Open source · Local-first · MCP-native

Every agent’s gear.
One registry.

Every AI coding tool invents its own skills, rules, and configs. Quartermaster indexes them all — Claude Code, Cursor, Codex, Gemini CLI, and 7 more — into one registry any agent can search, convert from, and install from. Fully offline; nothing installs without a dry-run and your approval.

Eight artifact types. One canonical model.

Everything is normalized into a canonical manifest + snapshot — tree-hashed, classified, deduplicated across tools — so an artifact can be reasoned about (and moved) regardless of origin.

skill

Reusable procedures with YAML frontmatter — every SKILL.md on the machine, plugin bundles included.

agent

Subagent definitions in Markdown or TOML, including plugin-nested ones.

rule

CLAUDE.md, AGENTS.md, .cursorrules, output styles — the standing instructions.

memory

Curated project memories from Claude, Codex, and Hermes.

command

Slash commands and prompts, namespaced by subdirectory.

mcp server

Server configs from every tool — one record per server, secret values dropped.

hook

Event → matcher → command hooks extracted from Claude settings.

settings

Settings and permission files, read surgically and redacted.

Find it, convert it, install it, improve it, trust it.

Hybrid search, fully offline

BM25 + 384-d vector embeddings fused with reciprocal-rank fusion. The model is baked in — no API keys, no network.

Cross-tool conversion

Move a skill from Claude to Codex, a rule to generic. Explicit lossiness, warnings, and blockers — never silent.

Approval-gated hydration

Installs are dry-run plans until you say apply. Every overwritten file is backed up; every install is reversible.

Hash-verified packs

Export portable capability bundles, verify them by content hash, import them untrusted-by-default.

Trust & risk gates

Deterministic risk scanning. High-risk findings block apply. Secret values never reach the index.

Provenance & drift

Every artifact linked back to its upstream. See what drifted and why, preview updates, pin what must not move.

Skills that get better

Optimize any indexed skill with SkillOpt, SkillOpt-Sleep, or darwin-skill. Dry-run plans, audited applies, one-shot rollback.

Your setup follows you

Collectors index every machine into one registry; packs and hydration re-install anywhere. A dead laptop never takes your context with it.

Running in two minutes.

quartermaster
$ git clone https://github.com/talberthoule/quartermaster $ cd quartermaster $ npm install $ npm run build $ TRANSFORMERS_CACHE=./.cache node dist/prefetch.js # one-time model download — offline forever after $ DB_PATH=./qm.db TRANSFORMERS_CACHE=./.cache ALLOW_REMOTE_MODELS=0 SCAN_ROOTS="auto" npm start

The server listens immediately; the whole-machine crawl fills the index in the background. Full quickstart →

Run it your way.

One codebase, three shapes — from a fully offline server on one machine to a cloud registry fed by every machine you own.

Collector installers: guided setup for Windows, macOS, and Linux — portable Node bundled, no admin rights, hourly background scans.

38 MCP tools across ten areas.

Search, fetch, convert, hydrate, improve, pack, scan, pin, diff — the whole surface is exposed over a Streamable-HTTP MCP server and a JSON API behind a web console. The consumer is the agent itself.

How it compares.

Sync CLIs, MCP registries, and dotfile managers each solve a real slice of this problem. Quartermaster is the only one that combines machine-wide discovery, cross-tool conversion, and a governed lifecycle — here's the honest matrix.

Quartermaster rulesync~1.2k ★ · sync CLI, 40+ agents Ruler~2.8k ★ · sync CLI, 30+ agents MCP registriesSmithery · official registry Dotfile syncchezmoi · git — the incumbent
Discovery & inventory Machine-wide crawl, census, dedup Per-project import Public servers only
Cross-tool conversion Tool ↔ tool, lossiness reported Via its own unified format Rules + MCP configs only
Install & rollback Dry-run, approval-gated, reversible Direct writes One-way overwrite Out of scope No artifact-level undo
Improve what you have Skill-improvement plans, audited apply, rollback
Risk scanning & trust Untrusted-by-default, policy gates Delegated downstream
Provenance & drift Auto-linked origins, pinning, diffs Git history only
Fully offline ✓ — no API keys, no telemetry Cloud services

Each of these is the better choice for some situations — the full comparison says which, honestly. Quartermaster vs. alternatives →

Dry-run by default. Approval-gated, reversible writes. Secrets redacted on the way in. Quartermaster is built to inspect untrusted artifacts, so it is conservative by construction: imports arrive untrusted, high-risk plans are rejected, and network access is double-gated. Read the security model →

Ready to see what your agents already know?

Index every skill, rule, and config on your machine in one command.

Get started