The open-source security and observability stack for AI agents.
AgentOpsSec is a local-first suite for developers using tool-capable AI agents, MCP servers, and CLI coding assistants.
| npm package | Bin | Repo |
|---|---|---|
agentopssec |
agentopssec |
https://github.com/AgentOpsSec/stack |
@agentopssec/mcp-doctor |
mcp-doctor |
https://github.com/AgentOpsSec/mcp-doctor |
@agentopssec/mcp-firewall |
mcp-firewall |
https://github.com/AgentOpsSec/mcp-firewall |
@agentopssec/agent-flight-recorder |
agent-flight |
https://github.com/AgentOpsSec/agent-flight-recorder |
@agentopssec/agent-review |
agent-review |
https://github.com/AgentOpsSec/agent-review |
@agentopssec/mcp-radar |
mcp-radar |
https://github.com/AgentOpsSec/mcp-radar |
@agentopssec/agent-sandbox |
agent-sandbox |
https://github.com/AgentOpsSec/agent-sandbox |
@agentopssec/agent-cost-lens |
agent-cost |
https://github.com/AgentOpsSec/agent-cost-lens |
The stack CLI is unscoped. Each individual tool ships under the
@agentopssec/ scope.
# The orchestrator (recommended starting point)
npm install -g agentopssec
agentopssec init
agentopssec check
agentopssec start -- codex "work on this repo"You can also install any tool on its own:
npm install -g @agentopssec/mcp-doctor
npm install -g @agentopssec/mcp-firewall
npm install -g @agentopssec/agent-flight-recorder
npm install -g @agentopssec/agent-review
npm install -g @agentopssec/mcp-radar
npm install -g @agentopssec/agent-sandbox
npm install -g @agentopssec/agent-cost-lensEvery tool ships with a self-update command that compares the running version against the npm registry and offers to install the latest release.
agentopssec update # checks the stack and every installed tool, batches updates
agentopssec update --yes # apply every available update without prompting (CI-safe)
mcp-doctor update # update one tool
agent-flight update --yesstack/— orchestrator CLI (npm packageagentopssec). Publishes fromgithub.com/AgentOpsSec/stack. Also hosts the cross-tool integration test.mcp-doctor/— MCP configuration scanner.mcp-firewall/— MCP JSON-RPC tool-call policy proxy.agent-flight-recorder/— record agent runs and diffs.agent-review/— review agent behavior from diffs, run logs, sandbox runs, firewall logs, or GitHub PR diffs.mcp-radar/— score MCP servers from local registry profiles and Doctor scans.agent-sandbox/— run agents in a temporary local workspace and apply reviewed changes.agent-cost-lens/— track agent cost records, budgets, and usage summaries.
Each tool is a standalone, dependency-free Node 20+ package. Two ways to test changes locally:
1. npm link for a single tool:
cd mcp-doctor && npm link
mcp-doctor --version
mcp-doctor scanTo unlink:
cd mcp-doctor && npm unlink -g @agentopssec/mcp-doctor2. --use-local for the whole stack:
cd stack
node bin/agentopssec.js status --use-local
node bin/agentopssec.js scan --use-local--use-local makes the stack resolve sibling tool folders in this workspace
without needing global installs. Fastest path during development.
Each tool is self-contained and has its own check script:
cd mcp-doctor && npm run check
cd mcp-firewall && npm run check
cd agent-flight-recorder && npm run check
cd agent-review && npm run check
cd mcp-radar && npm run check
cd agent-sandbox && npm run check
cd agent-cost-lens && npm run check
cd stack && npm run check # also runs the cross-tool contract testThe projects remain standalone. Stack behavior happens through local files in the consuming project:
.agentopssec/config.json
.agentopssec/mcp-doctor-scan.json
.agentopssec/mcp-radar-doctor.json
.mcp-firewall/logs.jsonl
.agent-flight/runs/*.json
.agent-sandbox/runs/*.json
.agent-cost/records.jsonl
Run agentopssec contract for the active project contract.
- Website: https://AgentOpsSec.com
- GitHub: https://github.com/AgentOpsSec
- X: https://x.com/AgentOpsSec
Created and developed by Aunt Gladys Nephew.
- Website: https://auntgladysnephew.com
- GitHub: https://github.com/auntgladysnephew
- X: https://x.com/AGNonX