{"id":47234801,"url":"https://github.com/aliengiraffe/vigilante","last_synced_at":"2026-04-06T19:01:01.630Z","repository":{"id":343587855,"uuid":"1178185415","full_name":"aliengiraffe/vigilante","owner":"aliengiraffe","description":"vigilante is a local control plane for autonomous software delivery. It watches repositories, selects eligible work items, prepares isolated git worktrees, launches a supported coding-agent CLI, and keeps the issue tracker updated while the work moves toward a pull request.","archived":false,"fork":false,"pushed_at":"2026-04-02T02:41:27.000Z","size":1443,"stargazers_count":23,"open_issues_count":16,"forks_count":2,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-02T02:42:37.426Z","etag":null,"topics":["agent","agent-skills","agentic-ai","agentic-workflow","agents","ai","ai-orchestration","ai-orchestrator","orchestration"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aliengiraffe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-10T19:21:28.000Z","updated_at":"2026-04-02T02:35:48.000Z","dependencies_parsed_at":null,"dependency_job_id":"22b6a2cf-8252-4b51-9e3e-b8e30ca42da5","html_url":"https://github.com/aliengiraffe/vigilante","commit_stats":null,"previous_names":["nicobistolfi/vigilante","aliengiraffe/vigilante"],"tags_count":33,"template":false,"template_full_name":null,"purl":"pkg:github/aliengiraffe/vigilante","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aliengiraffe%2Fvigilante","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aliengiraffe%2Fvigilante/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aliengiraffe%2Fvigilante/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aliengiraffe%2Fvigilante/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aliengiraffe","download_url":"https://codeload.github.com/aliengiraffe/vigilante/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aliengiraffe%2Fvigilante/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31485516,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-06T17:22:55.647Z","status":"ssl_error","status_checked_at":"2026-04-06T17:22:54.741Z","response_time":112,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent","agent-skills","agentic-ai","agentic-workflow","agents","ai","ai-orchestration","ai-orchestrator","orchestration"],"created_at":"2026-03-13T22:02:33.099Z","updated_at":"2026-04-06T19:01:01.617Z","avatar_url":"https://github.com/aliengiraffe.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\".github/assets/logo.png\" alt=\"vigilante logo\" width=\"240\"\u003e\n\u003c/p\u003e\n\n# vigilante\n\n[![Release](https://img.shields.io/github/v/release/aliengiraffe/vigilante?display_name=tag)](https://github.com/aliengiraffe/vigilante/releases/latest)\n[![Go Report Card](https://goreportcard.com/badge/github.com/nicobistolfi/vigilante)](https://goreportcard.com/report/github.com/nicobistolfi/vigilante)\n[![Go Package Search](https://img.shields.io/badge/go-package%20search-00ADD8?logo=go\u0026logoColor=white)](https://pkg.go.dev/search?q=github.com%2Fnicobistolfi%2Fvigilante)\n[![License](https://img.shields.io/github/license/aliengiraffe/vigilante)](https://github.com/aliengiraffe/vigilante/blob/main/LICENSE)\n[![Release Workflow](https://img.shields.io/github/actions/workflow/status/aliengiraffe/vigilante/release.yml?label=release)](https://github.com/aliengiraffe/vigilante/actions/workflows/release.yml)\n\n`vigilante` is a local control plane for autonomous software delivery. It watches repositories, selects eligible work items, prepares isolated git worktrees, launches a supported coding-agent CLI, and keeps the issue tracker updated while the work moves toward a pull request.\n\nIt is the orchestration layer around agents such as `codex`, `claude`, and `gemini`, not the model itself. Vigilante owns scheduling, worktree isolation, backend coordination, and recovery so a repository checkout behaves like a controlled worker instead of a loose collection of scripts.\n\n[Docs](DOCS.md) · [Closed Issues](https://github.com/aliengiraffe/vigilante/issues?q=is%3Aissue%20state%3Aclosed) · [Releases](https://github.com/aliengiraffe/vigilante/releases) · [Contributing](CONTRIBUTE.md)\n\nStart here: install `vigilante`, run `vigilante setup`, then clone and auto-register a repo with `vigilante clone \u003crepo\u003e` or register an existing checkout with `vigilante watch /path/to/repo`.\n\n## Install\n\nInstall with Homebrew:\n\n```sh\nbrew install vigilante\n```\n\nRequirements:\n\n- `git`\n- `gh` authenticated against the GitHub account Vigilante should operate with\n- one supported coding-agent CLI installed locally: `codex`, `claude`, or `gemini`\n\nRecommended machine setup:\n\n```sh\nvigilante setup --provider codex\n```\n\n## Quick Start\n\nRegister a repository and let Vigilante manage it:\n\n```sh\nvigilante clone git@github.com:owner/repo.git\n```\n\nUseful follow-up commands:\n\n```sh\nvigilante list\nvigilante status\nvigilante service restart\nvigilante daemon run --once\n```\n\nTypical first-run flow:\n\n```sh\nbrew install vigilante\nvigilante setup --provider codex\nvigilante clone git@github.com:owner/hello-world-app.git\nvigilante daemon run --once\n```\n\n## What Vigilante Does\n\n- Treats project-management work items as the queue for autonomous software delivery.\n- Selects eligible issues using repository configuration, assignees, labels, and concurrency limits.\n- Creates one isolated git worktree per issue so the main checkout stays stable.\n- Chooses the right execution skill from repository shape and local context.\n- Launches a supported coding-agent CLI under a consistent lifecycle.