npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

safepropel

v1.4.7

Published

SafePropel Framework - Hybrid Security Model: Encrypted Workflows + Transparent Rules & Templates with Dynamic Loading

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

charan6366charan6366

Keywords

aiworkflowautomationsecurityprompt-protectionclidevopscicdinfrastructuretesting

Readme

SafePropel Framework

Unified Protection System for AI Workflow Execution with 4-layer security architecture.

Features

  • 4-Layer Security Architecture for Workflows

    • Approach 1: Workflow Compilation (binary format)
    • Approach 2: Encryption (AES-256-GCM)
    • Approach 3: Runtime Prompt Engine (access control)
    • Approach 4: Prompt Firewall (injection/extraction protection)

  • Hybrid Security Model

    • Workflows: Encrypted and protected in binary bundle
    • Rules & Templates: Unencrypted in user directory for flexibility and transparency

  • 35+ Built-in Workflows

    • Specification & Requirements (create-spec, create-user-stories, create-epics)
    • Architecture & Design (design-architecture, design-model)
    • Development Planning (plan-development-tasks, plan-unit-test, plan-bug-resolution)
    • DevOps & Infrastructure (plan-cicd-pipeline, plan-cloud-infrastructure, create-iac)
    • Testing & Validation (create-test-plan, generate-playwright-scripts, validation-agent)
    • Code Review & Quality (review-code, review-devops-security, analyze-codebase)
    • Agent Orchestration (discovery-agent, backlog-agent, build-feature-agent, bug-fixing-agent)

Installation

Install SafePropel in your project directory:

cd /path/to/your/project
npm install safepropel

What happens during installation:

  1. Package installs to node_modules/safepropel/
  2. Postinstall script automatically copies framework to ./safepropel/
  3. Your project is ready for Cascade IDE

Resulting structure:

your-project/
├── .windsurf/               # Cascade integration (at root!)
│   └── rules/
│       └── safepropel-framework-autoload.md
│       └── (37 rule files - unencrypted)
├── .propel/                 # Templates (at root!)
│   └── templates/
│       └── (26 template files - unencrypted)
├── .windsurfrules           # Cascade integration (at root!)
├── safepropel/              # Framework files
│   ├── engine/
│   │   └── prompt_bundle.enc  (encrypted workflows only)
│   └── safepropel.js
├── node_modules/
│   └── safepropel/          # npm package
└── (your project files)

Usage in Cascade IDE

After installation, use workflows directly in Cascade chat:

#create-spec health_brd.txt
#design-architecture
#plan-development-tasks

How it works:

  • Cascade automatically loads encrypted workflows from ./safepropel/engine/prompt_bundle.enc
  • Framework rules (37 files) in .windsurf/rules/ guide Cascade behavior
  • Templates (26 files) in .propel/templates/ define output structure
  • All 35+ workflows execute with full AI integration
  • Workflow content remains encrypted and protected
  • Rules and templates are transparent and customizable

💡 Automatic IDE Configuration

The postinstall script automatically creates .vscode/settings.json to hide the node_modules/ folder in VS Code/Windsurf. This prevents confusion from seeing files in both safepropel/ and node_modules/safepropel/.

What you'll see:

  • safepropel/ - Working files
  • .windsurf/ - Cascade integration
  • .windsurfrules - Cascade integration
  • node_modules/ - Hidden automatically

Note: This is standard npm behavior - the package must exist in node_modules/, and the postinstall script copies working files to your project root for Cascade to use.

Setup (Required)

After installation, set your license key as an environment variable:

Windows PowerShell

# Session-scoped (RECOMMENDED - like npm login)
# Set once, use for entire terminal session, auto-clears on close
$env:SAFEPROPEL_LICENSE_KEY = "Pr0p3l-S3cur3-K3y-2026!@#"

# Permanent (optional - survives terminal restart)
[System.Environment]::SetEnvironmentVariable('SAFEPROPEL_LICENSE_KEY', 'Pr0p3l-S3cur3-K3y-2026!@#', 'User')

Note: Session-scoped is recommended for security. Key is automatically cleared when you close the terminal.

Windows CMD

# Session-scoped only
set SAFEPROPEL_LICENSE_KEY=Pr0p3l-S3cur3-K3y-2026!@#

Linux/Mac

# Session-scoped (RECOMMENDED)
export SAFEPROPEL_LICENSE_KEY="Pr0p3l-S3cur3-K3y-2026!@#"

# Permanent (optional - add to ~/.bashrc or ~/.zshrc)
echo 'export SAFEPROPEL_LICENSE_KEY="Pr0p3l-S3cur3-K3y-2026!@#"' >> ~/.bashrc
source ~/.bashrc

