{"id":49048214,"url":"https://github.com/getpusk/pusk","last_synced_at":"2026-04-19T19:05:57.366Z","repository":{"id":345062814,"uuid":"1184298546","full_name":"getpusk/pusk","owner":"getpusk","description":"Self-hosted alert platform for ops teams. Telegram Bot API compatible. ACK, push, team chat.","archived":false,"fork":false,"pushed_at":"2026-04-09T12:40:33.000Z","size":11464,"stargazers_count":14,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-09T14:31:48.780Z","etag":null,"topics":["bot-api","bot-platform","chatbot","golang","inline-keyboard","open-source","pwa","self-hosted","telegram-api","webhook"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/getpusk.png","metadata":{"files":{"readme":"README.en.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-17T13:02:50.000Z","updated_at":"2026-04-09T12:40:35.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/getpusk/pusk","commit_stats":null,"previous_names":["getpusk/pusk"],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/getpusk/pusk","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getpusk%2Fpusk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getpusk%2Fpusk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getpusk%2Fpusk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getpusk%2Fpusk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/getpusk","download_url":"https://codeload.github.com/getpusk/pusk/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getpusk%2Fpusk/sbom","scorecard":{"id":1245442,"data":{"date":"2026-04-01T11:40:28Z","repo":{"name":"github.com/getpusk/pusk","commit":"cea4602a513c613a4d70a90a5b8be6858ff837f6"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":7.2,"checks":[{"name":"Maintained","score":0,"reason":"project was created within the last 90 days. Please review its contents carefully","details":["Warn: Repository was created within the last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/15 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:49","Warn: jobLevel 'security-events' permission set to 'write': .github/workflows/ci.yml:50","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:18","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:18","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:134","Info: jobLevel 'packages' permission set to 'read': .github/workflows/release.yml:135","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:176","Info: topLevel permissions set to 'read-all': .github/workflows/ci.yml:9","Info: topLevel permissions set to 'read-all': .github/workflows/codeql.yml:11","Info: topLevel permissions set to 'read-all': .github/workflows/release.yml:7","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:9"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":7,"reason":"dependency not pinned by hash detected -- score normalized to 7","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/getpusk/pusk/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/getpusk/pusk/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/getpusk/pusk/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/getpusk/pusk/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/scorecard.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/getpusk/pusk/scorecard.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecard.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/getpusk/pusk/scorecard.yml/main?enable=pin","Warn: goCommand not pinned by hash: .github/workflows/ci.yml:70","Warn: downloadThenRun not pinned by hash: .github/workflows/ci.yml:112","Warn: downloadThenRun not pinned by hash: .github/workflows/ci.yml:119","Warn: downloadThenRun not pinned by hash: .github/workflows/ci.yml:120","Warn: downloadThenRun not pinned by hash: .github/workflows/ci.yml:121","Warn: downloadThenRun not pinned by hash: .github/workflows/ci.yml:145","Info:  14 out of  19 GitHub-owned GitHubAction dependencies pinned","Info:  14 out of  15 third-party GitHubAction dependencies pinned","Info:   4 out of   4 containerImage dependencies pinned","Info:   1 out of   2 goCommand dependencies pinned","Info:   0 out of   5 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"Signed-Releases","score":8,"reason":"1 out of the last 1 releases have a total of 1 signed artifacts.","details":["Info: signed release artifact: pusk-linux-amd64.sig: https://github.com/getpusk/pusk/releases/tag/v0.6.1","Warn: