Mukunda Rao Katta — complete package inventory (392 packages)

392 open-source packages across 144 npm + 52 PyPI + 176 crates.io + 20 MCP Registry servers. Auto-refreshed every 3 days from registry APIs.

npm packages (144 on registry.npmjs.org)

@mukundakatta/age-mcp MCP server: compute the duration between two dates in years/months/days.
@mukundakatta/agent-loop-breaker Detect repeated agent steps and stop runaway loops.
@mukundakatta/agent-regression-lens Detect regressions between baseline and current AI agent runs.
@mukundakatta/agent-trajectory-replay Replay and diff AI agent event trajectories for debugging regressions.
@mukundakatta/agentbudget Token + dollar budget caps for AI agents — throws when an LLM call would push past the ceiling. Zero deps, drop into any provider SDK.
@mukundakatta/agentcast Structured output for any LLM call. Validate the model's response, retry with the validation error as feedback, return typed data or throw after N attempts. Bring your own validator (zod/valibot/JSON Schema/anything). Zero deps.
@mukundakatta/agentcast-mcp MCP server: structured-output enforcer. Extract JSON from messy LLM output, validate against a shape spec, and produce retry feedback when the model returns the wrong shape. Wraps @mukundakatta/agentcast.
@mukundakatta/agentfit Fit your messages into the LLM context window. Token-aware truncation with multiple strategies (drop-oldest, drop-middle, priority), pluggable tokenizers, zero dependencies.
@mukundakatta/agentfit-mcp MCP server for agentfit: token-aware message truncation. Fit a chat history into the model's context budget with drop-oldest, drop-middle, or priority strategies.
@mukundakatta/agentguard Network egress firewall for AI agents — declarative allowlist of domains an agent's tools can fetch, throws or 403s on violation. Zero dependencies.
@mukundakatta/agentguard-mcp MCP server for agentguard: declarative network-egress firewall for agent tools. Check whether a URL is allowed under a policy before any fetch.
@mukundakatta/agentkit The agent reliability stack: fit, guard, snap, vet, cast. One install for all five sibling libraries (token-aware truncation, network-egress firewall, snapshot tests, tool-arg validation, structured-output enforcer).
@mukundakatta/agentmemory Honest pull-model alternative to Anthropic Dreaming. Time-bucketed episodic store + on-demand summarizer for LLM agents. Reversible deletes, no silent context injection, no background consolidation. Includes Postgres adapter and Claude demo.
@mukundakatta/agentsnap Snapshot tests for AI agents — record tool-call traces, diff against baselines, fail CI on regressions. Zero dependencies, drops into any test runner.
@mukundakatta/agentsnap-mcp MCP server: snapshot tests for tool-call traces. Capture, normalize, and diff agent tool-use traces to catch silent regressions. Wraps @mukundakatta/agentsnap for Claude Desktop, Cursor, Cline, Windsurf, and Zed.
@mukundakatta/agentvet Validate LLM-generated tool args before execution. Wrap your tools with a schema; throws ToolArgError with an LLM-friendly retry hint when the model hallucinates wrong types. Zero deps.
@mukundakatta/agentvet-mcp MCP server for agentvet: validate LLM-generated tool-call args before execution. Returns a typed error with an LLM-friendly retry hint when the args don't match.
@mukundakatta/ai-eval-forge Zero-dependency eval harness for LLM and agent regression testing.
@mukundakatta/ai-supply-chain-manifest Build and validate lightweight AI model/data/tool manifests.
@mukundakatta/base32-mcp MCP server: encode and decode RFC 4648 base32 (standard and Crockford).
@mukundakatta/base64-mcp MCP server: encode/decode base64, base64url, hex, and percent-encoding.
@mukundakatta/basenum-mcp MCP server: convert numbers between binary, octal, decimal, hex, and arbitrary bases (2-36).
@mukundakatta/bcrypt-mcp MCP server: hash and verify passwords with bcrypt — adjustable cost factor.
@mukundakatta/bedrock-ops-mcp MCP server: AWS Bedrock model capability lookup + feature pre-check + PII-safe response redaction. Wraps the Python bedrock-ops library.
@mukundakatta/bytes-mcp MCP server: parse and format byte sizes — 1024 ↔ '1 KB', '1.5 MB' ↔ 1572864.
@mukundakatta/case-mcp MCP server: convert strings between camelCase, snake_case, kebab-case, PascalCase, and more.
@mukundakatta/citation-integrity-check Verify answer citations refer to supplied source ids.
@mukundakatta/citecite-mcp MCP server for RAG citation marker [1] [2] injection, parsing, and stripping. Helps LLMs round-trip citations in retrieval-augmented outputs.
@mukundakatta/codex-skill-kit Scaffold and validate Codex skills from the command line.
@mukundakatta/color-mcp MCP server: convert colors between hex/rgb/hsl and compute WCAG contrast ratios.
@mukundakatta/consent-redaction-log Record consent-aware redactions for privacy review trails.
@mukundakatta/context-drift-detector Detect topic drift between user intent, retrieved context, and AI answers.
@mukundakatta/context-forge Context engineering toolkit for ranking, packing, and risk-scanning RAG context.
@mukundakatta/context-window-packer Pack context chunks into a budget by relevance and priority.
@mukundakatta/count-mcp MCP server: counts for text — lines, words, characters, code points, paragraphs.
@mukundakatta/cron-mcp MCP server: parse a cron expression and preview the next N run times.
@mukundakatta/csv-mcp MCP server: parse and stringify CSV (RFC 4180). Header rows, quoting, custom delimiters.
@mukundakatta/csv-tools-mcp MCP server for reliable CSV parsing and generation. Handles quoting, embedded commas, BOMs, and ragged rows correctly.
@mukundakatta/designlint UI/UX design linter for HTML/CSS: accessibility, contrast, spacing, touch targets, and responsive design.
@mukundakatta/dice-mcp MCP server: parse and roll dice-notation expressions (1d20+5, 4d6, 2d10*3).
@mukundakatta/diff-mcp MCP server: structured text diff (line/word/char) between two strings.
@mukundakatta/distance-mcp MCP server: haversine distance between two lat/lon coordinates.
