{"id":50951788,"url":"https://github.com/fuko2935/gitglow","last_synced_at":"2026-06-18T02:04:47.821Z","repository":{"id":361691159,"uuid":"1255409382","full_name":"fuko2935/gitglow","owner":"fuko2935","description":"Premium AI-Powered Git \u0026 PR Automation CLI. Automates conventional commits, Pull Request summaries, and pre-commit security credentials scans.","archived":false,"fork":false,"pushed_at":"2026-05-31T21:07:09.000Z","size":95,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-31T22:05:13.989Z","etag":null,"topics":["ai","cli","conventional-commits","git","github-actions","openai","pull-request","security","typescript","vitest"],"latest_commit_sha":null,"homepage":"https://github.com/fuko2935/gitglow","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fuko2935.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-31T19:45:04.000Z","updated_at":"2026-05-31T21:07:11.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/fuko2935/gitglow","commit_stats":null,"previous_names":["fuko2935/gitglow"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/fuko2935/gitglow","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fuko2935%2Fgitglow","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fuko2935%2Fgitglow/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fuko2935%2Fgitglow/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fuko2935%2Fgitglow/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fuko2935","download_url":"https://codeload.github.com/fuko2935/gitglow/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fuko2935%2Fgitglow/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34472838,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-18T02:00:06.871Z","response_time":128,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","cli","conventional-commits","git","github-actions","openai","pull-request","security","typescript","vitest"],"created_at":"2026-06-18T02:04:43.563Z","updated_at":"2026-06-18T02:04:47.814Z","avatar_url":"https://github.com/fuko2935.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# ✨ GitGlow\n\n### *AI-Assisted Git Commit \u0026 PR Automation CLI*\n\n[![CI](https://github.com/fuko2935/gitglow/actions/workflows/ci.yml/badge.svg)](https://github.com/fuko2935/gitglow/actions/workflows/ci.yml)\n[![Node version](https://img.shields.io/badge/node-%3E%3D%2018.0.0-blue?style=for-the-badge\u0026logo=node.js\u0026logoColor=white)](https://nodejs.org)\n[![License](https://img.shields.io/badge/license-Apache%202.0-orange?style=for-the-badge)](https://opensource.org/licenses/Apache-2.0)\n[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-purple?style=for-the-badge)](CONTRIBUTING.md)\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003eGitGlow\u003c/b\u003e is a developer CLI that helps you write Conventional Commit messages,\n  generate Pull Request descriptions, and scan staged changes for common secret patterns —\n  using OpenAI's GPT models when an API key is available, or an offline mock fallback when it isn't.\n\u003c/p\u003e\n\n\u003e **Status:** Early development — suitable for personal and team experimentation.\n\u003e See [Known Limitations](#-known-limitations) before using in production workflows.\n\n---\n\n[⚡ Features](#-features) • [🚀 Quick Start](#-quick-start) • [📖 Commands](#-commands) • [⚙️ Configuration](#️-configuration) • [🔒 Privacy](#-privacy--security) • [🧪 Testing](#-testing) • [⚠️ Known Limitations](#-known-limitations)\n\n\u003c/div\u003e\n\n---\n\n## ⚡ Features\n\n- 🤖 **Smart Commits (`gitglow commit`)** — Reads your staged diff and generates a Conventional Commit-style message via OpenAI. Interactive prompt lets you commit, edit, regenerate, or abort. Validates the message format before committing.\n- 🔍 **Secret Scanner (`gitglow scan`)** — Scans staged changes for 16+ common secret patterns (AWS keys, GitHub PATs, npm tokens, Slack tokens, Stripe keys, private key headers, JWTs, and more). Outputs file path and line number for each finding. Supports `--json` for CI integration.