The project provides small SDKs (TypeScript, Python, Java) for building systems where identities, credentials, sessions, and access artifacts are time-bound by default and automatically invalidated.
This grew out of building a privacy-focused ephemeral browsing system, where we found that deletion + forced teardown often reduced risk more effectively than encryption alone in certain threat models.
Current features focus on: -Explicit TTL semantics for security artifacts -Deterministic expiration and teardown hooks -Language-agnostic design (same model across TS / Python / JVM) -Alignment with common threat-modeling practices (short blast radius, no silent persistence)
Repos / packages: GitHub: https://github.com/akshat666/ephemeral-first-security-framew... npm: https://www.npmjs.com/package/@efsf/typescript PyPI: https://pypi.org/project/efsf/
This is early but stable. I’d really appreciate feedback on: -Whether “ephemeral-first” is a useful abstraction in real systems -Where this breaks down in practice -What you’d want to see to adopt something like this
Happy to answer questions or discuss trade-offs.