npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

clue-tools-mcp

v0.1.10

Published

Clue.tools MCP server — team AI activity logger for Claude Code. Captures session metadata only; never raw prompt or response content.

Readme

clue-tools-mcp

The Clue.tools MCP server — a team AI activity logger for Claude Code. It captures session metadata only and ships it to your team's Clue.tools dashboard. It never captures, stores, or transmits raw prompt or response text.

This is Phase 2A of the Clue.tools platform. It feeds the shared backend's POST /api/ingest endpoint built in Phase 1 (apps/web).

What it captures

Metadata only:

  • timestamps (session start/end, duration)
  • tool names used (e.g. Read, Edit, Bash) — names only
  • file paths touched — paths only, never file contents
  • token counts and conversation turn counts (when the host exposes them)
  • a short, locally-generated, redacted activity summary (raw_context)

It never captures: prompt text, response text, file contents, clipboard, or anything resembling conversation content. There is no code path that accepts such data — privacy is structural, not just policy.

Install & connect

npx clue-tools-mcp init --team-key <your-team-key> --name "Your Name"

init will:

  1. Validate the team key against the Clue.tools API.
  2. Store credentials in ~/.clue/credentials.json (mode 0600) — never in your project directory.
  3. Write default privacy settings to ~/.clue/config.json if absent.
  4. Register the server in your Claude Code config (~/.claude.json) so future sessions load it automatically.

Then restart Claude Code.

Flags:

| Flag | Purpose | |---|---| | --team-key <key> | Your team key (prompted if omitted). | | --name <name> | Your display name (prompted if omitted). | | --api-base <url> | API base URL. Default https://clue.tools. | | --mcp-config <path> | Host config file to patch. Default ~/.claude.json. Use for Claude Desktop or project-scope .mcp.json. | | --print-only | Print the config snippet instead of writing it. | | --skip-validation | Skip the team-key API check (offline setup). |

Check status any time:

npx clue-tools-mcp status

How it works

MCP servers can only observe calls to their own tools, not the host's calls to Read/Write/Bash. So this server exposes tools the host invokes to report activity:

| Tool | Purpose | |---|---| | clue_record_activity | Log a metadata-only event (tool name, file paths, turn/token counts, short note). | | clue_flush_session | End the current session and ship its summary now. | | clue_status | Report connection health and pending-upload count. |

A session also auto-flushes after 10 minutes of inactivity (the spec's idle end trigger) and on process shutdown (SIGINT/SIGTERM). Payloads are written to a durable on-disk queue (~/.clue/queue.json) and retried with exponential backoff, so nothing is lost during a network outage; the queue is drained on the next startup.

Privacy configuration — ~/.clue/config.json

{
  "redact_conversation_content": true,
  "send_file_names_only": true,
  "send_tool_calls": true,
  "opt_out_days": [],
  "api_endpoint": "https://clue.tools/api/ingest"
}
  • redact_conversation_content (default true) — raw prompt text is never shipped regardless; this flag is for transparency.
  • send_file_names_only (default true) — set false to omit files_touched entirely. (There is no "contents" mode; the only alternative is omission.)
  • send_tool_calls (default true) — set false to omit tool_calls.
  • opt_out_days — list of YYYY-MM-DD dates or weekday names (e.g. "Saturday") on which all tracking is suppressed.

A malformed config falls back to the strict defaults — it can never silently weaken privacy.

Environment variables

init writes these into the Claude Code MCP entry; you can also set them manually:

CLUE_TEAM_KEY=        # your team key (secret)
CLUE_MEMBER_NAME=     # your display name
CLUE_API_ENDPOINT=    # full ingest URL, e.g. https://clue.tools/api/ingest

Environment variables take precedence over ~/.clue/credentials.json.

Development

npm install            # from repo root (workspaces)
npm run build --workspace=clue-tools-mcp
npm run typecheck --workspace=clue-tools-mcp
npm run test --workspace=clue-tools-mcp

Ingest contract (must stay in sync with apps/web)

POST /api/ingest with headers x-team-key and x-member-id, body:

{
  "source": "mcp",
  "tool": "claude-code",
  "started_at": "2026-06-25T09:00:00Z",
  "ended_at": "2026-06-25T10:30:00Z",
  "duration_mins": 90,
  "model": "claude-sonnet-4-6",
  "input_tokens": 14200,
  "output_tokens": 8100,
  "turns": 34,
  "tool_calls": ["Read", "Edit", "Bash"],
  "files_touched": ["src/api/routes.ts"],
  "raw_context": "compressed activity summary…"
}

The endpoint uses a strict schema: it rejects unknown keys and any field that looks like conversation content. This package emits exactly these keys and nothing else.