@atrib/action-gate 0.0.1 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +10 -38
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -1,48 +1,20 @@
|
|
|
1
1
|
# @atrib/action-gate
|
|
2
2
|
|
|
3
|
-
`@atrib/action-gate` signs policy decisions and outcomes
|
|
4
|
-
|
|
3
|
+
`@atrib/action-gate` signs policy decisions and outcomes for actions a host
|
|
4
|
+
needs to check before execution.
|
|
5
5
|
|
|
6
6
|
Use it when a host already knows where an action boundary is: browser
|
|
7
7
|
automation, computer use, support tooling, payment workflows, admin changes, or
|
|
8
8
|
production writes. The host owns policy, identity, approval UI, and execution.
|
|
9
|
-
|
|
9
|
+
atrib records what the host decided and what happened next.
|
|
10
10
|
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
## Release state
|
|
17
|
-
|
|
18
|
-
`@atrib/action-gate` is a publish target, but the package has not been created
|
|
19
|
-
on npm yet. Use the workspace dependency or a packed tarball until the manual
|
|
20
|
-
first publish creates version `0.0.1`. Later releases use npm Trusted Publisher
|
|
21
|
-
through `.github/workflows/release.yml`.
|
|
11
|
+
Use the signed hashes when follow-up work needs a stable reference to the same
|
|
12
|
+
action. A browser click, desktop action, support reply, admin change, or
|
|
13
|
+
payment-impacting step can move through recall, handoff, review, or verifier
|
|
14
|
+
workflows without exposing raw runtime payloads in public records.
|
|
22
15
|
|
|
23
16
|
## Install
|
|
24
17
|
|
|
25
|
-
Inside the monorepo, depend on the workspace package:
|
|
26
|
-
|
|
27
|
-
```json
|
|
28
|
-
"@atrib/action-gate": "workspace:*"
|
|
29
|
-
```
|
|
30
|
-
|
|
31
|
-
Before the first npm publish, test the packed tarball from a clean temp project:
|
|
32
|
-
|
|
33
|
-
```bash
|
|
34
|
-
npx -y pnpm@9.15.4 --filter @atrib/action-gate build
|
|
35
|
-
cd packages/action-gate
|
|
36
|
-
tarball=$(npx -y pnpm@9.15.4 --silent pack --pack-destination /tmp | tail -n 1)
|
|
37
|
-
tmpdir=$(mktemp -d)
|
|
38
|
-
cd "$tmpdir"
|
|
39
|
-
npm init -y
|
|
40
|
-
npm install "$tarball"
|
|
41
|
-
node --input-type=module -e "import('@atrib/action-gate').then((m) => console.log(Object.keys(m).sort()))"
|
|
42
|
-
```
|
|
43
|
-
|
|
44
|
-
After the first npm release:
|
|
45
|
-
|
|
46
18
|
```bash
|
|
47
19
|
pnpm add @atrib/action-gate
|
|
48
20
|
```
|
|
@@ -114,15 +86,15 @@ not run. If an allowed action body throws, the package signs an
|
|
|
114
86
|
## Boundary
|
|
115
87
|
|
|
116
88
|
This package does not issue authorization, run a browser, store raw session
|
|
117
|
-
data, or replace a host policy engine. It gives hosts a small
|
|
89
|
+
data, or replace a host policy engine. It gives hosts a small action-gate
|
|
118
90
|
contract:
|
|
119
91
|
|
|
120
92
|
1. propose an action;
|
|
121
93
|
2. evaluate policy before execution;
|
|
122
94
|
3. run only when allowed;
|
|
123
95
|
4. sign the decision and outcome;
|
|
124
|
-
5. pass the accepted record hashes
|
|
125
|
-
|
|
96
|
+
5. pass the accepted record hashes into recall, handoff, review, verifier, or
|
|
97
|
+
proof-packet workflows.
|
|
126
98
|
|
|
127
99
|
Browserbase, Stagehand, browser-use, Playwright, OpenAI Computer Use, hosted
|
|
128
100
|
desktop runtimes, and support tools can keep their own automation layer while
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@atrib/action-gate",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.3",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"types": "./dist/index.d.ts",
|
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
"files": [
|
|
14
14
|
"dist"
|
|
15
15
|
],
|
|
16
|
-
"description": "Host-owned action gate helpers for
|
|
16
|
+
"description": "Host-owned action gate helpers for atrib's verifiable action layer. Signs policy decisions and outcomes before high-impact agent actions run.",
|
|
17
17
|
"author": "atrib <hello@atrib.dev>",
|
|
18
18
|
"license": "Apache-2.0",
|
|
19
19
|
"homepage": "https://atrib.dev",
|