Skip to content
decoct

Integration

decoct fits into existing infrastructure workflows. This guide covers CI/CD pipelines, pre-commit hooks, shell pipelines, and MCP tool server integration.

CI/CD

GitHub Actions

name: Config Conformance Check
on:
  pull_request:
    paths: ['*.yaml', '*.yml', 'configs/**']


jobs:
  config-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.12'
      - run: pip install decoct
      - name: Check config conformance
        run: |
          decoct compress configs/ \
            --recursive \
            --profile docker-compose \
            --stats \
            --show-removed

GitLab CI

config-check:
  image: python:3.12-slim
  stage: validate
  script:
    - pip install decoct
    - decoct compress docker-compose.yml --profile docker-compose --stats --show-removed
  rules:
    - changes:
        - docker-compose.yml
        - configs/**/*.yaml

Pre-Commit Hooks

Using the pre-commit framework

repos:
  - repo: local
    hooks:
      - id: decoct-secrets
        name: Check for secrets in configs
        entry: bash -c 'for f in "$@"; do decoct compress "$f" --stats-only 2>&1; done'
        language: system
        files: '\.(yaml|yml|json)$'
        additional_dependencies: ['decoct']

Shell script hook

Save as .git/hooks/pre-commit (chmod +x):

#!/usr/bin/env bash
set -e
staged_configs=$(git diff --cached --name-only --diff-filter=ACM | grep -E '\.(yaml|yml|json)$' || true)
if [ -z "$staged_configs" ]; then exit 0; fi


echo "Running decoct secret check on staged config files..."
for file in $staged_configs; do
    output=$(decoct compress "$file" --show-removed 2>&1 1>/dev/null)
    if echo "$output" | grep -q "strip-secrets"; then
        echo "WARNING: Potential secrets detected in $file" >&2
        echo "$output" | grep -A5 "strip-secrets" >&2
        exit 1
    fi
done
echo "No secrets detected in config files."

Shell Pipelines

decoct reads from stdin when no file arguments are given, so it integrates naturally with shell pipelines.

Kubernetes

Terminal window
# Compress a single deployment
kubectl get deployment myapp -o yaml | decoct compress --schema kubernetes


# Compress all deployments in a namespace
kubectl get deployments -o yaml | decoct compress --schema kubernetes --stats


# Save for LLM context
kubectl get deployment myapp -o yaml \
  | decoct compress --schema kubernetes -o myapp-compressed.yaml

Terraform

Terminal window
# Compress state for LLM analysis
terraform show -json | decoct compress --schema terraform-state


# Compress plan output
terraform show -json tfplan | decoct compress --stats

Docker

Terminal window
# Compose config through decoct
docker compose config | decoct compress --schema docker-compose --stats

Ansible

Terminal window
# Compress a playbook
decoct compress playbook.yaml --schema ansible-playbook --stats

Chaining with other tools

Terminal window
# Compress and pipe to an LLM CLI
decoct compress k8s-manifest.yaml --schema kubernetes | llm "Review this deployment"


# Diff original vs compressed
diff <(cat docker-compose.yaml) \
     <(decoct compress docker-compose.yaml --schema docker-compose)

MCP Tool Server

decoct can be exposed as an MCP tool, allowing LLM agents to compress infrastructure data before inserting it into their context window:

from io import StringIO
from ruamel.yaml import YAML
from decoct.pipeline import Pipeline
from decoct.passes.strip_secrets import StripSecretsPass
from decoct.passes.strip_comments import StripCommentsPass
from decoct.passes.strip_defaults import StripDefaultsPass
from decoct.passes.prune_empty import PruneEmptyPass
from decoct.schemas.loader import load_schema
from decoct.schemas.resolver import resolve_schema
from decoct.tokens import create_report


def compress_config(yaml_text: str, schema_name: str | None = None) -> dict:
    """Compress infrastructure YAML for LLM context."""
    yaml = YAML(typ="rt")
    doc = yaml.load(yaml_text)


    passes = [StripSecretsPass(), StripCommentsPass()]
    if schema_name:
        schema = load_schema(resolve_schema(schema_name))
        passes.append(StripDefaultsPass(schema=schema))
    passes.append(PruneEmptyPass())


    Pipeline(passes).run(doc)


    stream = StringIO()
    yaml.dump(doc, stream)
    compressed = stream.getvalue()
    report = create_report(yaml_text, compressed)


    return {
        "compressed": compressed,
        "input_tokens": report.input_tokens,
        "output_tokens": report.output_tokens,
        "savings_pct": round(report.savings_pct, 1),
    }

Register this function with your MCP server framework. Secret redaction runs automatically.

Caching

decoct is fully deterministic: same input + same schema + same assertions = same output. Cache compressed output alongside source configs using file modification timestamps or content hashes as cache keys.

For batch processing, use directory mode (decoct compress ./configs/ --recursive) which loads schemas once rather than per-file.