npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@lcv-ideas-software/cross-review

v4.2.1

Published

API-first MCP server for multi-model cross-review with unanimous convergence gates.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

lcv-leolcv-leo

Keywords

mcpmodel-context-protocolcross-reviewmulti-agentopenaianthropicgeminideepseekgrokxaiapi

Readme

cross-review

MCP server orchestrating API-first cross-review between Claude, ChatGPT Codex, Gemini, DeepSeek, and Grok with unanimous convergence gates.

status: stable release npm CI CodeQL Publish runtime: API-only license: Apache 2.0

Install.

npm install -g @lcv-ideas-software/cross-review
# or using the GitHub Packages mirror:
npm install -g @lcv-ideas-software/cross-review --registry=https://npm.pkg.github.com

Status. Stable. Current release: v04.02.01 (npm package 4.2.1). See CHANGELOG.md for the full release history.

Project renamed 2026-05-15. This project was previously published as @lcv-ideas-software/cross-review-v2 (versions 0.x through 3.7.5). v4.0.0 is the first release under the shorter canonical name @lcv-ideas-software/cross-review after the companion cross-review-v1 project was discontinued and archived. Historical CHANGELOG entries below v4.0.0 reference the prior name verbatim.

The version history at a glance:

| Release | Scope | | -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | v04.02.01 | Patch — publish the workspace hard-gate cleanup as a package release. | | v04.02.00 | Minor — bounded MCP session listing and cancellation semantics cleanup. | | v04.01.01 | Patch — release the hard-gate cleanup as a published package. | | v04.01.00 | Minor — security hardening of session-store concurrency, write-path DoS surface, and credential redaction. | | v04.00.08 | Patch — eliminate the recurring js/file-access-to-http CodeQL false positive at the source. | | v04.00.07 | Patch — bounded npm registry fetch in the post-publish verifier. | | v04.00.06 | Patch — Windows-safe registry verifier. | | v04.00.05 | Patch — hard-gate close-out for the Codex v4.0.4 audit. | | v04.00.04 | Patch — restore prettier coverage of src/ and scripts/ (close audit on v4.0.3 hard-gate gap). | | v04.00.02 | Patch — Codex second-pass audit close-out (6 findings). | | v04.00.01 | Patch — close-out of post-v4.0.0 audit (eight surfaces left stale by the rename bulk-replace). | | v04.00.00 | Major — project renamed to cross-review | | v03.07.05 | Patch — logs+sessions study 2026-05-15 close-out (4 surgical fixes from 244-session/429-round corpus). | | v03.07.03 | Patch — "sem fallback é sem fallback" directive + Codex v3.7.2 parecer residuals. | | v03.07.02 | Patch — Codex 3rd super-audit close-out of v3.7.1 | | v03.07.01 | Patch — Codex super-audit close-out of v3.7.0 | | v03.07.00 | Minor — Codex super-audit close-out 2026-05-14 | | v03.06.00 | Minor — observability + caller-discipline close-out 2026-05-14 | | v03.05.00 | Minor — Codex operational-report close-out 2026-05-14: 5 findings from sessions f0db3970 + df052926. | | v03.04.00 | Minor — Perplexity multi-failure-mode close-out 2026-05-13: 3 coordinated fixes covering 7 production sessions Codex flagged (51973fac, f72e597a, f9a19401, 99d46a2b, 00d92cce, 59776026, 0003b2fe). | | v03.03.00 | Minor — Caller peer-selection lock (operator directive 2026-05-12: "TODOS OS AGENTES/PEERS SEMPRE PARTICIPAM, INDEPENDENTE DA ESCOLHA OU VONTADE DO CALLER"). | | v03.02.00 | Patch — Codex bug-report close-out 2026-05-12: three surgical fixes (Perplexity <think> parser + session-state invariant + orchestrator strict peers). | | v03.01.00 | Minor — Central config file (config.json). Eliminates ~700 redundant env-var declarations across the 7 MCP host configs. | | v03.00.00 | Major — Perplexity joins the sexteto. Quinteto (5 peers) → sexteto (6). | | v02.28.00 | Minor — Cold-start hardening Part 3: Windows registry env-var lookup bulk-cached (3-7 s → ~100 ms). | | v02.27.01 | Patch — Cold-start