https://github.com/olafkfreund/bifrost
Orchestration + intelligence layer for Azure DevOps → GitHub Actions migration at portfolio scale — review-first, air-gap capable, attestation-native. Wraps gh actions-importer / GEI.
https://github.com/olafkfreund/bifrost
azure-devops ci-cd-migration devops github-actions llm migration-tool rust
Last synced: about 4 hours ago
JSON representation
Orchestration + intelligence layer for Azure DevOps → GitHub Actions migration at portfolio scale — review-first, air-gap capable, attestation-native. Wraps gh actions-importer / GEI.
- Host: GitHub
- URL: https://github.com/olafkfreund/bifrost
- Owner: olafkfreund
- License: mit
- Created: 2026-06-10T10:01:15.000Z (26 days ago)
- Default Branch: main
- Last Pushed: 2026-06-10T12:56:56.000Z (25 days ago)
- Last Synced: 2026-06-10T14:23:04.793Z (25 days ago)
- Topics: azure-devops, ci-cd-migration, devops, github-actions, llm, migration-tool, rust
- Language: Rust
- Homepage: https://olafkfreund.github.io/bifrost/
- Size: 108 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 63
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Roadmap: docs/roadmap.md
Awesome Lists containing this project
README
# Bifrost
**The bridge between worlds — Azure DevOps · Jenkins · GitLab → GitHub Actions, at portfolio scale.**
Bifrost is an orchestration + intelligence layer on top of GitHub's official migration CLIs
(`gh actions-importer`, GEI/`ado2gh`). It turns one-at-a-time, syntactic, CLI-only pipeline
conversion into a **portfolio-scale, semantically-reviewed, human-approved, fully-documented**
migration — with a pluggable, **air-gap-capable** multi-model LLM layer.
[**Documentation & Showcase**](https://bitfrost.freundcloud.com/)
[](LICENSE)



---
## The thesis
> We do **not** rebuild repo migration or YAML translation. GitHub already does ~90% of the
> syntactic conversion. Bifrost owns the **other 10%, the review/approval workflow, the portfolio
> orchestration, semantic-equivalence validation, and the audit trail** — the parts Microsoft is
> structurally disincentivised to build well.
We **wrap** the official tools; we never reimplement their conversion logic.
## What makes it different
- **Review-first, not autonomous.** Bifrost recommends and explains; it never silently rewrites
production CI. Auto-commit is opt-in, gated behind human approval + validation.
- **Air-gap capable.** Run with a local model only (Ollama / llama.cpp) so no pipeline definition
ever leaves your network. Pipeline YAML leaks infra topology and secret *names* — keep it home.
- **The LLM explains; it does not score.** Risk scoring is deterministic and explainable. The
model fills gaps, explains, and flags — it never produces the numeric risk score.
- **Grounded generation only.** Every LLM request carries the source snippet + the Importer's
converted output + the specific failure. The model fills the gap from that diff — it never
converts a pipeline from scratch.
- **Attestation-native.** Every decision — who approved what, what changed, why, the validation
result — is recorded as a signed, exportable attestation.
- **Works in your editor.** A built-in [MCP server](https://bitfrost.freundcloud.com/mcp) lets an
agent in VS Code (or Cursor / Claude Desktop / the Copilot coding agent) query the portfolio and
convert a pipeline to a proposed workflow — review-first, with commit triple-gated. Open a legacy
`azure-pipelines.yml`, ask once, get a reviewable GitHub workflow with its risks and manual
follow-ups spelled out.
- **Program on GitHub itself.** A dry-run plan for a dedicated repo + org Project (board / roadmap /
KPIs), so the migration is tracked and reported on GitHub's own golden-path features.
## Architecture at a glance
```
PORTAL (React/TS) portfolio heatmap · 3-pane diff · approve/edit · runbook · board
│ REST/SSE ▲ REST
│ bifrost-mcp (MCP/stdio) ── VS Code · Cursor · Claude · Copilot
CONTROL PLANE (Rust/axum) job state machine · conversion orchestrator ·
│ deterministic risk model · attestation + audit log
│ LlmProvider trait → Anthropic · Gemini · Copilot/Models · Azure OpenAI ·
│ Vertex AI · Bedrock (gateway) · OpenAI-compat · Ollama (air-gap)
▼ shell-out (Docker) ▼ HTTP
INGESTION ADAPTERS EXTERNAL: ADO REST API · GitHub API · GEI
gh actions-importer (Docker) · SourceAdapter trait (ADO → …)
```
Full design: [`bifrost-implementation-plan.md`](bifrost-implementation-plan.md) ·
the [architecture doc](https://bitfrost.freundcloud.com/architecture) (diagrams, flowchart,
design rationale) · rendered on the [docs site](https://bitfrost.freundcloud.com/).
