sentinel-ci 1.0.1 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d80229adb1733c9bd79d6770c46d0b117702fc4ff1fe71e99d1afa5fe3b78ffe
-  data.tar.gz: 2592ada1faa0fbf3917431c6baf4b341ab34a5d9d424a7caee20ec7a701e2779
+  metadata.gz: 93bcfc862a8cc368754114af437432420d70876e8496ecde629658886e888941
+  data.tar.gz: 1fa24fc8dbd87c0dc7ed329c4897213bf49f096ab1281b8a421b61cbef0268a9
 SHA512:
-  metadata.gz: ccd23b049b0582c04b90baa5a9112197fb7c0407078edfd043c3ddcf93857a9adade4a9c83a1a46c6fe9dcc2ea1cd2c133664dc3c6f19a0a79617fe741dc163d
-  data.tar.gz: da385d744d1897516f8422bc80701076c972a82014175ba1a6c0b4eac2b86852169b5635b7ad30a25008b45fe903dfcf5346a89e3f3f2f275fdca32454d51f00
+  metadata.gz: fff33f695f1031ac4f720b2e6ba034b50cb17001dcec2dad92f0448cc5c1709ea61fb0e39152cb104a9f7d7b264aa4110bc0478c1a620620d9d98579f4eca213
+  data.tar.gz: e102e7cb5281042fba55955eb55ca0f691adc1e391a3c5762bd18e53758422f53ba47394e7d08847872c2d7a05de35e07e2105dee6e49a6c96c028f943445ab0

data/CHANGELOG.md

@@ -1,5 +1,34 @@
 # Changelog
 
+## 1.1.0 (2026-05-18)
+
+### Severity Re-ranking
+- Severities re-evaluated based on actual exploitability
+- Only actively exploitable rules (shell injection, dangerous triggers, hardcoded secrets) are critical
+- Unpinned actions downgraded to medium (requires maintainer compromise first)
+- First-party actions (actions/*) downgraded to low
+
+### Bot Improvements
+- Consolidated PRs: one PR per repo instead of one per rule
+- Rule explainer pages at sentinel-bot.copilotkit.dev/rules/*
+- `--limit N` flag to cap repos scanned per run
+- Skip repos that already use Sentinel
+- Fix PR body includes "How this was detected" methodology disclosure
+- Adopt + opt-out links with UUID tokens
+
+### Infrastructure
+- Bot web handler live at sentinel-bot.copilotkit.dev (Sinatra on Railway)
+- GitHub App created (sentinel-ci-scanner) for future bot identity
+- GHCR-based deploy pipeline with env var trigger for Railway
+- Rule explainer pages served from markdown with dark theme
+
+### Bug Fixes
+- file_exists? returning true for 404s
+- Sentinel skip check matching bare word instead of uses: reference
+- Railway deploy: env var change triggers fresh image pull (serviceInstanceRedeploy doesn't)
+- Sinatra host authorization in production mode
+
+
 ## 1.0.1 (2026-05-17)
 
 - Smart clone auth: try HTTPS, SSH, then gh token — no manual GITHUB_TOKEN needed for private repos

data/README.md

@@ -97,6 +97,22 @@ jobs:
 Findings appear as inline annotations on the PR diff -- critical/high as errors,
 medium as warnings, low as notices.
 
+**Fix mode inputs:**
+
+| Name | Default | Description |
+|------|---------|-------------|
+| `fix` | `false` | Auto-fix findings. Pushes to PR branch, or creates fix PR on main. |
+| `anthropic-key` | -- | Anthropic API key -- enables AI-powered fixes for all 28 rules |
+
+**Fix mode outputs:**
+
+| Name | Description |
+|------|-------------|
+| `fixes-applied` | Number of findings auto-fixed |
+
+When `fix: true` on a **pull request**: fixes are pushed directly to the PR branch.
+When `fix: true` on **main/push**: a new `sentinel/fix-*` PR is created.
+
 ## Pre-commit Hook
 
 Scan workflow files automatically before every commit:
@@ -125,34 +141,66 @@ pre-commit:
 
 The hook only runs when `.github/workflows/*.yml` files are staged, so it won't slow down unrelated commits.
 
