chore(deps): update actions/upload-artifact action to v7.0.1 by dreadnode-renovate-bot[bot] · Pull Request #187 · dreadnode/ares

dreadnode-renovate-bot · 2026-04-15T19:21:09Z

This PR contains the following updates:

Package	Type	Update	Change
actions/upload-artifact	action	patch	`v7.0.0` → `v7.0.1`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

actions/upload-artifact (actions/upload-artifact)

`v7.0.1`

Compare Source

What's Changed

Update the readme with direct upload details by @danwkennedy in #795
Readme: bump all the example versions to v7 by @danwkennedy in #796
Include changes in typespec/ts-http-runtime 0.3.5 by @yacaovsnc in #797

Full Changelog: actions/upload-artifact@v7...v7.0.1

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled because a matching PR was automerged previously.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

…tools **Added:** - Introduced main investigation orchestrator using Dreadnode Agent SDK with detailed system instructions and multi-stage SOC workflow logic - `agent.py` - Implemented MITRE ATT&CK STIX/TAXII client for dynamic technique/tactic retrieval, relationships, and keyword search - `mitre.py` - Developed question engines: MITRE Navigator (attack lifecycle/gaps) and Pyramid of Pain Climber (IOC to TTP elevation), with composite prioritization logic - `engines.py` - Added full investigation state models, including evidence, questions, timeline, pyramid levels, and investigation stages - `models.py` - Created modular toolsets for Loki, Prometheus, Grafana, investigation state management, MITRE lookups, and question engine interaction - `tools.py` - Provided markdown report generator for investigation results, including timeline, MITRE mapping, Pyramid of Pain analysis, scope, and recommendations - `report.py` - Implemented main CLI entrypoint with argument parsing, polling loop, and alert investigation logic using Cyclopts and Dreadnode - `main.py` - Added `src/__main__.py` for `python -m ares` CLI execution - Set package version to 0.1.0 in `__init__.py` **Changed:** - Updated package docstring in `__init__.py` to reflect the Ares project name and purpose **Removed:** - Removed example placeholder code in `example.py` to clean up template content

**Added:** - Introduced `CHANGELOG.md` documenting initial release features: Ares agent, MITRE ATT&CK Navigator, Pyramid of Pain Climber, integrations with Grafana, Loki, Prometheus, investigation workflow, markdown reports, parallel queries, Dreadnode SDK integration **Changed:** - Replaced Python project template README with comprehensive overview of Ares SOC agent, key features, architecture diagram, installation, usage, workflow, question engines, reporting, development, configuration, observability, and contribution guidelines - Updated `docs/index.md` to document Ares, provide quick links, overview, key capabilities, getting started, repository layout, and development info - Improved `docs/contributing.md` to reference the correct repository and directory names for Ares instead of the previous template - Enhanced `RENOVATE_TESTING.md` for clarity, consistent formatting, and improved environment variable documentation - Improved wording and line wrapping in `SECURITY.md` for clearer reporting instructions **Removed:** - Deleted `docs/topics/project-from-template.md` to remove legacy template instructions no longer relevant for the Ares project

**Added:** - Introduced area/assets, area/scripts, area/src, and area/templates labels in labeler configuration to match new directory structure **Changed:** - Updated labeler rules to detect changes in assets, scripts, src, and templates directories - area/workspace rule unchanged but moved for organizational clarity **Removed:** - Removed area/dev label and its rule to reflect removal of the dev directory and better align with current project organization

| datasource | package | from | to | | ---------- | ------------ | ------ | ----- | | pypi | mkdocstrings | 0.30.1 | 1.0.0 | Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

**Added:** - Added documentation for setting up Grafana MCP integration, including install steps, authentication, JSON configuration, service account creation, and config location in `docs/topics/grafana-mcp-setup.md` **Removed:** - Removed example test for greet function from `tests/test_example.py` to clean up unused test files

…age options **Added:** - Added section on verifying installation location of `mcp-grafana` binary - Provided instructions for adding `grafana` integration using the full path to the binary for improved reliability **Changed:** - Reorganized usage instructions to clarify command options and recommended practices - Updated examples to distinguish between using binary in PATH and specifying full path - Clarified authentication steps and improved environment variable explanations **Removed:** - Removed outdated JSON format example for adding `grafana` integration

**Key Changes:** - Refactored all agent toolsets into modular files under `src/tools/` - Improved type annotations, docstrings, and comments for maintainability - Updated agent and core to use new toolset structure - Enhanced README and added new docs for Taskfile and Grafana MCP usage **Added:** - Modular toolsets: - `src/tools/observability.py`: Loki and Prometheus tools with detailed docstrings - `src/tools/grafana.py`: Grafana alerting tools and MCP connection logic - `src/tools/investigation.py`: Investigation state management and question engines - `src/tools/mitre.py`: MITRE ATT&CK lookup tools - `src/tools/actions.py`: Investigation completion and escalation actions - `src/tools/__init__.py`: Toolset exports for clean imports - Core agent factory: - `src/core/create.py` and `src/core/__init__.py`: Centralized agent creation logic - Developer and usage documentation: - `docs/taskfile_usage.md`: Taskfile command usage and troubleshooting - `docs/grafana_mcp_usage.md`: Guide for Grafana MCP integration and query patterns - `tests/README.md`: Test coverage for MCP and Windows attack queries **Changed:** - Refactored `src/agent.py` to use `create_investigation_agent` from `src/core` - Updated agent toolset injection to support MCP tools and new modular imports - Rewrote all toolset docstrings for clarity and standardization - Enhanced type hints throughout models, engines, mitre, and report modules - Improved README with quick start, variable tables, and detailed CLI/taskfile usage - Expanded and updated `.gitignore` for project-specific directories - Upgraded `pyproject.toml`: - Renamed project to `ares` - Reorganized dependency groups and extras - Modernized build and lint/test config for better type checking and formatting - Improved script and test annotations for mypy/pytest compatibility **Removed:** - Deleted monolithic `src/tools.py` in favor of modular toolset files - Removed redundant tool and hook definitions in favor of new structure - Eliminated unused imports and legacy argument fields from agent and main

| datasource | package | from | to | | ---------- | ---------- | ----- | ----- | | pypi | pre-commit | 4.5.0 | 4.5.1 | Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com> Co-authored-by: Jayson Grace <jayson.e.grace@gmail.com>

…4.10 (#11) | datasource | package | from | to | | ----------- | ------------------------- | ------- | -------- | | github-tags | astral-sh/ruff-pre-commit | v0.14.9 | v0.14.10 | Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

| datasource | package | from | to | | ----------- | ------------------------- | ------- | ------- | | github-tags | renovatebot/github-action | v44.1.0 | v44.2.1 | Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

| datasource | package | from | to | | ----------- | ---------------- | ------ | ------- | | github-tags | rhysd/actionlint | v1.7.9 | v1.7.10 | Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

| datasource | package | from | to | | ----------- | ------------------------- | ------- | ------- | | github-tags | renovatebot/github-action | v44.2.1 | v44.2.2 | Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

| datasource | package | from | to | | ----------- | ------------------------- | ------- | ------- | | github-tags | renovatebot/github-action | v44.2.2 | v44.2.3 | Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

…gration (#16) **Key Changes:** - Introduced a Jinja2-based template loader for all AI prompt text - Migrated agent, engine, tool, and report prompts to Markdown Jinja2 templates - Centralized Pyramid of Pain climbing strategies in a YAML config - Refactored major prompt generation code to use template rendering **Added:** - Jinja2 template loader utility (`src/templates.py`) with singleton access and template discovery - Markdown-based prompt templates for agent instructions, alerts, engines, tools, and reports in `templates/` - YAML configuration for Pyramid of Pain climb strategies (`templates/engines/climb_strategies.yaml`) - Comprehensive documentation for prompt templates and integration in `docs/prompt_templates.md` - Extensive test suite for template system, loader, and integrations (`tests/test_templates.py`) **Changed:** - Prompt generation in `src/agent.py` and `src/core/create.py` now uses Jinja2 templates instead of hardcoded strings - MITRE and Pyramid engines in `src/engines.py` render investigative questions using templates and YAML-configured strategies - Host and user investigation suggestions in `src/tools/investigation.py` now rendered from tool templates - Markdown report headers in `src/report.py` use Jinja2 templates for section rendering - All relevant modules import and utilize the new `get_template_loader()` function for prompt generation **Removed:** - All legacy hardcoded Markdown and instructional prompt strings from agent, core, engines, and tools - Static in-code Pyramid of Pain climbing strategies, now sourced from YAML configuration

#9) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [pre-commit/mirrors-mypy](https://redirect.github.com/pre-commit/mirrors-mypy) | repository | patch | `v1.19.0` → `v1.19.1` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://redirect.github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>pre-commit/mirrors-mypy (pre-commit/mirrors-mypy)</summary> ### [`v1.19.1`](https://redirect.github.com/pre-commit/mirrors-mypy/compare/v1.19.0...v1.19.1) [Compare Source](https://redirect.github.com/pre-commit/mirrors-mypy/compare/v1.19.0...v1.19.1) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled because a matching PR was automerged previously. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

**Changed:** - Disabled automated updates for python dependencies managed by poetry and pip by setting `enabled: false` in Renovate configuration to prevent unintended updates

…18) **Changed:** - Added repository_dispatch trigger for template-sync events - Removed schedule and push triggers - Removed target_gh_token parameter - Simplified concurrency group

The action requires target_gh_token to authenticate PR creation in the target repository. Without it, the gh CLI defaults to GITHUB_TOKEN which lacks PR creation permissions.

