npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

nilscript

v0.3.0

Published

The neutral standard for connecting systems to agents — Network Intent Layer (NIL) + the nilscript DSL. This npm entry is a pointer; the spec, schemas, SDK and CLI live at nilscript.org and on PyPI (`pip install nilscript`).

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

elbashierelbashier

Keywords

nilnilscriptagentsintentstandarddsljson-schema

Readme

NILScript

Give an AI agent real power over your systems — and take on zero risk doing it.

NIL (the Network Intent Layer) is the neutral standard for how agents act in real backends: every write is previewed, approved, fully traced, and one-click reversible — and an agent can only touch what your backend actually exposes. Hallucinations can't write. OpenAPI for agent-actions.

CI tests unauthorized writes via NIL Python spec license

Why · The numbers · Quickstart · Commands · How it works · Build an adapter · Status

Benchmarks — the numbers

A safety layer is only worth something if the numbers move. We took the InjecAgent prompt-injection suite (ACL Findings 2024) — a poisoned tool response tries to hijack the agent into an unauthorized write — and ran every case twice: the agent calling tools directly (raw), and the same agent routed through NIL (gated). Same model, same attacks. Only the gate differs.

InjecAgent: unauthorized-write rate, raw vs NIL — zero through NIL across every model and setting

| | Raw agent | Through NIL | |---|---|---| | Unauthorized writes committed | up to 4.46% | 0.00% | | Benign tasks completed | 100% | 100% | | Evaluations | — | 4,216 (2 models × base+enhanced × 1,054 cases) |

Read that again. Across 4,216 attacks, on two different models, under both the standard and the reinforced injection setting, the number of unauthorized writes that reached the backend through NIL was zero — and it cost nothing: every legitimate task still completed. Raw agents were hijacked into a real write on up to 1 in 22 cases; NIL committed none of them.

That gap isn't a better prompt or a smarter model — it's structural. A write physically cannot commit without a previewed propose → approve → commit, and the agent can only name verbs the backend exposes. Change the model and the raw hijack rate moves; the NIL column stays 0.

Honesty matters as much as the numbers: this harness uses a single-step decision (not InjecAgent's two-step ReAct), so the raw rates here (0–4.46%) sit below the paper's 24% GPT-4 baseline and are harness-specific — the comparable, defensible claim is the NIL → 0, always reported next to 100% benign success (never the safety number alone). Full method + the other three axes (task-success, conformance, performance): docs/benchmarking-plan.md · reproduce: bench/.

The one-paragraph version

A raw agent with API keys is a loaded gun: one hijacked prompt, one hallucinated call, and it writes something irreversible to your production system. NIL puts a thin, neutral layer between the agent and the backend. The agent can only propose; nothing happens to your data until a proposal is approved; every effect is traced and carries a reversal handle; and the agent can only name operations your backend has actually declared — anything else is refused, not faked. You build the adapter once, and any NIL-speaking agent works against it.

See it in action

A ~10s walkthrough of the Reference Playground: an agent chats to a live backend and you watch a write go propose → approve → commit → rollback in a real trace — nothing touches the data until you say so.

https://github.com/user-attachments/assets/21ecd97b-5914-4618-b7ca-5f80d0a76467

Prefer to run it yourself? pip install nilscript[demo] && nilscript demo.

Why this exists

| The problem | What NIL does | | --- | --- | | Every agent↔system integration is hand-built and brittle. | NIL is the neutral wire contract — build an adapter once, every agent speaks to it. | | Agents write blindly — and a hijacked or hallucinating agent writes wrong. | PROPOSE has no side effects; nothing commits without approval; ROLLBACK previews a compensation, never a silent write. | | Models hallucinate operations that don't exist. | An agent can only call verbs the backend's skeleton declares; unknown/unprovisioned actions are refused at PROPOSE, not invented. | | Backends hide their real requirements; you learn by collision. | nilscript scan discovers them into a shareable requirements-manifest.json. | | "It's reversible" is usually a lie. | Every verb declares a tier — REVERSIBLE / COMPENSABLE / IRREVERSIBLE — that the conformance harness actually verifies. | | Standards rot into framework lock-in. | NIL is data, not software: plain JSON + docs any language can implement. The Python SDK/CLI is optional sugar. |

New in 0.3.0

  • Discovery handshake — every adapter exposes GET /nil/v0.1/describe returning its skeleton: {nil, system, verbs, targets:{name:{exists, fields[]}}}. SDK handshake(transport) connects any client uniformly: reachable → conformant → provisioned.
  • PROPOSE preflight — a verb whose native target isn't provisioned is refused at PROPOSE (UPSTREAM_UNAVAILABLE), not failed after COMMIT.
  • Generic resource.* family (resource-v1) — create / read / update / delete over any target the skeleton exposes, no per-entity verb authoring. read is a QUERY; writes ride PROPOSE→COMMIT.
  • Synthesized reversibility — generic writes reverse with zero per-verb mapping: create→delete, update→restore before-image, delete→recreate, all via the standard ROLLBACK, keyed to the real record id.
  • Identifier resolutionupdate/delete accept a real id or a human identifier (code/name/…), resolved server-side.
  • STATUS.result — a COMMIT returns the SSOT result: entity{type,id,url} + ssot{system,read_after_write} + a compensation handle.
  • Reference Playgroundpip install nilscript[demo] && nilscript demo: chat to a live backend, watch propose→approve→commit→rollback in a real trace.