@mukundakatta/dns-mcp MCP server: resolve A / AAAA / MX / TXT / CNAME / NS records for a hostname.
@mukundakatta/domain-mcp MCP server: extract eTLD, eTLD+1, subdomain from a domain name using the Public Suffix List.
@mukundakatta/dotenv-mcp MCP server: parse and serialize .env files. Handles quotes, comments, multiline.
@mukundakatta/embedding-dedupe Deduplicate near-identical embedding records by cosine similarity.
@mukundakatta/embspec-mcp MCP server: embedding pipeline ops + drift detection for production RAG. Assert query encoder matches index manifest; compute retriever stability between two index versions on a frozen probe set.
@mukundakatta/emoji-mcp MCP server: convert between emoji characters and shortcodes, with metadata.
@mukundakatta/encoding-mcp MCP server: encode and decode HTML entities, URL-encoding, and Unicode escapes.
@mukundakatta/escape-mcp MCP server: escape strings for safe use inside regex, shell, SQL, JSON, or HTML.
@mukundakatta/eval-dataset-smith Generate balanced eval cases from bugs, docs, examples, and policies.
@mukundakatta/eval-flake-detector Detect flaky LLM eval cases across repeated runs.
@mukundakatta/fingerprint-mcp MCP server: content hashing (SHA-256, SHA-1, MD5) for cache keys, dedup, fingerprinting.
@mukundakatta/hallucination-risk-meter Estimate hallucination risk from answer, context, citations, and uncertainty language.
@mukundakatta/hash-mcp MCP server: hash files or strings with sha-2, sha-3, blake2/3, or xxhash.
@mukundakatta/headers-mcp MCP server: parse and stringify HTTP header blocks.
@mukundakatta/html-mcp MCP server: strip HTML tags, extract plain text, and sanitize HTML.
@mukundakatta/html-to-markdown-mcp MCP server for HTML → Markdown conversion. For web-scraping and read-the-page agents that want clean text.
@mukundakatta/iban-mcp MCP server: validate, format, and split IBAN bank account numbers.
@mukundakatta/ini-mcp MCP server: convert between INI files and JSON. Section + bare-key support.
@mukundakatta/ip-mcp MCP server: validate IPv4/IPv6 addresses, test CIDR membership, classify private/public.
@mukundakatta/isbn-mcp MCP server: validate and convert ISBN-10 / ISBN-13 numbers.
@mukundakatta/jailbreak-corpus-mini Small local jailbreak and prompt-injection fixture set for tests.
@mukundakatta/jmespath-mcp MCP server for JMESPath JSON queries. Pure-JS, no native binary. AWS-style data extraction LLMs can call reliably.
@mukundakatta/json5-mcp MCP server: parse and stringify JSON5 — relaxed JSON with comments and trailing commas.
@mukundakatta/jsonpath-mcp MCP server: query a JSON value with JSONPath ($.foo.bar[*]).
@mukundakatta/jwt-mcp MCP server: decode JWT to inspect header and claims (no verification).
@mukundakatta/kana-mcp MCP server: convert Japanese between romaji, hiragana, and katakana.
@mukundakatta/kavach Small, inspectable threat-scoring library for AI-app security monitoring.
@mukundakatta/lev-mcp MCP server: string-distance metrics (Levenshtein, Damerau, Jaro-Winkler, similarity).
@mukundakatta/license-mcp MCP server: look up SPDX license identifiers, names, and OSI status.
@mukundakatta/llm-cost-guard Estimate AI request cost and enforce per-request or session budgets.
@mukundakatta/llm-output-sanitizer Sanitize LLM outputs before rendering, SQL, shell, or markdown sinks.
@mukundakatta/llm-output-sanitizer-mcp MCP server exposing llm-output-sanitizer: strip dangerous HTML, SQL, and shell snippets from LLM output before rendering, executing, or persisting. Built for Claude Desktop, Cursor, Cline, Windsurf, and Zed.
@mukundakatta/llm-response-schema-lite Tiny schema validator for structured LLM responses.
@mukundakatta/llm-trace-sampler Sample LLM traces by risk, errors, latency, and deterministic ids.
@mukundakatta/lorem-mcp MCP server: generate lorem ipsum filler text by paragraphs, sentences, or words.
@mukundakatta/luhn-mcp MCP server: compute and verify the Luhn (mod-10) checksum for credit cards and IDs.
@mukundakatta/markdown-mcp MCP server: convert Markdown to HTML with frontmatter and inline-formula support.
@mukundakatta/markdowntoc-mcp MCP server: generate a table of contents from Markdown headings.
@mukundakatta/maskprompt-mcp MCP server: redact PII (emails, phones, credit cards, SSNs, IPs, AWS keys, GitHub tokens, JWTs) from text before it leaves your control. Built for Claude Desktop, Cursor, Cline, Windsurf, and Zed.
@mukundakatta/mathexpr-mcp MCP server: evaluate mathematical expressions (mathjs-backed) with units and constants.
@mukundakatta/mcpcheck Validate MCP (Model Context Protocol) config files for Claude, Cursor, Cline, Windsurf, and Zed. CLI + GitHub Action with SARIF output.
@mukundakatta/mdtable-mcp MCP server: convert JSON arrays of objects to GitHub-flavored Markdown tables.
@mukundakatta/mime-mcp MCP server: look up MIME content types from file extensions and vice versa.
@mukundakatta/model-fallback-planner Plan model fallback chains from capability, cost, and health data.
@mukundakatta/model-router-policy Policy-based model routing by capability, cost, latency, and privacy.
@mukundakatta/morse-mcp MCP server: encode and decode International Morse code.
@mukundakatta/mustache-mcp MCP server: render Mustache templates with a JSON view.
@mukundakatta/number-mcp MCP server: format numbers as currency, percent, compact (1.2k), or locale-aware decimal.
@mukundakatta/openai-responses-testkit Zero-dependency helpers for testing OpenAI Responses API outputs, streams, and tool calls.
@mukundakatta/otp-mcp MCP server: generate and verify TOTP and HOTP one-time passwords.
