npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@qmilab/lodestar-adapter-git

v0.5.0

Published

Git status tool adapter for the Lodestar Action Kernel. Part of Lodestar, the trust layer for AI agents.

Readme

@qmilab/lodestar-adapter-git

Governed git tool adapter for the Lodestar Action Kernel. Part of Lodestar — the trust layer for AI agents.

Provides forge-agnostic git tools — read-only git.status plus the native transport tools git.commit, git.push, and git.clone. These speak the git protocol against any remote (GitHub, GitLab, Gitea, Forgejo, Bitbucket, self-hosted, a bare repo over SSH); the remote is just a URL plus a credential. The GitHub-only API surface (PRs, issues, releases) is a separate future adapter — see ADR-0006.

git.push is the first native Lodestar tool that moves data out (blast_radius: external, L4) — held until a human approves.

Install

npm install @qmilab/lodestar-adapter-git
# or
bun add @qmilab/lodestar-adapter-git

Usage

import { registerGitStatusTool } from "@qmilab/lodestar-adapter-git"
import { ActionKernel } from "@qmilab/lodestar-action-kernel"

// projectRoot is required — git status runs inside it.
registerGitStatusTool(process.cwd())

const kernel = new ActionKernel(policyGate, preconditionChecker, observationSink)
const action = kernel.propose({
  intent: "inspect repository state",
  tool: "git.status",
  inputs: { repo: "." },
  contract: { /* ... */ },
  proposed_by: "agent-1",
})
const arbitrated = await kernel.arbitrate(action)
if (arbitrated.phase === "approved") {
  const executed = await kernel.execute(arbitrated)
}

Transport tools

import { registerGitTransportTools } from "@qmilab/lodestar-adapter-git"

registerGitTransportTools({
  workspaceRoot: "/work/repo",
  commit: true, // git.commit @ L3
  push: {
    // git.push @ L4 — the agent picks a NAME; the operator pins name → URL.
    remotes: { origin: "https://github.com/acme/widget.git" },
    // No silent default: choose a credential explicitly.
    credential: { kind: "https-token", token: () => secrets.fetch("gh-pat") },
  },
  clone: {
    // git.clone @ L3 — source allowlist + a pinned destination root.
    cloneRoot: "/work/clones",
    allowSource: (url) => url.startsWith("https://github.com/acme/"),
  },
})

What it provides

  • makeGitStatusTool / registerGitStatusTool — the read-only git.status tool.
  • makeGitCommitTool / makeGitPushTool / makeGitCloneTool — individual transport tools.
  • defineGitTransportTools(config) / registerGitTransportTools(config) — build (and register) the configured subset.
  • GitCommitOutputSchema / GitPushOutputSchema / GitCloneOutputSchema — the Zod output schemas, registered against git.commit@1 / git.push@1 / git.clone@1.

Invariants

  • Remote pinning. git.push targets the operator-pinned URL explicitly, so a poisoned .git/config remote cannot redirect a push, and the push uses a fixed refspec from a validated branch name (no refspec injection). The agent picks a remote name, never a URL. The adapter also rejects a workspace local config that sets hostile keys (url.*.insteadOf/pushInsteadOf, credential.helper, filter.*, …), which could otherwise rewrite the pinned URL or run a helper/filter.
  • Credential scoping, no silent default. The token flows via GIT_ASKPASS (never argv, ps-safe) and is redacted from captured output. The credential kind is always explicit.
  • Clone confinement. A clone URL must pass the operator allowlist; the destination is confined under a pinned root. Cloned content is untrusted external input.
  • No host-env passthrough; host git config neutralised. The subprocess sees only a scoped env (fresh empty HOME, GIT_CONFIG_GLOBAL/SYSTEM=/dev/null), commit hooks are disabled, and identity is pinned.

Boundary: this is a TS-level governance boundary, not an OS sandbox. push/clone reach the real network by design; the governance is destination pinning + credential scoping + the L4 approval gate, not network containment.

License

Apache 2.0.