npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

agent-trust-center

v0.1.0

Published

Local-first trust report and CI gate for AI agent tooling evidence.

Downloads

22

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

gowrav_mgowrav_m

Keywords

ai-agentsagent-securityevidencemcpskillsobservabilitycitrust-center

Readme

Agent Trust Center

One local report for AI agent trust evidence.

npx agent-trust-center demo

Agent tools are now spread across endpoint checks, NIM/provider checks, cognitive attack tests, skill admission, MCP safety, and runtime Watchtower traces. Each tool can be useful alone, but teams still need one simple answer before a merge or rollout:

Can this agent workspace be trusted right now?

Agent Trust Center imports normalized evidence from the companion tools and emits one Markdown, HTML, and JSON trust report plus a CI gate.

flowchart LR
  A["agent-endpoint-doctor"] --> F["agent-trust-center"]
  B["nim-doctor"] --> F
  C["agent-cognicheck"] --> F
  D["agent-skillguard"] --> F
  E["agentops-watchtower"] --> F
  F --> G["one trust report"]
  F --> H["CI gate"]

Why It Exists

Agent security is not one scan. Real agent rollouts combine:

  • endpoint compatibility: does the OpenAI-compatible model actually support chat, streaming, tools, JSON, and responses APIs?
  • cognitive/tool attack tests: can tools resist prompt-injection style misuse?
  • skill admission: can AI agent skills be installed safely?
  • runtime evidence: did the agent combine tools into risky chains?
  • CI governance: should this PR be allowed, reviewed, or blocked?

Agent Trust Center does not replace those tools. It is the local evidence orchestrator that turns them into one decision.

Quick Start

npx agent-trust-center demo
npx agent-trust-center profile
npx agent-trust-center gate --fail-on review

The demo writes:

.trust-center/
  evidence/
  reports/
    agent-trust-report.json
    agent-trust-report.md
    agent-trust-report.html

Real Workflow

Run the individual tools, generate their normalized evidence, then collect:

npx agent-skillguard demo
npx agent-skillguard evidence

npx agentops-watchtower demo
npx agentops-watchtower evidence

npx agent-cognicheck demo
npx agent-cognicheck evidence

npx nim-doctor demo
npx nim-doctor evidence

npx agent-endpoint-doctor demo
npx agent-endpoint-doctor evidence

npx agent-trust-center collect
npx agent-trust-center report
npx agent-trust-center gate --fail-on review

You can also import explicit files:

npx agent-trust-center import \
  .skillguard/reports/trust-evidence.json \
  .watchtower/reports/trust-evidence.json
npx agent-trust-center report

Evidence Contract

Every companion tool emits the same local JSON shape:

{
  "schemaVersion": "agent.trust.evidence.v1",
  "tool": { "name": "agent-skillguard", "version": "1.0.0" },
  "subject": { "type": "skill", "name": "code-reviewer" },
  "decision": "allow",
  "score": 0,
  "generatedAt": "2026-05-30T00:00:00.000Z",
  "findings": [],
  "artifacts": [],
  "recommendations": []
}

Score is normalized as risk: 0 is clean, 100 is worst. Compatibility tools convert readiness into risk with 100 - readiness.

Commands

  • demo: offline demo with fixture evidence from all five domains.
  • doctor: check Node, output folder, and local tool availability.
  • import <files...>: validate and import trust evidence JSON.
  • collect: collect known local trust-evidence.json files from this workspace.
  • report: generate JSON, Markdown, and HTML trust reports.
  • gate --fail-on review|block: fail CI when the merged decision reaches the threshold.
  • profile: print a compact local trust summary.

GitHub Actions

- uses: Gowrav-M/[email protected]
  with:
    evidence: |
      .skillguard/reports/trust-evidence.json
      .watchtower/reports/trust-evidence.json
    fail-on: review

See examples/github-action.yml.