Skip to content

feat: v2.2-v2.3 roadmap — security, linting, policies, new CLI commands #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mackeh merged 1 commit into from
Feb 11, 2026
Merged

feat: v2.2-v2.3 roadmap — security, linting, policies, new CLI commands #1

mackeh merged 1 commit into from
Feb 11, 2026
+2,792 −8

Conversation

@mackeh
Copy link
Owner

@mackeh mackeh commented Feb 11, 2026

Summary

  • Security module: secrets detection (7 patterns), permissions auditing, expression injection detection (11 dangerous contexts), supply chain risk assessment for third-party actions
  • Config linter: deprecation checks, schema validation (GitHub Actions + GitLab CI), typo detection with fuzzy matching
  • Compliance policies: configurable rules from .pipelinex/policy.toml (SHA pinning, banned runners, required caching, max duration, concurrency control)
  • New CLI commands: completions, init, compare, watch, lint, security, policy
  • Markdown output: --format markdown for analyze command

Test plan

  • All 123 tests passing (91 unit + 32 integration)
  • Clippy clean with -D warnings
  • cargo fmt — no formatting issues
  • Manual testing of new CLI commands against real workflow files

🤖 Generated with Claude Code

@mackeh @claude
feat: implement v2.2-v2.3 roadmap — security scanning, linting, polic…
060f589 
…ies, and new CLI commands

Add security module with secrets detection (AWS keys, GitHub PATs, Docker passwords,
private keys, Slack webhooks), permissions auditing, expression injection detection,
and supply chain risk assessment for third-party actions.

Add config linter with deprecation checks (outdated action versions, deprecated GitLab
keywords), schema validation (GitHub Actions and GitLab CI structure), and typo
detection using Damerau-Levenshtein fuzzy matching.

Add compliance policy engine with configurable rules (SHA pinning, banned runners,
required caching, max duration, concurrency control) loaded from .pipelinex/policy.toml.

New CLI commands: completions, init, compare, watch, lint, security, policy.
New output format: markdown (--format markdown).

All 123 tests passing, clippy clean, formatted.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@mackeh mackeh merged commit b5cf6dc into main Feb 11, 2026
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mackeh