Quickstart

# 0.3.0 is on PyPI:
pip install "nilscript[cli]"

nilscript verbs                                  # the verb catalog from the standard
nilscript scaffold-shim --name my-nil-adapter    # a bootable shim skeleton for any backend
cd my-nil-adapter && pip install -e ".[dev]" && pytest   # red until you fill 3 files (by design)

Three files become yours — system.py (the one place I/O happens), translate.py (verb ⇄ native), compensation.py (reversibility). Everything else is generated and identical across adapters. Or just see it: nilscript demo boots the Playground. Full walkthrough: docs/contributing-an-adapter.md.

Command tour

nilscript is the toolkit for building and verifying adapters from the standard.

| Command | What it does | | --- | --- | | nilscript verbs | List the verb catalog from the standard. | | nilscript profile <verb> | Print a verb's arg-schema profile. | | nilscript export-openapi | Emit an OpenAPI 3.1 document for the six NIL endpoints. | | nilscript scaffold-shim --name <n> | Generate a bootable NIL shim skeleton for a backend. | | nilscript scan | Discover a system's hidden requirements → requirements-manifest.json. | | nilscript conformance-test --url <shim> --verb <v> | Run the conformance matrix against a live shim. | | nilscript demo | Launch the reference Playground (needs nilscript[demo]). |

How it works

NIL separates the neutral intent layer from backend reality. An agent speaks NIL to a thin edge; the edge translates to native calls; every write is two-step.

flowchart LR
    A[Agent / Speaker] -- NIL envelope --> E[Edge<br/>6 endpoints]
    E --> T[translate.py<br/>verb ⇄ native]
    T --> S[system.py<br/>the only I/O]
    S --> B[(Your backend)]
    M[requirements-manifest.json<br/>discovered once] -. pre-fills .-> E
    subgraph Safe write
      P[PROPOSE<br/>no side effects] --> C[APPROVE] --> X[COMMIT<br/>executes] --> R[ROLLBACK<br/>previews reversal]
    end

The two layers:

| Layer | Name | What it is | | --- | --- | --- | | Operations | NIL — Network Intent Layer | The wire contract: propose/answer/rollback, the envelope, grants, refusals, per-domain profiles. Seven performatives (SEQRD-PC: STATUS·EVENT·QUERY·ROLLBACK·DECIDE·PROPOSE·COMMIT) on the stable nil: "0.1" wire. | | Orchestration | nilscript DSL | A declarative, JSON, LLM-native language above NIL: an agent writes a program, a static validator admits it, a durable runtime executes it. |

The ecosystem

| Repo | Role | | --- | --- | | nilscript (this) | The kernel + canonical JSON schemas — CLI, generator, conformance engine, SDK, and the reference Playground. | | nilscript-protocol | The constitution (docs only) — NIL spec, the DSL guides, SEQRD-PC, governance. | | nil-adapter-template | The fork base authors use ("Use this template"). Red until filled. | | pocketbase-nil-adapter | First 🟢 Official Verified Adapter — a real, conformant PocketBase shim (17/17). |

Architecture & contribution: adapter-ecosystem-strategy.md · contributing-an-adapter.md.

Install

pip install nilscript          # the standard only (JSON + docs) — zero runtime deps
pip install nilscript[cli]     # + the adapter toolkit (scaffold-shim, scan, manifest)
pip install nilscript[sdk]     # + the Python SDK (httpx, pydantic)
pip install nilscript[demo]    # + the reference Playground (FastAPI + LiteLLM)

The standard is language-neutral JSON: a Go/TypeScript/Rust implementer reads the schemas in src/nilscript/nil/ and src/nilscript/dsl/ directly — no per-language package reserved (the OpenAPI / JSON-Schema model).

Where it stands

  • 0.3.0 — describe handshake, generic resource.* CRUD, synthesized reversibility, ROLLBACK.
  • 180 kernel tests green; pocketbase adapter 17/17 conformance; cross-repo parity gate in CI.
  • Safety proven on a published benchmark — InjecAgent, 4,216 evals, unauthorized writes via NIL = 0% (see the numbers).
  • Live proof — a real customer + invoice into a live ERPNext, from the standard alone; the reference Playground drives a live PocketBase end-to-end.
  • 🚧 Young open standard — not yet battle-tested at merchant scale. We lead with the proof, not traction claims.
  • 🚧 PyPI publish staged; install from source for 0.3.0 until it lands.

Contributing & community

License

Dual-licensed by artifact class: CC BY 4.0 for specification text, Apache 2.0 for schemas, conformance vectors, and SDK code. See LICENSE.

nilscript.org · a neutral standard, openly governed · try it live →