npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@the-ai-company/cbio-cli

v0.26.0

Published

1 password CLI for your AI agent team. Local vault management, and auth proxy workflows.

Downloads

45

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

vinciartsvinciarts

Keywords

claw-biometricagentidentityvaultsecretscredentialsauthenticationed25519

Readme

Claw-biometric (cbio) CLI

1Password for AI agents.

Stop giving your agents raw API keys.

The Amateur Way: You pass a raw string sk_live_... into your agent's tool or prompt.

  • Result: The key leaks into logs, traces, and prompt injection "jailbreaks". Your agent is a security liability.

The Sovereign Way: Your agent has an Identity. It uses secret names without ever seeing the plaintext keys.

  • Result: Your agent acts as a Certified Operator. Credentials stay in the "Dark Room" (the vault). Your agent is a production-grade asset.

See it work: The Sovereign Team

In a production environment, you don't have one "God Agent". You have a team of specialists.

Finance-Agent: "I need to audit last month's AWS spend."
Finance-Agent: [CBIO] Unlocking 'finance-vault'... Using 'aws-readonly' identity.
Finance-Agent: [CBIO] Injecting auth... Fetching CloudWatch billing...
Finance-Agent: "Audit complete. I never saw the root AWS key."

Dev-Agent: "I'm deploying the new landing page to Vercel."
Dev-Agent: [CBIO] Unlocking 'dev-vault'... Using 'vercel-deploy' identity.
Dev-Agent: [CBIO] Injecting token... Pushing build...
Dev-Agent: "Deploy successful. Financial credentials remained physically isolated."

Boss: "Did the Finance Agent see the Vercel token?"
CBIO: "No. Keypairs are unique. Vaults are isolated. Trust is partitioned."

Why this exists

In the era of 10,000 parallel agents, passing raw keys is an architectural failure.

Claw-biometric is the sovereign identity layer for your agent team. It provides a physical isolation boundary between your Agent's Logic and your Production Credentials.

Key Features

  • 🔐 AES-256-GCM Vault: 100% offline, encrypted at rest. No cloud backdoors.
  • 🛡️ Physical Isolation: Agents perform requests without ever seeing plaintext secrets.
  • ⚡ Atomic Auto-Save: Real-time, encrypted disk writes on every credential change.
  • 🧩 Recursive Identity: Issue and govern sub-identities with a master authority.
  • 📜 Tamper-Evident Logs: Audit every secret access with local activity logs.

The Golden Rule

Agent logic should receive only the agent handle, never the identity. If your agent process can read the raw private key (AGENT_PRIV_KEY), nothing can protect you from that process. Always separate the Authority (Identity) from the Execution (Agent).

Quick Start: Zero to Sovereign

1. Install

npm install @the-ai-company/cbio-cli

2. Initialize your Identity

npx @the-ai-company/cbio-cli init

Creates your root identity. Save the Private Key as AGENT_PRIV_KEY.

After installation, the local binary name is still:

cbio init

3. Export your private key

export AGENT_PRIV_KEY=your_private_key_here

4. Add a secret

cbio tui

5. Start a local auth proxy

cbio proxy https://api.openai.com openai

The proxy prints a local Base URL. Point your client or tool at that URL and use any placeholder API key value.

How it works

CBIO keeps secrets in the local vault and injects auth at request time, so your tool can talk to a local endpoint without holding the raw provider key.

 [ Agent Logic ] <--- (HALT) --- [ Isolation Boundary ]
      |                                   |
 (Fetch Name) ---> [ Claw-biometric Vault ] ---> (Inject Auth) ---> [ API Service ]
                      (Encrypted)                              (SSL)

CLI Tools

  • Installable package: @the-ai-company/cbio-cli
  • Local binary: cbio
  • Core flow: cbio init, cbio tui, cbio proxy
  • cbio init: create your identity and print the keys you need to save
  • cbio tui: add, inspect, and remove secrets in the local vault
  • cbio proxy <upstream-url> [secret-name]: expose a local endpoint that injects auth from the vault
  • Auxiliary commands: cbio agent-id, cbio get, cbio delete
  • cbio agent-id: print the root agent ID for a private key
  • cbio get: print a secret in plaintext for last-mile admin/debug work
  • cbio delete: delete a secret after confirmation

Explore the Ecosystem

License: MIT Built for the Age of Autonomy.