opensrc

Automatically resolves package names across npm, PyPI, and Crates.io registries by querying their respective APIs (registry.npmjs.org, pypi.org, crates.io) to discover the authoritative Git repository URL for a given package and version. Uses registry-specific parsing logic to extract repository metadata from package manifests, handling version pinning and tag/commit matching to ensure the cloned source corresponds exactly to the installed dependency version.

Clones Git repositories (from GitHub, GitLab, or direct URLs) and checks out the specific Git tag or commit corresponding to the installed package version. Uses simple-git library for Git operations and implements a version-to-tag resolution strategy that handles semantic versioning, pre-release tags, and commit hashes. Stores cloned repositories in a local opensrc/ directory structure with metadata tracking to enable incremental updates and deduplication.

Queries the PyPI registry (pypi.org) to resolve Python package names to Git repository URLs and match installed versions to Git tags. Parses package metadata from PyPI's JSON API to extract the Home-page or Project-URL fields, handles version specifiers, and resolves them to specific Git commits. Supports the pypi: prefix syntax to distinguish Python packages from npm packages in the CLI.

Queries the Crates.io registry to resolve Rust crate names to Git repository URLs and match installed versions to Git tags. Parses crate metadata from Crates.io's API to extract the repository field, handles semantic versioning, and resolves versions to specific Git commits. Supports the crates: prefix syntax to distinguish Rust crates from npm packages in the CLI.

Accepts direct Git repository URLs (https://github.com/user/repo or git+ssh://git@github.com/user/repo) as package specifiers, bypassing registry lookup. Allows developers to fetch source code from arbitrary Git repositories and pin specific versions via Git tags or commit hashes. Useful for private repositories, forks, or packages not published to standard registries.

Supports shorthand syntax for GitHub and GitLab repositories (e.g., 'facebook/react', 'github:vercel/next.js', 'gitlab:gitlab-org/gitlab') that automatically constructs the full Git URL and resolves to the appropriate Git host API. Handles GitHub and GitLab API queries to discover repository metadata and version tags without requiring full HTTPS URLs. Supports both public and private repositories with appropriate authentication.

Automatically generates and updates an AGENTS.md file in the project root that documents all fetched source code locations, versions, and directory structures. This metadata file is designed to be consumed by AI coding agents (like Claude, GPT-4, or custom LLM-based tools) to understand what source code is available locally and how to reference it in prompts. The file is updated incrementally as packages are fetched or removed, maintaining a single source of truth for agent context.

Implements a fetch command that intelligently manages local source code by detecting previously cloned packages, comparing installed versions against cached metadata, and only cloning new or updated packages. Uses a metadata index (stored as JSON in opensrc/.opensrc.json or similar) to track package names, versions, clone timestamps, and repository URLs. Supports batch fetching of multiple packages in a single command with progress reporting and error handling for failed clones.

Provides remove and clean commands that delete cloned source code from the opensrc/ directory and synchronize the metadata index. The remove command deletes specific packages by name, while the clean command removes all fetched source code and resets the metadata index. Both commands update AGENTS.md to reflect removed packages, ensuring the agent context file stays in sync with actual available source code.

Implements a list command that displays all currently fetched packages with their versions, repository URLs, clone timestamps, and local directory paths. Reads the metadata index to provide a structured view of available source code without scanning the filesystem. Supports filtering and formatting options to help developers understand what's available and when it was last updated.

Integrates with project TypeScript configuration (tsconfig.json) to optionally index fetched source code paths and make them resolvable by TypeScript compiler and IDEs. Manages path mappings or baseUrl settings to enable developers and AI agents to import from fetched source code using standard module resolution, rather than relative paths to opensrc/ directories. Handles tsconfig.json parsing, modification, and restoration to avoid conflicts with existing configurations.

Automatically manages .gitignore entries to exclude the opensrc/ directory and its contents from version control. Detects existing .gitignore files, appends opensrc/ entry if not already present, and handles edge cases like missing .gitignore files or existing opensrc entries. Ensures that fetched source code is not committed to the repository, reducing repository size and avoiding merge conflicts when dependencies are updated.

Provides a CLI built with Commander.js that exposes four primary commands (fetch, list, remove, clean) with argument parsing, option flags, and help documentation. Handles command dispatch, error handling, and user feedback through console output. Supports both global installation (npm install -g opensrc) and npx usage without installation, making the tool accessible to developers without setup overhead.

Queries the npm registry (registry.npmjs.org) to resolve package names to Git repository URLs and match installed versions to Git tags. Parses package.json metadata from the registry to extract the repository field, handles version specifiers (exact versions, ranges, pre-releases), and resolves them to specific Git tags or commit hashes. Supports both public npm packages and scoped packages (@org/package), with fallback logic for packages with non-standard repository metadata.