AI-powered CI/CD pipeline automation using Model Context Protocol (MCP)
Transform pipeline creation from hours to seconds with guaranteed security compliance and DevSecOps best practices built-in.
Pipeline Assistant MCP is an intelligent system that automates the complete CI/CD pipeline lifecycle using AI. It leverages the Model Context Protocol (MCP) to provide context-aware pipeline generation, analysis, and improvement suggestions.
It's not just a validation tool - it's a complete DevSecOps assistant that:
- Generates production-ready pipelines from templates
- Enforces corporate security policies automatically
- Analyzes existing pipelines for vulnerabilities
- Provides actionable improvement suggestions
- Tracks compliance metrics across your organization
Developer: "I need to create a pipeline for my .NET microservice"
2-4 hours later...
- Forgot security scanning stage
- Hardcoded database credentials
- Didn't configure dependency caching
- Tests don't generate coverage reports
- Deploys directly to production without approval
Result: Insecure, slow, non-compliant pipeline
Developer: "Generate a .NET pipeline for production"
5 seconds later...
- Complete 6-stage pipeline generated
- All 10 security policies applied (SEC-001 to SEC-010)
- Optimized caching configured
- Tests with coverage reporting
- Production deployment with approval gates
- SBOM generation included
- Compliance Score: 98%
Result: Production-ready, secure, compliant pipeline
| Metric | Before | After | Improvement |
|---|---|---|---|
| Pipeline creation time | 2-4 hours | 5 seconds | 99.9% faster |
| Security compliance | ~40% | 95%+ | +55% |
| Vulnerability detection | Manual review | Automatic | Real-time |
| Standards adoption | Inconsistent | Enforced | 100% coverage |
graph TB
subgraph "Developer Interfaces"
CLI[CLI Tools]
VSC[VS Code Extension]
CD[Claude Desktop]
GHA[GitHub Actions]
ADO[Azure DevOps]
end
subgraph "Core Services"
MCP[MCP Server]
PG[Pipeline Generator]
PA[Pipeline Analyzer]
PE[Policy Enforcer]
WM[Wiki Manager]
end
subgraph "Data Sources"
WIKI[Corporate Wiki v2.0]
POL[Security Policies]
TPL[Platform Templates]
MET[Adoption Metrics]
end
CLI --> MCP
VSC --> MCP
CD --> MCP
GHA --> MCP
ADO --> MCP
MCP --> PG
MCP --> PA
MCP --> PE
MCP --> WM
PG --> WIKI
PA --> POL
PE --> POL
WM --> MET
PG --> TPL
style MCP fill:#e1f5fe
style WIKI fill:#f3e5f5
style POL fill:#ffebee
sequenceDiagram
participant D as Developer
participant M as MCP Server
participant G as Generator
participant E as Enforcer
participant W as Wiki
D->>M: Generate pipeline (dotnet, prod)
M->>W: Load standards v2.0
W-->>M: Stages, Policies, SLAs
M->>G: Create pipeline
G->>E: Apply security policies
E-->>G: SEC-001 to SEC-010
G-->>M: Complete pipeline
M-->>D: Pipeline + Compliance Score
graph LR
subgraph "Runtime"
NODE[Node.js 20+]
TS[TypeScript 5.3]
end
subgraph "Protocol"
MCP[Model Context Protocol]
STDIO[STDIO Transport]
end
subgraph "Testing"
VIT[Vitest]
ZOD[Zod Validation]
end
subgraph "Integrations"
AZDO[Azure DevOps API]
GH[GitHub API]
VSCE[VS Code API]
end
NODE --> TS
TS --> MCP
MCP --> STDIO
TS --> VIT
TS --> ZOD
TS --> AZDO
TS --> GH
TS --> VSCE
- Multi-Platform Support - Generate pipelines for Azure DevOps and GitHub Actions
- Pipeline Generation - Create complete pipelines from templates (.NET, Node.js, Python, Java, Go)
- Security Analysis - Detect hardcoded secrets, missing security stages, 15+ vulnerability types
- Policy Enforcement - Automatically apply SEC-001 to SEC-010 security policies
- Compliance Scoring - Calculate 0-100 scores with detailed breakdowns
- SBOM Generation - Software Bill of Materials for supply chain security
- VS Code Extension - Real-time analysis, quick fixes, 35+ snippets
- Claude Desktop - Natural language pipeline generation via MCP
- GitHub Actions - Automatic PR analysis workflow
- Azure DevOps - PR Bot with webhook support
