Fossick

Prospect across all of GitHub from your AI agent.

Find libraries, discover gems, search code patterns, and read real production code — across 200M+ repos, PyPI, and npm.

Contents

• What is Fossick
• Examples
• Installation
• Tools
• Why Fossick
• FAQ
• Configuration
• Development
• License

What is Fossick

fossick /ˈfɒsɪk/ verb (Australian/NZ) — to prospect or rummage for gems, especially the small-scale kind of mining where you sift creek beds and old tailings looking for what bigger operators missed.

That's exactly what this tool does — but for code.

Fossick gives your AI agent seven read-only tools to prospect across all of GitHub, PyPI, and npm, covering the full discovery loop end-to-end:

1. Search and discover. Sift 200M+ repos with multi-query relevance ranking, find the small-but-good libraries that bigger tools bury, look up packages on PyPI and npm.
2. Drill into any repo without cloning. Browse a remote repo's tree with depth and glob filters, read any file at any branch/tag/commit, and goto-definition for any class, function, or type — all on remote GitHub, no local checkout needed.
3. Search code patterns across all of GitHub. Full-text, regex, qualifier-aware search across every public file — find how an API is actually used in production, not just in the docs.

Useful any time you'd benefit from your agent reaching into the world's largest code corpus:

• Pick the right library. Find a small, focused, actively-maintained option for any task — not just the most popular one.
• Discover hidden gems. Surface the 500-star library that ranks higher on relevance than the 50,000-star incumbent.
• Drill into a repo you found. Walk its layout, read its README, find where its core API is defined — without git clone.
• Find usage patterns in real code. Search how an API is called in production, then read the matched files in context.
• Get inspired. See how others structured similar projects, what patterns they used, what tradeoffs they made.
• Stay current. Discover what's trending, just-released, or new in an ecosystem — past your model's training cutoff.

It does not do code archaeology — git blame, PR history, version diffs. Reach for git and gh for that.

Examples

Once Fossick is connected, here's the kind of thing you can ask your agent.

Discover libraries and packages

• "Find me a small, actively-maintained Rust TUI library — something newer than ratatui."
• "What are people using instead of LangChain these days?"
• "Show me trending Python web frameworks released in the last 90 days."
• "What's a good lightweight alternative to Pydantic for runtime validation?"

Drill into a specific repo

• "Browse the structure of astral-sh/uv — what's in crates/?"
• "Read the main __init__.py from pydantic/pydantic."
• "Where is the Stream class defined in anthropics/anthropic-sdk-python?"
• "What's the latest release of modelcontextprotocol/python-sdk and when did it ship?"

Find code patterns in the wild

• "How do production FastAPI apps actually set up structured logging with structlog and asyncio?"
• "Show me real examples of tokio::select! being used with timeout cancellation."
• "Find Dockerfiles that build multi-stage Python images with uv."
• "How are people calling the OpenAI API streaming endpoint from Go?"

Vet a dependency before adopting it

• "Is the requests library still maintained?"
• "Compare freshness of httpx vs aiohttp — last release dates, recent activity."
• "Who actually uses msgspec? Show me real usage in production codebases."
• "Find the GitHub repo behind the polars PyPI package and check its last release."

Installation

Prerequisite: uv — install with curl -LsSf https://astral.sh/uv/install.sh | sh. Then uvx will download and run Fossick on demand. No clone needed.

Claude Code

Three install scopes. Pick the one that matches how you want Fossick to be available — globally, shared with your team, or just for you in one project. The scope flag controls where the config gets written (Claude Code MCP scopes).

Global (recommended for personal use)

Available in every project on your machine. Stored in ~/.claude.json, private to your user account.

claude mcp add fossick --scope user uvx fossick-mcp

Team-shared (committed to git)

Stored in .mcp.json at the project root, checked into version control. Anyone who clones the repo gets the same MCP server. Use this when the whole team should have Fossick.

claude mcp add fossick --scope project uvx fossick-mcp

This project only (default)

Local scope is the default. Only enabled in the current project, only for you. Stored in ~/.claude.json under this project's path — not committed, not shared with collaborators.

claude mcp add fossick uvx fossick-mcp

Manual install

If you'd rather skip the CLI, write the config yourself. The JSON shape is the same regardless of scope — only the file changes:

• ~/.claude.json for user / local scope
• .mcp.json (project root) for project scope

