Git AI Pilot ๐คโ๏ธ
Your Personal AI Assistant for Git!
Tired of writing commit messages? Let AI do it for you! git-ai-pilot automatically looks at your code changes and writes a professional, descriptive commit message using Google Gemini AI โ and guards every commit with a built-in security scan before anything is staged.
โจ Features
- Interactive Pull: Asks whether to pull before starting โ press
y/Enterfor yes,nto skip. - Early Secret Scan: Scans your working directory before
git addso secrets never enter git history. - Sensitive File Detection: Blocks
.env, SSH keys, PEM files, credential files, and more by filename. - Inline Secret Patterns: Detects AWS keys, Google/OpenAI/Stripe/GitHub/Slack tokens, JWTs, database URLs, and hardcoded passwords with severity levels.
- Vulnerability Audit: Runs
npm auditand reports dependency vulnerabilities (critical / high / moderate / low). - Security Reports: Saves a timestamped JSON report to
.security-reports/when issues are found. - Smart Commit Messages: Uses Gemini AI to understand what you changed and why.
- AI Fallback: Automatically switches to OpenAI if Gemini is unavailable.
- Commit URL: Prints the direct GitHub/GitLab commit link after every successful push.
- Global Access: Works in ANY project folder on your computer.
๐ How to Install
You only need to do this once!
Prerequisites
- Node.js v18 or higher. Download it here.
Installation Command
Open your terminal and run:
npm install -g git-ai-pilot
Verify:
git-auto --version
Note: The -g flag installs the tool globally so you can use it everywhere.
๐ Update
git-auto automatically checks npm on every run and shows a banner when a newer version is available:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ Update available v1.2.2 โ v1.2.3 โ
โ Run: npm install -g git-ai-pilot โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Update to the latest release:
npm update -g git-ai-pilot
To install a specific version:
npm install -g [email protected]
Your API keys in
~/.git-ai-pilot/config.jsonare preserved across updates.
๐๏ธ Uninstall
npm uninstall -g git-ai-pilot
To also remove stored API keys:
# macOS / Linux
rm -rf ~/.git-ai-pilot
# Windows (PowerShell)
Remove-Item -Recurse -Force "$env:USERPROFILE\.git-ai-pilot"
๐ API Key Setup
After installation the tool will prompt for your API keys on first run. You can also set or update them any time with:
git-auto --config
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ๏ธ Git AI Pilot โ Configuration โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Select an option:
[1] Gemini API Key (primary, free) โ configured
[2] OpenAI API Key (fallback) โ not set
Press 1 or 2 to select, or Ctrl+C to exit.
โบ Option:
Press 1 or 2 to choose which key to set. Press Enter on an existing key to keep it unchanged.
Get your keys
| Provider | Link | Role |
|---|---|---|
| Google Gemini | aistudio.google.com/app/apikey | Primary (free) |
| OpenAI | platform.openai.com/api-keys | Fallback (optional) |
Keys are stored in ~/.git-ai-pilot/config.json โ never inside your project.
๐ฎ How to Use
- Open your terminal in any project folder where you have made changes.
- Run:
git-auto
- All available commands:
| Command | Description |
|---|---|
git-auto |
Run the full workflow |
git-auto --config |
Set Gemini or OpenAI API keys |
git-auto --custom-command |
Set a custom command alias |
git-auto --reset-command |
Reset alias back to git-auto |
git-auto --show-command |
Show the active command name |
git-auto --help |
Show the help screen |
git-auto --version |
Show version number |
- The workflow:
Pull latest changes from remote? (y/n):
Press y or Enter to pull, n to skip. Then:
- ๐ Security scan runs on your working directory โ before anything is staged.
- ๐ซ Aborts if secrets or sensitive files are detected, saves a report.
- ๐ Stages all your changes (only if scan passes).
- ๐ง Generates an AI commit message.
- ๐พ Commits the changes.
- โ๏ธ Pushes to GitHub/GitLab.
- ๐ Prints the direct commit URL so you can open it instantly.
๐ Security Scan
The scan runs before git add โ so if a secret is found, nothing is staged or committed.
Sensitive files โ blocked by filename (CRITICAL)
| File | Reason |
|---|---|
.env, .env.local, .env.production โฆ |
Environment secrets |
id_rsa, id_ed25519, id_ecdsa |
SSH private keys |
*.pem |
TLS/SSL certificates |
credentials.json/yml, secrets.json/yml |
Cloud credentials |
serviceAccountKey.json |
GCP service account |
*.keystore, *.jks, *.p12, *.pfx |
Java/PKCS keystores |
.netrc, .pgpass, .npmrc |
Auth config files |
Inline patterns โ scanned on every added line
| Pattern | Severity |
|---|---|
| AWS Access / Secret Key | CRITICAL |
| Google API Key | CRITICAL |
| OpenAI API Key | CRITICAL |
| GitHub Token | CRITICAL |
| Stripe Secret Key | CRITICAL |
| Private Key header | CRITICAL |
| Database URL with credentials | CRITICAL |
ENV secret variables (unquoted KEY=value) |
HIGH |
| Slack Token, JWT Token | HIGH |
| Connection string passwords | HIGH |
| Hardcoded secrets in code | MEDIUM |
If secrets are found
โโโ Security Scan Report โโโ
โ 2 secret(s) found:
Critical : 1
High : 1
[CRITICAL] Sensitive file committed (.env file)
.env
[HIGH] ENV Secret Variable
src/config.ts:8
โ OPENAI_API_KEY=sk-abc123...
