npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

ghost-dragon

v4.2.1

Published

Ghost Protocol's operator CLI — a Claude-Code-style coding + ops agent on any brain, with deep Wyrm memory, a 200+ skill library, the dragon stack, and any MCP server.

Readme

The sovereign operator console for the Ghost Protocol stack. A Claude-Code-style agentic coding and ops CLI that runs on any brain — including fully on-host or free — remembers across every project, drives Ghost Protocol's own security tooling, and is hardened like we'd pentest a client.

   ▄▄▄▄▄
  ▟█████▙     G H O S T   P R O T O C O L
  █ ▘ ▘ █     ▌ OPERATOR CONSOLE // DRAGON v4.2.1
  ▜█████▛     on-host coding + ops agent · sovereign-capable · ghosts.lk
   ▘▘ ▘▘

Proprietary © 2026 Ghost Protocol (Pvt) Ltd. Internal + bundled tooling — not a public, general-purpose coding CLI. See Positioning for why that's deliberate.


Why this exists (and why it isn't trying to be "Claude Code, but ours")

Claude Code (Anthropic) and Copilot CLI (GitHub) are excellent, better-resourced, and own the model frontier. Dragon does not try to out-quality them on raw model output — that's a losing axis. It wins on the three things neither incumbent can structurally follow:

| | Dragon | Claude Code | Copilot CLI | |---|---|---|---| | Sovereignty — runs fully on-host or free | ✅ --sovereign (local + Wyrm, zero cloud) · free worker brain | ❌ cloud-only | ❌ cloud-only | | Memory you own — cross-session, cross-project | ✅ Wyrm by default | partial (vendor-side) | ❌ cloud-tied | | Stack-fusion — drives our own security tools | ✅ stack_pentest · stack_keep | ❌ | ❌ | | Cost floor | ~$0 (local/worker) | $$$ | $$ (premium requests) | | Hardening | built + self-pentested by us | OS sandbox | /sandbox | | Model quality | rents the best (Claude default) | owns it | rents Claude |

It rents the best model when quality matters (Claude is the default brain) and falls back to free or fully-local brains when sovereignty or cost matters more. Use the right tool for the job — Dragon is the one wired into our stack and memory.


Install

git clone https://github.com/ghosts-lk/dragon-cli.git
cd dragon-cli
npm install && npm run build && npm link    # → `dragon` on your PATH
# or run from source without linking:
npx tsx src/index.ts --help

Requires Node.js 18+. On first dragon chat with no brain configured you'll get a model picker; or sign in for the free brain with dragon login.


Quick start

dragon login                 # browser device-code sign-in → free Cloudflare brain, no API key
dragon chat                  # interactive agent REPL (coding + ops)
dragon ask "what changed in src today?"   # one-shot, read-only by default
dragon doctor                # health panel: brain, auth, memory, skills, stack
dragon tui                   # live operator command-center (press q to quit)

In chat: /brain switch model · /tools list · /memory <q> recall · /auto arm safe writes · /plan read-only · @path attach a file · /save export transcript · Ctrl-C aborts the turn.


Brains (pluggable model, with graceful fallback)

Tools always execute locally; the brain only does inference. Pick per-invocation with --brain <id>, or set a default with dragon brains / dragon config brain <id>.

| Brain | What it is | Needs | |---|---|---| | claude (default) | Anthropic Claude (claude-sonnet-4-6) — best quality | ANTHROPIC_API_KEY | | worker | Free, zero-key — our Cloudflare Workers AI (Llama 3.3 70B) | just dragon login | | local | Ollama / any OpenAI-compatible local server — sovereign, $0 | Ollama running | | ghost | DragonSpark, our own nano-LLM (optional R&D upside — not required) | DragonSpark served | | openai | OpenAI models | OPENAI_API_KEY | | custom | Any OpenAI-compatible endpoint (OpenRouter, vLLM, LM Studio…) | DRAGON_OPENAI_BASE |

A configured brain that can't run (e.g. claude with no key) auto-falls back to worker (if signed in) and then local, so the CLI always does something useful.


