v0.12.0: MCP Plugin Discovery, Streamable HTTP & Hunt Tactic Fix

What's New

Features

• MCP plugin discovery via entry points — vault plugins (hunt-vault, detect-vault) can now register MCP tools via the athf.mcp_tools entry point, automatically discovered at server startup (3a1d021)
• Streamable HTTP transport — MCP server now supports --transport streamable-http in addition to stdio, enabling browser and remote client connections (6cdd1ca)

Bug Fixes

• athf attack update crash with mitreattack-python 5.x — replaced removed stix_store_to_file with direct urllib download; also sanitizes STIX bundles with duplicate IDs (573f611, 388344b) — closes #26
• athf hunt new wrong tactic default — --technique T1003.001 now correctly derives credential-access from the ATT&CK provider instead of hardcoding collection (131de9f) — closes #27
• Ollama provider timeout — added 30s timeout to urlopen call (109e3e2, thanks @MichaelMVS)
• MCP standalone entry point — added CLI argument parser so athf-mcp works correctly when invoked directly (4be7028)

Tests

• Plugin integration tests for hunt-vault and detect-vault MCP tools (691de2b)
• Tactic auto-derivation and fallback tests for hunt new (e783c8b)

Upgrade

pip install --upgrade agentic-threat-hunting-framework==0.12.0
# or with all extras:
pip install --upgrade 'agentic-threat-hunting-framework[mcp,attack]==0.12.0'