\n- 📝 **PR Description (`gitglow pr \u003cbaseBranch\u003e`)** — Compares your branch against a base branch and generates a structured Markdown PR description. Supports `--output \u003cfile\u003e`, `--no-clipboard`, and `--dry-run`.\n- ⚡ **Offline Mock Mode** — Use `--no-ai` or `--force-mock` to generate placeholder output without sending any data to external APIs.\n- 🛡️ **Shell-Injection Safe** — All git commands use `execFileSync` with argument arrays. Branch names are validated via `git check-ref-format` before use.\n\n---\n\n## 🧩 Architecture\n\n```mermaid\ngraph TD\n    CLI[src/cli.ts] --\u003e|commit| CmdCommit[commands/commit.ts]\n    CLI --\u003e|pr| CmdPR[commands/pr.ts]\n    CLI --\u003e|scan| CmdScan[commands/security.ts]\n\n    CmdCommit --\u003e GitUtil[utils/git.ts]\n    CmdCommit --\u003e ConfigUtil[utils/config.ts]\n    CmdCommit --\u003e AIUtil[utils/openai.ts]\n    CmdCommit --\u003e ValidateUtil[utils/validate.ts]\n\n    CmdPR --\u003e GitUtil\n    CmdPR --\u003e AIUtil\n\n    CmdScan --\u003e GitUtil\n    CmdScan --\u003e ConfigUtil\n\n    style CLI fill:#6366f1,stroke:#312e81,color:#fff\n    style AIUtil fill:#10b981,stroke:#064e3b,color:#fff\n    style CmdScan fill:#ef4444,stroke:#7f1d1d,color:#fff\n```\n\n---\n\n## 🚀 Quick Start\n\n### Prerequisites\n- **Node.js** `v18.0.0` or higher\n- **git** installed and on your PATH\n\n### Install\n\n```bash\n# Clone and install globally\ngit clone https://github.com/fuko2935/gitglow.git\ncd gitglow\nnpm install\nnpm run build\nnpm link\n```\n\nOr install from npm (when published):\n\n```bash\nnpm install -g @fukobabatekkral/gitglow\n```\n\n### API Key Setup (Optional)\n\nAdd your OpenAI API key as an environment variable:\n\n```bash\nexport OPENAI_API_KEY=\"sk-...\"\n```\n\n\u003e [!IMPORTANT]\n\u003e **Never store your API key in `.gitglow.json`** — it could be accidentally committed to your repository.\n\u003e Always use the `OPENAI_API_KEY` environment variable.\n\n\u003e [!TIP]\n\u003e If `OPENAI_API_KEY` is not set, GitGlow automatically uses its built-in offline mock generator.\n\u003e Use `--no-ai` to explicitly force mock mode.\n\n---\n\n## 📖 Commands\n\n### `gitglow commit`\n\nGenerates a Conventional Commit message from your staged diff.\n\n```bash\ngitglow commit [options]\n```\n\n| Option | Description |\n|--------|-------------|\n| `--no-ai` | Use offline mock mode (no data sent to OpenAI) |\n| `--yes` | Non-interactive: commit immediately with the generated message |\n| `--dry-run` | Print the generated message without committing |\n| `--force-mock` | Alias for `--no-ai` |\n\n**Interactive workflow:**\n1. GitGlow checks for staged files.\n2. Runs the secret scanner — blocks if violations are found.\n3. Displays a privacy notice (when AI mode is active).\n4. Generates a commit message and validates its format.\n5. Prompts: **Commit** / **Edit** / **Regenerate** / **Abort**.\n\n---\n\n### `gitglow scan`\n\nScans staged changes for hardcoded secrets and credentials.\n\n```bash\ngitglow scan [options]\n```\n\n| Option | Description |\n|--------|-------------|\n| `--json` | Output findings as JSON (suitable for CI pipelines) |\n\n**Detected pattern families:**\n- AWS access keys (`AKIA…`, `ASIA…`, etc.)\n- OpenAI API keys (`sk-proj-…`)\n- GitHub tokens (`ghp_`, `gho_`, `ghs_`, `github_pat_`)\n- npm access tokens (`npm_…`)\n- Slack bot/user tokens (`xoxb-`, `xoxp-`)\n- Stripe secret keys (`sk_live_…`)\n- Private key headers (`-----BEGIN … PRIVATE KEY-----`)\n- JWT tokens\n- Google service account JSON markers\n- Generic password/secret assignments\n\n\u003e [!CAUTION]\n\u003e This scanner checks only the patterns listed above.\n\u003e It does **not** guarantee the absence of all secrets.\n\u003e For comprehensive secret scanning, consider [gitleaks](https://github.com/gitleaks/gitleaks) or [truffleHog](https://github.com/trufflesecurity/trufflehog).\n\n---\n\n### `gitglow pr \u003cbaseBranch\u003e`\n\nGenerates a Pull Request description from the diff between `\u003cbaseBranch\u003e` and your current branch.