Command every repository as one fleet.
- Overview
- Providers
- Features
- Installation
- Quick Start
- Authentication
- Configuration
- Profiles
- Commands
- Common Workflows
- Output Formats
- Safety
- Development
- Testing
- Architecture
- Repository Structure
- Security
- Support
- Contributing
- Sponsorship
- License
Gitfleet manages repositories from creation and cloning through collaboration, delivery, security, analytics, and governance. It keeps portable concepts such as changes, pipelines, planning, and development environments consistent while retaining provider-specific capabilities when they exist.
It is a provider-neutral fleet-management CLI, not a replacement name for a
single provider's CLI. Where gh is focused on GitHub and glab is focused on
GitLab, Gitfleet gives teams that use both providers one vocabulary, one command
surface, and named profiles for working across their repositories. It preserves
real provider differences: a command only runs when the selected provider
supports the required capability.
Human-readable output is the default, and every automation workflow can opt
into structured output with --json.
The gitfleet and gf binaries are equivalent and expose the same command
surface.
Gitfleet currently includes these providers:
| Provider | Default host | Use with Gitfleet |
|---|---|---|
| GitHub | github.com |
GitHub repositories and GitHub Enterprise hosts configured with --host |
| GitLab | gitlab.com |
GitLab repositories through the same provider-neutral command families |
GitHub supports viewing and mutating individual wiki pages. GitHub does not
provide a supported API for enumerating wiki pages, so wiki list reports the
capability as unavailable instead of returning an incomplete page list.
GitLab supports protected-tag operations through policy tag. GitHub reports
that capability as unavailable; use GitHub repository rulesets through
govern ruleset when tag policies are needed there.
Configure a profile per provider or account, then switch profiles or let
gitfleet auth detect select the profile from the current repository remote.
This makes mixed GitHub and GitLab fleets manageable without changing tools or
learning provider-specific root command families.
- Repository lifecycle through
repo: create, list, view, clone, delete, archive, unarchive, rename, edit, star, unstar, and fork repositories. - Bounded multi-repository execution through
workspace, including named workspace definition, listing, removal, and archive operations. - Collaboration through
change,review,issue,discussion, andinbox, with nested comment and reaction operations on changes. - Repository metadata and documentation through
label,template, andwikicommands. - Delivery and infrastructure through
pipeline,release,deploy,environment,registry,runner,dev,site, andwebhookcommands. - Planning, governance, access, and automation configuration through
planning,govern,policy,access,identity,secret, andvariablecommands. - Discovery and security through
search,code,browse,license,deps,advisory,attestation,security, andanalyticscommands. - Provider escape hatches and local tooling through
api,snippet,auth,config,alias,completion,version, JSON output, and terminal themes.
Gitfleet is a Rust CLI. Install the CLI package from this checkout with Cargo:
cargo install --path gitfleet-cli
gitfleet version
gf versionThis builds optimized release binaries and installs gitfleet and gf into
Cargo's binary directory.
Cargo installs binaries into ~/.cargo/bin; make sure that directory is on
your PATH if the commands are not found.
After pulling new source changes, reinstall the local package to refresh the commands:
cargo install --path gitfleet-cli --forceAuthenticate, inspect the active account, and run a read operation:
gitfleet auth login
gitfleet auth status
gitfleet repo list
gitfleet issue list --repo owner/repositoryUse gitfleet help for the complete command surface or ask for nested help:
gitfleet help
gitfleet help change
gitfleet help pipeline list-runsAuthenticate with a provider token and inspect the resulting profile:
gitfleet auth login
gitfleet auth status
gitfleet auth tokenGitHub Enterprise is supported through an explicit host:
gitfleet auth login \
--host github.example.com \
--profile workFor GitLab, select the provider explicitly. This is required for a
self-managed GitLab host whose name does not include gitlab:
gitfleet auth login \
--provider gitlab \
--host git.example.com \
--profile work-gitlabFor headless systems and CI, set GITFLEET_GITHUB_TOKEN or
GITFLEET_GITLAB_TOKEN; this avoids requiring a desktop keyring. Destructive
operations in JSON or non-interactive mode require --yes.