hardening Part 2: lazy-load 5 provider SDKs + defer 6 startup sweeps to setTimeout(30s). | | v02.27.00 | Minor — Cold-start hardening Part 1: corrupted meta.json auto-quarantine + finalized-session auto-prune. | | v02.26.01 | Patch — max_attached_evidence_chars default raised 80_000 → 200_000 to fix multi-file evidence truncation. | | v02.26.00 | Minor — Full pricing-model schema: base + extended-tier + cache (read/write) + promo (limited-time discount), all env-configurable, graceful fallback when fields are absent or promo expires. | | v02.25.01 | Patch — meta.json corruption hotfix: redact() env-style pattern was crossing JSON-escape boundaries. | | v02.25.00 | Third deliberation mode circular joins ship and review. | | v02.24.00 | Evidence-provenance lock for the ship-mode relator (Codex bug report 2026-05-10). | | v02.23.00 | Anthropic empty-revision degenerate path detection. | | v02.22.00 | session_doctor drill-down + per-round cost telemetry + budget warning event. | | v02.21.00 | Cross-provider prompt caching across all 5 peers (OpenAI, Anthropic, Gemini, DeepSeek, Grok). | | v02.18.08 | Site sponsor card iteration. | | v02.18.07 | Patch — site/index.html visual identity refresh. | | v02.18.06 | Patch — Gemini API function-declaration compatibility for MCP tool inputSchemas. | | v02.18.05 | Patch — anti-drift smoke drivers for v2.18.4 audit closure (operator directive 2026-05-07). | | v02.18.04 | Patch — Codex external audit 2026-05-07 outcome: 6 surgical fixes (P1.1, P1.2, P1.3, P1.4, P2.1, P2.4). | | v02.18.03 | Patch — Gemini default pin bump gemini-3.1-pro-previewgemini-2.5-pro (operator preference 2026-05-07; coordinated with cross-review-v1 v1.12.4). | | v02.18.02 | Tier 5 — Windows process-tree introspection (coordinated with cross-review-v1 v1.12.2). | | v02.18.01 | Hotfix: closes Dependabot security advisory GHSA-v2v4-37r5-5v8g (medium severity) — ip-address XSS in Address6 HTML-emitting methods. | | v02.18.00 | F1 caller capability tokens (coordinated with cross-review-v1 v1.11.0). | | v02.17.00 | HARD GATE — identity forgery rejection (operator directive 2026-05-05). | | v02.16.00 | Tribunal protocol repair plus operational doctor. | | v02.15.01 | server_info consensus visibility hotfix. | | v02.15.00 | Backlog bundle for operational judge controls. | | v02.14.01 | Grok reasoning model hotfix. | | v02.14.00 | Grok joins the tribunal. | | v02.13.00 | Lead meta-review drift fix. | | v02.12.00 | Shadow judge observability. | | v02.11.00 | Relator lottery plus shadow auto-wire. | | v02.09.00 | LLM evidence-judge pass. | | v02.08.00 | Per-peer health and Evidence Broker lifecycle. | | v02.07.00 | Evidence Broker. | | v02.06.01 | Fallback/recovery budget hard gate. | | v02.06.00 | Token-delta compaction plus v2.5 format hotfix bundle. | | v02.05.00 | Evidence and budget hardening pass. | | v02.04.01 | CI stub fail-fast hotfix. | | v02.04.00 | Audit-closure hardening pass. | | v02.03.03 | Prompt shielding and financial safety. | | v02.03.02 | CI-green README/docs cleanup. | | v02.03.01 | README organizational standardization. | | v02.03.00 | Provider-neutral review_focus. | | v02.02.00 | Provider token streaming. | | v02.01.01 | CodeQL and model-selection hardening. | | v02.01.00 | First stable cross-review release. | | v02.00.04 | Session event race hotfix. | | v02.00.03 | Background sessions and durable reports. | | v02.00.02 | Publishing and dashboard sanitization. | | v02.00.01 | Public npm/package metadata alignment. | | v02.00.00 | Development package line hardening. | | v2.0.0-alpha.2 | Durable session recovery alpha. | | v2.0.0-alpha.1 | Model attestation and store hardening alpha. | | v2.0.0-alpha.0 | Initial API/SDK-only MCP server. |

What It Does

cross-review is the stable API-first implementation of the cross-review pattern. It orchestrates provider API clients (OpenAI/Codex, Anthropic/Claude, Google Gemini, DeepSeek, and xAI/Grok) and provides an MCP-compatible server surface.

