Self-hosted runners, without the babysitting.
RunWatch is a desktop app for GitHub Actions self-hosted runners: install them over SSH without ever copying a registration token, and watch health, capacity, and logs across your whole fleet — live.
Free for individuals · no account required · open source (Apache-2.0)
How it works
1 Connect
Add a GitHub account with a fine-grained PAT and point RunWatch at your servers over SSH. Host keys are verified on first use, and credentials go straight into your OS keychain.
2 Install
Pick a repo or org, choose labels, and RunWatch downloads, registers, and starts the runner as a service. You never see — let alone copy-paste — a registration token.
3 Watch
A live fleet view shows online/busy state, disk and
_work bloat, version drift, and per-label queue
pressure — with notifications the moment a runner goes offline
or a pool saturates.
Local-first, by architecture
- No account. RunWatch needs no sign-up and works offline. Download it, connect your things, done.
- Credentials never leave your machine. PATs and SSH keys live in the macOS Keychain, Windows Credential Manager, or Secret Service — not in our cloud, because there isn't one.
- Nothing phones home. The only network calls are the ones you configure: GitHub's API and SSH to your own servers.
Pricing
RunWatch is free and unlimited for individuals, forever. A per-seat team tier — shared runner inventory, roles, audit log — is on the roadmap. Core management and health will never be paywalled.
FAQ
What GitHub permissions does it need?
A fine-grained PAT scoped to just what runner management needs: repository Administration (read/write) for repo-level runners, or the organization Self-hosted runners permission for org-level ones, plus read access to Actions for queue visibility. The app shows exactly which capability is missing when a call is denied — no over-scoped classic tokens.
Is it open source?
Yes — the desktop app is open source under Apache-2.0. The optional team-sync backend (in development) is a hosted service and stays closed; nothing local depends on it.
Why not just scripts and the gh CLI?
You can — that's how most fleets start. RunWatch is for when the
pet scripts grow teeth: strict host-key checking instead of
ssh -o StrictHostKeyChecking=no, registration without
token copy-paste, idempotent installs, and health you can see
instead of health you remember to check.
Why does my OS warn me during install?
Pre-1.0 builds are not yet code-signed, so macOS and Windows show an unidentified-developer warning. The workarounds are on the release page, and signing/notarization is tracked publicly.
Does it support GitLab or other CI providers?
Not yet — GitHub Actions first. GitLab is tracked as an expansion path once the GitHub experience is solid.