@atrib/action-gate 0.0.1 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +10 -38
  2. package/package.json +2 -2
package/README.md CHANGED
@@ -1,48 +1,20 @@
1
1
  # @atrib/action-gate
2
2
 
3
- `@atrib/action-gate` signs policy decisions and outcomes around high-impact
4
- agent actions before the action body runs.
3
+ `@atrib/action-gate` signs policy decisions and outcomes for actions a host
4
+ needs to check before execution.
5
5
 
6
6
  Use it when a host already knows where an action boundary is: browser
7
7
  automation, computer use, support tooling, payment workflows, admin changes, or
8
8
  production writes. The host owns policy, identity, approval UI, and execution.
9
- Atrib records what the host decided and what happened next.
9
+ atrib records what the host decided and what happened next.
10
10
 
11
- The core use case is an action that must outlive the session that proposed it.
12
- One browser or computer-use run can sign the proposed action, policy decision,
13
- and outcome. A later session, a different agent, or a reviewer team can accept
14
- those hashes as verifiable context before continuing work.
15
-
16
- ## Release state
17
-
18
- `@atrib/action-gate` is a publish target, but the package has not been created
19
- on npm yet. Use the workspace dependency or a packed tarball until the manual
20
- first publish creates version `0.0.1`. Later releases use npm Trusted Publisher
21
- through `.github/workflows/release.yml`.
11
+ Use the signed hashes when follow-up work needs a stable reference to the same
12
+ action. A browser click, desktop action, support reply, admin change, or
13
+ payment-impacting step can move through recall, handoff, review, or verifier
14
+ workflows without exposing raw runtime payloads in public records.
22
15
 
23
16
  ## Install
24
17
 
25
- Inside the monorepo, depend on the workspace package:
26
-
27
- ```json
28
- "@atrib/action-gate": "workspace:*"
29
- ```
30
-
31
- Before the first npm publish, test the packed tarball from a clean temp project:
32
-
33
- ```bash
34
- npx -y pnpm@9.15.4 --filter @atrib/action-gate build
35
- cd packages/action-gate
36
- tarball=$(npx -y pnpm@9.15.4 --silent pack --pack-destination /tmp | tail -n 1)
37
- tmpdir=$(mktemp -d)
38
- cd "$tmpdir"
39
- npm init -y
40
- npm install "$tarball"
41
- node --input-type=module -e "import('@atrib/action-gate').then((m) => console.log(Object.keys(m).sort()))"
42
- ```
43
-
44
- After the first npm release:
45
-
46
18
  ```bash
47
19
  pnpm add @atrib/action-gate
48
20
  ```
@@ -114,15 +86,15 @@ not run. If an allowed action body throws, the package signs an
114
86
  ## Boundary
115
87
 
116
88
  This package does not issue authorization, run a browser, store raw session
117
- data, or replace a host policy engine. It gives hosts a small control/proof
89
+ data, or replace a host policy engine. It gives hosts a small action-gate
118
90
  contract:
119
91
 
120
92
  1. propose an action;
121
93
  2. evaluate policy before execution;
122
94
  3. run only when allowed;
123
95
  4. sign the decision and outcome;
124
- 5. pass the accepted record hashes to a later session, another agent, a reviewer
125
- team, or a proof packet.
96
+ 5. pass the accepted record hashes into recall, handoff, review, verifier, or
97
+ proof-packet workflows.
126
98
 
127
99
  Browserbase, Stagehand, browser-use, Playwright, OpenAI Computer Use, hosted
128
100
  desktop runtimes, and support tools can keep their own automation layer while
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@atrib/action-gate",
3
- "version": "0.0.1",
3
+ "version": "0.0.3",
4
4
  "type": "module",
5
5
  "main": "./dist/index.js",
6
6
  "types": "./dist/index.d.ts",
@@ -13,7 +13,7 @@
13
13
  "files": [
14
14
  "dist"
15
15
  ],
16
- "description": "Host-owned action gate helpers for Atrib's verifiable action layer. Signs policy decisions and outcomes before high-impact agent actions run.",
16
+ "description": "Host-owned action gate helpers for atrib's verifiable action layer. Signs policy decisions and outcomes before high-impact agent actions run.",
17
17
  "author": "atrib <hello@atrib.dev>",
18
18
  "license": "Apache-2.0",
19
19
  "homepage": "https://atrib.dev",