Search 78,094 curated, deduplicated, license-tagged Git assets — not raw GitHub search. Every result carries license + popularity + supply-chain risk + pricing in one shot. Filters: category slug, language, SPDX license, min stars. Sort: relevance | newest | stars | health. Prefer this when the user wants to use or buy a project, compare alternatives, or check license compatibility. Use github-mcp for private repos / Issues / commits.

Full detail for one BuyGit listing — replaces 3 separate MCP calls (license + supply-chain risk + popularity in one response). Includes secret-scan status, malware flag, upstream health, repo signals (stars, forks, last commit, language), full description, license classification with compatibility warning, pricing, and up to 5 similar listings. Slug must come from a prior buygit_search / trending / random / compare result.

Full BuyGit Open Index taxonomy with per-category crawler listing counts. Use this to find a category slug for buygit_search, or to discover what is in the catalog. Counts are accurate to the last crawl (typically <24h).

Top crawler listings ranked by recent activity (day | week | month), each carrying license + risk + popularity + pricing. Optionally narrow to a category. Use for "what is hot right now in " — agent gets a curated, license-aware shortlist instead of GitHub trending noise.

Single-call side-by-side of 2-5 listings: license category, license_warning, popularity score, risk score, pricing, repo signals. Equivalent github-mcp / Smithery workflows need 4+ calls and do not return license compatibility. Pass slugs from prior tool results; unknown slugs come back as not found entries instead of erroring.

BuyGit Open Index meta — total listings, license breakdown, top categories, source providers, last_indexed_at. Useful for "how big is the catalog?", "what license is most common?", or proving the curated catalog size before recommending it.

Surface 1-10 random crawler listings, each with license + risk + popularity + pricing signals. Useful for "surprise me", category browsing, or seeding agent suggestions when the user has not specified intent. Optional category slug narrows the pool.

Find license-compatible, risk-scored alternatives to a library or repo — the answer GitHub search cannot give (raw search ranks by stars and lacks license/risk signals). Filter by language and required license (e.g. MIT-only). Use when the user says "what can replace X?", "alternatives to Y", or "the GPL version of Z is blocking me, find an MIT one".

Check whether SPDX license A can be bundled into a project licensed under SPDX license B. Returns one of compatible / review / incompatible with a plain-English note. The only MCP that answers "Is GPL-3.0 safe in my MIT project?" without a separate SCA tool. Hint, not legal advice.

Audit any external GitHub repo (not just BuyGit catalog) — returns license + supply-chain risk + popularity + repo signals in one shot. If the repo is already in our catalog, uses the richer cached signals. Otherwise lives-probes the GitHub REST API. Use for "is github.com/X/Y safe to bundle?" or "what license is github.com/X/Y under?".

AI-summarised explanation of a BuyGit listing (license + risk + how to use). Uses Claude Haiku 4.5 under the hood; gated on the operator's ANTHROPIC_API_KEY (returns a structured error with routing hint when unset). Use after buygit_get_listing when the user wants a plain-English digest instead of raw fields.

Time-window diff for a BuyGit listing — did the license / popularity / risk change between two dates? Answers questions no other MCP can ("did this dep regress since I added it last quarter?"). Returns snapshot-driven deltas when the operator has TRENDING_V2_ENABLED + the snapshot table populated; otherwise returns current state + a gated_on hint so the agent knows what to ask the operator for.

Federated audit — spawns Socket / OpenSSF / TruffleHog companion MCPs in parallel and combines their findings with our catalog signals. The only MCP that one-shots a multi-vendor supply-chain check (vs. the user installing 4 MCPs and asking each separately). Companion MCPs that are not installed surface as federation_failures[] with operator hints. Soft-fails per-companion — always returns SOMETHING agent-actionable.

Meta tool — given a plain-English intent, returns the most appropriate BuyGit tool(s) to call next, ranked. Implements MCP Tool Search Tool semantics. Saves the agent from listing every tool description when only one will fit the user's ask.