
$ man gitgeek
The Manual
What GitGeek $GGdoes, how it works, and what's shipped versus what's coming.
name
gitgeek- an AI that reviews your code, pays whoever's carrying the repo, and scores everyone else.
synopsis
# in any PR (live): gg review # auto-fires on every opened PR /gg audit # force the security lens (writes PoC exploits) /gg gas # solidity gas-optimization lens /gg tests # coverage-gap call-out /gg simplify # reuse / dead-code / efficiency cleanup /gg help # list available commands # in any PR or issue comment (live): @gitgeekhq <question> # codebase Q&A — bot reads files, answers with citations # coming (roadmap): gg reward [repo] --fund N # stream $GG to contributors per epoch gg rep [user] # query an onchain GeekScore gg watch --live # tail the global review feed
description
Three things are broken. The people maintaining the libraries everything else depends on mostly make nothing. Reviewing PRs is the job nobody volunteers for. And dev reputation, the thing that quietly decides who gets hired, lives in a pile of profiles you can't verify.
GitGeek is one agent that handles all three. It reviews every PR, it rewards whoever's actually doing the work, and it ranks the rest with a score that lives onchain. $GG is what moves between them.
commands
gg reviewliveInstall the GitHub App on any repo. Every opened or updated PR auto-fires a deep-reasoning review. The router picks the right specialist lens based on what changed. Solidity gets the audit + gas pair. Big diffs get the simplify pass. Untested src/ changes get a coverage call-out. One PR comment, multiple reviewers underneath.
/gg <lens>liveAny owner / member / collaborator types /gg audit, /gg gas, /gg tests, or /gg simplify in a PR comment to re-run the review with that specific lens. /gg help posts the command list. Bot 👀-reacts immediately, runs, posts, 🚀-reacts when done. Drive-by commenters get ignored.
@gitgeekhqliveCodebase Q&A. Mention the bot with a question in any PR or issue comment. It reads the repo file tree, picks the most relevant source files, answers with line citations. The senior who never forgets anything about your code, living inside every thread.
gg rewardroadmapMaintainer funds a per-repo $GG escrow. The bot scores every merged PR by complexity, blast radius, tests written, and severity of issues caught or fixed, then streams $GG out proportionally each epoch. Settled onchain so the receipt layer (already shipped, see below) is the source of truth.
gg reproadmapStake $GG to mint a soulbound GeekScore (0 to 100) derived from your public git history: code quality, review acceptance rate, consistency, breadth. Read-only. Can't be bought, which is the whole reason recruiters and DAOs will pay to query it.
review lenses
One bot, multiple specialists underneath. The router inspects every diff (what files changed, how much, what language) and picks which lenses fire. Each lens is a distilled, focused reviewer prompt with its own priorities.
gg auditauto-fires on any .sol diffSystematic security audit. Walks the V/F/C/M/X/SC/H/T checklists, the SWC vulnerability list (1 to 136), token edge cases (USDT missing returns, fee-on-transfer, rebasing, approval race, ERC777 reentrancy callback), and DeFi-specific traps (oracle manipulation, first-depositor inflation, flash-loan attacks). For Critical or High findings on Solidity, ADVERSARIAL mode writes a runnable Foundry test that exploits the bug. test_<bugSlug>_works() ends with a passing assertion when the exploit succeeds.
gg gasauto-fires on any .sol diffGas optimization for the EVM. Storage hot-path SLOADs that should be cached, constants that should be immutable, variable packing into single slots, external > public + calldata > memory, short-circuit ordering, unchecked arithmetic where safe, events over storage for write-only data. L2-aware. Recognises Base/Arbitrum calldata pricing.
gg testsauto-fires when src/ changes but test/ doesn'tCoverage-gap call-out. Names every untested require, event, and state-changing branch. Suggests test_FunctionName_DescriptionOfBehavior unit tests, fuzz targets with bound() not vm.assume, and the invariants that should hold across any call sequence. Doesn't generate the test code. Points at the gaps.
gg simplifyauto-fires on diffs >400 linesQuality cleanup across four angles: reuse (new code that re-implements existing helpers), simplification (dead code, derivable state, multi-paragraph comments that should be a one-line WHY), efficiency (redundant computation, wasted I/O), altitude (special-cases bolted onto general mechanisms, per-chain if/else ladders).
Multiple lenses compose on the same review. A Solidity PR with no tests and more than 400 changed lines fires audit + gas + tests + simplify, all in a single review pass, all surfaced in one PR comment with ▸ reviewers: audit · gas · tests · simplify in the header.
codebase q&a
@gitgeekhq + a question in any PR or issue comment. The bot reads the repo file tree, a lightweight retriever picks the ~6 most relevant files, then the deep reviewer reads them and answers with line-cited paths. ~7–12 seconds end-to-end.