- Webhook Signature Validation - HMAC-SHA256 with timing-safe comparison
- Secret Masking - Automatic redaction of tokens, passwords, API keys
- Rate Limiting - Sliding window algorithm to prevent abuse
- Input Validation - Zod schemas for all user inputs
- Node.js 20+ and npm 9+
- Git
git clone https://github.com/soydachi/pipeline-assistant-mcp.git
cd pipeline-assistant-mcp
npm install
npm run build
npm test# Generate a pipeline for Azure DevOps
node dist/cli/pipeline-assistant.js generate \
--platform azure-devops \
--type dotnet \
--env production
# Generate a pipeline for GitHub Actions
node dist/cli/pipeline-assistant.js generate \
--platform github-actions \
--type node \
--env staging
# Analyze a pipeline
node dist/cli/pipeline-assistant.js analyze \
examples/pipelines/pipeline-con-problemas.yml
# List available platforms
node dist/cli/pipeline-assistant.js platforms
# List available templates
node dist/cli/pipeline-assistant.js templates --platform azure-devopspipeline-assistant-mcp/
βββ src/ # Core MCP server
β βββ server.ts # MCP server entry point
β βββ pipeline-generator.ts # Pipeline generation
β βββ pipeline-analyzer.ts # Security analysis
β βββ policy-enforcer.ts # Policy enforcement
β βββ wiki-parser.ts # Standards parser
β βββ wiki-manager.ts # Wiki management
β βββ container.ts # Dependency injection
β βββ platforms/ # Multi-platform support
β β βββ azure-devops.ts
β β βββ github-actions.ts
β βββ azure-devops/ # Azure DevOps integration
β β βββ client.ts
β β βββ pr-bot.ts
β β βββ webhook-handler.ts
β βββ utils/ # Shared utilities
β βββ logger.ts
β βββ validation.ts
β βββ rate-limiter.ts
βββ cli/ # Command-line tools
β βββ pipeline-assistant.ts
β βββ wiki-cli.ts
β βββ pr-bot-cli.ts
βββ vscode-extension/ # VS Code extension
βββ wiki/standards/ # Corporate standards v2.0
β βββ core/ # Stage definitions
β βββ security/ # Security policies
β βββ quality/ # Quality gates
β βββ platforms/ # Platform templates
β β βββ azure/templates/
β β βββ github/templates/
β βββ migration/ # Migration guides
β βββ governance/ # Governance docs
βββ tests/ # Test suite (341+ tests)
βββ examples/ # Example pipelines
| Document | Description |
|---|---|
| Workshop Guide | Complete tutorial with architecture deep-dive |
| Usage Guide | Reference for all platforms and configurations |
| Contributing | How to contribute to the project |
| Changelog | Version history and release notes |
{
"mcpServers": {
"pipeline-assistant": {
"command": "node",
"args": ["dist/src/server.js"],
"cwd": "/path/to/pipeline-assistant-mcp"
}
}
}cd vscode-extension
npm install && npm run compile
# Press F5 to launch in development modeexport AZDO_ORG_URL="https://dev.azure.com/your-org"
export AZDO_PAT="your-personal-access-token"
export AZDO_PROJECT="your-project"Add .github/workflows/pipeline-review.yml to automatically analyze PRs.
See Usage Guide for detailed configuration.
Pipeline Assistant uses a structured standards system:
| Policy | Name | Level |
|---|---|---|
| SEC-001 | Secret Scanning | Mandatory |
| SEC-002 | SAST Analysis | Mandatory |
| SEC-003 | Dependency Scanning | Mandatory |
| SEC-004 | Container Scanning | Conditional |
| SEC-007 | DAST | Conditional |
| SEC-008 | License Compliance | Mandatory |
| SEC-010 | SBOM Generation | Mandatory |
- Validate - Linting, formatting, type checking
- Security - All security scans (parallel)
- Build - Application build + SBOM
- Test - Unit + Integration tests
- Scan - Container security
- Deploy - Environment deployments
npm run dev # Watch mode
npm test # Run tests (341+ tests)
npm run lint # Check code style
npm run build # Build project# Run all tests
npm test
# Run specific test
npx vitest run tests/policy-enforcer.test.ts
# Run with coverage
npx vitest run --coverageWe welcome contributions! Please see CONTRIBUTING.md for guidelines.
Dachi Gogotchuri (@soydachi)
- Website: soydachi.com
- LinkedIn: Dachi Gogotchuri