{"id":44968821,"url":"https://github.com/mhbdev/git-pal","last_synced_at":"2026-02-18T15:04:13.089Z","repository":{"id":335922517,"uuid":"1147506175","full_name":"mhbdev/git-pal","owner":"mhbdev","description":"Your friendly neighborhood GitPal!","archived":false,"fork":false,"pushed_at":"2026-02-09T13:25:57.000Z","size":3171,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-09T14:46:39.701Z","etag":null,"topics":["ai","artificial-intelligence","cicd","gitops"],"latest_commit_sha":null,"homepage":"https://gitpal.circulo-ai.com","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mhbdev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-01T21:08:17.000Z","updated_at":"2026-02-09T13:26:01.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/mhbdev/git-pal","commit_stats":null,"previous_names":["mhbdev/git-pal"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mhbdev/git-pal","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhbdev%2Fgit-pal","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhbdev%2Fgit-pal/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhbdev%2Fgit-pal/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhbdev%2Fgit-pal/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mhbdev","download_url":"https://codeload.github.com/mhbdev/git-pal/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhbdev%2Fgit-pal/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29582868,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-18T13:56:48.962Z","status":"ssl_error","status_checked_at":"2026-02-18T13:54:34.145Z","response_time":162,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","artificial-intelligence","cicd","gitops"],"created_at":"2026-02-18T15:04:12.267Z","updated_at":"2026-02-18T15:04:13.084Z","avatar_url":"https://github.com/mhbdev.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GitPal\n\nGitPal is an automation service that monitors CI failures, diagnoses root causes, and proposes fixes by opening pull requests with audit trails and policy checks.\n\n## Key Capabilities\n\n- Ingests CI failures via webhooks and periodic reconciliation\n- Collects logs/artifacts, redacts sensitive data, and stores evidence\n- Uses an LLM to diagnose, plan, and generate fixes\n- Creates branches, applies changes, and opens PRs/MRs\n- Records every step and policy decision for auditability\n\n## Architecture Overview\n\n- **Web app (control plane):** UI, webhook ingestion, configuration, run records\n- **Worker (execution plane):** diagnosis, patch generation, verification\n- **Data:** Postgres (Drizzle ORM) + object storage for artifacts\n- **Queues:** BullMQ for background jobs and retries\n\n## Safety \u0026 Governance\n\n- Secret redaction in logs\n- File allowlists and policy gates for changes\n- Least‑privilege access through provider app installations\n- Full audit trail for agent runs\n\n## LLM Configuration\n\nGitPal uses OpenRouter.\n\nSet these in `apps/web/.env`:\n\n```bash\nOPENROUTER_API_KEY=\"your-openrouter-key\"\nOPENROUTER_MODEL=\"google/gemini-2.5-flash\"\n```\n\n## Sandbox Service (Optional)\n\nTo enable shallow-clone analysis and richer repo queries, run the sandbox service and set:\n\n```bash\nSANDBOX_URL=\"http://sandbox:8787\"\nSANDBOX_API_KEY=\"replace-with-strong-secret\"\n```\n\nUse the same `SANDBOX_API_KEY` for the web/worker and the sandbox service.\nThe sandbox runs in a separate container and spawns short‑lived runner containers for each query.\nIt requires access to the Docker socket to create those runner containers.\nWorkspace size is capped (see `SANDBOX_MAX_WORKSPACE_BYTES`) and enforced during clone and operations.\nShallow clones are cached per repo+ref for a short TTL; configure `SANDBOX_CACHE_VOLUME` and `SANDBOX_CACHE_TTL_MS`.