- HTML 61.2%
- Go 38.3%
- Shell 0.5%
Integrate Menta CAPTCHA protection for anonymous issue and comment submissions. Adds configuration for MENTA_API_ENDPOINT and MENTA_API_KEY environment variables, implements verification function that validates captcha tokens against the Menta API, and updates the UI to include captcha widgets in issue creation and comment forms. CAPTCHA verification is optional and only enforced when MENTA_API_ENDPOINT is configured. Updates CSP headers to allow the Menta CAPTCHA domain. |
||
|---|---|---|
| .github | ||
| cmd/server | ||
| database | ||
| internal | ||
| pkg/protocol | ||
| web | ||
| .dockerignore | ||
| .env.example | ||
| .gitattributes | ||
| .gitgost.yml | ||
| .gitignore | ||
| AI-POLICY.md | ||
| ARCHITECTURE.md | ||
| Dockerfile | ||
| fly.toml | ||
| go.mod | ||
| go.sum | ||
| LEGAL.md | ||
| LICENSE | ||
| Privacy Guarantees.md | ||
| README.md | ||
| SECURITY.md | ||
| test-server.sh | ||
| THREAT_MODEL.md | ||
| VISION.md | ||
gitGost
Contribute to any GitHub repo without leaving a trace.
Zero accounts • Zero tokens • Zero metadata • Designed for strong anonymity
One-liner demo
# Add as remote → fix → push → done. Designed to minimize identifiable traces.
git remote add gost https://gitgost.fly.dev/v1/gh/torvalds/linux
git checkout -b fix-typo
git commit -am "fix: obvious typo in README"
git push gost fix-typo:main
# → PR opened as @gitgost-anonymous with no direct trace to you; note that gitGost provides strong anonymity features, but not perfect anonymity — see the Threat Model
That’s it. No login, token, name, or email required — gitGost provides strong anonymity features, but not perfect anonymity — see the Threat Model.
"Fixed GPIO mapping bug in 10s without doxxing risk – @gitgost-anonymous"
View PR ↗ (Example from mehdi7129/inky-photo-frame)
Features
| Feature | Description |
|---|---|
| Total Anonymity | Strips author name, email, timestamps, and all identifying metadata. PRs created by neutral @gitgost-anonymous bot. |
| One-Command Setup | Just git remote add gost <url> – no accounts, tokens, or browser extensions. |
| Battle-tested Security | Rate limiting, repository size caps, commit validation. Written in pure Go with minimal dependencies – fully auditable. |
| Works Everywhere | Terminal, CI/CD, Docker, scripts – any public GitHub repo, anywhere Git runs. |
| Open Source & AGPL | 100% transparent. Fork it, audit it, host it yourself. |
Anonymous Contributor Friendly Badge
To signal that your repository welcomes anonymous contributions via gitGost, add this badge to your README:
For verified repositories, add a .gitgost.yml file to your repository root and use the dynamic version:
This badge helps contributors know that anonymous contributions are accepted and encouraged.
Repository Opt-Out
Maintainers can block anonymous contributions via gitGost by adding DENY_ALL: true to the .gitgost.yml file in their repository root:
# .gitgost.yml
DENY_ALL: true
When this is set, gitGost will reject any push attempt before creating a fork or PR. Contributors will see:
remote: CONTRIBUTION BLOCKED
remote:
remote: This repository does not accept anonymous contributions
remote: via gitGost. Please contact the maintainer directly.
error: push rejected: repository has opted out of gitGost
If the file does not exist or DENY_ALL is not set, contributions are allowed by default.
Why developers love gitGost
“Your commit history shouldn’t be an HR liability forever.”
- No permanent public record of your activity
- Safely contribute to controversial projects (employer or country doesn’t like it? no problem)
- Stop email harvesting & doxxing from public commits
- Fix that one annoying typo without attaching your name for eternity
- Be a ghost when you want to be
Built for developers who actually care about privacy.
Legitimate Use Cases
gitGost is intended for responsible, good-faith contributions where identity exposure is unnecessary or undesirable.
Examples include:
Fixing typos or documentation errors without creating a permanent contribution record Contributing to projects that may conflict with employer policies Participating in politically sensitive or controversial repositories Reducing exposure to email harvesting and scraping Experimenting or testing changes without attaching personal metadata Contributing from jurisdictions where visibility may create risk
gitGost is designed to enable privacy — not remove accountability from the review process.