+## Policy-as-Code
+
+Define security standards in `.sentinel-ci.yml`:
+
+```yaml
+severity: high
+
+rules:
+  missing-timeouts: medium
+  overly-broad-triggers: "off"
+
+ignore:
+  - ".github/workflows/dependabot-*.yml"
+
+exceptions:
+  - rule: credential-window
+    file: publish-release.yml
+    reason: "Intentional late-injection pattern"
+```
+
+The scanner and GitHub Action both read this file automatically.
+
+## Platform Support
+
+Sentinel scans GitHub Actions (default), GitLab CI, and Bitbucket Pipelines:
+
+```bash
+sentinel scan --local . --platform auto     # detect automatically
+sentinel scan --local . --platform gitlab   # GitLab CI only
+sentinel scan --local . --platform bitbucket # Bitbucket only
+```
+
 ## What It Checks
 
 | # | Rule | Severity | What |
 |---|------|----------|------|
-| 1 | `unpinned-actions` | critical/medium | Tag-pinned actions (critical for third-party, medium for `actions/*`) |
+| 1 | `unpinned-actions` | medium/low | Tag-pinned actions (medium for third-party, low for `actions/*`) |
 | 2 | `shell-injection-expr` | critical | Attacker-controllable `${{ }}` in `run:` blocks |
 | 3 | `shell-injection-jq` | critical | `${VAR}` in double-quoted jq/curl strings |
 | 4 | `hardcoded-secrets` | critical | AWS keys, GitHub PATs, private keys, passwords in plain text |
-| 5 | `self-hosted-runner-fork` | critical | Self-hosted runner on fork PR triggers |
+| 5 | `self-hosted-runner-fork` | high | Self-hosted runner on fork PR triggers |
 | 6 | `github-script-injection` | critical | Attacker-controllable `${{ }}` in github-script |
 | 7 | `dangerous-triggers` | critical | `pull_request_target` + fork code checkout |
 | 8 | `missing-persist-credentials` | high | `actions/checkout` without `persist-credentials: false` |
 | 9 | `credential-window` | high | Git credentials configured far from push step |
-| 10 | `static-aws-credentials` | high | Static AWS keys instead of OIDC federation |
-| 11 | `unscoped-app-token` | high | `create-github-app-token` without `permission-*` scoping |
-| 12 | `docker-build-arg-secrets` | high | Secrets in Docker build-args (visible in image layers) |
+| 10 | `static-aws-credentials` | medium | Static AWS keys instead of OIDC federation |
+| 11 | `unscoped-app-token` | medium | `create-github-app-token` without `permission-*` scoping |
+| 12 | `docker-build-arg-secrets` | medium | Secrets in Docker build-args (visible in image layers) |
 | 13 | `build-publish-same-job` | high | Build + publish in same job with publish secrets |
 | 14 | `curl-pipe-shell` | high | `curl \| sh` without integrity verification |
 | 15 | `workflow-dispatch-injection` | high | `${{ inputs.* }}` in run blocks |
 | 16 | `missing-permissions` | medium | No top-level permissions block |
-| 17 | `git-config-global` | medium | `git config --global` with credentials |
-| 18 | `missing-timeouts` | medium | Jobs without `timeout-minutes` |
+| 17 | `git-config-global` | low | `git config --global` with credentials |
+| 18 | `missing-timeouts` | low | Jobs without `timeout-minutes` |
 | 19 | `missing-env-protection` | medium | Publish/deploy jobs without environment protection |
 | 20 | `allow-forks-artifact` | medium | Fork-produced artifact download in privileged context |
 | 21 | `missing-frozen-lockfile` | medium | Package install without `--frozen-lockfile` / `npm ci` |
 | 22 | `cache-poisoning` | medium | Cache keys with fork-controllable refs |
-| 23 | `excessive-permissions` | medium | Write permissions on jobs that only read |
-| 24 | `unpinned-artifact` | medium | download-artifact without specific name |
+| 23 | `excessive-permissions` | low | Write permissions on jobs that only read |
+| 24 | `unpinned-artifact` | low | download-artifact without specific name |
 | 25 | `unpinned-docker-image` | low | Docker images using `:latest` tag |
 | 26 | `overly-broad-triggers` | low | Push/PR triggers without branch/path filters |
 | 27 | `missing-dependabot` | low | No Dependabot config for github-actions ecosystem |
@@ -160,29 +208,32 @@ The hook only runs when `.github/workflows/*.yml` files are staged, so it won't
 