…ture project for dual-mode operations (#22) **Key Changes:** - Added a fully autonomous Red Team agent with pentesting tools, golden ticket, BloodHound, and ADCS exploitation - Unified blue and red team agent architecture under a single `ares` package with shared core, integrations, and templates - Enhanced blue team agent with precursor investigation logic and improved MITRE/detection recipe chaining - Major project restructuring: moved all code to `src/ares`, modularized tools, agents, reports, and templates **Added:** - Autonomous Red Team agent (`RedTeamOrchestrator`) supporting Active Directory enumeration, credential harvesting, share pilfering, password cracking, BloodHound, ADCS (Certipy), delegation attacks, and golden ticket workflows - `src/ares/agents/red/`, `src/ares/tools/red/`, `src/ares/reports/redteam.py` - Unified core agent creation and state models for both blue and red team workflows - `src/ares/core/` - Comprehensive attack chain and detection recipe YAMLs for MITRE-based precursor and detection question generation - `templates/engines/attack_chains.yaml`, `templates/engines/detection_recipes.yaml` - Extensive Jinja2 prompt templates for red team agents, cracker, share pilfer, golden ticket, and reporting - `templates/redteam/agents/`, `templates/redteam/reports/` - Red team tasks in `Taskfile.yaml` for orchestrating pentests, EC2 discovery, and SSM log monitoring - Documentation covering dual blue/red workflows, attack chain logic, and red team usage (`README.md`, `docs/`) **Changed:** - Refactored blue team agent and tool APIs to use new `ares` core, models, and templates (e.g., `src/agent.py` → `src/ares/agents/blue/soc_investigator.py`) - Enhanced investigation prompt logic to always extract MITRE techniques and generate precursor questions - Improved LogQL query validation, progressive log search, and time handling in blue team tools - Unified toolset registration and state management for both agent types - Updated build, packaging, and script entry points to use `ares` namespace throughout (`pyproject.toml`, `Taskfile.yaml`) - Updated documentation, task usage, and templates to reflect red/blue duality and new command/task structure - Blue team agent now prioritizes precursor investigation and detection recipes based on attack chain definitions **Removed:** - Deprecated `src/` root module files and legacy single-agent structure - Obsolete blue team-only tool wrappers and duplicated logic (migrated to new modular toolsets) - Legacy `main.py`, `agent.py`, and old-style `tools/` modules (replaced with `src/ares/main.py` and modular imports) - Unused or redundant code paths now handled by the shared core and templates

…4.11 (#24) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [astral-sh/ruff-pre-commit](https://redirect.github.com/astral-sh/ruff-pre-commit) | repository | patch | `v0.14.10` → `v0.14.11` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://redirect.github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>astral-sh/ruff-pre-commit (astral-sh/ruff-pre-commit)</summary> ### [`v0.14.11`](https://redirect.github.com/astral-sh/ruff-pre-commit/releases/tag/v0.14.11) [Compare Source](https://redirect.github.com/astral-sh/ruff-pre-commit/compare/v0.14.10...v0.14.11) See: <https://github.com/astral-sh/ruff/releases/tag/0.14.11> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

…gation coverage (#26) **Key Changes:** - Introduced a red-blue correlation engine to assess detection coverage and gaps - Added investigation result persistence and learning system with SQLite backend - Implemented learning tools for querying past investigations and query effectiveness - Enhanced blue agent workflow with query rate limiting, improved evidence handling, and robust timeouts **Added:** - Red-Blue Correlation Engine: New `src/ares/core/correlation.py` parses red and blue reports, correlates activities to detections, generates gap/coverage reports, and outputs markdown - Investigation Persistence: `src/ares/core/persistence.py` provides SQLite-backed storage for investigation results, query effectiveness stats, and similarity lookup - Learning Tools: `src/ares/tools/blue/learning.py` exposes tools for querying historical investigations, effective queries, and false positive patterns for agent learning - Query Resilience: `src/ares/core/query_resilience.py` adds automatic retry, time range reduction, and chunking for large log queries - Remote Command Execution: `src/ares/core/remote.py` enables AWS SSM-based remote execution for red team tools, with robust SSO credential validation - Comprehensive red-blue correlation and learning tests: `tests/test_correlation.py`, `tests/test_persistence.py`, `tests/test_learning.py`, `tests/test_query_resilience.py` - Query template tools: `src/ares/tools/blue/query_templates.py` provides pre-built LogQL queries mapped to MITRE techniques **Changed:** - Blue agent now enforces strict query rate limiting (default 5 per investigation), duplicate query detection, and improved evidence extraction - Investigation orchestrator adds watchdog thread for hard timeouts and generates partial reports on timeout - Taskfile and documentation updated for new log/coverage workflow, reduced default max steps, and log management commands - Agent system instructions and investigation prompt templates improved for IOC extraction and anti-loop guidance - Red team agent tools now execute on remote Kali via SSM, with robust error handling and output parsing - Blue agent now records executed queries and integrates query effectiveness into persistence/learning - Added `boto3` as a required dependency **Removed:** - Legacy local subprocess usage for red team tools; all execution now via remote SSM executor - Unused aiobotocore/aioitertools dependencies from lockfile to resolve S3 compatibility

…stigations (#27) **Key Changes:** - Introduced evidence validation against recent query results to improve provenance - Implemented adaptive query limits with bonus queries for productive investigations - Added tools for parallel LogQL queries and efficient pattern combination - Enhanced Grafana integration with investigation lifecycle annotations **Added:** - Evidence validation module that: - Stores recent query results and extracted IOCs for provenance checks - Validates evidence values and adjusts confidence based on validation - Provides a tool for auto-extracted IOCs to guide evidence recording - Support for parallel LogQL queries via `execute_parallel_queries` tool, enabling efficient batch querying for independent investigations - Tool `combine_query_patterns` to merge multiple regex patterns into a single LogQL query for better efficiency - Grafana annotation posting for investigation start, completion, timeout, and failure events, including summary details **Changed:** - Blue agent query management: - Reworked query limit logic to use adaptive, stage-based budgets with bonus queries for finding evidence and reaching higher Pyramid of Pain levels - Only queries returning results count against the investigation's query budget - All query attempts (successful and failed) are tracked for observability - Evidence recording flow: - Automatically validates evidence against stored query results and marks as validated/unvalidated - Reduces confidence score for unvalidated evidence - Records provenance by linking evidence to source query ID - Investigation tools: - `record_evidence` now returns validation status and logs validation metrics - New tool `get_suggested_evidence` exposes auto-extracted IOCs from queries - Updated system instructions to strongly encourage use of parallel and combined queries for efficiency, with concrete examples **Removed:** - No major removals; existing sequential query patterns are now discouraged in favor of new parallel and combined query tools

**Key Changes:** - Refactored core SOC and red team data models to inherit from rigging's Model - Enabled automatic serialization, LLM output parsing, and XML export for models - Added comprehensive tests covering all models and parsing utilities - Re-exported rigging parsing utilities directly from the models module **Added:** - Test suite for ares.core.models - Introduced `tests/test_models.py` to validate model creation, serialization (dict/XML), computed fields, parsing utilities, and pydantic validation across all SOC and red team models **Changed:** - Core data models (`Evidence`, `TimelineEvent`, `InvestigativeQuestion`, `Target`, `Host`, `User`, `Credential`, `Hash`, `Share`) now inherit from rigging's Model for enhanced serialization and XML/LLM parsing - Switched from dataclasses to Model-based classes, enabling model validation, `.model_dump()`, `.model_validate()`, and `.to_xml()` methods - Updated field definitions to use rigging's `wrapped` and `element` utilities for robust XML/LLM parsing, especially for lists of strings - `to_dict` methods updated to use Model's `model_dump(mode="json")` for backward compatibility and consistent output - Re-exported rigging parsing utilities (`parse`, `parse_many`, `parse_set`, `try_parse`, etc.) in `ares.core.models` for convenient import and usage - Expanded module docstring with usage examples and improved documentation **Removed:** - Legacy dataclass usage and manual default factories for fields in all models - Custom `to_dict` implementations replaced with Model's serialization methods - Redundant or obsolete imports and docstring content to streamline the module

