✈️ Git AI Pilot

Automate your entire Git workflow with AI-generated commit messages and built-in security scanning.

One command to pull, stage, commit, scan, and push — powered by Google Gemini & OpenAI.

---

🧩 What it does

Run git-auto in any project folder. The tool will:

Step	Action
❓	Ask whether to pull — press y / Enter for yes, n to skip
📥	Pull latest changes from remote (if confirmed)
🔒	Security scan — checks working directory for secrets before staging
🚫	Abort if secrets or sensitive files are detected — saves a report
📂	Stage all modified files (only if scan passes)
🧠	Generate a commit message with Gemini AI (falls back to OpenAI)
💾	Commit the changes
☁️	Push to GitHub / GitLab
🔗	Print the direct commit URL (e.g. github.com/.../commit/abc123)

All commands

Command	Description
git-auto	Run the full workflow
git-auto --config	Set Gemini or OpenAI API keys interactively
git-auto --custom-command	Set a custom command alias (e.g. gitsync)
git-auto --reset-command	Reset alias back to git-auto
git-auto --show-command	Show the currently active command name
git-auto --help	Show the help screen
git-auto --version	Show version number

---

📦 Installation

Requirements

• Node.js v18 or higher — Download
• npm v7 or higher (comes with Node.js)
• A Git repository with a configured remote

Install

npm install -g git-ai-pilot

Verify the install:

git-auto --version

On first run, the setup wizard will prompt for your Gemini and/or OpenAI API key.

---

🔄 Update

git-auto automatically checks npm on every run and shows a banner when a newer version is available:

  ╔══════════════════════════════════════════════════╗
  ║     🚀  Update available  v1.2.2 → v1.2.3       ║
  ║        Run: npm install -g git-ai-pilot          ║
  ╚══════════════════════════════════════════════════╝

Check your current version manually:

git-auto --version
# or
npm list -g git-ai-pilot

Update to the latest release:

npm update -g git-ai-pilot

To install a specific version:

npm install -g git-ai-pilot@1.2.3

Your API keys in ~/.git-ai-pilot/config.json are preserved across updates.

---

🗑️ Uninstall

npm uninstall -g git-ai-pilot

This removes the git-auto command. To also delete your stored API keys:

# macOS / Linux
rm -rf ~/.git-ai-pilot

# Windows (PowerShell)
Remove-Item -Recurse -Force "$env:USERPROFILE\.git-ai-pilot"

---

🚀 Quick Start

# 1. Install
npm install -g git-ai-pilot

# 2. Go to any project with uncommitted changes
cd your-project

# 3. Run
git-auto

On first run, the setup wizard will ask for your API key(s).

---

🔑 API Keys

Provider	Where to get it	Role
Google Gemini	aistudio.google.com/app/apikey	Primary
OpenAI	platform.openai.com/api-keys	Fallback

Keys are stored locally in ~/.git-ai-pilot/config.json — never in your project.

---

🔒 Security Scan

The scan runs before git add so secrets are caught before they ever enter git history.

Interactive pull prompt

Pull latest changes from remote? (y/n):

Press y or Enter to pull. Press n to skip.

Secret Detection

Detects secrets in two ways:

1. Sensitive files by name — flagged as CRITICAL the moment they appear in the diff:

File	Label
.env, .env.local, .env.production, .env.staging …	.env file / variant
id_rsa, id_ed25519, id_ecdsa, id_dsa	SSH private key
*.pem	PEM certificate/key
credentials.json/yml, secrets.json/yml	credentials / secrets file
serviceAccountKey.json	service account key
*.keystore, *.jks, *.p12, *.pfx	certificate keystore
.netrc, .pgpass, .npmrc	auth config file

2. Inline patterns — scanned on every added line:

Pattern	Severity
AWS Access / Secret Key	CRITICAL
Google API Key	CRITICAL
OpenAI API Key	CRITICAL
GitHub Token	CRITICAL
Stripe Secret Key	CRITICAL
Private Key header	CRITICAL
Database URL with credentials	CRITICAL
ENV secret variables (unquoted)	HIGH
Slack Token, JWT Token	HIGH
Connection string passwords	HIGH
Hardcoded secrets in code	MEDIUM

Example output

━━━ Security Scan Report ━━━
  ✖  2 secret(s) found:
     Critical : 1
     High     : 1

     [CRITICAL] Sensitive file committed (.env file)
       .env
     [HIGH] ENV Secret Variable
       src/config.ts:8
       → OPENAI_API_KEY=sk-abc123...

  Result: BLOCKED — secrets detected

❌ Aborted: secrets detected in working directory.
   Report saved to: .security-reports/security-report-1234567890.json
   Remove the secrets before running git-auto again.

