npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@kaicmo/gate

v0.1.1

Published

Zehrava Gate SDK — safe commit layer for AI agents

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

kaicmokaicmo

Keywords

aiagentsapprovalgovernancecommitcheckpoint

Readme

@kaicmo/gate

The commit checkpoint between AI agents and production systems.

Every agent write goes through the same path: propose → policy → approve → deliver → audit. No direct commits. No silent writes.

zehrava.com · GitHub

Install

npm install @kaicmo/gate

Quickstart

Run the Gate server locally:

npx zehrava-gate --port 4000

Use the SDK:

const { Gate } = require('@kaicmo/gate')

const gate = new Gate({
  endpoint: 'http://localhost:4000',
  apiKey: 'YOUR_KEY'   // from POST /v1/register
})

// Propose an action — Gate evaluates policy before anything writes
const p = await gate.propose({
  payload:     './leads.csv',
  destination: 'salesforce.import',
  policy:      'crm-low-risk',
  recordCount: 847
})

console.log(p.status)
// "pending_approval" — 847 > 100 threshold
// "approved"         — auto-approved by policy
// "blocked"          — destination not in allowlist

// Deliver exactly once (after approval)
await gate.deliver({ proposalId: p.proposalId })
// Second call returns 409 — one-time delivery enforced

API

gate.propose({ payload, destination, policy, recordCount, metadata })
gate.approve({ proposalId })
gate.reject({ proposalId, reason })
gate.deliver({ proposalId })
gate.verify({ proposalId })

What Gate governs

Gate does not validate business logic. It answers four questions before any write reaches production:

  1. Who sent this? — verified agent identity
  2. Where is it going? — destination allowlists
  3. Should it be allowed? — shared policy rules (YAML)
  4. Who approved it? — centralized approval queue + audit trail

Policy example

id: crm-low-risk
destinations: [salesforce.import, hubspot.contacts]
auto_approve_under: 100
require_approval_over: 100
expiry_minutes: 60
delivery: one_time

Policies are shared YAML files. Same rules across every agent, every framework.

Why not just use LangSmith / Guardrails / AgentOps?

Those tools are observability and content safety — they tell you what happened or validate LLM outputs. Gate governs the write path: whether an agent output is allowed to become a production write, and who approved it.

Self-hosting

Gate is MIT licensed and self-hostable. Run it on your own infrastructure:

git clone https://github.com/cgallic/zehrava-gate
cd zehrava-gate/packages/gate-server
npm install
npm start

Links