**Changed:** - Removed coverage badge image and workflow references from README to streamline displayed badges and reflect removal of related automation **Removed:** - Deleted `.github/workflows/coverage-badge.yaml`, removing automated badge generation on workflow completion - Deleted `.github/badges/coverage.svg`, eliminating the generated coverage badge asset

**Changed:** - Update EC2 instance resolution to handle multiple targets and report count in Taskfile.yaml - Revise initial agent task template to support and clearly list multiple target IPs, updating instructions to perform enumeration and scanning on all provided targets

…estigation enhancements (#29) **Key Changes:** - Added alert correlation engine for clustering and contextualizing related alerts - Introduced lateral movement analysis with host connection graph and pivot suggestions - Enhanced evidence extraction and validation with auto-IOC detection from queries - Increased investigation query limits and improved investigation workflow for scope analysis **Added:** - Alert correlation engine for grouping related alerts by hosts, users, IPs, and techniques, providing context for investigations (`alert_correlation.py`) - Lateral movement analysis module with host-to-host connection graph, detection of lateral movement patterns, and pivot suggestions for investigation expansion (`lateral_analyzer.py`) - Automatic evidence extraction from query results, including classification and confidence boosting for high-quality IOCs - Investigation tools for analyzing lateral movement, recording host connections, and retrieving correlated alert context - Extensive tests for alert correlation and lateral movement analysis to ensure robust clustering and pivot logic **Changed:** - Investigation orchestrator and state to include correlation context and lateral movement graph, enabling richer investigation context and scope tracking - Investigation agent factory logic to: - Increase query and tool call limits for deeper investigations - Adaptively grant more queries as productive evidence is found - Auto-extract IOCs from query results and add them to the evidence pool, reducing reliance on LLM extraction alone - Query resilience executor to start with smaller time ranges and faster timeouts for more reliable querying (especially with mcp-grafana's 10s timeout) - Investigation completion tools to generate a more comprehensive and structured fallback synopsis, summarizing alert context, MITRE techniques, evidence by pyramid level, lateral movement, and confidence - Query templates to use a 4-hour default lookback window instead of 24 hours for more focused detection - System instructions for agents to enforce a mandatory lateral analysis workflow, including correlation, pivoting, and attack path mapping

…ls (#30) **Key Changes:** - Refactored query construction to prioritize label selectors for better Loki performance - Reduced default log query range from 4 hours to 1 hour for faster results - Replaced broad regex and line filters with more targeted event and tool filters - Centralized and documented query-building logic for maintainability **Added:** - Optimized query builder methods in `QueryTemplateTools`: - `_build_selector`: Composes efficient label selectors, prioritizing narrow host/job filters as recommended by Grafana Loki best practices - `_build_event_filter`: Selectively filters by event IDs using contains or simple regex for performance - `_build_pattern_filter`: Generates case-insensitive regex filters for attacker/tool patterns **Changed:** - Default query label selector is now `{job=~".+"}` with an option to override using `default_label_selector` for better targeting - Default query time range reduced to 1 hour via `default_hours_back` for speedier queries (configurable per query) - All detection methods now: - Use optimized label selectors for host/job targeting rather than line-based regex - Place event ID filters before tool/pattern filters for greater selectivity - Use contains (`|=`) before regex (`|~`) wherever possible for faster matching - Accept `hours_back` as an optional parameter, defaulting to the optimized value - In detection functions (e.g., `detect_port_scanning`, `detect_brute_force`), reorganized the logical construction of queries for clarity and efficiency, and updated docstrings to reflect the new defaults and optimizations - Host and user activity functions now leverage `_build_selector` for label targeting instead of regex line filters, improving query performance and readability - Added extensive inline documentation explaining Loki query optimization rationale throughout the query template code **Removed:** - Deprecated line-based regex host filters (e.g., `hostname=~".*host.*"`) in favor of direct label selectors - Obsolete multi-hour (4h) query defaults for all detection methods, replaced by a 1-hour default to minimize load and improve responsiveness Addresses CAP-834

…dencies (#31) **Key Changes:** - Added a comprehensive pytest-based test suite covering core modules and tools - Introduced `pytest-mock` and `pytest-xdist` to dev dependencies for advanced testing - Updated `poetry.lock`, `pyproject.toml`, and `uv.lock` to reflect new and upgraded dependencies - Enhanced compatibility with Python 3.11+ and modern test runners **Added:** - Extensive test suite under `tests/` directory: - Covers factories, models, evidence validation, investigation flows, learning, correlation, network/red/blue tools, observability, MITRE integration, persistence, reporting, and entrypoints - Uses `pytest` for test discovery and execution - Employs `pytest-mock` for flexible mocking and isolation of external dependencies - Supports parallel and distributed testing via `pytest-xdist` - New dev dependencies in `pyproject.toml`: - `pytest-mock` for easy mocking of objects and functions in tests - `pytest-xdist` for parallel test execution - Corresponding updates to `poetry.lock` and `uv.lock` to lock these packages and their dependencies **Changed:** - Updated `pyproject.toml` to include the new test dependencies with version constraints - Regenerated `poetry.lock` and `uv.lock` files to reflect: - New dev dependencies (`pytest-mock`, `pytest-xdist`) - Dependency upgrades and expanded dependency metadata for reproducibility - Improved test fixture management and isolation for reproducible results - Updated badge handling in the README template for test status

…33) **Key Changes:** - Introduced `create_detection_rule` tool for automated Grafana alert rule creation - Updated agent instructions to include advanced alert rule creation workflow - Enforced stricter use of specific LogQL label selectors in templates and docs - Improved query planning and performance optimization guidance for LogQL - Auto-rewrite broad selectors to prevent timeouts **Added:** - `create_detection_rule` async method to `GrafanaTools` for creating alert rules based on investigation findings, with validation for label selectors, severity, and folder management - `_ensure_alert_folder` internal helper to automatically provision the required Grafana folder for new alert rules - `_is_mitre_technique_description` to skip validation for MITRE technique IDs (they're classifications, not raw log data) - Auto-rewriting of broad LogQL selectors (`{deployment=~".+"}`, etc.) to `{job="eventlog"}` to prevent query timeouts - New documentation in agent system instructions for alert rule creation, including guidance on when and how to use `create_detection_rule`, with examples **Changed:** - Enhanced instructions in `system_instructions.md.jinja` to require label discovery (using `list_loki_label_names` and `list_loki_label_values`) before running queries, and to use only specific labels like `{job="eventlog"}` to avoid timeouts - Expanded the LogQL query optimization section with stricter requirements and practical examples for contains (`|=`) vs regex (`|~`) usage, combining queries, and avoiding anti-patterns - Updated default label selector in `QueryTemplateTools` to `{job="eventlog"}` instead of broad patterns, and clarified override instructions - Strengthened query planning workflow, instructing agents to plan and combine queries before execution **Removed:** - Deprecated or redundant broad LogQL label selectors from default values and examples in query templates and agent instructions - Outdated anti-patterns in agent workflow that allowed repeated broad queries without evidence recording or label discovery

…ation **Changed:** - Reformatted all task command tables for consistent column widths and alignment in the "Available Tasks", "Blue Team Multi-Agent Tasks (K8s)", and "Red Team Tasks (Multi-Agent)" sections of the README for improved readability - Updated SDK reference in Acknowledgments from "Dreadnode Agent SDK" to "Dreadnode SDK" to reflect the correct project name and link - Closes #141

…5.6 (#148) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [astral-sh/ruff-pre-commit](https://redirect.github.com/astral-sh/ruff-pre-commit) | repository | patch | `v0.15.5` → `v0.15.6` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://redirect.github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>astral-sh/ruff-pre-commit (astral-sh/ruff-pre-commit)</summary> ### [`v0.15.6`](https://redirect.github.com/astral-sh/ruff-pre-commit/releases/tag/v0.15.6) [Compare Source](https://redirect.github.com/astral-sh/ruff-pre-commit/compare/v0.15.5...v0.15.6) See: <https://github.com/astral-sh/ruff/releases/tag/0.15.6> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com> Co-authored-by: Jayson Grace <jayson.e.grace@gmail.com>

