npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

governed-second-brain

v0.1.7

Published

Local-first governed second brain — a Claude Code + Cowork plugin + installer. Turn your own files into cited (qmd://) memory with deterministic governance and a tamper-evident, hash-chained audit trail. Runs in-process; no daemon, no network for retrieva

Downloads

1,064

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

intentsolutionsiointentsolutionsio

Keywords

mcpclaude-codecoworkmemoryknowledgegovernanceqmdcitationslocal-firstsecond-brain

Readme

📍 This product lives in two homes

| | Repo | What it is | |---|---|---| | Landing / thesis | intent-solutions-io/governed-second-brain | The umbrella — why this exists, the competitive teardown, the "Compile, Then Govern" thesis, the receipts argument. Start here for the story. | | The plugin (you are here) | jeremylongshore/governed-second-brain-plugin | The installable code — the local stdio MCP server + skills. Start here to run it. |

It stacks on three engines:

| Engine | Repo | Layer | |---|---|---| | ICO | jeremylongshore/intentional-cognition-os | Compile — derive knowledge from a corpus (optional; the only part that egresses) | | INTKB | jeremylongshore/qmd-team-intent-kb | Govern — deterministic dedupe → policy → promote + the hash-chained audit | | qmd | tobi/qmd | Retrieve — on-device search; every hit is a qmd:// citation |

This plugin bundles the compiled INTKB packages, so it runs the govern + retrieve loop fully in-process — the engines stay independent repos; nothing here forks or privatizes them.

What it does

Most "AI memory" gives an agent better recall. This does two things the category skips: it governs what's allowed to become durable memory (deterministic dedupe / policy / promotion — by code, not a model), and it ships a receipt — a qmd:// citation plus a SHA-256 hash-chained audit event — for every write. Runs on your machine; your files never leave it (retrieval is local; the optional ICO compile step is the only thing that egresses, and it's opt-in).

Tool surface

| Tool | Kind | What it does | |---|---|---| | brain_search | read | Cited search over your governed memory (qmd:// receipts), in-process | | brain_status | read | Counts by lifecycle state + category | | brain_audit_verify | read | Verify the audit trail — the SHA-256 hash chain and the external anchor log; flags any tamper | | brain_capture | write | Capture a fact as a governance proposal (to the local spool) | | brain_govern | write | Drain the spool → dedupe → policy → promote, with a hash-chained audit receipt — daemon-free | | brain_transition | write | Retire / re-lifecycle a memory (audited) |

Two skills front these: /brain (cited answers) and /brain-save (governed capture).

What the receipt does not do

Honesty is the point of a receipt. The chain gives you tamper-detection — integrity + ordering, so an edited or reordered record is caught by verify. It is not tamper-proof: on your own machine a writer with access can edit an event and re-hash the chain forward. Within a single trust boundary (your machine) that's exactly the integrity guarantee you want; cross-actor non-repudiation needs an external chain-head anchor (on the roadmap). It is not a blockchain and not immutable storage.

Install

One command, two modes:

# A) zero-egress (default for regulated/client data) — nothing leaves the machine
npx governed-second-brain init <your-folder> --index-only

# B) full compile — ICO derives knowledge (6 passes) before governing; opt-in egress to DeepSeek
DEEPSEEK_API_KEY=… npx governed-second-brain init <your-folder>

It builds a governed, qmd://-cited, hash-chained-audited brain under ~/.teamkb, installs the native dep per-platform, and auto-registers the MCP server with Claude Code (claude mcp add; --no-register to skip). Full mode runs a loud pre-flight consent (your file text goes to DeepSeek; --yes to skip the prompt). Requires Node 20+, a C/C++ toolchain (for better-sqlite3), and qmd 2.x on PATH for retrieval.

After it finishes, start a new Claude Code session — the governed-brain tools are live. For the /brain and /brain-save skills too, claude plugin install governed-second-brain.

pnpm -C ../qmd-team-intent-kb build   # the bundle inlines INTKB's compiled packages (sibling checkout, built)
pnpm install && pnpm build            # esbuild → plugin-runtime/governed-brain.cjs
node bin/init.mjs init <your-folder> --index-only

Supply chain (shipped in 0.1.4): npm provenance (via the CI release workflow) and the gsb.lock.json reproducible pin — the exact ICO × INTKB × qmd × plugin tuple, verified by a hermetic full-chain CI smoke against the pinned set.

Coming: automatic Cowork MCP registration.

License

Apache-2.0. The umbrella and both engine repos are Apache-2.0; qmd (upstream) is MIT by its author, @tobi.