Skip to content
@AgentOpsSec

AgentOps Security

The open-source security and observability stack for AI agents.
README.md

AgentOpsSec

The open-source security and observability stack for AI agents.

AgentOpsSec is a local-first suite for developers using tool-capable AI agents, MCP servers, and CLI coding assistants.

agentopssec-social-share-1200x630

Repos

npm package Bin Repo
agentopssec agentopssec https://github.com/AgentOpsSec/stack
@agentopssec/mcp-doctor mcp-doctor https://github.com/AgentOpsSec/mcp-doctor
@agentopssec/mcp-firewall mcp-firewall https://github.com/AgentOpsSec/mcp-firewall
@agentopssec/agent-flight-recorder agent-flight https://github.com/AgentOpsSec/agent-flight-recorder
@agentopssec/agent-review agent-review https://github.com/AgentOpsSec/agent-review
@agentopssec/mcp-radar mcp-radar https://github.com/AgentOpsSec/mcp-radar
@agentopssec/agent-sandbox agent-sandbox https://github.com/AgentOpsSec/agent-sandbox
@agentopssec/agent-cost-lens agent-cost https://github.com/AgentOpsSec/agent-cost-lens

Install

The stack CLI is unscoped. Each individual tool ships under the @agentopssec/ scope.

# The orchestrator (recommended starting point)
npm install -g agentopssec

agentopssec init
agentopssec check
agentopssec start -- codex "work on this repo"

You can also install any tool on its own:

npm install -g @agentopssec/mcp-doctor
npm install -g @agentopssec/mcp-firewall
npm install -g @agentopssec/agent-flight-recorder
npm install -g @agentopssec/agent-review
npm install -g @agentopssec/mcp-radar
npm install -g @agentopssec/agent-sandbox
npm install -g @agentopssec/agent-cost-lens

Stay up to date

Every tool ships with a self-update command that compares the running version against the npm registry and offers to install the latest release.

agentopssec update           # checks the stack and every installed tool, batches updates
agentopssec update --yes     # apply every available update without prompting (CI-safe)

mcp-doctor update            # update one tool
agent-flight update --yes

Folders in this workspace

  • stack/ — orchestrator CLI (npm package agentopssec). Publishes from github.com/AgentOpsSec/stack. Also hosts the cross-tool integration test.
  • mcp-doctor/ — MCP configuration scanner.
  • mcp-firewall/ — MCP JSON-RPC tool-call policy proxy.
  • agent-flight-recorder/ — record agent runs and diffs.
  • agent-review/ — review agent behavior from diffs, run logs, sandbox runs, firewall logs, or GitHub PR diffs.
  • mcp-radar/ — score MCP servers from local registry profiles and Doctor scans.
  • agent-sandbox/ — run agents in a temporary local workspace and apply reviewed changes.
  • agent-cost-lens/ — track agent cost records, budgets, and usage summaries.

Local development

Each tool is a standalone, dependency-free Node 20+ package. Two ways to test changes locally:

1. npm link for a single tool:

cd mcp-doctor && npm link
mcp-doctor --version
mcp-doctor scan

To unlink:

cd mcp-doctor && npm unlink -g @agentopssec/mcp-doctor

2. --use-local for the whole stack:

cd stack
node bin/agentopssec.js status --use-local
node bin/agentopssec.js scan --use-local

--use-local makes the stack resolve sibling tool folders in this workspace without needing global installs. Fastest path during development.

Run the test suite

Each tool is self-contained and has its own check script:

cd mcp-doctor && npm run check
cd mcp-firewall && npm run check
cd agent-flight-recorder && npm run check
cd agent-review && npm run check
cd mcp-radar && npm run check
cd agent-sandbox && npm run check
cd agent-cost-lens && npm run check
cd stack && npm run check    # also runs the cross-tool contract test

Integration contract

The projects remain standalone. Stack behavior happens through local files in the consuming project:

.agentopssec/config.json
.agentopssec/mcp-doctor-scan.json
.agentopssec/mcp-radar-doctor.json
.mcp-firewall/logs.jsonl
.agent-flight/runs/*.json
.agent-sandbox/runs/*.json
.agent-cost/records.jsonl

Run agentopssec contract for the active project contract.

