MendoraCI

The problem CI/CD failures are a tax engineering teams pay daily. DORA 2025 shows that AI-assisted coding increases delivery instability — pipelines fail more, debugging gets noisier, and the trail of who-fixed-what-and-why dissolves into Slack threads. For regulated industries, this becomes a compliance liability the moment EU AI Act Article 12 logging obligations bind in August 2026. What MendoraCI does MendoraCI is an enterprise-grade reliability platform that sits beside the CI runner — not inside it — ingesting failure artifacts from GitHub Actions, Jenkins, CircleCI, GitLab CI, and Buildkite. For each failure it produces: Deterministic secret masking before any AI ever sees the log Root-cause classification across 12 classes, powered by IBM Bob Repair plan with hypothesis, steps, blast-radius and rollback — never auto-applied HITL approval ledger with HMAC-signed records and 20-character justification Immutable evidence ZIP with hash-chained manifest, 10-year object-lock retention Why IBM Bob Bob's repo-aware reasoning is structurally load-bearing — only an LLM with context over the full repo + log + history can classify a novel error shape and propose a defensible repair plan. A rules-only fallback (rca_fallback_v1) ships as a safety net but caps at ~58% accuracy vs. the 92% EVAL-001 target. Quantified value (per 200-developer enterprise, year 1) −60% MTTR on CI failures (4.2h → 1.7h) −50% flake recurrence at 90 days 100% evidence completeness for SOC 2 / ISO 27001 / EU AI Act audits ~$3.5M annualized recapture across MTTR, debugging effort, audit prep, and approval cycle time Compliance posture Mapped to EU AI Act Articles 12, 14, and 18; SOC 2 CC1–CC9; ISO 27001 and 42001:2023; GDPR. Per-tenant KMS DEKs, Postgres RLS, deny-on-fail masking, signed approvals, signed evidence packs — all verifiable offline.