release artifact v0.6.1 does not have provenance: https://api.github.com/repos/getpusk/pusk/releases/302712781"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (18) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:14"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Contributors","score":3,"reason":"project has 1 contributing companies or organizations -- score normalized to 3","details":["Info: found contributions from: devitway"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}},{"name":"CI-Tests","score":10,"reason":"9 out of 9 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}}]},"last_synced_at":"2026-04-01T13:11:23.099Z","repository_id":345062814,"created_at":"2026-04-01T13:11:23.112Z","updated_at":"2026-04-01T13:11:23.112Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32018770,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-18T20:23:30.271Z","status":"online","status_checked_at":"2026-04-19T02:00:07.110Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bot-api","bot-platform","chatbot","golang","inline-keyboard","open-source","pwa","self-hosted","telegram-api","webhook"],"created_at":"2026-04-19T19:05:52.026Z","updated_at":"2026-04-19T19:05:57.359Z","avatar_url":"https://github.com/getpusk.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Release](https://img.shields.io/github/v/release/getpusk/pusk)](https://github.com/getpusk/pusk/releases)\n[![CI](https://github.com/getpusk/pusk/actions/workflows/ci.yml/badge.svg)](https://github.com/getpusk/pusk/actions/workflows/ci.yml)\n[![Coverage](https://img.shields.io/endpoint?url=https://gist.githubusercontent.com/devitway/54c1b0a766ce24cb97ac0134c59212c7/raw/pusk-coverage.json)](https://github.com/getpusk/pusk/actions/workflows/ci.yml)\n[![Go Report Card](https://goreportcard.com/badge/github.com/getpusk/pusk)](https://goreportcard.com/report/github.com/getpusk/pusk)\n[![Go](https://img.shields.io/badge/Go-1.26+-00ADD8?logo=go\u0026logoColor=white)](https://go.dev)\n[![Bot API](https://img.shields.io/badge/Bot_API-13_methods-2CA5E0?logo=telegram)](https://core.telegram.org/bots/api)\n[![SQLite](https://img.shields.io/badge/SQLite-per_tenant-003B57?logo=sqlite)](https://www.sqlite.org)\n\n🌐 [Русский](README.md)\n\n\u003cimg src=\".github/assets/landing.png\" alt=\"Pusk — interface\" width=\"960\" /\u003e\n\n# Pusk — self-hosted alerts for ops teams\n\n**Pusk** — self-hosted alert platform with team coordination. Webhooks from any monitoring, one-click ACK, push to phone. Single binary, zero dependencies.\n\n## Why?\n\n**Problem:** alert fires. Who picked it up? Silence.\n- Alerts get lost in group chats among discussions\n- No acknowledgment (ACK) — unclear who is handling it\n- No escalation — if on-call is asleep, the alert dies\n- Data on third-party servers — compliance fails\n\n**Solution — Pusk:**\n- Alerts from Grafana, Zabbix, Alertmanager, Uptime Kuma — into dedicated channels\n- One-click ACK — automatic silence in Alertmanager\n- Push notifications to phone even with browser closed\n- Team chat built in — channels, @mentions, file uploads\n- Telegram Bot API compatible — existing bots work with a one-line change\n\n\u003cimg src=\".github/assets/alerts.png\" alt=\"Pusk — alert channel\" width=\"960\" /\u003e\n\n\u003cimg src=\".github/assets/chat.png\" alt=\"Pusk — team chat\" width=\"960\" /\u003e\n\n## Who is it for\n\n- **DevOps/SRE teams** — monitoring alerts + incident coordination\n- **Companies with compliance needs** — data on your server, no external dependencies\n- **Anyone who needs autonomy** — works without external dependencies\n\n## Features\n\n| Feature | Description |\n|---------|-------------|\n| **Alerts** | Webhooks from Alertmanager, Grafana, Zabbix, Uptime Kuma. Color indicators, ACK, automatic silence |\n| **Push** | Web Push notifications to phone and desktop (even with browser closed) |\n| **Bots** | 13 Telegram Bot API methods. Inline buttons, webhook, long polling |\n| **Channels** | Team channels, @mentions with push, reply, pin, editing |\n| **Files** | Photos, videos, voice messages, documents — upload and view |\n| **Online status** | Real-time online/away usernames, typing indicator |\n| **Multi-tenant** | Isolated organizations (separate SQLite per tenant) |\n| **Simple** | Single binary (23 MB), SQLite, ~2 MB RAM, 1-second startup |\n\n## Use Cases: connect