…147) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/create-github-app-token](https://redirect.github.com/actions/create-github-app-token) | action | patch | `v2.2.1` → `v2.2.2` | --- ### Release Notes <details> <summary>actions/create-github-app-token (actions/create-github-app-token)</summary> ### [`v2.2.2`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v2.2.2) [Compare Source](https://redirect.github.com/actions/create-github-app-token/compare/v2.2.1...v2.2.2) ##### Bug Fixes - **deps:** bump [@actions/core](https://redirect.github.com/actions/core) from 1.11.1 to 3.0.0 ([#337](https://redirect.github.com/actions/create-github-app-token/issues/337)) ([b044133](https://redirect.github.com/actions/create-github-app-token/commit/b04413352d4644ac2131b9a90c074f5e93ca18a1)) - **deps:** bump minimatch from 9.0.5 to 9.0.9 ([#335](https://redirect.github.com/actions/create-github-app-token/issues/335)) ([5cbc656](https://redirect.github.com/actions/create-github-app-token/commit/5cbc65624c9ddc4589492bda7c8b146223e8c3e4)) - **deps:** bump the production-dependencies group with 4 updates ([#336](https://redirect.github.com/actions/create-github-app-token/issues/336)) ([6bda5bc](https://redirect.github.com/actions/create-github-app-token/commit/6bda5bc1410576b9a0879ce6076d53345485bba9)) - **deps:** bump undici from 7.16.0 to 7.18.2 ([#323](https://redirect.github.com/actions/create-github-app-token/issues/323)) ([b4f638f](https://redirect.github.com/actions/create-github-app-token/commit/b4f638f48ee0dcdbb0bc646c48e4cb2a2de847fe)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com> Co-authored-by: Jayson Grace <jayson.e.grace@gmail.com>

…nts (#152) **Key Changes:** - Added comprehensive tests for token usage extraction in blue and red worker agents - Verified correct inclusion of usage metrics in result payloads for various scenarios - Ensured graceful handling of edge cases such as missing or malformed usage data - Improved test coverage for new metrics/tracing features **Added:** - BlueRedisWorkerAgent usage extraction tests: - Added `TestBlueRedisWorkerAgentUsageExtraction` test class to `tests/core/blue_worker/test_redis_worker.py` with tests for: - Including usage metrics in normal and partial results - Handling of missing or large usage values - Correct extraction and result payload formatting - RedisWorkerAgent usage extraction tests: - Added `TestRedisWorkerAgentUsageExtraction` test class to `tests/core/worker/test_worker.py` covering: - Extraction of usage metrics from agent results with various token values - Handling of absent or exception-throwing usage attributes - Verification of default and edge cases for token counting **Changed:** - Expanded test files to cover new code paths introduced by metrics/tracing changes - Improved mocking and assertions to validate presence, absence, and correctness of `usage` fields in agent results - Enhanced docstrings and comments in new tests for clarity and maintainability

**Added:** - Added upper bound `<2.0.0` to `dreadnode` dependency in `uv.lock` to prevent accidental major version upgrades that could introduce breaking changes **Changed:** - Reordered and grouped module-level constants and helper function in `ares.core.models` for improved clarity and organization; no functional change - Moved shared constants and patterns in `ares.tools.red.common` to the top of the file for better visibility and logical grouping **Removed:** - Removed redundant duplicate definitions of shared constants and patterns in `ares.tools.red.common` to eliminate dead code and reduce confusion

…dules (#159) **Key Changes:** - Added thorough unit and integration tests for core modules and CLI logic - Introduced tests for blue dispatcher publishing and status mixins - Added tests for Kubernetes executor and shared investigation wrappers - Improved coverage for message primitives, logging utils, and LiteLLM environment config **Added:** - Unit tests for core blue dispatcher publishing (`tests/core/blue_dispatcher/test_publishing.py`) covering evidence, timeline, technique, and lateral connection publishing behaviors - Unit tests for blue dispatcher status mixin (`tests/core/blue_dispatcher/test_status.py`) verifying investigation summary, task status, and evidence summary aggregation - Extensive tests for the Kubernetes executor (`tests/core/test_k8s_executor.py`) including pod management, retries, file transfer, and log retrieval scenarios - Additional tests for query resilience logic (`tests/core/test_query_resilience.py`) to validate chunked execution, retry/error handling, and stats aggregation - CLI and dataclass tests in `tests/cli/test_main.py` covering argument parsing, Redis-backed operation discovery, entrypoints, and main control flow including multi-agent dispatch and report generation - Tests for shared investigation wrappers (`tests/tools/blue/test_shared_wrappers.py`) validating evidence, timeline, correlation, and state transition helpers - Smoke test for top-level package importability (`tests/test_smoke_coverage.py`) - Message primitives tests (`tests/test_messages.py`) for ID generation, model serialization, and message factory logic - Logging utility tests (`tests/test_logging_utils.py`) for output truncation logic - LiteLLM environment configuration tests (`tests/test_litellm_env.py`) to verify environment variable defaults and preservation of user values **Changed:** - Parametrized and expanded test coverage in existing test files, especially for severity routing, alert merging, and command-line argument handling in the CLI tests - Improved test clarity and assertions to ensure accurate behavior for edge cases and error paths across core and tools modules **Removed:** - Legacy and redundant test code replaced by more thorough and explicit scenarios in the new and updated test modules

…lection (#153) **Key Changes:** - Introduced extraction and storage of agent tool selection reasoning for traceability - Added OpenTelemetry span creation for agent tool selection decisions - Enhanced TimelineEvent model with structured extra_data for decision events - Provided helper functions and comprehensive unit tests for reasoning extraction and confidence estimation **Added:** - Decision reasoning extraction helpers `_extract_reasoning_text` and `_estimate_confidence` to parse LLM responses and estimate confidence heuristically - Async hook in `create_role_hooks` to capture agent reasoning and tool selection, storing results in both the operation timeline and Redis for crash recovery - OpenTelemetry tracing via `trace_decision`, recording tool selection decisions and reasoning for post-hoc analysis - TimelineEvent model now includes an `extra_data_json` field for structured, JSON-encoded decision metadata - Multi-forest helpers in `SharedRedTeamState` to identify and track undominated forests for multi-domain operations - Unit tests for reasoning extraction, confidence estimation, and decision tracing in `test_red_agents.py` and `test_tracing.py` **Changed:** - Agent instruction templates now receive multi-forest context and undominated forests for more accurate role guidance - Role-specific instruction loading updated to handle additional context - TimelineEvent serialization in publishing and Redis persistence now uses the model's `to_dict()`, with consistent timestamp formatting and extra_data handling - Domain admin tracking updated to manage multi-forest mode, allowing for DA status across multiple trusted domains **Removed:** - Manual, per-field TimelineEvent dict serialization in publishing; replaced with single `to_dict()` call for consistency