 ## Auto-Fix
 
-Sentinel can automatically generate fixes for three rule categories:
+Sentinel can automatically fix findings -- 6 rules mechanically, all 28 with AI:
 
 ```bash
-sentinel scan --fix owner/repo    # future CLI flag
-```
+# Mechanical fixes (free, deterministic)
+sentinel fix --local .
+sentinel fix --local . --dry-run    # preview changes
 
-Or use the Ruby API directly:
+# All rules via Claude Opus
+sentinel fix --local . --ai
 
-```ruby
-require_relative "lib/auto_fix"
-require_relative "lib/sha_resolver"
-
-resolver = ShaResolver.new
-patched = AutoFix.apply(finding, raw_yaml, sha_resolver: resolver)
+# Fix a remote repo (creates a PR)
+sentinel fix owner/repo
 ```
 
-**Fixable rules:**
+**Mechanically fixable rules:**
 
 | Rule | Fix Strategy |
 |------|-------------|
 | `unpinned-actions` | Resolves tag to SHA via GitHub API |
 | `shell-injection-expr` | Moves expression to step-level `env:` block |
 | `missing-persist-credentials` | Adds `persist-credentials: false` to checkout |
+| `workflow-dispatch-injection` | Moves `${{ inputs.* }}` to step-level `env:` block |
+| `missing-permissions` | Adds `permissions: contents: read` at workflow level |
+| `missing-timeouts` | Adds `timeout-minutes: 30` to jobs |
+
+With `--ai`, Sentinel uses Claude Opus to fix all remaining rules that require understanding workflow intent.
 
