npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@brutalist/mcp

v1.12.0

Published

Deploy Claude, Codex & Gemini CLI agents to demolish your work before users do. Real file analysis. Brutal honesty. Now with conversation continuation & intelligent pagination.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mockleemocklee

Keywords

mcp-servermodel-context-protocolanthropic-claudeclaude-codeai-code-reviewcode-analysisstatic-analysiscode-qualitysecurity-auditvulnerability-scanningarchitecture-reviewcode-critiquetechnical-debtmulti-agentbrutalistbrutalhonest-aireality-checkmcpllmaiclaudecodexgeminiopenaianthropicgoogle-aicli-agentsdeveloper-toolsdevtoolscode-reviewresearch-critiqueproduct-reviewinfrastructure-reviewproduction-readypaginationchunking

Readme

Brutalist MCP

Multi-perspective code analysis using Claude Code, Codex, and Gemini CLI agents.

Get direct, honest technical feedback on your code, architecture, and ideas before they reach production.

What It Does

The Brutalist MCP connects your AI coding assistant to three different CLI agents (Claude, Codex, Gemini), each providing independent analysis. This gives you multiple perspectives on:

  • Code quality and security vulnerabilities
  • Architecture decisions and scalability
  • Product ideas and technical feasibility
  • Research methodology and design flaws

Real file-system access. Straightforward analysis. No sugar-coating.

Quick Start

Step 1: Install a CLI Agent

You need at least one of these installed:

# Option 1: Claude Code (recommended)
npm install -g claude

# Option 2: Codex
# Install from https://github.com/openai/codex-cli

# Option 3: Gemini
npm install -g @google/gemini-cli

Step 2: Install the MCP Server

Choose your IDE:

Claude Code:

claude mcp add brutalist --scope user -- npx -y @brutalist/mcp@latest

Codex:

# Install globally once to avoid npx startup chatter
npm i -g @brutalist/mcp
# Add MCP using the installed binary (clean stdio)
codex mcp add brutalist -- brutalist-mcp

Configuring tool_timeout_sec for Codex: The tool_timeout_sec parameter (defaulting to 60 seconds) for your Brutalist MCP server needs to be configured directly in your Codex configuration file at ~/.codex/config.toml. It cannot be passed via the codex mcp add command directly.

To set a custom timeout (e.g., 5 minutes or 300 seconds), add or modify the [mcp_servers.brutalist] section in ~/.codex/config.toml as follows:

[mcp_servers.brutalist]
command = "brutalist-mcp" # Ensure this matches your installation command
args = [] # Depending on your setup, this might be empty or contain arguments
tool_timeout_sec = 300 # Set your desired timeout in seconds

Cursor: Add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "brutalist": {
      "command": "npx",
      "args": ["-y", "@brutalist/mcp@latest"]
    }
  }
}

VS Code / Cline:

code --add-mcp '{"name":"brutalist","command":"npx","args":["-y","@brutalist/mcp@latest"]}'

Windsurf: Add to ~/.codeium/windsurf/mcp_config.json:

{
  "mcpServers": {
    "brutalist": {
      "command": "npx",
      "args": ["-y", "@brutalist/mcp@latest"]
    }
  }
}

Step 3: Verify Installation

# Check which CLI agents are available
cli_agent_roster()

Usage Examples

Analyze Your Codebase

# Analyze entire project
roast_codebase "/path/to/your/project"

# Analyze specific modules
roast_codebase "/src/auth"
roast_codebase "/src/api/handlers"

Validate Ideas

# Evaluate a product concept
roast_idea "A social network for developers to share code snippets"

# Review technical decisions
roast_idea "Migrating our monolith to microservices with Kubernetes"

Review Architecture

# System architecture analysis
roast_architecture "Microservices with event sourcing and CQRS"

# Infrastructure design review
roast_architecture """
API Gateway → Load Balancer → 3 Node.js services → PostgreSQL
Redis for caching, Docker containers on AWS ECS
"""

Security Analysis

# Authentication review
roast_security "JWT tokens with user roles in localStorage"

# API security check
roast_security "GraphQL API with dynamic queries and no rate limiting"

Compare Perspectives

# Get multiple viewpoints on technical decisions
roast_cli_debate "Should we use TypeScript or Go for this API?"

# Compare architecture approaches
roast_cli_debate "Microservices vs Monolith for our e-commerce platform"

How It Works

This MCP server coordinates analysis from locally installed CLI agents:

  • Claude Code CLI - Code review and architectural analysis
  • Codex CLI - Security and technical implementation review
  • Gemini CLI - System design and scalability analysis

Each agent runs locally with direct file-system access, providing independent perspectives on your code and design decisions.

Analysis time: Up to 25 minutes for complex projects. Thorough analysis requires time to examine code patterns, dependencies, and architectural decisions.

