credential store.
  • Credential header injection. For matched routes, Cordon injects the configured auth header and unconditionally strips any existing Authorization, Proxy-Authorization, or configured custom auth header. Works whether or not the application sent a header. No placeholder needed. Prevents credential passthrough attacks.
  • Token-gated boundary access. Secret plaintext is accessible only through callback methods that require a capability token. Each protocol boundary module defines its own token with a private constructor, confining plaintext to the specific module that needs it. Enforced by compile-fail tests.
  • DNS pinning. After DNS resolution, Cordon connects to the selected address directly, closing the TOCTOU window against DNS rebinding. For unmatched traffic, all resolved IPs are validated against the SSRF denylist before connecting.
  • No unsafe code. #![forbid(unsafe_code)] in cordon-core, enforced at compile time.
  • Loopback only. The config accepts a port number, not a bind address. Non-loopback binding is structurally impossible.
  • SSRF protection. For unmatched traffic, the built-in denylist blocks forwarding to private IPs, link-local, and loopback addresses. Configured HTTP credential routes are explicit v1 trust decisions and bypass that private-IP blocking for internal APIs, VPN/private endpoints, PrivateLink services, staging, and localhost development services.
  • Zeroized on drop. Secret memory is zeroed when no longer needed. The Secret type has no Debug or Display impl — attempts to log secrets fail at compile time. See the Security Model and Threat Model for full details.

Report security issues to [email protected].

Beyond Developer

The Developer Edition is free and runs locally with no account required. The credential containment layer also extends to shared and enterprise-wide environments:

  • Teams: A shared containment layer for engineering teams running agents and pipelines together. Bring your own identity provider, vault, and policy engine.
  • Enterprise: One containment layer for every outbound request your organization makes. Self-hosted and air-gapped deployments, identity-aware audit trails, and negotiated SLAs.

Learn more at codezero.io.

Documentation

Full documentation: docs.codezero.io

Need help? Email [email protected] or visit docs.codezero.io/support. Developer Edition support is best-effort and does not include guaranteed response times or service-level commitments.

License

Codezero Cordon Developer License Agreement. The Developer Edition is provided at no charge within Developer Limits. Teams and Enterprise features are available under a paid commercial license.