@mukundakatta/password-mcp MCP server: generate strong passwords and score password strength with zxcvbn.
@mukundakatta/phone-mcp MCP server: parse, validate, and format phone numbers (E.164, international, national).
@mukundakatta/pii-sentry Detect and redact PII and secret-like values before AI processing.
@mukundakatta/pii-sentry-mcp MCP server exposing pii-sentry: detect and redact PII (emails, phones, SSNs, credit cards, API keys) from text before AI processing. Built for Claude Desktop, Cursor, Cline, Windsurf, and Zed.
@mukundakatta/pluralize-mcp MCP server: convert English words between singular and plural; handles irregulars.
@mukundakatta/prompt-injection-shield Prompt-injection risk scanner for untrusted AI context.
@mukundakatta/prompt-injection-shield-mcp MCP server exposing prompt-injection-shield: scan untrusted text for prompt-injection signals, score risk, strip dangerous lines. Built for Claude Desktop, Cursor, Cline, Windsurf, and Zed.
@mukundakatta/prompt-token-trim Trim prompt messages to fit a token budget while preserving priority.
@mukundakatta/prompt-version-diff Diff prompt templates and flag risky instruction changes.
@mukundakatta/promptbudget-mcp MCP server for token-budget-aware text truncation. Helps an LLM fit text into a context window mid-task.
@mukundakatta/rag-quality-kit Heuristic quality metrics for RAG retrieval and grounded answers.
@mukundakatta/rag-staleness-auditor Find stale RAG chunks by age, version, and freshness requirements.
@mukundakatta/ragdrift-mcp MCP server for RAG drift diagnostics. Interpret drift scores, recommend thresholds, and explain the five drift dimensions.
@mukundakatta/ragmetric-mcp MCP server for RAG retrieval evaluation metrics: Recall@k, Hit@k, MRR, NDCG@k. Helps LLMs score retrieval quality.
@mukundakatta/randomstr-mcp MCP server: generate random strings — hex, alphanumeric, base64, custom alphabet.
@mukundakatta/range-mcp MCP server: generate numeric ranges (Python-style: start, stop, step).
@mukundakatta/regex-mcp MCP server: test a regex against text and get matches with positions and capture groups.
@mukundakatta/regex-test-mcp MCP server for trustworthy regex testing. Returns real match offsets, group dicts, and full vs partial matches.
@mukundakatta/retrieval-acl-filter Enforce document ACLs after retrieval and before prompting.
@mukundakatta/roman-mcp MCP server: convert between Arabic numerals and Roman numerals (1-3999).
@mukundakatta/secretsniff-mcp MCP server: scan text/code for accidentally-committed secrets — AWS/GitHub/Slack/Stripe keys, JWTs, RSA private keys, and high-entropy strings. Built for Claude Desktop, Cursor, Cline, Windsurf, and Zed.
@mukundakatta/semantic-cache-key Stable semantic cache keys for AI prompts, tools, models, and retrieval context.
@mukundakatta/semver-mcp MCP server: parse, compare, increment, and satisfy SemVer ranges.
@mukundakatta/shellquote-mcp MCP server for safe shell argument escaping (bash, sh, cmd.exe, PowerShell). Stops LLM-generated shell commands from breaking on quotes, spaces, $vars, and backslashes.
@mukundakatta/shlex-mcp MCP server: split a shell-style command string into argv tokens (POSIX rules).
@mukundakatta/skillint Linter for Claude Code skill files (SKILL.md). Validates YAML frontmatter, required fields, descriptions, and secret leaks. CLI + GitHub Action.
@mukundakatta/slug-mcp MCP server: slugify strings for URLs/filenames. Unicode-aware, configurable separator, case folding.
@mukundakatta/soundex-mcp MCP server: phonetic encoding (Soundex, Metaphone).
@mukundakatta/sql-mcp MCP server: format SQL queries (Postgres, MySQL, SQLite, BigQuery, MSSQL, etc.).
@mukundakatta/sqlfmt-mcp MCP server for deterministic SQL formatting. 16 dialects (Postgres, MySQL, BigQuery, Snowflake, Redshift, etc.).
@mukundakatta/stats-mcp MCP server: descriptive statistics over a numeric array (mean, median, stddev, percentiles).
@mukundakatta/streamparse Streaming JSON parser that yields partial valid trees as tokens arrive. Built for LLM tool-call payloads, structured output streams, and any place a regular JSON.parse waits too long.
@mukundakatta/streamparse-mcp MCP server exposing streamparse: parse partial / truncated JSON, extract JSON from messy LLM output, validate JSON streams. Built for Claude Desktop, Cursor, Cline, Windsurf, and Zed.
@mukundakatta/system-prompt-leak-scan Detect system prompt leakage in model outputs.
@mukundakatta/textsanity-mcp MCP server: fast unicode/whitespace/encoding cleanup before LLM input. NFKC, zero-width strip, control strip, smart-punctuation conversion, emoji strip. Built for Claude Desktop, Cursor, Cline, Windsurf, and Zed.
@mukundakatta/timestamp-mcp MCP server: parse, format, and convert timestamps and date strings.
@mukundakatta/timezone-mcp MCP server: convert times between IANA timezones, list zones, get current offset.
@mukundakatta/toml-mcp MCP server: convert between TOML and JSON.
@mukundakatta/toml-yaml-json-mcp MCP server for TOML/YAML/JSON parsing and conversion. Round-trip configs across the three formats.
@mukundakatta/tool-call-contracts Validate LLM tool-call payloads with small JSON-like contracts.
@mukundakatta/tool-permission-gate Policy-check agent tool calls before execution.
@mukundakatta/tool-result-taint Track untrusted tool output before it enters prompts or actions.
@mukundakatta/ulid-mcp MCP server: generate and decode ULIDs (sortable, 128-bit, base32 identifiers).
@mukundakatta/url-mcp MCP server: parse and build URLs. Host, port, path, query params, fragment.
@mukundakatta/uuid-mcp MCP server: generate, validate, and decode UUID v4 and v7.
@mukundakatta/validate-mcp MCP server: validate JSON against a JSON Schema (draft-07) with detailed error paths.
