githits-cli
Health Pass
- License — License: Apache-2.0
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 43 GitHub stars
Code Pass
- Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions — No dangerous permissions requested
No AI report is available for this listing yet.
Command Line Interface for GitHits - Context Layer for Open Source
GitHits CLI
Version-aware open-source context for AI coding agents.
Website · Documentation · Issues
GitHits connects AI coding agents to the public open-source code, package docs,
metadata, vulnerabilities, changelogs, dependency graphs, upgrade evidence, and
real implementation examples they need when local repository context is not
enough.
The CLI runs a local MCP server that your
coding tool starts on demand. Agents can then search indexed package and
repository source, read exact files and documentation pages, inspect package
health, compare dependency upgrades, and find source-cited examples from real
open-source projects.
Quick Start
npx githits@latest init
init signs you in, detects supported coding tools, and configures the local
GitHits MCP server for the tools you select.
Automatic setup currently supports Claude Code, Cursor, Windsurf,
VS Code / Copilot, Cline, Claude Desktop, Codex CLI, Pi, Gemini CLI,
Google Antigravity, OpenCode, and Hermes Agent.
After setup, open your coding agent and work normally. Many agents call GitHits
when they need source-backed context. If your agent starts guessing, prompt it
directly:
Use GitHits Code Navigation to inspect npm:express. Find how middleware
errors are handled, read the relevant source, and explain the fix before
editing code.
What GitHits Adds
GitHits is designed for the point where an agent's model knowledge and local
repo access stop being enough:
| Capability | MCP tools | CLI commands |
|---|---|---|
| Code examples | get_example, search_language |
githits example, githits languages |
| Code navigation | search, search_status, code_files, code_read, code_grep |
githits search, githits search-status, githits code ... |
| Documentation access | docs_list, docs_read |
githits docs ... |
| Package inspection | pkg_info, pkg_vulns, pkg_deps, pkg_changelog, pkg_upgrade_review |
githits pkg ... |
| Feedback | feedback |
githits feedback |
Use GitHits when your agent needs to:
- verify how a dependency actually behaves before changing code
- inspect source, tests, symbols, or docs for a specific package version
- debug stack traces that point into third-party code
- review package health, licenses, vulnerabilities, dependencies, and changelogs
- compare dependency upgrades using factual evidence
- borrow implementation patterns from real repositories, issues, discussions, and pull requests
Examples
Find prior art across open source:
npx githits@latest example "HTTP retries with exponential backoff in Python"
Search indexed code, docs, and symbols for a dependency:
npx githits@latest search "router middleware" --in npm:express
npx githits@latest search '"body parser" OR multer' --in npm:express --source docs
npx githits@latest search "debounce" --in npm:lodash --source symbol
Read and grep dependency source without cloning:
npx githits@latest code files npm:express lib
npx githits@latest code read npm:express lib/router/index.js --lines 120-200
npx githits@latest code grep npm:express "router.use" lib --regex
Inspect package health and upgrade evidence:
npx githits@latest pkg info npm:express
npx githits@latest pkg vulns npm:[email protected] --severity high
npx githits@latest pkg deps npm:[email protected] --depth 2
npx githits@latest pkg changelog npm:express --from 4.18.2 --to 5.2.1
npx githits@latest pkg upgrade-review npm:[email protected] --to 4.4.3
Browse and read package documentation:
npx githits@latest docs list npm:express
npx githits@latest docs read <page-id> --lines 20-80
Supported Sources
GitHits works with package and repository targets such as:
- package specs:
npm:react,npm:[email protected],pypi:requests,crates:serde - GitHub repos:
https://github.com/expressjs/express,github:expressjs/express#main
Package inspection supports npm, PyPI, Hex, Crates, NuGet, Maven, Packagist,
RubyGems, Go, Swift, vcpkg, and Zig. Advisory data is unavailable for vcpkg and
Zig; dependency graph support varies by registry.