{
  "mcpServers": {
    "fossick": {
      "command": "uvx",
      "args": ["fossick-mcp"]
    }
  }
}

Other clients

{
  "mcpServers": {
    "fossick": {
      "command": "uvx",
      "args": ["fossick-mcp"]
    }
  }
}

code --add-mcp '{"name":"fossick","command":"uvx","args":["fossick-mcp"]}'

{
  "mcpServers": {
    "fossick": {
      "command": "uvx",
      "args": ["fossick-mcp"]
    }
  }
}

{
  "mcpServers": {
    "fossick": {
      "command": "uvx",
      "args": ["fossick-mcp"]
    }
  }
}

{
  "mcpServers": {
    "fossick": {
      "type": "stdio",
      "command": "uvx",
      "args": ["fossick-mcp"]
    }
  }
}

codex mcp add fossick -- uvx fossick-mcp

[mcp_servers.fossick]
command = "uvx"
args = ["fossick-mcp"]

git clone https://github.com/Lipdog/fossick-mcp.git
cd fossick-mcp
uv sync

{
  "mcpServers": {
    "fossick": {
      "command": "uv",
      "args": ["run", "--directory", "/path/to/fossick-mcp", "fossick-mcp"]
    }
  }
}

Tools

Seven read-only tools, organized by their role in the discovery workflow.

Find candidates

Evaluate a candidate

Search code across GitHub

All tools are read-only, idempotent, and safe to auto-approve. Every response ends with hint-chained next steps so the agent knows what to do next.

Why Fossick

• Built for the discovery workflow. Tools follow the natural shape: find candidate → drill into it → read the API → see how others use it. Hint-chained next-step suggestions keep your agent on rails through the whole loop.
• Drill into any public repo without cloning. Browse remote repo trees with depth + glob filters, read any file at any branch/tag/commit, and run real AST-based symbol search to goto-definition for any class, function, or type — all on remote GitHub.
• Multi-query search with smart ranking. search_repos accepts a list of phrasings in one call and applies composite relevance ranking that prioritizes literal match over raw popularity — surfaces the 500-star gem that beats the 50,000-star incumbent.
• Lean on tokens by design. 7 focused tools (not 30+), formatted-markdown outputs (not JSON dumps), TTL caching, hint chaining that cuts agent reasoning turns, and multi-query search that bundles N requests into 1. Every tool description and response is sized to keep your context budget free for real work.
• Rate-limit aware. Tracks GitHub's Search and Core API buckets separately, sleeps on exhaustion, retries with exponential backoff.
• Zero config for gh users. Already have the GitHub CLI authenticated? Nothing to configure.
• Plays well with others. Read-only, idempotent, safe to auto-approve. Pair Fossick with github-mcp-server when you also need to act on your own repos (issues, PRs, Actions).

FAQ

Configuration

Authentication

Fossick resolves a GitHub token automatically:

1. GH_TOKEN, GITHUB_TOKEN, or GITHUB_PERSONAL_ACCESS_TOKEN env vars
2. gh auth token from the GitHub CLI — no config needed if you're already logged in

To pass a token explicitly:

{
  "mcpServers": {
    "fossick": {
      "command": "uvx",
      "args": ["fossick-mcp"],
      "env": { "GITHUB_TOKEN": "ghp_your_token_here" }
    }
  }
}

A token only needs public repo read access (no scopes selected is fine).

Rate limits

Fossick tracks both GitHub API buckets and pauses automatically when either is exhausted.

Retries use exponential backoff on rate-limited and transient errors. Results are cached briefly to avoid redundant API calls, with longer TTLs for content pinned to a specific commit SHA.

Development

Prerequisites

• Python 3.11+
• uv

Setup

git clone https://github.com/Lipdog/fossick-mcp.git
cd fossick-mcp
uv sync

Run

Launch the MCP server on stdio (for manual testing or local MCP-client config):

uv run fossick-mcp

Test

Unit and registration tests — no network, runs in seconds:

uv run pytest

Live integration tests — hits real GitHub against pinned modelcontextprotocol/[email protected]:

uv run pytest -m live

Build

uv build

Produces dist/fossick_mcp-<version>.tar.gz and the corresponding wheel.

Architecture

See CLAUDE.md for the full architecture tour, key patterns, and the recipe for adding new tools.

Star history

License

MIT — fossick away.