@mukundakatta/vector-poison-score Score retrieved documents for vector/RAG poisoning signals.
@mukundakatta/whitespace-mcp MCP server: normalize, trim, collapse, or expand whitespace in text.
@mukundakatta/wordcount-mcp MCP server: word/sentence/paragraph counts plus reading-time estimate.
@mukundakatta/wrap-mcp MCP server: word-wrap text at a configurable column width.
@mukundakatta/xml-mcp MCP server: convert between XML and JSON. Attribute-aware, CDATA-safe.
@mukundakatta/yaml-mcp MCP server: convert between YAML and JSON. Preserves keys, arrays, nested structures.

PyPI packages (52 on pypi.org)

agent-loop-breaker-py Detect repeated agent steps and stop runaway loops. Python port of @mukundakatta/agent-loop-breaker.
agent-regression-lens-py Detect regressions between baseline and current AI agent runs. Python port of @mukundakatta/agent-regression-lens.
agent-run-diff Compare baseline vs current agent runs and surface regressions as structured reasons: success loss, new errors, failed tool calls, output drift, step/latency/cost bloat.
agent-trajectory-replay-py Replay and diff AI agent event trajectories for debugging regressions. Python port of @mukundakatta/agent-trajectory-replay.
agentcast-py Structured output for any LLM call. Validate-and-retry loop for JSON responses; BYO LLM and validator. Python port of @mukundakatta/agentcast.
agentfit-py Fit your messages into the LLM context window. Token-aware truncation with multiple strategies, pluggable tokenizers. Python port of @mukundakatta/agentfit.
agentguard-firewall Network egress firewall for AI agents. Declarative allow/deny list of hosts your agent tools may reach. Python port of @mukundakatta/agentguard.
agentsnap-py Snapshot tests for AI agents. Record an agent's tool-call trace, diff against a baseline, fail CI on regressions. Python port of @mukundakatta/agentsnap.
agentvet-py Validate LLM-generated tool args before execution. Wraps tool functions with arg validation, raises ToolArgError with LLM-friendly retry hint. Python port of @mukundakatta/agentvet.
ai-eval-forge Zero-dependency eval harness for LLM and agent regression testing. Scores outputs with exact, contains, regex, JSON, citation, and token-F1 checks. Compares two runs to flag regressions.
ai-supply-chain-manifest-py Build and validate lightweight AI model / data / tool manifests. Python port of @mukundakatta/ai-supply-chain-manifest.
citation-integrity-check Verify answer citations refer to supplied source ids and that cited sources actually support the claims. Python port of @mukundakatta/citation-integrity-check.
claude-commands-check Linter for Claude Code slash-command files (.claude/commands/*.md). Validates YAML frontmatter, allowed-tools shape, description quality, and flags hardcoded secrets.
claude-hooks-check Linter for Claude Code hooks configuration (the 'hooks' block of settings.json). Validates event names, matcher shape, command entries, and flags dangerous commands or hardcoded secrets.
claude-skill-check Linter for Claude Code SKILL.md files. Validates YAML frontmatter, required fields, description length, and common secret patterns.
codex-skill-kit Scaffold and validate Codex skills from the command line.
consent-redaction-log-py Record consent-aware redactions for privacy review trails. Zero-dep Python port of @mukundakatta/consent-redaction-log.
context-drift-detector-py Detect topic drift between user intent, retrieved context, and AI answers. Python port of @mukundakatta/context-drift-detector.
context-forge-py Context engineering toolkit for ranking, packing, and risk-scanning RAG context. Python port of @mukundakatta/context-forge.
context-window-packer-py Pack context chunks into a budget by relevance and priority. Python port of @mukundakatta/context-window-packer.
designlint-py HTML/CSS accessibility and design linter: contrast, touch targets, headings, form labels, leaked secrets. Stdlib-only Python port of @mukundakatta/designlint.
embedding-dedupe Deduplicate near-identical embedding records by cosine similarity. Pure Python, zero runtime deps. Python port of @mukundakatta/embedding-dedupe.
eval-dataset-smith-py Generate balanced AI eval fixtures from source examples, bugs, docs, and policies. Python port of @mukundakatta/eval-dataset-smith.
eval-flake-detector Detect flaky LLM eval cases across repeated runs. Pass-rate + standard-deviation per case, with per-case severity. Python port of @mukundakatta/eval-flake-detector.
hallucination-risk-meter Estimate hallucination risk in LLM answers from uncertainty language, unsupported specifics, citations, and context coverage. Python port of @mukundakatta/hallucination-risk-meter.
jailbreak-corpus-mini-py Small local jailbreak and prompt-injection fixture set for tests. Python port of @mukundakatta/jailbreak-corpus-mini.
kavach-py Small, inspectable threat-scoring library for AI-app security monitoring. Zero-dep Python port of @mukundakatta/kavach.
llm-cost-guard-py Estimate LLM request cost and enforce per-request or per-session budgets. Python port of @mukundakatta/llm-cost-guard.
llm-output-sanitizer-py Sanitize LLM outputs before HTML, SQL, shell, or markdown sinks. Python port of @mukundakatta/llm-output-sanitizer.
llm-response-schema-lite-py Tiny schema validator for structured LLM responses. Python port of @mukundakatta/llm-response-schema-lite.
llm-trace-sampler-py Sample LLM traces by risk, errors, latency, and deterministic ids. Python port of @mukundakatta/llm-trace-sampler.
llm-usage-report Parse LLM API response logs (Anthropic, OpenAI, Google) and generate token / cost reports. Supports a --alert-at budget alarm that exits non-zero when total cost exceeds a threshold. No framework adoption required.
mcp-config-check Linter for MCP (Model Context Protocol) config files used by Claude Desktop, Cursor, Cline, Windsurf, and Zed. CLI + library API.
mcpcheck-py Lint MCP config files for Claude Desktop, Claude Code, Cursor, Cline, Windsurf, and Zed. Stdlib-only Python port of @mukundakatta/mcpcheck.
mk-agentkit The agent reliability stack in one install: agentfit + agentguard + agentsnap + agentvet + agentcast (Python ports).
