GitHits, explained

GitHits uses GitHub authentication to power code example search and metadata lookups. Example search runs against public open-source repositories using your GitHub access. GitHits does not index, search, or access your private repositories, and connecting GitHub does not give GitHits access to private code.

GitHits is useful when your coding agent needs context that it cannot get from your local codebase. That might be finding a current API implementation, researching an integration, understanding a dependency, investigating an error, or planning a change. It gives agents access to real implementations from open source through get_example, plus version-aware code, docs, and package navigation through tools like search, code_read, code_grep, pkg_info, and pkg_vulns.

To get started, run npx githits init. GitHits detects your coding tool, signs you in, and configures the MCP server automatically.

Agents use GitHits when they need information that isn't available in your local codebase. Common cases include researching an integration, understanding dependency internals, investigating version-specific behavior, or finding how similar problems are solved in open-source code. Some coding tools invoke GitHits automatically when needed, while others may require an explicit instruction.

GitHits builds an index of open-source code, whether it comes from a package dependency or a standalone repository. For each repository, we fetch a specific commit and extract files, symbols, imports, call relationships, and documentation into a code graph.

This lets agents do more than keyword search. They can search symbols, grep code, read exact files, trace how code is used, inspect dependencies, and check package metadata, all against the version or commit they're actually working with. The index is pinned to immutable commits and updates as repositories and packages change.

For a pinned version, yes. A package version like 0.2.5 or a specific commit always maps to the same source code, so the indexed content is stable and reproducible. Query it today or six months from now and you'll get results from the same code.

We may re-index that source to improve our parsing and code graph, but the underlying code never changes. Moving references, such as branches or HEAD, are different: they intentionally track the latest commit and will update as the repository changes.

We work to minimize that risk. GitHits retrieves code and examples from real open-source repositories, but it does not modify your code or inject anything into your project.

GitHits includes guardrails designed to reduce prompt injection and other malicious content risks in both our search infrastructure and MCP tools. Because agents retrieve structured code, documentation, and source references rather than browsing arbitrary web pages, GitHits generally provides a more controlled source of context than web search.

As with any third-party source, developers remain responsible for reviewing generated code before shipping it.

GitHits uses a process similar to how an experienced developer researches a problem. It starts by identifying potentially relevant repositories, then looks at signals such as project activity, adoption, maintenance, ownership, licensing, and repository health. From there, it analyzes the actual code, documentation, issues, discussions, and pull requests to determine which sources are most relevant to the task.

The goal is not to find the most popular repository, but the sources most likely to contain useful implementation patterns for the specific problem being solved. License filtering is applied before source selection, and all results include links back to their sources.

No. GitHits does not use customer code, prompts, outputs, or personal data to train foundational AI models. Customer data is processed only to provide the service and remains governed by our Privacy Policy and Data Processing Agreement.

No. GitHits does not access, index, or store your private source code.

GitHits is designed to complement coding agents that already have access to your local codebase. While those tools can inspect your application's code, they typically cannot see the open-source repositories, dependency source code, documentation, discussions, and package internals your application depends on. GitHits provides that external context without requiring access to your private repositories.

GitHits can be configured to exclude repositories with specific licenses. By default, example generation runs in strict mode, which excludes repositories with copyleft licenses and repositories that do not declare a license. If you prefer broader coverage, you can relax these restrictions or disable license filtering entirely.

GitHits also exposes license information through its package inspection tools, allowing agents to inspect licenses before recommending or using a dependency.