Dev

.github/workflows/ci.yml

@@ -48,7 +48,7 @@ jobs:
       - name: Run all tests
         run: cargo test --verbose
 
-  # ── 3. Dogfood — oxide-ci scans itself ──────────────────────────────────────
+  # ── 3. Dogfood — greengate scans itself ──────────────────────────────────────
   self-scan:
     name: Self-Scan
     runs-on: ubuntu-latest
@@ -64,62 +64,62 @@ jobs:
       - name: Cache Rust dependencies
         uses: Swatinem/rust-cache@v2
 
-      - name: Build oxide-ci
+      - name: Build greengate
         run: cargo build --release
 
       # ── Config validation ────────────────────────────────────────────────────
-      - name: Validate .oxideci.toml
-        run: ./target/release/oxide-ci check-config
+      - name: Validate .greengate.toml
+        run: ./target/release/greengate check-config
 
       # ── Secret + SAST scan (JS/TS/Python/Go AST) — human-readable ───────────
-      # Reads .oxideci.toml to exclude test fixtures and docs that
+      # Reads .greengate.toml to exclude test fixtures and docs that
       # intentionally contain example/fake patterns.
       - name: Scan for secrets, PII and dangerous patterns
-        run: ./target/release/oxide-ci scan
+        run: ./target/release/greengate scan
 
       # ── Incremental scan — only staged/changed files ─────────────────────────
       - name: Scan files changed since last commit
-        run: ./target/release/oxide-ci scan --since HEAD~1 || true
+        run: ./target/release/greengate scan --since HEAD~1 || true
 
       # ── git blame enrichment ─────────────────────────────────────────────────
       - name: Scan with blame enrichment
-        run: ./target/release/oxide-ci scan --blame || true
+        run: ./target/release/greengate scan --blame || true
 
       # ── Multi-format output validation ───────────────────────────────────────
       - name: Generate SARIF report
         if: always()
         continue-on-error: true
-        run: ./target/release/oxide-ci scan --format sarif > oxide-ci-results.sarif 2>/dev/null || true
+        run: ./target/release/greengate scan --format sarif > greengate-results.sarif 2>/dev/null || true
 
       - name: Generate JSON report
         if: always()
         continue-on-error: true
-        run: ./target/release/oxide-ci scan --format json > oxide-ci-results.json 2>/dev/null || true
+        run: ./target/release/greengate scan --format json > greengate-results.json 2>/dev/null || true
 
       - name: Generate JUnit XML report
         if: always()
         continue-on-error: true
-        run: ./target/release/oxide-ci scan --format junit > oxide-ci-results.xml 2>/dev/null || true
+        run: ./target/release/greengate scan --format junit > greengate-results.xml 2>/dev/null || true
 
       - name: Generate GitLab SAST report
         if: always()
         continue-on-error: true
-        run: ./target/release/oxide-ci scan --format gitlab > gl-sast-report.json 2>/dev/null || true
+        run: ./target/release/greengate scan --format gitlab > gl-sast-report.json 2>/dev/null || true
 
       # ── Upload scan artifacts ────────────────────────────────────────────────
       - name: Upload SARIF to GitHub Security tab
         if: always()
         uses: github/codeql-action/upload-sarif@v3
         with:
-          sarif_file: oxide-ci-results.sarif
+          sarif_file: greengate-results.sarif
         continue-on-error: true
 
       - name: Upload JUnit XML
         if: always()
         uses: actions/upload-artifact@v4
         with:
           name: junit-report
-          path: oxide-ci-results.xml
+          path: greengate-results.xml
         continue-on-error: true
 
       - name: Upload GitLab SAST report
@@ -135,7 +135,7 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           name: json-report
-          path: oxide-ci-results.json
+          path: greengate-results.json
         continue-on-error: true
 
       # ── GitHub Check Run annotations + PR summary comment ────────────────────
@@ -147,30 +147,30 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GITHUB_REPOSITORY: ${{ github.repository }}
           GITHUB_SHA: ${{ github.sha }}
-        run: ./target/release/oxide-ci scan --annotate || true
+        run: ./target/release/greengate scan --annotate || true
 
