EXTENSIONS

GitHub Actions secret management via the local gh CLI. Supports repo-level, environment-scoped, and organization-scoped secrets with fan-out, code-search discovery, and a dry-run mode on the org-level setter. No PAT, GitHub App, or vault-held token required — auth comes from the operator's existing gh session.

ASCII-armored OpenPGP private key operations via the local gpg binary — inspect, extend expiry, sign-and-verify, upload to keyserver. Runs each invocation against an ephemeral GNUPGHOME so the host keyring is never touched. Auto-detects raw armored or base64-encoded armored key material on import (works around vault providers that strip newlines from multi-line field values).

GitHub pull-request and file-commit operations. Octokit-backed PR creation, merging, and fan-out across repos, plus gh-CLI-backed commitFile (branch creation + single-file commit) and openPullRequest (PR opening from an existing head→base pair) for one-shot file updates without a local checkout or token. dryRun supported on commitFile and openPullRequest.

GitHub models for swamp. Currently provides @hivemq/github/token, which audits a single GitHub token.

Manage Honeycomb SLOs, SLI derived columns, burn alerts, queries, query annotations, and triggers via the v1 Configuration API

Run Claude Code (and other workloads) inside a macOS apple/container sandbox.

Full-lifecycle handling of macOS installer packages (.pkg) by wrapping the native Apple toolchain.

Two-stage adversarial code review extension for swamp. Fans out across N