\n\n## Local Development\n\n1. Configure environment variables\n   - Copy `apps/web/.env.example` to `apps/web/.env` and fill in values\n   - Run `pnpm env:check`\n   - Optional guardrail check for server env access patterns: `pnpm --filter @workspace/web env:guard`\n   - Optional guardrail check for server console usage policy: `pnpm --filter @workspace/web console:guard`\n   - Optional module-size guardrail check: `pnpm --filter @workspace/web module:size:check`\n2. Install dependencies\n   - `pnpm install`\n3. Start infra + app + worker\n   - `pnpm dev:local`\n\nTo stop infra containers:\n\n- `pnpm dev:infra:down`\n\n## Critical Coverage Gate\n\nRun the critical infrastructure coverage gate locally (web critical paths + DB + sandbox):\n\n```bash\npnpm test:coverage:critical\n```\n\n## Operations Runbook\n\n- Rate limiter degraded mode alerts/tuning:\n  - `docs/operations/rate-limit-degraded-mode-runbook.md`\n  - `docs/operations/alerts/rate-limit-degraded-alert-templates.md`\n  - `docs/operations/alerts/rate-limit-threshold-tuning-log.md`\n\n## Background Worker\n\nRun the full stack (app + worker + cron):\n\n```bash\npnpm dev:stack\n```\n\nLocal reconcile loop env overrides:\n\n- `RECONCILE_INTERVAL_MINUTES` (default: 10)\n- `RECONCILE_LOOKBACK_HOURS` (default: 24)\n- `RECONCILE_MAX_RUNS` (default: 25)\n- `RECONCILE_ALLOW_RETRY_FAILED` (default: false)\n- `RECONCILE_RETRY_BACKOFF_MINUTES` (default: 60)\n- `RECONCILE_FORCE` (default: false)\n- `RECONCILE_PR_LOOKBACK_HOURS` (default: RECONCILE_LOOKBACK_HOURS)\n- `RECONCILE_PR_MAX_RUNS` (default: 25)\n- `RECONCILE_PR_ALLOW_RETRY_FAILED` (default: false)\n- `RECONCILE_PR_FORCE` (default: false)\n\n## Webhook Recovery\n\nIf webhooks are missed, GitPal can reconcile recent failures.\n\n```bash\ncurl -H \"authorization: Bearer $CRON_SECRET\" \\\n  \"http://localhost:3000/api/cron/reconcile-runs?lookbackHours=24\u0026maxRunsPerRepo=25\"\n```\n\nPR review backfill:\n\n```bash\ncurl -H \"authorization: Bearer $CRON_SECRET\" \\\n  \"http://localhost:3000/api/cron/reconcile-pr-reviews?lookbackHours=24\u0026maxRunsPerRepo=25\"\n```\n\nRedis is required in production. Set `REDIS_URL` and keep the worker running.\n\n## Production / Self‑Host\n\nThis repo includes a production Dockerfile and Compose stack.\n\n### 1) Create a production env file\n\n```bash\ncp apps/web/.env.example .env\n```\n\nFill in required values:\n\n- `DATABASE_URL`, `REDIS_URL`\n- `BETTER_AUTH_SECRET`, `JWT_SECRET_KEY`, `PROVIDER_TOKEN_ENCRYPTION_KEY`\n- GitHub App secrets (`GITHUB_APP_ID`, `GITHUB_APP_PRIVATE_KEY`, etc.)\n- Public URLs (`NEXT_PUBLIC_APP_URL`, `NEXT_PUBLIC_API_URL`, `BETTER_AUTH_URL`)\n\nValidate before deployment:\n\n```bash\npnpm env:check:prod -- --env-file=.env\n```\n\n### 2) Build and start the stack\n\n```bash\ndocker compose -f docker-compose.prod.yml up -d --build\n```\n\n### 3) Database migrations\n\nThe production compose stack runs a one‑shot `migrate` service on deploy and then starts the app services.\n\n### 4) Optional: MinIO for S3‑compatible storage\n\n```bash\ndocker compose -f docker-compose.prod.yml --profile storage up -d\n```\n\nThen set:\n\n- `STORAGE_ENDPOINT`, `STORAGE_BUCKET`, `STORAGE_ACCESS_KEY_ID`, `STORAGE_SECRET_ACCESS_KEY`\n\n### 5) Reverse proxy \u0026 HTTPS\n\nDeploy behind a reverse proxy (Caddy/Nginx/Traefik) and terminate TLS there. Ensure `NEXT_PUBLIC_APP_URL` uses HTTPS.\n\n### Services\n\n- **web**: Next.js app + API\n- **worker**: BullMQ agent runner\n- **cron**: reconciliation scheduler\n- **postgres**: database\n- **redis**: queue + cache\n- **minio**: optional object storage\n\n## GitHub App Setup (Required)\n\nGitPal requires a GitHub App for repository access.\n\n### Required GitHub App configuration\n\n**Development URLs**\n\n- Setup URL: `http://localhost:3000/api/github/app/callback`\n- Webhook URL (recommended): `http://localhost:3000/api/webhooks/github`\n\n**Production URLs**\n\n- Setup URL: `https://your-domain.com/api/github/app/callback`\n- Webhook URL: `https://your-domain.com/api/webhooks/github`\n\n**Recommended permissions**\n\n- Actions: Read\n- Contents: Read \u0026 write\n- Pull requests: Read \u0026 write\n- Issues: Read \u0026 write\n- Metadata: Read\n- Organization members: Read (optional)\n\nInstall the app on the target repositories. GitPal lists only repos granted to that installation.\n\n## GitHub OAuth (Optional, Login Only)\n\nOAuth is only needed for sign‑in (not repo access).\n\n**Callback URL**\n\n- Dev: `http://localhost:3000/api/auth/oauth2/callback/github`\n- Prod: `https://your-domain.com/api/auth/oauth2/callback/github`\n\n**Scopes**\n\n- `read:user`\n- `user:email`\n\n## Donate\n\nIf GitPal helps your team, consider supporting the project:\n\n- TON: `UQDKcML9_qEz_YsiUtxxIzaEBwCfAiCfKnM1oHIw5qIVO67S`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhbdev%2Fgit-pal","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmhbdev%2Fgit-pal","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhbdev%2Fgit-pal/lists"}