A native macOS menu-bar app that watches your GitLab CI, notifies on the transitions you care about, and stays out of your way the rest of the time. Sandboxed, no backend, your PAT stays in your Keychain.
Native binary · No Electron, no JS runtime
backends · everything talks directly to gitlab.com
PAT in macOS Keychain · never logged, never sent anywhere else
Built & operated in Switzerland by ILYGO Sàrl
Not a dashboard you have to open. Not a Slack bot you have to mute. A menu-bar icon that turns red when something needs you.
Green tick when everything's fine. Red cross the second a pipeline on a watched project fails. Adaptive polling — 15 s when something's active, 5 min when nothing moves.
Granular toggles per event: started, succeeded, failed, manual gate, stage completed. Anti-fatigue grouping kicks in if four pipelines on the same project transition in 30 s.
Personal access token stored in the macOS Keychain via Security.framework. Never logged (not even in .private redacted form). Sandboxed app, hardened runtime, no third-party dependencies.
Failed pipeline? The row tells you exactly which stage broke — test:integration, deploy:prod — instead of a generic red dot. Tap to open the failing job in GitLab.
Each project keeps a rolling average of pipeline durations. A live row shows "8 m elapsed · ~6 m remaining (avg 14 m)". If a pipeline runs 2× longer than usual, you get an anomaly badge.
No dock icon, no Cmd-Tab clutter. Just a menu-bar status dot and a popover when you need it. Reopens at login, sleeps when your Mac sleeps, resumes when it wakes.
The popover. Sorted by date, color-coded by status, filtered to the last 72 hours so the noise stays out.
A PAT lets you read every pipeline in every project you have access to. Treat that like a key — and our app does too.
Stored via Security.framework with kSecAttrAccessibleWhenUnlockedThisDeviceOnly. A file-based fallback (0600 permissions, sandbox container only) survives ad-hoc signing changes between dev builds.
The PAT never traverses os.Logger — not even in .private redacted form. No print, no NSLog, no third-party crash reporter. Diagnostics export strips secrets before showing them.
com.apple.security.app-sandbox + hardened runtime. The only entitlement we ship with is network.client for outbound HTTPS to gitlab.com. No file-system access outside the sandbox container.
Your app talks to gitlab.com directly. Nothing transits an ILYGO server — there's no server to transit. We can't read your pipelines because they never reach us.
No closed binary blobs, no obfuscation. Zero third-party Swift dependencies (no Alamofire, no Apollo) — what's in the binary is what's in Packages/. Hardened runtime + universal binary, ready for the Mac App Store.
ILYGO Sàrl, Vaud, Switzerland. Swiss data protection law (FADP/nDSG) by default. If we ever ship a sync service, it lives in 🇨🇭 hosting only.
A short, honest comparison with the tools people typically replace with Pipeline Glance.
| Pipeline Glance | GitLab web UI | Slack integration | Generic dashboards | |
|---|---|---|---|---|
| Lives in menu bar (zero clicks) | ● | ○ | ○ | ○ |
| Native binary, < 10 MB | ● | web | Electron | Electron |
| No 3rd-party backend (PAT stays local) | ● | ● | ● | ● |
| Per-event opt-in notifications | ● | ○ | all-or-nothing | — |
| Failure tells you which stage | ● | after clicks | ○ | — |
| Running ETA from history | ● | ○ | ○ | — |
| Offline cache · works at boot | ● | ○ | ○ | — |
v1 targets gitlab.com — the public, hosted one. Self-hosted GitLab (Enterprise Edition, Community Edition) is on the roadmap; the API contract is the same, but the host URL needs to be configurable. Ping us if you need it sooner.
For classic tokens: read_api. For fine-grained tokens: read access on projects and pipelines. The app only sends GET requests — nothing destructive ever. You can verify in your GitLab security log.
It does — but politely. Adaptive polling (15 s when popover is open and pipelines are active, up to 5 min when idle), enrich cap at 60 pipelines per cycle, a token-bucket rate limiter respects gitlab.com's 300 req/min limit. Real usage hovers around 1–3 % of quota on a typical day.
Not yet. Pipeline Glance ships as a Mac App Store binary. We may open the source in the future once the architecture is stable. There are zero third-party Swift dependencies — what runs on your Mac is purely first-party code.
No. It's a native AppKit + SwiftUI app — macOS only, macOS 16 Tahoe and later. We'd have to rewrite it from scratch for other platforms, which isn't planned.
In GitLab, go to your Personal Access Tokens page and revoke the one named "Pipeline Glance" (or whatever you named it). That instantly invalidates the PAT — the lost device can no longer query the API. The token doesn't sync anywhere.
Currently English and French in full. German and Italian have basic strings. The notification templates are fully localized in FR.
The desktop app stays free during private beta. The eventual public release on the Mac App Store may have a one-time price — no subscription, no telemetry, no upsell.
Native binary in the works. macOS Universal first. Free during beta.