Choose the narrowest scopes required by the commands you use. For a classic personal access token, the relevant scopes are:
| Scope | Required for |
|---|---|
repo |
Private repositories, changes, issues, code, and CI |
public_repo |
Public-repository access without the full repo scope |
workflow |
Adding or updating workflow files |
notifications |
Inbox notification operations |
read:discussion, write:discussion |
Reading or modifying GitHub discussions |
read:user |
Account and activity information |
read:org |
Organization, team, and runner reads |
admin:org |
Organization membership and team mutations |
read:project, project |
Reading or modifying GitHub planning projects |
gist |
Hosted snippet operations |
read:packages, write:packages |
Reading or publishing package registry content |
delete:packages |
Deleting package versions |
admin:repo_hook, admin:org_hook |
Repository and organization webhook management |
security_events |
Code scanning and security event operations |
read:audit_log |
Organization audit log access |
codespace |
Hosted development environment operations |
admin:public_key, admin:gpg_key |
SSH and GPG key management |
delete_repo |
Destructive repository retirement workflows |
Fine-grained tokens use repository and organization permissions instead of classic scopes. Grant each selected repository the permissions required by the commands you intend to run; some user-scoped endpoints may still require a classic token. See GitHub's official documentation for classic scopes and fine-grained permissions.
For the complete Gitfleet command surface, use a personal access token with the
api scope and an account role that permits the requested operations. Narrower
tokens can be used when only a subset of commands is needed:
| Scope | Required for |
|---|---|
api |
Complete read-write Gitfleet API access, including live playbooks |
read_api |
Read-only project, group, package, registry, and metadata operations |
read_user |
Authenticated user and user-directory reads only |
read_repository |
Private repository file reads and Git-over-HTTPS pulls |
write_repository |
Git-over-HTTPS pushes; this scope alone cannot authenticate API writes |
create_runner |
Runner creation when using runner-registration endpoints |
manage_runner |
Runner management and removal |
Do not grant sudo or admin_mode for normal Gitfleet use. Project and group
access tokens can reduce resource reach, but they cannot perform user-scoped
operations outside their project or group. See GitLab's official
access token scope reference
and
personal access token guidance.
Profile metadata is stored at ~/.config/gitfleet/credentials.toml with mode
0600; provider tokens are stored in the operating system credential store.
The keyring is the secure default. If no native credential store is available,
Gitfleet reports an error rather than writing a plaintext token. Users who
explicitly accept that risk can opt in to Git-style plaintext storage:
export GITFLEET_CREDENTIAL_STORE=file
gitfleet auth loginThis stores tokens in ~/.config/gitfleet/credentials.toml. The file is
permission-protected but is not encrypted; use this only on a trusted machine.
Repository-local profile selection is disabled by default; explicitly trust it
with GITFLEET_TRUST_REPO_CONFIG=true.
When set, GITFLEET_PROFILE selects the named profile; an unknown name is an
error. Otherwise, resolution checks a trusted repository-local profile when
GITFLEET_TRUST_REPO_CONFIG=true, then the active profile, then the first
configured profile in sorted order, and finally the default profile.
Within the selected profile, a stored profile token takes precedence over the
provider environment token. Environment tokens are used for the default
provider host when the profile has no stored token. Repository targets come
from --repo or the current Git remote.
Copy .env.example when preparing shell or CI variables.
Gitfleet does not automatically load dotenv files; export the values through
your shell, process manager, or CI secret store. Never commit a populated
.env file.
| Key | Example value | Purpose |
|---|---|---|
GITFLEET_GITHUB_TOKEN |
github_pat_... |
Supplies a GitHub token for automation. |
GITFLEET_GITLAB_TOKEN |
glpat-... |
Supplies a GitLab token for automation. |
GITFLEET_PROFILE |
work |
Selects a named profile. |
GITFLEET_TRUST_REPO_CONFIG |
true |
Allows .gitfleetrc to select a profile. Any other value keeps repository configuration untrusted. |
GITFLEET_CREDENTIAL_STORE |
file |
Uses permission-protected plaintext credential storage. Unset or any other value uses the secure keyring default. |
GITFLEET_HOME |
/home/example |
Overrides the home directory used to locate .config/gitfleet/; otherwise the operating-system home is used. |
GITFLEET_CI |
true |
Enables non-interactive behavior when present. |
GITFLEET_LOG |
gitfleet=debug |
Overrides the default tracing filter using tracing-subscriber directives. |
GITFLEET_NO_COLOR |
1 |
Disables colored output when present. |
GITFLEET_TERM |
xterm-256color |
Contributes to automatic terminal theme detection. |
GITFLEET_COLORTERM |
truecolor |
Enables true-color-aware automatic theme detection. |
GITFLEET_COLORFGBG |
15;0 |
Supplies terminal foreground/background hints for automatic theme selection. |
GITFLEET_PLAYBOOK_REPO |
owner/gitfleet-test-repository |
Selects the disposable repository required by live playbooks. |
GITFLEET_PLAYBOOK_ORG |
owner |
Selects the live-playbook organization or group; defaults to the owner from GITFLEET_PLAYBOOK_REPO. |
GITFLEET_PLAYBOOK_TEST_REPO_OWNER |
owner |
Selects the account that owns disposable repositories; defaults to GITFLEET_PLAYBOOK_ORG. |
GITFLEET_PLAYBOOK_TEST_REPO_OWNER_TYPE |
org |
Sets disposable repository ownership to org or user; defaults to org. |
GITFLEET_PLAYBOOK_TMPDIR |
/tmp/gitfleet-playbooks |
Selects the live-playbook scratch directory. |
GITFLEET_PLAYBOOK_RUN_ID |
local-001 |
Overrides the unique suffix used for live-playbook resources. |
GITFLEET_PLAYBOOK_SKIP |
pipeline,milestone |
Comma- or space-separated playbooks omitted by all.sh. |
GITFLEET_PLAYBOOK_PARALLEL |
1 |
Runs live playbooks concurrently; 0 is the safer sequential default. |
GITFLEET_PLAYBOOK_WEBHOOK_URL |
https://hooks.example.com/gitfleet |
Enables delivery testing through an owner-controlled webhook receiver. |
GITFLEET_TEST_CREDENTIAL_STORE is reserved for automated tests and is not a
supported user configuration variable. Variables such as
GITFLEET_PLAYBOOK_RESOURCE_SUFFIX, GITFLEET_PLAYBOOK_PROVIDER, and
GITFLEET_PLAYBOOK_CAPABILITIES are derived internally and should not be set
directly.