All pull requests are public and subject to maintainer approval.
When NOT to use gitGost
Do not use gitGost for:
Harassment or abuse Spam or automated PR flooding Evading bans or moderation Submitting malicious code Avoiding legal responsibility Circumventing repository contribution policies
gitGost enforces rate limits, validation checks, and repository constraints. Abuse attempts will be mitigated.
If your goal is to harm, disrupt, or deceive — this project is not for you.
Threat Model
gitGost is designed to protect against common identification threats in contributions to public repos, but does not offer perfect anonymity. Below details what it protects against, what it does not, who it protects against, and key assumptions.
For a terse, user-facing view of guarantees and data retention, see Privacy Guarantees.
gitGost protects against:
- Public exposure of name and email in commits
- Direct association between personal GitHub account and PR
- Passive metadata collection in public repos
- Permanent history of minor contributions
gitGost does NOT protect against:
- IP identification (using VPN/Tor is recommended)
- Code style analysis (stylometry)
- Advanced temporal correlation
- Targeted deanonymization by adversaries with resources
Considered adversaries
- Recruiters / HR
- Hostile maintainers
- Email scrapers
- Governments or companies with basic monitoring
Not considered adversaries
- Nation states with infrastructure access
- Actors with active user surveillance
- Deep forensic code style analysis
Explicit assumptions
gitGost assumes the user:
- Uses a trustworthy network (VPN / Tor)
- Does not reuse unique phrases or identifiable style
- Does not mix anonymous and personal contributions to the same repo
- Understands that perfect anonymity does not exist
For the full model, see THREAT_MODEL.md. For more operational details, see SECURITY.md.
Quick Start
# 1. Add the remote (replace with any public repo)
git remote add gost https://gitgost.fly.dev/v1/gh/username/repo
# 2. Create your branch and commit with a detailed message
git checkout -b my-cool-fix
git commit -am "fix: typo in documentation
This commit fixes a grammatical error in the README.
The word 'recieve' should be 'receive'."
# 3. Push – PR opens anonymously
git push gost my-cool-fix:main
Done. The PR appears instantly from @gitgost-anonymous with your commit message as the PR description.
Pro tip: Write detailed commit messages! Your commit message becomes the PR description, allowing you to provide context while staying anonymous.
Security & Limits (we’re not reckless)
- Max 5 PRs/IP/hour
- Repository size ≤ 500 MB
- Commit size ≤ 10 MB
- Full validation of refs and objects
- No persistence of your data
GitHub only: Due to GitHub's platform limits, fork repositories created by gitGost are manually deleted to stay under the 40,000-repository cap. This is a GitHub-specific constraint and does not affect functionality.
Everything is designed to prevent abuse while keeping you anonymous.
License
AGPL-3.0 – Free forever, open source, and copyleft.
If you run a public instance, you must provide source code.
→ LICENSE
Contributing
Contributing Anonymously
git remote add gost https://gitgost.fly.dev/v1/gh/livrasand/gitGost
git push gost my-feature:main
(Yes, even gitGost eats its own dogfood 👻)
Going further: hide your IP with torsocks
gitGost strips your name, email, and metadata — but your IP is still visible to the server. If you need a stronger anonymity guarantee, wrap your push with torsocks, which routes the connection through the Tor network so the server only sees a Tor exit node IP.
Install
# Debian/Ubuntu
sudo apt install tor torsocks
# Arch
sudo pacman -S tor torsocks
# macOS
brew install tor torsocks
Start Tor
sudo systemctl start tor # Linux
brew services start tor # macOS
Push through Tor
torsocks git \
-c http.extraHeader="X-Gost-Authorship-Confirmed: 1" \
push gost my-feature:main
Optional: persistent alias so you never forget
# Inside your repo
git config http.extraHeader "X-Gost-Authorship-Confirmed: 1"
# In ~/.gitconfig
[alias]
ghost = "!torsocks git"
Then simply:
git ghost push gost my-feature:main
Verify your IP is masked before pushing
torsocks curl https://check.torproject.org/api/ip
# → {"IsTor": true, "IP": "185.220.101.x"}
Heads-up: Tor is slow. A push that normally takes seconds may take a few minutes. This is expected — Tor routes traffic through three encrypted nodes worldwide. gitGost's 10 MB commit limit is partly sized with this in mind.
