npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@autoworks-ai/autovault

v0.4.0

Published

AutoVault local capability library and MCP compatibility server

Downloads

268

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jgarturojgarturo

Keywords

mcpmodel-context-protocolclaudeclaude-codecursorcodexskillsagentautovault

Readme

AutoVault

SKILL.md files already move through GitHub repos, team docs, public indexes, Slack threads, and agent-written drafts. AutoVault gives those files one canonical home: validate them at admission time, sign what passes, track where they came from, and render the right view for each agent without maintaining forks by hand.

AutoVault is a Node/TypeScript capability library, CLI, and MCP server. It has local stdio and remote Streamable HTTP MCP entry points, both backed by the same filesystem vault and SQLite capability index.

It does not execute skills through the MCP server. The server validates and serves skill content; the host agent decides how to use that content inside its own tool sandbox. The separate user-invoked autovault skill <action> CLI can run signed bin: actions from installed skills, and that surface is documented under Security Model.

Docs and public site: https://autovault.dev

Why AutoVault

The SKILL.md format is intentionally plain. The hard part is everything around it:

  • Skill drift - the same skill gets copy-pasted into Claude Code, Codex, Cursor, and project folders with no upstream tracking.
  • Supply-chain risk - remote skill bytes should be treated like untrusted package contents until they pass a gate.
  • Duplicate explosion - agents can author near-identical skills unless new proposals are deduplicated before storage.
  • Platform mismatch - one agent says read, another says file_read, and a third expects a different filesystem tool name.
  • Scope leakage - local dev skills should not silently show up in prod or in another client's project.

AutoVault's answer is deliberately simple: keep one canonical skill folder, record provenance, sign the admitted content, and sync or serve agent-specific views from that source.

Quick Start

Requirements:

  • Node.js >=22.0.0
  • curl, tar, and npm
  • macOS 13+, Linux x64/arm64, or Windows through WSL2

Install the local vault:

curl -fsSL https://autovault.sh | sh
export PATH="$HOME/.autovault/bin:$PATH"
autovault --version
autovault doctor
autovault setup --review
autovault skill list

Install with Homebrew:

brew install autoworks-ai/tap/autovault
autovault setup

Install the packaged CLI/library directly from npm:

npm install -g @autoworks-ai/autovault
autovault setup --review
autovault doctor

Manual source install:

git clone https://github.com/autoworks-ai/autovault.git
cd autovault
npm ci
npm run build
node scripts/bootstrap-skills.mjs
node dist/cli.js doctor

The shell installer builds the app under ~/.autovault/app, preserves ~/.autovault as user-owned vault storage, installs the autovault CLI shim, and bootstraps bundled skills unless AUTOVAULT_NO_BOOTSTRAP=1 is set. By default it installs the latest stable release; set AUTOVAULT_REF=main only when you explicitly want the unreleased main branch.

What Ships Today

AutoVault supports:

  • local filesystem storage under AUTOVAULT_STORAGE_PATH
  • a SQLite capability index for callers, profiles, tool groups, aliases, context rules, and MCP servers
  • per-agent and tag-filtered profile symlink generation
  • vault-local skill transforms that render agent-specific variants without forking upstream SKILL.md
  • install, update, proposal, bulk-import, removal, resource-read, and drift-check workflows
  • source adapters for GitHub, agentskills, arbitrary HTTPS URLs, local bundles, and inline MCP-proposed content
  • three-tier deduplication for proposals
  • Ed25519 signatures and manifest checks for stored skills and executable resources
  • local stdio MCP and remote Streamable HTTP MCP at /mcp with OAuth-backed bearer auth

The npm package and Homebrew formula are live. The shell installer is still the easiest local bootstrap path because it provisions ~/.autovault, installs the CLI shim, and seeds bundled skills in one pass.

