HarnessKit

🤖 Agent Configs, Memory & Rules

HarnessKit manages every agent's Configs, Memory, Rules, and Ignore files from one place. Currently supporting 6 agents: Claude Code, Codex, Gemini CLI, Cursor, Antigravity, and Copilot.

• Config file tracking — Automatically discovers every agent's config files — both global and per-project. Add your project directories or custom paths and HarnessKit picks them up alongside the global ones.
• Per-agent dashboard — Each agent gets its own page with all files organized by category, showing scope, path, file size, and a summary of installed extensions. Expand any file to preview its content right in the app.
• Custom paths — Add any file or folder to an agent's dashboard for tracking. Useful for custom configs or scripts that HarnessKit doesn't auto-discover — they show up alongside everything else with the same live preview.
• Real-time detection — The moment a config file is modified, the dashboard reflects it.

🛡️ Security Audit & Permission Transparency

Every extension is scanned by a built-in security engine with 18 static analysis rules and receives a Trust Score (0–100), grouped into three tiers — Safe (80+), Low Risk (60–79), and Needs Review (below 60). A dedicated Audit page lets you search, filter by tier, and drill into every finding.

• One-click audit — Run a full security scan across all extensions with a single click. The dashboard shows how many extensions were scanned and when the last audit ran.
• Precise tracing — Every finding pinpoints the exact file and line number, so you can trace the issue immediately.
• Per-agent scanning — Even if multiple agents share the same extension, each agent's copy is audited independently — because versions can drift, and a safe copy on one agent doesn't guarantee safety on another.
• Permission transparency — Every extension's permissions are surfaced across five dimensions — filesystem paths, network domains, shell commands, database engines, and environment variables. You see exactly what each extension can reach before you decide to keep it.

🏪 Marketplace Ecosystem

Discover, evaluate, and install — three marketplaces in one, each with trending lists and search:

• Skills — Browse and install from the skills.sh registry. Also supports install from Git URL or local directory.
• MCP Servers — Browse the Smithery registry of Model Context Protocol servers.
• Agent-first CLI — Discover CLI tools built specifically for agents — the newest frontier of the agent extension ecosystem.

Every listing shows its description, install count, and source. For skills, you can preview the documentation, check third-party security audit scores before installing, and install to any agent with one click — HarnessKit tracks the source so you always know where each extension came from.

📂 In-Place Management

HarnessKit works directly with your agents' native directories instead of copying them into a managed folder — no shadow copies, no sync conflicts.

• Native directories — Reads and writes directly to each agent's own config directory. Your files stay exactly where they are.
• Non-destructive operations — Enabling or disabling an extension is a simple file rename in place. Nothing is moved or duplicated.
• Zero lock-in — Uninstall HarnessKit and everything is exactly where it was. No migration, no cleanup needed.

⌨️ CLI Support

HarnessKit ships a standalone command-line interface (hk) for terminal-first workflows, available on macOS, Linux, and Windows:

$ hk status
  Agents        6 detected (claude · codex · gemini · cursor · antigravity · copilot)
  Extensions    136 total (124 skills · 2 mcp · 8 plugins · 1 hooks · 1 clis)

$ hk list --kind skill --agent claude    # filter by type and agent
$ hk audit                               # security audit with trust scores
$ hk enable my-skill                     # enable by name
$ hk disable --pack owner/repo           # batch disable by source

🌐 Web Mode

The same full-featured UI that runs in the desktop app is also available as a web interface — served directly from the hk CLI binary. No extra dependencies, no separate install.

$ hk serve
HarnessKit Web UI running at http://127.0.0.1:7070

This makes HarnessKit usable on Linux servers, HPC clusters, or any headless machine where a desktop app isn't an option. Web mode has full feature parity with the desktop app — the only difference is that file-system operations (like "Open in Finder") are desktop-only. See Getting Started for setup instructions.

✨ Thoughtful & Interactive UX

• 💡 Tip of the Day — The Overview dashboard surfaces contextual tips for each detected agent from a community-maintained library. Learn shortcuts and best practices as you work.
• 📊 Dynamic Activity Feed — Agent Activity and Recently Installed timelines capture every config change, extension install, and agent event in real time.
• ⚡ Quick Actions — One-click View Agents, Run Audit, Check Updates, and Marketplace access right from the dashboard.
• 🎯 Playful Touches — Smooth animations and micro-interactions throughout the app make daily use feel alive.
• 🎨 Themes — Multiple themes with Light, Dark, and System mode support.

Getting Started

Requirements: At least one supported AI coding agent installed.

🖥️ Desktop App (macOS)

1. Download the DMG for your architecture from the [latest release](https://github.com/RealZST/HarnessKit/releases/l