\n- Tracks progress, failures, and pull-request state through the issue tracker and local session state.\n- Recovers, resumes, redispatches, and cleans up runs without duplicating work.\n\n## How It Works\n\nAt a high level, Vigilante runs this loop for each watched repository:\n\n1. Resolve the repository and discover its remote.\n2. Read the configured issue-tracking backend and fetch open work items.\n3. Filter to issues that are eligible and not already being handled.\n4. Create an isolated worktree and issue branch.\n5. Launch the selected coding-agent CLI with the repo-aware implementation skill.\n6. Track progress locally and post execution updates back to the issue tracker.\n7. Monitor the linked pull request and clean up or recover the session as needed.\n\nGitHub is the only fully implemented backend today. The architecture already separates issue tracking, pull requests, labels, and rate limits so backends such as Linear and Jira can be added without rewriting the orchestration loop.\n\n## Package Hardening\n\nVigilante includes a deterministic, code-driven package hardening scan for pull requests that modify `package.json` files. When a PR branch is pushed, Vigilante checks for lockfile presence, runs `npm audit`, flags non-exact dependency ranges, and verifies that CI workflows use deterministic install commands. If issues are found, Vigilante posts a structured comment on the PR with findings and applies the `vigilante:flagged-security-review` label. The comment includes an **implement fixes** checkbox that triggers an automated remediation session when checked.\n\n\u003e **Note:** Package hardening currently applies only to repositories with a supported JavaScript/TypeScript/Node.js tech stack. Support for additional ecosystems is expected to expand over time.\n\nThe feature is enabled by default and can be toggled with the `package_hardening_enabled` field in `config.json`. For operational details including trigger conditions, checks performed, and remediation flow, see [DOCS.md](DOCS.md).\n\n## Key Commands\n\n- `vigilante setup`: verify dependencies, install bundled skills, and install the managed service\n- `vigilante clone \u003crepo\u003e [\u003cpath\u003e]`: clone a repository with `git clone` semantics and auto-add it to watch targets\n- `vigilante watch \u003cpath\u003e`: register a local repository for issue monitoring\n- `vigilante list`: show watched repositories\n- `vigilante status`: show service health, watched repos, active sessions, and rate-limit state\n- `vigilante logs`: inspect local daemon and per-issue logs\n- `vigilante cleanup`, `vigilante redispatch`, `vigilante resume`: recover or restart stuck work safely\n- `vigilante daemon run`: run the watcher loop in the foreground\n\n### Fork Mode\n\nUse fork mode when the authenticated GitHub identity should open pull requests from a fork instead of pushing issue branches directly to the upstream watched repository.\n\n```sh\nvigilante watch --fork ~/hello-world-app\n```\n\nWhat changes in fork mode:\n\n- Vigilante uses `gh api user` to resolve the authenticated GitHub login when `--fork-owner` is not set.\n- It creates or reuses `\u003cfork-owner\u003e/\u003crepo\u003e` through the GitHub API and verifies that the existing repository is actually a fork of the watched upstream repository.\n- It adds or updates a local git remote named `fork` that points at the fork repository.\n- Issue worktrees still use the upstream repository for issue context, base branch selection, and pull request target selection.\n- Coding agents still use the normal issue-implementation skill flow, but pushes go to the `fork` remote and pull requests are opened back to the upstream repository.\n\nUse an explicit owner when the fork should live under a bot or organization account:\n\n```sh\nvigilante watch --fork --fork-owner my-bot-org ~/hello-world-app\n```\n\nOperational notes:\n\n- `--fork-owner` requires `--fork`.\n- The authenticated `gh` account must be able to create or access the selected fork and open a pull request back to the upstream repository.\n- Existing branch tracking stays deterministic inside the worktree: the issue branch pushes to `fork`, while the pull request base remains the watched repository's configured base branch.\n\nFor command details and full flags, see [DOCS.md](DOCS.md).\n\n## Architecture At A Glance\n\nVigilante keeps orchestration backend-neutral through a small set of interfaces:\n\n- `IssueTracker`: work item listing, details, comments, and operator commands\n- `PullRequestManager`: PR discovery, merge state, and branch lifecycle\n- `LabelManager`: repository and issue label synchronization\n- `RateLimiter`: optional API quota awareness\n\nThat lets a watch target mix concerns such as issue tracking on one system and pull requests on another while keeping the execution loop stable.\n\n## More Docs\n\nThe full reference moved to [DOCS.md](DOCS.md), including:\n\n- installation details and development mode\n- full command reference and expected behaviors\n- local state layout and logs\n- issue selection, labeling, and pull-request maintenance\n- package hardening trigger conditions, checks, remediation flow, and config toggle\n- headless agent execution contract\n- GitHub integration, worktree strategy, and service behavior\n- CI, releases, and implementation status notes\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faliengiraffe%2Fvigilante","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faliengiraffe%2Fvigilante","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faliengiraffe%2Fvigilante/lists"}