Named profiles support separate provider accounts and hosts:
gitfleet auth login --profile personal
gitfleet auth login --profile work
gitfleet auth list
gitfleet auth switch work
gitfleet auth detect
gitfleet auth logout --profile personalThe active profile supplies the provider, host, and token for subsequent
operations. auth detect selects a profile from the current repository.
auth logout --profile NAME removes only that profile; omitting --profile
removes all stored credentials after confirmation.
Use gitfleet help for the complete surface or target nested help directly:
gitfleet help
gitfleet help change
gitfleet help pipeline list-runs| Family | Purpose |
|---|---|
auth |
Provider accounts and profiles |
repo |
Repository lifecycle, forks, synchronization, and metadata |
change |
Pull request creation, listing, and inspection |
review |
Comments and reactions on changes |
issue, discussion, inbox |
Collaboration and notification workflows |
pipeline |
Workflow definitions, runs, triggers, cancellations, and reruns |
release, deploy, environment |
Delivery lifecycle |
workspace |
Named fleets and bounded multi-repository execution |
govern, policy |
Fleet governance and repository protection |
planning |
Milestones and projects |
wiki, site |
Repository documentation and publishing |
search, code, browse, api |
Discovery, navigation, and provider escape hatches |
label, template, license |
Repository metadata |
deps, advisory, attestation, security |
Dependency, advisory, attestation, and alert operations |
registry, dev, runner, webhook |
Build and delivery infrastructure |
secret, variable |
Automation configuration |
access, identity |
Organization access and account keys |
analytics, snippet |
Traffic reporting and hosted snippets |
alias, completion, config, help |
Gitfleet utilities |
version |
Version information |
pipeline list-def,pipeline view-def,pipeline list-runs, andpipeline view-runinspect workflow definitions and runs;trigger,cancel, andrerunapply run operations.security advisories,security secret-scans, andsecurity codeqlexpose provider security alerts.analytics viewsandanalytics clonesprovide repository traffic reports.access organdaccess teammanage organization and team access.identity ssh-keyandidentity gpg-keymanage provider account keys.planning milestone,planning project,policy branch-protection,policy tag-protection, andrepo forkexpose their respective operations.
gitfleet change create "Add feature" --head feature --base main
gitfleet change list --state open
gitfleet review comment list 42
gitfleet review comment create 42 "Please add a regression test."
gitfleet review comment create 17 "I can reproduce this." --target issue
gitfleet review reaction create 42 eyesgitfleet pipeline list-def
gitfleet pipeline list-runs
gitfleet pipeline view-run <run-id>
gitfleet pipeline trigger <workflow-id> --ref main
gitfleet release list
gitfleet deploy listgitfleet security advisories --repo owner/repository
gitfleet security secret-scans --repo owner/repository
gitfleet security codeql --repo owner/repository
gitfleet policy branch-protection get main --repo owner/repository
gitfleet govern list-rulesets --repo owner/repositorygitfleet workspace define \
--name platform \
--repos owner/api \
--repos owner/web
gitfleet workspace list
gitfleet workspace archive platform --dry-runWorkspace targets may be provider-qualified:
github@github.com:owner/repository
github@github.example.com:platform/repository
gitlab@gitlab.com:group/project
Human-readable output is the default:
gitfleet issue listUse structured output explicitly:
gitfleet issue list --jsonGlobal options include:
--jsonfor machine-readable results.--debugfor a redacted diagnostic log.--theme dark|light|autofor terminal color selection.
