Skip to content

feat: v2.3-v3.0 roadmap — SBOM, signing, badges, MCP server, monorepo #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mackeh merged 1 commit into from
Feb 11, 2026
Merged

feat: v2.3-v3.0 roadmap — SBOM, signing, badges, MCP server, monorepo #2

mackeh merged 1 commit into from
Feb 11, 2026

Conversation

@mackeh
Copy link
Owner

@mackeh mackeh commented Feb 11, 2026

Summary

  • Monorepo discovery (2.2.5): Recursive CI config scanning with package name inference
  • Signed reports & SBOM (2.3.6): Ed25519 signing, CycloneDX 1.5 bill-of-materials for CI components
  • Offline/redact modes (2.3.7): --offline for air-gapped envs, --redact for safe external sharing
  • Health score badge (3.0.3): A+ through F grading with shields.io badge generation
  • MCP server (3.0.8): JSON-RPC stdio transport with 5 tools for Claude Code/Cursor AI integration

New CLI Commands

  • pipelinex monorepo [path] — Discover and analyze all CI configs
  • pipelinex sbom [path] — Generate CycloneDX SBOM
  • pipelinex badge <file> — Generate shields.io health badge
  • pipelinex keys generate — Ed25519 keypair for signing
  • pipelinex verify <report> --key <key> — Verify signed report
  • pipelinex mcp-server — Start MCP server for AI tool integration
  • pipelinex analyze --offline --redact --sign <key> — New flags

Test plan

  • 153 tests passing (121 unit + 32 integration)
  • Clippy clean with -D warnings
  • cargo fmt — no formatting issues

🤖 Generated with Claude Code

@mackeh @claude
feat: monorepo discovery, SBOM, signed reports, badges, MCP server, o…
36337da 
…ffline/redact modes

Monorepo support (2.2.5):
- Recursive CI config discovery up to configurable depth
- Package name inference from package.json/Cargo.toml
- Per-package analysis aggregation

Signed reports & SBOM (2.3.6):
- Ed25519 keypair generation, report signing, and verification
- CycloneDX 1.5 SBOM generation from CI pipeline components
- Extracts actions, Docker images, and runner info

Offline mode & redacted reports (2.3.7):
- --offline flag for air-gapped environments
- --redact flag strips secrets, internal URLs, and sensitive values
- --sign flag for JSON output signing

Pipeline health badge (3.0.3):
- Score 0-100 with A+ through F grading
- shields.io badge URL generation
- Markdown output for READMEs

MCP server (3.0.8):
- JSON-RPC stdio transport for Claude Code/Cursor integration
- 5 tools: analyze, optimize, lint, security, cost
- MCP protocol v2024-11-05 compliant

New CLI commands: monorepo, sbom, badge, keys generate, verify, mcp-server
New deps: ed25519-dalek, rand, hex, tempfile

153 tests passing (121 unit + 32 integration), clippy clean.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@mackeh mackeh merged commit e7009e1 into main Feb 11, 2026
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mackeh