Generate standup updates from recent git activity with a local Ollama model or Groq's free cloud tier.
Since 0.2.4: a full security/correctness audit (private-IP redaction, a config-mutation bug that could leak an API key across process calls, a broken Linux systemd unit, and a few other fixes), plus a follow-up fix for missing secret-detection patterns (GitHub tokens, AWS keys, Slack tokens, LLM API keys, credentialed URIs) reported via #2. See CHANGELOG.md for the full list.
# Install dependencies
pip install -e .
# Configure StandupBot
standup --setup
# Generate a standup
standupFor Ollama, install and pull a model first:
ollama pull llama3| Provider | Cost | Privacy | Best for |
|---|---|---|---|
| Ollama | Free | Fully local | Private, offline workflows |
| Groq | Free tier | Cloud | Fast generation without local model setup |
Groq API keys should be supplied through GROQ_API_KEY when possible.
# Standard generation
standup
standup --hours 48
standup --week
standup --provider groq
# Output options
standup --copy
standup --slack
standup --raw
standup --template slack
standup --verbose
# Cache and filtering controls
standup --no-cache
standup --no-filter
# Maintenance
standup doctor
standup usage
standup logs
standup logs --tail 50
standup logs --clear
standup models
standup templates
standup history
standup history --limit 25
standup history --clear
standup history --clear --days 30
standup warm-up
standup warm-up --install-startup
standup warm-up --uninstall-startup
standup --maintenanceBuilt-in templates:
defaultslackminimaldetailedjira
You can also define custom templates in config. StandupBot extracts yesterday, today, and blockers from the LLM output, then renders the final format with these variables:
{yesterday}{today}{blockers}{date}{time}{commit_count}{repos}{provider}{author_email}
StandupBot reads ~/.standup.json.
{
"repos": [
"/path/to/repo1",
"/path/to/repo2"
],
"author_email": "you@example.com",
"hours_lookback": 24,
"tone": "casual",
"slack_webhook_url": "",
"provider": {
"name": "ollama",
"ollama": {
"base_url": "http://localhost:11434",
"model": "llama3"
},
"groq": {
"api_key": "",
"model": "llama-3.1-8b-instant"
}
},
"rate_limit": {
"cooldown_minutes": 30,
"max_calls_per_day": 10,
"enabled": true
},
"quality": {
"enabled": true,
"min_score": 0,
"show_breakdown": false
},
"noise_filter_enabled": true,
"template": "default",
"custom_templates": {
"my_format": "Done: {yesterday} | Doing: {today} | Help needed: {blockers}"
},
"auto_warm_up": false
}Every generated standup is stored locally in ~/.standup_history.db.
- Cache keys are based on a SHA256 fingerprint of sorted commit hashes.
- Cache reuse is limited to the same day, tone, and provider.
- The database stores standup text, provider metadata, repo names, lookback hours, and quality score.
- Raw commit messages are not stored in the database.
After generation, StandupBot can score the standup from 0-100 and show a colored badge.
- Green: 80+
- Yellow: 60-79
- Red: below 60
When quality.min_score is above zero, StandupBot retries low-quality outputs up to two times with refined guidance.
Use standup warm-up to pre-load the configured model before your first real run.
- Ollama: sends a minimal warm-up request to keep the selected model ready in memory.
- Groq: runs a lightweight availability ping.
auto_warm_upcan trigger a silent warm-up when the model has not been used recently.
StandupBot treats config, git metadata, templates, provider responses, and local storage as hostile inputs until proven otherwise.
~/.standup.json,~/.standup_usage.json,~/.standup_history.db, and~/.standup.loguse restricted permissions on Unix/macOS.- Commit messages are scanned for common secret formats — passwords/tokens/API keys, private IPs, internal hostnames, bearer tokens, GitHub PATs, LLM provider keys, AWS access keys, Slack tokens, and credentialed URIs — and redacted before they reach a prompt, storage, or the terminal.
- Repo paths go through explicit path-safety checks to block traversal tricks, network paths, and unsafe symlinks.
- Commit messages and LLM responses are length-capped before they reach prompts, storage, or terminal rendering.
- Custom templates only substitute a fixed allowlist of variables and reject Python-style format syntax.
- All history database queries are parameterized, and stored standup text is sanitized before persistence.
- User-facing exception messages are sanitized so file paths, emails, and API-key-shaped values are not echoed back to the terminal.
standup doctornow checks log health, DB size, schema version, WAL mode, file permissions, and full config validity.
python -m pytest tests/ -qIf your environment restricts Python temp directories or __pycache__ writes, set a writable --basetemp or PYTHONDONTWRITEBYTECODE=1 while testing.
MIT