Vulnerability Audit

Runs npm audit and reports severity counts alongside every scan:

━━━ Security Scan Report ━━━
  ✔  No secrets detected
  ⚠  3 npm vulnerabilities:
     High     : 1
     Moderate : 2
     • lodash [high] — fix available

Tip: Add .security-reports/ to your .gitignore.

---

📁 Project Structure

git-ai-pilot/
├── apps/
│   └── cli/               # The npm package (git-ai-pilot)
│       ├── src/
│       │   ├── index.ts          # Git workflow orchestration
│       │   ├── ai-service.ts     # Gemini → OpenAI fallback
│       │   ├── gemini.ts         # Gemini integration
│       │   ├── openai.ts         # OpenAI integration
│       │   ├── security.ts       # Secret scanner & vulnerability audit
│       │   ├── config.ts         # Global API key management
│       │   └── update-check.ts   # npm update notification
│       ├── bin/
│       │   └── cli.js         # CLI entry point
│       └── package.json
├── .github/
│   ├── CODEOWNERS
│   └── workflows/
├── package.json           # Monorepo root (Turborepo)
└── turbo.json

---

🛠️ Development

# Clone the repo
git clone https://github.com/mirzasaikatahmmed/git-ai-pilot.git
cd git-ai-pilot

# Install dependencies
npm install

# Build all packages
npm run build

# Watch mode (CLI)
cd apps/cli && npm run dev

---

📋 Changelog

v1.2.5 — Current

• Commit URL on push — after every successful push the CLI prints the direct commit link (e.g. https://github.com/user/repo/commit/abc123); works with both HTTPS and SSH remotes

v1.2.3

• Auto update notifications — on every run, the CLI silently checks npm for a newer version; if one exists a styled yellow banner is shown with the exact npm install -g git-ai-pilot command to upgrade (times out in 3 s, never blocks the workflow)

v1.2.0

• Windows fix — git-auto --custom-command no longer fails with Command failed: npm bin -g; switched to npm prefix -g (the supported replacement) with correct path resolution on both Windows and Unix
• Suppressed dotenv noise — no more [dotenv] injecting env (N) lines on startup across all commands

v1.1.9

• git-auto --config — interactive menu to set Gemini or OpenAI API keys at any time; shows live configured/not-set status for each key

v1.1.8

• Custom command alias — git-auto --custom-command lets you set any name (e.g. gitsync); running that name triggers the full workflow
• Reset alias — git-auto --reset-command removes the alias and restores git-auto as default
• Show active command — git-auto --show-command prints the currently active command
• Beautiful --help screen — styled help with full workflow, security scan details, and live API key status
• First-run API key prompt — git-auto asks for keys on first use if postinstall was skipped
• Fixed postinstall in non-interactive environments — npm install -g no longer hangs; setup runs on first git-auto call instead
• Emoji commit messages — improved AI prompt with a full emoji guide (✨ feat, 🐛 fix, 🔒 security …)

v1.1.7

• Multi-language dependency audit — auto-detects project type and runs the right audit tool
  • 🟢 Node.js (npm audit) · 🐍 Python (pip-audit) · 🐘 PHP (composer audit)
  • 🐹 Go (govulncheck) · 💎 Ruby (bundle-audit) · 🦀 Rust (cargo audit)
  • 💙 Flutter/Dart · ☕ Java · 💜 .NET (dotnet list) · 🍎 Swift
• Per-language results shown in the security report with install hints for missing tools

v1.1.6

• Full terminal UI redesign — header banner, [1/5] step counters, bordered security report (╭─╮), success banner
• Fixed false positives — .md, .txt, .rst files excluded from secret scanning

v1.1.2

• Interactive pull prompt — press y / Enter to pull, n to skip
• Security scan moved before git add — secrets never enter git history
• Sensitive file detection by filename (.env, SSH keys, PEM, keystores …)
• Unquoted ENV variable patterns (API_KEY=value without quotes)
• Database URL credential detection (postgres://user:pass@host)
• Severity levels: CRITICAL / HIGH / MEDIUM on every finding

v1.1.1

• Fixed bin script name in package.json
• --version now reads dynamically from package.json
• Suppressed dotenv verbose output

v1.1.0

• Added pre-push secret scanner — blocks push on detected secrets
• Added npm vulnerability audit with severity breakdown
• Added .security-reports/ JSON report generation
• AI fallback: Gemini → OpenAI when primary fails

v1.0.13

• Initial stable release with Gemini-powered commit messages

---

🤝 Contributing

Pull requests are welcome! For major changes, please open an issue first.

1. Fork the repository
2. Create your branch: git checkout -b feat/your-feature
3. Make changes and let git-auto commit them 😄
4. Push and open a PR

Please read CONTRIBUTING.md for full guidelines and CODE_OF_CONDUCT.md before participating. All contributors are listed in CONTRIBUTORS.md.

---

💛 Support

If Git AI Pilot saves you time, consider supporting the project:

---

Made with ❤️ by Mirza Saikat Ahmmed