model-fallback-planner-py Plan model fallback chains from capability, cost, and health data. Python port of @mukundakatta/model-fallback-planner.
model-router-policy-py Policy-based model routing by capability, cost, latency, and privacy. Python port of @mukundakatta/model-router-policy.
partial-json-stream Streaming JSON parser that yields partial valid trees as tokens arrive. For LLM tool calls, structured outputs, and partial recovery.
pii-sentry-py Detect and redact PII and secret-like values before logging or sending text to AI providers. Python port of @mukundakatta/pii-sentry.
prompt-injection-shield-py Scan retrieved text for prompt-injection risk before adding it to model context. Python port of @mukundakatta/prompt-injection-shield.
prompt-token-trim-py Trim prompt messages to fit a token budget while preserving priority. Python port of @mukundakatta/prompt-token-trim.
prompt-version-diff-py Diff prompt templates and flag risky instruction changes. Python port of @mukundakatta/prompt-version-diff.
rag-quality-kit Heuristic quality metrics for RAG retrieval and grounded answers. Python port of @mukundakatta/rag-quality-kit.
rag-staleness-auditor-py Find stale RAG chunks by age, version, and freshness requirements. Python port of @mukundakatta/rag-staleness-auditor.
retrieval-acl-filter-py Enforce document ACLs after retrieval and before prompting. Python port of @mukundakatta/retrieval-acl-filter.
semantic-cache-key Stable semantic cache keys for LLM requests. Invariant to whitespace, casing, and key ordering; sensitive to model swaps, tool list, and retrieval context. Python port of @mukundakatta/semantic-cache-key.
skillint-py Lint Claude Code SKILL.md files for frontmatter, required fields, descriptions, and hardcoded secrets. Stdlib-only Python port of @mukundakatta/skillint.
system-prompt-leak-scan Detect system prompt leakage in LLM model outputs via known patterns, configured-prompt substring matching, and unique fingerprint phrases. Python port of @mukundakatta/system-prompt-leak-scan.
tool-call-contracts-py Validate LLM tool-call payloads with small JSON-like contracts. Python port of @mukundakatta/tool-call-contracts.
tool-permission-gate-py Policy-check agent tool calls before execution. Python port of @mukundakatta/tool-permission-gate.
tool-result-taint-py Track untrusted tool output before it enters prompts or actions. Python port of @mukundakatta/tool-result-taint.
vector-poison-score Score (query, document) pairs for vector/RAG poisoning signals: vector-text mismatch, instruction-like payloads, NaN, suspiciously round numbers. Python port of @mukundakatta/vector-poison-score.

crates.io crates (176 on crates.io)

agent-budget-alarm Set threshold alarms on agent cost or token budgets
agent-citation WHERE-layer structured citations for AI agent outputs: attach, validate, and audit source pointers.
agent-config-store Key-value config store for LLM agents with typed accessors
agent-context-builder Compose LLM system prompts from named sections with ordering and conditionals
agent-context-slice Extract a bounded context slice from a long LLM conversation history
agent-conversation-state Track conversation state and phase transitions for LLM agents
agent-cost-tracker Track API costs across an LLM agent session
agent-deadline Cooperative per-task deadline primitive for AI agent workflows.
agent-decision-log WHY-layer decision log for AI agents: record options considered, the option chosen, the rationale, and the outcome, then persist as JSONL.
agent-epoch-counter Named counters that reset on epoch boundaries for per-session rate tracking
agent-error-recovery Composable error recovery strategies for LLM agent tool calls
agent-event-bus Tiny in-process pub/sub for agent loop events. Sync-only Rust mirror of the Python agent-event-bus library: register handlers by event name (or `*` for every event), emit, and remove via opaque Subscription handles. Subscriber panics are isolated so the bus keeps dispatching.
agent-event-emit Structured event emitter for agent runs. Append-only, JSON-line-serializable events with monotonic ids, run id, and timestamps. Zero deps beyond serde_json.
agent-event-log Structured lifecycle event log for AI agent runs
agent-feature-gate Feature flags and capability gates for AI agent tool access
agent-fn-registry Registry of LLM agent tools: callable + schema + side-effects + defaults
agent-health-check Health status tracker for LLM agent components
agent-heartbeat Periodic heartbeat recorder and stall detector for AI agents
agent-knowledge-base Simple keyword-indexed knowledge base for LLM agents
agent-lock Cooperative execution lock to prevent concurrent agent runs on the same key
agent-memory-store Simple key-value memory store for AI agents — persist facts across turns
agent-message-window Sliding window of recent LLM conversation turns with paired-protection: never drop a tool_use without its tool_result sibling. Zero deps (serde_json only).
agent-output-filter Filter and transform LLM agent output before delivery
agent-persona Define and apply personas for LLM agent system prompts
agent-prompt-history Rolling history buffer for LLM conversation turns
agent-rate-limiter Token bucket rate limiter for LLM agent API calls
agent-reflection Self-evaluation and reflection loop for LLM agent outputs
agent-replay-trace Load and step through JSONL agent traces
agent-run-id Generate and propagate correlation run IDs through agent sessions and HTTP headers
agent-run-metadata Attach structured metadata to AI agent runs for tracing and attribution
agent-scratchpad Scratchpad for intermediate reasoning steps in LLM agents
agent-session-id Generate and track session IDs for LLM agent conversations
agent-shadow-mode Toggle shadow mode for agent tool calls: record what would have happened without running real side-effecting code.
agent-state-machine Generic labeled state machine for AI agent control flows
agent-task-queue Priority queue of agent tasks with status tracking
agent-tool-allowlist Allowlist/blocklist guard for LLM agent tool calls
agent-tool-middleware Middleware pipeline for LLM agent tool call pre/post processing
agent-tool-timeout Per-tool deadline enforcement for LLM agent tool calls
agent-topic-tracker Track which topics have been covered in a conversation
agent-turn-limit Enforce a max-turn cap on LLM agent loops
agent-watchdog Watchdog that detects stuck or stalled LLM agent loops
agentcast Structured-output enforcer for LLM responses. Repair + validate + (optional) retry-with-LLM. BYO-LLM, BYO-schema.
