Skip to main content
pipefort mcp runs Pipefort as a Model Context Protocol server over stdio, so an AI coding assistant can scan CI workflows as it writes them — catching an injection sink or an unpinned action before the code is ever committed. It wraps the same engine as the CLI and web app.

Register it

Point your assistant at the pipefort mcp command. For Claude Code:
claude mcp add pipefort -- pipefort mcp
For other clients, add a command-based (stdio) MCP server entry, e.g.:
{
  "mcpServers": {
    "pipefort": {
      "command": "pipefort",
      "args": ["mcp"]
    }
  }
}

Tools

ToolArgumentsReturns
scan_workflowcontent (required), filename, ruleset, persona, min_confidenceFindings for a single in-memory workflow file. Set filename to .gitlab-ci.yml to scan GitLab CI; defaults to GitHub Actions.
scan_directorypath (required), ruleset, persona, min_confidenceFindings for a local directory’s .github/workflows/* and .gitlab-ci.yml, plus detected toxic combinations.
explain_rulerule_id (required)The catalog entry (title, severity, confidence, description, docs URL) for a rule.
All three are read-only and offline — no token or network required. ruleset, persona, and min_confidence mirror the CLI flags: omit them for the permissive defaults (all / regular / keep everything).

Example

An assistant editing a workflow can call scan_workflow with the buffer contents and surface findings inline:
{
  "name": "scan_workflow",
  "arguments": {
    "content": "on: pull_request_target\njobs: ...",
    "min_confidence": "MEDIUM"
  }
}
The response is the same finding shape as -o json: each finding carries its rule_id, severity, confidence, file, line, and recommendation.