Skip to content

gadicc/safedev

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
docs
docs
 
 
.gitignore
.gitignore
 
 
AGENTS.md
AGENTS.md
 
 
README.md
README.md
 
 

Repository files navigation

safedev

DX-first local development environments with safer defaults for secrets, dependencies, services, and coding agents.

safedev aims to make the safer path feel like the easy path:

sd init
sd install
sd dev
sd test
sd db shell
sd explain

The full command will be safedev; sd is the short alias.

What We Solve

Modern JS/TS development often runs project dependencies with broad access to:

  • the developer's home directory
  • global shell environment variables
  • package-manager caches
  • local databases and service credentials
  • coding-agent command execution

Blocking install scripts is useful, but it does not stop poisoned code that runs during dev, test, or build. safedev reduces that blast radius without asking developers to manually manage containers, ports, TLS, databases, and cache volumes.

How We Solve It

safedev wraps common project workflows with explicit capability profiles:

  • sd install, sd add, sd update: dependency acquisition profile with package cache writes and registry access.
  • sd dev, sd test, sd build: dependency execution profile with narrow env, mounts, and network.
  • sd db ...: per-project service lifecycle with generated dev credentials.
  • sd explain: shows what the current project can read, write, run, and reach.

The default runtime target is rootless Podman. Trusted or simple projects can use native mode, especially Deno libraries and CLIs.

Design Priorities

  • DX first: one command should replace container, port, TLS, and DB ceremony.
  • Honest safety: safer defaults, not malware-proof guarantees.
  • Explainable policy: users should see what each command is allowed to do.
  • Fast enough by default: named volumes for package stores, node_modules, DBs, and caches.
  • Agent-aware: commands should be safe and predictable for coding agents as well as humans.
  • Dependency restraint: Deno std first, small focused dependencies only.

Planned Features

  • Deno + TypeScript CLI, likely using Cliffy for command structure.
  • Rootless Podman project containers.
  • Native Deno command mode with permission profiles.
  • Per-project Postgres and Redis service support.
  • Caddy-based local HTTPS routing for stable hostnames.
  • pnpm-first package-manager integration.
  • Generated per-project env and service credentials.
  • .local/ scratch space hidden from app containers by default.
  • Threat model and risk warnings for unsafe escape hatches.

See docs/design.md, docs/threat-model.md, docs/mvp.md, and docs/prior-art.md for the current plan.

About

DX-first local development environments with safer defaults for secrets, dependencies, services, and coding agents [WIP]

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors