Project
X-Manager
A self-hosted X/Twitter management app I built because I got tired of paying SaaS tools to hold my data hostage. Schedule posts, track analytics, manage two accounts, and let AI agents publish autonomously through a secure API - all backed by SQLite on your own machine.
No external dependencies. Everything encrypted at rest. Runs on a $5 VPS.
Why I built it
Managing X properly means scheduling, engagement, analytics, and API costs - usually spread across multiple tools that each want a monthly fee and a copy of your data. I wanted one app I could run myself, with my API keys never leaving my machine.
The other thing: most social tools are built for humans clicking buttons. I needed something that works just as well when an AI agent calls the API. X-Manager is built for both.
What it does
Content Scheduling
Schedule posts with a visual calendar, bulk-import from CSV, build threads, attach media, and target specific conversations with reply-to support.
Multi-Account
Connect up to two X accounts side-by-side. Each account has its own OAuth credentials, and you can target posts to either slot from one dashboard.
Engagement Inbox
View incoming mentions and DMs in one place. Tag conversations, add internal notes, quick-reply with saved templates, and track status from new to resolved.
Analytics Dashboard
Post-level metrics: impressions, likes, retweets, replies, quotes, bookmarks. Engagement trends over time and best posting times analysis.
AI Campaign Engine
Define campaign objectives and let agents plan and execute tasks -- post, reply, DM, like, research -- with human approval gates and durable run history.
Bridge API
A secure REST endpoint for external bots and AI agents to publish through your accounts. Token auth, HMAC signing, rate limiting, and SSRF protection built in.
Built for autonomous workflows
Bridge API
External bots publish through a secure REST endpoint with token auth and optional HMAC request signing. Rate-limited, SSRF-protected, and designed for fire-and-forget usage.
Campaign Automation
Define objectives, and the agent engine breaks them into executable tasks with priority, scheduling, and approval workflows. Every action is logged with durable run history.
Webhook Events
Subscribe to lifecycle events -- post published, task completed, approval requested -- and wire them into external systems. HMAC-signed payloads with automatic deactivation after repeated failures.
Privacy-first by design
Self-hosted means your API keys and OAuth tokens stay on your machine. Credentials are encrypted at rest with AES-256-GCM, sessions use HMAC-SHA256 signed cookies, and production mode won't even start without encryption configured.
The Bridge API has SSRF protection, replay prevention, rate limiting, and host allowlists. Legacy plaintext credentials get cleared automatically after migration. Built for actual production use, not just demos.
Built with
| Framework | Next.js 15 (React 19) + TypeScript |
| Database | SQLite (better-sqlite3) with Drizzle ORM |
| Auth | OAuth 1.0a for X API, HMAC-signed sessions |
| Encryption | AES-256-GCM for stored credentials |
| Scheduling | node-cron with in-app or standalone worker mode |
| Styling | Tailwind CSS |
| Testing | Vitest |
| Platform | Ubuntu 22.04/24.04, Node.js 20+, runs on any Linux |
Up and running in 5 minutes
Clone and install
git clone https://github.com/tylerbuilds/x-manager.git && cd x-manager && npm install
Start the app
npm run dev -- open localhost:3999. Paste your X API credentials into the in-app setup panel. No .env file needed.
Connect and schedule
Click Connect to authorize via OAuth. You're ready to schedule posts, import CSVs, and manage your X presence.
MIT licensed. Do what you want with it.
Free and open source. Fork it, extend it, submit PRs - it's all welcome. Built and tested on Ubuntu, runs anywhere Node.js does.