npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@efficientlabs/stratos

v1.3.0

Published

StratosAgent — the publicly-auditable operating core of a sovereign, local-first AI agent: files-first workspace/context/trace/eval, a publicly verifiable capability-receipt format + verifier, signed-skill (SKILL.md) verify-before-run, and a local-default

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

efficientlabsefficientlabs

Keywords

Readme

🛰️ StratosAgent — the operating core

The publicly-auditable core of a sovereign, local-first AI agent.

Don't trust it — verify it. Then run it for $0.

What this repository is

This is the publicly-auditable operating core of StratosAgent — the part you can read, run, and verify yourself. It is the standard + the proof, not the whole product:

  • a files-first operating coreworkspace → context → trace → eval, where the durable asset is plain files on disk, framework-agnostic;
  • a publicly verifiable capability-receipt format + verifier — a PQC-signed, hash-chained proof of every run, checkable with the public key only;
  • signed-skill (SKILL.md) verify-before-run — foreign skills are untrusted by default and capability-gated, deny-by-default;
  • a sovereign model router + adapter seam — local by default, privacy pins local, cloud is opt-in and never silent.

The private learning/economic flywheel (how the agent compounds skills and accounts for value) and the private connector/broker internals are not in this repo, by design — see STATE_OF_REALITY.md. What is here is real, and the tests prove it.

Run npm test13 hermetic suites, every assertion green, no network and no LLM required. If any claim below breaks, a test goes red.

Install

# macOS / Linux:
curl -fsSL https://efficientlabs.ai/install.sh | sh
# Windows (PowerShell):
irm https://efficientlabs.ai/install.ps1 | iex
# or with npm, any OS:
npm i -g @efficientlabs/stratos

Set up your node, then run a real local completion. complete needs a local, OpenAI-compatible endpoint — e.g. Ollama (ollama serve + ollama pull gemma2:2b) or any gateway — pointed at via --gateway / STRATOS_GATEWAY_URL. No model is bundled; you bring the endpoint and your data stays on your machine.

stratos init
stratos task create local/demo/flow/t1
STRATOS_GATEWAY_URL=http://127.0.0.1:11434/v1/chat/completions \
  stratos complete local/demo/flow/t1 "In one sentence, what is sovereign AI?" --model gemma2:2b
stratos eval local/demo/flow/t1     # re-verifies the run's signed receipt

The completion is routed local-default ($0), written as a trace, and sealed in a PQC-signed capability-receipt that verifies with the public key only.

Prove it #1 — the $0 operating loop (no API, no network)

Everything here is deterministic and local. No key, no account, no meter.

git clone https://github.com/EfficientLabs-ai/StratosAgent.git
cd StratosAgent
npm install        # one dependency: @noble/post-quantum (audited, FIPS 203/204)
npm test           # 13 hermetic suites, all green

Then drive the operating core end to end — capture → trace → eval — entirely on your machine. These commands are identical in PowerShell, cmd, bash, and zsh:

node bin/stratos.js workspace create demo
node bin/stratos.js task create demo/proj/flow/t1
node bin/stratos.js capture demo/proj/flow/t1 "how do I verify a receipt?"
node bin/stratos.js trace demo/proj/flow/t1
node bin/stratos.js eval  demo/proj/flow/t1

You'll see the output below — this is what the program prints, not commands to run:

✓ trace written .../demo/proj/flow/t1/traces/t1.json
  steps   2 · result ok
  node    did:atmos:e3d384e72263…ad4d51
  receipt a536a04b62de ✓ verified (public key only)

✓ eval PASS t1 · 6/6 (100%)
  ✓ result-ok        ✓ no-error-steps     ✓ outputs-present
  ✓ cost-within-budget                    ✓ trace-integrity (receipt verifies: chain + signature + input-hash)

By default everything lands under ./.stratos-profile/workspaces. To put it elsewhere, set STRATOS_WORKSPACES_DIR first — bash/zsh: export STRATOS_WORKSPACES_DIR=./my-workspaces · PowerShell: $env:STRATOS_WORKSPACES_DIR="./my-workspaces".

No model was called. No byte left your machine. The trace, the receipt, and the eval are files you own.

🌐 Looking for mesh-node.mjs / node-runner? That's the P2P mesh — it lives in the separate The Atmosphere repo, not here.

Prove it #2 — verify a capability-receipt with a public key only

When models are free, the value isn't the inference — it's the verifiable proof of who ran what, at what cost, without tampering. A receipt is a PQC-signed (Ed25519 + ML-DSA-65), hash-chained record. A third party can verify it holding only the node's public key — no private key, no access to the originating machine.

