Show HN: Rainy Updates – local-first dependency and supply-chain review for CI

Hi HN — I built Rainy Updates as a deterministic review operator for dependency and supply-chain changes.

It started around Node monorepo dependency review, but v0.7.0 expands the scope with: - cross-stack supply-chain scanning for Docker, GitHub Actions, Terraform, and Helm - normalized findings for review and CI automation - attestation verification with deterministic verdicts: allow / review / block - local MCP-compatible tools for non-mutating agent workflows

The core idea is to make software change review more deterministic before CI moves things forward.

I’d especially love feedback on: - whether this feels meaningfully different from PR-first dependency automation - what’s still missing for real CI usage - whether the local + MCP review model is actually useful in practice