 ## PR Bot
 
@@ -273,13 +324,18 @@ lib/
     bot.rb                      # sentinel bot subcommand
     hook.rb                     # sentinel hook install/uninstall
     deps.rb                     # sentinel deps subcommand
+    token_resolver.rb           # GitHub token lookup chain
   formatter/
     terminal.rb                 # colored terminal output
     json.rb                     # JSON output
     sarif.rb                    # SARIF output for GitHub Security tab
+  platforms/
+    gitlab.rb                   # GitLab CI pipeline scanner
+    bitbucket.rb                # Bitbucket Pipelines scanner
+    shared_patterns.rb          # cross-platform rule patterns
   rules/
     base.rb                     # abstract rule interface
-    *.rb                        # one file per rule (27 rules)
+    *.rb                        # one file per rule (26 rules)
 mcp/
   server.rb                     # MCP server for AI coding agents
   claude-code-config.json       # example configuration for Claude Code
@@ -287,8 +343,10 @@ bot/
   scanner_bot.rb                # PR bot orchestrator
   search.rb                     # GitHub Code Search client
   state.rb                      # JSON-file state tracking
+  state.json                    # persisted bot state
   pr_writer.rb                  # cross-fork PR creation
   config.rb                     # bot configuration
+  web.rb                        # bot web dashboard
 ```
 
 ## Adding Rules

data/lib/github_client.rb

@@ -49,8 +49,7 @@ class GitHubClient
     end
 
     def file_exists?(repo, path)
-        api_get("/repos/#{repo}/contents/#{path}")
-        true
+        !api_get("/repos/#{repo}/contents/#{path}").nil?
     rescue StandardError
         false
     end

data/lib/rules/docker_build_arg_secrets.rb

@@ -2,7 +2,7 @@ module Rules
     class DockerBuildArgSecrets < Base
         def name = "docker-build-arg-secrets"
         def description = "Secrets passed as Docker build-args (visible in image layers)"
-        def severity = :high
+        def severity = :medium
 
         def check(workflow)
             findings = []

data/lib/rules/excessive_permissions.rb

@@ -2,7 +2,7 @@ module Rules
     class ExcessivePermissions < Base
         def name = "excessive-permissions"
         def description = "Job has write permissions but no steps that appear to need them"
-        def severity = :medium
+        def severity = :low
 
         # Actions that perform write operations
         WRITE_ACTIONS = [

data/lib/rules/git_config_global.rb

@@ -2,7 +2,7 @@ module Rules
     class GitConfigGlobal < Base
         def name = "git-config-global"
         def description = "git config --global persists credentials beyond the repo clone"
-        def severity = :medium
+        def severity = :low
 
         def check(workflow)
             findings = []

data/lib/rules/missing_timeouts.rb

@@ -2,7 +2,7 @@ module Rules
     class MissingTimeouts < Base
         def name = "missing-timeouts"
         def description = "Job without timeout-minutes"
-        def severity = :medium
+        def severity = :low
 
         def check(workflow)
             findings = []

data/lib/rules/self_hosted_runner_fork.rb

@@ -2,7 +2,7 @@ module Rules
     class SelfHostedRunnerFork < Base
         def name = "self-hosted-runner-fork"
         def description = "Self-hosted runner exposed to fork PRs"
-        def severity = :critical
+        def severity = :high
 
         FORK_TRIGGERS = %w[pull_request pull_request_target].freeze
 

data/lib/rules/static_aws_credentials.rb

@@ -2,7 +2,7 @@ module Rules
     class StaticAwsCredentials < Base
         def name = "static-aws-credentials"
         def description = "AWS credentials using static keys instead of OIDC"
-        def severity = :high
+        def severity = :medium
 
         def check(workflow)
             findings = []

data/lib/rules/unpinned_actions.rb

@@ -2,7 +2,7 @@ module Rules
     class UnpinnedActions < Base
         def name = "unpinned-actions"
         def description = "Action referenced by tag instead of SHA pin"
-        def severity = :critical
+        def severity = :medium
 
         SHA_PATTERN = /@[0-9a-f]{40}\b/
         FIRST_PARTY = %w[actions/ github/].freeze
@@ -17,7 +17,7 @@ module Rules
                 next if uses.match?(SHA_PATTERN)
 
                 first_party = FIRST_PARTY.any? { |prefix| uses.start_with?(prefix) }
-                sev = first_party ? :medium : :critical
+                sev = first_party ? :low : :medium
 
                 findings << Finding.new(
                     rule: name,

data/lib/rules/unpinned_artifact.rb

@@ -2,7 +2,7 @@ module Rules
     class UnpinnedArtifact < Base
         def name = "unpinned-artifact"
         def description = "download-artifact without specific artifact name"
-        def severity = :medium
+        def severity = :low
 
         DOWNLOAD_ARTIFACT_PATTERN = /\bactions\/download-artifact\b/
 

data/lib/rules/unscoped_app_token.rb

@@ -2,7 +2,7 @@ module Rules
     class UnscopedAppToken < Base
         def name = "unscoped-app-token"
         def description = "GitHub App token without scoped permissions"
-        def severity = :high
+        def severity = :medium
 
         def check(workflow)
             findings = []

data/lib/version.rb

@@ -1,3 +1,3 @@
 module Sentinel
-    VERSION = "1.0.1"
+    VERSION = "1.1.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sentinel-ci
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.0
 platform: ruby
 authors:
 - Jordan Ritter
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-05-17 00:00:00.000000000 Z
+date: 2026-05-18 00:00:00.000000000 Z
 dependencies: []
 description: Scan GitHub Actions workflows for 28 security vulnerabilities. SHA pinning,
   shell injection, credential exposure, dangerous triggers. Optional AI-powered remediation