🚀 Socket Launch Week Day 4:Socket MCP Adds Org Alerts, Threat Feed Review, and Package Inspection.Learn more
Sign In

@filepad/guardian

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@filepad/guardian

Filepad Guardian — local evidence reporter for Active Contracts. Runs checks, captures provenance, reports evidence to Filepad.

latest
Source
npmnpm
Version
0.1.1
Version published
Maintainers
1
Created
Source

@filepad/guardian

Filepad Guardian is the local repo-runtime verifier for Active Contracts.

It runs inside an explicit external execution target, such as an agent's local repository, a CI checkout, or a sandbox checkout. It does not belong in the Filepad product backend.

Install

npm install -g @filepad/guardian

or run it without a global install:

npx -y @filepad/guardian@latest --help

Required Environment

Guardian reports evidence through Agent Access credentials:

export FILEPAD_BASE_URL=https://api.filepad.ai
export FILEPAD_WORKSPACE_ID=ws_...
export FILEPAD_AGENT_KEY_ID=ik_...
export FILEPAD_AGENT_SECRET=...

The credentials must be issued for the workspace and execution target that the agent is working against. Generic MCP agents should not self-declare trusted Guardian evidence.

Commands

filepad-guardian status
filepad-guardian contract status --contract-id ac_...
filepad-guardian run --contract-id ac_... --check-id backend_typecheck
filepad-guardian run --contract-id ac_... --check-id backend_tests -- pnpm test
filepad-guardian report --contract-id ac_... --json evidence.json
filepad-guardian soundness --contract-id ac_... --repo-root .
filepad-guardian watch --contract-id ac_... --repo-root . --rerun manual

Boundary

Guardian owns repo-runtime work:

  • contract check execution
  • command execution
  • file existence checks
  • source repo search
  • local git provenance capture
  • watcher-driven reruns
  • contract runner behavior
  • optional repo analyzer behavior such as TypeScript symbol, AST, and static soundness checks

Filepad owns the coordination plane:

  • workspaces
  • docs and artifacts
  • contracts as user-visible agreements
  • evidence storage
  • status projection from stored evidence
  • OAuth, MCP, billing, and audit views

The Filepad backend must not import Guardian or use its own runtime filesystem as a customer repository.

Package Proofs

Before publishing, this package must pass:

pnpm -C packages/guardian typecheck
pnpm -C packages/guardian test
pnpm -C packages/guardian pack:check

The test suite includes an empty-project install smoke test. It packs Guardian, installs the tarball into a temporary project, and verifies that the filepad-guardian binary runs from node_modules/.bin.

Keywords

filepad
guardian
active-contracts
evidence
agent
accountability

FAQs

Package last updated on 16 May 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket MCP Adds Org Alerts, Threat Feed Review, and Package Inspection

Product

Socket MCP Adds Org Alerts, Threat Feed Review, and Package Inspection

Socket MCP now lets AI assistants review org alerts, investigate threats using the Socket threat feed, and inspect package files in addition to dependency scoring.

By John Tuckner  -  Jun 18, 2026