Distribution:

CLI Surface

The CLI is the local operator surface:

autovault add-local <path> [--source <provenance>] [--sync-profiles] [--link agent=/path/to/skills] [--json]
autovault remove <skill-name> [--discover|--no-discover] [--link agent=/path/to/skills] [--json]
autovault sync-profiles [--discover] [--link agent=/path/to/skills] [--json]
autovault profiles list [--json]
autovault setup [--json] [--review] [--advanced]
autovault doctor [skill-name] [--clean] [--repair] [--json]
autovault audit-repo --repo /path/to/repo [--format json|markdown]
autovault import-autohub --tool-filters /path/tool-filters.json [--mcp-servers /path/mcp-servers.json] [--reset] [--json]
autovault resolve --caller <id> --platform <name> [--channel <id>] --query <text> [--json]
autovault serve [--help]
autovault skill list [--json]
autovault skill search <query> [--top-k N] [--json]
autovault skill which <name> [<action>]
autovault skill <action> <name>

Human-readable output is the default. Use --json or --format json only for scripts and other machine consumers.

Common flows:

# Inspect vault health and integrity.
autovault doctor
autovault doctor --clean
autovault doctor --repair

# Import a local skill bundle through the same gate used by MCP installs.
autovault add-local ./path/to/your-skill --sync-profiles
autovault add-local ./path/to/your-skill/SKILL.md --sync-profiles
autovault add-local ./path/to/your-skill \
  --source https://github.com/org/repo/tree/main/skills/your-skill

# Search installed skills locally.
autovault skill search code-review --top-k 5

# Remove a vaulted skill and refresh managed profile links.
autovault remove skill-author

add-local accepts a bundle directory or a direct SKILL.md path. If --source is omitted, AutoVault records the normalized absolute bundle directory as local provenance; pass --source only when you want a repository URL or other canonical provenance string.

autovault setup is the first-run adoption wizard. It scans the vault, bundled skills, and discovered native roots such as ~/.claude/skills, ~/.codex/skills, and ~/.cursor/skills, then asks how to adopt each skill. Run it from a real terminal; without a TTY the installer defers setup and tells you to rerun the wizard manually.

MCP Tool Surface

MCP hosts can spawn the local stdio server with node dist/index.js, while remote clients connect to dist/remote.js at /mcp.

Registered tools:

  • get_skill - search by query or fetch by exact name, optionally rendering for an agent and including packaged resources.
  • add_skill - install a known skill from github, agentskills, url, or local.
  • propose_skill - submit newly authored SKILL.md bytes for validation, security scan, deduplication, signing, and storage.
  • bulk_import - import every immediate child directory containing a SKILL.md.
  • update_skill - refresh from the recorded source or replace from a new source, local bundle, or inline bytes.
  • delete_skill - remove an installed skill and its vault-local transforms, then refresh generated profiles.
  • check_updates - compare installed skills against upstream source state and report drift or transform-review work.

Tool handlers return plain objects. src/mcp/server.ts wraps and serializes them into the MCP content[0].text envelope. Remote mode applies an additional policy layer for scopes and skill visibility.

Library Surface

The source package exports the same helpers used by the CLI and MCP server:

  • resolveCapabilities() / resolve_capabilities()
  • syncProfiles() and discoverProfileRoots()
  • addSkill(), updateSkill(), deleteSkill(), installSkill(), addLocalSkill(), proposeSkill(), and bulkImport()
  • proposeSkillTransform(), listSkillTransforms(), removeSkillTransform(), and renderSkillForAgent()
  • auditRepo()
  • importAutohubCapabilities() / ensureAutohubSeeded()

Unknown callers fail closed. Register callers explicitly or map unknown users to a restricted caller such as guest.

Validation Gate

Every install, update, proposal, and bulk import runs through the same validation path:

  1. Repair and normalize frontmatter formatting.
  2. Parse YAML frontmatter with gray-matter.
  3. Validate schema with zod.
  4. Scan content against the denylist in scripts/security/patterns.json.
  5. Cross-check declared capabilities against observed behavior.
  6. Deduplicate exact, near-exact, and functionally similar proposals.
  7. Write the skill, source sidecar, signed manifest, and Ed25519 signature.

In strict mode (AUTOVAULT_SECURITY_STRICT=true, the default), denylist hits block writes. In non-strict mode they become warnings.

