npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@qmilab/lodestar-action-kernel

v0.5.0

Published

Tool registry, two-phase action execution, and sandbox profiles for the Lodestar epistemic chain. Part of Lodestar, the trust layer for AI agents.

Readme

@qmilab/lodestar-action-kernel

Tool registry, two-phase action execution, and sandbox profiles for the Lodestar epistemic chain. Part of Lodestar — the trust layer for AI agents.

The Action Kernel is the runtime gate every tool call passes through. It separates describing an intended action from executing it, so a policy gate or precondition checker can refuse the action before it touches the world.

Install

npm install @qmilab/lodestar-action-kernel
# or
bun add @qmilab/lodestar-action-kernel

What it does

  • Tool registryregisterTool() declares a tool's name, inputs schema, output schema key, declared effects, reversibility, permissions, required trust level, sandbox profile, optional preconditions, and an execute() function. Lookups go through lookupTool(); nothing bypasses the registry.
  • Two-phase executionkernel.propose() builds a proposed Action from inputs + ActionContract. kernel.arbitrate() calls the policy gate to approve or reject. kernel.execute() re-checks preconditions (TOCTOU defense), invokes the tool, validates the output against the registered schema, and emits an Observation.
  • Sandbox profiles — four levels: "read", "write-isolated", "write-local", "controlled-shell". Declared per tool; no silent defaults.
  • Observations via the schema registry — every executed tool emits an Observation validated against the output schema registered in @qmilab/lodestar-core.

Usage

import {
  ActionKernel,
  registerTool,
  type PolicyGate,
  type PreconditionChecker,
} from "@qmilab/lodestar-action-kernel"
import type { Action, Observation } from "@qmilab/lodestar-core"

registerTool({
  name: "my.tool",
  inputs: MyInputSchema,                  // Zod schema
  output_schema_key: "my.tool@1",         // registered in @qmilab/lodestar-core
  effects: [],                            // read-only tool
  reversibility: "reversible",
  permissions: ["fs.read"],
  required_trust_level: 0,
  sandbox: "read",
  execute: async (inputs, ctx) => { /* ... */ },
})

const policyGate: PolicyGate = async (action) => ({
  approved: action.contract.effects.length === 0,
  reason: "read-only actions are approved by default",
  approver_id: "demo-policy",
})

const preconditionChecker: PreconditionChecker = async (_check) => ({
  holds: true,
  observed: null,
})

const observationSink = async (obs: Observation) => {
  // route obs into the cognitive core / event log
}

const kernel = new ActionKernel(policyGate, preconditionChecker, observationSink)

const action = kernel.propose({
  intent: "inspect repository state",
  tool: "my.tool",
  inputs: { /* ... */ },
  contract: {
    required_level: 0,
    blast_radius: "self",
    reversibility: "reversible",
    scope: { level: "project", identifier: "my-project" },
    data_sensitivity: "private", // action sensitivity is public | private | secret
    preconditions: [],
  },
  proposed_by: "agent-1",
})

const arbitrated = await kernel.arbitrate(action)
if (arbitrated.phase === "approved") {
  const executed = await kernel.execute(arbitrated)
  // executed.phase === "completed" or "failed" or "rejected"
}

Invariants

  1. No tool runs without a contract. propose() is mandatory and validates inputs against the tool's Zod schema exactly once.
  2. Two-phase execution is enforced by phase. arbitrate() only runs from proposed; execute() only runs from approved.
  3. Tool-declared preconditions cannot be dropped. The kernel merges tool preconditions with the caller's contract; the caller can only add, not remove.
  4. Preconditions are re-validated at execution time. Any precondition with must_revalidate_at_execution: true is re-checked immediately before tool.execute runs — TOCTOU defense.
  5. Outputs are validated against the registered schema. A tool returning a value that doesn't match its output_schema_key raises a structural error rather than entering cognition.

License

Apache 2.0.