npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

agentopssec

v1.0.0

Published

Stack orchestrator for the AgentOpsSec CLI suite.

Downloads

132

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

agentopssecagentopssec

Keywords

agentopssecagentsmcpsecuritycli

Readme

AgentOpsSec

Run the AgentOpsSec stack from one CLI.

AgentOpsSec is the stack/kit command for the AgentOpsSec toolchain. Each project in the suite can still run on its own, but this CLI gives teams one entry point for setup, scanning, monitoring, and wrapped agent runs.

agentopssec init
agentopssec check
agentopssec start -- codex "work on this repo"

What It Does

AgentOpsSec detects and coordinates the standalone tools:

  • MCP Doctor: scans MCP configuration risk.
  • MCP Firewall: registers MCP configs and logs policy decisions.
  • Agent Flight Recorder: records agent runs.
  • Agent Review: reviews diffs, run logs, sandbox runs, and firewall logs.
  • MCP Radar: scores MCP servers from registry data.
  • Agent Sandbox: runs agents in an isolated workspace.
  • Agent Cost Lens: tracks local agent cost records.

The stack CLI does not import code from those projects. It discovers installed CLIs, runs them as commands, and connects them through JSON reports and local log files.

Install

npm install -g agentopssec

Each individual tool ships under the @agentopssec/ scope on npm. During agentopssec init, the CLI checks for each standalone command and asks whether you want to install missing tools globally:

npm install -g @agentopssec/mcp-doctor
npm install -g @agentopssec/mcp-firewall
npm install -g @agentopssec/agent-flight-recorder
npm install -g @agentopssec/agent-review
npm install -g @agentopssec/mcp-radar
npm install -g @agentopssec/agent-sandbox
npm install -g @agentopssec/agent-cost-lens

Update

agentopssec update checks the registry for the orchestrator and every sub-tool, lists each tool's current vs. latest version, and offers to install all available updates in one batch:

agentopssec update          # interactive: prompts before installing
agentopssec update --yes    # apply every available update without prompting

Each tool also has its own update command if you want to update just one:

mcp-doctor update
agent-flight update --yes

Init

Run this from the repo you want to protect:

agentopssec init

Init will:

  1. Choose a stack profile.
  2. Check whether each selected standalone AgentOpsSec CLI is installed.
  3. Ask before installing missing tools globally.
  4. Create .agentopssec/config.json.
  5. Configure the selected tools that are available.
  6. Run an initial MCP scan when MCP Doctor is enabled.
  7. Feed the scan into MCP Firewall and MCP Radar when those tools are enabled.

Profiles:

agentopssec init --profile minimal
agentopssec init --profile security
agentopssec init --profile observe
agentopssec init --profile full
agentopssec init --profile custom
  • minimal: MCP Doctor
  • security: MCP Doctor, MCP Firewall, Agent Review
  • observe: Agent Flight Recorder, Agent Cost Lens
  • full: all tools
  • custom: prompt for each tool

Useful init options:

agentopssec init --yes
agentopssec init --no-install
agentopssec init --dry-run
agentopssec init --cwd /path/to/repo
agentopssec init --package-manager npm

--yes installs missing tools globally without prompting. --no-install skips prompts and configures only what is already installed. Package manager detection uses the current npm user agent when available and supports global installs via npm, pnpm, bun, or yarn.

Commands

agentopssec status
agentopssec tools
agentopssec scan
agentopssec check
agentopssec ci
agentopssec monitor
agentopssec start -- codex "fix the failing tests"
agentopssec start --sandbox -- claude "make this change safely"
agentopssec init-shell
agentopssec repair
agentopssec contract
agentopssec review latest
agentopssec review firewall
agentopssec review sandbox
agentopssec cost month
agentopssec update [--yes]

agentopssec --help prints a one-line description for every command and flag. Run it any time you want a refresher.

