Security Layer

Packages

Monorepo package architecture and how each package fits together.

Security Layer is a Bun monorepo with six packages. Each package has a single responsibility and well-defined boundaries.

Architecture

Package overview

PackagenpmDescription
@securitylayerai/core@securitylayerai/coreSecurity engine — capabilities, taint, rules, pipeline, normalization
@securitylayerai/rules@securitylayerai/rulesBaseline rules and capability templates (YAML)
@securitylayerai/adapters@securitylayerai/adaptersAgent protocol adapters (OpenClaw, generic)
@securitylayerai/proxy@securitylayerai/proxyWebSocket security proxy between clients and agent gateway
@securitylayerai/sdk@securitylayerai/sdkTypeScript SDK for in-process security checks
securitylayersecuritylayerCLI — user-facing commands, setup, hooks

Dependency graph

Key constraints:

  • core has zero internal dependencies — it's the foundation
  • rules is data-only — YAML files with a thin loader, no dependency on core at runtime
  • adapters is standalone — defines the interface and implementations for agent protocols
  • proxy depends on adapters for frame parsing
  • sdk depends on core for the security pipeline

Development

# Install all dependencies
bun install

# Run all tests
bun run test

# Run tests for a specific package
bun run test --filter=@securitylayerai/core

# Type-check everything
bun run typecheck

Core

Security engine, pipeline, capabilities, taint tracking.

Rules

Baseline rules and capability templates.

Adapters

Agent protocol adapters for frame parsing.

Proxy

WebSocket security proxy for agent gateways.

SDK

TypeScript SDK for in-process security checks.

completions

Output shell completion scripts.

Core

The security engine — capabilities, taint, rules, pipeline, and normalization.

On this page

ArchitecturePackage overviewDependency graphDevelopment