@gitgeekhq where do we verify JWTs? @gitgeekhq why is this contract using safeTransferFrom? @gitgeekhq what's the test coverage for the withdraw function?
Bot replies in the same thread, citing every file it touched at the bottom so the answer is auditable. Same access gate as /gg. Only repo owners / members / collaborators can trigger, to keep public spam off the budget. Try it on ~/ask without installing the App. Works on any public repo.
try it
Two demos live on this site, both hitting the same worker that powers the GitHub App. No signup, no install.
the $GG token
Supply is 1,000,000,000, on Ethereum. Free reviews cost no tokens, so $GGisn't a paywall on the front door. It pays for the deep audits, gets staked to mint a GeekScore, covers reputation lookups, and votes on how the impact model scores work.
| liquidity | 100% | seed pool · fair launch |
There's a 1/1 tax: 1% on buys and 1% on sells, and it all goes to development. It lives in a Uniswap V4 hook at the pool, not in the token, so moving $GG between your own wallets is free.
geekscore
A 0 to 100 score pulled from your public git history: code quality, how often your reviews land, how consistently you ship, how much ground you actually cover across languages and projects. Stake $GGand it mints as a soulbound token. It's read-only, so you earn it or you don't. No buying your way up.
GeekScore = w1·quality + w2·acceptance + w3·consistency + w4·breadth
── weights are governed by $GG holders ──architecture
Three layers. A Cloudflare Worker handles every webhook, signs installation tokens, routes the diff through the right review lenses, and runs deep-reasoning analysis on the highest effort tier. The onchain log on Base emits a verifiable receipt per review. The $GG token + V4 fee hook on Ethereum close the economic loop. The 1/1 tax funds the compute behind the reviewer so the front door stays free.
┌──────────────────────── GITHUB ────────────────────────┐
│ pull request · issue comment · webhook │
└───────────────────────────┬─────────────────────────────┘
│ sig-verified webhook
┌──────────▼───────────┐
│ GITGEEK WORKER │ cloudflare worker
│ /gg lens routing │ review engine
│ @gitgeekhq Q&A │ effort=high
└─────┬─────────────┬───┘
│ │
┌────────────────▼─┐ ┌────────▼──────────────────┐
│ BASE (live) │ │ ETHEREUM (live) │
│ ReviewLog │ │ $GG · V4 fee hook 1/1 │
│ verifiable log │ │ 100% LP · fair launch │
└───────────────────┘ └───────────────────────────┘
┌─── coming (roadmap) ───────────────────┐
│ gg reward — per-repo $GG escrow │
│ GeekScore — soulbound reputation NFT │
└─────────────────────────────────────────┘onchain log
Every PR review the bot posts also emits a ReviewPosted event on a Base mainnet contract. The event records a hash of the repo name, the PR number, the verdict, severity counts, and a hash of the review body. A verifiable, censorship-resistant receipt. ~$0.0005 per emit at current Base gas. The cost is paid by the dev-tax revenue, not by users.
event ReviewPosted(
bytes32 indexed repoHash, // keccak256("owner/repo")
uint256 indexed prNumber,
uint8 verdict, // 1=ship, 2=needs work, 3=do not merge
uint16 severity, // packed: critical|high|medium|low
bytes32 reviewHash, // keccak256(review body)
uint256 reviewId // monotonic
);Private repo names don't leak. Only the hash is on-chain. The review body hash is your proof that THIS review (which you have as a comment on your PR) is the one that landed in the log. Auditable forever, queryable via a subgraph, can't be revoked by us or anyone else.
install
# 1 · try without installing first $ open git-geek.com/try # paste code → review with PoC exploits $ open git-geek.com/ask # any public repo + question → cited answer # 2 · add the GitHub App to a repo $ open https://github.com/apps/gitgeekhq/installations/new # 3 · (optional, for /gg + @gitgeekhq in PR comments) # enable "Issue comment" event on the App settings page $ open https://github.com/settings/apps/gitgeekhq # 4 · (optional) hold $GG to unlock deep audits on private repos $ open git-geek.com # buy $GG # 5 · open a PR. the geek does the rest. $ git push origin feature/ship-it
faq
> Yeah. On any public repo it reads your PRs, flags the bugs, and roasts you for nothing. The paid stuff is the heavy lifting: full-repo security passes, private repos, jumping the queue. That needs a small $GG balance. No $GG, no deep audit. That's the only gate there is.
disclaimer
$GG is a community token. Nothing in this document is financial, investment, legal or tax advice. Crypto assets are volatile and you may lose everything. Contracts are self-audited; an external review is on the roadmap. Do your own research, geek.
SEE ALSO: gitgeek(home), github, x