npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

agentseatbelt

v0.2.0

Published

Runtime firewall for AI coding agents before they touch your terminal, repo, secrets, or production.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

kenjiifxkenjiifx

Keywords

clisecurityai-agentsdevtoolsruntime-firewall

Readme

AgentSeatbelt

Runtime firewall for AI coding agents before they touch your terminal, repo, secrets, or production.

AgentSeatbelt demo

AgentSeatbelt is the runtime security layer between AI agents and real-world execution.

Policy, approvals, and audit trails for AI agents before they touch your terminal, repo, secrets, cloud, or production.

Built for:

  • Investors evaluating category-defining AI safety infrastructure
  • Senior developers shipping with AI coding agents in real repositories
  • Security and DevSecOps teams requiring deterministic local controls

Why now

AI coding agents can run shell commands, modify repositories, install dependencies, read local files, and trigger deployment paths. Developer environments were built for human intent, not autonomous execution. AgentSeatbelt adds a deterministic control layer between agent output and system impact.

What AgentSeatbelt protects

  • Terminal execution before risky commands run
  • Repository integrity and rollback recovery points
  • Secret-bearing paths and common credential access patterns
  • Production and infrastructure command surfaces
  • Workspace-scoped session context via agentSessionId

Core capabilities

  • Deterministic risk classification (no paid APIs)
  • Rule-based policy engine with profiles (dev, strict, ci)
  • Secret-read blocking by default
  • Approval gating for high-impact actions
  • Git checkpoint metadata before risky execution
  • Action receipts in json, ndjson, and table views
  • Receipt hash-chaining (chainIndex, previousReceiptHash, receiptHash)
  • Protected session mode: seatbelt agent dev
  • Chain integrity verification: seatbelt verify
  • Runtime posture summary: seatbelt status

Category

Developer-first runtime security for agent execution.

This is not a generic prompt guardrail, not a sandbox, and not an endpoint detection agent. It is an execution-time policy and approval layer for risky agent actions.

Security model

  • Local-first runtime execution
  • No telemetry
  • No cloud upload of commands, receipts, or config
  • Deterministic policy outcomes
  • Workspace-scoped session IDs for traceable runs

Demo in 90 seconds

seatbelt init
seatbelt run "echo safe path"
seatbelt run "cat .env"
seatbelt run "rm -rf build" --dry-run
seatbelt run "vercel --prod" --dry-run
seatbelt verify
seatbelt status
seatbelt logs --tail 10
seatbelt doctor

Cross-platform scripts:

  • demo.sh
  • demo.ps1

Quickstart

npm install
npm run build
node dist/index.js --help

Optional local link:

npm link
seatbelt --help

Health checks:

npm run test
npm run typecheck
npm run lint

Session mode (v0)

seatbelt agent dev

Creates .seatbelt/session.json with:

  • agentSessionId
  • workspacePath
  • startedAt
  • protectedSurfaces

If a valid session already exists for the current workspace, the same agentSessionId is reused.

From CLI wedge to control plane

  • v0: local terminal and repository enforcement for developers.
  • v1: direct coding-agent wrappers and integration guides.
  • v2: CI and MCP/tool-call policy enforcement.
  • v3: team policy bundles and audit sync patterns.
  • v4: organization-wide agent runtime governance.

Configuration

Default config file: .seatbelt/config.yml

rules:
  - pattern: "cat .env"
    action: block
    severity: critical
  - pattern: "rm -rf"
    action: require_approval
    severity: critical
  - pattern: "vercel --prod"
    action: require_approval
    severity: critical

--seed-baseline is optional, local-only, disabled by default, and never uploads shell history.

Policy pack initialization:

seatbelt init --policy-pack production-safe --profile strict

Professional docs

Roadmap

  • Agent session hardening
  • MCP proxy / tool-call enforcement
  • CI / GitHub Actions mode
  • Team policy packs
  • IDE integrations