…5.7 (#161) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [astral-sh/ruff-pre-commit](https://redirect.github.com/astral-sh/ruff-pre-commit) | repository | patch | `v0.15.6` → `v0.15.7` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://redirect.github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>astral-sh/ruff-pre-commit (astral-sh/ruff-pre-commit)</summary> ### [`v0.15.7`](https://redirect.github.com/astral-sh/ruff-pre-commit/releases/tag/v0.15.7) [Compare Source](https://redirect.github.com/astral-sh/ruff-pre-commit/compare/v0.15.6...v0.15.7) See: <https://github.com/astral-sh/ruff/releases/tag/0.15.7> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [renovatebot/github-action](https://redirect.github.com/renovatebot/github-action) | action | patch | `v46.1.5` → `v46.1.6` | --- ### Release Notes <details> <summary>renovatebot/github-action (renovatebot/github-action)</summary> ### [`v46.1.6`](https://redirect.github.com/renovatebot/github-action/releases/tag/v46.1.6) [Compare Source](https://redirect.github.com/renovatebot/github-action/compare/v46.1.5...v46.1.6) ##### Documentation - update references to renovatebot/github-action to v46.1.5 ([f73dab3](https://redirect.github.com/renovatebot/github-action/commit/f73dab362b50de913592fbc629e60358fb20189a)) ##### Miscellaneous Chores - **deps:** update actions/cache action to v5.0.4 ([5d78527](https://redirect.github.com/renovatebot/github-action/commit/5d785279ab3b77c0332cc94f632be0ab6304a25b)) - **deps:** update commitlint monorepo to v20.4.4 ([797b143](https://redirect.github.com/renovatebot/github-action/commit/797b1434a8740960b925aa73e0594ef2ad81bf0a)) - **deps:** update commitlint monorepo to v20.5.0 ([1f1c4d0](https://redirect.github.com/renovatebot/github-action/commit/1f1c4d0325b8fa8417e67faba7545c988789725e)) - **deps:** update dependency esbuild to v0.27.4 ([f5e1677](https://redirect.github.com/renovatebot/github-action/commit/f5e1677a888c5ac11e512e28059979cf5b1769df)) - **deps:** update dependency lint-staged to v16.3.3 ([a40b316](https://redirect.github.com/renovatebot/github-action/commit/a40b31673d1d53672f7cf3e5dcd053ab15361d00)) - **deps:** update dependency lint-staged to v16.3.4 ([db5bf53](https://redirect.github.com/renovatebot/github-action/commit/db5bf53077b38b60039f82ed2424f77e1b85fff7)) - **deps:** update dependency lint-staged to v16.4.0 ([24e6832](https://redirect.github.com/renovatebot/github-action/commit/24e6832a0e1a72db47a60c51231b5816da564745)) - **deps:** update dependency typescript-eslint to v8.57.0 ([5c3cd2d](https://redirect.github.com/renovatebot/github-action/commit/5c3cd2d069fe625dd1d6430adc1fdb22fd1fa37d)) - **deps:** update pnpm to v10.32.0 ([f8ce6e7](https://redirect.github.com/renovatebot/github-action/commit/f8ce6e7946c9300a8f19df4aa8ece07d3c4327de)) - **deps:** update pnpm to v10.32.1 ([75912db](https://redirect.github.com/renovatebot/github-action/commit/75912db4646e8d56249b8ab9f0c28c518cf6fb4d)) ##### Build System - **deps:** lock file maintenance ([f21c5d7](https://redirect.github.com/renovatebot/github-action/commit/f21c5d739ee5f458e5f4415042ab5e962fda3ac1)) ##### Continuous Integration - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.76.3 ([c2bf9c6](https://redirect.github.com/renovatebot/github-action/commit/c2bf9c6a4ab438b904cfb7d066501d5da61f2f88)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.76.4 ([85642ee](https://redirect.github.com/renovatebot/github-action/commit/85642eefff81c01d8bb260dd60b885654c8591ba)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.76.5 ([5455749](https://redirect.github.com/renovatebot/github-action/commit/5455749f783c665462187f25d268f9595f777c94)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.77.0 ([85690d1](https://redirect.github.com/renovatebot/github-action/commit/85690d1bd26d70719be880186f7955e5e6011ae6)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.77.2 ([ac501fb](https://redirect.github.com/renovatebot/github-action/commit/ac501fb1e4e6b5bd571c41a34b353e332e69fcc8)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.77.3 ([0ef243b](https://redirect.github.com/renovatebot/github-action/commit/0ef243bf6fc5099de9c92f0b62393cd513032ffb)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.77.7 ([c8dff7c](https://redirect.github.com/renovatebot/github-action/commit/c8dff7c136c705caaad71e00d4f5590680d282cb)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.77.8 ([79f4351](https://redirect.github.com/renovatebot/github-action/commit/79f43511d36fad5d0ceaa7168ef9fb68d341f090)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.78.0 ([8235b3d](https://redirect.github.com/renovatebot/github-action/commit/8235b3d65ea121d767efd73b2a0c9cf36861996f)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.80.0 ([d443207](https://redirect.github.com/renovatebot/github-action/commit/d4432070f48d9311c9b7eeabd3a263780e83e597)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.82.0 ([a397fd4](https://redirect.github.com/renovatebot/github-action/commit/a397fd48db962f4b1d03ef095c4610a052253e2f)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.83.0 ([c026742](https://redirect.github.com/renovatebot/github-action/commit/c026742984bd484f00804c91c57bb0a31e3b0c76)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.83.1 ([2efa726](https://redirect.github.com/renovatebot/github-action/commit/2efa7267f125b2c5f1ec9a5a05f1a75a21d71403)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.84.0 ([c7f12c5](https://redirect.github.com/renovatebot/github-action/commit/c7f12c5f94ce13bf1fcdc7b8bd189db51dbdbea6)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.84.1 ([d9cd99e](https://redirect.github.com/renovatebot/github-action/commit/d9cd99e12b5a66ddbe3ff9c92b74438b10a4fc52)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.84.2 ([72d5379](https://redirect.github.com/renovatebot/github-action/commit/72d5379cc600b3fc69dde90d8456b4c171a55e82)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.85.0 ([12252d0](https://redirect.github.com/renovatebot/github-action/commit/12252d0ffb7a0904d44a01bada897b3f0c26cb07)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.86.0 ([6bf1d8f](https://redirect.github.com/renovatebot/github-action/commit/6bf1d8f3aa24a079d3bb0b20246a977ad4c661f4)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

…5.8 (#165) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [astral-sh/ruff-pre-commit](https://redirect.github.com/astral-sh/ruff-pre-commit) | repository | patch | `v0.15.7` → `v0.15.8` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://redirect.github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>astral-sh/ruff-pre-commit (astral-sh/ruff-pre-commit)</summary> ### [`v0.15.8`](https://redirect.github.com/astral-sh/ruff-pre-commit/releases/tag/v0.15.8) [Compare Source](https://redirect.github.com/astral-sh/ruff-pre-commit/compare/v0.15.7...v0.15.8) See: <https://github.com/astral-sh/ruff/releases/tag/0.15.8> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [rhysd/actionlint](https://redirect.github.com/rhysd/actionlint) | repository | patch | `v1.7.11` → `v1.7.12` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://redirect.github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>rhysd/actionlint (rhysd/actionlint)</summary> ### [`v1.7.12`](https://redirect.github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v1712---2026-03-30) [Compare Source](https://redirect.github.com/rhysd/actionlint/compare/v1.7.11...v1.7.12) - Support the [`timezone` configuration in `on.schedule`](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#onschedule) with checks for IANA timezone string. See the [documentation](https://redirect.github.com/rhysd/actionlint/blob/main/docs/checks.md#check-cron-syntax-and-timezone) for more details. Note that actionlint starts to embed the timezone database in the executables from this version so the binary sizes slightly increase. ([#641](https://redirect.github.com/rhysd/actionlint/issues/641), thanks [@martincostello](https://redirect.github.com/martincostello)) ```yaml on: schedule: # ERROR: The timezone is not a valid IANA timezone string - cron: '*/5 * * * *' timezone: 'Asia/Somewhere' ``` - Support the [`jobs.<job_name>.environment.deployment` configuration](https://docs.github.com/en/actions/how-tos/deploy/configure-and-manage-deployments/control-deployments#using-environments-without-deployments). ([#639](https://redirect.github.com/rhysd/actionlint/issues/639), thanks [@springmeyer](https://redirect.github.com/springmeyer)) - Support the [`macos-26-intel` runner label](https://github.blog/changelog/2026-02-26-macos-26-is-now-generally-available-for-github-hosted-runners/). ([#629](https://redirect.github.com/rhysd/actionlint/issues/629), thanks [@hugovk](https://redirect.github.com/hugovk)) - Fix the [table of webhook activity types](https://redirect.github.com/rhysd/actionlint/blob/main/all_webhooks.go) are outdated by rebuilding the [script to scrape the table](https://redirect.github.com/rhysd/actionlint/tree/main/scripts/generate-webhook-events) from scratch. - Support Go 1.26 and drop the support for Go 1.24. Now supported versions are 1.25 and 1.26. - Tests are run on arm64 Windows in CI. - Update the popular actions data set to the latest. \[Changes]\[v1.7.12] <a id="v1.7.11"></a> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [renovatebot/github-action](https://redirect.github.com/renovatebot/github-action) | action | patch | `v46.1.6` → `v46.1.7` | --- ### Release Notes <details> <summary>renovatebot/github-action (renovatebot/github-action)</summary> ### [`v46.1.7`](https://redirect.github.com/renovatebot/github-action/releases/tag/v46.1.7) [Compare Source](https://redirect.github.com/renovatebot/github-action/compare/v46.1.6...v46.1.7) ##### Documentation - update references to renovatebot/github-action to v46.1.6 ([3afa29f](https://redirect.github.com/renovatebot/github-action/commit/3afa29f3bacded0f3a8194151e51c09e06c74a06)) ##### Miscellaneous Chores - **deps:** update dependency typescript-eslint to v8.57.1 ([3a47fac](https://redirect.github.com/renovatebot/github-action/commit/3a47faccdec3530f8dbbfe76ce2f34538a3cfbfe)) - **deps:** update node.js to v24.14.1 ([28bb013](https://redirect.github.com/renovatebot/github-action/commit/28bb013b092ff7122af047f9b120c360620e8d29)) ##### Build System - **deps:** lock file maintenance ([be2fc08](https://redirect.github.com/renovatebot/github-action/commit/be2fc0808e1a260d5bc8007799cfb101e39bad4c)) ##### Continuous Integration - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.86.1 ([8795f0b](https://redirect.github.com/renovatebot/github-action/commit/8795f0bb9f436068f48f1fa0063c00fe8c0fd8f4)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.86.2 ([9853f69](https://redirect.github.com/renovatebot/github-action/commit/9853f690fa09cdc8e71f7dc2d6d070c604d6d345)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.87.0 ([f43553b](https://redirect.github.com/renovatebot/github-action/commit/f43553b66b5a31917185e319d54b543e5ffe6a56)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.87.1 ([266e52c](https://redirect.github.com/renovatebot/github-action/commit/266e52c849d9142e6ea54b705139cdf7b62d713c)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.89.0 ([15d8db4](https://redirect.github.com/renovatebot/github-action/commit/15d8db463f3dd951f349ad5e45e0b43a380ef2ef)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.89.1 ([b711f08](https://redirect.github.com/renovatebot/github-action/commit/b711f088eca6b9ed15159f21c6ea4d577411be83)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.89.2 ([06c1ac0](https://redirect.github.com/renovatebot/github-action/commit/06c1ac0e886948214e40190f68507fac183b5a91)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.89.3 ([4509fbc](https://redirect.github.com/renovatebot/github-action/commit/4509fbc16b3781a900a999554df2ba5a5e523780)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.89.4 ([8dd874b](https://redirect.github.com/renovatebot/github-action/commit/8dd874b6532383a8c7298eafe9ff01357e18fc2e)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.89.5 ([908aecf](https://redirect.github.com/renovatebot/github-action/commit/908aecfd19e0925aae759c3e16b801663c21aed1)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.89.6 ([1a40ecc](https://redirect.github.com/renovatebot/github-action/commit/1a40ecc29a17caa1adb718a6b295517a9bc54113)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.89.8 ([82662d1](https://redirect.github.com/renovatebot/github-action/commit/82662d1770556f248643f0fe296a4d0b1326a144)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.91.1 ([40328d7](https://redirect.github.com/renovatebot/github-action/commit/40328d7e613335eb23db339081b7d6127753fa22)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.91.4 ([977b086](https://redirect.github.com/renovatebot/github-action/commit/977b086a6ccfc1bdbcef357eaf9c7e9c64c7234d)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.91.5 ([398a399](https://redirect.github.com/renovatebot/github-action/commit/398a3994fb642171a0af715dda9fa6e537af318b)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.91.6 ([a416aeb](https://redirect.github.com/renovatebot/github-action/commit/a416aebb8071878818e0befb5c5da3397853e176)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.92.1 ([8c59289](https://redirect.github.com/renovatebot/github-action/commit/8c59289af20bffcdc0c36f2c79f03a331c317e32)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.95.0 ([5312d97](https://redirect.github.com/renovatebot/github-action/commit/5312d97f8aeda49f74d4ff943807c8c509b856c0)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.96.0 ([6016202](https://redirect.github.com/renovatebot/github-action/commit/601620233fecdefc057851a1d91a7bb0056d7d3c)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.98.0 ([d4812c2](https://redirect.github.com/renovatebot/github-action/commit/d4812c218043a1edcd62eebafd3d74d93325e315)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.99.0 ([47f20b6](https://redirect.github.com/renovatebot/github-action/commit/47f20b6cd111a5cf9f5dd1575329614b69105ac6)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.99.1 ([dadfa2f](https://redirect.github.com/renovatebot/github-action/commit/dadfa2fcc3c1cbadeac6869d9aeba7f815a47f31)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

