npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

rot-balance

v0.3.0

Published

AI-driven workflow orchestration with transactional safety — multi-model, multi-SaaS, zero-knowledge security

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

arbadearbade

Keywords

aiagentorchestrationllmmulti-modelrollbacktransactionalworkflowkey-rotationdevopssecurity

Readme

rot-balance

AI-driven workflow orchestration with transactional safety.

npm License: MIT

rot-balance orchestrates multi-step workflows across cloud providers and SaaS platforms using AI. If anything fails mid-workflow, it automatically rolls back every completed step in reverse order — like a database transaction, but for your entire infrastructure.

Install

npm install -g rot-balance

Requirements: Node.js >= 20.0.0

What it does

BEGIN
  Step 1: AWS  -> create new access key        ok (rollback registered)
  Step 2: K8s  -> update secret                ok (rollback registered)
  Step 3: CI   -> update GitHub Actions secret  FAILED
ROLLBACK
  Undo Step 2: K8s  -> restore old secret      ok
  Undo Step 1: AWS  -> delete new key          ok
DONE -- zero drift, zero orphaned credentials

Every mutating step registers an undo function. On failure, the rollback engine unwinds completed steps in LIFO order.

Quick start

# Initialize
rot-balance init

# Scan infrastructure
rot-balance discover

# Plan with AI
rot-balance plan --goal "Rotate all AWS IAM keys older than 90 days"

# Execute
rot-balance apply

# Rollback if needed
rot-balance rollback

Core features

Transactional workflow engine

  • Plan, Approve, Execute, Verify cycle with automatic LIFO rollback
  • 9 security gates validate every step before execution
  • Crash-safe checkpointing persists state to disk
  • PID-based lock prevents concurrent execution

Cloud security audit (MITRE ATT&CK mapped)

Multi-account, multi-cloud threat detection across AWS, Azure, and GCP:

  • 60+ detection rules mapped to MITRE ATT&CK technique IDs
  • 8 threat categories: Identity, IAM Mutations, Defense Evasion, Data Exfiltration, Network Tampering, Resource Hijacking, Anomaly Detection, Service-Specific
  • Cross-account correlation (shared IPs, synchronized timing, failed federation)
  • False positive filtering (service-linked roles, CI/CD, IaC, SCP denials)
  • Remediation commands for every finding
  • Slack and Microsoft Teams notifications
  • Verdict system: CLEAN / SUSPICIOUS / COMPROMISED
rot-balance agent --workflow cloud-security-audit

Infrastructure diagrams

Scans cloud resources and generates architecture diagrams with official provider icons:

  • AWS: mxgraph.aws4.* stencils (EC2, RDS, Lambda, S3, ALB, VPC groups)
  • Azure: img/lib/azure2/* SVG icons (VMs, SQL, AKS, Functions, Storage)
  • GCP: mxgraph.gcp2.* hex icons (Compute Engine, Cloud SQL, GKE)
  • Output: draw.io XML (.drawio) + Mermaid text (.mmd)
  • 15 automated security observation checks during discovery
rot-balance agent --workflow infra-scan

GDPR compliance scanner

116 checks across 13 domains mapped against EU Regulation 2016/679:

  • Auto (24 checks): fully autonomous scanning
  • Hybrid (28 checks): AI-assisted evaluation
  • Interview (64 checks): guided human attestation
  • Weighted scoring with grades A through F
  • PDF report generation
rot-balance plan --goal "Run a full GDPR compliance audit"

13 AI engine adapters

Supports Anthropic (Claude), OpenAI (GPT-4o), Google (Gemini), Azure OpenAI, AWS Bedrock, Mistral, Cohere, Groq, DeepSeek, xAI (Grok), Ollama (local), OpenRouter, and CLI Bridge. Automatic fallback chains with configurable depth up to 10.

11 SaaS plugins (131 actions)

AWS, GitHub, Slack, Kubernetes, GCP, Azure, Jira, Linear, Bitbucket, GitLab, and Privacy Crawler. Every mutating action registers a rollback function.

Zero-knowledge security

import { SecretBox } from "@rot-balance/core";

const secret = new SecretBox("sk-ant-api03-...");
console.log(secret);          // SecretBox [REDACTED]
JSON.stringify({ key: secret }); // {"key":"[REDACTED]"}
secret.unwrap();               // "sk-ant-api03-..." (explicit only)

CLI reference

rot-balance <command> [options]

  init          Initialize configuration        --yes --plugins --engine --ide
  discover      Scan providers for resources     --providers --output --json
  plan          Generate execution plan          --goal --template --engine --model
  apply         Execute plan                     --plan --dry-run --auto-approve
  status        Show execution state
  rollback      Undo completed steps             --run-id --auto-approve
  agent         Launch interactive AI agent       --workflow --agent --goal

Skills & agents

8 composable skills with checkpoint-driven interaction:

| Skill | Purpose | |---|---| | cloud-security-audit | MITRE ATT&CK threat detection, 60+ rules, cross-account correlation | | infra-scan | Architecture diagrams with official cloud icons, 15 security checks | | gdpr-audit | Full GDPR audit, 116 checks, 13 domains | | gdpr-quick-check | Fast compliance check (~5 min) | | compliance-report | Generate compliance report from audit data | | key-rotation | Credential rotation with transactional rollback | | secret-sync | Synchronize secrets across providers | | security-audit | Encryption, access control, logging audit |

7 specialized AI agents: rot-master, cloud-sentinel, infra-mapper, key-guardian, crypto-auditor, gdpr-inspector, dpo-advisor.

IDE integration (MCP)

{
  "mcpServers": {
    "rot-balance": {
      "command": "npx",
      "args": ["@rot-balance/mcp-server"]
    }
  }
}

Works with Cursor, VS Code Copilot, JetBrains AI, and Claude Code.

Claude Code commands

/rot-balance:rot-master              # main menu
/rot-balance:cloud-security-audit    # MITRE ATT&CK cloud audit
/rot-balance:infra-scan              # architecture diagram
/rot-balance:gdpr-audit              # GDPR compliance
/rot-balance:key-rotation            # credential rotation

Configuration

version: "1"

ai:
  engine: anthropic
  model: claude-sonnet-4-20250514
  fallback:
    engine: openai
    model: gpt-4o

plugins:
  aws:
    credentials:
      accessKeyId: $AWS_ACCESS_KEY_ID
      secretAccessKey: $AWS_SECRET_ACCESS_KEY
  github:
    credentials:
      token: $GITHUB_TOKEN

policy:
  maxSteps: 20
  requireApproval: true
  allowedPlugins: [aws, github, slack, kubernetes]

Credentials are always $ENV_VAR references. Raw secrets are never stored in config files.

Programmatic usage

import { Orchestrator, SecretBox } from "@rot-balance/core";
import { AwsPlugin } from "@rot-balance/plugin-aws";
import { AnthropicAdapter } from "@rot-balance/ai-anthropic";

const orchestrator = new Orchestrator();
orchestrator.registerPlugin("aws", new AwsPlugin());
orchestrator.setAIEngine(new AnthropicAdapter());

const plan = await orchestrator.plan("Rotate deploy-bot AWS keys");
const result = await orchestrator.apply(plan);

Packages

All published under the @rot-balance scope:

| Package | Description | |---|---| | rot-balance | CLI tool | | @rot-balance/core | Core orchestration engine | | @rot-balance/mcp-server | MCP IDE integration | | @rot-balance/ai-* | 13 AI engine adapters | | @rot-balance/plugin-* | 11 SaaS plugins |

All packages on npm

License

MIT