npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

igs-sdlc-mcp

v1.0.2

Published

SDLC Documentation Generator - MCP stdio server for local Git-based workflows

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

edison.suarezedison.suarez

Keywords

mcpsdlcdocumentationai-agent

Readme

igs-sdlc-mcp

SDLC Documentation Generator — MCP stdio server for local Git-based workflows.

This server is the infrastructure layer for the IGS SDLC AI agent. It gives the AI (running in your IDE, guided by CLAUDE.md as its system prompt) the ability to:

  • Read and write project files locally (in your cloned repo)
  • Run git pull/push/commit/status on your machine, not a remote server
  • Send webhook notifications (Teams / Power Automate)

Because it runs as a stdio process in your IDE, every Git operation targets your local repo clone — no more sync issues.

Quick Start

1. Clone the SDLC repo

git clone https://[email protected]/ArroyoCodes/IGSVelocity/_git/ClaudeSDLCAgent
cd ClaudeSDLCAgent

2. Add to your mcp.json

VS Code (%APPDATA%\Code\User\mcp.json on Windows, ~/.config/Code/User/mcp.json on Mac/Linux):

{
  "mcpServers": {
    "sdlc": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "igs-sdlc-mcp"],
      "cwd": "D:\\Work\\YourPath\\ClaudeSDLCAgent"
    }
  }
}

With API key (if the package was built with build:secure):

{
  "mcpServers": {
    "sdlc": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "igs-sdlc-mcp"],
      "env": {
        "SDLC_API_KEY": "your-team-key-here"
      },
      "cwd": "D:\\Work\\YourPath\\ClaudeSDLCAgent"
    }
  }
}

Cursor (.cursor/mcp.json in your home directory):

{
  "mcpServers": {
    "sdlc": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "igs-sdlc-mcp"],
      "cwd": "/Users/yourname/repos/ClaudeSDLCAgent"
    }
  }
}

Important: cwd must point to the root of the cloned SDLC repo — the folder that contains projects/ and .claude/.

3. Configure the AI agent

Copy the contents of CLAUDE.md from the repo as your AI agent's system prompt (or use it as a .instructions.md / copilot-instructions.md file in VS Code). The AI reads the SKILL.md files and generates documents; this MCP server gives it the hands to save files and run git.

Available Tools (13)

| Tool | Description | |------|-------------| | read_file | Read any file in the workspace | | write_file | Write/create any file in the workspace | | list_directory | List directory contents | | file_exists | Check if a file/directory exists | | create_directory | Create a directory recursively | | git_pull | Pull latest from remote | | git_push | Push commits to remote | | git_commit | Stage all + commit with message | | git_status | Get current git status | | get_git_identity | Get git user.name and user.email | | git_log | Get recent commits (filterable by path) | | list_projects | List all projects in projects/ folder | | send_webhook | POST to a Teams/Power Automate webhook |

Development

# Install dependencies
npm install

# Build (no API key)
npm run build

# Run in development (uses tsx, no build needed)
npm run dev

# Type check
npm run typecheck

Building with API key (for publishing)

# Linux / Mac
SDLC_API_KEY_VALUE="arroyo-sdlc-2026-yourkey" npm run build:secure

# Windows PowerShell
$env:SDLC_API_KEY_VALUE="arroyo-sdlc-2026-yourkey"; npm run build:secure

# Windows CMD
set SDLC_API_KEY_VALUE=arroyo-sdlc-2026-yourkey && node scripts/build-secure.mjs

The key is embedded in dist/index.js at build time (via esbuild --define). The src/ folder is not included in the published npm package.

Publishing to npm

npm login
npm publish

For a private Azure Artifacts registry, add to package.json:

"publishConfig": {
  "registry": "https://pkgs.dev.azure.com/ArroyoCodes/_packaging/IGSVelocity/npm/registry/"
}

How it works

IDE (VS Code / Cursor)
  └── AI Agent (Claude / Copilot)
        System Prompt = CLAUDE.md
        │
        │  MCP tool calls (stdio)
        ▼
  @igs/sdlc-mcp server (this package)
  Running as local process with cwd = your repo
        │
        ├── read_file / write_file → local filesystem
        ├── git_pull / git_push / git_commit → your local git repo
        └── send_webhook → Teams / Power Automate

The AI agent (guided by CLAUDE.md) handles all SDLC logic: which skill to execute, what sections to generate, signature validation, checklist updates. This server only provides the infrastructure tools.

Security

  • All file operations are restricted to the workspace cwd (path traversal protection)
  • Git commands use execFileSync with argument arrays (no shell injection)
  • Webhooks only allow HTTPS URLs
  • Optional API key authentication (embedded at build time)
  • For stronger access control: publish to a private npm registry (Azure Artifacts or GitHub Packages) where npm authentication acts as the gate