#173) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [pre-commit/mirrors-mypy](https://redirect.github.com/pre-commit/mirrors-mypy) | repository | minor | `v1.19.1` → `v1.20.0` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://redirect.github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>pre-commit/mirrors-mypy (pre-commit/mirrors-mypy)</summary> ### [`v1.20.0`](https://redirect.github.com/pre-commit/mirrors-mypy/compare/v1.19.1...v1.20.0) [Compare Source](https://redirect.github.com/pre-commit/mirrors-mypy/compare/v1.19.1...v1.20.0) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

…5.9 (#172) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [astral-sh/ruff-pre-commit](https://redirect.github.com/astral-sh/ruff-pre-commit) | repository | patch | `v0.15.8` → `v0.15.9` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://redirect.github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>astral-sh/ruff-pre-commit (astral-sh/ruff-pre-commit)</summary> ### [`v0.15.9`](https://redirect.github.com/astral-sh/ruff-pre-commit/releases/tag/v0.15.9) [Compare Source](https://redirect.github.com/astral-sh/ruff-pre-commit/compare/v0.15.8...v0.15.9) See: <https://github.com/astral-sh/ruff/releases/tag/0.15.9> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [renovatebot/github-action](https://redirect.github.com/renovatebot/github-action) | action | patch | `v46.1.7` → `v46.1.8` | --- ### Release Notes <details> <summary>renovatebot/github-action (renovatebot/github-action)</summary> ### [`v46.1.8`](https://redirect.github.com/renovatebot/github-action/releases/tag/v46.1.8) [Compare Source](https://redirect.github.com/renovatebot/github-action/compare/v46.1.7...v46.1.8) ##### Documentation - update references to renovatebot/github-action to v46.1.7 ([784cabc](https://redirect.github.com/renovatebot/github-action/commit/784cabc08e71c4644c95607166d9df479af679c1)) ##### Miscellaneous Chores - configure pnpm ([42adbac](https://redirect.github.com/renovatebot/github-action/commit/42adbacebc5dc4bc52dc1ad297be82261663cf3a)) - **deps:** update dependency conventional-changelog-conventionalcommits to v9.3.1 ([0dd322f](https://redirect.github.com/renovatebot/github-action/commit/0dd322f719ce87efc20d031a746000777a630832)) - **deps:** update dependency typescript-eslint to v8.57.2 ([91d6038](https://redirect.github.com/renovatebot/github-action/commit/91d6038948a3a0725f646c81828fd571140b3f11)) - **deps:** update pnpm to v10.33.0 ([10556c1](https://redirect.github.com/renovatebot/github-action/commit/10556c14cfb2dc7934f175599eae87cdd1b5b16c)) - **deps:** update pnpm/action-setup action to v5 ([#1022](https://redirect.github.com/renovatebot/github-action/issues/1022)) ([97c4175](https://redirect.github.com/renovatebot/github-action/commit/97c4175c4ed077aadd1779306d0e130a87e5055f)) - update lodash to v4.18.1 ([8a6b3d7](https://redirect.github.com/renovatebot/github-action/commit/8a6b3d79d0def4affa1e38541f3b8a882066fb0d)) - update lodash-es to v4.18.1 ([b99db03](https://redirect.github.com/renovatebot/github-action/commit/b99db037c99445b0da44f5967d9fdfacd5b666bd)) ##### Build System - **deps:** lock file maintenance ([768a348](https://redirect.github.com/renovatebot/github-action/commit/768a348db8272c8871d6bbb7fc2c7b0339ad380b)) ##### Continuous Integration - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.100.0 ([9cf5ad2](https://redirect.github.com/renovatebot/github-action/commit/9cf5ad26d66142061dfd458def096300481aef5f)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.101.1 ([b404d85](https://redirect.github.com/renovatebot/github-action/commit/b404d853ec8442df7c8dc619ca3be83c62b3f055)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.101.2 ([7045453](https://redirect.github.com/renovatebot/github-action/commit/7045453f7f0c94551b1e4b5ae195d86c3b42cc16)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.101.4 ([b48791f](https://redirect.github.com/renovatebot/github-action/commit/b48791f189886a363c957b92fca90cddf3a7399a)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.101.7 ([e606f42](https://redirect.github.com/renovatebot/github-action/commit/e606f429ea1c44341037462d71265236988c38cf)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.102.0 ([4ec3adc](https://redirect.github.com/renovatebot/github-action/commit/4ec3adc1fe417cb91cc46dcbbfd68741f99556bf)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.102.10 ([a064167](https://redirect.github.com/renovatebot/github-action/commit/a064167f89f1cdef7160ba29d8e2d7221bb5484a)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.102.11 ([5bae778](https://redirect.github.com/renovatebot/github-action/commit/5bae7781fbde0f432e9db9d28be120e7117db6d6)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.102.2 ([9d053ec](https://redirect.github.com/renovatebot/github-action/commit/9d053ec3a19109b06c0e0428aca8d3261d5babcc)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.102.3 ([641d4cb](https://redirect.github.com/renovatebot/github-action/commit/641d4cb043cc30a53b31f0b1835ef98fd715f0d8)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.102.6 ([e59ffc6](https://redirect.github.com/renovatebot/github-action/commit/e59ffc6a1fb44dbffc090f8480f76105624d5ff7)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.102.8 ([234aba7](https://redirect.github.com/renovatebot/github-action/commit/234aba7af67c0ba7727c214a66d6105051d8480d)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.103.0 ([36d2aba](https://redirect.github.com/renovatebot/github-action/commit/36d2abac4eb00848538e78e35613de2d09e0480a)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.104.0 ([4cea95b](https://redirect.github.com/renovatebot/github-action/commit/4cea95ba050ba5385ea7cc02596e422292dd5254)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.104.1 ([5274e54](https://redirect.github.com/renovatebot/github-action/commit/5274e542658d0cd09a34fd127ecb7f0950d9d224)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.104.2 ([2ef116f](https://redirect.github.com/renovatebot/github-action/commit/2ef116f6f2aad70822f53cbc8dd3f74ee7b26982)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.104.3 ([db16b25](https://redirect.github.com/renovatebot/github-action/commit/db16b25e58b044a36fa8a74191aaf8674667e478)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.104.4 ([a45eeac](https://redirect.github.com/renovatebot/github-action/commit/a45eeace37522319a6e7c9b47f5878f8fe8d6489)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

