npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@pandi-coding-agent/pandi-ultracode-claude

v0.1.4

Published

Runner trusted-workspace de Ultracode que orquesta workflows portables mediante Claude Code CLI.

Readme

@pandi-coding-agent/pandi-ultracode-claude

Ejecutá workflows portables de Ultracode mediante Claude Code CLI, sin iniciar Pi ni depender de la herramienta Workflow nativa. El paquete ofrece una CLI observable y un plugin local con /ultracode-run; cada corrida conserva artifacts y journal en .claude/ultracode/runs/.

Este runner es trusted-workspace only: ejecutá únicamente workflows y workspaces que hayas revisado y decidido confiar. run y resume rechazan la ejecución salvo que pases --trust-workspace de forma explícita.

/ultracode sigue siendo la entrada nativa existente de Claude Code. Elegí /ultracode-run cuando necesitás un proceso externo, artifacts inspeccionables y recuperación mediante resume.

Inicio rápido

Necesitás Node 22+ y Claude Code CLI autenticado:

npm install -D @pandi-coding-agent/pandi-ultracode-claude
npx pandi-ultracode-claude doctor
npx pandi-ultracode-claude list

La ejecución no interactiva de Claude omite su diálogo de confianza. Por eso cada run y resume exige el acuse explícito --trust-workspace:

npx pandi-ultracode-claude run claude-ultracode \
  --input '{"request":"Auditá el README"}' \
  --concurrency 4 --max-agents 8 --trust-workspace

Usarlo desde Claude Code

Cargá el plugin solo para la sesión actual; el paquete no escribe en ~/.claude:

claude --plugin-dir "$(node -p \"require('node:path').dirname(require.resolve('@pandi-coding-agent/pandi-ultracode-claude/package.json'))\")/claude-plugin"

En esa sesión, usá /ultracode-run <tarea>. El comando pedirá confirmar la confianza del workspace antes de lanzar el runner. No confundirlo con /ultracode, que preserva el runtime Workflow nativo.

Workflows y recuperación

El runner busca workflows en este orden:

| Fuente | Ubicación | | ----------------- | --------------------------------------- | | Proyecto | .claude/ultracode/workflows/<name>.js | | Host | workflows/ del paquete | | Catálogo portable | pandi-dynamic-workflows/scaffolds/ |

Los workflows externos usan el formato portable: sin import, export const meta opcional y un return final. No cargan .claude/workflows/: ese catálogo es un artifact del runtime Workflow nativo y no comparte este contrato.

npx pandi-ultracode-claude check contract-gate
npx pandi-ultracode-claude view .claude/ultracode/runs/<run-id>
npx pandi-ultracode-claude resume .claude/ultracode/runs/<run-id> --trust-workspace

Cada corrida congela fuente e input y guarda events.jsonl, journal.json, status.json, result.json, summary.md y stdout/stderr por worker. resume reutiliza solo las llamadas cacheadas; diseñá los workflows como idempotentes.

Seguridad

Los workers se lanzan sin shell mediante claude --print con --permission-mode plan, allowlist Read,Glob,Grep y --safe-mode. Esta primera entrega rechaza escrituras de agentes, bash(), writeFile(), appendFile() y grants por agente de tools, skills, extensions, environment o provider. Tampoco agrega directorios, plugins, MCP ni flags dangerously-*.

Estos límites reducen el privilegio, pero no convierten workflows confiados ni el proceso de Claude en una frontera de aislamiento. node:vm aporta solamente un contexto de evaluación: el workflow corre dentro del proceso del runner con las capacidades host inyectadas. No es un sandbox de seguridad y no admite código no confiable.

Una futura frontera de proceso/OS está diseñada, pero no implementada, en docs/research/2026-07-11-ultracode-process-os-boundary.md.

Agregá los artifacts efímeros al proyecto:

.claude/ultracode/runs/

Referencia CLI

pandi-ultracode-claude list [--cwd <dir>]
pandi-ultracode-claude check <workflow> [--cwd <dir>]
pandi-ultracode-claude run <workflow> [flags]
pandi-ultracode-claude resume <run-dir> [flags]
pandi-ultracode-claude view <run-dir>
pandi-ultracode-claude doctor [--claude-command <path>]

Smoke real opt-in

Los tests usan un ejecutable falso. Una persona autenticada puede probar el adaptador en un worktree separado con un solo worker:

PANDI_CLAUDE_SMOKE=1 node --test \
  extensions/pandi-ultracode-claude/tests/integration/claude-live-smoke.test.mjs