The Local (or Remote) LLM–Powered Pre-Commit Code Reviewer
Git Gandalf is a "boring", dependency-free git hook that blocks high-risk commits (like hardcoded secrets) using an LLM. It is designed for Local LLMs (like LM Studio) but can be configured to point anywhere.
- Node.js: Version 18+ (required for built-in
fetch). - An LLM Endpoint:
- Default: Local server running at
http://127.0.0.1:1234(e.g., LM Studio, Ollama via compatibility mode). - Custom: You can edit the script to point to any OpenAI-compatible endpoint.
Copy the bin/gitgandalf.js file to the root of your project (the same folder as your package.json).
Copy the pre-commit file to your .git hooks folder:
cp hooks/pre-commit .git/hooks/pre-commit
Git will not run the script unless you explicitly make it executable. If you skip this, you will get a "Permission Denied" error.
Mac / Linux / Git Bash:
chmod +x .git/hooks/pre-commit
Windows (PowerShell): Usually not required, but if you run into issues, ensure your user has execute rights on the file.
By default, Git Gandalf looks for a local server. To change this:
- Open
gitgandalf.jsin your editor. - Edit the
BASE_URLconstant at the top:
// CHANGE THIS:
const BASE_URL = "http://127.0.0.1:1234";
// TO YOUR SERVER (example):
const BASE_URL = "https://my-internal-llm.company.com";(Note: The current version does not support Authorization headers for paid APIs like OpenAI/Anthropic out of the box. You must modify the fetch call in the script to add API keys if needed.)
Just commit as normal!
git add .
git commit -m "feat: new login page"
- 🟢 ALLOW: Commit proceeds.
- 🟡 WARN: Commit proceeds, but you get a warning.
- 🔴 BLOCK: Commit fails. Fix the issues and try again.
If the LLM is down, hallucinating, or blocking a critical hotfix, you can skip the hook:
git commit -m "critical fix" --no-verify
Permission denied: You forgot to runchmod +x .git/hooks/pre-commit.Git Gandalf Skipped: The script couldn't reach the URL defined inBASE_URL. Check if your model is running.