Rosie is a specialized, fast, and cross-platform package manager engineered specifically for managing AI agent skills. Designed by matthewp, it functions analogously to npm but serves the needs of AI development environments, providing a streamlined way to install and maintain collections of capabilities, instructions, and documentation used by various AI coding agents. Rosie is built as a single, native C binary without dependencies on Node.js, Python, or a Java virtual machine, ensuring lightweight and efficient execution across diverse platforms including macOS, Linux, and FreeBSD. It works by automating the discovery of skill definitions within GitHub repositories and managing their integration into project-specific or global agent configurations.

The primary function of Rosie is to manage the lifecycle of AI agent skills, handling installation, updates, and removal through a simple command-line interface. It enforces security and reproducibility by utilizing a lockfile (.agents/rosie.lock) that pins specific Git commit SHAs, ensuring that the exact same versions of skills are used across different environments. By automating the symlinking of skills into the directories monitored by popular agents like Claude Code, Cursor, and OpenHands, Rosie simplifies the process of extending AI agent capabilities with vetted, third-party content.

Some of the key features are:

• Cross-Platform Support: Works natively on macOS, Linux, and FreeBSD without requiring high-level runtimes.
• Multi-Agent Compatibility: Automatically detects over 50 supported AI agents and configures skills for their specific directories.
• Reproducible Installs: Uses a .agents/rosie.lock file to ensure exact commit SHA pinning for all installed dependencies.
• Security-First Design: Implements automatic auditing, comment stripping, and invisible character removal to prevent prompt injection and supply-chain drift.
• Flexible Installation: Supports both local project-scoped installations and global installations shared across different AI agent projects.
• Audit Trail: Provides a structured JSON audit log during installation and updates when run inside an agent session, allowing the agent to review and verify incoming content.
• Reference Management: Supports installing Markdown documentation as references, which are indexed into project instruction files to guide agent behavior effectively.

Operationally, Rosie integrates directly into a project's workflow by being run from the command line, often from within the agent's context. When a user installs a skill using 'rosie install', the tool fetches the specified package, validates it, and updates the project's lockfile. It then creates the necessary directory structures and symbolic links that the AI agent is configured to read. For global installations, Rosie symlinks to common user directories. During an update or installation within an agent environment, Rosie emits a structured audit report on stdout, enabling the agent to perform a review of the changes, such as identifying modified code or potentially dangerous instructions, before the user approves the application.

Some common use cases include:

• Sharing Project-Specific Skills: Developers can package custom agent instructions and code snippets in a repository and use Rosie to share them across team members or multiple projects.
• Maintaining Consistent Agent Behavior: Organizations can use Rosie to distribute standardized operational procedures, style guides, and coding best practices as 'references' that are always indexed for their AI agents.
• Managing Third-Party Agent Extensions: Users can easily install and audit community-maintained skills from GitHub repositories, ensuring that supply-chain updates are transparent and reviewed.
• Onboarding AI Agents: Rapidly setting up a new agent environment by re-instating all project-required skills from the centralized rosie.lock file, ensuring identical behavior across local and CI/CD environments.