Pagination for Large Results

For analyses that exceed your IDE's token limit:

# Set chunk size for large codebases
roast_codebase({targetPath: "/monorepo", limit: 20000})

# Continue from cached output; omit resume
roast_codebase({targetPath: "/monorepo", context_id: "abc123", offset: 20000, limit: 20000})

# Use cursor-based navigation
roast_codebase({targetPath: "/complex-system", context_id: "abc123", cursor: "offset:25000"})

Features:

  • Smart boundary detection (preserves paragraphs and sentences)
  • Token estimation (~4 chars = 1 token)
  • Progress indicators
  • Configurable chunk size (1K to 100K characters)
  • resume: true is only for new follow-up prompts and starts another agent run

Tools

Code & Architecture

| Tool | Analyzes | |------|----------| | roast_codebase | Security vulnerabilities, performance issues, code quality | | roast_file_structure | Directory organization, naming conventions, structure | | roast_dependencies | Version conflicts, security vulnerabilities, compatibility | | roast_git_history | Commit quality, branching strategy, collaboration patterns | | roast_test_coverage | Test coverage, quality gaps, testing strategy |

Design & Planning

| Tool | Analyzes | |------|----------| | roast_idea | Feasibility, market fit, implementation challenges | | roast_architecture | Scalability, cost, operational complexity | | roast_research | Methodology, reproducibility, statistical validity | | roast_security | Attack vectors, authentication, authorization | | roast_product | UX, adoption barriers, user needs | | roast_infrastructure | Reliability, scaling, operational overhead | | roast_design | Perceptual craft, typography, affordances (Playwright for live UIs) | | roast_legal | Authority, application, adversary, procedure, interpretation, risk |

Utilities

| Tool | Purpose | |------|---------| | roast | Unified tool - use domain parameter to select analysis type | | brutalist_discover | Find the best tool for your intent using natural language | | roast_cli_debate | Multi-agent discussion from different perspectives | | cli_agent_roster | Show available CLI agents on your system |

Tip: Use the unified roast tool with a domain parameter for a leaner schema, or use brutalist_discover to find the right tool based on your intent.

See docs/pagination.md for detailed pagination documentation.

Advanced Usage

Choose Specific CLI Agents

# Default: run all available critics in parallel (recommended)
roast(domain="codebase", target="/src")

# Restrict to a subset only when the user explicitly names which critics
roast(domain="codebase", target="/src", clis=["codex", "gemini"])

Agent Strengths

Different agents have different strengths:

  • Code review: Claude, Codex, Gemini
  • Architecture: Gemini, Claude, Codex
  • Security: Codex, Claude, Gemini
  • Research: Claude, Gemini, Codex

Verification-Heavy Domains

legal, research, and security ship with a mandatory verification protocol. Before citing any external authority (case, statute, study, CVE, advisory), agents must invoke their native web tools, lift a verbatim quote from the source, and tag the citation with one of:

  • [VERIFIED: <url> | "<verbatim quote supporting the attribution>"]
  • [SUPPLIED: <location> | "<verbatim quote from supplied materials>"]
  • [UNVERIFIED: <reason>] — verification failed; no quote

Untagged citations are a protocol violation. The "state doctrine without a cite" fallback is conditional on a failed web lookup, not a parallel option. Consumers of the critique can spot-check citations by fetching the URL and grepping for the quoted string.

Gemini Frontier Model Rotation

For Gemini, the server pins gemini-3.1-pro-preview as the default to prevent the CLI's Auto router from downselecting to gemini-2.5-flash-lite under verification load. The orchestrator automatically rotates through the frontier chain when the current tier is unavailable:

  1. gemini-3.1-pro-preview (newest pro frontier, preview-tier access)
  2. gemini-3-pro-preview (previous pro frontier, preview-tier access)
  3. gemini-3-flash-preview (3-series flash — Pro-grade reasoning at Flash-level speed and cost; the floor of the rotation chain)

Rotation fires on both capacity and access failures. Users without preview-tier access to the pro variants fall through to gemini-3-flash-preview — which is materially better than the Auto router's gemini-2.5-flash-lite downselect because Gemini 3 Flash carries Pro-grade reasoning. Users with preview access get the newest pro model when capacity is available, with graceful fallback when it isn't.

If you need the last-generation pro model as your pin (e.g. your account has no 3.x preview access at all), use the env override below — gemini-2.5-pro is no longer in the rotation chain by default.

Rotatable failure patterns:

  • Capacity: 429, "No capacity available", quota, rate limit, too many requests
  • Access: ModelNotFoundError, "Requested entity was not found", 403, permission denied

Rotation aborts immediately on unrelated failures (auth, subprocess crash, prompt rejection) — a different model won't fix those.

Overrides:

  • Per-call: roast(..., models={gemini: "gemini-2.5-flash"}) — caller chooses, no rotation.
  • Per-environment: BRUTALIST_GEMINI_MODEL=<model> — operator chooses, no rotation. Common picks: gemini-3-flash-preview to skip the pro-preview probe cost; gemini-2.5-pro if you want the previous-generation pro pin (no longer in the rotation default).

Codex Model Selection

Codex uses the Codex CLI's configured/default model by default. The server deliberately does not pass --model for Codex, even if models.codex is present, so stale tool-call tags cannot override a newer ~/.codex/config.toml value.

Set BRUTALIST_CODEX_ALLOW_MODEL_OVERRIDE=true only if you explicitly want Brutalist to pass models.codex through as codex exec --model .... When that opt-in is enabled, deprecated Codex model names are still resolved through the migration table discovered from the Codex CLI config.

Why Multiple Perspectives

Each CLI agent brings a different approach to analysis:

  • Different training data and focus areas
  • Independent evaluation of the same code
  • Varied perspectives on technical tradeoffs

Getting multiple viewpoints helps identify issues that a single perspective might miss.

License: MIT Issues: https://github.com/ejmockler/brutalist-mcp/issues