Destructive human-mode operations request confirmation. JSON and
non-interactive operations require --yes; bulk mutations provide --dry-run
when a useful preview is possible.
This section is for contributors and maintainers.
Install Lefthook once after cloning or when recreating the local Git metadata:
lefthook installMake sure lefthook and cargo-llvm-cov are available on your PATH before
committing. Install the coverage tool with cargo install cargo-llvm-cov if
needed.
The pre-commit hook runs formatting, linting, a workspace build, and
cargo llvm-cov --fail-under-lines 80 --workspace, each capped at four Cargo
build jobs to keep local resource usage manageable. Coverage runs the test
suite, so a separate cargo test --workspace step is unnecessary for the
normal pre-commit workflow. To run the hook manually:
lefthook run pre-commitBuild release binaries separately when you want to inspect the optimized artifacts or perform the final release check:
CARGO_BUILD_JOBS=4 cargo build --release
./target/release/gitfleet version
./target/release/gf versionRun the required workspace gates from the repository root:
cargo fmt --check
CARGO_BUILD_JOBS=4 cargo clippy -- -D warnings
CARGO_BUILD_JOBS=4 cargo check --workspace
CARGO_BUILD_JOBS=4 cargo test --workspace
CARGO_BUILD_JOBS=4 cargo llvm-cov --fail-under-lines 80 --workspace
CARGO_BUILD_JOBS=4 cargo build --releaseCoverage must remain at or above 80 percent. See AGENTS.md for architecture, testing, style, playbook, and release requirements.
Unit tests live inside source files in #[cfg(test)] mod tests {} blocks.
Integration tests live in each crate's tests/ directory. Provider tests use
wiremock for HTTP mocking and insta for normalization snapshots. Automated
tests must never make real HTTP requests.
Playbooks under gitfleet-playbooks/ are Bash scripts for validating command
families against a real GitHub or GitLab test account and repository. They are
developer and release-validation tools, not part of the normal end-user
workflow. They use the active Gitfleet profile, require its matching explicit
credentials, and clean up mutations during teardown.
Run them only against a dedicated test repository:
GITFLEET_PLAYBOOK_REPO=owner/test-repository GITFLEET_PLAYBOOK_ORG=example bash gitfleet-playbooks/all.sh
GITFLEET_PROFILE=gitlab-test GITFLEET_PLAYBOOK_REPO=group/test-repository bash gitfleet-playbooks/all.sh
GITFLEET_PLAYBOOK_REPO=owner/test-repository GITFLEET_PLAYBOOK_SKIP="pipeline,milestone,project" bash gitfleet-playbooks/all.sh
GITFLEET_PLAYBOOK_REPO=owner/test-repository GITFLEET_PLAYBOOK_PARALLEL=1 bash gitfleet-playbooks/all.shSee gitfleet-playbooks/env.sh for configuration. Automated tests use mocks
and make no network requests; live playbooks intentionally exercise the
provider API.
| Crate | Responsibility |
|---|---|
gitfleet-core |
Provider-neutral entities, capabilities, operations, infrastructure |
gitfleet-providers |
GitHub and GitLab provider clients, wire types, normalization |
gitfleet-cli |
Thin CLI surface over shared operations |
Only gitfleet-providers performs HTTP requests. Provider wire types are
normalized before crossing the crate boundary, and unsupported operations
return a capability error instead of pretending another provider supports
them.
Read AGENTS.md for the full architecture contract, crate boundaries, code style, testing strategy, and release requirements.
gitfleet-core/ provider-neutral entities, capabilities, errors, operations,
infrastructure (config, git, output, prompts, secrets, workspace)
gitfleet-providers/ GitHub and GitLab provider clients, wire types, normalization
gitfleet-cli/ thin CLI surface over shared operations
gitfleet-playbooks/ live API test scripts (Bash)
PLAN.md and ROADMAP.md are reserved for implementation planning and
deferred milestones.
Report vulnerabilities using the private process in SECURITY.md
and do not open a public issue. Never include tokens or other credentials in
reports; use redacted --debug output for ordinary bug reports.
For usage help, run gitfleet help [command...]. For reproducible bugs, open an
issue with the Gitfleet version, operating system, command, expected behavior,
actual behavior, and redacted --debug output.
Read CONTRIBUTING.md before proposing a change. The development, testing, architecture, and repository sections above describe the contributor workflow.
Gitfleet is maintained by Airscripts. If it helps your team manage repositories more effectively, sponsor ongoing maintenance and provider coverage through GitHub Sponsors.
MIT. See LICENSE.