       # ── Baseline workflow ────────────────────────────────────────────────────
       - name: Save scan baseline (main branch only)
         if: github.ref == 'refs/heads/main'
         run: |
-          ./target/release/oxide-ci scan --update-baseline || true
-          git diff --quiet .oxide-baseline.json 2>/dev/null || echo "Baseline updated"
+          ./target/release/greengate scan --update-baseline || true
+          git diff --quiet .greengate-baseline.json 2>/dev/null || echo "Baseline updated"
 
       - name: Gate on new findings only (PRs)
-        if: github.event_name == 'pull_request' && hashFiles('.oxide-baseline.json') != ''
-        run: ./target/release/oxide-ci scan --since-baseline
+        if: github.event_name == 'pull_request' && hashFiles('.greengate-baseline.json') != ''
+        run: ./target/release/greengate scan --since-baseline
 
       # ── Kubernetes lint — exits 0 when no YAML manifests are present ─────────
       - name: Lint Kubernetes manifests
-        run: ./target/release/oxide-ci lint
+        run: ./target/release/greengate lint
 
       # ── Dependency audit — queries OSV database for known CVEs ───────────────
       - name: Audit dependencies (OSV)
-        run: ./target/release/oxide-ci audit
+        run: ./target/release/greengate audit
 
       # ── SBOM generation (CycloneDX 1.5) ─────────────────────────────────────
       - name: Generate SBOM
-        run: ./target/release/oxide-ci sbom --output sbom.json
+        run: ./target/release/greengate sbom --output sbom.json
 
       - name: Upload SBOM artifact
         uses: actions/upload-artifact@v4
@@ -197,7 +197,7 @@ jobs:
       - name: Cache Rust dependencies
         uses: Swatinem/rust-cache@v2
 
-      - name: Build oxide-ci
+      - name: Build greengate
         run: cargo build --release
 
       # Lighthouse — gates on PageSpeed Insights scores for a deployed URL.
@@ -208,7 +208,7 @@ jobs:
         env:
           PAGESPEED_API_KEY: ${{ secrets.PAGESPEED_API_KEY }}
         run: |
-          ./target/release/oxide-ci lighthouse \
+          ./target/release/greengate lighthouse \
             --url "${{ vars.LIGHTHOUSE_URL }}" \
             --strategy mobile
         continue-on-error: true   # informational until thresholds are tuned
@@ -218,7 +218,7 @@ jobs:
       # frontend job that runs `reassure measure` and uploads the artifact).
       - name: Reassure performance gate
         if: hashFiles('output/current.perf') != ''
-        run: ./target/release/oxide-ci reassure
+        run: ./target/release/greengate reassure
         continue-on-error: true   # informational until baseline is established
 
   # ── 5. Formatting + lints ───────────────────────────────────────────────────

.github/workflows/release.yml

@@ -23,16 +23,16 @@ jobs:
         include:
           - os: ubuntu-latest
             target: x86_64-unknown-linux-musl
-            asset_name: oxide-ci-linux-amd64
+            asset_name: greengate-linux-amd64
           - os: macos-latest
             target: aarch64-apple-darwin
-            asset_name: oxide-ci-macos-arm64
+            asset_name: greengate-macos-arm64
           - os: macos-latest
             target: x86_64-apple-darwin
-            asset_name: oxide-ci-macos-amd64
+            asset_name: greengate-macos-amd64
           - os: windows-latest
             target: x86_64-pc-windows-msvc
-            asset_name: oxide-ci-windows-amd64.exe
+            asset_name: greengate-windows-amd64.exe
 
     steps:
       - name: Checkout repository
@@ -70,12 +70,12 @@ jobs:
 
       - name: Rename binary (Unix)
         if: matrix.os != 'windows-latest'
-        run: mv target/${{ matrix.target }}/release/oxide-ci ${{ matrix.asset_name }}
+        run: mv target/${{ matrix.target }}/release/greengate ${{ matrix.asset_name }}
 
       - name: Rename binary (Windows)
         if: matrix.os == 'windows-latest'
         shell: pwsh
-        run: Move-Item target/${{ matrix.target }}/release/oxide-ci.exe ${{ matrix.asset_name }}
+        run: Move-Item target/${{ matrix.target }}/release/greengate.exe ${{ matrix.asset_name }}
 
