A premium Developer Portfolio, Repository Catalog, and Markdown Documentation Explorer built with Laravel. Features automated GitHub sync, a developer blog platform, and secure user access with 2FA.
An open-source platform to showcase GitHub repositories, publish developer blogs, and boost discoverability through SEO-optimized project pages, sitemaps, and llms.txt — built for developers who want their work indexed, linked, and shared.
About
Developer Hub is an open-source platform for developer visibility. It syncs GitHub repositories into rich, crawlable documentation pages and gives registered users a dashboard to submit blogs, link external repos, and share suggestions — all moderated through an admin approval workflow.
Whether you are publishing SDK docs, listing community projects, or growing organic traffic to your GitHub profile, Developer Hub handles the SEO layer so your repositories and writing get found.
Features
GitHub repo sync — Automatically pulls repositories, READMEs, file trees, and metadata from a GitHub profile via github:sync
SEO-first project pages — Structured project pages with code explorer, schema markup, sitemap.xml, and llms.txt for search engines and AI crawlers
Community blogs — Users can register, write Markdown posts, and publish after admin approval
Linked repositories — Submit and showcase external GitHub repos alongside official projects
User dashboard — Manage profile, blogs, linked repos, and API tokens
Admin command center — Approve submissions, manage users, and configure site settings
Authentication — Email verification, password reset, social login (OAuth), and two-factor authentication
REST API — Sanctum-powered API for linked repo integrations
Requirements
PHP 8.3+
Composer 2
Node.js 18+ and npm
SQLite (default) or MySQL / PostgreSQL
Installation
# Clone the repository
git clone https://github.com/ghostcompiler/ghostcompiler.git
cd ghostcompiler
# Install dependencies and set up the app
composer setup
Copy .env.example to .env and configure at minimum:
Variable
Description
APP_NAME
Application name (e.g. Developer Hub)
APP_URL
Public URL of your deployment
DB_CONNECTION
Database driver (sqlite by default)
GITHUB_TOKEN
GitHub personal access token for repo sync
Sync GitHub repositories
php artisan github:sync
Development server
composer dev
This starts the Laravel server, queue worker, log tail, and Vite dev server concurrently.
Project structure
Path
Purpose
app/Http/Controllers/
Web and API controllers
app/Console/Commands/
github:sync, project tree caching
app/Models/
Projects, blogs, linked repos, users
resources/views/
Blade templates for public and dashboard UI
routes/web.php
Public routes, auth, dashboard, SEO endpoints
routes/api.php
Sanctum API routes
SEO endpoints
URL
Description
/sitemap.xml
Dynamic sitemap for projects, blogs, and repo files
/llms.txt
Machine-readable site summary for AI crawlers
/robots.txt
Crawler directives with sitemap reference
Testing
composer test
License
This project is open-sourced under the MIT license.
Development Environment
Built using ServBay
Mac M4 Tested
macOS Apple Silicon
Powered by ServBay
Filesmain
Repository Files
Loading file structure...
Select a file from the repository tree to inspect its code.
privacy-policy.md
# Privacy Policy
**Last updated: June 17, 2026** · Effective: June 17, 2026
At **Ghost Compiler** (ghostcompiler.in), your privacy is not just a legal formality — it is a core part of how we build our platform. This Privacy Policy explains what data we collect, why we collect it, how it is protected, and what rights you have over it.
---
## 1. Who We Are
**Ghost Compiler** is an independent open-source developer platform operated at [https://ghostcompiler.in](https://ghostcompiler.in). We publish open-source SDKs, Laravel packages, Plesk extensions, developer utilities, and technical documentation.
For privacy-related inquiries, contact us at **hello@ghostcompiler.in**.
---
## 2. Data We Collect
We collect only the data necessary to provide our services. We do not collect data for advertising, profiling, or sale to third parties.
### 2.1 Account Registration Data
When you register directly on our platform, we collect:
- **Full name** — to personalise your profile and communications
- **Email address** — for account identification, verification, notifications, and two-factor authentication
- **Password (hashed)** — stored as a bcrypt hash; we never store plain-text passwords
### 2.2 OAuth / Social Login Data
When you sign in via **Google** or **GitHub**, we receive from the OAuth provider only:
- Your **name** and **email address** as authorised by the provider
- A **provider-specific user ID** (opaque numeric/string identifier), stored to link your provider account to your Ghost Compiler account
- We do **not** receive or store your social account password, phone number, followers, or any other profile data
### 2.3 Content You Submit
- **Blog Posts** — title, summary, and Markdown-formatted content you publish on the platform
- **Repository Links** — the GitHub repository URL, title, and description you voluntarily submit for indexing
- **API Tokens** — cryptographic tokens you generate from your dashboard (stored as hashed values; plaintext is shown only once at generation time)
### 2.4 Repository Indexing Data
When a repository is linked and approved, we fetch and store:
- Repository **metadata** (name, description, star count, language, topics, license) from the GitHub API
- The repository's **README** file and linked documentation pages (Markdown converted to safe HTML)
- Latest **release information** (tag name, version, published date) from public GitHub Releases API
This data is sourced entirely from public GitHub APIs and is identical to what any visitor to the GitHub page can see.
