diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 592b605..eb694e8 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -35,14 +35,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v5 with: - go-version-file: go.mod - - # Float to the newest go-sdk. The committed go.mod already pins a working - # published version, so this only bumps to anything newer on main. - - name: Update go-sdk to latest - run: | - go get github.com/chatbotkit/go-sdk@latest - go mod tidy + go-version: 'stable' - name: Vet run: go vet ./... @@ -86,12 +79,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v5 with: - go-version-file: go.mod - - - name: Update go-sdk to latest - run: | - go get github.com/chatbotkit/go-sdk@latest - go mod tidy + go-version: 'stable' - name: Cross-compile env: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5e68ba2..23a6e44 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -33,14 +33,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v5 with: - go-version-file: go.mod - - # Float to the newest go-sdk before cutting the release. The committed - # go.mod already pins a working published version; this bumps to latest. - - name: Update go-sdk to latest - run: | - go get github.com/chatbotkit/go-sdk@latest - go mod tidy + go-version: 'stable' - name: Build binary env: diff --git a/README.md b/README.md index bd29db7..a20de31 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Rook +ChatGPT Image Jun 1, 2026, 10_29_04 PM + **Rook** is a standalone, autonomous security agent for vulnerability research, bug hunting and source-code auditing. It is a single Go executable built on the [ChatBotKit Go SDK](https://github.com/chatbotkit/go-sdk), with a library of @@ -68,14 +70,14 @@ Rook loads a `.env` file automatically if present (see `.env.example`). ### Flags -| Flag | Default | Description | -| ---- | ------- | ----------- | -| `--model` | `qwen-3.6-plus` | Model the agent reasons with | -| `--max-iterations` | `40` | Maximum agent iterations before a forced stop | -| `--scope` | — | Authorization boundary (hosts, repos, paths) | -| `--scope-file` | — | Read the authorization scope from a file | -| `-v`, `--verbose` | `false` | Stream the agent's reasoning tokens to stdout | -| `-V`, `--version` | — | Print version and exit | +| Flag | Default | Description | +| ------------------ | --------------- | --------------------------------------------- | +| `--model` | `qwen-3.6-plus` | Model the agent reasons with | +| `--max-iterations` | `40` | Maximum agent iterations before a forced stop | +| `--scope` | — | Authorization boundary (hosts, repos, paths) | +| `--scope-file` | — | Read the authorization scope from a file | +| `-v`, `--verbose` | `false` | Stream the agent's reasoning tokens to stdout | +| `-V`, `--version` | — | Print version and exit | The agent's findings stream to **stderr**; with `--verbose`, reasoning tokens stream to **stdout**. The final report is delivered as the agent's response — diff --git a/RELEASES.md b/RELEASES.md index 2821171..60c5f5b 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -10,16 +10,21 @@ multi-platform binaries and publishes them as a GitHub Release. ### go-sdk resolution -The committed `go.mod` pins a **published** version of the Go SDK (a -pseudo-version of `github.com/chatbotkit/go-sdk`), so the repository builds from -a clean clone — and `go install` works — with no extra steps. +The committed `go.mod` pins a **tagged release** of the Go SDK (e.g. +`github.com/chatbotkit/go-sdk v0.1.0`), so every build — clean clone, CI, +release, and `go install` — uses exactly that version. Builds are reproducible; +no floating fetch step is involved. For development against a local checkout of the SDK, a **gitignored `go.work`** (created via `make workspace`) overrides the pinned module with the local copy. Because it is gitignored, it only affects local builds. -The CI and release workflows run `go get github.com/chatbotkit/go-sdk@latest && -go mod tidy` before building so each build floats to the newest go-sdk. +To move to a newer SDK, bump the pin explicitly and commit the result: + +```bash +go get github.com/chatbotkit/go-sdk@v0.2.0 # run with go.work inactive +go mod tidy +``` ## Version embedding diff --git a/go.mod b/go.mod index 63747ee..c159e38 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/chatbotkit/rook go 1.21 require ( - github.com/chatbotkit/go-sdk v0.0.0-20260517101900-53e0cb6beacd + github.com/chatbotkit/go-sdk v0.1.0 github.com/joho/godotenv v1.5.1 github.com/spf13/pflag v1.0.5 ) diff --git a/go.sum b/go.sum index e01ab8a..8ec2ee3 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/chatbotkit/go-sdk v0.0.0-20260517101900-53e0cb6beacd h1:aXSpT50rUnykS2tNdKALJVMQOYCta1SaEkdYZHiyF3w= -github.com/chatbotkit/go-sdk v0.0.0-20260517101900-53e0cb6beacd/go.mod h1:u9QxNKUqhls4OOPMuVE0i/Q4wTJMgBARKw+CcQIeg00= +github.com/chatbotkit/go-sdk v0.1.0 h1:EehCJmmbN2BoGNEaFjYLEFrHTEly/34lgBfNnzc2lBQ= +github.com/chatbotkit/go-sdk v0.1.0/go.mod h1:u9QxNKUqhls4OOPMuVE0i/Q4wTJMgBARKw+CcQIeg00= github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0= github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=