v1.18.0 — Threat Horizon Forecaster + machine-readable --version

v1.18.0 — Threat Horizon Forecaster + machine-readable --version

A focused minor release that adds one new agentic advisor and finally makes
winsentinel --version safe to call from CI, inventory, and packaging scripts.

✨ New: Threat Horizon Forecast Advisor

ThreatHorizonForecastAdvisor is the sixth agentic sibling alongside
FixOrchestrationPlanner, AlertRoutingAdvisor, AttackerProfileSynthesizer,
PostureRegressionExplainer, and PolicyExceptionRiskAdvisor.

It produces a forward-looking 7-day threat-pressure forecast (0–100) by
blending recent attacker-side recon signals with defender-side posture context:

• Attacker signals (8): port scans, brute-force attempts, IOC matches,
  phishing waves, rogue DNS, dark-web mentions, anomalous outbound, etc.
  Each contribution is weighted by velocity, freshness, and distinct-source
  dedup so a single noisy source can't dominate.
• Defender overhang (5): open critical findings, attack-surface size,
  recent posture regressions, recently revoked exceptions, exposed assets.
• Risk-appetite shift: Cautious +5 / Aggressive −5.
• Verdict ladder: Calm → Elevated → Imminent → UnderPressure,
  graded A–F.
• Per-day forecast curve with attacker-decay modeling.
• P0-first hardening playbook (BLOCK_KNOWN_IOCS, RATE_LIMIT_AUTH,
  HARDEN_PERIMETER, war-room convene on 2+ P0s, …).
• Cross-signal insights: network / auth / user heat concentration,
  compound pressure, sustained pressure.
• Renderers: Text / Markdown / JSON.

🐛 Fixes

• #194 — Machine-readable --version. Adds two CI/inventory-friendly
  variants that compose with the existing 4-line human banner:

  • winsentinel --version --quiet → bare version string (e.g. 1.18.0)
  • winsentinel --version --json → stable JSON
    { product, version, informationalVersion, runtime, os, machine }

  After --version, only --quiet / --json are greedily consumed; any
  other trailing flag is rejected with a clear error.

• #192 — --version now reflects the real installed version.
  PrintVersion was reading Assembly.GetName().Version, which returns
  the static AssemblyVersion attribute (pinned at 1.0.0.0 for binding
  stability). With MinVer driving the package version from git tags into
  AssemblyInformationalVersion, the printed banner was stuck at v1.0.0
  even though the installed tool was 1.16.1+. Switched the banner to read
  AssemblyInformationalVersionAttribute (with AssemblyFileVersion +
  AssemblyName.Version as fallbacks) and strip the SourceLink
  +commitsha metadata so the output stays clean for support tickets.
  Covered by 4 new regression tests in ConsoleFormatterTests.

🧹 Maintenance

• Dependabot config: group minor+patch updates (NuGet, GitHub Actions,
  Docker) into single PRs per ecosystem, add an analyzers group, expand
  the test-stack group, and ignore semver-major bumps on
  mcr.microsoft.com/dotnet/{sdk,runtime,aspnet} base images. The
  Dockerfile is pinned to 8.0-windowsservercore-ltsc2022 to match the
  net8.0-windows TFM across every project; major base-image bumps
  require a coordinated TFM migration and are now tracked manually
  instead of re-opened weekly by Dependabot.

⬆️ Upgrade

dotnet tool update --global WinSentinel.Cli
winsentinel --version --json

Full Changelog: v1.17.0...v1.18.0