GitHub - sleuth-io/sx: sx is a package manager for AI coding assistants

sx is your team's private npm for AI assets - skills, MCP configs, commands, and more.Capture what your best AI users have learned and spread it to everyone automatically.

⭐ Star this repo · 🌐 Website · 📋 Changelog · 📄 License

Why sx? Your best developers have figured out how to make AI assistants incredibly productive - custom skills, MCP configs, slash commands, proven patterns. But that knowledge is stuck on their machines. Current workarounds don't scale:

Copy into each repo - Duplication nightmare, no central updates, version drift Global config - Bloats context for projects/tasks that don't need those skills Client plugins - Manually install each one, locked to one AI client, no bundling

sx solves this by:

Sharing expertise - Turn individual discoveries into team assets Instant onboarding - New devs inherit the team's AI playbook on day one Central updates - Change once in your vault, everyone gets the update Scoped installation - Right assets for each org, team, bot, repo or person, no context bloat Works with any AI client - Claude Code, Cursor, GitHub Copilot, Gemini, Kiro, and more, plus claude.ai and chatgpt.com via the cloud relay

Quickstart Install via Homebrew (macOS/Linux): brew tap sleuth-io/tap brew install sx Or via shell script: curl -fsSL https://raw.githubusercontent.com/sleuth-io/sx/main/install.sh | bash Then # Initialize sx init

# Add an asset from your vault sx add /path/to/my-skill

# Install assets to your current project sx install Multiple vaults? Use profiles to switch between them: sx profile add work # Add a new profile sx profile use work # Switch to it sx profile list # See all profiles Install targets — pick who sees which asset: sx install my-skill --org # everyone in the vault sx install my-skill --repo github.com/acme/infra # only inside that repo sx install my-skill --path github.com/acme/infra#docs/ # one path in a repo sx install my-skill --team platform # every member of a team sx install my-skill

--user alice@acme.com # a single user (must be the caller) sx install my-skill --bot python-backend # a bot identity (CI runner, agent)

Scope Who gets it

--org Everyone — the default if no flag is set

--repo / --path Callers working inside the named repo or subpath

--team Team members; admin-gated

--user A single human, must match caller's git identity

--bot A bot identity, resolved when SX_BOT=<name> is set

See docs/scoping.md for the full overview and links to a per-scope doc for each install target. Preview — see what sx install would resolve for you, the pip freeze analogue, without downloading or writing anything: sx install --dry-run Use your vault from claude.ai or chatgpt.com — expose it as an MCP endpoint via the skills.new relay: sx cloud connect # opens skills.new, paste back the attach line sx cloud serve # keep this running — Ctrl+C exits sx cloud status # prints the MCP URL to paste into claude.ai / chatgpt.com The relay forwards requests over a WebSocket your machine opens — vault content stays local. See docs/cloud-relay.md. Usage analytics & audit: sx stats # adoption dashboard sx stats --since 7d --json # machine-readable sx audit # recent team/install mutations sx audit --actor alice@acme.com --since 30d --event install.set Already using Claude Code? If you've built up skills, plugins, or MCP configs in your .claude directory, sx helps you version, sync across machines, and share with teammates. # Add your existing skills/commands (sx auto-detects the type) sx add ~/.claude/commands/my-command sx add ~/.claude/skills/my-skill sx add code-review@claude-plugins-official Your prompt files stay exactly as they are - sx just wraps them with metadata for versioning.

What can you build and share?

Skills - Custom prompts and behaviors for specific tasks Rules - Coding standards and guidelines that apply to specific file types or paths Agents - Autonomous AI agents with specific goals Commands - Slash commands for quick actions Hooks - Automation triggers for lifecycle events MCP Servers (experimental) - Model Context Protocol (MCP) servers for external integrations Plugins - Claude Code plugin bundles with commands, skills, and more

skills.sh support sx integrates with skills.sh, a community directory of 85k+ agent skills. sx add anthropics/skills/frontend-design # Add a specific skill sx add vercel-labs/agent-skills # Browse skills in a repo sx add --browse # Search and browse the full directory Distribution models Choose the right distribution model for your team: Local (Personal) Perfect for easily sharing personal tools across multiple personal projects sx init --type path --path my/vault/path Git vault (Small teams) Share assets through a shared git vault sx init --type git --repo git@github.com:yourteam/skills.git Skills.new (Large teams and enterprise) Centralized management with a UI for discovery, creation, sharing, and usage analytics sx init --type sleuth How it works sx follows the manifest-and-lock pattern used by npm, cargo, and uv:

Manifest (sx.toml) — the vault's source of truth. Lists every managed asset, its install scopes (org, repo, path, team, bot, user), and team definitions (members, admins, repositories). Committed to git / path vaults. See docs/manifest-spec.md. Lock file — a per-user resolved artifact. sx install reads the manifest, resolves team and user scopes against the caller's git identity, and writes the result to the user's cache directory (~/<cache>/sx/lockfiles/). When the resolved lock changes, the previous file is rotated with a timestamp so old installs stay reproducible. Audit + usage streams — every team/install mutation appends an audit entry to .sx/audit/YYYY-MM.jsonl; usage events append to .sx/usage/YYYY-MM.jsonl.