npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

agent-reliability-kit

v0.1.0

Published

Verify, harden, and ship AI-agent-assisted codebases in one command.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

aolinggeaolingge

Keywords

ai-agentcodexclaude-codecursorgemini-clideveloper-toolssecuritycimcpmcp-securityn8nllm-costsarif

Readme

Agent Reliability Kit

Agent Reliability Kit

Verify, harden, and ship AI-agent-assisted codebases in one command.

Status CI License: MIT Node

Agent Reliability Kit scans a repository the way a careful maintainer would before letting AI coding agents work there: agent instructions, verification commands, README quality, secret hygiene, GitHub Actions safety, MCP/tooling risk, n8n workflow exports, team policy, and release readiness.

The flagship path is simple: keep agent-secret-guard as the sharp security wedge, and use agent-reliability-kit as the one command center for agent-era repository reliability.

Quick Start

Pre-release status: the public repository and docs are live, and the npm package is not published yet. Run from source for now; the npx command below becomes the public install path after npm publication.

npm install
npm run build
node dist/cli.js scan . --out .agent-reliability --format markdown,json,html

After npm publication:

npx agent-reliability-kit scan .

Optional focused checks:

ark team-audit . --out .agent-reliability/team
ark mcp-registry . --registry .agent-reliability/mcp-registry.json
ark n8n-scan . --out .agent-reliability/n8n
ark n8n-backup . --backup-dir .agent-reliability/n8n-backup
ark cost-report . --trace .agent-reliability/traces --budget-usd 10

The scan writes:

  • .agent-reliability/report.md
  • .agent-reliability/report.json
  • .agent-reliability/report.html

The quick start runs entirely on your machine. Do not include real secrets, private logs, cookies, browser profiles, or private URLs in examples, fixtures, bug reports, or shared scan output.

Why It Exists

AI coding agents fail most often on the unglamorous parts: missing repo rules, unclear commands, conflicting instruction files, unsafe CI defaults, accidental secret exposure, and README promises nobody has replayed. This project turns those weak signals into one shareable report.

What It Checks

| Area | What gets verified | | --- | --- | | Agent instructions | AGENTS.md, CLAUDE.md, GEMINI.md, CODEX.md, Copilot instructions | | Commands | test, build, lint, typecheck, check scripts across common stacks | | README | install path, quick start, visual proof, license, contribution path | | Secrets | token-like values, tracked .env files, redacted evidence | | GitHub Actions | validation commands, explicit permissions, risky triggers, pipe-to-shell | | AI tooling | MCP command configs and prompt-injection-like instruction files | | MCP registry | private allowlist, trust score, approved commands/URLs, risk owner | | n8n | public webhooks, command nodes, risky code nodes, workflow secrets, redacted backups | | Team layer | scan history, policy gates, audit report, dry-run Slack payload | | Cost guard | local trace token/cost summary and budget alerts |

CLI

agent-reliability-kit scan [path]
agent-reliability-kit doctor [path]
agent-reliability-kit init [path]
agent-reliability-kit team-audit [path]
agent-reliability-kit mcp-registry [path]
agent-reliability-kit n8n-scan [path]
agent-reliability-kit n8n-backup [path]
agent-reliability-kit cost-report [path]

Examples:

ark scan . --min-score 85
ark scan . --format sarif --stdout > agent-reliability.sarif
ark doctor .
ark init .
ark team-audit .
ark mcp-registry .
ark n8n-scan .
ark cost-report . --budget-usd 10

Machine-readable stdout stays clean for CI:

ark scan . --format sarif --stdout > agent-reliability.sarif

Report Preview

Report preview

The HTML report is designed for maintainers, contributors, and launch pages. It gives a score, severity counts, repository signals, and next actions for each finding.

Product Modules

CLI demo

Comparisons

Launch Kit

The repository includes a pre-release launch kit so maintainers can prepare a public launch without inventing copy or sharing private data at the last minute.

Visual assets are available in assets/, including social-preview.png for GitHub/social cards and product-hunt-thumbnail.png for square launch surfaces.

Product Principles

  • Local-first: source code and findings stay on your machine.
  • No secret echo: token-like evidence is redacted before it appears in reports.
  • Private-data safe: reports, examples, and issues must not include real secrets, private logs, cookies, browser profiles, or private URLs.
  • Agent-neutral: useful for Codex, Claude Code, Cursor, Gemini CLI, OpenCode, and similar tools.
  • CI-friendly: Markdown, JSON, SARIF, and GitHub Actions annotations are first-class outputs.
  • Maintainer-friendly: findings explain why they matter and what to do next.

Development

npm install
npm run check
npm run build
npm run smoke

Repository layout:

src/
  cli.ts
  core/
  scanners/
  report/
  init/
tests/
  fixtures/
docs/
assets/

Roadmap

  • v0.1: CLI scan, doctor, init, Markdown/JSON/HTML/SARIF reports.
  • v0.2: team audit, private MCP registry, n8n safety/backup, and local cost guard.
  • v0.3: GitHub Action wrapper, dogfood gallery, and agent-secret-guard rule-pack consolidation.
  • v0.4: hosted team dashboard prototype, org policy packs, and private MCP approval workflow.
  • v0.5: pr verify, trace run, and compatibility matrix for Codex, Claude Code, Cursor, Gemini CLI, and OpenCode.

Security

Do not include real secrets in issues, examples, or fixtures. See SECURITY.md for reporting guidance.

Contributing

Small, well-tested contributions are welcome. Start with CONTRIBUTING.md, run npm run check, and include the scanner output when changing rules.

License

MIT