Pipeline Assistant MCP
An MCP server that automates CI/CD pipeline creation, analysis, and security enforcement. It generates production-ready pipelines from templates and enforces DevSecOps best practices.
README
Pipeline Assistant MCP
AI-powered CI/CD pipeline automation using Model Context Protocol (MCP)
Transform pipeline creation from hours to seconds with guaranteed security compliance and DevSecOps best practices built-in.
What is Pipeline Assistant MCP?
Pipeline Assistant MCP is an intelligent system that automates the complete CI/CD pipeline lifecycle using AI. It leverages the Model Context Protocol (MCP) to provide context-aware pipeline generation, analysis, and improvement suggestions.
It's not just a validation tool - it's a complete DevSecOps assistant that:
- Generates production-ready pipelines from templates
- Enforces corporate security policies automatically
- Analyzes existing pipelines for vulnerabilities
- Provides actionable improvement suggestions
- Tracks compliance metrics across your organization
Why Pipeline Assistant MCP?
The Problem
Developer: "I need to create a pipeline for my .NET microservice"
2-4 hours later...
- Forgot security scanning stage
- Hardcoded database credentials
- Didn't configure dependency caching
- Tests don't generate coverage reports
- Deploys directly to production without approval
Result: Insecure, slow, non-compliant pipeline
The Solution
Developer: "Generate a .NET pipeline for production"
5 seconds later...
- Complete 6-stage pipeline generated
- All 10 security policies applied (SEC-001 to SEC-010)
- Optimized caching configured
- Tests with coverage reporting
- Production deployment with approval gates
- SBOM generation included
- Compliance Score: 98%
Result: Production-ready, secure, compliant pipeline
Business Value
| Metric | Before | After | Improvement |
|---|---|---|---|
| Pipeline creation time | 2-4 hours | 5 seconds | 99.9% faster |
| Security compliance | ~40% | 95%+ | +55% |
| Vulnerability detection | Manual review | Automatic | Real-time |
| Standards adoption | Inconsistent | Enforced | 100% coverage |
Architecture
System Overview
graph TB
subgraph "Developer Interfaces"
CLI[CLI Tools]
VSC[VS Code Extension]
CD[Claude Desktop]
GHA[GitHub Actions]
ADO[Azure DevOps]
end
subgraph "Core Services"
MCP[MCP Server]
PG[Pipeline Generator]
PA[Pipeline Analyzer]
PE[Policy Enforcer]
WM[Wiki Manager]
end
subgraph "Data Sources"
WIKI[Corporate Wiki v2.0]
POL[Security Policies]
TPL[Platform Templates]
MET[Adoption Metrics]
end
CLI --> MCP
VSC --> MCP
CD --> MCP
GHA --> MCP
ADO --> MCP
MCP --> PG
MCP --> PA
MCP --> PE
MCP --> WM
PG --> WIKI
PA --> POL
PE --> POL
WM --> MET
PG --> TPL
style MCP fill:#e1f5fe
style WIKI fill:#f3e5f5
style POL fill:#ffebee
Component Interaction
sequenceDiagram
participant D as Developer
participant M as MCP Server
participant G as Generator
participant E as Enforcer
participant W as Wiki
D->>M: Generate pipeline (dotnet, prod)
M->>W: Load standards v2.0
W-->>M: Stages, Policies, SLAs
M->>G: Create pipeline
G->>E: Apply security policies
E-->>G: SEC-001 to SEC-010
G-->>M: Complete pipeline
M-->>D: Pipeline + Compliance Score
Technology Stack
graph LR
subgraph "Runtime"
NODE[Node.js 20+]
TS[TypeScript 5.3]
end
subgraph "Protocol"
MCP[Model Context Protocol]
STDIO[STDIO Transport]
end
subgraph "Testing"
VIT[Vitest]
ZOD[Zod Validation]
end
subgraph "Integrations"
AZDO[Azure DevOps API]
GH[GitHub API]
VSCE[VS Code API]
end
NODE --> TS
TS --> MCP
MCP --> STDIO
TS --> VIT
TS --> ZOD
TS --> AZDO
TS --> GH
TS --> VSCE
Features
Core Capabilities
- Multi-Platform Support - Generate pipelines for Azure DevOps and GitHub Actions
- Pipeline Generation - Create complete pipelines from templates (.NET, Node.js, Python, Java, Go)
- Security Analysis - Detect hardcoded secrets, missing security stages, 15+ vulnerability types
- Policy Enforcement - Automatically apply SEC-001 to SEC-010 security policies
- Compliance Scoring - Calculate 0-100 scores with detailed breakdowns
- SBOM Generation - Software Bill of Materials for supply chain security
Integrations
- VS Code Extension - Real-time analysis, quick fixes, 35+ snippets
- Claude Desktop - Natural language pipeline generation via MCP
- GitHub Actions - Automatic PR analysis workflow
- Azure DevOps - PR Bot with webhook support