Strip metadata from binary files before committing
gitGost anonymizes commit metadata, but binary files (images, PDFs, Office documents) can contain embedded metadata — EXIF data, GPS coordinates, author names, device info — that reveal your identity regardless of commit anonymization. Strip it before committing with exiftool.
Install
# Debian / Ubuntu
sudo apt install libimage-exiftool-perl
# Arch
sudo pacman -S perl-image-exiftool
# macOS
brew install exiftool
# Windows: download the executable from https://exiftool.org
# Extract exiftool(-k).exe, rename to exiftool.exe, place in PATH
Verify and strip
# Check what metadata a file exposes
exiftool photo.jpg
# → GPS Latitude : 48.8566 ← your location
# → Author : John Doe ← your name
# Strip all metadata from a single file
exiftool -all= photo.jpg
# Strip recursively from a directory
exiftool -all= -r ./assets/
Then commit and push safely
git add assets/
git commit -am "add: project screenshots"
git push gost my-branch:main
# → PR opened as @gitgost-anonymous — no metadata, no trace
Note: exiftool creates backup files (
*_original) by default. Add-overwrite_originalto skip them:exiftool -all= -overwrite_original photo.jpg.
Windows alternatives
torsocks is not available on Windows natively. Use one of the following options instead.
Option 1: Tor Browser + SOCKS5 proxy (easiest)
# 1. Download and install Tor Browser
# https://www.torproject.org/download/
# 2. Open it and leave it running (exposes SOCKS5 on 127.0.0.1:9150)
# 3. Configure Git to use it
git config --global http.proxy socks5h://127.0.0.1:9150
# 4. Push normally
git -c http.extraHeader="X-Gost-Authorship-Confirmed: 1" push gost my-branch:main
When done, remove the global proxy:
git config --global --unset http.proxy
Or configure it per-repo only (recommended):
# Inside the repo, not global
git config http.proxy socks5h://127.0.0.1:9150
git config http.extraHeader "X-Gost-Authorship-Confirmed: 1"
Option 2: WSL2 (Windows Subsystem for Linux)
If you already have WSL2, it works exactly like Linux inside it:
# Inside WSL2 (Ubuntu/Debian)
sudo apt install tor torsocks
sudo service tor start
torsocks git push gost my-branch:main
WSL2 has its own network stack separate from Windows, so anonymity is preserved correctly.
Made with ❤️ for privacy
Service Administration
Panic button — suspend and restore the service
If abusive activity is detected (bot submissions, coordinated spam), you can suspend the service immediately. While suspended, all pushes are rejected with an explanatory message and the site shows a banner.
Suspend the service:
curl -X POST https://gitgost.fly.dev/admin/panic \
-H "Content-Type: application/json" \
-d '{"password":"<PANIC_PASSWORD>","active":true}'
Restore the service:
curl -X POST https://gitgost.fly.dev/admin/panic \
-H "Content-Type: application/json" \
-d '{"password":"<PANIC_PASSWORD>","active":false}'
Note: If you receive a ntfy alert with action buttons (Activate Panic / Deactivate Panic), those buttons use single-use tokens valid for 10 minutes. If the tokens expire before you tap them, use the
curlcommands above with yourPANIC_PASSWORD— those always work.
Handy shell aliases (add to your ~/.zshrc or ~/.bashrc):
export PANIC_PASSWORD="your-password-here"
alias gitgost-suspend='curl -s -X POST https://gitgost.fly.dev/admin/panic \
-H "Content-Type: application/json" \
-d "{\"password\":\"$PANIC_PASSWORD\",\"active\":true}"'
alias gitgost-restore='curl -s -X POST https://gitgost.fly.dev/admin/panic \
-H "Content-Type: application/json" \
-d "{\"password\":\"$PANIC_PASSWORD\",\"active\":false}"'
Then simply run gitgost-restore to bring the service back online.
Close abusive PRs (rollback burst)
After a burst attack, close all PRs created during the attack window:
curl -X POST https://gitgost.fly.dev/admin/rollback \
-H "Content-Type: application/json" \
-d '{"password":"<PANIC_PASSWORD>"}'
# → {"closed": 12, "failed": 0, "closed_urls": [...]}
This closes up to 2 hours of recorded PRs in parallel via the GitHub API. PRs older than 2 hours are not affected.
Star this repo if you believe developers deserve the right to contribute anonymously.
Be a ghost. Fix the internet.
✨ Thanks for visiting gitGost!