feat: add Rust-native Ares agent templates and golden image support#201
Merged
feat: add Rust-native Ares agent templates and golden image support#201
Conversation
… template set **Added:** - Introduced Rust-native agent templates for Ares, including: - ares-rust-acl-agent: AD ACL exploitation agent with Rust binary and Ansible tooling - ares-rust-blue-agent: Blue team defensive agent (Rust, embedded Python) - ares-rust-blue-triage-agent: Blue triage agent (Rust, Grafana MCP) - ares-rust-blue-threat-hunter-agent: Blue threat hunter (Rust, Grafana MCP) - ares-rust-blue-lateral-analyst-agent: Blue lateral analyst (Rust, Grafana MCP) - ares-rust-coercion-agent: NTLM relay/coercion agent (Rust, Ansible) - ares-rust-cracker-agent: Password cracker agent (Rust, hashcat/john, Ansible) - ares-rust-cracker-agent-gpu: GPU-accelerated password cracker (Rust, CUDA/OpenCL) - ares-rust-credential-access-agent: Credential access agent (Rust, Kerberos, Ansible) - ares-rust-lateral-movement-agent: Lateral movement agent (Rust, Ansible) - ares-rust-orchestrator: Orchestrator binary with embedded Python for LLM ops - ares-rust-privesc-agent: Privilege escalation agent (Rust, Ansible) - ares-rust-recon-agent: Reconnaissance agent (Rust, AD/network tools, Ansible) - ares-rust-worker: Generic worker agent (Rust binary, embedded Python) - ares-rust-cli: Pure Rust CLI for Ares framework (no Python) - Added ares-golden-image AMI template for full red team toolset golden image - Added comprehensive README and documentation for each new template - Provided .gitignore, pre-commit config, and linter configs for template repo - Added shell hooks and formatting utilities for pre-commit and workflow checks **Changed:** - Modernized template directory structure: moved all existing agent templates to `templates/` and replaced Python-based agent templates with Rust-based equivalents - Updated main repository README with new template list, features, usage, and architectural overview reflecting Rust migration and new capabilities - Improved documentation for blue team, GPU, and CLI templates, clarifying runtime, build, and orchestration differences - Updated CI workflows and validation logic to support new Rust-based templates and ensure build/test consistency - Updated workflow and pre-commit scripts to check for consistency in workflow repository lists and enforce formatting/linters - Enhanced template build chains to support multi-arch, Rust compilation, and embedded Python agent operation - Added AMI/golden image build for red team labs covering recon, credential access, privesc, cracking, lateral movement, ACL abuse, and coercion **Removed:** - Removed all legacy Python-based agent templates: - ares-acl-agent, ares-blue-agent, ares-blue-triage-agent, ares-blue-threat-hunter-agent, ares-blue-lateral-analyst-agent, ares-coercion-agent, ares-cracker-agent, ares-cracker-agent-gpu, ares-cracker-base-gpu, ares-credential-access-agent, ares-lateral-movement-agent, ares-privesc-agent, ares-recon-agent, ares-worker, ares-base, ares-orchestrator and their corresponding READMEs and warpgate.yaml files - Removed Python-centric documentation and notes from main and template-specific READMEs - Removed template duplication and legacy shell/Ansible-only build steps in favor of Rust-native agent binaries with embedded Python support
dreadnode-renovate-bot
Bot
added
the
area/github
**Changed:** - Updated all GitHub Actions workflows and labeler configuration to reference 'warpgate-templates' instead of 'templates' for template-related operations, including build, validation, and test processes - Adjusted shell and Python scripts within workflows to search, loop, and operate on 'warpgate-templates' paths, ensuring correct discovery and validation of template files - Modified labeler rules to apply the area/templates label to changes under 'warpgate-templates', maintaining accurate PR labeling
ci: remove GITHUB_TOKEN build-arg from warpgate build steps
**Changed:**
- Updated build-and-push-templates workflow to no longer pass GITHUB_TOKEN as a
build-arg to warpgate build commands, removing both the flag and related
comments. This simplifies the build invocation and eliminates unnecessary
exposure of the token.
- Updated test-template-builds workflow to remove the --build-arg
"GITHUB_TOKEN=${GITHUB_TOKEN}" parameter from warpgate build steps, aligning
test builds with the new approach and reducing secrets usage.
**Removed:**
- Eliminated passing of GITHUB_TOKEN as a build argument to container builds in
all relevant GitHub Actions workflows.
```
**Added:** - Specify `kalilinux/kali-rolling:latest` as the base image in the ares-golden-image template to standardize environment for builds
…nsistent indentation **Changed:** - Updated workflow to check required files in `warpgate-templates/templates/*/` instead of `warpgate-templates/*/` for correct directory structure in `validate-templates.yaml` - Reformatted `warpgate.yaml` for the ares-golden-image template to use consistent two-space indentation across all sections, improving readability and aligning with common YAML conventions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Key Changes:
Added:
ares-rust-*templates for:ares-rust-cracker-agent-gpufor CUDA/OpenCL hashcat with Rust workerares-golden-imagefor comprehensive pre-baked red team AMI deployments.pre-commit-config.yaml,.hooks/, and linter settings for consistent formatting and validationChanged:
templates/README.mdto describe new agent taxonomy, usage, and modular template approachRemoved:
ares-base,ares-worker,ares-orchestrator, and all individual role agent templates under the old namingares-blue-agent,ares-blue-triage-agent,ares-blue-threat-hunter-agent,ares-blue-lateral-analyst-agent