Generate accurate, conventional, and secure git commit messages using OpenAI, Claude, OpenRouter, or local models (Ollama).
git add .
orc commit✔ Conventional Commits ✔ Secret scanning (Gitleaks) ✔ Cloud & local AI ✔ Zero-config to start
ORCommit is a production-grade CLI that:
- analyzes your staged git diff
- generates a high-quality commit message via LLMs
- enforces Conventional Commits
- blocks secrets and dependency folders before commit
- works with both cloud and local AI models
If you care about clean history, security, and standards — this tool is for you.
- OpenRouter (200+ models — Gemini, Claude, GPT, and more)
- OpenAI (GPT‑4o, GPT‑4o‑mini)
- Local models via Ollama (offline & private)
Sensible defaults out of the box: google/gemini-2.0-flash-lite-001 on OpenRouter
(cheap, fast, great structured output) and gpt-4o-mini on OpenAI.
- Schema-constrained output — the model is forced to return valid structured JSON (json_schema / constrained decoding), so responses don't need brittle parsing
- Grounded in your diff — messages describe only what the diff actually shows, no invented or boilerplate changes
- Token-aware diff chunking (large repos supported)
- Interactive regeneration with feedback
- Custom prompts & project context
- Conventional Commits by default
- Secret scanning via Gitleaks (100+ patterns)
- Blocks API keys, tokens, private keys
- Prevents committing
node_modules/,vendor/, etc. - Secure API key storage (600 permissions)
- Breaking change detection
- Optional push after commit
- Git hooks support
- Per-repository memory + disk cache (no cross-project message bleed)
- Parallel API calls
- Strict TypeScript + comprehensive tests
npm install -g orcommit
orc config set openrouter YOUR_API_KEY
git add .
orc commitThat’s it.
Don't use
sudo npm install -g. A root-owned global install creates files that break every later (non-sudo) update withEACCES. Ifnpm install -gasks for elevated permissions, your npm prefix is system-owned — fix it once with a user-owned prefix (no sudo ever again):mkdir -p ~/.npm-global npm config set prefix ~/.npm-global echo 'export PATH="$HOME/.npm-global/bin:$PATH"' >> ~/.zshrc source ~/.zshrc
npm install -g orcommit@latestorc also tells you when a newer version is available. It never auto-installs and never asks for sudo.
If orc reports the wrong version, won't update, or you suspect duplicate
installs, run the built-in diagnostic — it inspects your npm prefix, every orc
on your PATH, and the installed-vs-latest version, then prints exact fixes:
orc doctororc commit # interactive commit
orc commit --yes # auto-confirm
orc commit --context "..." # extra context
orc commit --emoji # gitmoji
orc commit --breaking # breaking change
orc commit --dry-run # preview only
orc doctor # diagnose install / PATH / update issuesORCommit includes mandatory security checks:
- 🔍 Secret scanning via Gitleaks
- 🚫 Blocks API keys, tokens, private keys
- 🚫 Prevents committing dependency folders
These checks run before commit creation and cannot be bypassed accidentally.
- Teams — enforce commit standards automatically
- Open Source — keep contribution quality high
- Enterprise — prevent leaks and ensure compliance
Config is stored at ~/.config/orcommit.json (permissions 600).
{
"providers": {
"openrouter": {
"model": "google/gemini-2.0-flash-lite-001"
}
},
"preferences": {
"defaultProvider": "openrouter",
"commitFormat": "conventional",
"temperature": 0.3
}
}A low
temperature(default0.3) keeps messages grounded in the actual diff and avoids drifting into generic, memorized phrasings.
Environment variables are also supported:
export OPENROUTER_API_KEY="your-key"
export OPENAI_API_KEY="your-key"- Fork the repository
- Create a feature branch
- Add tests
- Submit a pull request
ORCommit is built and maintained by Reforms.ai — a team specializing in AI-powered developer tools.
Commercial support, consulting, and custom AI integrations are available.
MIT License — see LICENSE.
Built with ❤️ using TypeScript and modern AI tooling.