Runtime calls are real provider calls by default. Stubs exist only for smoke tests and CI when CROSS_REVIEW_STUB=1.

  • OpenAI client library for the Codex/OpenAI peer.
  • Anthropic TypeScript client library for Claude.
  • Google Gen AI client library for Gemini.
  • OpenAI-compatible DeepSeek API through the OpenAI client library.
  • OpenAI-compatible xAI Grok API through the OpenAI client library.

Quick Start

# Set API keys (PowerShell example)
[Environment]::SetEnvironmentVariable("OPENAI_API_KEY", "<OPENAI_API_KEY>", "User")
[Environment]::SetEnvironmentVariable("ANTHROPIC_API_KEY", "<ANTHROPIC_API_KEY>", "User")
[Environment]::SetEnvironmentVariable("GEMINI_API_KEY", "<GEMINI_API_KEY>", "User")
[Environment]::SetEnvironmentVariable("DEEPSEEK_API_KEY", "<DEEPSEEK_API_KEY>", "User")
[Environment]::SetEnvironmentVariable("GROK_API_KEY", "<GROK_API_KEY>", "User")

Restart your terminal after changing environment variables.

Build and run locally:

npm install
npm --registry=https://registry.npmjs.org run build
node dist/src/mcp/server.js

For local smoke tests (no-cost):

$env:CROSS_REVIEW_STUB = "1"
npm --registry=https://registry.npmjs.org test

Configuration

Model selection and runtime behaviour can be controlled with environment variables. Example overrides (PowerShell):

[Environment]::SetEnvironmentVariable("CROSS_REVIEW_OPENAI_MODEL", "gpt-5.5", "User")
[Environment]::SetEnvironmentVariable("CROSS_REVIEW_OPENAI_REASONING_EFFORT", "xhigh", "User")
[Environment]::SetEnvironmentVariable("CROSS_REVIEW_GROK_MODEL", "grok-4.20-multi-agent", "User")
[Environment]::SetEnvironmentVariable("CROSS_REVIEW_GROK_REASONING_EFFORT", "xhigh", "User")

For Grok, GROK_API_KEY is canonical. grok-4-latest, grok-4.3, grok-4.20, and grok-4.20-reasoning use xAI automatic reasoning without an explicit reasoning.effort field. grok-4.20-multi-agent accepts explicit reasoning.effort; low/medium select 4 agents and high/xhigh select 16 agents.

Financial and budget controls are required for paid provider calls. Configure these environment variables before running real sessions (example):

[Environment]::SetEnvironmentVariable("CROSS_REVIEW_MAX_SESSION_COST_USD", "20", "User")
[Environment]::SetEnvironmentVariable("CROSS_REVIEW_PREFLIGHT_MAX_ROUND_COST_USD", "20", "User")
[Environment]::SetEnvironmentVariable("CROSS_REVIEW_UNTIL_STOPPED_MAX_COST_USD", "20", "User")

MCP Tools

  • server_info
  • runtime_capabilities
  • probe_peers
  • session_init
  • session_list
  • session_read
  • ask_peers
  • session_start_round
  • run_until_unanimous
  • session_start_unanimous
  • session_cancel_job
  • session_recover_interrupted
  • session_poll
  • session_events
  • session_metrics
  • session_doctor
  • session_report
  • session_check_convergence
  • session_attach_evidence
  • session_evidence_checklist_update
  • session_evidence_judge_pass
  • session_evidence_judge_consensus_pass
  • session_judgment_precision_report
  • contest_verdict
  • escalate_to_operator
  • regenerate_caller_tokens
  • session_sweep
  • session_finalize

Repository conventions

Links

License

Apache-2.0. See LICENSE, NOTICE, and THIRDPARTY.