You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Implements multiple security, persistence and data-governance improvements: adds custom CSRF utilities and React CsrfProvider (sets CSRF cookie during GitHub auth and validates on forms), integrates reCAPTCHA v3 on the Support form with server-side verification and score checks, and instruments audit logging with a new web/lib/audit.ts and accompanying DB migration. Persists user configuration to Supabase via a new user_configs table and updates /api/config to GET/POST real data with tier checks and audit logging. Adds GDPR endpoints for data export and account deletion (rate-limited), a Supabase data-retention migration and a scheduled cleanup Edge Function. Also updates layout and support UI, and adds reCAPTCHA dependencies to package.json.
**GitPulse** is the governance layer for the AI-assisted developer era. It provides automated guardrails (Quality Gates) and context-aware intelligence (Convention Learning) to ensure that code generated by tools like Cursor, Windsurf, or Copilot adheres to team standards, security protocols, and architectural patterns.
11
+
12
+
GitPulse bridges the gap between the velocity of AI and the rigor of production engineering. It operates as a local-first CLI, an MCP server, and a cloud-synced analytics platform.
13
+
14
+
---
15
+
16
+
## 2. Technical Deep Dive: The Governance Engine
17
+
18
+
The core of GitPulse is its **Quality Gates Engine**, which performs incremental, AST-aware (via Babel) and pattern-based scanning of staged changes.
19
+
20
+
### A. Security Guardrails (`SecurityScanGate`)
21
+
The engine uses high-signal regex patterns and AST analysis to block commits containing:
22
+
-**Hardcoded Secrets:** Scans for `password`, `api_key`, `secret`, `token`, and `aws_access_key` with proximity-based value detection.
23
+
-**SQL Injection:** Detects template literals in raw queries (e.g., `query(\`...\${...}\`)`) and string concatenation with request parameters.
24
+
-**XSS Vulnerabilities:** Flags `innerHTML` assignments and React's `dangerouslySetInnerHTML`.
25
+
-**Path Traversal:** Identifies `fs` operations using unvalidated `req.*` input.
-**God Class Detection:** Monitors classes with more than **20 methods**.
30
+
-**Cruft Removal:** Blocks commits containing `console.log`, `debugger`, or unresolved `TODO`/`FIXME` markers in production-bound code.
31
+
32
+
### C. Parity & Compliance
33
+
-**Test Coverage Gate:** Heuristically checks for corresponding `.test.ts`, `.spec.ts`, or `test_*.py` files for every new or modified logic file.
34
+
-**Documentation Gate:** Ensures every **exported** function or class is preceded by a valid JSDoc (`/** ... */`) block.
35
+
36
+
---
37
+
38
+
## 3. Technical Deep Dive: Context-Aware Intelligence
39
+
40
+
### Convention Learning Heuristic
41
+
Instead of hardcoded rules, GitPulse analyzes the repository's `.git` history to detect:
42
+
-**Naming Conventions:** automatically identifying if the team prefers `camelCase`, `PascalCase`, or `snake_case` for different file types.
43
+
-**Commit Patterns:** Learning if the project follows `Conventional Commits` or a custom `Semantic` style.
44
+
-**Architectural Boundaries:** Identifying file co-change patterns to suggest architectural violations (e.g., "This UI component shouldn't be importing from the DB layer").
45
+
46
+
---
47
+
48
+
## 4. Systems Architecture
49
+
50
+
### Local-to-Cloud Sync (Claude Code Pattern)
51
+
GitPulse implements a hybrid architecture that balances privacy with team visibility:
52
+
1.**Local Core:** All git operations and quality scans happen on the developer's machine. Telemetry is stored locally in `.gitpulse/telemetry.jsonl`.
53
+
2.**Secure Sync:** If an API key is present, the CLI non-blockingly syncs metadata to **Supabase** via a secure `cloud-sync` module. This ensures zero latency during the commit flow.
54
+
3.**Web Dashboard:** A Next.js 16 app provides a team-wide view of these metrics, secured via **JWT-encrypted sessions** and HTTP-only cookies.
0 commit comments