End the retry loops caused by hallucinated APIs, stale dependencies, guessed SDK integrations, wasted tokens, broken flow, black-box packages, and derailed agents

GitHits is a version-aware index and context layer for public open-source code and packages. It exposes tools agents use to search source code, read package docs, inspect metadata, check vulnerabilities, review changelogs, compare upgrades, and find examples.

Real casesReal agent replays

TanStack Query persisted checkout outbox

model Codex GPT-5.5
$

Fix this TypeScript React fixture so `npm test` and `npm run typecheck` succeed, preserving queued checkout writes across app reloads.

Without GitHits

Costly
tokens
0
time
0s / 126s
  1. Ready. Click "Watch Replay" to start.

With GitHits

Efficient
tokens
0
time
0s / 79s
  1. Ready. Click "Watch Replay" to start.
CodexClaudeCursorVS CodeCopilotClineWindsurfOpenCodeAntigravityPiHermes

Keep your agent.
Just add GitHits.

Open App or run
npx githits@latest init
The Problem When context is missing, agents get stuck guessing The Cost You're Paying

The Problem

The cost of missing context

Your agent can only see part of the system

An eclipse-like illustration suggesting partial visibility of the system.

AI coding agents can read your local repository.

Modern software depends on far more than that.

Under every application sits an open-source stack made of frameworks, SDKs, APIs, infrastructure tooling, dependency internals, and version-specific behavior spread across thousands of repositories.

That’s where agents lose visibility.

Agents loop instead of converging

A fragmented torus shape representing an unresolved retry loop.

When an agent encounters undocumented behavior, dependency edge cases, or unfamiliar integrations, it keeps generating variations instead of grounding itself in working implementations.

It retries. It rewrites. It improvises. The output changes. The uncertainty remains.

What looks like progress is often just activity hiding missing context.

Agents produce fragile systems

A grid pattern fraying at the edges, evoking fragile abstractions.

AI coding agents can generate code that appears correct while missing the implementation patterns real systems actually depend on.

Without grounded operational context, integrations become brittle, abstractions drift from ecosystem conventions, and edge cases surface later under real production pressure.

The code compiles. The system still fails.

Missing context becomes token burn

A wireframe illustration of a recursive sink — irregular outline with glowing nodes spiraling inward, evoking an agent stuck in retry loops.

Modern coding agents don’t fail instantly.

They retry, explore alternatives, spawn sub-agents, and keep searching for a path that still fails to converge.

Without grounded context, output tokens get spent generating variations instead of reaching working solutions.

  • More retries.
  • More patching.
  • More investigation.
  • Less actual progress.
  • The output keeps changing.
  • The loop keeps burning tokens.
Guess > run > error > retry > burn
The Solution Version-aware context from indexed code, docs, packages, security, changelogs, and examples Ground Your Agent

The Solution

Your agent can read your repo. GitHits lets it inspect the rest of the stack.

GitHits is a version-aware index and context layer for public open-source code and packages.

AI coding agents use its tools to search source code, read package docs, inspect package metadata and dependency graphs, check vulnerabilities, review changelogs, compare upgrades, and find real implementation examples.

The result is less retry churn, better ecosystem fit, and a shorter path from uncertainty to a working implementation.

AI agents / tools

  • Codex
  • Claude
  • Cursor
  • VS Code
  • Copilot
  • Cline
  • Windsurf
  • OpenCode
  • Antigravity
  • Pi
  • Hermes

Version-aware retrieval & navigation for AI coding agents

  • Code Navigation

    Search, grep, list files, and read exact line ranges across packages and repos.

  • Documentation Access

    Hosted docs and repo-backed documentation.

  • Package Inspection

    Dependencies, versions, vulnerabilities, changelogs, and upgrade changes.

  • Dependency Graph

    Relationships and transitive dependencies across packages and versions.

  • Examples

    Prior art and implementation patterns from repos, issues, discussions, and PRs.

