The operating layer for Node.js repos
npm installs. Git stores history. Test runners test. Scanners scan. But nobody owns the operating contract between them. xops does: it detects the repo, routes work to the right native owner, explains risk, and gives humans and code agents deterministic plans before anything dangerous happens.
$ npm install -g @x12i/xops
Or run without installing: npx @x12i/xops@latest --full-flow
Native tools keep authority. xops owns the operating contract.
One deterministic command surface across repo tools.
Less archaeology, safer releases, clearer next steps.
Agents need contracts, not another shell prompt.
The positioning
xops started with the painful part of Node.js work: multi-package release. That proved the wedge. A real release is not one npm command; it is discovery, dependency order, install, build, test, pack safety, publish, push, journaling, and recovery. The same operating gap exists across the rest of the repo.
Modern repositories are operated through package managers, git, branch workflow tools, CI, tests, scanners, dependency bots, API collections, deployment config, and code agents. Each tool owns a domain. xops owns the contract between domains.
One operating surface, top to bottom
Repo work crosses tool boundaries. Without a contract, humans do archaeology and agents guess. xops turns repo state into an operating plan.
xops is not another package manager, git client, scanner, or CI engine. It keeps native owners in charge and adds routing, safety, memory, and approval boundaries.
Fewer commands to remember, fewer missed steps, safer publish paths, clearer failures, and machine-readable plans agents can consume without hanging.
What xops gives you back
npm does its job. The workflow around it — ordering, safety, sequencing — nobody built that part.
Learn why →xops ops status detects what exists across the repo — read-only, no setup, no surprises.
Evidence-based suggestions, not a generic checklist. Already-present tools are never recommended again.
See how →Package managers, CI, security scanners, MaGit, utilitix, and more — each tool keeps its job.
See supported tools →Type xops for the next step — branch work routes straight to GitButler, no second CLI to remember.
Pack check, sensitive-file block, post-bump re-validation — before anything reaches the registry.
Publish safety →Tarball inspection catches weaponized binding.gyp — no CVE, no advisory required.
Install security →Deterministic phrase catalog — not an LLM. Same input, same command. Safe to script.
See how →No install needed — the same phrase catalog, running live in your browser.
Try it now →JSON plans, deterministic exits, no hidden prompts — plus what an agent can run without approval, and what still needs your --yes.
dependsOn controls publish order. Local file: dev links sync to registry ranges for publish, then restore.
Submit fixes, pull the fixed version, verify. Change requests become traceable — not permanent workarounds.
See how →Every run is journaled. One command restores the exact prior state. Try things without consequences.
See how →Setup plans show packages, files, commands, risks, and approval requirements before anything changes.
See how →xgit status, xgit push — natural git passthrough plus monorepo cross-solve.
xops scripts init and init runbook — preflight, core, ordered publish shell for agents.
xops exports fix normalizes import/require export maps when dual build artifacts exist.
Global, npx, or CI — same command everywhere. Run xops doctor to verify your environment.
Get started →Does it replace npm? Is ask an LLM? What if publish works but push fails?
Read FAQ →Every flag, passthrough rule, and copy-paste example in one place.
See all →What runs when you type one command
xops --full-flow
Find all packages under the current directory
Sort local packages by dependency order
Scan new dependency tarballs for Phantom Gyp before install
Align dependencies before build and test
Run builds in correct order, stop on failure
Block the publish path if tests fail
Inspect what npm would actually publish
Hand off to real npm binary, in order
Structured result for humans, CI, and agents