Your intelligent, local-first Git mission control.

RepoTracker automatically discovers, monitors, and manages every Git repository on your machine — from a single, stunning localhost dashboard. No cloud. No subscription. No tracking. Your code stays on your computer.

---

✨ Features

🗂️ Repository Management

Feature	Description
📡 Auto Discovery	Points at root folders and recursively maps every Git repo instantly
❤️ Health Scoring	Repos scored 0–100 on dirty files, unpushed commits, staleness, and CI status
🌿 Branch Manager	Create, checkout, merge, and delete branches from the UI — no terminal needed
🔎 Global Search	Fast git grep across all repos at once. Find every TODO in seconds
📈 Contribution Graph	GitHub-style 90-day local commit activity grid across all your projects
🔔 Smart Alerts	Desktop notifications when repos fall 5+ commits behind, have 20+ dirty files, or go stale
🌐 GitHub Browser	Browse all your GitHub repos (public + private) in the Ecosystem tab and clone with one click

🤖 AI Features

Feature	Description
🪄 AI Git Sync	Generate perfect commit messages via Gemini AI and push with one click
🔍 AI Code Review	Analyze uncommitted diffs for bugs, security issues, and quality problems before committing
📋 Weekly Standup	AI-generated standup report from your last 7 days of commits

☁️ Sync & Config

Feature	Description
☁️ Gist Config Sync	Sync your roots, settings, and tags to a private GitHub Gist. Restore on any machine in seconds
📊 WakaTime	See exactly how much time you spent coding per repo over the last 7 days

🛠️ Tooling

Feature	Description
💻 Shelby Terminal	Fully interactive embedded terminal powered by xterm.js and node-pty
⏱ Pomodoro Timer	Deep-work focus timer with desktop notifications — 4-session cycle with long breaks
⚡ Task Runner	Auto-parses package.json, Makefile, Taskfile.yml, Dockerfile for 1-click Quick Actions
📋 Activity Log	Local-first log of AI syncs, reviews, branch ops, and terminal sessions with relative timestamps
🔄 Auto-Updater	Polls GitHub Releases for new versions and updates in one click

👥 Team Mode

Feature	Description
🌐 LAN Dashboard	Run npm run team to broadcast your dashboard to teammates over your local network
🔑 Invite Tokens	Generate and revoke teammate invite tokens from the Team tab
📢 Team Standup	AI-generated standup report visible to all team members

---

🚀 Quick Start

git clone https://github.com/Vinit080/repotracker.git
cd repotracker
npm install
npm run start:electron  # To run the full desktop app
# OR
npm start               # To run the headless web server only

Open http://localhost:4177 in your browser if running headless. The setup wizard handles everything else.

Prerequisites

Requirement	Details
Node.js v20+	Required
Git in your PATH	Required
GitHub PAT	Optional — for GitHub browser, Gist sync, CI status
Gemini API Key	Optional — for all AI features (free tier is sufficient)
WakaTime API Key	Optional — for per-repo coding time

Platform Compatibility

Platform	Status	Notes
Windows 10/11	✅ Full support	PowerShell for terminal & notifications
macOS 12+	✅ Full support	Respects your default shell (zsh, bash, fish). Uses osascript for notifications & folder picker
Linux (Desktop)	✅ Full support	Requires zenity for the folder browser dialog (sudo apt install zenity). Uses notify-send for notifications
Linux (Headless)	⚠️ Partial	No folder picker or desktop notifications, but all core repo features, AI, terminal, and API work fine

macOS note: Shelby Terminal automatically uses your configured shell ($SHELL) — zsh, fish, or bash — whatever you normally use.

GitHub Token Permissions

Classic PAT — enable: repo, gist, read:user

Fine-grained PAT — enable: Contents (read), Metadata (read), Gists (read/write)

---

🔑 Licensing

RepoTracker is 100% free and open-source. All features, including AI Code Review, Team Mode, and Gist Sync, are unlocked and available to use up to your potential.