Security Features
- Webhook Signature Validation - HMAC-SHA256 with timing-safe comparison
- Secret Masking - Automatic redaction of tokens, passwords, API keys
- Rate Limiting - Sliding window algorithm to prevent abuse
- Input Validation - Zod schemas for all user inputs
Quick Start
Prerequisites
- Node.js 20+ and npm 9+
- Git
Installation
git clone https://github.com/soydachi/pipeline-assistant-mcp.git
cd pipeline-assistant-mcp
npm install
npm run build
npm test
Basic Usage
# Generate a pipeline for Azure DevOps
node dist/cli/pipeline-assistant.js generate \
--platform azure-devops \
--type dotnet \
--env production
# Generate a pipeline for GitHub Actions
node dist/cli/pipeline-assistant.js generate \
--platform github-actions \
--type node \
--env staging
# Analyze a pipeline
node dist/cli/pipeline-assistant.js analyze \
examples/pipelines/pipeline-con-problemas.yml
# List available platforms
node dist/cli/pipeline-assistant.js platforms
# List available templates
node dist/cli/pipeline-assistant.js templates --platform azure-devops
Project Structure
pipeline-assistant-mcp/
├── src/ # Core MCP server
│ ├── server.ts # MCP server entry point
│ ├── pipeline-generator.ts # Pipeline generation
│ ├── pipeline-analyzer.ts # Security analysis
│ ├── policy-enforcer.ts # Policy enforcement
│ ├── wiki-parser.ts # Standards parser
│ ├── wiki-manager.ts # Wiki management
│ ├── container.ts # Dependency injection
│ ├── platforms/ # Multi-platform support
│ │ ├── azure-devops.ts
│ │ └── github-actions.ts
│ ├── azure-devops/ # Azure DevOps integration
│ │ ├── client.ts
│ │ ├── pr-bot.ts
│ │ └── webhook-handler.ts
│ └── utils/ # Shared utilities
│ ├── logger.ts
│ ├── validation.ts
│ └── rate-limiter.ts
├── cli/ # Command-line tools
│ ├── pipeline-assistant.ts
│ ├── wiki-cli.ts
│ └── pr-bot-cli.ts
├── vscode-extension/ # VS Code extension
├── wiki/standards/ # Corporate standards v2.0
│ ├── core/ # Stage definitions
│ ├── security/ # Security policies
│ ├── quality/ # Quality gates
│ ├── platforms/ # Platform templates
│ │ ├── azure/templates/
│ │ └── github/templates/
│ ├── migration/ # Migration guides
│ └── governance/ # Governance docs
├── tests/ # Test suite (341+ tests)
└── examples/ # Example pipelines
Documentation
| Document | Description |
|---|---|
| Workshop Guide | Complete tutorial with architecture deep-dive |
| Usage Guide | Reference for all platforms and configurations |
| Contributing | How to contribute to the project |
| Changelog | Version history and release notes |
Integrations
MCP Server (Claude Desktop)
{
"mcpServers": {
"pipeline-assistant": {
"command": "node",
"args": ["dist/src/server.js"],
"cwd": "/path/to/pipeline-assistant-mcp"
}
}
}
VS Code Extension
cd vscode-extension
npm install && npm run compile
# Press F5 to launch in development mode
Azure DevOps
export AZDO_ORG_URL="https://dev.azure.com/your-org"
export AZDO_PAT="your-personal-access-token"
export AZDO_PROJECT="your-project"
GitHub Actions
Add .github/workflows/pipeline-review.yml to automatically analyze PRs.
See Usage Guide for detailed configuration.
Standards v2.0
Pipeline Assistant uses a structured standards system:
Security Policies (SEC-001 to SEC-010)
| Policy | Name | Level |
|---|---|---|
| SEC-001 | Secret Scanning | Mandatory |
| SEC-002 | SAST Analysis | Mandatory |
| SEC-003 | Dependency Scanning | Mandatory |
| SEC-004 | Container Scanning | Conditional |
| SEC-007 | DAST | Conditional |
| SEC-008 | License Compliance | Mandatory |
| SEC-010 | SBOM Generation | Mandatory |
Mandatory Pipeline Stages
- Validate - Linting, formatting, type checking
- Security - All security scans (parallel)
- Build - Application build + SBOM
- Test - Unit + Integration tests
- Scan - Container security
- Deploy - Environment deployments
Development
npm run dev # Watch mode
npm test # Run tests (341+ tests)
npm run lint # Check code style
npm run build # Build project
Testing
# Run all tests
npm test
# Run specific test
npx vitest run tests/policy-enforcer.test.ts
# Run with coverage
npx vitest run --coverage
Contributing
We welcome contributions! Please see CONTRIBUTING.md for guidelines.
License
Author
Dachi Gogotchuri (@soydachi)
- Website: soydachi.com
- LinkedIn: Dachi Gogotchuri
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.