… handling (#178) **Key Changes:** - Removed all Redis Sentinel-specific logic and configuration from codebase - Refactored Redis client helpers to support only direct Redis connections - Updated connection/reconnection logic to eliminate Sentinel DNS/IP refresh - Simplified tests and documentation to reflect direct Redis usage only **Added:** - Manual test guide for multi-forest end-to-end operations (unrelated to Sentinel removal, but included in this change for completeness) - `docs/testing/MANUAL-ESSOS.md` documents manual steps for multi-domain attack chains - New manual test guide for multi-forest/Essos compromise workflow, including all operational steps, troubleshooting, and known issues **Changed:** - Redis client creation helpers (`create_redis_client`, `create_verified_redis_client`) now use only direct Redis URL connections with optional single-connection mode - All references to "Sentinel" failover, stale connections, or master discovery replaced with generic Redis connection handling and pod restart recovery - Logging, comments, and error messages updated to no longer mention Sentinel - Task queue, orchestrator, and dispatcher logic refactored to remove Sentinel-specific reconnection and state reset paths - Documentation (`codemap.md`, inline code docs) updated to reflect removal of Sentinel features and clarify direct Redis usage - All Redis-related health check, retry, and reconnection logic now targets direct connections, not Sentinel pools or master/replica roles - Tests updated to remove patching and assertions related to `invalidate_sentinel_client` and Sentinel failover scenarios - Env var documentation and code references updated to reflect direct Redis use **Removed:** - All Redis Sentinel support, including: - Sentinel connection pooling, master/replica discovery, and DNS resolution - `invalidate_sentinel_client` function and calls throughout codebase - Sentinel-related configuration and environment variable handling - Replica client and master role verification logic - Documentation and comments referencing Sentinel failover or pod restarts - Sentinel-specific error handling and reconnection logic in orchestration, task queues, dispatcher monitoring, and recovery modules - Sentinel handling and patching from all tests and test fixtures - Redis Sentinel configuration, DNS resolution, and all related branching logic - All code and tests for verifying master/replica roles and Sentinel failover - Sentinel-specific error keywords and handling logic across modules and tests

…182) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/create-github-app-token](https://redirect.github.com/actions/create-github-app-token) | action | minor | `v3.0.0` → `v3.1.1` | --- ### Release Notes <details> <summary>actions/create-github-app-token (actions/create-github-app-token)</summary> ### [`v3.1.1`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v3.1.1) [Compare Source](https://redirect.github.com/actions/create-github-app-token/compare/v3.1.0...v3.1.1) ##### Bug Fixes - improve error message when app identifier is empty ([#362](https://redirect.github.com/actions/create-github-app-token/issues/362)) ([07e2b76](https://redirect.github.com/actions/create-github-app-token/commit/07e2b760664f080c40eec4eacf7477256582db36)), closes [#249](https://redirect.github.com/actions/create-github-app-token/issues/249) ### [`v3.1.0`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v3.1.0) [Compare Source](https://redirect.github.com/actions/create-github-app-token/compare/v3.0.0...v3.1.0) ##### Bug Fixes - **deps:** bump p-retry from 7.1.1 to 8.0.0 ([#357](https://redirect.github.com/actions/create-github-app-token/issues/357)) ([3bbe07d](https://redirect.github.com/actions/create-github-app-token/commit/3bbe07d928e2d6c30bf3e37c6b89edbc4045facf)) ##### Features - add `client-id` input and deprecate `app-id` ([#353](https://redirect.github.com/actions/create-github-app-token/issues/353)) ([e6bd4e6](https://redirect.github.com/actions/create-github-app-token/commit/e6bd4e6970172bed9fe138b2eaf4cbffa4cca8f9)) - update permission inputs ([#358](https://redirect.github.com/actions/create-github-app-token/issues/358)) ([076e948](https://redirect.github.com/actions/create-github-app-token/commit/076e9480ca6e9633bff412d05eff0fc2f1e7d2be)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | patch | `v7.0.0` → `v7.0.1` | --- ### Release Notes <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v7.0.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v7.0.1) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v7.0.0...v7.0.1) #### What's Changed - Update the readme with direct upload details by [@danwkennedy](https://redirect.github.com/danwkennedy) in [#795](https://redirect.github.com/actions/upload-artifact/pull/795) - Readme: bump all the example versions to v7 by [@danwkennedy](https://redirect.github.com/danwkennedy) in [#796](https://redirect.github.com/actions/upload-artifact/pull/796) - Include changes in typespec/ts-http-runtime 0.3.5 by [@yacaovsnc](https://redirect.github.com/yacaovsnc) in [#797](https://redirect.github.com/actions/upload-artifact/pull/797) **Full Changelog**: <actions/upload-artifact@v7...v7.0.1> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

…5.10 (#181) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [astral-sh/ruff-pre-commit](https://redirect.github.com/astral-sh/ruff-pre-commit) | repository | patch | `v0.15.9` → `v0.15.10` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://redirect.github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>astral-sh/ruff-pre-commit (astral-sh/ruff-pre-commit)</summary> ### [`v0.15.10`](https://redirect.github.com/astral-sh/ruff-pre-commit/releases/tag/v0.15.10) [Compare Source](https://redirect.github.com/astral-sh/ruff-pre-commit/compare/v0.15.9...v0.15.10) See: <https://github.com/astral-sh/ruff/releases/tag/0.15.10> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

…l breakdown (#179) **Key Changes:** - Introduced operation-wide token usage and cost aggregation for all agent runs - Enabled per-model token usage accounting, supporting multiple models per operation - Added CLI and log reporting of total tokens, per-model breakdown, and cost estimates - Implemented comprehensive tests for token usage tracking and reporting **Added:** - Database migration to add `total_input_tokens`, `total_output_tokens`, `total_cost`, and `model_usage` columns to the operations table for persistent tracking - `estimate_usage_cost` and `get_usage_models` helpers in new `token_usage.py` for rendering and pricing token usage - Operation-level Redis token usage counters with per-model breakdown in `RedisTaskQueue`, including atomic increment and retrieval methods - Periodic background task to log aggregate token usage and estimated cost during multi-agent operations - CLI output for runtime command to display total tokens, per-model usage, and estimated/blended cost on operation completion - Unit and integration tests for token usage accounting and reporting in orchestrator, worker, and CLI **Changed:** - Updated orchestrator and worker to record token usage and cost for each agent run, aggregating results into Redis operation-level counters - Enhanced runtime CLI to fetch and display operation token usage and cost breakdown from Redis, including handling of multiple models and missing price data - Refactored token usage reporting to be model-aware and robust against legacy/partial usage data

