npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@mmesh/meshcode

v0.2.0

Published

MeshCode + MeshGuard. An agentic coding CLI AND a transparent governance proxy in front of Claude Code / Cursor / Cline — every prompt routed through ModelMesh for DLP, audit, budgets, and intent-aware routing.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

luccio83luccio83

Keywords

modelmeshllmcliagentcoding

Readme

@mmesh/meshcode

What's new in 0.2.0

  • MeshGuard modemeshcode wrap claude and meshcode shell run a local proxy in front of Claude Code (or any Anthropic-API tool). Every prompt is DLP-scanned, audited, budget-checked, and routed through ModelMesh while the tool sees a normal Anthropic API.
  • honor_tool routing policy — when you wrap a tool, ModelMesh only routes to providers matching that tool's family (e.g., Claude Code → Anthropic models only). Switch to optimize per-endpoint in the admin portal if you want full multi-provider routing.
  • 0.1.0 features preservedmeshcode / meshcode chat (the standalone agent) is unchanged.

MeshGuard requires backend changes deployed to api.model-mesh.net: the routing_policy column on endpoint_interfaces, the tools/tool_choice passthrough on /v1/chat/completions, the X-MeshCode-* header support on select_interface, and the corresponding migration. If your ModelMesh deployment doesn't have these yet, meshcode chat still works but meshcode wrap will fail. See the project repo for the backend rollout PR.

Two products in one CLI:

  • MeshCode — standalone agentic coding REPL (meshcode). Full intent-based routing: any prompt can land on any model in your pool, optimized for cost and quality.
  • MeshGuard — transparent governance proxy in front of Claude Code / Cursor / Cline / any Anthropic-API tool (meshcode wrap, meshcode shell). Honors the tool's chosen provider family; layers DLP, audit, budgets, and policy on top.

Every prompt — through either surface — goes through your ModelMesh deployment. Your CISO sees what your developers asked. Your routing rules decide which model gets the prompt. Your token budgets are enforced before the call leaves your perimeter.

Install

Once published, customers run:

npm install -g @mmesh/meshcode
meshcode --version

Local development

cd cli
npm install
npm run typecheck     # sanity check the TS
npm run build         # compile to dist/ + chmod +x
npm link              # symlinks `meshcode` into your PATH from this folder

To remove the local link: npm unlink -g @mmesh/meshcode.

First-time login

meshcode login

This opens your browser to the ModelMesh portal. Sign in with the same credentials you use for the web app — your CLI is then authorized. You never see or paste an API key. Under the hood ModelMesh auto-provisions a CLI (auto) endpoint scoped to your role on first login and binds a fresh mm_live_* token to your CLI; the token is stored in ~/.meshcode/config.json (mode 0600).

If you need to point at a non-production deployment:

meshcode login --server https://dev.api.model-mesh.net

Headless / CI / air-gapped environments

When there's no browser, you can still sign in by pasting an API key generated from the admin portal (Admin → Endpoints → API Keys):

meshcode login --key mm_live_xxxxx --server https://api.model-mesh.net

Or, on a server that can reach the portal but can't launch a browser, print the URL and complete the flow on another machine:

meshcode login --no-browser

Use

MeshCode (standalone agent)

meshcode                              # start the REPL
meshcode "summarize this codebase"   # one-shot prompt, then REPL

MeshGuard (proxy in front of existing tools)

meshcode wrap spawns the tool you name with ANTHROPIC_BASE_URL pointed at a local proxy. From the tool's perspective, nothing changed — it's still talking to Anthropic. Underneath, every prompt is routed through ModelMesh.

# Run Claude Code with every prompt routed through ModelMesh.
meshcode wrap claude

# Same idea, but launch a subshell so any tool you run inside it (claude,
# cline, scripts) is automatically routed.
meshcode shell
exit                                  # closes the subshell and the proxy

What you'll see:

[meshguard] proxy http://127.0.0.1:54213  →  https://api.model-mesh.net  (source=claude-code, family=anthropic)
[meshguard] launching: claude

╭─ Claude Code ───────────────────────────────────╮
│                                                  │
│  Welcome to Claude Code...                       │

By default, MeshGuard runs in honor-tool mode — when Claude Code calls Anthropic, ModelMesh only picks Anthropic-family models (Haiku/Sonnet/Opus) from your routing pool. DLP, audit, and budgets still apply on every prompt. Switch the endpoint's routing_policy to optimize in the admin portal if you want the full multi-vendor cost optimization.

Built-in tools

| Tool | Destructive | Description | |--------|:-:|---| | Read | no | Read a file with line numbers | | Write | yes | Create or overwrite a file | | Edit | yes | Exact-string find-and-replace | | Bash | yes | Run shell commands (120s timeout, 100KB output cap) | | Glob | no | Find files by pattern (uses fast-glob) | | Grep | no | Search file contents (uses ripgrep) |

Destructive tools prompt for permission on first use; you can allow once, allow for the session, or deny.

Slash commands

/help              — list commands
/login             — sign in (opens browser; switch accounts mid-session)
/logout            — sign out and exit
/clear             — wipe conversation history (keeps system prompt)
/mode <name>       — permission mode: default | acceptEdits | bypassPermissions
/exit              — quit

acceptEdits allows Write and Edit without prompting; bypassPermissions skips all prompts (use with care, e.g. inside a sandboxed container).

Ctrl-C once interrupts the current turn; twice within 2 seconds quits.

What you get from ModelMesh

Every chat completion goes through your ModelMesh deployment. That means:

  • Intent routing — your coding prompt may land on a different model than your security-review prompt, based on your routing rules.
  • DLP / PII scanning — Presidio + spaCy run on every prompt before it leaves your perimeter.
  • Cyber-risk inspection — escalating session-level risk scoring.
  • Audit logs — every request, model, token count, cost, and routing decision shows up in your admin portal.
  • Budget enforcement — token caps per role are honored.

The CLI surfaces the routing decision on each turn:

  routed: claude-sonnet-4-6 · intent: coding

Architecture

meshcode (this CLI)
   │
   │  POST /v1/chat/completions  (Bearer mm_live_...)
   │  with tools[] declarations
   ▼
ModelMesh backend (api.model-mesh.net)
   │
   ├─ Intent classification
   ├─ Routing rules / health / budget filter
   ├─ DLP + cyber-risk scan
   │
   ▼
Selected provider (OpenAI / Anthropic / Google / Bedrock / Azure / ...)
   │
   ▼
Streamed back as OpenAI SSE — content deltas + tool_calls deltas
   │
   ▼
meshcode parses tool_calls → executes locally → feeds results back

Status

This is 0.1.0. Working:

  • Streaming chat with tool calls
  • Read / Write / Edit / Bash / Glob / Grep
  • Permission prompts with session/once/deny
  • Slash commands
  • Conversation history within a session

Coming next:

  • Device-flow login (no more pasting keys)
  • Sub-agents (delegate a focused task to a fresh context)
  • /init to bootstrap CLAUDE.md / AGENTS.md style project guides
  • Plan mode
  • MCP server support
  • Persistent session resume

License

Proprietary. Internal to ModelMesh.