Project
X-Manager
X-Manager is a self-hosted X/Twitter management platform that treats agents and humans as first-class citizens. Schedule content, manage engagement, track analytics, and expose a secure Bridge API for autonomous publishing -- all from a single app backed by SQLite.
Zero external dependencies. Full encryption at rest. Runs on a $5 VPS.
Why I built it
Managing an X presence means juggling scheduling, engagement, analytics, and API costs -- usually across multiple paid SaaS tools that hold your data hostage. I wanted something I could run on my own infrastructure, with my API keys never leaving my machine.
More importantly, I wanted a platform that was just as useful for AI agents as it is for humans. Most social management tools are built for point-and-click. X-Manager is built for both the dashboard and the API call.
What it does
Content Scheduling
Schedule posts with a visual calendar, bulk-import from CSV, build threads, attach media, and target specific conversations with reply-to support.
Multi-Account
Connect up to two X accounts side-by-side. Each account has its own OAuth credentials, and you can target posts to either slot from one dashboard.
Engagement Inbox
View incoming mentions and DMs in one place. Tag conversations, add internal notes, quick-reply with saved templates, and track status from new to resolved.
Analytics Dashboard
Post-level metrics: impressions, likes, retweets, replies, quotes, bookmarks. Engagement trends over time and best posting times analysis.
AI Campaign Engine
Define campaign objectives and let agents plan and execute tasks -- post, reply, DM, like, research -- with human approval gates and durable run history.
Bridge API
A secure REST endpoint for external bots and AI agents to publish through your accounts. Token auth, HMAC signing, rate limiting, and SSRF protection built in.
Built for autonomous workflows
Bridge API
External bots publish through a secure REST endpoint with token auth and optional HMAC request signing. Rate-limited, SSRF-protected, and designed for fire-and-forget usage.
Campaign Automation
Define objectives, and the agent engine breaks them into executable tasks with priority, scheduling, and approval workflows. Every action is logged with durable run history.
Webhook Events
Subscribe to lifecycle events -- post published, task completed, approval requested -- and wire them into external systems. HMAC-signed payloads, automatic retry, and failure tracking.
Privacy-first by design
X-Manager is self-hosted. Your API keys and OAuth tokens never leave your machine. All credentials are encrypted at rest with AES-256-GCM. Sessions use HMAC-SHA256 signed cookies. Production mode refuses to start without encryption configured.
The Bridge API and thread builder include SSRF protection with per-hop redirect validation, timestamp-based replay prevention, rate limiting, and configurable host allowlists. Legacy plaintext credentials are automatically cleared after migration to the encrypted store. It's built for real-world production use, not just demos.
Built with
| Framework | Next.js 15 (React 19) + TypeScript |
| Database | SQLite (better-sqlite3) with Drizzle ORM |
| Auth | OAuth 1.0a for X API, HMAC-signed sessions |
| Encryption | AES-256-GCM for stored credentials |
| Scheduling | node-cron with in-app or standalone worker mode |
| Styling | Tailwind CSS |
| Testing | Vitest |
| Platform | Ubuntu 22.04/24.04, Node.js 20+, runs on any Linux |
Up and running in 5 minutes
Clone and install
git clone https://github.com/tylerbuilds/x-manager.git && cd x-manager && npm install
Start the app
npm run dev -- open localhost:3999. Paste your X API credentials into the in-app setup panel. No .env file needed.
Connect and schedule
Click Connect to authorize via OAuth. You're ready to schedule posts, import CSVs, and manage your X presence.
MIT licensed. Yours to run, fork, and extend.
X-Manager is free and open source. Star the repo, report issues, submit PRs -- contributions are welcome. Built on Ubuntu, tested on Ubuntu, and runs anywhere Node.js does.