npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@epicai/chariot

v1.0.6

Published

Epic AI® Chariot — Intelligent Virtual Assistant (IVA) MCP Gateway with enterprise IAM, RBAC, credential vault, and Internal API Discovery. Self-hosted. Your data never leaves.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

protectnilprotectnil

Keywords

mcpivaintelligent-virtual-assistantaienterpriseiamssoscimrbacself-hostedepic-aichariot

Readme

Epic AI® Chariot

Self-hosted. Your data never leaves.

Discovers your internal APIs; you choose which ones to connect. One MCP server. 469 tokens. 4,135 integrations. 35,835 tools. SSO via SAML, OIDC, and SCIM. Free for one user. Buy seats when the team wants in.

npx @epicai/chariot

What Is Chariot?

Chariot is a self-hosted MCP server that connects the AI your team already uses — Claude Desktop, ChatGPT, Cursor, Codex, VS Code — to 4,135 enterprise integrations exposing 35,835 tools. Two-tier routing engine (BM25 + miniCOIL at zero inference cost, then LLM picks from an 8-tool shortlist). Three-tier autonomy governance (auto/escalate/approve). SHA-256 hash-chained audit trail.

One npm package. Two licenses:

  • Open-source core (Apache 2.0): The Legion engine — MCP server, routing engine, 4,135 adapters, federation, autonomy, retrieval, persona, audit. Full TypeScript source on GitHub.
  • Compiled binary (Elastic License 2.0): IAM (SSO, SCIM 2.0, RBAC, credential vault, audit trail) + Internal API Discovery (codebase scan, adapter generation). Compiled Rust via napi-rs. Signed binaries. Published test suite.

Free Tier

Single user. Full functionality. Connects to your existing IdP out of the box. Inside your zero trust perimeter from minute one. 71 zero-credential integrations work immediately — no API key, no account, no setup.

Paid Tier — Buy Seats on Your Chariot

The moment your team needs multi-user auth, buy seats. Same Chariot. Same deployment. A signed license file unlocks multi-user mode.

| Pack | Seats | Monthly | Annual (2 months free) | |------|-------|---------|----------------------| | Free | 1 | $0 | $0 | | 10-Pack | 10 | $300/mo | $3,000/yr | | 25-Pack | 25 | $600/mo | $6,000/yr | | 50-Pack | 50 | $1,000/mo | $10,000/yr | | 100-Pack | 100 | $1,800/mo | $18,000/yr |

One Chariot deployment per company. One SSO connection. One RBAC policy. One audit trail. Packs add seat capacity. Adapters are unlimited at every tier.

Installation

npx @epicai/chariot

The setup wizard detects your AI client, writes the MCP config, and connects 71 zero-credential integrations. You're running in under 60 seconds.

Add Adapters

chariot add github
chariot add datadog
chariot add pagerduty

Ask your AI: "What happened in production last night?" — correlated answer across all three in 10 seconds.

Discover Internal APIs

chariot discover ./src

Scans your codebase for OpenAPI specs and Express route definitions. You select which services to expose. The AI stops confusing your internal payment service with Stripe.

Check License

chariot license

All Commands

chariot                       Run setup wizard
chariot serve                 Start MCP server
chariot discover              Scan codebase for internal APIs
chariot discover --rescan     Rescan and show changes
chariot discover --config f   Non-interactive from config file
chariot add <name>            Add an adapter
chariot remove <name>         Remove an adapter
chariot list [term]           List/search adapters
chariot health                Check adapter health
chariot license               Show license status
chariot configure             Configure credentials
chariot help                  Show help

Architecture

npx @epicai/chariot
    ├── @epicai/legion (Apache 2.0)
    │   ├── MCP server + routing engine
    │   ├── 4,135 adapters (624 REST, 3,242 MCP, 246 dual)
    │   ├── Federation, autonomy, retrieval, persona, audit
    │   └── CLI: add, remove, list, health, serve
    │
    └── Chariot native binary (Elastic License 2.0)
        ├── License validation (Ed25519)
        ├── RBAC enforcement
        ├── Credential vault (AES-256-GCM, HKDF-SHA256)
        └── Internal API Discovery

Two Funnels, One Toll Booth

Developers who want pure open source start with Legion. When the team needs IAM and discovery, they upgrade to Chariot. Both roads lead to the same product.

Trust and Security

Don't trust us. Docker it. Kill the network. It still works.

  • Zero egress. Chariot makes no outbound connections. No license server. No telemetry. Verify it yourself in a network-isolated container.
  • Open-source core. Every line of the Legion engine is on GitHub. Read it before you install it.
  • Compiled binary. The enterprise binary (IAM, RBAC, credential vault, discovery) is compiled Rust via napi-rs. Interface-verified at load time. Published test suite exercises every code path.
  • Credential vault. AES-256-GCM encryption with per-tenant HKDF-SHA256 key derivation. Master key required at startup — no defaults, no fallbacks.
  • Audit trail. SHA-256 hash-chained, append-only, tamper-evident. Optimistic-locking writes with full chain verification. Export as JSON, CSV, or syslog.
  • Fail-fast startup. Enterprise mode validates all secrets (JWT, master key), backing services (MongoDB, Redis), and binary integrity before mounting any routes. Missing or insecure configuration is rejected with an explicit error — Chariot does not limp along in a partially configured state.
  • License enforcement. Locally enforced via Ed25519 signature verification. Offline validation — no license server. Single-user mode is free and fully functional. Multi-user mode requires a valid license file. The transition is enforced by middleware, not by policy text.
  • Rust memory safety. No buffer overflows. No use-after-free. No null pointer dereferences.

Artifacts We Ship

| Artifact | Purpose | |----------|---------| | Published test suite | Behavioral transparency — 92+ tests across 7 files | | Interface verification | Binary structural integrity check at load time | | Docker isolation config | Zero-trust proof — air-gapped operation verified | | Credential vault encryption spec | At-rest data specification (AES-256-GCM + HKDF) |

Enterprise IAM

Chariot's IAM module is Okta-verified and includes:

  • SSO: SAML 2.0 SP-initiated and IdP-initiated flows. OIDC Authorization Code + PKCE.
  • SCIM 2.0: Full RFC 7644 compliance. User and group provisioning. JIT provisioning. Deprovisioning with automatic session revocation.
  • RBAC: Group-to-adapter mappings. Users see only the integrations their role permits.
  • Credential Vault: Per-tenant key derivation. AES-256-GCM encryption at rest. Per-user and shared (org-wide) credentials.
  • Session Management: JWT with Redis-backed per-session and per-tenant epoch revocation.
  • Audit Trail: Hash-chained, tamper-evident, optimistic-locking writes. Full chain verification.

Platform Support

Platform-specific binaries ship as npm optional dependencies:

| Platform | Package | |----------|---------| | Linux x64 | @epicai/chariot-linux-x64-gnu | | macOS ARM (Apple Silicon) | @epicai/chariot-darwin-arm64 | | macOS Intel | @epicai/chariot-darwin-x64 | | Windows x64 | @epicai/chariot-win32-x64-msvc |

npm detects your platform and pulls the right binary automatically.

License

Links

Epic AI® is a registered trademark of protectNIL Inc. (U.S. Reg. No. 7,748,019) IVA — Intelligent Virtual Assistant

*Intelligence that acts.*™