License Filtering
Code example search supports license filtering:
strictis the default and filters repositories with copyleft or undeclared licensescustomuses your account blocklist configured at githits.comyolodisables license filtering
npx githits@latest example "async file reading" --lang python --license strict
Authentication
Normal local setup is handled by:
npx githits@latest init
For manual login:
npx githits@latest login
Browser OAuth is recommended for local development. Credentials are stored in
the system keychain by default and refreshed automatically. Useful flags:
--no-browserprints a login URL for SSH, containers, or headless sessions--forcere-authenticates even if you are already logged in--port <port>uses a specific local callback port
For CI or non-interactive environments, use an API token:
export GITHITS_API_TOKEN=ghi-your-token-here
Inspect auth and runtime state with:
npx githits@latest auth status
npx githits@latest doctor
See the authentication docs for
keychain behavior, file storage mode, CI setup, and troubleshooting.
Manual MCP Setup
If your coding tool is not auto-configured by init, add GitHits to its MCP
configuration manually:
{
"mcpServers": {
"githits": {
"command": "npx",
"args": ["-y", "githits@latest", "mcp", "start"]
}
}
}
Your tool runs this command over stdio. No background daemon or global install
is required.
To remove configuration written by init:
npx githits@latest init uninstall
This removes GitHits MCP configuration and preserves stored credentials. Runnpx githits@latest logout separately to remove credentials.
Project Setup
For project-local MCP config, run:
npx githits@latest init --project
Project setup is available only for tools with verified project-local MCP
support. Project config contains no secrets, but it may be committed like other
tooling configuration, so review generated files before adding them to source
control.
Agent-safe non-interactive setup uses staged discovery and explicit install:
npx githits@latest init --detect-agents --json
npx githits@latest init --install-agents cursor,codex
Plugin and Extension Packaging
The npm package also includes the existing plugin and extension assets used by
compatible hosts:
.plugin/plugin.json.claude-plugin/plugin.json.claude-plugin/marketplace.json.mcp.jsongemini-extension.jsonGEMINI.mdplugins/claude/skills/commands/
For Claude Code marketplace installs:
claude plugin marketplace add githits-com/githits-cli
claude plugin install githits@githits-plugins
For Gemini CLI extension installs:
gemini extensions install https://github.com/githits-com/githits-cli
Command Reference
githits init Connect GitHits to your coding agents
githits init uninstall Remove GitHits MCP configuration
githits login Sign in to your GitHits account
githits logout Remove stored credentials
githits mcp Show setup instructions or start the local MCP server
githits mcp start Always start the local MCP server over stdio
githits example Find real-world implementations from open source
githits languages List or filter supported programming languages
githits feedback Submit feedback about GitHits results
githits doctor Diagnose configuration and auth state
githits search Explore repository code, dependencies, docs, and symbols
githits search-status Check the status of a previous indexed search
githits code List, read, and grep indexed dependency source
githits pkg Inspect package metadata, vulnerabilities, deps, and changelogs
githits docs Browse and read package documentation
githits auth Manage authentication
githits auth status Show authentication status
Full CLI reference: https://docs.githits.com/cli/commands
Environment Variables
Most users do not need environment variables. These are the common overrides for
CI, auth storage, and local diagnostics:
| Variable | Purpose | Default |
|---|---|---|
GITHITS_API_TOKEN |
API token for authentication | unset |
GITHITS_AUTH_STORAGE |
Override OAuth storage mode: keychain or file |
keychain |
GITHITS_DISABLE_UPDATE_CHECK |
Disable npm latest-version update notices | unset |
GITHITS_TELEMETRY |
Emit local timing diagnostics to stderr | unset |
Full reference: https://docs.githits.com/cli/environment-variables
Source Layout
This repository contains the GitHits CLI and reusable MCP package:
src/- CLI commands, local auth, setup flows, and local MCP stdio startuppackages/mcp/- public@githits/mcppackage for transport-neutral MCP
server APIs, tool registration, instructions, and smoke-test helperspackages/core-internal/- shared workspace implementation used by the CLI
and MCP packagedocs/- implementation notes and contributor guidelinesscripts/- package validation, smoke tests, and development utilities
Development
Requirements:
- Node.js
^20.12.0 || >=22.13.0 - Bun
Common commands:
bun install
bun run dev --help
bun test
bun run typecheck
bun run build
When changing MCP tools, CLI commands, shared formatters, auth/error envelopes,
or MCP/CLI parity behavior, also run the relevant smoke suites:
bun run smoke:mcp
bun run smoke:cli
When changing MCP instructions, tool descriptions, or agent-facing behavior,
use the targeted agent evals described in eval/agentic/README.md:
bun run agent:e2e
License
Apache-2.0
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found