GitHits Index (version-aware)
  • Code

    Files, symbols, AST, imports, exports

  • Versions

    Version history and changes

  • Docs

    Markdown, MDX, HTML

  • Graph

    Dependencies, relations, metadata

  • Security

    Vulnerabilities, CVEs, advisories

  • Changes

    Changelogs, release notes, diffs

Supported sources & registries

  • GitHub
  • Docs Sites
  • npm
  • PyPI
  • Hex.pm
  • crates.io
  • vcpkg
  • Zig
  • NuGet
  • Maven Central
  • Packagist
  • RubyGems
  • Go
  • Swift
Search the index > inspect context > make the change
Why GitHits GitHits has built a version-aware code example engine that allows AI coding agents and developers to inspect real implementations, navigate dependency source code, analyze package information, and retrieve repository context. — Jesse Landry , Senior Consultant at Vention · Founder & CEO of DevCuration Why It Works

Why GitHits

Why version-aware context matters

GitHits is a version-aware index and context layer for public open-source code and packages. It exposes tools agents use to search source code, read package docs, inspect metadata, check vulnerabilities, review changelogs, compare upgrades, and find examples.

That matters because AI coding agents can inspect your local repo, but the open-source stack underneath usually sits outside their working context. Frameworks, SDKs, APIs, infrastructure tooling, dependency internals, and version-specific behavior are spread across public repositories and package ecosystems.

GitHits gives agents access to that material before they change code: version-aware code and docs for targeted packages and repositories, package metadata and security data, changelog and upgrade evidence, dependency graphs, and prior-art examples sourced from public open source.

Without GitHits

Agents guess how open-source dependencies work.

AI coding agents can inspect your local repo, but dependency source code, docs, and package metadata stay out of reach. They hallucinate APIs, misuse libraries, and introduce bugs developers have to find and fix.

30% of the stack is visible

With GitHits

Agents can inspect how open-source code works.

GitHits gives agents a version-aware context layer for indexed code, docs, package metadata, vulnerabilities, changelogs, dependency graphs, upgrade evidence, and prior-art examples.

100% of the stack is covered

Developers love GitHits

The Builders Meet the Team

The Builders

The story behind GitHits

I’m sharing how I got the idea for GitHits, why we decided to build it, and who it is for.

The GitHits origin story: where the idea came from

When documentation didn’t explain something clearly, I had a simple fallback: search GitHub.

If a problem has been solved before, there is usually code somewhere showing how it works. Finding the right example still requires digging through files, issues, and discussions.

One day, Softlandia’s co-founder Mikko asked in Slack:

Who can find the definition for TranscribeDefinition?

He was building a transcription pipeline using Azure’s Speech SDK and couldn’t figure out how to initialize the object.

The official documentation didn’t show it yet, but the definition was already present in Microsoft’s GitHub repository inside documentation files prepared for a future release.

After finding it, I wrote in Slack:

GitHub search solves a surprising number of problems if the project is open source.

Then I added:

You could probably build a coding assistant that answers questions by searching GitHub with some heuristics.

That message started a discussion inside Softlandia Venture Studio, and we decided to explore the idea. Jaakko also managed to buy githits.com for $9.

Why we built GitHits

Much of the practical knowledge about how libraries are used already exists in open-source repositories.

Across millions of repositories and packages, developers have already solved integration problems, handled edge cases, written docs, shipped releases, exposed vulnerabilities, and recorded how libraries behave in practice. The difficulty is getting the right context for the package version or repository ref your agent is working with.

Documentation is often incomplete. Raw search is noisy. Without the right context, AI coding agents generate plausible-sounding answers that fail on unfamiliar libraries, long-tail edge cases, dependency internals, and version-specific behavior.

Developers usually resolve these situations by inspecting source, reading docs, checking package metadata, reviewing changelogs, and looking at how other projects solved similar problems. We believe AI coding agents should be able to do the same.

GitHits has grown from that original GitHub-search habit into a version-aware index and context layer for public open-source code and packages. The index powers agent-facing tools for code navigation, documentation access, package inspection, dependency graphs, vulnerability checks, changelogs, upgrade evidence, and code examples for prior art.

How GitHits gives agents context

GitHits indexes public open-source code and packages into version-aware context that agents can query from their coding tools.

Instead of making the agent browse from scratch, GitHits exposes focused tools. Agents can search indexed code and docs, read exact source files, grep a dependency, browse package documentation, inspect package metadata, check vulnerabilities, review changelogs, compare upgrades, and use code examples when they need prior art from real projects.

This gives developers and AI coding agents a concrete path from uncertainty to evidence before they change code.

