GitPost

Auto-tweet summaries of your GitHub commits and pull requests using AI.

Features

• 🔐 Per-user OAuth: Each user tweets from their own X (Twitter) account via Privy
• 🤖 AI Summaries: LLM-generated, tweet-sized summaries of code changes
• 🔒 Secret Detection: Automatically scans for secrets/PII before posting
• 💰 Solana Ready: Embedded Solana wallets for future token launches
• ⚙️ Flexible Rules: Configure auto-tweet per repo and branch

Setup Instructions

1. Clone and Install

git clone <your-repo>
cd gitpost
npm install

2. External Setup (DO THESE FIRST)

A. Privy Setup (Detailed)

Step 1: Create Privy Account & App

1. Go to https://dashboard.privy.io
2. Sign up or log in
3. Click "Create new app"
4. Enter app name (e.g., "GitPost")
5. Select app type: Web App

Step 2: Configure Login Methods

1. In dashboard, go to "Login methods" (left sidebar)
2. Enable these providers:
   • ✅ Email (toggle ON)
   • ✅ Twitter (toggle ON)
   • ✅ Wallets → Click to expand → Enable Solana

Step 3: Enable "Return OAuth tokens" for Twitter

1. Still in "Login methods", click on Twitter card
2. Scroll down to find "Return OAuth tokens" toggle
3. Turn it ON (this is critical—lets your backend access user's X tokens)
4. Click "Save changes" at bottom

Step 4: Configure Embedded Wallets

1. Go to "Embedded wallets" in left sidebar
2. Under "Wallet creation":
   • Set "Create on login" → "Users without wallets"
3. Under "Supported chains":
   • Ensure Solana is checked ✅
4. Click "Save"

Step 5: Copy Your Credentials

1. Go to "Settings" → "Basics" in left sidebar
2. Find App ID:
   • Copy the value (starts with clp...)
   • This is your NEXT_PUBLIC_PRIVY_APP_ID
3. Find App Secret:
   • Click "Show" button to reveal
   • Copy the value
   • This is your PRIVY_APP_SECRET
4. Paste both into your .env.local file

---

B. X (Twitter) Developer Setup (Detailed)

Step 1: Create X Developer Account

1. Go to https://developer.x.com
2. Sign in with your X (Twitter) account
3. If first time, click "Sign up for Free Account"
4. Fill out application:
   • Use case: "Building a developer tool"
   • Description: "Auto-tweeting GitHub code changes"
5. Verify email if prompted

Step 2: Create a Project

1. In Developer Portal dashboard, click "+ Create Project" (or "Projects & Apps" → "Overview" → "+ Create Project")
2. Fill out:
   • Project name: GitPost
   • Use case: Select "Making a bot" or "Exploring the API"
   • Description: "Auto-tweet GitHub commits with AI summaries"
3. Click "Next" → "Next" → "Complete"

Step 3: Create an App

1. After creating project, click "+ Add App" (or it auto-prompts you)
2. Select "Production" environment
3. App name: gitpost-app (must be globally unique on X)
4. Click "Complete"
5. You'll see API Key and API Secret → Save these (you'll need them in Step 7)

Step 4: Enable OAuth 2.0 User Authentication

1. In your app dashboard, click "Settings" tab (top)
2. Scroll down to "User authentication settings" section
3. Click "Set up" button

Step 5: Configure OAuth 2.0 Settings

1. App permissions: Select "Read and write" (required for posting tweets)
2. Type of App: Select "Web App, Automated App or Bot"
3. App info:
   • Callback URI / Redirect URL: http://localhost:3000 (for dev)
     • Later for production, add: https://yourdomain.com
   • Website URL: http://localhost:3000
4. Click "Save"

Step 6: Get OAuth 2.0 Client Credentials

1. After saving, you'll see a modal with:
   • Client ID → Copy this
   • Client Secret → Click "Yes, I saved it" only after copying
2. Save to .env.local:

   X_CLIENT_ID=<paste_client_id_here>
   X_CLIENT_SECRET=<paste_client_secret_here>
   

Step 7: Add X API Credentials to Privy

1. Go back to https://dashboard.privy.io
2. Navigate to "Login methods" → Click "Twitter"
3. Scroll to "OAuth credentials" section
4. Enter:
   • API Key: (from Step 3—your X app's API Key)
   • API Secret: (from Step 3—your X app's API Secret)
   • If you lost them: Go to X Developer Portal → Your App → "Keys and tokens" → Regenerate
5. Click "Save changes"

Step 8: Upgrade to Basic Tier (Optional)

• Free tier: 500 tweet writes/month (~16/day)
• Basic tier: $100/mo, 50k writes/month
• To upgrade:
  1. X Developer Portal → Click your project
  2. Click "Upgrade" or go to "Products" tab
  3. Select "Basic" plan and add payment

---

✅ What You Should Have Now:

# In your .env.local:
NEXT_PUBLIC_PRIVY_APP_ID=clp1a2b3c4d5e6f7g8h9...
PRIVY_APP_SECRET=privy_secret_xyz789...
X_CLIENT_ID=a1B2c3D4e5F6g7H8i9...
X_CLIENT_SECRET=z9Y8x7W6v5U4t3S2r1...