monitoring in 5 minutes\n\nReady-to-use docker-compose files — download, run, done:\n\n| Use case | What you get | Time |\n|----------|-------------|------|\n| [Alertmanager](docs/use-cases.en.md#-alertmanager) | Prometheus → Alertmanager → Pusk, ACK with auto-silence | 5 min |\n| [Grafana](docs/use-cases.en.md#-grafana) | Grafana Contact Point → Pusk | 5 min |\n| [Zabbix](docs/use-cases.en.md#-zabbix) | Zabbix Media Type → Pusk | 5 min |\n| [Uptime Kuma](docs/use-cases.en.md#-uptime-kuma) | Uptime Kuma → Pusk | 3 min |\n| [All-in-one](docs/use-cases.en.md#-all-in-one) | Full stack to try everything | 5 min |\n\n**[Go to use cases →](docs/use-cases.en.md)**\n\n## FAQ\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eIs this yet another messenger?\u003c/b\u003e\u003c/summary\u003e\nNo. It is an alert platform with team chat. Closer to PagerDuty and Opsgenie than to Slack — but self-hosted and free.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eHow is it different from PagerDuty?\u003c/b\u003e\u003c/summary\u003e\nSelf-hosted, free, single binary. No on-call scheduling (yet), but has team chat and Telegram Bot API compatibility.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eDo I need to install an app?\u003c/b\u003e\u003c/summary\u003e\nNo. Pusk works in your browser — just open the link. You can add it to your home screen as a PWA icon, but it is optional. Chrome, Firefox, Edge supported.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eHow do phone notifications work?\u003c/b\u003e\u003c/summary\u003e\nVia Web Push — a browser standard, like Slack and Discord. Works even when the browser is closed. Great on Android, iOS with Safari 16.4+.\n\u003c/details\u003e\n\n## Quick start\n\n### Docker (recommended)\n\n```bash\ndocker run -d --name pusk \\\n  -p 8443:8443 \\\n  -v pusk-data:/app/data \\\n  ghcr.io/getpusk/pusk:latest\n```\n\nOpen `http://localhost:8443` — register and get started.\n\n### First run\n\n1. First user creates an **organization** — becomes admin\n2. Go to Settings → **Invite** — copy the link and share with your team\n3. Teammates follow the link, register — and they are in\n4. New members are automatically subscribed to all channels\n\n\u003e Assign at least 2 admins so you do not depend on a single person.\n\n### Connect monitoring\n\n#### Alertmanager\n\n```yaml\nreceivers:\n  - name: pusk\n    webhook_configs:\n      - url: 'https://your-pusk/hook/BOT-TOKEN?format=alertmanager'\n```\n\n#### Grafana\n\nAlerting → Contact points → New → Type: **Webhook**\nURL: `https://your-pusk/hook/BOT-TOKEN?format=grafana`\n\n#### Zabbix\n\nAdministration → Media types → Create: **Webhook**\nURL: `https://your-pusk/hook/BOT-TOKEN?format=zabbix`\n\n#### Uptime Kuma\n\nNotifications → Add → Type: **Webhook**\nURL: `https://your-pusk/hook/BOT-TOKEN?format=raw\u0026channel=alerts`\n\n#### Any system with curl\n\n```bash\ncurl -X POST 'https://your-pusk/hook/BOT-TOKEN?format=raw' \\\n  -H 'Content-Type: application/json' \\\n  -d '{\"status\":\"down\",\"name\":\"my-service\"}'\n```\n\n### From source\n\n```bash\ngit clone https://github.com/getpusk/pusk.git\ncd pusk\ngo build -o pusk ./cmd/pusk/\n./pusk\n```\n\n### Docker Compose\n\n```yaml\nversion: '3'\nservices:\n  pusk:\n    image: ghcr.io/getpusk/pusk:latest\n    ports:\n      - \"8443:8443\"\n    volumes:\n      - ./data:/app/data\n    environment:\n      - PUSK_ADMIN_TOKEN=your-secret\n    restart: unless-stopped\n```\n\n## Telegram Bot API compatibility\n\nIf you already have a Telegram Bot API bot — it works in Pusk with a one-line change:\n\n```python\n# Python (aiogram)\nbot = Bot(token=\"TOKEN\", base_url=\"https://your-pusk:8443/bot\")\n\n# Python (python-telegram-bot)\napp = Application.builder().token(TOKEN).base_url(\"https://your-pusk:8443/bot\").build()\n```\n\n```javascript\n// Node.js (Telegraf)\nbot.telegram.options.apiRoot = \"https://your-pusk:8443\";\n```\n\nSupports 13 of 80+ methods — enough for alerts, notifications and simple bots.\n\n## VPS installation\n\n### Systemd\n\n```bash\nsudo tee /etc/systemd/system/pusk.service \u003c\u003c EOF\n[Unit]\nDescription=Pusk\nAfter=network.target\n\n[Service]\nUser=pusk\nWorkingDirectory=/opt/pusk\nExecStart=/opt/pusk/pusk\nRestart=always\nEnvironment=PUSK_ADDR=:8443\nEnvironment=PUSK_ADMIN_TOKEN=your-secret\n# Environment=PUSK_JWT_SECRET=your-jwt-secret\n# Environment=VAPID_PUBLIC_KEY=...