\n\n```bash\ngitglow pr \u003cbaseBranch\u003e [options]\n```\n\n| Option | Description |\n|--------|-------------|\n| `--no-ai` | Use offline mock mode |\n| `--no-clipboard` | Do not copy to clipboard |\n| `--output \u003cfile\u003e` | Write PR description to a file |\n| `--dry-run` | Print without writing to file or clipboard |\n| `--force-mock` | Alias for `--no-ai` |\n\n---\n\n## ⚙️ Configuration\n\nCreate a `.gitglow.json` file in your project root to customise behaviour:\n\n```json\n{\n  \"language\": \"en\",\n  \"conventionalTypes\": [\n    \"feat\", \"fix\", \"docs\", \"style\", \"refactor\",\n    \"perf\", \"test\", \"build\", \"ci\", \"chore\"\n  ],\n  \"maxDiffBytes\": 20000,\n  \"model\": \"gpt-4o-mini\"\n}\n```\n\n\u003e [!WARNING]\n\u003e Do **not** add `openaiApiKey` to this file. Use `OPENAI_API_KEY` as an environment variable instead.\n\u003e Config files committed to your repository may expose secrets.\n\n| Key | Type | Default | Description |\n|-----|------|---------|-------------|\n| `language` | `string` | `\"en\"` | Language for AI-generated text |\n| `conventionalTypes` | `string[]` | `[\"feat\",\"fix\",…]` | Allowed Conventional Commit types |\n| `maxDiffBytes` | `number` | `20000` | Max diff size sent to OpenAI (bytes) |\n| `model` | `string` | `\"gpt-4o-mini\"` | OpenAI model to use |\n| `securityPatterns` | `array` | (16 built-in) | Custom secret patterns to add |\n\n---\n\n## 🔒 Privacy \u0026 Security\n\n### What data is sent to OpenAI?\n\nWhen AI mode is active (i.e., `OPENAI_API_KEY` is set and `--no-ai` is not used):\n\n- **`gitglow commit`**: Your staged diff (up to `maxDiffBytes`) is sent to the OpenAI API.\n- **`gitglow pr`**: Your branch diff and commit log (up to `maxDiffBytes`) are sent to the OpenAI API.\n\n**`gitglow scan` never sends data to any external service.**\n\n### How to keep diffs local\n\nUse `--no-ai` or `--force-mock` on any command, or leave `OPENAI_API_KEY` unset.\n\n### Shell command safety\n\nAll git operations use `execFileSync('git', [...args])` — no shell string interpolation.\nBranch names provided to `gitglow pr` are validated via `git check-ref-format` before use.\n\n### API key storage\n\n- ✅ Store your key in `OPENAI_API_KEY` (environment variable)\n- ✅ Use a secrets manager (1Password, AWS Secrets Manager, etc.)\n- ❌ Do not store it in `.gitglow.json` — it may be committed to your repository\n\nSee [SECURITY.md](./SECURITY.md) for the vulnerability reporting policy.\n\n---\n\n## 🧪 Testing\n\nGitGlow's test suite runs entirely without an internet connection or API key.\n\n```bash\n# Run all tests\nnpm test\n\n# Watch mode\nnpm run test:watch\n\n# With coverage\nnpm run test:coverage\n```\n\n---\n\n## ⚠️ Known Limitations\n\n- **Scanner coverage**: The built-in scanner covers common patterns only. It does not detect entropy-based secrets, multiline wrapped keys, or credentials in binary files.\n- **AI output**: Commit messages and PR descriptions are AI-generated and should always be reviewed before use. The AI may occasionally produce incorrect or poorly formatted output.\n- **Large diffs**: Diffs larger than `maxDiffBytes` are truncated before being sent to OpenAI. This may reduce the quality of generated messages.\n- **Non-interactive environments**: `gitglow commit` without `--yes` or `--dry-run` requires an interactive terminal. In CI, always pass `--yes` or `--no-ai`.\n- **Windows**: Clipboard support on Windows requires WSL or a compatible clipboard tool. Use `--no-clipboard --output pr.md` as a fallback.\n\n---\n\n## 👥 Contributors\n\n- [fuko2935](https://github.com/fuko2935)\n- [hektor808](https://github.com/hektor808)\n\n---\n\n## 📄 License\n\nApache License 2.0 — see [LICENSE](./LICENSE) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffuko2935%2Fgitglow","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffuko2935%2Fgitglow","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffuko2935%2Fgitglow/lists"}