agentfit Fit messages to an LLM context window. Token-aware truncation with pluggable tokenizers and multiple strategies.
agentguard Network egress firewall for AI agent tools. Declarative domain allowlist; throws on violation. Optional reqwest-middleware integration.
agentidemp Idempotency keys for LLM agent retries. Deterministic content-derived keys (UUIDv5 or sha256-hex) so retries dedupe at the provider.
agentprompt LLM prompt templates with Jinja2 syntax. Render system/user/assistant turns into a typed message list, ready for the Anthropic or OpenAI SDK.
agentsnap Snapshot tests for AI agent traces. Record once, replay-and-compare on every run; the agent equivalent of Jest snapshots.
agenttap Wire-level prompt introspection for LLM SDK calls. See exactly what was sent, with credentials redacted by default.
agenttrace Cost + latency aggregation for LLM agent runs. Group calls into named runs, get totals, p50/p95, and per-model breakdowns. Composes with cachebench.
agentvet Validate LLM-generated tool args before execution. Throws a structured ToolArgError with LLM-friendly retry hints when the model hallucinates wrong types or missing fields.
annflat-core Pure-Rust core for annflat: small in-memory flat-file ANN over f32 vectors.
bedrock-cost Calculate AWS Bedrock invocation cost across vendors (Llama, Mistral, Cohere, Titan, AI21). Cross-region inference profile aware. No SDK dependency.
bm25-rerank BM25 reranker for RAG: in-memory term-frequency reranking against a small candidate set. Stateless, zero deps.
bom-strip Strip UTF-8/16/32 BOM bytes and stray U+FEFF code points from text before parsing or hashing. Zero deps.
cachebench Prompt-cache observability for LLM APIs. Per-call hit ratio, cost saved, regression alerts. Anthropic, OpenAI, Bedrock.
char-token-est Tokenless byte/char-based token-count estimator for LLM prompts. Per-model-family calibration for Claude, GPT, Gemini, Llama. Zero deps.
chunk-flush Flush-on-newline buffer for streaming LLM output. Holds bytes until a newline or N millis pass, then yields a complete chunk. Zero deps.
citecite Citation-marker [1] [2] injector + parser for RAG outputs. Round-trips between sources and rendered text.
claude-cost Calculate Claude API call cost from a usage block. Cache-aware (cache_creation, cache_read), supports Anthropic API and AWS Bedrock model IDs, BYO pricing override. No SDK dependency.
claude-stream Parse Anthropic's Server-Sent Events stream into typed events. No SDK dependency — feed it bytes, get back message_start, content_block_delta, etc.
code-chunk Split source code into RAG-friendly chunks that respect function and class boundaries. Brace and indent-aware, language-agnostic heuristics. Zero deps.
content-cas Content-addressed cache primitive: store bytes under their SHA-256 hex, retrieve by hex, atomic on-disk persistence. Zero deps.
conversation-codec JSONL save/load for LLM conversation messages with optional per-message redaction. Zero deps beyond serde_json.
cosine-fast Hot-loop cosine similarity for f32 slices. Auto-vectorized scalar core, optional precompute-norms helper. Zero deps.
cost-meter Aggregate LLM API cost across providers, models, and time windows. Provider-agnostic — pairs with claude-cost, openai-cost, gemini-cost, bedrock-cost. No SDK dependency.
embed-key Deterministic cache key for an embedding request: hash text + mix in provider, model, and dimensionality. So a cache survives model upgrades without false hits. Zero deps.
embedcache-core Pure-Rust core for embedcache: a content-addressed embedding cache.
embedrank Batched cosine, dot, L2 distance for f32 embeddings, with a heap-based top-k selector. No BLAS, no allocator surprises.
emoji-sanitize Normalize or strip emoji-related Unicode (presentation selectors, variation selectors, zero-width joiners) from text before LLM input. Zero deps.
eval-flake-rs Detect flaky LLM eval cases by tracking pass/fail across repeated runs. Returns per-case flip-rate and an overall flakiness score. Zero deps.
gemini-cost Calculate Google Gemini API call cost from a usage block. Cache-aware, supports Gemini 2.5 Pro/Flash/Flash-Lite and 2.0 families, BYO pricing override. No SDK dependency.
gold-cmp Pairwise comparison runner for gold-set LLM evals: A vs B winner counting, statistical-significance helper, win-rate summary. Zero deps.
homoglyph-detect Detect Cyrillic/Greek lookalike chars masquerading as ASCII. For prompt-injection and phishing defense. Zero deps.
html-entity-fix Decode HTML entities (& < > " ' numeric refs) that LLMs sometimes emit in plain-text output. Zero deps.
json-pluck Pluck a single value out of a serde_json::Value by dotted path or simple JSONPath. Lossy, forgiving, intended for LLM-emitted JSON.
json-streamparse-rs Streaming JSON balance detector: feed bytes incrementally, ask whether the buffer currently holds a complete top-level value. String/escape aware. Zero deps.
latency-buckets Streaming histogram + percentile estimator for LLM call latencies. Fixed log-scale buckets, O(1) record, p50/p90/p95/p99 in microseconds. Zero deps.
lineify Turn a token-by-token stream into stable line events. Buffer until a newline arrives, then emit the whole line. Zero deps.
llm-budget-window Time-windowed token + USD budget. Define multiple rolling windows (e.g. $5/minute, $100/day) and reject when any window's cap would be breached. Thread-safe, zero deps.
llm-circuit-breaker Tiny circuit breaker for LLM API calls. Opens after N consecutive failures, half-opens to probe after a reset window, closes on success. Thread-safe, no async runtime lock-in.
llm-content-blocks Typed fluent builder for Anthropic Messages-API content blocks (text, image, tool_use, tool_result, document). Emits the exact JSON shape the API expects. No SDK dependency.
llm-context-budget Track and enforce context window budget for LLM conversations
llm-cost-cap Pre-flight USD cost gate for LLM calls. Estimate input plus output cost from token counts and reject calls that would exceed a configured cap.
llm-error-class Classify LLM provider error responses (rate-limit, auth, server, context-window, content-policy, malformed). Anthropic, OpenAI, Google, AWS Bedrock. Zero deps.