Who it helps

Developers using AI coding tools

Engineers working with tools such as Claude Code, Cursor, or Copilot who encounter problems that models cannot resolve.

Helping Claude Code find undocumented C++ APIs directly from the code.

— Onni Hakala, GitHits user

Developers working on ecosystems where AI is less reliable

Engineers building in languages like Go, Rust, Kotlin, or C++, where documentation is thinner and training-data coverage is weaker.

I swapped my ritual of 20 browser tabs and stale Stack Overflow answers for a tool that actually understands what I’m trying to do.

— Atharv Singh, GitHits user

Meet the GitHits team

  • Portrait of Olli-Pekka Heinisuo

    Olli-Pekka Heinisuo

    Co-founder, CTO

    I created the opencv-python package. It has over 1B downloads. I wanted to keep contributing to the open source ecosystem. Now I'm building GitHits search agents and the reasoning layer.

  • Portrait of Juha Litola

    Juha Litola

    Co-founder, Chief Architect

    I thought I was done with startups, but I realized the AI coding revolution is just too big an opportunity to miss. I'm responsible for building the code indexing and intelligence engine that understands dependencies.

  • Portrait of Nathan Burg

    Nathan Burg

    Co-founder, CPO

    I was one of the first people to test Olli-Pekka's first prototype. I tried something hard: writing a CUDA kernel. Every other AI tool produced code that wouldn't compile. GitHits passed my tests on the first try. I wanted to join the team.

  • Portrait of Jaakko "Jack" Timonen

    Jaakko "Jack" Timonen

    Co-founder, CEO

    After my first startup, I was on the hunt to find an idea I'd be excited about. When Olli-Pekka pitched “a coding problem solver using GitHub search with smart heuristics”, I was immediately hooked.

  • Portrait of Eze Jaime

    Eze Jaime

    Founding Designer

    20+ years shipping digital products across retail, fintech, and entertainment, used by millions. Joined GitHits after experiencing the frustration of AI giving answers that look right but don't actually work. Now I'm fixing that through design.

  • Portrait of Tayyab Rasheed

    Tayyab Rasheed

    GTM Engineer

    Built AI/LLM automation across multiple production systems — OpenAI, Gemini, Vertex. Awarded for rapid technical growth, strong ownership of complex systems, and continuous skills improvement at Mavric. Now building the GitHits GTM engine.

Get Started

Try it in your agent(s) and kill the retry loops

Start for Free

or just run:

npx githits@latest init
Learn what happens when you run this
The Blog Notes on agents, context, and the version-aware index behind GitHits. Explore Articles

The Blog

Recent articles

View all posts
FAQ Answers about GitHits and agent workflows See Answers

FAQ

GitHits, explained

Why do I need to sign up with GitHub, and does signing up give GitHits access to my private repos?

GitHits uses GitHub authentication for account sign-in and public-source context features. GitHits does not index, search, or access your private repositories, and connecting GitHub does not give GitHits access to private code.

What is GitHits for, and how do I get started?

GitHits is a version-aware index and context layer for public open-source code and packages. The index powers tools for work that depends on code outside your local repo: understanding a dependency, reading docs, investigating an error, checking vulnerabilities, reviewing a changelog, planning an upgrade, or finding prior art.

Agents use tools such as search, code_read, code_grep, docs_read, pkg_info, pkg_vulns, pkg_deps, pkg_changelog, pkg_upgrade_review, and get_example depending on the task.

To get started, run npx githits@latest init. GitHits detects your coding tool, signs you in, and configures the MCP server automatically.

How does my agent know when to use GitHits?

Agents use GitHits when they need information that isn't available in your local codebase. Common cases include researching an integration, understanding dependency internals, investigating version-specific behavior, or finding how similar problems are solved in open-source code. Some coding tools invoke GitHits automatically when needed, while others may require an explicit instruction.

How does your index work?

GitHits builds a version-aware index of public open-source code and packages. For each repository or package version, we fetch a specific commit and extract files, symbols, imports, call relationships, and documentation into a code graph.

This lets agents do more than keyword search. They can search symbols, grep code, read exact files, inspect dependencies, browse docs, check package metadata, review vulnerabilities, and read changelogs against the version or commit they're actually working with.

The index is pinned to immutable commits for fixed versions and updates as repositories and packages change.