## Roadmap
| Milestone | Focus | Status |
|---|---|---|
| **M0** Foundations | Workspace, CI, devcontainer, licence, docs, fixtures | In progress |
| **M1** Audit MVP | ADO adapter + Importer audit wrapper + portfolio heatmap | Mostly done |
| **M2** Conversion + LLM | dry-run wrapping, gap detection, LLM layer, risk model | Done |
| **M3** Review Portal | Three-pane diff, approve/edit, proposal lifecycle | Done |
| **M4** Commit + PR | Push/migrate, manual-task checklists, PR automation | Done |
| **M5** Validation | Sandbox trigger + run capture + parity diff | Done |
| **M6** Compliance + Deploy | Attestation, audit pack, App auth, packaging, Entra SSO, multi-tenancy + RBAC | Done |
The end-to-end loop works against live Azure DevOps projects: audit a portfolio, convert a
pipeline (real Importer dry-run + grounded LLM gap-fill, air-gap capable), review and approve in
the portal, open a PR, trigger the converted workflow in a sandbox, capture its run, and diff it
against the ADO baseline for smoke parity — then export a **signed, in-toto-inspired attestation**
and a per-org **audit pack**. Deployable via [Docker Compose or Helm](deploy/), with **Entra ID
SSO**, **per-tenant isolation + RBAC**, and a least-privilege **GitHub App** — all opt-in, so the
air-gapped single-box path stays simple. The core platform (M2–M6) is complete; the M0/M1
foundations tail remains.
Most recent: a built-in **MCP server** brings the whole flow into the editor — `bifrost_convert`
(convert a pipeline to a proposed workflow), `bifrost_runbook` (read the manual-task checklist),
and a triple-gated `bifrost_commit` (open the PR for an approved proposal) — plus a **program board**
that plans a dedicated repo + org Project (board / roadmap / KPIs) on GitHub itself. See the
[editor guide](https://bitfrost.freundcloud.com/mcp) and the
[architecture doc](https://bitfrost.freundcloud.com/architecture).
## Run it (self-host)
The fastest way to a running Bifrost is Docker Compose — SQLite-backed and **air-gap by
default**, so nothing leaves the box:
```bash
cd deploy
docker compose up --build # portal + API on http://localhost:8080
```
That's the whole product: open the portal, add a source connection, audit a portfolio, and
review conversions. Set `BIFROST_SIGNING_KEY` in production (attestation signing), and switch
to Postgres with `--profile postgres` for the multi-tenant server. Full options — including
**Entra ID SSO**, RBAC, and the **Helm** chart for Kubernetes — are in [`deploy/`](deploy/).
To drive it from your editor instead, point VS Code (or Cursor / Claude Desktop) at the MCP
server — see the [editor guide](https://bitfrost.freundcloud.com/mcp).
> A [release workflow](.github/workflows/release.yml) publishes **cosign-signed** images with
> **SPDX SBOM attestations** to GHCR (`ghcr.io/olafkfreund/bifrost-{api,portal}`) on each
> tagged release — pull and `cosign verify` instead of building. See
> [`deploy/`](deploy/#images) for the pull + verify recipe. Until the first tag is cut, build
> from source with the command above.
## Getting started (contributors)
On NixOS (or any machine with Nix + flakes), the dev shell provides the whole
toolchain — the pinned Rust toolchain, Node 22, `gh`, `azure-cli`, and the Docker
client:
```bash
nix develop # enter the Bifrost dev shell (honours rust-toolchain.toml)
cargo test --workspace # full suite green (100+ tests)
cd portal && npm ci && npm run dev # portal (mock data) at http://localhost:5173
```
The GitHub Actions Importer isn't in nixpkgs (it's a `gh` extension + Docker
image); install it once into your writable home:
```bash
gh extension install github/gh-actions-importer
gh actions-importer configure # uses GITHUB_TOKEN + AZDO_PAT
```
Tokens (ADO PAT, GitHub token) live in a gitignored `.envrc` — `source .envrc`.
Work is issue-driven and milestone-ordered; see [`CONTRIBUTING.md`](CONTRIBUTING.md)
for the workflow (Conventional Commits, one PR per issue) and [`CLAUDE.md`](CLAUDE.md)
for the architecture and hard rules.
## Stack (target)
Rust (axum · tokio · sqlx) · Postgres / SQLite · official Importer Docker image ·
React + TS + Vite + Tailwind + Monaco · GitHub App + Entra ID OIDC · Docker Compose → Helm.
## License
[MIT](LICENSE) © 2026 Olaf K. Freund