Open source · Local-first · MCP-native
Every agent’s gear.
One registry.
Every AI coding tool invents its own skills, rules, and configs. Quartermaster indexes them all — Claude Code, Cursor, Codex, Gemini CLI, and 7 more — into one registry any agent can search, convert from, and install from. Fully offline; nothing installs without a dry-run and your approval.
Eight artifact types. One canonical model.
Everything is normalized into a canonical manifest + snapshot — tree-hashed, classified, deduplicated across tools — so an artifact can be reasoned about (and moved) regardless of origin.
Reusable procedures with YAML frontmatter — every SKILL.md on the machine, plugin bundles included.
Subagent definitions in Markdown or TOML, including plugin-nested ones.
CLAUDE.md, AGENTS.md, .cursorrules, output styles — the standing instructions.
Curated project memories from Claude, Codex, and Hermes.
Slash commands and prompts, namespaced by subdirectory.
Server configs from every tool — one record per server, secret values dropped.
Event → matcher → command hooks extracted from Claude settings.
Settings and permission files, read surgically and redacted.
Find it, convert it, install it, improve it, trust it.
Hybrid search, fully offline
BM25 + 384-d vector embeddings fused with reciprocal-rank fusion. The model is baked in — no API keys, no network.
Cross-tool conversion
Move a skill from Claude to Codex, a rule to generic. Explicit lossiness, warnings, and blockers — never silent.
Approval-gated hydration
Installs are dry-run plans until you say apply. Every overwritten file is backed up; every install is reversible.
Hash-verified packs
Export portable capability bundles, verify them by content hash, import them untrusted-by-default.
Trust & risk gates
Deterministic risk scanning. High-risk findings block apply. Secret values never reach the index.
Provenance & drift
Every artifact linked back to its upstream. See what drifted and why, preview updates, pin what must not move.
Skills that get better
Optimize any indexed skill with SkillOpt, SkillOpt-Sleep, or darwin-skill. Dry-run plans, audited applies, one-shot rollback.
Your setup follows you
Collectors index every machine into one registry; packs and hydration re-install anywhere. A dead laptop never takes your context with it.
Running in two minutes.
The server listens immediately; the whole-machine crawl fills the index in the background. Full quickstart →
The server listens immediately; the whole-machine crawl fills the index in the background. Full quickstart →
A persistent, restart-safe container; a named volume holds the index. Mount the dirs to scan first — Docker guide →
Runs in your own Cloudflare account (free tier is fine). Then pair a collector on each machine — Cloud hub guide →
Run it your way.
One codebase, three shapes — from a fully offline server on one machine to a cloud registry fed by every machine you own.
Local & offline
The whole registry on your machine. Embeddings baked in — no API keys, no telemetry, no network. The whole-machine crawl runs in the background while you search.
Quickstart →Docker
A persistent container with a named volume for the index. Loopback-published, token-authenticated, restarts itself.
Docker guide →Cloud on Cloudflare
The registry as a Worker (D1 + Vectorize + Workers AI), fed by a thin collector on each device. Secrets redacted before anything leaves the machine.
Cloud hub →Collector installers: guided setup for Windows, macOS, and Linux — portable Node bundled, no admin rights, hourly background scans.
How it compares.
Sync CLIs, MCP registries, and dotfile managers each solve a real slice of this problem. Quartermaster is the only one that combines machine-wide discovery, cross-tool conversion, and a governed lifecycle — here's the honest matrix.
| Quartermaster | rulesync~1.2k ★ · sync CLI, 40+ agents | Ruler~2.8k ★ · sync CLI, 30+ agents | MCP registriesSmithery · official registry | Dotfile syncchezmoi · git — the incumbent | |
|---|---|---|---|---|---|
| Discovery & inventory | Machine-wide crawl, census, dedup | Per-project import | — | Public servers only | — |
| Cross-tool conversion | Tool ↔ tool, lossiness reported | Via its own unified format | Rules + MCP configs only | — | — |
| Install & rollback | Dry-run, approval-gated, reversible | Direct writes | One-way overwrite | Out of scope | No artifact-level undo |
| Improve what you have | Skill-improvement plans, audited apply, rollback | — | — | — | — |
| Risk scanning & trust | Untrusted-by-default, policy gates | — | — | Delegated downstream | — |
| Provenance & drift | Auto-linked origins, pinning, diffs | — | — | — | Git history only |
| Fully offline | ✓ — no API keys, no telemetry | ✓ | ✓ | Cloud services | ✓ |
Each of these is the better choice for some situations — the full comparison says which, honestly. Quartermaster vs. alternatives →
Dry-run by default. Approval-gated, reversible writes. Secrets redacted on the way in. Quartermaster is built to inspect untrusted artifacts, so it is conservative by construction: imports arrive untrusted, high-risk plans are rejected, and network access is double-gated. Read the security model →
Ready to see what your agents already know?
Index every skill, rule, and config on your machine in one command.
Get started