Is your index static?

For a pinned version, yes. A package version like 0.2.5 or a specific commit always maps to the same source code, so the indexed content is stable and reproducible. Query it today or six months from now and you'll get results from the same code.

We may re-index that source to improve our parsing and code graph, but the underlying code never changes. Moving references, such as branches or HEAD, are different: they intentionally track the latest commit and will update as the repository changes.

Can GitHits give my agent dangerous context?

We work to minimize that risk. GitHits retrieves indexed code, docs, package facts, vulnerability data, changelogs, and examples from public open-source sources, but it does not modify your code or inject anything into your project.

GitHits includes guardrails designed to reduce prompt injection and other malicious content risks in both our search infrastructure and MCP tools. Because agents retrieve structured code, documentation, package metadata, and citations rather than browsing arbitrary web pages, GitHits generally provides a more controlled source of context than web search.

As with any third-party source, developers remain responsible for reviewing generated code before shipping it.

How does GitHits decide which sources to use?

For Code Navigation, Documentation Access, and Package Inspection, your agent usually targets a specific package, version, repository, or ref. GitHits resolves that target into indexed code, docs, metadata, vulnerabilities, changelogs, and dependency information.

For code examples, GitHits uses a process similar to how an experienced developer researches prior art. It looks at signals such as project activity, adoption, maintenance, ownership, licensing, and repository health, then analyzes code, documentation, issues, discussions, and pull requests for relevant implementation patterns.

The goal is not to find the most popular repository, but the source context most likely to help the agent solve the current problem. License filtering is applied before code example source selection, and results include links back to their sources.

Does GitHits train on my code, prompts, or outputs?

No. GitHits does not use customer code, prompts, outputs, or personal data to train foundational AI models. Customer data is processed only to provide the service and remains governed by our Privacy Policy and Data Processing Agreement.

Does GitHits access or store my repository code?

No. GitHits does not access, index, or store your private source code.

GitHits is designed to complement coding agents that already have access to your local codebase. While those tools can inspect your application's code, they typically cannot see the public open-source repositories, dependency source code, documentation, discussions, package metadata, vulnerabilities, and changelogs your application depends on. GitHits provides that external context without requiring access to your private repositories.

How does GitHits handle open-source licenses?

You can configure code examples to exclude repositories with specific licenses. By default, example generation runs in strict mode, which excludes repositories with copyleft licenses and repositories that do not declare a license. If you prefer broader coverage, you can relax these restrictions or disable license filtering entirely.

Package Inspection also exposes license information, allowing agents to inspect licenses before recommending or using a dependency.

0:00 0:00

GitHits index

Version-aware index for public open-source code and packages

GitHits gives coding agents a context layer for indexed code, package docs, package metadata, vulnerabilities, changelogs, dependency graphs, upgrade evidence, and real implementation examples.

The Problem

The cost of missing context

AI coding agents read your local repo, but the open-source stack underneath stays invisible. Retries, fragility, and token burn follow.

Your agent can only see part of the system

An eclipse-like illustration suggesting partial visibility of the system.

AI coding agents can read your local repository.

Modern software depends on far more than that.

Under every application sits an open-source stack made of frameworks, SDKs, APIs, infrastructure tooling, dependency internals, and version-specific behavior spread across thousands of repositories.

That’s where agents lose visibility.

Agents loop instead of converging

A fragmented torus shape representing an unresolved retry loop.

When an agent encounters undocumented behavior, dependency edge cases, or unfamiliar integrations, it keeps generating variations instead of grounding itself in working implementations.

It retries. It rewrites. It improvises. The output changes. The uncertainty remains.

What looks like progress is often just activity hiding missing context.

Agents produce fragile systems

A grid pattern fraying at the edges, evoking fragile abstractions.

AI coding agents can generate code that appears correct while missing the implementation patterns real systems actually depend on.

Without grounded operational context, integrations become brittle, abstractions drift from ecosystem conventions, and edge cases surface later under real production pressure.

The code compiles. The system still fails.

Missing context becomes token burn

A wireframe illustration of a recursive sink — irregular outline with glowing nodes spiraling inward, evoking an agent stuck in retry loops.

Modern coding agents don’t fail instantly.

They retry, explore alternatives, spawn sub-agents, and keep searching for a path that still fails to converge.

