A complete dev platform. Nothing extra to buy.
Hosting, CI, AI review, security scanning, deploy webhooks, marketplace, packages, pages — every surface you need, ready on day one.
The AI is a teammate, not an upsell.
AI code review
Real Claude review on every PR open. Inline file/line comments. Idempotent across re-runs.
Spec-to-PR
Drop a feature spec in plain English. AI drafts the entire PR — branch, commits, description.
AI security review
Sonnet 4 reads diffs for OWASP-class issues. Posts as inline review comments, not noise.
Auto-repair
Failed gate? AI tries to fix it and pushes a follow-up commit. Your repo self-corrects.
AI commit messages
One-click 'suggest with AI' on the web editor. Concise, conventional-commit format.
AI changelogs
Generated on release create. Plus an arbitrary-range viewer at /:repo/ai/changelog.
AI incident responder
Failed deploy? AI opens an issue with the failing logs + suggested fix + linked PR.
AI test generation
Drops test stubs for uncovered functions. You review, edit, commit.
Nothing broken ever reaches production.
GateTest integration
Push triggers GateTest. Results post back as inline annotations on the commit.
Secret scanner
15 patterns, runs on every push. Blocks the push if a real secret leaks.
Branch protection
Required checks, code-owner reviews, push restrictions, force-push blocking.
Repository rulesets
Named policy bundles. Six rule types from commit message regex to max file size.
Required checks matrix
Per branch-protection list of named checks that must pass before merge.
Protected tags
Owners declare patterns (v*, release-*) that only owners can push.
Merge queue
Serialised merge with re-test against latest base. No more 'green when merged, red on main'.
Pre-receive policy
Ref-name patterns and push policies enforced at the HTTP layer with 403s.
No polling, no refresh, no waiting.
Live workflow logs
Step-by-step output streams over SSE the moment your runner emits it.
Live PR comments
New comment in another tab? You see a 'reload to view' banner immediately.
Live deploy events
Crontech-Gluecron event bus pushes deploy state. Watch deploys happen.
Live presence
See who's looking at the same PR right now. Avoid double review work.
Everything GitHub charges extra for.
Workflow runner
Drop yaml in `.gluecron/workflows/`. Runs on push. Cron triggers, secrets, matrix.
Packages registry
npm protocol. Publish, install, yank with `glc_` PAT auth. Container registry deferred.
Pages hosting
Serves blobs from the latest gh-pages commit. Custom domains, short cache headers.
Marketplace + apps
Install third-party apps with permission scopes. App-bot push auth via ghi_ tokens.
Discussions
Categorised threads, pinned, locked, Q&A answers. Zero extra config.
Wikis + Gists + Projects
All shipped, all free, all integrated. No upsell tier.
Enterprise-tier auth from day one.
TOTP + WebAuthn
Both 2FA paths shipped. Passkey-only login if you want it.
OIDC SSO
Okta, Azure AD, Auth0, Google Workspace. Auto-create users. Email-domain allowlist.
OAuth provider
Third-party apps request scoped access to user repos. Standard auth-code flow.
Personal access tokens
SHA-256 hashed, scoped, revocable. The clean way to script Gluecron.
Audit log (per-user + per-repo)
Every sensitive action recorded. Browseable at /settings/audit.
Site admin panel
/admin for site-wide flags: registration locks, banners, read-only mode.
Speak every protocol your tools use.
MCP server
Claude Desktop, Cursor, Code, Cline plug in natively. Read + scoped write tools.
REST API v2
Full CRUD across resources. Versioned, documented, stable.
GraphQL endpoint
Single-request fetch for complex client views. GraphiQL explorer at /api/graphql.
Webhooks
HMAC-signed outbound to your URLs on push, issue, PR, star, comment, deploy.
Smart-HTTP git
git push, git pull, git clone — exactly what your tools already speak.
VS Code extension
Explain, open-on-web, semantic search, generate tests — all from the editor.