Storage Layout

Default storage is ~/.autovault; override it with AUTOVAULT_STORAGE_PATH.

$AUTOVAULT_STORAGE_PATH/
  autovault.sqlite             # capability index
  .signing-key.json            # Ed25519 keypair, mode 0600
  skills/
    <name>/
      SKILL.md
      .autovault-source.json   # source, hash, timestamps
      .autovault-signature     # detached Ed25519 signature, mode 0600
      .autovault-manifest      # signed manifest for declared resources/bin
      <resources...>
  transforms/
    <base-skill>/<transform>/
      TRANSFORM.md
      BASE_SKILL.md
      .autovault-transform.json
      .autovault-manifest
  rendered/
    <agent>/<skill>/            # generated variants
  profiles/
    <agent>/<skill-name> -> ../../skills/<skill-name> or ../../rendered/<agent>/<skill-name>
    <named-profile>/<skill-name> -> ../../skills/<skill-name> or ../../rendered/<agent>/<skill-name>
  profiles.config.json

Skills are plain files. Back them up like dotfiles:

tar -czf autovault-backup-$(date +%F).tgz -C "$HOME" .autovault

Skill Transforms

Transforms let a workspace or agent adjust a skill without editing the upstream SKILL.md. AutoVault stores the transform under the vault, appends transform instructions to the base skill at render time, applies declared capability metadata overrides, and materializes generated variants under rendered/.

Example TRANSFORM.md:

---
name: perplexity
base: research-skill
description: Use Perplexity instead of the default web search path.
targets:
  agents: [codex]
priority: 100
capability_overrides:
  network: true
  tools:
    add: [mcp__perplexity__search]
    remove: [web_search]
metadata:
  version: "1.0.0"
---

Use `mcp__perplexity__search` instead of `web_search` for research.

When the base skill changes, check_updates continues rendering the transform but returns transform_reviews with the pinned old base so the delta can be reviewed.

Remote Deploy

Remote mode is for a shared or managed vault. It serves Streamable HTTP MCP at /mcp, uses OAuth for client registration/login/token issuance, and stores the vault under the mounted AUTOVAULT_STORAGE_PATH.

npm run build
AUTOVAULT_MODE=remote \
AUTOVAULT_PUBLIC_URL=http://localhost:3000 \
[email protected] \
AUTOVAULT_ADMIN_PASSWORD=replace-with-a-long-random-password \
npm run start:remote

Docker:

[email protected] \
AUTOVAULT_ADMIN_PASSWORD=replace-with-a-long-random-password \
docker compose up --build

Remote mode cannot create symlinks on client machines. sync-profiles is local-only because a remote MCP server has no filesystem access to ~/.codex/skills, ~/.claude/skills, or other host roots. Remote clients should discover and read skills directly through get_skill.

Configuration

Runtime environment:

| Variable | Default | Purpose | | --- | --- | --- | | AUTOVAULT_MODE | local | local for stdio/library use, remote for HTTP MCP. | | AUTOVAULT_STORAGE_PATH | ~/.autovault | Root path for installed skills. | | AUTOVAULT_DB_PATH | $AUTOVAULT_STORAGE_PATH/autovault.sqlite | SQLite capability index. | | AUTOVAULT_PROFILE_LINKS | unset | Comma-separated agent=/skills/root links for profile sync. | | AUTOVAULT_PROFILE_CONFIG_PATH | $AUTOVAULT_STORAGE_PATH/profiles.config.json | Optional named profile config. | | AUTOVAULT_SKILL_INSTALL | prefer-autovault | Vendor routing: prefer-autovault, both, native, native-only, or off. | | AUTOVAULT_SECURITY_STRICT | true | Block denylist hits when true; warn when false. | | AUTOVAULT_SEARCH_MODE | text | Search backend. Metadata text search is the current implementation. | | AUTOVAULT_LOG_LEVEL | info | debug, info, warn, or error. | | AUTOVAULT_LOG_DIAGNOSTICS | unset | Set to 1 to let structured diagnostic logs pass through public CLI output suppression. | | AUTOVAULT_PUBLIC_URL | required in remote mode | Public origin for OAuth metadata and callbacks. | | AUTOVAULT_HTTP_PORT | 3000 | HTTP port when PORT is not injected by the platform. | | AUTOVAULT_ALLOWED_ORIGINS | unset | Optional CORS allowlist for remote mode. | | AUTOVAULT_ADMIN_EMAIL | required until owner exists | First remote owner email. | | AUTOVAULT_ADMIN_PASSWORD | required until owner exists | First remote owner password, at least 12 characters. | | GITHUB_TOKEN | unset | Optional GitHub API rate-limit headroom. | | AUTOVAULT_AGENTSKILLS_BASE | https://agentskills.io/api/v1 | Override the agentskills API base. |