---

⚙️ Configuration

Copy .env.example to .env:

cp .env.example .env

Variable	Purpose	Required
PORT	Server port (default: 4177)	Optional
REPOTRACKER_TEAM	Set to 1 to enable LAN Team Mode	Optional
PING_URL	Anonymous install counter endpoint	Optional

---

🛠️ Development

npm run dev      # nodemon watch mode — auto-restarts on file changes
npm start        # headless production server
npm run start:electron # desktop app production mode
npm run team     # Team Mode (LAN broadcast on 0.0.0.0)

Project Structure

repotracker/
├── src/
│   ├── server.js          # HTTP server, .env loader, static file serving, sessions
│   ├── routes/api.js      # All 37 API route handlers
│   ├── git.js             # Git command execution & repo scanning
│   ├── security.js        # PBKDF2 hashing, session tokens, rate limiting, CSP
│   ├── activity.js        # Local-first activity log (no cloud)
│   ├── export.js          # Self-contained HTML dashboard export
│   ├── notify.js          # Desktop notification dispatch (Win/Mac/Linux)
│   ├── constants.js       # DEFAULT_CONFIG, SKIP_DIRS, MIME_TYPES
│   └── utils.js           # Config normalization, sanitization, JSON helpers
├── public/
│   ├── index.html         # Single-page app shell
│   ├── js/app.js          # Frontend logic (~2,280 lines)
│   └── css/               # Design system & theme tokens
├── cloudflare-worker/
│   ├── ping-counter.js    # Anonymous opt-in install counter (Cloudflare Worker)
│   └── DEPLOY.md          # 5-minute deploy guide
├── data/                  # Runtime data (gitignored)
│   ├── config.json        # User config — roots, API keys
│   └── meta.json          # Repo metadata cache & notification cooldown state
├── .env                   # Server secrets (gitignored)
├── .env.example           # Template — safe to commit
└── docker-compose.yml     # Docker deployment

---

🐳 Docker

docker compose up -d

Access at http://localhost:4177. All data is persisted in the ./data volume.

Team Mode via Docker:

REPOTRACKER_TEAM=1 docker compose up -d

---

🔒 Security

See SECURITY.md for the full threat model and vulnerability reporting process.

Key protections:

• PBKDF2-SHA512 password hashing (100,000 iterations, random salt per user)
• Cryptographically random 256-bit session tokens, persisted across restarts
• Host + Origin header validation — blocks DNS rebinding and CSRF attacks
• Content-Security-Policy headers on every response
• All shell inputs validated with allowlist regex — no raw string interpolation, ever
• API keys stored server-side only — only masked sentinels (••• (saved)) sent to browser
• Path traversal guards on all file read/write operations

---

🗺️ Roadmap

Version	Status	Focus
v0.1.0	✅ Released	Core dashboard, health scoring, AI sync, Shelby terminal, WakaTime
v0.2.0	✅ Released	AI Code Review, Branch Manager, Gist Sync, Pomodoro, Ecosystem tab, GitHub browser, Smart notifications, full security audit
v0.3.0	🔜 Planned	Custom workflow pipelines — chain Setup → Test → Build → Commit into 1-click automations. Compiled binary distribution (.exe, .dmg)
v0.4.0	🔜 Planned	Global Dependency Graph — force-directed visual map of cross-repo dependencies and shared packages
v1.0.0	✅ Released	The stable API v1 release. Formal API versioning (/api/v1/), gracefully handling AI load, maximum security audit pass, completely free pricing.
v1.0.6	✅ Released	Full native cross-platform binaries (Windows .exe, macOS .dmg, Linux .AppImage) via electron-builder and GitHub Actions pipeline.
v1.0.9	✅ Released	Security hardenings, token parsing priority fixes, frontend DOMPurify integration, and env var scrubbing.

⭐ Star us on GitHub · 💬 Discussions · 🐛 Issues

---

🤝 Contributing

Contributions, bug reports, and feature requests are welcome.

1. Fork the repo
2. Create your branch: git checkout -b feat/your-feature
3. Commit your changes: git commit -m 'feat: add your feature'
4. Push: git push origin feat/your-feature
5. Open a Pull Request

---

📄 License

MIT License. Free and open source. Use it up to your potential!

© 2026 Vinzone — Built with ❤️ for developers who care about their Git hygiene.