npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@render-harness/cap-filesystem

v0.8.2

Published

Path-scoped filesystem tools for the Render agent harness. Opt-in per agent; the worker pserv is multi-tenant by default so this is NOT a core builtin.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

r4ph_tr4ph_t

Keywords

render-harness-caprender-harnessfilesystem

Readme

@render-harness/cap-filesystem

Path-scoped filesystem tools for agents in the Render harness. Opt-in per agent.

Why this isn't a core builtin

The production worker pserv is multi-tenant: one Node process holds every tenant's env vars and runs every tenant's agent against a shared filesystem. A core-default filesystem tool would let any prompt-injected agent exfiltrate secrets from /proc/self/environ or read another tenant's files off a mounted disk.

This pack makes filesystem access an explicit per-agent decision: you opt in, you choose the root path, and you decide whether writes are allowed.

When a future per-run sandboxed runtime exists, an unscoped filesystem tool becomes safe by default. Until then, every agent that needs files uses this pack.

Tools

All paths are joined to the configured root and rejected if they escape it (including via .. traversal or symlinks pointing outside).

| Tool | Description | |---|---| | fs.read_file({ path }) | Read a UTF-8 text file. Output capped at maxBytes; full body recoverable via fetch_full_result. | | fs.list_dir({ path }) | List directory entries with type (dir / file / link / other) and file sizes. | | fs.write_file({ path, content }) | Write a UTF-8 file. Auto-creates parent directories. Disabled when readOnly: true. | | fs.delete_file({ path }) | Delete a file. Refuses to delete directories. Disabled when readOnly: true. |

Configuration

capabilities:
  - pack: "@render-harness/cap-filesystem"
    config:
      root: "/var/data/agent-workspace"   # required, absolute path
      readOnly: false                     # optional, default false
      maxBytes: 1048576                   # optional, default 1 MB

| Key | Type | Default | Notes | |---|---|---|---| | root | string | — | Required. Absolute path the agent can read/write under. | | readOnly | boolean | false | When true, only fs.read_file and fs.list_dir register. | | maxBytes | integer | 1048576 | Cap for read truncation and write rejection. |

On Render

On Render, point root at a persistent disk mount (e.g. /var/data) so the files survive across deploys. Without a disk, root must point at the container's ephemeral filesystem, which is wiped on every redeploy.

Multi-tenant safety

This pack alone does NOT make the worker multi-tenant safe — it scopes the path, not the tenant. If you run a multi-tenant agent and want each tenant to see only their own files, set the root per tenant at agent-definition time:

defineAgent({
  // ...
  capabilities: [
    {
      pack: "@render-harness/cap-filesystem",
      config: { root: `/var/data/tenants/${tenantId}` },
    },
  ],
});

The harness runs one defineAgent() call per tenant in this shape; the pack instances don't share scopes.

Test commands

pnpm --filter @render-harness/cap-filesystem build
pnpm --filter @render-harness/cap-filesystem test