npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@relayplane/auth-gate

v0.1.0

Published

Auth Gate - authentication and authorization for agent operations

Downloads

81

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

uxcontinuumuxcontinuum

Keywords

relayplaneauthauthenticationauthorizationagent-ops

Readme

@relayplane/auth-gate

Auth Gate — authentication and authorization for agent operations.

Overview

The Auth Gate validates incoming requests, detects auth type (API vs consumer), determines execution mode, and enforces consumer auth restrictions based on workspace settings.

Key features:

  • Auth type detection: API keys vs consumer subscriptions
  • Execution mode detection: Interactive, background, scheduled
  • Consumer auth restrictions: Safe defaults aligned with provider ToS
  • Enforcement modes: recommended (default) vs permissive
  • Ledger integration: Emits auth events for audit

Installation

pnpm add @relayplane/auth-gate

Quick Start

import { createAuthGate, MemoryAuthProfileStorage } from '@relayplane/auth-gate';

// Create storage and gate
const storage = new MemoryAuthProfileStorage();
const gate = createAuthGate({ storage });

// Seed test data
const { apiProfile, consumerProfile } = await storage.seedTestData('ws_123');

// Validate an API request (background) - allowed
const apiResult = await gate.validate({
  workspace_id: 'ws_123',
  auth_profile_id: apiProfile.profile_id,
  metadata: { session_type: 'background' },
});
console.log(apiResult.allow); // true

// Validate a consumer request (background) - blocked in recommended mode
const consumerResult = await gate.validate({
  workspace_id: 'ws_123',
  auth_profile_id: consumerProfile.profile_id,
  metadata: { session_type: 'background' },
});
console.log(consumerResult.allow); // false
console.log(consumerResult.reason); // "Consumer auth is restricted..."

Enforcement Modes

recommended (default)

Safe defaults aligned with typical provider ToS:

| Context | Consumer Auth | API Auth | |---------|---------------|----------| | Interactive | ✅ Allowed | ✅ Allowed | | Background | ❌ Blocked | ✅ Allowed | | Scheduled | ❌ Blocked | ✅ Allowed | | Spawned agents | ❌ Blocked | ✅ Allowed | | Fallback chains | ❌ Blocked | ✅ Allowed |

permissive

For power users who understand provider ToS implications:

| Context | Consumer Auth | API Auth | |---------|---------------|----------| | All contexts | ⚠️ Allowed with warning | ✅ Allowed |

When consumer auth is used in automation contexts in permissive mode:

  • auth_risk=true is set in ledger
  • policy_override=true is set
  • Warning message included in response

Automation Detection

The Auth Gate detects automation contexts via:

  1. X-RelayPlane-Automated: true header
  2. session_type: 'background' metadata
  3. scheduler_triggered: true metadata
  4. parent_run_id present (spawned agents)
  5. fallback_chain_position > 0

Execution Mode Detection

| Signal | Execution Mode | |--------|----------------| | scheduler_triggered=true | scheduled | | session_type='background' | background | | parent_run_id present | background | | Default | interactive |

API Reference

AuthGate

const gate = createAuthGate({
  storage: AuthProfileStorage,
  ledger?: Ledger,
  defaultSettings?: Partial<WorkspaceAuthSettings>,
});

// Validate a request
const result = await gate.validate({
  workspace_id: string,
  auth_profile_id?: string,
  api_key?: string,
  metadata: RequestMetadata,
});

// Create context from successful validation
const context = gate.createContext(request, result);

// Emit auth event to ledger
await gate.emitAuthEvent(run_id, result);

AuthResult

interface AuthResult {
  allow: boolean;
  auth_profile?: AuthProfile;
  execution_mode: ExecutionMode;
  ledger_flags: {
    auth_type: 'api' | 'consumer';
    execution_mode: ExecutionMode;
    auth_risk: boolean;
    policy_override: boolean;
  };
  reason?: string;           // If denied
  guidance_url?: string;     // Migration guidance
  warning?: string;          // If allowed with warning
}

Storage Backends

MemoryAuthProfileStorage

In-memory storage for testing and development:

const storage = new MemoryAuthProfileStorage();

// Create profile
const profileId = await storage.createProfile({
  workspace_id: 'ws_123',
  name: 'API Keys',
  type: 'api',
  providers: [...],
  automation_allowed: true,
  interactive_only: false,
});

// Set workspace settings
await storage.updateWorkspaceSettings('ws_123', {
  auth_enforcement_mode: 'recommended',
  default_auth_profile_id: profileId,
});

Custom Storage

Implement AuthProfileStorage interface for production:

interface AuthProfileStorage {
  getProfile(profile_id: string): Promise<AuthProfile | null>;
  getProfileByApiKey(api_key: string): Promise<AuthProfile | null>;
  getWorkspaceProfiles(workspace_id: string): Promise<AuthProfile[]>;
  getWorkspaceSettings(workspace_id: string): Promise<WorkspaceAuthSettings | null>;
  createProfile(...): Promise<string>;
  updateProfile(...): Promise<void>;
  deleteProfile(...): Promise<void>;
  updateWorkspaceSettings(...): Promise<void>;
}

License

MIT