       - name: Upload artifact
         uses: actions/upload-artifact@v4
@@ -107,7 +107,7 @@ jobs:
         with:
           # tag_name is inferred from the triggering tag (e.g. v0.2.0)
           # Each tag produces a separate, permanent release entry.
-          name: oxide-ci ${{ github.ref_name }}
+          name: GreenGate ${{ github.ref_name }}
           files: release_assets/*
           generate_release_notes: true
           fail_on_unmatched_files: true

.oxideci.toml → .greengate.toml

@@ -1,8 +1,8 @@
-# oxide-ci self-scan configuration
+# greengate self-scan configuration
 # Excludes files that intentionally contain fake/example secret patterns
 # (test fixtures, documentation examples, and regex pattern definitions)
 
-# oxide-ci self-scan configuration
+# greengate self-scan configuration
 # Excludes files that intentionally contain fake/example secret patterns
 # (test fixtures, documentation examples, and regex pattern definitions)
 
@@ -40,7 +40,7 @@ min = 80.0
 target_dir = "."
 
 # ── Lighthouse (web performance) ──────────────────────────────────────────────
-# Uncomment and set url to enable `oxide-ci lighthouse` quality gate.
+# Uncomment and set url to enable `greengate lighthouse` quality gate.
 # The API key is optional; without it the unauthenticated quota applies.
 # Set PAGESPEED_API_KEY env var in CI to avoid hardcoding the key here.
 #
@@ -54,7 +54,7 @@ target_dir = "."
 # api_key = ""                 # or set PAGESPEED_API_KEY env var
 
 # ── Reassure (React component performance) ────────────────────────────────────
-# Uncomment to enable `oxide-ci reassure` quality gate after running
+# Uncomment to enable `greengate reassure` quality gate after running
 # `reassure measure` in your frontend CI pipeline.
 #
 # [reassure]

CONTRIBUTING.md

@@ -1,6 +1,6 @@
-# Contributing to OxideCI
+# Contributing to GreenGate
 
-Thanks for your interest in contributing! OxideCI is a Rust CLI tool — contributions of all kinds are welcome: bug reports, new secret-detection patterns, SAST rules, documentation improvements, and new features.
+Thanks for your interest in contributing! GreenGate is a Rust CLI tool — contributions of all kinds are welcome: bug reports, new secret-detection patterns, SAST rules, documentation improvements, and new features.
 
 ## Getting Started
 
@@ -12,8 +12,8 @@ Thanks for your interest in contributing! OxideCI is a Rust CLI tool — contrib
 ### Build
 
 ```bash
-git clone https://github.com/ThinkGrid-Labs/oxide-ci
-cd oxide-ci
+git clone https://github.com/ThinkGrid-Labs/greengate
+cd greengate
 cargo build
 ```
 
@@ -29,16 +29,16 @@ All tests must pass before submitting a pull request.
 
 ### Reporting bugs
 
-Open an issue at [github.com/ThinkGrid-Labs/oxide-ci/issues](https://github.com/ThinkGrid-Labs/oxide-ci/issues) and include:
+Open an issue at [github.com/ThinkGrid-Labs/greengate/issues](https://github.com/ThinkGrid-Labs/greengate/issues) and include:
 
-- oxide-ci version (`oxide-ci --version`)
+- greengate version (`greengate --version`)
 - OS and architecture
 - The command you ran and the full output
 - What you expected to happen
 
 ### Suggesting new secret patterns
 
-OxideCI's built-in patterns live in `src/scanner.rs`. Each pattern is a named regex. To propose a new one:
+GreenGate's built-in patterns live in `src/scanner.rs`. Each pattern is a named regex. To propose a new one:
 
 1. Add the pattern to the `patterns()` function with a descriptive name (e.g. `"Twilio Auth Token"`)
 2. Add a test in `tests/` that exercises the new pattern with both a true-positive and a true-negative fixture

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
-name = "oxide-ci"
-version = "0.2.10"
+name = "greengate"
+version = "0.2.11"
 edition = "2024"
 
 [dependencies]