Without grounded context, output tokens get spent generating variations instead of reaching working solutions.

  • More retries.
  • More patching.
  • More investigation.
  • Less actual progress.
  • The output keeps changing.
  • The loop keeps burning tokens.

Guess > run > error > retry > burn

The Solution

Your agent can read your repo. GitHits lets it inspect the rest of the stack.

A version-aware index and context layer for public open-source code, package docs, metadata, vulnerabilities, changelogs, upgrade evidence, and examples.

GitHits is a version-aware index and context layer for public open-source code and packages.

AI coding agents use its tools to search source code, read package docs, inspect package metadata and dependency graphs, check vulnerabilities, review changelogs, compare upgrades, and find real implementation examples.

The result is less retry churn, better ecosystem fit, and a shorter path from uncertainty to a working implementation.

AI agents / tools

  • Codex
  • Claude
  • Cursor
  • VS Code
  • Copilot
  • Cline
  • Windsurf
  • OpenCode
  • Antigravity
  • Pi
  • Hermes

Version-aware retrieval & navigation for AI coding agents

  • Code Navigation

    Search, grep, list files, and read exact line ranges across packages and repos.

  • Documentation Access

    Hosted docs and repo-backed documentation.

  • Package Inspection

    Dependencies, versions, vulnerabilities, changelogs, and upgrade changes.

  • Dependency Graph

    Relationships and transitive dependencies across packages and versions.

  • Examples

    Prior art and implementation patterns from repos, issues, discussions, and PRs.

GitHits Index (version-aware)
  • Code

    Files, symbols, AST, imports, exports

  • Versions

    Version history and changes

  • Docs

    Markdown, MDX, HTML

  • Graph

    Dependencies, relations, metadata

  • Security

    Vulnerabilities, CVEs, advisories

  • Changes

    Changelogs, release notes, diffs

Supported sources & registries

  • GitHub
  • Docs Sites
  • npm
  • PyPI
  • Hex.pm
  • crates.io
  • vcpkg
  • Zig
  • NuGet
  • Maven Central
  • Packagist
  • RubyGems
  • Go
  • Swift

Search the index > inspect context > make the change

Why GitHits

Why version-aware context matters

GitHits gives agents tools for public source code, package docs, metadata, vulnerabilities, changelogs, upgrades, and examples.

GitHits is a version-aware index and context layer for public open-source code and packages. It exposes tools agents use to search source code, read package docs, inspect metadata, check vulnerabilities, review changelogs, compare upgrades, and find examples.

That matters because AI coding agents can inspect your local repo, but the open-source stack underneath usually sits outside their working context. Frameworks, SDKs, APIs, infrastructure tooling, dependency internals, and version-specific behavior are spread across public repositories and package ecosystems.

GitHits gives agents access to that material before they change code: version-aware code and docs for targeted packages and repositories, package metadata and security data, changelog and upgrade evidence, dependency graphs, and prior-art examples sourced from public open source.

Without GitHits

Agents guess how open-source dependencies work.

AI coding agents can inspect your local repo, but dependency source code, docs, and package metadata stay out of reach. They hallucinate APIs, misuse libraries, and introduce bugs developers have to find and fix.

30% of the stack is visible

With GitHits

Agents can inspect how open-source code works.

GitHits gives agents a version-aware context layer for indexed code, docs, package metadata, vulnerabilities, changelogs, dependency graphs, upgrade evidence, and prior-art examples.

100% of the stack is covered

Developers love GitHits

The Builders

The story behind GitHits

How GitHits grew from a GitHub-search habit into a version-aware index and context layer for coding agents.

I’m sharing how I got the idea for GitHits, why we decided to build it, and who it is for.

The GitHits origin story: where the idea came from

When documentation didn’t explain something clearly, I had a simple fallback: search GitHub.

If a problem has been solved before, there is usually code somewhere showing how it works. Finding the right example still requires digging through files, issues, and discussions.

One day, Softlandia’s co-founder Mikko asked in Slack:

Who can find the definition for TranscribeDefinition?

He was building a transcription pipeline using Azure’s Speech SDK and couldn’t figure out how to initialize the object.

The official documentation didn’t show it yet, but the definition was already present in Microsoft’s GitHub repository inside documentation files prepared for a future release.

