npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

cipherwake-mcp

v0.1.3

Published

MCP server exposing Cipherwake's deploy-check + scan + preview-diff + trust-diff tools to Claude Desktop / Claude Code / Cursor / Cline / any MCP-compatible AI coder. Lets the agent gate deploys, surface HTTPS posture, and compare preview vs production di

Downloads

490

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

drentropydrentropy

Keywords

mcpmodel-context-protocolanthropicclaudeclaude-codecursorclineai-coderdeploy-gatedeploy-checkship-decisioncipherwakepqcheckhttpssecuritypost-quantumhndl

Readme

cipherwake-mcp

MCP server exposing Cipherwake's deploy-gate + scan + preview-diff + suggest-fix tools to any Model Context Protocol-compatible AI coder.

Once installed, your AI agent can call these tools directly as part of its reasoning loop — no npx pqcheck step, no manual scanning. Customer asks "is this safe to deploy?" → Claude calls cipherwake_before_deploy_check → result lands in the chat reply.

Tools

| Tool | When the agent should call it | |---|---| | cipherwake_before_deploy_check | After finishing a change, before telling the user a deploy is ready. Returns pass / review / block. | | cipherwake_preview_diff | After deploying to a preview URL, before merging. Catches new third-party scripts, header regressions, soft-404s, broken protected paths. | | cipherwake_scan_domain | When the user asks "how secure is X?" about any HTTPS domain. Returns DBR grade + top findings. | | cipherwake_explain_finding | When the user asks "what does finding headers.csp.missing mean?" | | cipherwake_suggest_fix | When the user asks "what should I fix first?" Returns the highest-impact, customer-actionable fix. |

Every tool response includes a human_summary and required_user_summary field so the agent surfaces the result in its final reply instead of hiding the check.

Install

Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%/Claude/claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "cipherwake": {
      "command": "npx",
      "args": ["-y", "cipherwake-mcp"]
    }
  }
}

Restart Claude Desktop. The 5 tools above appear in Claude's tool list.

Claude Code (CLI)

Add to your ~/.claude/settings.json:

{
  "mcpServers": {
    "cipherwake": {
      "command": "npx",
      "args": ["-y", "cipherwake-mcp"]
    }
  }
}

Cursor

Edit ~/.cursor/mcp.json:

{
  "mcpServers": {
    "cipherwake": {
      "command": "npx",
      "args": ["-y", "cipherwake-mcp"]
    }
  }
}

Restart Cursor. Tools appear in Cursor's MCP-mode tool list.

Cline (VS Code extension)

Open the Cline panel → MCP Servers → Edit cline_mcp_settings.json:

{
  "mcpServers": {
    "cipherwake": {
      "command": "npx",
      "args": ["-y", "cipherwake-mcp"],
      "disabled": false
    }
  }
}

Windsurf / Continue / other MCP clients

Same shape — point the client's MCP config at:

command: npx
args: ["-y", "cipherwake-mcp"]

Configuration

cipherwake-mcp reads two environment variables (both optional):

  • CIPHERWAKE_API_BASE — override the API base URL (default: https://cipherwake.io)
  • CIPHERWAKE_API_KEY — authenticated API key (qpk_...) for the per-account quota path. Without it, you fall under the per-IP free tier (120 scans/hour shared with npx pqcheck).

How the agent uses it

Anthropic's MCP doesn't force an agent to call a tool, but it strongly nudges. Cipherwake's tool descriptions are written to match agent lifecycle moments — cipherwake_before_deploy_check literally says "Use this AFTER finishing a code change and BEFORE telling the user a deploy is ready." That's the kind of phrasing agents respond to.

Combined with Cipherwake's AI Coder Protocol (installed via npx pqcheck protocol install), the agent has both:

  1. A rule telling it to gate every deploy on ship_decision
  2. A tool to actually run the check

The protocol rule + MCP tool together make the agent's behavior reliable across Claude Desktop, Claude Code, Cursor, Cline, and any future MCP client.

Route assertions — declare your private routes

If your repo has a .cipherwake.json at the root (see the methodology), Cipherwake asserts your declared private routes are still gated on every check the MCP tool runs. Drop a config like:

{
  "routeAssertions": {
    "assertions": [
      { "path": "/api/admin/users", "expect": "protected", "why": "User mgmt API" },
      { "path": "/api/internal/cron", "expect": "protected", "why": "Internal cron handler" }
    ]
  }
}

The agent sees ship_decision_assertions=block and the per-assertion CIPHERWAKE_ROUTE_ASSERTIONS block in the tool response. A critical failure (declared protected route now returns 200) auto-blocks via ship_decision=block — the agent stops and surfaces the change to the user, same protocol as drift-based blocking. No credentials required: Cipherwake never crawls behind your login. See why not for the design decision.

Brand visibility

Every MCP response from cipherwake-mcp includes a markdown summary like:

🛡️ **Cipherwake** · ⚠️ **REVIEW** — found 2 trust-surface changes since baseline:
- [HIGH] New third-party script: widget.intercom.io
- [MEDIUM] Strict-Transport-Security weakened: max-age=31536000 → max-age=3600

Agents are expected to paste this verbatim into their final reply. The brand stays visible to the user — Cipherwake doesn't run silently in the background.

Free vs paid

The MCP server is free to install + use. Underlying API quotas:

  • Free (anonymous, per-IP): 120 scans/hour shared with npx pqcheck. Fine for ad-hoc checks; can be exhausted by heavy CI use.
  • Cipherwake Founder Pro ($19.99/mo launch pricing, locked while subscription active): 5,000 calls/month + custom CI thresholds + Slack/webhook delivery + saved baselines. Set CIPHERWAKE_API_KEY to use this path.

See cipherwake.io/pricing.

Source + feedback

License

MIT