\n# Environment=VAPID_PRIVATE_KEY=...\n# Environment=VAPID_EMAIL=admin@example.com\n\n[Install]\nWantedBy=multi-user.target\nEOF\n\nsudo systemctl enable --now pusk\n```\n\n### Reverse proxy (Caddy)\n\n```\npusk.example.com {\n    reverse_proxy localhost:8443\n}\n```\n\n### Reverse proxy (Nginx)\n\n```nginx\nserver {\n    listen 443 ssl;\n    server_name pusk.example.com;\n\n    location / {\n        proxy_pass http://127.0.0.1:8443;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n        proxy_set_header Host $host;\n        proxy_set_header X-Forwarded-Proto $scheme;\n    }\n}\n```\n\n## Configuration\n\n| Variable | Default | Description |\n|----------|---------|-------------|\n| `PUSK_ADDR` | `:8443` | Server address |\n| `PUSK_ADMIN_TOKEN` | — | Admin API token |\n| `PUSK_MAX_ORGS` | `1` | Max user-created organizations. `0` — unlimited. Admin token bypasses the limit |\n| `PUSK_DEMO` | — | `1` — enable demo mode |\n| `PUSK_MSG_RETENTION_DAYS` | `30` | Auto-delete messages older than N days. `0` — keep all |\n| `PUSK_FILE_QUOTA_MB` | `1024` | File storage limit per organization (MB) |\n| `PUSK_WEBHOOK_DEBOUNCE` | `10s` | Deduplicate identical webhooks. `0` — disable |\n| `PUSK_ALERTMANAGER_URL` | — | Alertmanager URL for auto-silence on ACK |\n| `VAPID_PUBLIC_KEY` | — | VAPID key for Web Push |\n| `VAPID_PRIVATE_KEY` | — | VAPID private key |\n| `VAPID_EMAIL` | — | Email for push service |\n| `PUSK_JWT_SECRET` | auto | JWT secret. Auto-generated and saved to `data/jwt.secret` if not set |\n| `PUSK_LOG_FORMAT` | `text` | `json` — JSON logs for production |\n| `PUSK_OPEN_USER_REGISTRATION` | `true` | `false` — disable self-registration (invite-only) |\n| `PUSK_WEBHOOK_RATE_LIMIT` | `60` | Webhook requests per minute per bot |\n| `PUSK_TPL_ALERTMANAGER` | — | Path to custom Go template file for Alertmanager webhook |\n| `PUSK_TPL_GRAFANA` | — | Path to custom Go template file for Grafana webhook |\n| `PUSK_TPL_ZABBIX` | — | Path to custom Go template file for Zabbix webhook |\n| `PUSK_TPL_RAW` | — | Path to custom Go template file for raw webhook |\n\n## Admin API\n\nAll endpoints require `Authorization: Bearer \u003cPUSK_ADMIN_TOKEN\u003e` or a JWT with admin role.\n\n| Method | Path | Description |\n|--------|------|-------------|\n| `POST` | `/admin/bots` | Register a bot (`token`, `name`) |\n| `POST` | `/admin/channel` | Create channel (`name`, `description`, `bot_id`) |\n| `DELETE` | `/admin/channel/{id}` | Delete channel (except #general) |\n| `PUT` | `/admin/channel/{id}` | Rename channel (`name`) |\n| `PUT` | `/admin/bots/{id}` | Rename bot (`name`) |\n| `POST` | `/admin/reset-password` | Reset password (`org`, `username`, `new_pin`). ADMIN_TOKEN only |\n| `POST` | `/admin/set-role` | Set role (`org`, `user_id`, `role`: admin/member). ADMIN_TOKEN only |\n| `GET` | `/api/org/info` | Organization limit info |\n| `POST` | `/api/org/register` | Create organization (`slug`, `name`, `username`, `pin`) |\n\n## Backup\n\nAll data is in the `data/` directory:\n\n```bash\n# Hot backup\nsqlite3 data/orgs/my-org/pusk.db \".backup backup.db\"\n\n# Full backup\ntar czf pusk-backup-$(date +%Y%m%d).tar.gz data/\n```\n\n## Architecture\n\n```\npusk (23 MB, ~8400 lines Go, 110 tests)\n├── Bot API    — /bot/\u003ctoken\u003e/\u003cmethod\u003e  (Telegram compatible)\n├── Client API — /api/*                 (PWA backend)\n├── WebSocket  — /api/ws                (real-time status, typing)\n├── Files      — /file/\u003cid\u003e             (media)\n├── PWA        — /                      (web client)\n└── SQLite     — data/orgs/*/pusk.db    (database)\n```\n\n## Demo\n\nTry it: [getpusk.ru](https://getpusk.ru) — click \"Demo\", no registration.\n\n## Security\n\n- JWT with 7-day TTL, bcrypt password hashing\n- Organization owner (first admin) protected from deletion and demotion\n- #general channel protected from deletion and renaming\n- Rate limiting on auth, registration, messaging\n- SSRF protection for webhook URLs\n- Multi-tenant with full data isolation (separate SQLite per organization)\n\n## License\n\nBSL 1.1 — Copyright (c) 2026 Volkov Pavel | DevITWay\n\nSee [LICENSE](LICENSE) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetpusk%2Fpusk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgetpusk%2Fpusk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetpusk%2Fpusk/lists"}