After finding it, I wrote in Slack:

GitHub search solves a surprising number of problems if the project is open source.

Then I added:

You could probably build a coding assistant that answers questions by searching GitHub with some heuristics.

That message started a discussion inside Softlandia Venture Studio, and we decided to explore the idea. Jaakko also managed to buy githits.com for $9.

Why we built GitHits

Much of the practical knowledge about how libraries are used already exists in open-source repositories.

Across millions of repositories and packages, developers have already solved integration problems, handled edge cases, written docs, shipped releases, exposed vulnerabilities, and recorded how libraries behave in practice. The difficulty is getting the right context for the package version or repository ref your agent is working with.

Documentation is often incomplete. Raw search is noisy. Without the right context, AI coding agents generate plausible-sounding answers that fail on unfamiliar libraries, long-tail edge cases, dependency internals, and version-specific behavior.

Developers usually resolve these situations by inspecting source, reading docs, checking package metadata, reviewing changelogs, and looking at how other projects solved similar problems. We believe AI coding agents should be able to do the same.

GitHits has grown from that original GitHub-search habit into a version-aware index and context layer for public open-source code and packages. The index powers agent-facing tools for code navigation, documentation access, package inspection, dependency graphs, vulnerability checks, changelogs, upgrade evidence, and code examples for prior art.

How GitHits gives agents context

GitHits indexes public open-source code and packages into version-aware context that agents can query from their coding tools.

Instead of making the agent browse from scratch, GitHits exposes focused tools. Agents can search indexed code and docs, read exact source files, grep a dependency, browse package documentation, inspect package metadata, check vulnerabilities, review changelogs, compare upgrades, and use code examples when they need prior art from real projects.

This gives developers and AI coding agents a concrete path from uncertainty to evidence before they change code.

Who it helps

Developers using AI coding tools

Engineers working with tools such as Claude Code, Cursor, or Copilot who encounter problems that models cannot resolve.

Helping Claude Code find undocumented C++ APIs directly from the code.

— Onni Hakala, GitHits user

Developers working on ecosystems where AI is less reliable

Engineers building in languages like Go, Rust, Kotlin, or C++, where documentation is thinner and training-data coverage is weaker.

I swapped my ritual of 20 browser tabs and stale Stack Overflow answers for a tool that actually understands what I’m trying to do.

— Atharv Singh, GitHits user

Meet the GitHits team

  • Portrait of Olli-Pekka Heinisuo

    Olli-Pekka Heinisuo

    Co-founder, CTO

    I created the opencv-python package. It has over 1B downloads. I wanted to keep contributing to the open source ecosystem. Now I'm building GitHits search agents and the reasoning layer.

  • Portrait of Juha Litola

    Juha Litola

    Co-founder, Chief Architect

    I thought I was done with startups, but I realized the AI coding revolution is just too big an opportunity to miss. I'm responsible for building the code indexing and intelligence engine that understands dependencies.

  • Portrait of Nathan Burg

    Nathan Burg

    Co-founder, CPO

    I was one of the first people to test Olli-Pekka's first prototype. I tried something hard: writing a CUDA kernel. Every other AI tool produced code that wouldn't compile. GitHits passed my tests on the first try. I wanted to join the team.

  • Portrait of Jaakko "Jack" Timonen

    Jaakko "Jack" Timonen

    Co-founder, CEO

    After my first startup, I was on the hunt to find an idea I'd be excited about. When Olli-Pekka pitched “a coding problem solver using GitHub search with smart heuristics”, I was immediately hooked.

  • Portrait of Eze Jaime

    Eze Jaime

    Founding Designer

    20+ years shipping digital products across retail, fintech, and entertainment, used by millions. Joined GitHits after experiencing the frustration of AI giving answers that look right but don't actually work. Now I'm fixing that through design.

  • Portrait of Tayyab Rasheed

    Tayyab Rasheed

    GTM Engineer

    Built AI/LLM automation across multiple production systems — OpenAI, Gemini, Vertex. Awarded for rapid technical growth, strong ownership of complex systems, and continuous skills improvement at Mavric. Now building the GitHits GTM engine.

FAQ

GitHits, explained

Answers about who GitHits is for, how it works alongside your agent, supported stacks, license handling, and how to get access.

