chatbotkit · pdparchitect · Jun 1, 2026 · Jun 1, 2026 · Jun 1, 2026
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -35,14 +35,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version-file: go.mod
-
-      # Float to the newest go-sdk. The committed go.mod already pins a working
-      # published version, so this only bumps to anything newer on main.
-      - name: Update go-sdk to latest
-        run: |
-          go get github.com/chatbotkit/go-sdk@latest
-          go mod tidy
+          go-version: 'stable'
 
       - name: Vet
         run: go vet ./...
@@ -86,12 +79,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version-file: go.mod
-
-      - name: Update go-sdk to latest
-        run: |
-          go get github.com/chatbotkit/go-sdk@latest
-          go mod tidy
+          go-version: 'stable'
 
       - name: Cross-compile
         env:

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -33,14 +33,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version-file: go.mod
-
-      # Float to the newest go-sdk before cutting the release. The committed
-      # go.mod already pins a working published version; this bumps to latest.
-      - name: Update go-sdk to latest
-        run: |
-          go get github.com/chatbotkit/go-sdk@latest
-          go mod tidy
+          go-version: 'stable'
 
       - name: Build binary
         env:

diff --git a/README.md b/README.md
@@ -1,5 +1,7 @@
 # Rook
 
+<img width="1672" height="941" alt="ChatGPT Image Jun 1, 2026, 10_29_04 PM" src="https://github.com/user-attachments/assets/15d285bc-4310-4690-b2cb-f325b43ba0eb" />
+
 **Rook** is a standalone, autonomous security agent for vulnerability research,
 bug hunting and source-code auditing. It is a single Go executable built on the
 [ChatBotKit Go SDK](https://github.com/chatbotkit/go-sdk), with a library of
@@ -68,14 +70,14 @@ Rook loads a `.env` file automatically if present (see `.env.example`).
 
 ### Flags
 
-| Flag | Default | Description |
-| ---- | ------- | ----------- |
-| `--model` | `qwen-3.6-plus` | Model the agent reasons with |
-| `--max-iterations` | `40` | Maximum agent iterations before a forced stop |
-| `--scope` | — | Authorization boundary (hosts, repos, paths) |
-| `--scope-file` | — | Read the authorization scope from a file |
-| `-v`, `--verbose` | `false` | Stream the agent's reasoning tokens to stdout |
-| `-V`, `--version` | — | Print version and exit |
+| Flag               | Default         | Description                                   |
+| ------------------ | --------------- | --------------------------------------------- |
+| `--model`          | `qwen-3.6-plus` | Model the agent reasons with                  |
+| `--max-iterations` | `40`            | Maximum agent iterations before a forced stop |
+| `--scope`          | —               | Authorization boundary (hosts, repos, paths)  |
+| `--scope-file`     | —               | Read the authorization scope from a file      |
+| `-v`, `--verbose`  | `false`         | Stream the agent's reasoning tokens to stdout |
+| `-V`, `--version`  | —               | Print version and exit                        |
 
 The agent's findings stream to **stderr**; with `--verbose`, reasoning tokens
 stream to **stdout**. The final report is delivered as the agent's response —

diff --git a/RELEASES.md b/RELEASES.md
@@ -10,16 +10,21 @@ multi-platform binaries and publishes them as a GitHub Release.
 
 ### go-sdk resolution
 
-The committed `go.mod` pins a **published** version of the Go SDK (a
-pseudo-version of `github.com/chatbotkit/go-sdk`), so the repository builds from
-a clean clone — and `go install` works — with no extra steps.
+The committed `go.mod` pins a **tagged release** of the Go SDK (e.g.
+`github.com/chatbotkit/go-sdk v0.1.0`), so every build — clean clone, CI,
+release, and `go install` — uses exactly that version. Builds are reproducible;
+no floating fetch step is involved.
 
 For development against a local checkout of the SDK, a **gitignored `go.work`**
 (created via `make workspace`) overrides the pinned module with the local copy.
 Because it is gitignored, it only affects local builds.
 
-The CI and release workflows run `go get github.com/chatbotkit/go-sdk@latest &&
-go mod tidy` before building so each build floats to the newest go-sdk.
+To move to a newer SDK, bump the pin explicitly and commit the result:
+
+```bash
+go get github.com/chatbotkit/go-sdk@v0.2.0   # run with go.work inactive
+go mod tidy
+```
 
 ## Version embedding
 

diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/chatbotkit/rook
 go 1.21
 
 require (
-	github.com/chatbotkit/go-sdk v0.0.0-20260517101900-53e0cb6beacd
+	github.com/chatbotkit/go-sdk v0.1.0
 	github.com/joho/godotenv v1.5.1
 	github.com/spf13/pflag v1.0.5
 )

diff --git a/go.sum b/go.sum
@@ -1,5 +1,5 @@
-github.com/chatbotkit/go-sdk v0.0.0-20260517101900-53e0cb6beacd h1:aXSpT50rUnykS2tNdKALJVMQOYCta1SaEkdYZHiyF3w=
-github.com/chatbotkit/go-sdk v0.0.0-20260517101900-53e0cb6beacd/go.mod h1:u9QxNKUqhls4OOPMuVE0i/Q4wTJMgBARKw+CcQIeg00=
+github.com/chatbotkit/go-sdk v0.1.0 h1:EehCJmmbN2BoGNEaFjYLEFrHTEly/34lgBfNnzc2lBQ=
+github.com/chatbotkit/go-sdk v0.1.0/go.mod h1:u9QxNKUqhls4OOPMuVE0i/Q4wTJMgBARKw+CcQIeg00=
 github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=