# 1. Produce a signed receipt log by running a trace — it writes my-task.receipt.jsonl
#    next to the trace, under .stratos-profile/workspaces/…/my-task/traces/:
node bin/stratos.js init
node bin/stratos.js task create local/demo/flow/my-task
node bin/stratos.js trace local/demo/flow/my-task

# 2. Pack it into a self-contained, public-key-embedded bundle:
node bin/stratos.js receipt export .stratos-profile/workspaces/local/demo/flow/my-task/traces/my-task.receipt.jsonl --out bundle.json
# ✓ exported 1 receipt(s) → bundle.json (public key embedded)

# 3. A third party verifies it holding ONLY the public key in the bundle:
node bin/stratos.js receipt verify ./bundle.json
# ✓ OK — 1 receipt(s); every signature + the full hash chain verified with the public key only.

Tamper with a single field and it fails closed:

cp bundle.json tampered.json                 # then edit any receipt field (e.g. cost_units)
node bin/stratos.js receipt verify ./tampered.json
# ✗ BROKEN — receipt tampered (field altered) (at index 0)

This is the trust substrate the whole product is built on — and it's right here, open, for you to break.

Prove it #3 — the cloud is never silent

The router defaults to local. Privacy pins local. Cloud is opt-in and always explains itself.

node bin/stratos.js route "what is 2 + 2"
# → local-fast (local / sovereign)   why: difficulty 1 → local (sovereign default)

node bin/stratos.js route "prove safety of a byzantine consensus protocol" --privacy
# → local-fast (local / sovereign)   why: privacy: stays on this machine

A model auto-sent by an OpenAI-compatible client never forces cloud. Cloud requires an explicit escalation and your own key and genuine difficulty. See MODEL_ROUTING.md.

Honest status — L0 → L5

We grade every claim. L5 = verified by a hermetic test in this repo; L0 = vision only. We never claim above what we can measure.

| Subsystem | Level | What that means here | |---|---|---| | Files-first operating core (workspace/context/trace/eval) | L5 | hermetic tests (test-operating-core, test-eval-engine, test-icm-workspace) | | Capability-receipt format + public-key verifier (fail-closed) | L5 | test-operating-core + receipt verify demo above | | Signed-skill / SKILL.md verify-before-run (untrusted-by-default) | L5 | test-skill-md, test-skill-seal | | Hybrid post-quantum crypto (ML-DSA-65 + ML-KEM-768, FIPS 203/204) | L5 | test-skill-seal (via audited @noble/post-quantum) | | Capability gate — deny-by-default, anti path-traversal | L5 | test-capability-gate | | Sovereign router + adapter (Privacy > Capability > Cost > Fallback) | L5 | test-model-router, test-model-adapter | | Mesh signal — honest "false until a real fleet exists" | L5 | test-mesh-signal | | Actually calling a model (local Ollama / your own cloud provider account) | L2 | the decision + seam are here; you provide the provider | | Self-improvement loop | L1 | the trace→eval→lesson seam is here (SELF_IMPROVEMENT_LOOP.md); the generator is private | | P2P compute mesh runtime | L0 here | router can target it; the public node runtime lives in The Atmosphere | | Economic / reward accounting | L0 here | private by design — measurement before rewards |

Full detail: STATE_OF_REALITY.md.

Architecture

| Doc | What it covers | |---|---| | ARCHITECTURE.md | the operating-core map (what ships here, layer by layer) | | CONTEXT_ROUTING.md | how context flows: Input → Capture → Route → Store → Trace → Evaluate | | MODEL_ROUTING.md | the router + adapter decision tables | | TRACE_SCHEMA.md | the trace record + the signed receipt spine | | SELF_IMPROVEMENT_LOOP.md | the public seam of the improvement loop (interface spec) |

Import the engines directly, too — the package exposes clean entrypoints:

import { run } from '@efficientlabs/stratos/cli';
import { verifyBundle } from '@efficientlabs/stratos/receipt';
import { route } from '@efficientlabs/stratos/router';

The Efficient Labs sovereign stack

| | | |---|---| | 🛰️ StratosAgent (you are here) | the sovereign agent's operating core | | 🌐 The Atmosphere | the sovereign P2P compute mesh | | 🔗 efficientlabs.ai | the whole story |

Contributing

We welcome contributions to the public operating core — see CONTRIBUTING.md. The bar is simple: every claim ships with a hermetic test.

License

Business Source License 1.1 — source-available. Free for non-production use; converts to Apache 2.0 on 2030-05-29. See LICENSE.