Result: BLOCKED โ secrets detected
โ Aborted: secrets detected in working directory.
Report saved to: .security-reports/security-report-1234567890.json
Remove the secrets before running git-auto again.
If vulnerabilities are found
The workflow continues but a report is saved:
โโโ Security Scan Report โโโ
โ No secrets detected
โ 3 npm vulnerabilities:
High : 1
Moderate : 2
โข lodash [high] โ fix available
Tip: Add
.security-reports/to your.gitignore.
โ FAQ
Q: Do I need to install this in every project?
A: No! Global install (-g) means it works everywhere.
Q: Where are my API keys stored?
A: Saved locally in ~/.git-ai-pilot/config.json โ never inside your project.
Q: Can I change my API keys later?
A: Yes โ edit ~/.git-ai-pilot/config.json directly or reinstall.
Q: What if both Gemini and OpenAI fail? A: You'll see a clear error message with details from both providers.
Q: What if I accidentally committed a secret before?
A: Use git filter-repo or BFG Repo Cleaner to purge it from history, then rotate the exposed key immediately.
Q: Can I skip the pull prompt?
A: Just press n when asked. The rest of the workflow continues normally.
๐ Changelog
v1.2.5 โ Current
- Commit URL on push โ after every successful push the CLI prints the direct commit link (e.g.
https://github.com/user/repo/commit/abc123); works with both HTTPS and SSH remotes
v1.2.3
- Auto update notifications โ on every run, the CLI silently checks npm for a newer version; if one exists a styled yellow banner is shown with the exact
npm install -g git-ai-pilotcommand to upgrade (times out in 3 s, never blocks the workflow)
v1.2.0
- Windows fix โ
git-auto --custom-commandno longer fails withCommand failed: npm bin -g; switched tonpm prefix -g(the supported replacement) with correct path resolution on Windows and Unix - Suppressed dotenv noise โ no more
[dotenv] injecting env (N)lines on startup across all commands
v1.1.9
git-auto --configโ interactive menu to set Gemini or OpenAI API keys at any time; shows live configured/not-set status for each key
v1.1.8
- Custom command alias โ
git-auto --custom-commandsets any alias (e.g.gitsync); alias triggers full workflow - Reset alias โ
git-auto --reset-commandremoves alias and restoresgit-auto - Show active command โ
git-auto --show-command - Beautiful
--helpscreen โ styled with workflow steps, security details, and live API key status - First-run setup prompt โ if postinstall was skipped,
git-autoasks for API keys on first run - Fixed postinstall hang โ
npm install -gno longer hangs in non-interactive environments - Emoji commit messages โ improved AI prompt with full emoji guide (
โจ feat,๐ fix,๐ securityโฆ)
v1.1.7
- Multi-language dependency audit โ auto-detects and audits:
- ๐ข Node.js ยท ๐ Python ยท ๐ PHP ยท ๐น Go ยท ๐ Ruby ยท ๐ฆ Rust ยท ๐ Flutter ยท โ Java ยท ๐ .NET ยท ๐ Swift
- Shows install hint when audit tool is missing
v1.1.6
- Full terminal UI redesign โ header banner,
[1/5]step counters, bordered security report, success banner - Fixed false positives โ
.md,.txt,.rstfiles excluded from secret scanning
v1.1.2
- Interactive pull prompt โ
y/Enter= yes,n= skip - Security scan moved before
git addโ secrets never enter git history - Sensitive file detection by filename (
.env, SSH keys, PEM, keystores โฆ) - Unquoted ENV variable patterns (
API_KEY=value) - Database URL credential detection
- Severity levels:
CRITICAL/HIGH/MEDIUM
v1.1.1
- Fixed bin script name in package.json
--versionreads dynamically from package.json- Suppressed dotenv verbose output
v1.1.0
- Added secret scanner and npm vulnerability audit
- Added
.security-reports/JSON report generation - AI fallback: Gemini โ OpenAI
v1.0.13
- Initial stable release
๐ค Contributing
Contributions are welcome! See CONTRIBUTING.md for guidelines and CODE_OF_CONDUCT.md before participating. All contributors are listed in CONTRIBUTORS.md.
๐ Support
If Git AI Pilot saves you time, consider supporting the project:
Made with โค๏ธ by Mirza Saikat Ahmmed