devpulse

module
v0.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 22, 2026 License: Apache-2.0

README

devpulse

test analyze release license

Community health analytics for GitHub organizations and repositories. devpulse imports contribution data from the GitHub API, enriches it with developer affiliations, and surfaces project health insights through a local dashboard.

Features

  • Activity trends -- monthly event volume (PRs, reviews, issues, comments, forks) with total and 3-month moving average
  • Bus factor / pony factor -- minimum developers or organizations producing 50% of contributions
  • Contributor retention -- new vs returning contributors per month
  • PR review ratio -- PRs to reviews per month with ratio trend line
  • Time to close / merge -- average days to close issues and merge PRs
  • Entity affiliations -- top contributing companies/orgs with drill-down to individual developers (GitHub profile + CNCF gitdm)
  • Contributor reputation -- two-tier scoring (shallow local, deep GitHub API) with known bot filtering
  • Repository metadata -- stars, forks, open issues, language, license
  • Release cadence -- monthly release counts (total vs stable)
  • Event search filters -- filter by type, date range, username, or entity directly from the dashboard
  • Adjustable time period -- dropdown adapts to available data range per search scope
  • Unified search -- org:name, repo:name, or entity:name prefix syntax; all panels respect entity filter

Install

Homebrew (macOS / Linux)
brew tap mchmarny/tap
brew install devpulse
Binary releases

Pre-built binaries for macOS, Linux, and Windows (amd64/arm64) are available on the releases page.

Build from source

Requires Go 1.26+.

git clone https://github.com/mchmarny/devpulse.git
cd devpulse
make build

See DEVELOPMENT.md for details.

Quick start

1. Authenticate

devpulse uses GitHub's device flow for OAuth. The token is read-only (no scopes requested) and stored in your OS keychain.

devpulse auth
2. Import data

Import everything for an org (events, affiliations, metadata, releases):

devpulse import all --org <org>

Or target a specific repo:

devpulse import all --org <org> --repo <repo>

Use --fresh to clear pagination state and re-import from scratch:

devpulse import all --org <org> --fresh

See docs/IMPORT.md for all import options.

3. View dashboard
devpulse server

Opens your browser to http://127.0.0.1:8080. Use --port to change the port or --no-browser to suppress auto-open.

Use the search bar with prefix syntax to scope the dashboard:

Prefix Example Scope
org: org:nvidia All repos in an organization
repo: repo:skyhook Single repository
entity: entity:google Company/org affiliation

No prefix defaults to org search.

4. Query via CLI

devpulse also exposes data as JSON for scripting:

devpulse query events --org knative --repo serving --type pr --since 2024-01-01
devpulse query developer list --like mark
devpulse query entity detail --name GOOGLE

See docs/QUERY.md for all query options.

5. Reset

Delete all imported data and start fresh:

devpulse reset

Prompts for confirmation before deleting the database.

Data sources

Source Data
GitHub API PRs, issues, comments, reviews, forks, repo metadata, releases
cncf/gitdm Developer-to-company affiliations

Entity names are normalized automatically. Use devpulse import substitutions to correct misattributions:

devpulse import substitutions --type entity --old "INTERNATIONAL BUSINESS MACHINES" --new "IBM"

Architecture

All data is stored locally in a SQLite database (~/.devpulse/data.db). No data leaves your machine. The dashboard is a local-only HTTP server with no external dependencies at runtime.

GitHub API --> devpulse import --> SQLite --> devpulse server --> localhost:8080
                                         \--> devpulse query --> JSON (stdout)

Verification

Release binaries are signed and attested in CI. No private keys — everything uses keyless Sigstore OIDC via GitHub Actions.

Verify checksum signature
cosign verify-blob \
  --bundle checksums-sha256.txt.sigstore.json \
  --certificate-identity-regexp 'github.com/mchmarny/devpulse' \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  checksums-sha256.txt
Verify build provenance
gh attestation verify <binary> -R mchmarny/devpulse
Inspect SBOM

Each binary has a corresponding SBOM (SPDX JSON) attached to the release.

Contributing

Contributions are welcome. Please open an issue before submitting large changes. See CONTRIBUTING.md for guidelines and DEVELOPMENT.md for setup.

  1. Fork and clone the repository
  2. Create a feature branch
  3. Run make qualify (tests, lint, vulnerability scan)
  4. Submit a pull request

License

Apache 2.0

Directories

Path Synopsis
cmd
devpulse command
pkg
auth
cli
data
net

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.