✦ ai
AI you actually control.
Every AI surface is optional, editable, and attributable — and it runs on your own model: a cloud API, a local Ollama, or a keyless CLI you already pay for. Keys live in your OS keychain, never in app files, and a single switch hides all of it. It assists the workflow; it never blocks the manual path.
It writes; you edit.
One click reads your staged diff and drafts the message — streaming into the same field you'd type in, always editable.
- Commit messages, in your conventions
- PR & issue titles and descriptions — with suggested labels from your repo's existing set
- Branch names from a task
- Repository descriptions & topics
- Issue drafts from your repo's templates
- Resolve merge conflicts — review the proposal as a diff, then accept
A reviewer that reads the code.
Run a general review or a security audit on any pull request — local or on GitHub, GitLab, or Bitbucket. It reads the changed files, flags real issues with a severity, and cites the exact lines. The result stays on your machine unless you post it.
Agentic, and read-only.
Pull the full diff past the prompt budget, read any file at any ref, search the repo, and run history — end to end read-only. Works with CLI agent models (over a read-only MCP server) and with API models through a native tool loop that needs no workspace, so it starts instantly.
It doesn't quit or repeat itself.
Reviews keep running while you move between PRs, and finish in the tray after you close the window. Re-runs remember the last round and fold in Copilot's and CodeRabbit's findings, so a settled issue isn't re-raised.
Clearly machine-authored.
A branded header/footer and a robot avatar — and with a GitLab access token, posted as the real project bot rather than your own account.
On a schedule, if you want.
Automations run a review or security audit on commit, on PR open, or on new commits to a reviewed PR — scoped by branch. And Debug-with-AI turns a failed CI job's logs into a root cause and fix.
Hand off whole tasks.
Beyond generation, GitDesktop drives full coding agents — the CLI you already have, no extra subscription — and keeps every run inspectable and reversible.
- Delegate a task to a Claude, Codex, Copilot, or opencode agent — in an isolated worktree, so your checkout is never touched
- Follow every file it reads and edits; expand any edit to its diff inline
- Keep the result as a branch, open a local PR from it, or discard it
- Best-of-N — fan one task across 2–5 arms, each with its own agent, model & effort, and keep the winner (with an upfront cost estimate)
- Sandbox writes in a Docker/Podman container, and add per-repo tools (e.g. Playwright) via a committed agent Dockerfile
- An integrated terminal in every session — a real shell in the worktree or inside the container
- Research (Brainstorm & Deep research, web-enabled, cited) upstream of Plan; Plan drafts an agent-ready issue; Implement hands it to a write-capable session
- Sessions organized into Active & Kept tabs, searchable, with a completion alert — drive each turn with slash commands, skills, and @file mentions
GitDesktop as an MCP server.
The reverse direction: expose this repo's read-only git & forge tools to any
external MCP client — Claude Desktop, Cursor, Claude Code. Settings shows a
ready-to-paste snippet, writes it into the repo's
.mcp.json, or installs it globally, with an
Add-to-PATH launcher so the bare gitdesktop-mcp
command resolves anywhere.
It also hands a connected agent GitDesktop's own generation recipes — the fully assembled commit-message, PR-description, and branch-name prompts — as tools and as MCP prompts. And you can bring your own MCP servers into a session, or browse the official registry to add new ones.
Writes are an escalating opt-in ladder — each tier a separate flag, off by default:
- default Read-only — status, log, diff, blame, PRs, issues, CI
- --allow-write Local PRs & issues (GitDesktop's own review artifacts)
- --allow-remote-write Real forge writes under your authenticated identity
- --allow-git-write Recoverable git ops — stage, commit, branch, push
- --allow-destructive The irreversible ones — discard, reset, force-push
Bring your own model.
Separate models for generation and review, in a searchable live picker. Point Ollama or an OpenAI-compatible endpoint at a box on your LAN, not just localhost — non-built-in hosts are enforced against an allow-list before every request.
- Anthropic
- Claude, direct API
- OpenAI
- GPT, direct API
- OpenAI-compatible
- custom base URL — presets for Vercel AI Gateway, Gemini, DeepSeek, Mistral, Z.ai
- OpenRouter
- one key, many models
- Ollama
- local, LAN, or Ollama Cloud
- Claude Code / Codex
- keyless, via your subscription
- GitHub Copilot / opencode
- keyless — opencode's hosted models need no key
Custom instructions
Global, or per-repo via .gitdesktop/instructions.md
— included in every generation.
AI-ignore patterns
Keep sensitive files out of AI context (they still commit) — global or
.gitdesktop/aiignore.
Hide it all
Settings → General hides every AI surface while keeping your config. It's the same "Just Git" view this site has.
Your model. Your keys. Your call.
Free, open source, and native. Turn the AI up, or hide it entirely.