GitHits
GitHits MCP gives AI agents access to open-source code search, package docs, real-world examples, dependency metadata, changelogs, and vulnerability context for better software development decisions.
Documentation
GitHits CLI
Version-aware open-source context for agentic software development.
Website · Documentation · Issues
GitHits connects AI coding agents to public open-source evidence across the full software development lifecycle: discovery, planning, research, implementation, debugging, and maintenance.
The CLI runs a local MCP server that your coding tool starts on demand. Agents can then search indexed package and repository source, read exact files and documentation pages, inspect package health, compare dependency upgrades, and find source-cited examples from real open-source projects when model knowledge and local repository context are not enough.
Quick Start
npx githits@latest init
init signs you in, detects supported coding tools, and configures the local
GitHits MCP server for the tools you select.
Automatic setup currently supports Claude Code, Cursor, Windsurf, VS Code / Copilot, Cline, Claude Desktop, Codex CLI, Pi, Gemini CLI, Google Antigravity, OpenCode, Hermes Agent, Zed, Junie, Qwen Code, Kiro, Kilo Code, Factory Droid, and Amazon Q CLI.
After setup, open your coding agent and work normally. Many agents call GitHits when they need source-backed context. If your agent starts guessing, prompt it directly:
Use GitHits Code Navigation to inspect npm:express. Find how middleware
errors are handled, read the relevant source, and explain the fix before
editing code.
What GitHits Adds
GitHits is designed for the point where an agent needs evidence from the broader open-source ecosystem, not just model memory or local repo context:
| Capability | MCP tools | CLI commands |
|---|---|---|
| Code examples | get_example, search_language | githits example, githits languages |
| Code navigation | search, search_status, code_files, code_read, code_grep | githits search, githits search-status, githits code ... |
| Documentation access | docs_list, docs_read | githits docs ... |
| Package inspection | pkg_info, pkg_vulns, pkg_deps, pkg_changelog, pkg_upgrade_review | githits pkg ... |
| Feedback | feedback | githits feedback |
Use GitHits when your agent needs to:
- discover, plan, or research how OSS projects solve a vague issue or unfamiliar error
- find broad prior art or rare needle-in-the-haystack examples across repositories
- inspect source, tests, symbols, or docs for a known package or repository
- verify how a dependency actually behaves before changing code
- debug stack traces that point into third-party code
- review package health, licenses, vulnerabilities, dependencies, and changelogs
- compare dependency upgrades using factual evidence
Examples
Find prior art across open source:
npx githits@latest example "HTTP retries with exponential backoff in Python"
Search indexed code, docs, and symbols for a dependency:
npx githits@latest search "router middleware" --in npm:express
npx githits@latest search '"body parser" OR multer' --in npm:express --source docs
npx githits@latest search "debounce" --in npm:lodash --source symbol
Read and grep dependency source without cloning:
npx githits@latest code files npm:express lib
npx githits@latest code read npm:express lib/router/index.js --lines 120-200
npx githits@latest code grep npm:express "router.use" lib --regex
Inspect package health and upgrade evidence:
npx githits@latest pkg info npm:express
npx githits@latest pkg vulns npm:[email protected] --severity high
npx githits@latest pkg deps npm:[email protected] --depth 2
npx githits@latest pkg changelog npm:express --from 4.18.2 --to 5.2.1
npx githits@latest pkg upgrade-review npm:[email protected] --to 4.4.3
Browse and read package documentation:
npx githits@latest docs list npm:express
npx githits@latest docs read <page-id> --lines 20-80
Supported Sources
GitHits works with package and repository targets such as:
- package specs:
npm:react,npm:[email protected],pypi:requests,crates:serde - GitHub repos:
https://github.com/expressjs/express,github:expressjs/express#main
Package inspection supports npm, PyPI, Hex, Crates, NuGet, Maven, Packagist, RubyGems, Go, Swift, vcpkg, and Zig. Advisory data is unavailable for vcpkg and Zig; dependency graph support varies by registry.
