claude
A variant of Monorepo Management Tool.
View the interactive variant page →
Monorepo Management Tool
Part of the worlds-biggest-software-project initiative.
An AI-native, polyglot monorepo platform with intelligent build orchestration, affected-package detection, and first-class SBOM support — without locking you into a single language ecosystem or a commercial cloud.
Monorepo Management Tool is an open-source build orchestration and dependency management platform for engineering teams running multiple services, libraries, or applications in a single repository. It is designed for platform and DevEx engineers who need reproducible incremental builds, accurate affected-package scoping, and AI-assisted CI across JavaScript, Python, Go, Rust, and JVM codebases — in one tool, not five.
Why Monorepo Management Tool?
- JS/TS lock-in is the norm, not the exception. Turborepo and Nx — the two most widely adopted tools (combined ~7M weekly downloads) — provide minimal or no support for Go, Python, or Rust. Teams with mixed-language repositories are forced to assemble Bazel, Changesets, and custom CI scripts manually.
- Bazel scales, but at significant cost. Bazel delivers unmatched build hermeticity and polyglot support, but the documentation gap (the top community complaint at BazelCon 2025) and 6–24 month migration timelines make it inaccessible for most organisations.
- Commercial ceilings arrive quickly. Nx Cloud caps the free tier at 300 CI pipeline executions per month before billing starts at $249/month. Develocity's advanced caching and analytics are enterprise-only with no published pricing. Open-source alternatives lack distributed execution entirely.
- SBOM compliance is universally bolted on. No mainstream monorepo tool generates per-package Software Bills of Materials as a first-class build output. EU CRA Article 20 requires 10-year SBOM retention; every team integrates Syft or cdxgen externally, with no awareness of the monorepo's package graph.
- AI integration is shallow or absent. Nx's MCP server (2025) is the only production implementation that exposes workspace graph data to AI assistants. Turborepo and Bazel are completely AI-blind. Self-healing CI remains rudimentary across all tools.
Key Features
Dependency Graph & Affected Detection
- Accurate DAG construction across all supported languages from source imports
- Affected-package detection scoping builds and tests to transitively impacted projects only
- AI-assisted prediction layer trained on historical CI outcomes to prune false positives from static graph traversal
- Natural language workspace queries via MCP server ("which packages are affected by this change?")
Task Orchestration & Caching
- Topological task scheduling with configurable parallelism
- Content-addressed local build cache with deterministic input hashing
- Remote cache sharing across CI agents and developer machines (self-hosted and managed options)
- Distributed task execution across dynamic CI agent pools
Polyglot Support
- First-class support for JavaScript/TypeScript, Python, Go, and Rust; extensible rule system for additional languages
- Unified versioning and publishing pipeline spanning multiple language registries (npm, PyPI, Go module proxy, crates.io)
- Toolchain version pinning per workspace, eliminating drift between developer machines and CI
AI-Native Capabilities
- MCP server exposing workspace graph, project metadata, and task configuration to AI assistants
- Autonomous CI failure triage: correlates failures across the distributed task graph and identifies root-cause packages
- AI-generated dependency upgrade PRs with per-package impact forecasting
- Workspace topology recommendations derived from import graphs, team ownership, and change frequency
Security & Compliance
- Native per-package SBOM generation in SPDX and CycloneDX formats as a first-class build output
- Security-aware dependency graph: CVE and licence findings scoped to the specific packages affected, not the entire repository
- Architectural constraint enforcement preventing invalid cross-package imports
AI-Native Advantage
Current tools detect affected packages via deterministic static graph traversal — if file A imports B, every dependent of B is marked affected, regardless of whether the change is a comment edit or a behavioural regression. By training on historical CI pass/fail data, this project can learn which changes actually cause downstream failures and prune unnecessary test runs, reducing CI time without sacrificing coverage. Beyond build scoping, an AI agent can autonomously triage failures, correlate patterns across the distributed task graph, and generate targeted patch PRs — closing the loop that today requires human intervention after every flaky pipeline.
Tech Stack & Deployment
The tool targets self-hosted deployment as a first-class mode; a managed cloud option is planned for teams without dedicated platform infrastructure. Future networked remote-cache transports aim to interoperate with existing self-hosted cache backends (such as BuildBuddy, EngFlow, or NativeLink). Build observability is exported via OpenTelemetry (OTLP) for compatibility with existing monitoring stacks. SBOM outputs conform to SPDX and CycloneDX standards. The AI layer exposes workspace data to assistants through the Model Context Protocol (MCP).
Market Context
The broader software development tools market was valued at $7.47 billion in 2025 and is projected to reach $8.78 billion in 2026 at ~16% CAGR (Mordor Intelligence and others). Approximately 63% of companies with 50 or more developers have adopted monorepos (2026 industry survey). Primary buyers are platform and DevEx engineers at 50–500 person engineering organisations, staff engineers tasked with reducing CI cost, and engineering managers consolidating polyrepo estates. Existing commercial tools price from $249/month (Nx Cloud) to undisclosed enterprise contracts (Develocity), leaving a clear open-source gap for teams that need distributed caching and polyglot support without a SaaS dependency.
Project Status
A working command-line implementation is available, built feature-by-feature from the specifications in
specs/. Contributions, feedback, and domain expertise are welcome.
The CLI (monorepo) currently ships:
| Capability | Command | Spec |
|---|---|---|
| Package discovery, dependency graph, cycle detection | monorepo graph | 001 |
| Task orchestration (topological, parallel) + content-addressed local cache | monorepo run | 001 |
| Affected-package detection vs a Git baseline | monorepo affected | 001 |
| Polyglot dependency scanning (TS/JS, Python, Go, Rust + cross-language) | monorepo graph | 002 |
| Architectural constraint enforcement | monorepo check | 003 |
| Per-package SBOMs (SPDX + CycloneDX) | monorepo sbom | 004 |
| Versioning & publishing (Conventional Commits, dependency-ordered) | monorepo release | 005 |
| Vulnerability scanning against an offline advisory database, severity-gated | monorepo scan | 006 |
| Remote shared cache (token-auth, integrity-verified, degrades to local) | monorepo run --remote-cache | 007 |
| AI query interface (read-only MCP server over stdio) | monorepo mcp | 008 |
See the getting-started guide, CLI reference, and configuration reference for usage — plus topic guides for CI, the remote cache, releasing, security, and the MCP/AI interface.
Some elements of the long-term vision above remain forward-looking and are not yet implemented — notably AI predictive test-pruning (the current MCP interface is read-only and never shrinks the deterministic affected set), distributed task execution, networked remote-cache transports, OpenTelemetry observability, and a managed cloud offering.
Contributing
We welcome contributions from developers, domain experts, and potential users. See CONTRIBUTING.md for guidelines.
Important: All contributions must be your own original work or clearly attributed open-source material with a compatible licence. Copyright infringement and licence violations will not be tolerated and will result in immediate removal of the offending contribution. If you are unsure whether a piece of code, text, or other material is safe to contribute, open an issue and ask before submitting.
Licence
Licence to be determined. See discussion for context.