Skip to content

selfradiance/SecretBoundary

BranchesTags

Repository files navigation

SecretBoundary

SecretBoundary is a narrow local TypeScript CLI that decides whether one outbound webhook-style payload crosses a configured secret boundary before execution.

v0.1.0 is intentionally small:

  • local CLI only
  • TypeScript on Node.js 20+
  • deterministic evaluation only
  • request JSON + policy JSON in, allow/deny decision out
  • readable terminal output plus a machine-readable JSON artifact

It is intentionally not:

  • enterprise DLP
  • a network proxy or server
  • a repo scanner
  • a prompt scanner
  • a sandbox
  • a GitHub integration
  • an MCP integration
  • an AgentGate integration
  • an LLM-based evaluator

Scope

The first proof surface is one outbound tool action only:

  • send_webhook

Request shape stays narrow:

  • actor
  • tool
  • method
  • url
  • headers
  • body
  • purpose

Policy shape stays narrow and deterministic:

  • allowedTools
  • allowedHostnames
  • blockedHostnames
  • blockedHeaderNames
  • blockedBodyPatterns
  • blockedExactValues
  • secretDetectors
  • allowedPurposes
  • defaultDecision

Install

npm install

Build

npm run build

Usage

node dist/cli.js \
  --request fixtures/requests/allow.json \
  --policy fixtures/policies/default.json

Optional artifact path:

node dist/cli.js \
  --request fixtures/requests/allow.json \
  --policy fixtures/policies/default.json \
  --artifact ./tmp/decision.json

Exit codes:

  • 0 allow
  • 1 deny
  • 2 usage, validation, or runtime error

Evaluation Rules

Evaluation is deterministic and ordered:

  1. blocked hostname
  2. blocked header name
  3. blocked exact value in the outbound payload
  4. configured secret detector hit in the outbound payload
  5. blocked body pattern hit against the canonical JSON body
  6. missing allow coverage for tool
  7. missing allow coverage for purpose
  8. missing allow coverage for hostname
  9. allow

Blocked rules win before allow rules. If no allow rule covers the request, the decision falls back to defaultDecision, which is deny in this version.

blockedBodyPatterns are JavaScript regular expression sources compiled with the Unicode flag only. secretDetectors currently support:

  • aws_access_key_id
  • github_pat
  • openai_api_key
  • pem_private_key
  • slack_webhook

Fixtures

Sample fixtures live in fixtures/:

  • allow path
  • blocked header deny path
  • detected secret deny path
  • default deny for an unlisted hostname

Development

npm run test
npm run typecheck
npm run build

About

No description or website provided.

Topics

nodejs cli typescript secret-management deterministic ai-agents ai-security policy-enforcement zod send-webhook credential-security agent-security agent-governance webhook-security tool-governance pre-execution

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 — Deterministic Secret-Boundary Gate for Outbound Webhook Payloads Latest
Apr 21, 2026

Packages

 
 
 

Contributors

Languages