License Filtering
Code example search supports license filtering:
strictis the default and filters repositories with copyleft or undeclared licensescustomuses your account blocklist configured at githits.comyolodisables license filtering
npx githits@latest example "async file reading" --lang python --license strict
Authentication
Normal local setup is handled by:
npx githits@latest init
For manual login:
npx githits@latest login
Browser OAuth is recommended for local development. Credentials are stored in the system keychain by default and refreshed automatically. Useful flags:
init --no-browserorlogin --no-browserprints a login URL for SSH, containers, or headless sessionslogin --forcere-authenticates even if you are already logged inlogin --port <port>uses a specific local callback port
For CI or non-interactive environments, use an API token:
export GITHITS_API_TOKEN=ghi-your-token-here
Inspect auth and runtime state with:
npx githits@latest auth status
npx githits@latest doctor
See the authentication docs for keychain behavior, file storage mode, CI setup, and troubleshooting.
Manual MCP Setup
If your coding tool is not auto-configured by init, add GitHits to its MCP
configuration manually:
{
"mcpServers": {
"githits": {
"command": "npx",
"args": ["-y", "githits@latest", "mcp", "start"]
}
}
}
Your tool runs this command over stdio. No background daemon or global install is required.
To remove configuration written by init:
npx githits@latest init uninstall
This removes GitHits MCP configuration and preserves stored credentials. Run
npx githits@latest logout separately to remove credentials.
Project Setup
For project-local MCP config, run:
npx githits@latest init --project
Project setup is available only for tools with verified project-local MCP support. Project config contains no secrets, but it may be committed like other tooling configuration, so review generated files before adding them to source control.
Agent-safe non-interactive setup uses staged discovery and explicit install:
npx githits@latest init --detect-agents --json
npx githits@latest init --install-agents cursor,codex
Plugin and Extension Packaging
The npm package also includes the existing plugin and extension assets used by compatible hosts:
.plugin/plugin.json.claude-plugin/plugin.json.claude-plugin/marketplace.json.mcp.jsongemini-extension.jsonGEMINI.mdplugins/claude/skills/commands/
For Claude Code marketplace installs:
claude plugin marketplace add githits-com/githits-cli
claude plugin install githits@githits-plugins
For Gemini CLI extension installs:
gemini extensions install https://github.com/githits-com/githits-cli
Command Reference
githits init Connect GitHits to your coding agents
githits init uninstall Remove GitHits MCP configuration
githits login Sign in to your GitHits account
githits logout Remove stored credentials
githits mcp Show setup instructions or start the local MCP server
githits mcp start Always start the local MCP server over stdio
githits example Find real-world implementations from open source
githits languages List or filter supported programming languages
githits feedback Submit feedback about GitHits results
githits doctor Diagnose configuration and auth state
githits search Explore repository code, dependencies, docs, and symbols
githits search-status Check the status of a previous indexed search
githits code List, read, and grep indexed dependency source
githits pkg Inspect package metadata, vulnerabilities, deps, and changelogs
githits docs Browse and read package documentation
githits auth Manage authentication
githits auth status Show authentication status
Full CLI reference: https://docs.githits.com/cli/commands
Environment Variables
Most users do not need environment variables. These are the common overrides for CI, auth storage, and local diagnostics:
| Variable | Purpose | Default |
|---|---|---|
GITHITS_API_TOKEN | API token for authentication | unset |
GITHITS_AUTH_STORAGE | Override OAuth storage mode: keychain or file | keychain |
GITHITS_DISABLE_UPDATE_CHECK | Disable npm latest-version update notices | unset |
GITHITS_TELEMETRY | Emit local timing diagnostics to stderr | unset |
Full reference: https://docs.githits.com/cli/environment-variables
Source Layout
This repository contains the GitHits CLI and reusable MCP package:
src/- CLI commands, local auth, setup flows, and local MCP stdio startuppackages/mcp/- public@githits/mcppackage for transport-neutral MCP server APIs, tool registration, instructions, and smoke-test helperspackages/core-internal/- shared workspace implementation used by the CLI and MCP packagedocs/- implementation notes and contributor guidelinesscripts/- package validation, smoke tests, and development utilities
Development
Requirements:
- Node.js
^20.12.0 || >=22.13.0 - Bun
Common commands:
bun install
bun run dev --help
bun test
bun run typecheck
bun run build
When changing MCP tools, CLI commands, shared formatters, auth/error envelopes, or MCP/CLI parity behavior, also run the relevant smoke suites:
bun run smoke:mcp
bun run smoke:cli
When changing MCP instructions, tool descriptions, or agent-facing behavior,
use the targeted agent evals described in eval/agentic/README.md:
bun run agent:e2e
License
Apache-2.0