### 2.5 Session & Technical Data
- **Session data** — a server-side Laravel session cookie to maintain login state and two-factor verification status
- **Two-Factor OTP** — a 6-digit time-limited one-time password stored temporarily in your server-side session (never in the database)
- **Theme preference** — stored in your browser's `localStorage` only (never sent to our server)
- **Server logs** — standard web server access logs (IP address, request path, HTTP status, timestamp) for security and debugging
---
## 3. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Authenticating your login sessions | Contractual necessity |
| Sending email verification links | Contractual necessity |
| Sending two-factor authentication codes | Contractual necessity / Security |
| Sending password reset links | Contractual necessity |
| Displaying your profile and content on the platform | Contractual necessity |
| Indexing and displaying linked GitHub repositories | User consent (explicit submission) |
| Notifying administrators of new repository submissions | Legitimate interest |
| Maintaining server security logs | Legitimate interest |
We **do not** use your data for:
- Advertising or behavioural profiling
- Selling or renting to any third party
- Training machine learning or AI models
- Marketing to unrelated third parties
---
## 4. Cookies & Local Storage
### Cookies We Set
| Cookie | Purpose | Duration |
|---|---|---|
| `ghostcompiler_session` | Laravel encrypted session (authentication, CSRF, 2FA state) | Session / configurable |
| `XSRF-TOKEN` | Cross-Site Request Forgery protection | Session |
### Local Storage
| Key | Purpose |
|---|---|
| `color-theme` | Stores your light/dark mode preference locally in your browser |
We use **no tracking cookies**, **no analytics cookies** (Google Analytics, Hotjar, etc.), and **no advertising cookies**.
---
## 5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account |
| Blog posts | Until you delete them or your account is removed |
| Linked repository records | Until removed by you or an admin |
| Server access logs | Up to 90 days, then purged |
| Two-factor OTP session values | 10 minutes, then auto-expired |
| Password reset tokens | 60 minutes, then invalidated |
| Email verification tokens | 60 minutes, then expired |
---
## 6. Data Sharing
We share your data with **no third parties** for commercial or analytical purposes. The only limited sharing that occurs is:
- **GitHub API** — We send repository URLs to the GitHub API to fetch metadata. GitHub's own Privacy Policy governs that interaction.
- **Google OAuth / GitHub OAuth** — When you use social login, you are redirected to those providers. We receive only the minimal data described in §2.2.
- **Email delivery** — If configured, our mail server (e.g., SMTP provider) processes the email address necessary to deliver verification and OTP emails.
- **Hosting provider** — Our web hosting provider processes connection data as part of delivering the site. No user data is shared beyond standard server operation.
---
## 7. Security Measures
We implement industry-standard security practices:
- All passwords stored as **bcrypt hashes** — never in plaintext
- All connections served over **HTTPS / TLS**
- **CSRF tokens** on all state-changing forms
- **Rate limiting** on login, registration, password reset, OTP, and API endpoints
- **Mandatory two-factor authentication** for all accounts (TOTP app or email OTP)
- **Signed and time-limited** email verification links (expire after 60 minutes)
- **Cryptographically secure** OTP generation using PHP's `random_int()`
- **XSS protection** — all user-submitted Markdown is sanitised before rendering
- **SQL injection protection** via Laravel's parameterised query system
---
## 8. Your Rights
Depending on your location, you may have the right to:
- **Access** — Request a copy of the personal data we hold about you
- **Rectification** — Correct inaccurate data in your profile via the dashboard
- **Erasure** — Request deletion of your account and associated data
- **Restriction** — Request that we restrict processing of your data
- **Portability** — Request your data in a machine-readable format
- **Objection** — Object to processing based on legitimate interest
To exercise any of these rights, email us at **hello@ghostcompiler.in** with the subject line "Privacy Request". We will respond within **30 days**.
---
## 9. Children's Privacy
Ghost Compiler is a developer-focused platform intended for users aged **18 and above**. We do not knowingly collect personal data from children under 18. If you believe we have inadvertently collected data from a minor, contact us immediately at **hello@ghostcompiler.in** and we will delete it promptly.
---
## 10. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. When we do, we will update the "Last updated" date at the top of this page. Your continued use of the platform after changes are posted constitutes your acceptance of the updated policy.
---
## 11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:
- **Email:** hello@ghostcompiler.in
- **Website:** https://ghostcompiler.in
- **Response time:** Within 48 business hours
*Ghost Compiler is committed to transparency and responsible data stewardship.*