llm-fallback-chain Multi-provider failover for LLM calls. Try provider A, fall back to B then C on failure.
llm-fallback-router Multi-provider failover for LLM calls. Try Anthropic, fall back to OpenAI/Gemini/Bedrock on retryable errors. Per-attempt audit log. Zero runtime deps. BYO clients.
llm-json-extractor Extract JSON from LLM outputs that may contain preamble or postamble text
llm-json-repair Clean and parse JSON emitted by LLMs. Strips markdown fences, trailing commas, and surrounding prose so serde_json::from_str works.
llm-message-dedup Remove duplicate or near-duplicate messages from LLM conversation history
llm-message-dispatch Route incoming messages to named handlers based on keyword or prefix rules
llm-message-hash Stable canonical hash of LLM request/message structures. Recursive key-sorting JSON canonicalization + sha256, with per-provider ignore-lists so semantically-equal Anthropic/OpenAI/Bedrock requests produce the same hash. Useful for cache keys and idempotency.
llm-mock Deterministic mock LLM for testing agent pipelines
llm-model-selector Select the best LLM model based on task requirements and budget
llm-multi-turn-builder Fluent builder for LLM multi-turn conversation message lists
llm-output-validator Rule-based validator for LLM output strings. Enforce length, regex, JSON, allowed values, or custom predicates.
llm-pii-redact Regex-based PII redaction for LLM prompts and tool outputs, with reversible placeholders.
llm-prefix-match Check if LLM output matches expected prefix patterns for accept/reject gating
llm-prompt-cache-stats Track Anthropic prompt cache hit rates and savings
llm-provider-id Normalize and parse LLM provider and model identifiers
llm-request-log Structured log of LLM API requests with IDs, timing, and token counts
llm-response-cache In-memory LRU cache for LLM responses keyed by request hash
llm-response-window Sliding window of recent LLM responses for context tracking
llm-retry Runtime-agnostic exponential backoff with full jitter for LLM API calls. Built-in retryable-error code lists for Anthropic, OpenAI, AWS Bedrock, Google. Sync + tokio. Pure-std core.
llm-sampling-params Builder for LLM sampling parameters (temperature, top_p, top_k, stop sequences)
llm-stop-conditions Composable stop conditions for LLM agent loops: max iters, USD, tokens, seconds, no-progress, custom.
llm-stop-token-guard Detect if LLM output was truncated by a stop token or max-tokens limit
llm-stream-accumulator Accumulate LLM streaming chunks into a complete response
llm-structured-retry Retry LLM calls by injecting previous error as a follow-up user message
llm-think-tag-strip Strip <thinking>/<think> reasoning blocks from LLM output (Claude, DeepSeek, etc.)
llm-token-split Split long text into overlapping chunks for LLM context windows
llm-tool-registry Registry of available tools with schema for LLM agents
llm-turn-counter Count LLM conversation turns with per-role breakdown and limit enforcement
llmfleet Fleet-level batch dispatcher for LLM APIs. Pool requests across tasks, route to provider Batch APIs, save 50% on cost without rewriting your agent loops.
lru-tokens LRU cache where eviction is weighted by token count, not entry count. Bound a prompt cache by tokens (or any other size unit) instead of N entries. Zero deps.
lshdedup-core Pure-Rust core for lshdedup: MinHash + LSH near-duplicate detection.
markdown-chunk Split Markdown into RAG-friendly chunks that respect heading hierarchy. Keeps each chunk under a soft char cap; never splits inside a fenced code block. Zero deps.
markdown-strip Strip Markdown formatting (headers, bold, italic, links, code, blockquotes) to plain text. Conservative, fast, zero deps.
maskprompt-core Pure-Rust core for maskprompt: PII redaction for LLM prompts.
mmr-rerank Maximal Marginal Relevance reranker for RAG: diversify a set of retrieved documents by balancing query-relevance against pairwise novelty. Zero deps.
openai-cost Calculate OpenAI API call cost from a usage block. Cache-aware (cached_input_tokens), supports GPT-5, GPT-4.1, o3, o4 model families, BYO pricing override. No SDK dependency.
otel-genai-bridge Translate LLM telemetry attributes between OpenInference and OpenTelemetry GenAI semantic conventions. No telemetry SDK dependency.
output-sanitize-rs Strip dangerous HTML/SQL/shell snippets from LLM output before render, query, or shell sinks. Rust port of @mukundakatta/llm-output-sanitizer. Zero deps.
prompt-cache-key Stable Anthropic prompt-cache scope hashes. Given (system, tools, model), produce a deterministic key that survives benign reordering.
prompt-cache-warmer Pre-warm Anthropic prompt cache before user traffic. Injects cache_control breakpoints, fires a tiny warmup call, optionally verifies the cache hit, and reports tokens, latency, and estimated cost. No SDK dependency.
prompt-eval-rubric Score LLM outputs against named 0.0-1.0 rubrics. Rubrics rank; validators reject. Weighted aggregation, exception-isolated scoring.
prompt-fence-strip Strip ```code fences```, leading prose, and trailing chatter from LLM output so the structured payload survives. Zero deps.
prompt-hash Deterministic cache key for an LLM prompt: normalize whitespace, hash messages, mix in model + temperature. Pairs with semantic-cache-key. Zero deps.
prompt-inj-rs Prompt-injection risk scanner. Rust port of @mukundakatta/prompt-injection-shield. Returns a 0-1 score plus per-rule findings. Zero deps.
prompt-length-guard Enforce minimum and maximum length constraints on LLM prompts
prompt-part-builder Build structured prompt parts: instruction, example, context, format, constraint
prompt-shield Pattern-based prompt-injection detection for LLM apps.
prompt-token-counter Approximate token counts for LLM messages, system prompts, and tools. Zero-config chars/4 heuristic, BYO tokenizer, content-block aware (text/image/tool_use/tool_result/document). One serde_json dep.
promptbudget Token-budget-aware text truncation with multiple strategies. Bring-your-own tokenizer, no hard tiktoken dep.
promptver Hash and version prompt templates so eval results, cache keys, and audit logs stay stable when templates change. Whitespace-normalized SHA-256. Zero deps.