Installer-only environment:

| Variable | Default | Purpose | | --- | --- | --- | | AUTOVAULT_HOME | ~/.autovault | Install root for app, shim, and default storage. | | AUTOVAULT_BIN_DIR | $AUTOVAULT_HOME/bin | Directory for the autovault shim. | | AUTOVAULT_REF | latest stable release | GitHub branch or tag downloaded by autovault.sh; use main for the unreleased branch. | | AUTOVAULT_TARBALL_URL | derived from AUTOVAULT_REF | Fully override the source archive URL. | | AUTOVAULT_NO_BOOTSTRAP | 0 | Set to 1 to skip bundled-skill bootstrap. |

Security Model

AutoVault has two execution surfaces with different boundaries.

The MCP servers (dist/index.js over stdio and dist/remote.js over Streamable HTTP) are storage-and-validation services. They never execute skill content. Remote sources are treated as untrusted input and must pass schema, security, capability, dedup, signing, and path-safety checks before any write. All diagnostics go to stderr so stdout stays reserved for stdio MCP framing. Remote mode additionally requires OAuth bearer tokens and filters skill visibility for non-owner users.

The autovault skill <action> CLI is a user-invoked execution surface for skills that declare signed bin: actions. It runs the script as the invoking user, with that user's filesystem and network access. Before execution, the CLI hard-fails if the signed manifest, SKILL.md, or declared bin resources have been changed post-install.

Important limits:

  • The trust root is the keypair at $AUTOVAULT_STORAGE_PATH/.signing-key.json. Treat storage-root write access as full vault compromise.
  • autovault doctor --clean removes only ignored OS/editor metadata such as .DS_Store, Thumbs.db, desktop.ini, and AppleDouble ._* files.
  • Unknown hidden files, symlinks, special files, unsigned helpers, and changed signed files remain integrity failures.
  • The CLI requires an interactive TTY for bin actions as defense in depth, but a pseudo-terminal can satisfy that check. The hard boundary is validation plus manifest signing, not proof of a human at the keyboard.

For the full model and accepted risks, read docs/THREAT-MODEL.md.

Development

npm ci
npm run build
npm test
node scripts/smoke.mjs
node scripts/remote-smoke.mjs
node scripts/probe.mjs

The smoke, probe, and remote-smoke scripts require npm run build first because they spawn compiled files from dist/.

Architecture map:

  • src/index.ts - local stdio MCP entry point
  • src/remote.ts - remote Streamable HTTP MCP entry point
  • src/mcp/ - tool registration and serialization
  • src/tools/ - MCP tool handlers
  • src/cli/ - local operator CLI and UI
  • src/library.ts - public ESM exports
  • src/capabilities/ - SQLite schema, resolver, AutoHub import
  • src/profiles/ - profile discovery, filtering, and symlink sync
  • src/validation/ - frontmatter repair, schema, security, dedup
  • src/sources/ - source adapters
  • src/storage/ - filesystem storage, locks, manifests, signing
  • src/util/ - shared helpers

Release and operations docs:

Roadmap

Likely next areas:

  • stronger key storage for signature enforcement
  • semantic search via local embeddings
  • additional source adapters such as ClawHub, LobeHub, and Tessl
  • local mirror helper for permitted remote skills
  • secret resolver design, without storing secret values in the vault