npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@filepad/agent-access-sdk

v0.1.6

Published

Official SDK for connecting external agents to Filepad workspaces via Agent Access.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

filepadaifilepadai

Keywords

filepadagentmcpaiworkspaceapi

Readme

@filepad/agent-access-sdk

Official SDK for connecting external AI agents to Filepad workspaces via Agent Access.

What is Agent Access?

Agent Access is Filepad's scoped API for external agents. It lets an outside agent:

  • Read workspace context (folders, files, skills, search)
  • Read visible workspace signals
  • Read and propose updates to the agent's own home profile
  • Create governed artifacts under artifacts/ when intentionally granted
  • Propose reviewable edits to allowed files
  • Report activity events
  • Receive addressed mailbox notifications from Filepad
  • Discover and call governed RuntimeTools, including Gmail read/action tools when granted

Agent Access does not let external agents directly mutate active workspace files, approve their own proposals, send email, run compute, or execute automations without Filepad governance.

Install

npm install @filepad/agent-access-sdk

Requires Node.js 18+.

Quick Start

import { FilepadAgentClient } from '@filepad/agent-access-sdk';

const client = new FilepadAgentClient({
  baseUrl: 'https://api.filepad.ai',
  workspaceId: 'ws_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
  keyId: 'ik_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
  secret: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
});

// Start here: one-call onboarding and resume diagnostics
const connected = await client.connect();
console.log('Workspace:', connected.workspace.displayName);
console.log('Granted scopes:', connected.scopes);
console.log('Visible tools:', connected.tools.map(tool => tool.providerName));
console.log('Suggested first actions:', connected.bootstrap.suggestedFirstActions);

// For native-memory runtimes, hydrate the planner with connected.bootstrap,
// connected.mailbox and connected.recentOutcomes before work.
// `client.bootstrap()` is an alias that calls the HTTP /bootstrap endpoint and
// returns the same payload.

// Read environment
const env = await client.getEnvironment();
console.log('Folders:', env.folders.map(f => f.name));

// Search workspace
const search = await client.search('quarterly report', { type: 'keyword', limit: 5 });
console.log('Results:', search.results.length);

// Create a governed artifact when the key is trusted for direct artifact creation
const { artifact } = await client.createArtifact({
  title: 'Agent Report',
  text: '# Summary\n\nGenerated by external agent.',
  kind: 'auto',
  format: 'markdown',
});
console.log('Artifact:', artifact.id);

// Emit event
const { eventId } = await client.createEvent({
  eventType: 'agent.task.completed',
  payload: { artifactId: artifact.id },
});
console.log('Event:', eventId);

// Query visible signals
const signals = await client.getSignals({ status: 'suggested', limit: 10 });
console.log('Signals:', signals.signals.length);
if (signals.signals[0]) {
  const signal = await client.getSignal(signals.signals[0].id);
  console.log('Signal:', signal.findingTypeKey, signal.status);
}

// Read Filepad callbacks addressed to this integration
const mailbox = await client.getMailbox({ unreadOnly: true, limit: 20 });
console.log('Unread mailbox items:', mailbox.items.length);
if (mailbox.items.length > 0) {
  await client.ackMailbox(mailbox.items.map(item => item.id));
}

// Read this key's agent home profile
const profile = await client.getAgentProfile();
console.log('Agent profile key:', profile.keyId);

// Discover governed tools, import a synced email if useful, and request a Gmail send through approval
const tools = await client.listTools();
console.log('Visible tools:', tools.tools.map(tool => tool.providerName));
const importedEmail = await client.importGmailMessage({
  externalId: 'gmail_message_id',
});
console.log('Gmail import:', importedEmail.output);
const gmailReply = await client.sendGmailWithApproval({
  sourceRecordId: 'src_gmail_message',
  toAddresses: ['[email protected]'],
  subject: 'Re: Renewal question',
  bodyText: 'Thanks for reaching out. Here are the next steps.',
});
console.log('Gmail approval request:', gmailReply.output);

Authentication

Every request is signed with HMAC-SHA256 using your Agent Access key.