C. GitHub App Setup

1. Go to https://github.com/settings/apps (or your org settings)
2. Create new GitHub App:
   • Webhook URL: https://yourdomain.com/api/webhooks/github (use ngrok for local: ngrok http 3000)
   • Webhook secret: Generate random string
   • Permissions:
     • Repository contents: Read
     • Pull requests: Read
     • Metadata: Read
   • Subscribe to events: push, pull_request
3. Copy credentials:

   GITHUB_APP_ID=<your_app_id>
   GITHUB_WEBHOOK_SECRET=<your_webhook_secret>
   

4. Generate private key:
   • Download the .pem file
   • Save as github-app-private-key.pem in project root

D. OpenAI Setup

1. Go to https://platform.openai.com
2. Create API key
3. Copy:

   OPENAI_API_KEY=<your_api_key>
   

E. Database Setup

1. Create Postgres database (Vercel Postgres, Supabase, or local)
2. Copy connection string:

   POSTGRES_URL=<your_postgres_url>
   

3. Run schema:

   psql $POSTGRES_URL -f lib/db/schema.sql

F. Generate Encryption Key

openssl rand -base64 32

Copy output:

ENCRYPTION_KEY=<your_generated_key>

3. Configure Environment Variables

Create .env.local:

cp .env.example .env.local

Fill in all values from steps above.

4. Run Development Server

npm run dev

Open http://localhost:3000

5. Deploy to Production

1. Deploy to Vercel/Railway/similar
2. Update callback URLs in Privy and X Developer settings:
   • https://yourdomain.com/api/auth/callback
3. Update GitHub App webhook URL:
   • https://yourdomain.com/api/webhooks/github
4. Set all environment variables in production

Usage

For End Users:

1. Sign in with email/wallet/Twitter via Privy
2. Connect X account to enable tweeting
3. Install GitHub App on your repositories
4. Configure repos:
   • Enable/disable auto-tweet
   • Set which branches trigger tweets (e.g., main, prod)

How It Works:

1. User pushes to a configured repo/branch
2. GitHub webhook fires → your server receives event
3. Server fetches diff, runs secret scanner
4. LLM generates tweet-sized summary
5. Posts to X using user's OAuth tokens
6. Saves record to database

Architecture

app/
├── api/
│   ├── auth/store-tokens/      # Store user's X OAuth tokens
│   ├── repos/connect/          # Connect GitHub repos to users
│   ├── repos/settings/         # Update repo tweet settings
│   └── webhooks/github/        # Handle GitHub events
lib/
├── db/                         # Database schema & queries
├── services/
│   ├── summarizer.ts          # LLM + secret detection
│   └── twitter.ts             # X API posting
└── utils/
    ├── encryption.ts          # Token encryption (AES-256-GCM)
    ├── github.ts              # GitHub API helpers
    └── privy-server.ts        # Privy auth verification

Security

• X OAuth tokens encrypted at rest (AES-256-GCM)
• Secret patterns detected before posting:
  • API keys, tokens, passwords
  • Private keys, JWTs
  • Database connection strings
• Sensitive files (.env, credentials.json) blocked

Future Enhancements

• 🪙 Token launches: Create Solana tokens from PRs
• 🎨 Custom prompts: Let users customize summary style
• 📊 Analytics: Track tweet engagement
• 🔔 Manual approval queue: Review tweets before posting

API Rate Limits

• X Free Tier: ~500 writes/month (~16/day)
• X Basic: ~50k writes/month
• Consider adding rate limiting/rules:
  • Only tweet on main branch
  • Require [tweet] in commit message
  • Manual approve queue

Troubleshooting

"Invalid signature" error on webhook

• Verify GITHUB_WEBHOOK_SECRET matches GitHub App settings
• Check webhook payload is being verified correctly

"Failed to post tweet" error

• Verify X OAuth tokens are stored (check "Connect X" button)
• Check X API rate limits
• Ensure X app has Read + Write permissions

Secrets detected warning

• Check diff for exposed API keys/tokens
• Add files to .gitignore before committing

License

MIT