Output

Reports use plain-language status words instead of raw exit codes:

  • ok — the step ran successfully (green).
  • ok (exit 0) — same, but on commands that wrap an external agent so you can still see the real exit code.
  • failed (exit N) — the step exited non-zero (red). The original code is preserved for debugging.
  • skipped (reason) — the step was not applicable (dim).

Severity colors follow the AgentOpsSec palette: green for safe, amber for warning, red for high risk. The palette honors NO_COLOR and FORCE_COLOR, and JSON / CSV output stays plain.

Stack Workflows

Scan

agentopssec scan

When available, this runs:

mcp-doctor scan --json --output .agentopssec/mcp-doctor-scan.json
mcp-firewall import-doctor .agentopssec/mcp-doctor-scan.json
mcp-radar score-doctor .agentopssec/mcp-doctor-scan.json

Start

agentopssec start -- codex "work on this repo"

The stack chooses the strongest available wrapper chain:

Agent Cost Lens -> Agent Flight Recorder -> MCP Firewall -> agent command

With --sandbox, the chain becomes:

Agent Cost Lens -> Agent Sandbox -> MCP Firewall -> agent command

After the run, AgentOpsSec runs available review and cost summaries.

By default, start uses compact output: AgentOpsSec shows one summary and captures child tool output. Use --verbose when you want the underlying tools to stream directly:

agentopssec start --verbose -- codex "work on this repo"

Shell Integration

eval "$(agentopssec init-shell)"
codex "fix tests"
claude "review this repo"
gemini "summarize the diff"
opencode "refactor this file"

The shell functions route normal agent commands through agentopssec start. Use agentopssec init-shell --sandbox to make the wrappers use Agent Sandbox by default.

Check and CI

agentopssec check
agentopssec ci

check is a local audit snapshot. ci runs the same style of stack checks as a gate and exits nonzero when a configured risk threshold or budget check fails.

When available, CI runs:

MCP Doctor CI
MCP Firewall import
MCP Radar score
Agent Review over git diff
Agent Review over firewall logs
Agent Cost Lens budget check

Monitor

agentopssec monitor

Monitor runs a passive snapshot of stack signals that are available in the repo. It is not a live watch process.

  • MCP Doctor scan
  • MCP Firewall import
  • MCP Radar scoring
  • Agent Review over firewall logs
  • Agent Cost Lens daily summary

Repair

agentopssec repair

Repair re-checks installed tools, recreates missing stack folders, refreshes the stack config, validates known JSON and JSONL contract files, and suggests exact global install commands for enabled tools that are missing.

Data Contract

agentopssec contract

The stack connects tools through local files:

.agentopssec/config.json
.agentopssec/mcp-doctor-scan.json
.agentopssec/mcp-radar-doctor.json
.mcp-firewall/logs.jsonl
.agent-flight/runs/*.json
.agent-sandbox/runs/*.json
.agent-cost/records.jsonl

Those files are the integration boundary. The stack CLI does not import code from the standalone tools.

Pass-Through Commands

You can call the standalone tools through the stack CLI:

agentopssec doctor scan --json
agentopssec firewall logs
agentopssec radar score github/server
agentopssec flight list
agentopssec sandbox diff latest
agentopssec cost export --csv

This is a convenience layer. The underlying standalone commands remain the source of truth for each tool.

Development

AgentOpsSec is a dependency-free Node.js CLI.

npm test
node ./bin/agentopssec.js status
node ./bin/agentopssec.js tools --use-local
node ./bin/agentopssec.js init --use-local --no-install

--use-local makes the orchestrator resolve sibling tool folders directly without needing global installs. Useful when you have all the tool repos checked out side by side under one workspace.

Links

  • Stack repo: https://github.com/AgentOpsSec/stack
  • Website: https://AgentOpsSec.com
  • GitHub org: https://github.com/AgentOpsSec
  • X: https://x.com/AgentOpsSec

Author

Created and developed by Aunt Gladys Nephew.

  • Website: https://auntgladysnephew.com
  • GitHub: https://github.com/auntgladysnephew
  • X: https://x.com/AGNonX