v2.3.0 — SBOM, Signed Reports, Badges, MCP Server, Monorepo

What's New

Monorepo Discovery (2.2.5)

• pipelinex monorepo recursively scans directories for CI configs (up to configurable depth)
• Infers package names from package.json / Cargo.toml
• Aggregates findings per-package with summary statistics

Signed Reports & CI SBOM (2.3.6)

• Ed25519 signing: pipelinex keys generate creates keypair, --sign flag on analyze produces signed JSON
• Verification: pipelinex verify report.json --key public.key validates authenticity
• CycloneDX SBOM: pipelinex sbom generates a bill-of-materials listing all actions, Docker images, and runner environments

Offline Mode & Redacted Reports (2.3.7)

• --offline flag disables all network calls for air-gapped environments
• --redact flag strips secrets, internal URLs, and sensitive values for safe external sharing

Pipeline Health Score Badge (3.0.3)

• pipelinex badge ci.yml generates shields.io-compatible badge
• Scoring: 100-point scale, grades A+ through F
• Output formats: markdown (for READMEs), JSON, URL

MCP Server (3.0.8)

• pipelinex mcp-server starts JSON-RPC stdio server for AI tool integration
• 5 tools: pipelinex_analyze, pipelinex_optimize, pipelinex_lint, pipelinex_security, pipelinex_cost
• Compatible with Claude Code, Cursor, and any MCP client
• MCP protocol version: 2024-11-05

Stats

• 153 tests passing (121 unit + 32 integration)
• 13 files changed, +1,976 lines

Full Changelog: v2.2.0...v2.3.0