npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

invinoveritas-governance-gate-core

v0.1.0

Published

Framework-agnostic core for an independent pre-execution governance gate — calls invinoveritas /review for a verdict an agent can't self-issue, and returns a portable, recomputable, Bitcoin-anchored proof anyone can re-verify offline. Advisory by default;

Readme

invinoveritas-governance-gate-core

The framework-agnostic core for an independent pre-execution governance gate.

An agent can self-serve memory, tools, reasoning, even a wallet. The one thing it cannot self-serve is an independent second opinion on its own proposed action — you can't self-issue a verdict that a third party trusts. This core calls invinoveritas /review for that verdict and returns a normalized gate decision plus a portable, recomputable proof: a BIP-340-signed Nostr event, Bitcoin-anchored on the public /ledger. Anyone can re-verify the proof offline via /verify-proof without trusting the presenter or us.

This is the shared primitive. Thin per-surface adapters wrap it — see invinoveritas-metamask-snap (verdict before you sign a transaction), and the LangGraph / OpenAI-Agents / GOAT patterns.

Why this and not a self-signed receipt

Most "action receipt" schemes sign the record with the agent's own key — that proves the agent says it did X, not an independent party judged X sound before it ran. And a signed hash-chain proves internal ordering but can be regenerated wholesale. This gate is built around the two things a self-signed receipt structurally lacks:

  1. Independence — the verdict comes from a party that isn't the actor.
  2. External time anchor — every verdict is Bitcoin-anchored (OpenTimestamps), so "judged before the outcome" is checkable against a clock the operator doesn't control. Omission becomes as legible as publication.

Install

npm install invinoveritas-governance-gate-core

Usage

import { reviewAction } from "invinoveritas-governance-gate-core";

const result = await reviewAction(
  {
    artifact: JSON.stringify({ tool: "transfer", to: "0xabc…", amount: "1000 USDC" }),
    artifactType: "onchain_action", // or "trade", "tool_call", "general"
    context: "Agent is about to move treasury funds.",
  },
  {
    apiKey: process.env.INVINOVERITAS_API_KEY, // free: POST /register {"label":"your-app"}
    failMode: "closed", // irreversible action -> BLOCK if the gate is unavailable
    sign: true,         // attach the recomputable proof (default)
  },
);

// result.decision : "ALLOW" | "BLOCK" | "ESCALATE"
// result.verdict  : "approve" | "approve_with_concerns" | "reject" | "review_unavailable"
// result.proof    : portable signed proof — hand it downstream
// result.recomputeProofAt : where anyone re-verifies it (free, no auth)

if (result.decision === "BLOCK") {
  // hold the action; surface result.summary / result.issues
}

Fail mode is explicit, per surface

The gate is advisory by default (failMode: "open") — a slow or erroring gate never blocks the host. For irreversible / side-effecting actions, set failMode: "closed" so gate-unavailability blocks instead of silently passing, or "escalate" to route to a human/confirmation path. This is the property a pure observability hook lacks: it can be made authority, not just a log.

Receiving half of the handshake

import { verifyProof } from "invinoveritas-governance-gate-core";

// A proof another agent handed you — verify it without trusting them OR us.
const v = await verifyProof({ event: someProof.proof_payload });
// v.valid === true  =>  the verdict is authentic and unmodified

API

  • reviewAction(action, config) => Promise<GateResult> — never throws; failures resolve per failMode.
  • verifyProof({ event | proofId }, config) => Promise<{ valid }> — free, no auth.

| GovernanceGateConfig | default | | |---|---|---| | apiKey | — | Bearer key (free via /register). Omitted ⇒ unfunded ⇒ failMode applies. | | baseUrl | https://api.babyblueviper.com | | | timeoutMs | 5000 | a gate must never hang the host | | failMode | "open" | "open" ALLOW / "closed" BLOCK / "escalate" ESCALATE on gate-unavailable | | sign | true | attach the recomputable proof |

ProposedAction.stateHash (optional): SHA-256 hex of the caller's state at request time — binds the proof to both the action AND the state, so a verifier confirms the decision was made against the exact state the caller had.

License

MIT