README.md
GitHub Actions failure diagnosis and LLM-driven auto-repair PR creation.
Agentic CI/CD MCP Orchestrator
Python MCP server for GitHub Actions failure diagnosis, LLM-driven unified-diff auto-repair PR creation, and governed release orchestration.
What this provides
- MCP tooling to inspect failed workflow runs using commit, logs, and test signals.
- LLM diagnosis flow powered by OpenAI
gpt-4o-mini. - Governance layer to auto-fix low-risk issues and require human review for risky changes.
- Generic model-driven repair loop (up to 3 attempts) using unified diff patches.
- GitHub Actions workflows for CI, repair orchestration, and release policy gating.
Project layout
mcp_server/main.py- MCP tools and orchestration entrypointsmcp_server/run_repair.py- workflow-safe command runnermcp_server/config.py- typed environment configmcp_server/tools/*- GitHub, diagnosis, risk, and PR automation modules.github/workflows/*- CI/CD automation workflows
Setup
- Create and activate a virtual environment.
- Install dependencies:
pip install -r requirements.txt
- Copy environment defaults:
cp .env.example .env(or create.envmanually on Windows)
- Fill in required values (
OPENAI_API_KEY,GITHUB_TOKEN).
Run MCP server locally
python -m mcp_server.main
Use in Cursor as MCP
- MCP config is included at
.cursor/mcp.json. - Restart Cursor so it loads the MCP server definition.
- Ensure your
.envhasOPENAI_API_KEYandGITHUB_TOKEN. - In Cursor chat, call tools from
agentic-cicd-orchestratorwith:repository:owner/reporun_id: workflow run id (integer)
- Main tools:
inspect_pipeline_failureorchestrate_autofix
Run repair orchestration manually
- Set
REPOSITORY(for exampleorg/repo). - Optional:
RUN_ID(if omitted, latest failed run is auto-selected)WORKFLOW_NAME(filter latest failed run by workflow name, e.g.ci)BASE_BRANCH(defaultmain)
- Execute:
python -m mcp_server.run_repair
LLM auto-repair controls
MAX_REPAIR_ATTEMPTS- number of patch generation/application retries (default3).PATCH_STRATEGY- patch format expected from model (must beunified_diff).LLM_PATCH_MAX_CHARS- upper bound on patch payload size.
Governance model
risk_score < RISK_AUTO_FIX_THRESHOLD-> autonomous auto-fix PR path.RISK_AUTO_FIX_THRESHOLD <= risk_score < RISK_HUMAN_REVIEW_THRESHOLD-> human approval required.risk_score >= RISK_HUMAN_REVIEW_THRESHOLDor high-risk file categories -> blocked/review-only path.FORCE_AUTOFIX_ALL=true-> bypass thresholds and force auto-fix path (dangerous; use only in controlled testing).
Security notes
- Use least-privilege GitHub credentials.
- Keep production deployment credentials separate from auto-repair identity.
- Review generated PRs and audit artifacts before enabling automerge in production.
Tools (2)
inspect_pipeline_failureInspects a failed GitHub Actions workflow run using commit, logs, and test signals.orchestrate_autofixOrchestrates an autonomous fix or human-reviewed repair for a pipeline failure.Environment Variables
OPENAI_API_KEYrequiredAPI key for OpenAI GPT-4o-mini modelGITHUB_TOKENrequiredGitHub personal access token for repository accessMAX_REPAIR_ATTEMPTSNumber of patch generation/application retriesPATCH_STRATEGYPatch format expected from modelRISK_AUTO_FIX_THRESHOLDThreshold for autonomous auto-fix PRsConfiguration
claude_desktop_config.json
{"mcpServers": {"agentic-cicd-orchestrator": {"command": "python", "args": ["-m", "mcp_server.main"], "env": {"OPENAI_API_KEY": "your-key", "GITHUB_TOKEN": "your-token"}}}}Try it
→Inspect the latest failed workflow run for repository owner/repo and diagnose the issue.
→Orchestrate an autofix for the failed run ID 12345 in my repository.
→Check the logs for the recent CI failure in my project and suggest a repair patch.
→Analyze the risk score for the current pipeline failure and determine if it requires human review.