Links

Author

Created and developed by Aunt Gladys Nephew.

Pinned Loading

  1. stack stack Public

    AgentOpsSec is the stack/kit command for the AgentOpsSec toolchain. Each project in the suite can still run on its own, but this CLI gives teams one entry point for setup, scanning, monitoring, and…

    JavaScript

Repositories

Showing 9 of 9 repositories
  • .github Public

    AgentOpsSec is a local-first suite for developers using tool-capable AI agents, MCP servers, and CLI coding assistants.

    AgentOpsSec/.github’s past year of commit activity
    0 0 0 0 Updated Apr 27, 2026
  • agent-cost-lens Public

    Agent Cost Lens tracks token usage, model usage, retries, latency, and estimated cost across AI agents, CLI coding tools, API providers, and MCP-powered workflows.

    AgentOpsSec/agent-cost-lens’s past year of commit activity
    JavaScript 0 MIT 0 0 0 Updated Apr 27, 2026
  • agent-flight-recorder Public

    Agent Flight Recorder is a local observability tool for AI coding agents and MCP-powered workflows. It records what the agent was asked to do, what tools it called, what files changed, what commands ran, what errors happened, and what the final result looked like.

    AgentOpsSec/agent-flight-recorder’s past year of commit activity
    JavaScript 0 MIT 0 0 0 Updated Apr 27, 2026
  • agent-review Public

    Agent Review evaluates AI agent runs for unsafe, unnecessary, or suspicious behavior. It helps developers understand whether an agent stayed in scope, changed sensitive files, skipped tests, added dependencies, or took risky actions on the way to a final diff.

    AgentOpsSec/agent-review’s past year of commit activity
    JavaScript 0 MIT 0 0 0 Updated Apr 27, 2026
  • agent-sandbox Public

    Agent Sandbox wraps AI coding agent commands in a temporary local workspace. It lets an agent work away from the real repository, captures the final diff, and gives the developer control over what changes are applied back.

    AgentOpsSec/agent-sandbox’s past year of commit activity
    JavaScript 0 MIT 0 0 0 Updated Apr 27, 2026
  • mcp-doctor Public

    MCP Doctor is a local-first security scanner for Model Context Protocol configurations. It helps developers see which MCP servers are installed, what those servers can access, and which configurations introduce obvious risk before an AI agent starts using them.

    AgentOpsSec/mcp-doctor’s past year of commit activity
    JavaScript 0 MIT 0 0 0 Updated Apr 27, 2026
  • mcp-firewall Public

    MCP Firewall is a local policy gateway for MCP tool calls. It sits between AI clients and MCP servers, applies project policies, blocks dangerous actions, supports project approvals, and records what happened.

    AgentOpsSec/mcp-firewall’s past year of commit activity
    JavaScript 0 MIT 0 0 0 Updated Apr 27, 2026
  • mcp-radar Public

    MCP Radar is a public trust and discovery layer for MCP servers. It helps developers evaluate MCP servers based on permissions, maintenance, install method, package quality, documentation, and security risk before installing them.

    AgentOpsSec/mcp-radar’s past year of commit activity
    JavaScript 0 MIT 0 0 0 Updated Apr 27, 2026
  • stack Public

    AgentOpsSec is the stack/kit command for the AgentOpsSec toolchain. Each project in the suite can still run on its own, but this CLI gives teams one entry point for setup, scanning, monitoring, and wrapped agent runs.

    AgentOpsSec/stack’s past year of commit activity
    JavaScript 0 MIT 0 0 0 Updated Apr 27, 2026

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…