Why do I need to sign up with GitHub, and does signing up give GitHits access to my private repos?

GitHits uses GitHub authentication for account sign-in and public-source context features. GitHits does not index, search, or access your private repositories, and connecting GitHub does not give GitHits access to private code.

What is GitHits for, and how do I get started?

GitHits is a version-aware index and context layer for public open-source code and packages. The index powers tools for work that depends on code outside your local repo: understanding a dependency, reading docs, investigating an error, checking vulnerabilities, reviewing a changelog, planning an upgrade, or finding prior art.

Agents use tools such as search, code_read, code_grep, docs_read, pkg_info, pkg_vulns, pkg_deps, pkg_changelog, pkg_upgrade_review, and get_example depending on the task.

To get started, run npx githits@latest init. GitHits detects your coding tool, signs you in, and configures the MCP server automatically.

How does my agent know when to use GitHits?

Agents use GitHits when they need information that isn't available in your local codebase. Common cases include researching an integration, understanding dependency internals, investigating version-specific behavior, or finding how similar problems are solved in open-source code. Some coding tools invoke GitHits automatically when needed, while others may require an explicit instruction.

How does your index work?

GitHits builds a version-aware index of public open-source code and packages. For each repository or package version, we fetch a specific commit and extract files, symbols, imports, call relationships, and documentation into a code graph.

This lets agents do more than keyword search. They can search symbols, grep code, read exact files, inspect dependencies, browse docs, check package metadata, review vulnerabilities, and read changelogs against the version or commit they're actually working with.

The index is pinned to immutable commits for fixed versions and updates as repositories and packages change.

Is your index static?

For a pinned version, yes. A package version like 0.2.5 or a specific commit always maps to the same source code, so the indexed content is stable and reproducible. Query it today or six months from now and you'll get results from the same code.

We may re-index that source to improve our parsing and code graph, but the underlying code never changes. Moving references, such as branches or HEAD, are different: they intentionally track the latest commit and will update as the repository changes.

Can GitHits give my agent dangerous context?

We work to minimize that risk. GitHits retrieves indexed code, docs, package facts, vulnerability data, changelogs, and examples from public open-source sources, but it does not modify your code or inject anything into your project.

GitHits includes guardrails designed to reduce prompt injection and other malicious content risks in both our search infrastructure and MCP tools. Because agents retrieve structured code, documentation, package metadata, and citations rather than browsing arbitrary web pages, GitHits generally provides a more controlled source of context than web search.

As with any third-party source, developers remain responsible for reviewing generated code before shipping it.

How does GitHits decide which sources to use?

For Code Navigation, Documentation Access, and Package Inspection, your agent usually targets a specific package, version, repository, or ref. GitHits resolves that target into indexed code, docs, metadata, vulnerabilities, changelogs, and dependency information.

For code examples, GitHits uses a process similar to how an experienced developer researches prior art. It looks at signals such as project activity, adoption, maintenance, ownership, licensing, and repository health, then analyzes code, documentation, issues, discussions, and pull requests for relevant implementation patterns.

The goal is not to find the most popular repository, but the source context most likely to help the agent solve the current problem. License filtering is applied before code example source selection, and results include links back to their sources.

Does GitHits train on my code, prompts, or outputs?

No. GitHits does not use customer code, prompts, outputs, or personal data to train foundational AI models. Customer data is processed only to provide the service and remains governed by our Privacy Policy and Data Processing Agreement.

Does GitHits access or store my repository code?

No. GitHits does not access, index, or store your private source code.

GitHits is designed to complement coding agents that already have access to your local codebase. While those tools can inspect your application's code, they typically cannot see the public open-source repositories, dependency source code, documentation, discussions, package metadata, vulnerabilities, and changelogs your application depends on. GitHits provides that external context without requiring access to your private repositories.

How does GitHits handle open-source licenses?

You can configure code examples to exclude repositories with specific licenses. By default, example generation runs in strict mode, which excludes repositories with copyleft licenses and repositories that do not declare a license. If you prefer broader coverage, you can relax these restrictions or disable license filtering entirely.

Package Inspection also exposes license information, allowing agents to inspect licenses before recommending or using a dependency.

The Blog

Recent articles

Recent notes on agents, context, and how we build GitHits.

View all posts