Create a key in Filepad:

  1. Open a workspace
  2. Go to Settings → Agent Access
  3. Click Create Key
  4. Copy the Key ID and Secret (shown once)

The SDK handles signing automatically. You only need to provide keyId and secret to the client.

API Reference

FilepadAgentClient

verifyCredentials()

Returns the integration key id, integration id, workspace id, and granted scopes.

connect()

Returns onboarding/resume diagnostics: identity, workspace, granted scopes, recommended missing scopes, available RuntimeTools, agent home, unread mailbox, recent outcomes, tool groups, and suggested first actions. Agents should call this first and when resuming work.

bootstrap()

Alias for connect() that calls the HTTP /bootstrap endpoint. Use this when a runtime or fallback path is explicitly looking for a bootstrap handshake.

getEnvironment()

Returns workspace folders and their status.

getFileTree()

Returns all visible files and folders.

getFile(fileNodeId)

Reads a file by its node id.

getPrompts() / getMcpPrompts() / getMcpResources()

Discover skills and resources.

search(query, options?)

Search indexed workspace context.

createArtifact(params)

Create a governed artifact under artifacts/ when the key has tools:call and artifacts:direct_write. Use kind: "auto" and format: "markdown" when producing markdown that should become a rich document.

proposeEdit(params)

Propose a reviewable edit to an allowed file.

createEvent(params)

Emit an activity event.

createSignal(params)

Create a signal (requires signals:write scope).

getSignals(filters?)

Query visible workspace signals by type, severity, status, limit, or cursor. Requires env:read.

getSignal(signalId)

Read one visible workspace signal by id. Requires env:read.

getMailbox(options?)

Read Filepad mailbox notifications addressed to this integration. Requires notifications:read.

ackMailbox(ids)

Acknowledge processed mailbox notification ids. Requires notifications:read.

getAgentProfile(options?)

Read this integration's agent home profile files under agents/integrations/{keyId}/. Requires env:read.

updateAgentProfile(params)

Propose an append or replacement update to one profile file. Requires env:read and files:propose; the change waits for human review.

listTools() / callTool(params)

Discover and call Filepad's canonical governed RuntimeTool catalog. Tool visibility is filtered by workspace role, scopes, connected providers, tier, and policy.

searchGmail(params) / getGmailMessage(params)

Read synced Gmail source records through the governed tool bridge. Requires tools:read/tools:call and gmail:read scopes.

importGmailMessage(params) / createGmailDraft(params) / sendGmailWithApproval(params)

Request Gmail imports, drafts, or sends through Filepad governance. Sends always create an approval-backed outbound action; agents do not receive raw Gmail credentials. Requires tools:call and gmail:write.

Error Handling

The SDK throws typed errors:

  • AuthenticationError — invalid signature or expired key
  • ForbiddenScopeError — missing required scope
  • NotFoundError — file or resource not found
  • RateLimitError — too many requests
  • ProposalPathError — proposal target is not allowed
  • StaleVersionError — base version changed during proposal

All errors extend FilepadAgentError with code, message, and status properties.

import { FilepadAgentError, AuthenticationError } from '@filepad/agent-access-sdk';

try {
  await client.getFile('fn_...');
} catch (err) {
  if (err instanceof AuthenticationError) {
    console.error('Check your key id and secret');
  } else if (err instanceof FilepadAgentError) {
    console.error(err.code, err.message);
  }
}

Scope Reference

| Scope | What it allows | |-------|----------------| | env:read | Read folders, file tree, file content, search, skill prompts, MCP resources, and visible signals | | artifacts:direct_write | Create artifacts under artifacts/ when intentionally granted | | files:propose | Create reviewable edit proposals for allowed files | | memory:read | Read memory entries | | events.write | Write agent activity events | | signals:write | Create signals for automation triggers | | notifications:read | Read and acknowledge Filepad mailbox notifications addressed to this integration | | tools:read | Discover governed RuntimeTools | | tools:call | Call governed RuntimeTools | | gmail:read | Read synced Gmail source records through RuntimeTools | | gmail:write | Request Gmail imports, drafts, and sends through governed approval workflows | | github:read | Read synced GitHub source records through RuntimeTools | | github:write | Request governed GitHub actions when enabled |

License

MIT