AgentOpsSec Stack

AgentOpsSec is a stack of small standalone tools. The stack CLI is the one entry point for setup, scanning, monitoring, and wrapped agent runs — without coupling the tools to each other.

It does not import code from the other projects. It detects which tools are installed, runs them as commands, and connects them through local JSON reports and log files. Every project still works on its own.

One install, one config (.agentopssec/config.json), and a strongest-available wrapper chain when you start an agent.

• Which AgentOpsSec tools are installed on this machine?
• Which profile fits this project — minimal, security, observe, or full?
• How do I run an agent with all of my safety tools chained together?
• How do I wire a single CI step to gate on risk + budget + review?
• How do I wrap codex / claude / gemini transparently from my shell?
• What files are the integration boundary between tools?

One command. No account. No telemetry.

1# 1. install the orchestrator
2npm install -g agentopssec
3 
4# 2. set up a project (asks before installing missing sub-tools)
5agentopssec init
6agentopssec check
7 
8# 3. run an agent through the strongest available chain
9agentopssec start -- codex "work on this repo"

Pick a profile during init — it sets which tools are enabled out of the box.

Stack picks the strongest available wrapper chain for the agent you launch.

Stack does not import other tools — it talks to them through these local files. Run `agentopssec contract` for the active layout.

1.agentopssec/config.json
2.agentopssec/mcp-doctor-scan.json
3.agentopssec/mcp-radar-doctor.json
4.mcp-firewall/logs.jsonl
5.agent-flight/runs/*.json
6.agent-sandbox/runs/*.json
7.agent-cost/records.jsonl

Route normal agent commands through agentopssec start, transparently.

1eval "$(agentopssec init-shell)"
2 
3codex "fix tests"
4claude "review this repo"
5gemini "summarize the diff"
6opencode "refactor this file"
7 
8# or default to running through Agent Sandbox
9eval "$(agentopssec init-shell --sandbox)"