Infrastructure Agents
ci-builder
Category: infra
Creates or updates a complete GitHub Actions CI/CD pipeline.
What it generates:
- CI workflow — runs on every push and PR. Installs dependencies, runs linting, runs the full test suite.
- Dependabot config — automatic dependency update PRs for npm, pip, GitHub Actions.
- Release workflow — triggered on version tags, builds and publishes to PyPI/npm.
The pipeline is tailored to the detected stack:
- Python → pytest + ruff/flake8
- TypeScript/JavaScript → Jest/Vitest + ESLint
- Rust → cargo test + clippy
- Docker → build and push to ghcr.io
nimbus run --agent ci-builder
docker-hardener
Category: infra
Fixes Dockerfile security and best practice violations, and minimizes image size.
What it fixes:
- Switches from
latesttags to pinned digest versions - Adds a non-root
USERdirective - Removes unnecessary build tools from the final stage
- Converts single-stage builds to multi-stage builds
- Adds
.dockerignoreif missing - Removes secrets baked into
ENVdirectives - Ensures
COPYuses specific files rather than.
The result is a smaller, more secure image that passes Docker Scout and Trivy scans.
nimbus run --agent docker-hardener