npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@trynullsec/legion-mcp

v0.2.0

Published

Model Context Protocol server for Nullsec Legion — let an AI client create, monitor, and review missions. The passkey merge gate stays in the board.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

trynullsectrynullsec

Keywords

legionnullsecmcpmodel-context-protocolai-agentscursorclaude

Readme

@trynullsec/legion-mcp

A Model Context Protocol server for Nullsec Legion. It lets an AI client (Cursor, Claude Desktop, …) create, monitor, and review Legion missions through your running daemon.

It is a thin translation layer over Legion's HTTP API — each tool wraps one endpoint, adding no business logic.

What it deliberately does not do

It cannot approve a merge or delivery. That is a human passkey (WebAuthn) ceremony performed in the Legion board, cryptographically bound to the exact bytes of the diff and scan report. An MCP client has no key and no tool to sign it — by design. The agent can plan, build, scan, and read the result; the irreversible step waits for you. get_approval_status surfaces when a mission is at that gate and points you to the board. There is no approve_merge tool, and there never will be one here.

Prerequisites

A running Legion daemon (pnpm dev, default http://localhost:4242). The MCP server talks to it over HTTP.

Tools

| Tool | What it does | | --- | --- | | list_missions | All missions with state + the recommended next action (optional state/kind filter) | | get_mission | One mission: state, next action, recent event ledger | | create_mission | Create a code / task / open mission (optional autoStart) | | start_planning | Kick off the planner (or execution for open missions) | | approve_plan / reject_plan | The plan gate (no passkey); rejection reason is fed back to the replan | | get_scan | Latest scan verdict + per-tool finding counts (gitleaks/semgrep) | | get_deliverable | Task/open deliverable preview (sha256 + per-file content) | | get_approval_status | Whether a mission is at the human merge gate, with bound artifact hashes | | list_schedules / run_schedule_now | Recurring mission schedules |

Configuration (client)

The server runs over stdio. Point your client at it with npx.

Cursor~/.cursor/mcp.json (or a project .cursor/mcp.json):

{
  "mcpServers": {
    "legion": {
      "command": "npx",
      "args": ["-y", "@trynullsec/legion-mcp"],
      "env": { "LEGION_API_URL": "http://localhost:4242" }
    }
  }
}

Claude Desktopclaude_desktop_config.json (same shape):

{
  "mcpServers": {
    "legion": {
      "command": "npx",
      "args": ["-y", "@trynullsec/legion-mcp"],
      "env": { "LEGION_API_URL": "http://localhost:4242" }
    }
  }
}

Local development

To run it straight from a checkout (e.g. while hacking on the server itself):

{
  "mcpServers": {
    "legion": {
      "command": "node",
      "args": ["/absolute/path/to/legion/mcp/bin/legion-mcp.mjs"],
      "env": { "LEGION_API_URL": "http://localhost:4242" }
    }
  }
}

Environment

| Variable | Default | Purpose | | --- | --- | --- | | LEGION_API_URL | http://localhost:4242 | The Legion daemon base URL | | LEGION_API_TOKEN | (none) | Optional Bearer token, if you front the daemon with auth | | LEGION_API_TIMEOUT_MS | 30000 | Per-request timeout; a hung daemon returns a clean error, never hangs the client |

License

MIT — see the main repository.