v2.2.0 — Security, Linting, Policies & New CLI Commands

What's New

Security Module

• Secret detection: 7 patterns (AWS keys, GitHub PATs, Docker passwords, private keys, Slack webhooks, base64 secrets, generic API keys)
• Permissions audit: Detects missing permissions block, suggests minimal GitHub Actions permissions
• Injection detection: 11 dangerous GitHub Actions expression contexts flagged in run steps
• Supply chain risk: Classifies action pinning (SHA/tag/branch/latest), known compromised actions database

Config Linter

• Deprecation checks: Outdated action versions (checkout@v2, setup-node@v2, etc.), deprecated GitLab CI keywords
• Schema validation: GitHub Actions and GitLab CI structure validation
• Typo detection: Fuzzy matching with Damerau-Levenshtein distance for unknown keys

Compliance Policies

• Configurable rules from .pipelinex/policy.toml
• Rules: SHA pinning, banned runners, required caching, max duration, concurrency control
• pipelinex policy init generates starter policy file
• pipelinex policy check enforces rules with pass/fail exit codes

New CLI Commands

• pipelinex completions <shell> — Bash/Zsh/Fish/PowerShell completions
• pipelinex init — Auto-detect CI platform, generate config
• pipelinex compare <a> <b> — Diff analysis results between two configs
• pipelinex watch <path> — Re-analyze on file changes
• pipelinex lint <file> — Config linting
• pipelinex security <file> — Security scanning
• pipelinex policy check/init — Compliance policy management

Output

• New --format markdown output for analyze command

Stats

• 123 tests passing (91 unit + 32 integration)
• 18 files changed, +2,792 lines

Full Changelog: v2.1.1...v2.2.0