ragdrift Five-dimensional drift detection for production RAG systems. Re-export of ragdrift-core.
ragdrift-core Pure-Rust core for ragdrift: 5-dimensional drift detection for RAG systems.
ragmetric IR metrics for RAG retrieval evaluation: recall@k, MRR, NDCG@k, hit@k. Pure data ops, no model dependencies.
regex-pii-rs Regex-only PII detector for emails, phones, SSNs, credit cards, and prefixed API keys. Rust port of pii-sentry. Zero deps.
rerank-blend Blend N RAG reranker score streams (dense, BM25, cross-encoder) with configurable weights and rank-aware normalization. Zero deps.
rtl-flip-detect Detect right-to-left override (U+202E) and other bidi-control characters that flip rendering of strings. Used in filename-spoof and prompt-injection attacks. Zero deps.
schema-coerce Coerce LLM JSON values to a simple field-schema: string->int, bool, float; strip wrapper objects; fill defaults. Forgiving structured-output recovery.
secret-mask Mask known secret patterns (API keys, JWTs, AWS access keys, GitHub tokens) in log lines before they reach stdout/files/sinks. Zero deps.
secretsniff-core Pure-Rust core for secretsniff: source-code secret scanner.
snipsplit-core Pure-Rust core for snipsplit: token-aware text chunker for RAG ingestion.
sse-frame Streaming parser for Server-Sent Events frames as used by LLM APIs (OpenAI, Anthropic, Vertex). Push bytes, get back complete event records. Zero deps.
step-id Stable IDs for agent steps: deterministic hash of (run_id, step_index, kind) so events and traces share keys across reruns. Zero deps.
stopstream Streaming-safe stop-sequence detector for LLM token streams. Handles partial matches at chunk boundaries.
stream-chunkrec Recombine LLM streaming token deltas into stable text. Buffers partial words, handles UTF-8 fragments across chunks. Zero deps.
textsanity-core Pure-Rust core for textsanity: unicode/whitespace/encoding cleanup.
tiktoken-stream Streaming token counter for partial LLM responses. Accumulates token count across chunks without holding the full text. Pluggable estimator function. Zero deps.
token-budget-pool Shared token + dollar budget across concurrent LLM tasks. Thread-safe, returns BudgetExceeded when a record would push past a cap. Zero deps.
toklab-core Pure-Rust core for toklab: bulk tokenizer + counter for OpenAI BPE encodings.
toml-repair Repair messy TOML emitted by LLMs: strip markdown fences, normalize line endings, fix common quote-style slips, trim trailing whitespace. Zero deps.
tool-arg-coerce Fix common type slips in LLM-generated tool arguments: string->int/float/bool, single-element array->scalar, null->default. Lossy and forgiving.
tool-arg-defaults Apply per-tool default kwargs to LLM-generated tool calls. Caller-supplied values always win. Null is a real value, not 'use the default'. Operates over serde_json::Value.
tool-arg-fuzzy Fuzzy-match LLM-generated args to JSON Schema enum values. Zero-Levenshtein cascade (exact / case-insensitive / prefix / substring) with ambiguity guard. coerce_enums rewrites enum-constrained string properties before strict validation.
tool-call-batcher Queue multiple pending tool calls and flush them as a batch
tool-call-budgets Per-tool call count caps for AI agents. Stops runaway tool loops before they hit the invoice.
tool-call-plan Build and execute ordered tool call plans for LLM agents
tool-call-trace Record and replay tool call traces for LLM agents
tool-input-sanitizer Sanitize and normalize LLM tool call inputs before execution
tool-loop-break Detect repeated agent tool invocations to break runaway loops. Tracks recent (tool, args_hash) tuples and signals a loop when count exceeds a threshold. Zero deps.
tool-loop-guard Detect when an LLM agent gets stuck calling the same tool with the same args. Sliding-window guard that raises on repeated (tool_name, args) pairs. Custom key function support, zero heavy deps.
tool-output-schema Validate and enforce JSON schema on LLM tool outputs
tool-output-truncate Truncate tool output (file reads, command runs, search hits) before adding to LLM message history. Char-aware head/middle/tail strategies with a configurable elision marker. Zero deps.
tool-result-aggregator Collect and merge multiple tool call results into a single JSON object
tool-result-cache Content-addressable LRU cache for LLM agent tool calls. Same tool, same args -> same answer, returned from memory. Optional TTL, content-addressable on (tool_name, args) with canonical-JSON keys.
tool-retry-policy Declarative retry policy for LLM tool calls: per-tool max-attempts, exponential backoff, jitter, retriable-error filter. Returns a sleep duration; you run the call. Zero deps.
tool-secret-scrubber Strip secrets (API keys, JWTs, bearer tokens, AWS keys, etc.) from arbitrary JSON-like values before they hit your logs. Walks objects/arrays, preserves shape, never mutates input.
tool-side-effects-tag Declare what an LLM agent tool actually does (read, write, idempotent, destructive, external, expensive, network) so the scheduler / retry layer can decide what's parallel-safe and retry-safe. Zero runtime deps; serde optional.
tool-timing-budget Total wall-clock time budget across all tool calls in an agent run
trace-diff Diff two agent traces semantically: align by event type + key, ignore timestamps and ids, return added/removed/changed steps. Zero deps beyond serde_json.
trace-redact Redact sensitive fields (api keys, tokens, emails, phone numbers) from agent traces before exporting to OTel or a log sink. Zero deps.
vecnorm-core Pure-Rust core for vecnorm: bulk vector ops on f32 matrices.
yaml-repair Repair messy YAML emitted by LLMs: strip markdown fences, tabs->spaces, dedent leading whitespace, normalize line endings. Returns cleaned text suitable for any YAML parser. Zero deps.
zero-width-strip Strip zero-width and bidi-control Unicode characters from text. Defends against invisible-payload prompt injection. Zero deps.

Mukunda Rao Katta — package inventory

npm packages (144 on registry.npmjs.org)

PyPI packages (52 on pypi.org)

crates.io crates (176 on crates.io)

MCP Registry servers (20 on registry.modelcontextprotocol.io)