npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

patchgate

v0.3.3

Published

Policy enforcement and rollback for AI agent code edits

Downloads

806

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

shivae372-hubshivae372-hub

Keywords

aipatchdiffagentcode-safetyllmpatchgatelangchainlanggraphclaudeopenaiagent-safety

Readme

PatchGate

CI npm License: MIT Node >=18

Policy enforcement and rollback for AI agent code edits.

PatchGate is an open patch approval + filesystem safety gate for AI agents.

The layer underneath Cursor, LangGraph, Claude tool use, OpenAI function calling, and autonomous coding pipelines.

The Problem

Every AI coding tool eventually needs to write changes to your filesystem.

Most tools just do it:

  • No policy enforcement
  • No preview
  • No rollback
  • No audit trail

One hallucination or prompt injection can overwrite your repo or leak secrets:

  • .env touched
  • src/ overwritten
  • ../../ traversal attacks
  • Absolute path writes

Git helps after the damage. PatchGate prevents the damage before it hits disk.

What PatchGate Is

PatchGate sits between your AI agent and your filesystem.

Instead of letting agents write files directly, agents output JSON patches:

  • Preview diffs before applying
  • Block dangerous paths (.env, secrets, traversal)
  • Apply changes safely (atomic writes)
  • Save rollback snapshots
  • Log everything for audit

PatchGate vs Cursor / Copilot

Cursor protects inside the editor.

PatchGate protects at the filesystem boundary.

Even if the agent runs headless in CI, or as an autonomous runtime, PatchGate still enforces safety policies before anything touches disk.

Demo

patchgate apply examples/demo-patch.json

🔍 PatchGate — Applying 3 patch(es)

── Planned Changes ───────────────────────────────
[~] UPDATE  src/utils.ts
[+] CREATE  src/helpers/format.ts
[~] UPDATE  .env

Apply these changes? [y/N] y

🚫 Blocked by policy:
   .env — Blocked by policy pattern ".env"

✅ Applied:
   src/utils.ts
   src/helpers/format.ts

💾 Snapshot saved: .patchgate/snapshots/patchgate-snapshot-xxx
   To undo: patchgate rollback ".patchgate/snapshots/patchgate-snapshot-xxx"

✓ Done.

The .env file was never touched. Everything is logged.

Install

npm install patchgate

CLI usage:

npx patchgate --help

Or global install:

npm install -g patchgate

Usage

As a Library (inside your agent)

import { run } from "patchgate";

const result = await run({
  source: "my-agent",
  patches: [
    {
      op: "update",
      path: "src/index.ts",
      content: "// new content from AI",
      reason: "Fix null pointer exception"
    }
  ]
});

console.log(result.applied);
console.log(result.blocked);

As a CLI

patchgate preview my-patch.json
patchgate apply my-patch.json
patchgate rollback .patchgate/snapshots/patchgate-snapshot-xxx
patchgate history

OpenAI Adapter (NEW)

PatchGate ships with a drop-in OpenAI function calling adapter.

  • Safe filesystem tools for OpenAI agents
  • Blocks secrets and traversal
  • Adds rollback + audit logging

Full documentation:

OPENAI_ADAPTER.md

Example:

examples/openai-adapter-demo.ts

Patch Format

{
  "source": "my-agent",
  "patches": [
    { "op": "create", "path": "src/new.ts", "content": "..." },
    { "op": "update", "path": "src/existing.ts", "content": "..." },
    { "op": "delete", "path": "src/old.ts" },
    { "op": "rename", "path": "src/a.ts", "newPath": "src/b.ts" }
  ]
}

Any AI agent that outputs JSON can use PatchGate.

Configuration

Create patchgate.config.json:

{
  "blocklist": [
    ".env",
    ".env.*",
    "*.pem",
    "*.key",
    "node_modules/**",
    ".git/**"
  ],
  "requireApproval": true,
  "enableSnapshot": true
}

Audit Log

Every apply is recorded in:

.patchgate/audit.log

Example entry:

{"timestamp":"2026-02-17T10:23:01Z","source":"claude","totalPatches":3,"applied":["src/utils.ts"],"blocked":[{"path":".env","reason":"Blocked by policy pattern \".env\""}]}

Status

| Component | Status | | ------------------- | --------- | | Core patch engine | ✅ Stable | | Policy enforcement | ✅ Stable | | Atomic writes | ✅ Stable | | Snapshot + rollback | ✅ Stable | | Audit logging | ✅ Stable | | CLI | ✅ Stable | | OpenAI adapter | ✅ Stable | | LangGraph adapter | 🔜 Coming | | Claude adapter | 🔜 Coming |

License

MIT

PatchGate = the open safety primitive for AI filesystem writes.