What the agent can do (tool surface)

  • Code — read / write / edit / list / glob / grep / bash (local files, ripgrep-backed).
  • Remember — deep Wyrm memory by default: recalls + captures across sessions, primes project context into the system prompt.
  • Apply skills — searches + reads the 200+ Ghost Protocol skill library mid-task (skill_search / skill_read).
  • Drive the stackstack_status / stack_run (any dragon subcommand), stack_pentest (PhantomDragon web scan → structured findings), stack_keep (DragonKeep system scan → structured findings).
  • Delegate — a read-only task sub-agent for focused investigation.
  • Extend — an MCP hub: dragon mcp add <name> … wires any MCP server's tools in.
  • Ask the portalportal_ask hits the hosted account.ghosts.lk assistant (when signed in).

Modes

dragon chat --auto         # allow safe, in-cwd file writes without prompting
dragon ask  --plan         # read-only profile (no writes, no bash mutations)
dragon chat --sovereign    # local brain + Wyrm only — no cloud, no portal
dragon chat --sandbox      # run bash inside a bubblewrap jail (cwd writable, rest read-only,
                           #   ~/.ssh /.aws /.gnupg /.dragon masked via tmpfs)

Security (built + self-pentested by the team that sells pentests)

This is both the biggest liability of an agent that can touch your machine and the point. The hardening must never regress:

  • Working-dir confinement — file tools are sandboxed to the cwd (realpath/symlink-aware); reads outside need approval; credential paths are blocked outright (.ssh, .aws, .gnupg, .dragon, .env, *.pem).
  • bash is always-prompt — never auto-run, the full command is shown, catastrophic patterns are flagged. --sandbox adds a bubblewrap jail.
  • Secrets at rest 0600 — config + traces; broad redaction of key/cookie/JWT shapes in traces and logs.
  • Network guards — restricted-port / SSRF URL guard; HTTP-header-injection guard on all credentials (no CRLF smuggling).
  • Fail safe — global crash handler (--debug for stacks); a slow/broken brain or Wyrm degrades gracefully instead of hanging.

Verified by an adversarial unit suite (npm test) + GitHub Actions CI (build · typecheck · tests). The auth-resolution and worker-brain paths are pure-function-tested so they're deterministic on any machine — not just the author's.


Commands

dragon chat | ask          # the agent (interactive REPL | one-shot)
dragon login               # browser device-code sign-in (--paste for headless boxes)
dragon brains              # interactive model picker / set default brain
dragon config <...>        # brain | model | key | custom-url | show
dragon doctor              # health panel    ·   dragon contract  (config contract test)
dragon tui                 # live operator command-center
dragon mcp add|list|remove # MCP server hub
dragon completions <shell> # bash | zsh | fish completions
dragon upgrade             # git-pull self-update
dragon --help              # everything, incl. the per-product stack commands

Stack commands (dragon scale | wyrm | pentest | keep | osint | …) drive the individual Ghost Protocol products; the agent reaches them via stack_run. See dragon --help.


Configuration

Stored at ~/.dragon/config.json (mode 0600 — it may hold a token). Holds the active brain + model, product paths, MCP servers, and auth. Env vars always override config: ANTHROPIC_API_KEY, OPENAI_API_KEY, DRAGON_BRAIN, DRAGON_MODEL, DRAGON_TOKEN, DRAGON_SESSION, DRAGON_API, DRAGON_LOCAL_URL, DRAGON_GHOST_URL, DRAGON_OPENAI_BASE, DRAGON_NO_TRACE.

The trace flywheel logs each settled turn (secret-redacted) to ~/.dragon/traces/<date>.jsonl → training data for DragonSpark. Disable with --no-trace / DRAGON_NO_TRACE.


Tech stack

Node 18+ · TypeScript (ESM) · Commander · @anthropic-ai/sdk · @modelcontextprotocol/sdk · chalk · boxen · conf · vitest. DragonBrain bundles the agent for sovereign on-box operation.

Positioning

Dragon is bundled and internal, not a public coding-CLI vying for mindshare against Anthropic and GitHub. Its job is to (a) make Ghost Protocol's solo operator faster across the portfolio, and (b) ship as the sovereign agent inside DragonBrain / the PTaaS offering, where the buyer is already acquired. The deep analysis behind this is in specs/002-premortem-positioning/premortem.md.

License

Proprietary © 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved · ghosts.lk