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [renovatebot/github-action](https://redirect.github.com/renovatebot/github-action) | action | patch | `v46.1.8` → `v46.1.9` | --- ### Release Notes <details> <summary>renovatebot/github-action (renovatebot/github-action)</summary> ### [`v46.1.9`](https://redirect.github.com/renovatebot/github-action/releases/tag/v46.1.9) [Compare Source](https://redirect.github.com/renovatebot/github-action/compare/v46.1.8...v46.1.9) ##### Documentation - update references to renovatebot/github-action to v46.1.8 ([65fadb1](https://redirect.github.com/renovatebot/github-action/commit/65fadb148a0cb437ed338150090bcc6918283314)) ##### Miscellaneous Chores - **deps:** update dependency [@types/node](https://redirect.github.com/types/node) to v24.12.1 ([574fb8e](https://redirect.github.com/renovatebot/github-action/commit/574fb8eb0fe7ade9347753a2d6df62873727e1e8)) - **deps:** update dependency [@types/node](https://redirect.github.com/types/node) to v24.12.2 ([8eec7f0](https://redirect.github.com/renovatebot/github-action/commit/8eec7f01f329bc8953da1ce36d1c3cda2b1ade9b)) - **deps:** update dependency esbuild to v0.27.5 ([fb75c7e](https://redirect.github.com/renovatebot/github-action/commit/fb75c7e565ec08a0a9017ea6684a5d0630b629d5)) - **deps:** update dependency esbuild to v0.27.7 ([709e29c](https://redirect.github.com/renovatebot/github-action/commit/709e29c55b6390e4262ba7d4d8b6f62e7c880152)) - **deps:** update dependency esbuild to v0.28.0 ([143a7fb](https://redirect.github.com/renovatebot/github-action/commit/143a7fb7db0606e8d68bebdd6ac4008334324723)) - **deps:** update dependency typescript-eslint to v8.58.0 ([20ecf26](https://redirect.github.com/renovatebot/github-action/commit/20ecf269993fe34f21814bba3bb99484ffa26df1)) ##### Build System - **deps:** lock file maintenance ([646e9b0](https://redirect.github.com/renovatebot/github-action/commit/646e9b0ef5960bc4a1a3784632530cabf5a20820)) ##### Continuous Integration - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.104.6 ([e6e6157](https://redirect.github.com/renovatebot/github-action/commit/e6e6157846f5cb6e0f038935d504d7ad10831061)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.104.7 ([38c3a5d](https://redirect.github.com/renovatebot/github-action/commit/38c3a5dd5dca35cf7ef74fcb72f186a9df30699a)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.104.8 ([34a118b](https://redirect.github.com/renovatebot/github-action/commit/34a118b05750b2c5baee87e942313d579bf895b5)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.108.1 ([d946ea8](https://redirect.github.com/renovatebot/github-action/commit/d946ea817d1175eff63d8d64e4ff0826822356f3)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.109.0 ([16020af](https://redirect.github.com/renovatebot/github-action/commit/16020af9fcbb8259ebf2cba1a8bec8c4f2cc129f)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.109.1 ([22a6725](https://redirect.github.com/renovatebot/github-action/commit/22a6725add733583afe0044f8b5a9cc4859aaead)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.109.3 ([f9ce60c](https://redirect.github.com/renovatebot/github-action/commit/f9ce60c6dfa1eafad8149863f39bbdce2340a1ea)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.110.10 ([8e63580](https://redirect.github.com/renovatebot/github-action/commit/8e6358061d367838da878a6e42ce8b6d2b01bf09)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.110.12 ([4700a42](https://redirect.github.com/renovatebot/github-action/commit/4700a42f8132eb9307f291e1153d3c5729d373b2)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.110.13 ([2155516](https://redirect.github.com/renovatebot/github-action/commit/21555169861b801e638b6cbe9172689a12a3d9de)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.110.14 ([747253b](https://redirect.github.com/renovatebot/github-action/commit/747253b8ae605cd3b86aaf5954c834936d0405fe)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.110.16 ([84e3bcc](https://redirect.github.com/renovatebot/github-action/commit/84e3bcc357c4cf02f654ec826765cce4ecf46ab0)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.110.17 ([b649498](https://redirect.github.com/renovatebot/github-action/commit/b649498283ba48017f739021e5adb56b56699246)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.110.2 ([c149fdf](https://redirect.github.com/renovatebot/github-action/commit/c149fdf55c303e4be9ef3fd8c295b1a2474156a3)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.110.4 ([9deca28](https://redirect.github.com/renovatebot/github-action/commit/9deca28377446413f5e1289e923fee31453f7662)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.110.7 ([eb7409a](https://redirect.github.com/renovatebot/github-action/commit/eb7409a9ca79446d22bc7c440c207b78d3165cf1)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.110.8 ([2e39b3e](https://redirect.github.com/renovatebot/github-action/commit/2e39b3e1871afb67b246ecb0d3501a5792507e4c)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.110.9 ([b45c6e7](https://redirect.github.com/renovatebot/github-action/commit/b45c6e706b7cc4c5d8d98ad23c980b3d8e2e41f3)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.111.0 ([9feb404](https://redirect.github.com/renovatebot/github-action/commit/9feb404915492a6a1ef5537b50d51b61192ca142)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

#184) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [pre-commit/mirrors-mypy](https://redirect.github.com/pre-commit/mirrors-mypy) | repository | patch | `v1.20.0` → `v1.20.1` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://redirect.github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>pre-commit/mirrors-mypy (pre-commit/mirrors-mypy)</summary> ### [`v1.20.1`](https://redirect.github.com/pre-commit/mirrors-mypy/compare/v1.20.0...v1.20.1) [Compare Source](https://redirect.github.com/pre-commit/mirrors-mypy/compare/v1.20.0...v1.20.1) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>

## Summary Complete migration of the ares red/blue team system from Python to a native Rust multi-agent architecture. This introduces the Rust CLI, orchestrator, worker agents, and blue team investigation framework as the primary runtime, replacing the previous Python-based implementation. ## Changes ### Rust Core Architecture - Add initial Rust CLI, orchestrator, and worker with config and task management - Implement `ares-llm` crate with agent loop, prompt builder, and LLM provider support (OpenAI, Azure) - Add `ares-core` extraction utilities, detection playbook export, and output parsing - Implement tool executor mode for workers with Redis-based tool dispatch - Add persistent PostgreSQL store for historical operation data - Add OpenTelemetry instrumentation and agent tool registry for LLM agents - Support structured discoveries in tool execution and propagate through agent loop - Add comprehensive agent templates and Tera-based rendering for red team LLM agents ### Blue Team Investigation Framework - Add blue team investigation framework with orchestrator, worker, and tools - Add investigation state tools, report generation, evidence validation - Add blue team question engines and enhanced automation - Add Grafana write-back support and learning tools - Track and display blue team investigation token usage and cost - Enable live evaluation of blue investigations against red ground truth ### Red Team Automation - Add advanced automation for gMSA, S4U, trust, and stall detection - Synthesize and track privilege escalation paths as vulnerabilities - Add lockout quarantine, golden ticket username handling, and tool metadata - Enable multi-forest trust attacks, tool output parsing, and agent lockout defense - Add dynamic tool availability and MSSQL parsing improvements - Add hash cracking dispatch and operation summary to orchestrator ### Infrastructure & Deployment - Add full Ansible collection for ares agent provisioning and infrastructure - Add EC2 deployment and orchestration support via AWS SSM - Add native EC2 remote build option and cross build config improvements - Switch reqwest to rustls and update dependency tree - Add warpgate templates for ares worker and recon agent ### Testing - Add comprehensive unit tests for core parsing, utility modules, orchestration, and detection - Add benchmark, integration, and report parity tests for Rust migration - Add smoke tests and extend prompt generation coverage ### Documentation - Update documentation to focus on Rust multi-agent architecture - Add blue agent, warpgate template, and infrastructure overview docs - Add expert agent manifests and operator guides - Update test data and examples to use contoso/fabrikam context ### Refactoring & Cleanup - Remove Python bridge and migrate all task execution to native Rust tools - Remove legacy weaknesses system and query template tools - Modularize config, tool, state, ops, and automation logic - Migrate workspace to monorepo root and update tooling paths - Remove once_cell dependency in favor of std::sync::LazyLock ## Test Plan - [x] Unit tests for core parsing, config, models, orchestrator, and detection modules - [x] Integration tests for agent loop and tool execution - [x] Smoke tests for prompt generation (trust, MSSQL exploits) - [x] Benchmark and report parity tests for Rust migration - [ ] End-to-end operation against test lab environment - [ ] Blue team investigation workflow against staged alert data

| datasource | package | from | to | | ----------- | ----------------------- | ------ | ------ | | github-tags | actions/upload-artifact | v7.0.0 | v7.0.1 |

l50 and others added 30 commits December 15, 2025 10:15

Initial commit

3f47b70

chore: disable python dependency updates in renovate config

ed06e84

**Changed:** - Disabled automated updates for python dependencies managed by poetry and pip by setting `enabled: false` in Renovate configuration to prevent unintended updates

ci: update template sync workflow to use repository_dispatch trigger (#…

0a17b8c

…18) **Changed:** - Added repository_dispatch trigger for template-sync events - Removed schedule and push triggers - Removed target_gh_token parameter - Simplified concurrency group

fix: add target_gh_token to template sync action for PR creation

15bb433

The action requires target_gh_token to authenticate PR creation in the target repository. Without it, the gh CLI defaults to GITHUB_TOKEN which lacks PR creation permissions.

l50 and others added 25 commits March 17, 2026 10:25

chore(deps): update actions/upload-artifact action to v7.0.1

6234e26

| datasource | package | from | to | | ----------- | ----------------------- | ------ | ------ | | github-tags | actions/upload-artifact | v7.0.0 | v7.0.1 |

dreadnode-renovate-bot Bot added area/github Changes made to GitHub Actions workflows type/digest Dependency digest updates labels Apr 15, 2026

l50 closed this Apr 15, 2026

l50 force-pushed the main branch from 5b916f3 to 26b29af Compare April 15, 2026 19:21

dreadnode-renovate-bot Bot deleted the renovate/actions-upload-artifact-7.x branch April 15, 2026 19:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update actions/upload-artifact action to v7.0.1#187

chore(deps): update actions/upload-artifact action to v7.0.1#187
dreadnode-renovate-bot[bot] wants to merge 166 commits intomainfrom
renovate/actions-upload-artifact-7.x

dreadnode-renovate-bot Bot commented Apr 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dreadnode-renovate-bot Bot commented Apr 15, 2026

Release Notes

v7.0.1

What's Changed

Configuration

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

`v7.0.1`