Quick Start

Verification

# Verify installation
ls safepropel/

# Check bundle exists
ls safepropel/engine/prompt_bundle.enc

Alternative: Pass License Key Directly

If you prefer not to set environment variable:

safepropel create-spec BRD.txt --license-key=your-key-here

Custom Bundle Path

# Via command line
safepropel create-spec BRD.txt --bundle=./custom/bundle.enc

# Via environment variable
export SAFEPROPEL_BUNDLE_PATH=./custom/bundle.enc
safepropel create-spec BRD.txt

Available Workflows

Specification & Requirements

  • create-spec - Generate functional requirements from feature specifications
  • create-figma-spec - Generate UX requirements and screen specifications
  • create-user-stories - Generate detailed user stories from epics
  • create-epics - Generate epic decomposition from specifications
  • create-project-plan - Generate comprehensive project plan
  • create-sprint-plan - Generate sprint plan with dependency mapping

Architecture & Design

  • design-architecture - Generate architecture design documents
  • design-model - Generate UML diagrams and architectural models
  • analyze-codebase - Comprehensive codebase analysis
  • analyze-implementation - Review completed code changes
  • analyze-ux - UI/UX analysis with Playwright automation

Development Planning

  • plan-development-tasks - Generate implementation tasks
  • plan-unit-test - Generate unit test plans
  • plan-bug-resolution - Bug triage and resolution planning
  • implement-tasks - Execute development tasks

DevOps & Infrastructure

  • plan-cicd-pipeline - Design CI/CD pipeline architecture
  • plan-cloud-infrastructure - Generate infrastructure specifications
  • create-iac - Generate Terraform Infrastructure as Code
  • create-pipeline-scripts - Generate CI/CD pipeline scripts
  • devops-agent - Orchestrate DevOps phase

Testing & Validation

  • create-test-plan - Generate comprehensive test plans
  • create-automation-test - Create test workflow specifications
  • generate-playwright-scripts - Generate Playwright automation scripts
  • validation-agent - Orchestrate test automation

Code Review & Quality

  • review-code - Comprehensive code review
  • review-devops-security - Security review of DevOps artifacts
  • pull-request - Create pull requests with validation

Prototyping & Design

  • build-prototype - Transform business hypotheses into prototypes
  • generate-figma - Generate Figma artifacts
  • generate-wireframe - Generate wireframes from requirements

Agent Orchestration

  • discovery-agent - Orchestrate technical discovery
  • backlog-agent - Transform specs into backlog
  • build-feature-agent - Orchestrate implementation phase
  • bug-fixing-agent - Orchestrate bug resolution

Evaluation

  • evaluate-output - Validate workflow outputs

CLI Usage

Interactive Mode (Human-Readable)

# Run workflow with human-readable output
node safepropel/safepropel.js create-spec BRD.txt

# Or if installed globally
safepropel create-spec BRD.txt

This mode shows:

  • Detailed execution progress
  • Security metrics
  • Bundle information
  • Output file locations

Programmatic Mode (JSON Output)

For IDE integrations, automation scripts, or programmatic access:

# Add --json flag for machine-readable output
node safepropel/safepropel.js create-spec BRD.txt --json

JSON Response Structure:

{
  "success": true,
  "workflow": "create-spec",
  "inputFile": "BRD.txt",
  "outputFile": ".propel/context/docs/spec.md",
  "templatePaths": [".propel/templates/requirements-template.md"],
  "rulePaths": [".windsurf/rules/requirements-documentation.md"],
  "prompt": "<<< CONFIDENTIAL: Complete execution instructions >>>",
  "promptLength": 15000,
  "_security": {
    "workflow_confidential": true,
    "message": "Prompt contains decrypted workflow. Use for execution only."
  }
}

Security Note: The prompt field contains decrypted workflow instructions combined with templates, rules, and input. This is confidential intellectual property and should:

  • ✅ Be used for internal execution only
  • ✅ Guide automated generation processes
  • ❌ NEVER be displayed to end users
  • ❌ NEVER be logged to files or console
  • ❌ NEVER be exposed in error messages

CLI Options

# Specify license key inline
--license-key=YOUR_KEY_HERE

# Use custom bundle path
--bundle=./path/to/bundle.enc

# Get JSON output for programmatic use
--json

# Examples:
node safepropel/safepropel.js create-spec BRD.txt --json
node safepropel/safepropel.js design-architecture --license-key=mykey
node safepropel/safepropel.js review-code --bundle=./custom.enc --json

Environment Variables

  • SAFEPROPEL_LICENSE_KEY - License key for encrypted bundles
  • SAFEPROPEL_BUNDLE_PATH - Custom bundle path (default: ./engine/prompt_bundle.enc)

Security Features

Workflow Protection

  • Workflows never exposed in readable form
  • Binary compilation prevents reverse engineering
  • AES-256-GCM encryption for additional security
  • Runtime access control and audit logging
  • Rules and templates remain transparent for user control

Input Validation

  • Prompt injection detection and prevention
  • Extraction attempt blocking
  • Input sanitization with configurable strictness
  • Threat pattern recognition

Access Control

  • Controlled workflow access through runtime engine
  • Audit logging for all bundle accesses
  • License-based access for encrypted workflow bundles
  • Rules and templates accessible for customization

Output

Workflows generate output in .propel/context/docs/ directory with structured documentation following predefined templates.

Requirements

  • Node.js >= 14.0.0
  • No external dependencies (uses only Node.js built-in modules)

License

ISC

Support

For issues, questions, or feature requests, please contact the maintainer.