chore: sync infrastructure files with template

.github/renovate.json5

@@ -38,7 +38,8 @@
     {
       matchManagers: ["poetry", "pip_requirements"],
       matchDepTypes: ["python"],
-      enabled: false,
+      allowedVersions: "<=3.13",
+      enabled: true,
     },
     {
       description: "Auto merge non-major updates",

.github/workflows/rigging_pr_description.yaml

@@ -0,0 +1,54 @@
+---
+name: Update PR Description with Rigging
+on:
+  pull_request:
+    types: [opened]
+
+jobs:
+  update-description:
+    name: Update PR Description with Rigging
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: read
+
+    steps:
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          fetch-depth: 0 # full history for proper diffing
+
+      - name: Set up Python
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: "3.14"
+
+      - name: Install uv
+        run: |
+          python -m pip install --upgrade pip
+          pip install uv
+
+      - name: Generate PR Description
+        id: description
+        env:
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+        run: |
+          DESCRIPTION="$(uv run --no-project .hooks/generate_pr_description.py --base-ref "origin/${{ github.base_ref }}" --exclude "./*.lock")"
+          {
+            echo "description<<EOF"
+            echo "${DESCRIPTION}"
+            echo "EOF"
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Update PR Description
+        uses: nefrob/pr-description@4dcc9f3ad5ec06b2a197c5f8f93db5e69d2fdca7 # v1.2.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          content: |
+
+            ---
+
+            ## Generated Summary:
+
+            ${{ steps.description.outputs.description }}
+
+            This summary was generated with ❤️ by [rigging](https://rigging.dreadnode.io/)

.github/workflows/template-sync.yaml

@@ -1,34 +1,58 @@
 ---
-name: Template Sync
+name: Template Sync Dispatcher
 on:
-  repository_dispatch:
+  workflow_run:
+    workflows: ["Pre-Commit"]
     types:
-      - template-sync
+      - completed
+    branches:
+      - main
 
   # checkov:skip=CKV_GHA_7: "Workflow dispatch inputs are required for manual debugging and configuration"
   workflow_dispatch:
-    inputs:
-      dryRun:
-        description: Dry Run
-        default: "false"
-        required: false
-      logLevel:
-        description: Log Level
-        default: "debug"
-        required: false
 
 permissions:
-  contents: write
-  pull-requests: write
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+  contents: read
 
 jobs:
-  template-sync:
-    name: Template Sync
+  check-changes:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    outputs:
+      should_dispatch: ${{ steps.filter.outputs.templates }}
+    steps:
+      - name: Checkout triggering commit
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          ref: ${{ github.event.workflow_run.head_sha || github.ref }}
+
+      - name: Check if template files changed
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
+        id: filter
+        with:
+          filters: |
+            templates:
+              - '.github/**'
+              - '.hooks/**'
+              - '.pre-commit-config.yaml'
+              - '.mdlrc'
+              - '.editorconfig'
+              - 'Taskfile.yaml'
+              - '.task/**'
+
+  dispatch-to-targets:
+    needs: check-changes
     runs-on: ubuntu-latest
+    if: needs.check-changes.outputs.should_dispatch == 'true'
+    strategy:
+      matrix:
+        repo:
+          - ares
+          - platform
+          - sast-agent
+          - dreadnode-server
+          - dreadnode-sdk
+          - rigging
     steps:
       - name: Generate Token
         uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
@@ -38,30 +62,12 @@ jobs:
           private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
           owner: "${{ github.repository_owner }}"
 
-      - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-        with:
-          token: "${{ steps.app-token.outputs.token }}"
-
-      - name: Template Sync
-        uses: AndreasAugustin/actions-template-sync@v2
-        with:
-          source_gh_token: ${{ steps.app-token.outputs.token }}
-          target_gh_token: ${{ steps.app-token.outputs.token }}
-          git_user_name: github-actions[bot]
-          git_user_email: github-actions[bot]@users.noreply.github.com
-          pr_title: "chore: sync infrastructure files with template"
-          pr_labels: sync,template
-          pr_body: |
-            🤖 A new version of the python template files is available.
-
-            This PR was automatically created to sync the following:
-            - GitHub Actions workflows
-            - Pre-commit hooks and configs
-            - Task definitions
-            - Editor configs and linter rules
-
-            Please review the changes carefully before merging.
-          source_repo_path: dreadnode/python-template
-          steps: "prechecks,pull,commit,push,pr"
-          upstream_branch: main
+      - name: Dispatch to ${{ matrix.repo }}
+        run: |
+          gh api repos/dreadnode/${{ matrix.repo }}/dispatches \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -f event_type="template-sync" \
+            -f client_payload[ref]="${{ github.event.workflow_run.head_sha }}"
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}

.github/workflows/tests.yaml

@@ -30,7 +30,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.10", "3.11", "3.12", "3.13"]
+        python-version: ["3.9", "3.10", "3.11"]
 
     steps:
       - name: Set up git repository
@@ -45,7 +45,7 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install pytest pytest-cov pytest-asyncio ruff
+          pip install pytest pytest-cov ruff
           pip install -e .
 
       - name: Lint with ruff

.gitignore

@@ -1,11 +1,5 @@
 # Testing code
 notebooks/
-test-alerts/
-
-# Project-specific ignores
-TODO
-.tool-versions
-/reports/
 
 # Custom parquet storage
 *.parquet

.pre-commit-config.yaml

@@ -31,7 +31,7 @@ repos:
     rev: v2.4.1
     hooks:
       - id: codespell
-        entry: codespell -q 3 -f --skip=".git,.github,README.md" --ignore-words-list="astroid,braket"
+        entry: codespell -q 3 -f --skip=".git,.github,README.md" --ignore-words-list="astroid"
 
   - repo: https://github.com/RodrigoGonzalez/check-mkdocs
     rev: v1.2.0

CHANGELOG.md

@@ -10,14 +10,16 @@ and this project adheres to
 
 ### Added
 
-- Initial release of Ares autonomous SOC investigation agent
-- MITRE ATT&CK Navigator question engine
-- Pyramid of Pain Climber question engine
-- Integration with Grafana, Loki, and Prometheus
-- Four-stage investigation workflow (Triage, Causation, Lateral Movement,
-  Synthesis)
-- Markdown report generation
-- Parallel query execution
-- Dreadnode Agent SDK integration
+- Modern Python project template with batteries included
+- pyproject.toml configuration
+- Testing setup with pytest
+- Code quality tools (Black, Ruff, mypy)
+- Pre-commit hooks configuration
+- GitHub Actions workflows
+- Documentation template with MkDocs
+- Security policy template
+- CODEOWNERS template
+- Taskfile for common commands
+- VSCode workspace configuration
 
-[Unreleased]: https://github.com/dreadnode/ares/compare/v0.0.0...HEAD
+[Unreleased]: https://github.com/dreadnode/python-template/compare/v0.0.0...HEAD

docs/contributing.md

@@ -8,8 +8,8 @@ This guide will help you get started with contributing effectively.
 1. Fork the repository and clone your fork:
 
    ```bash
-   gh repo clone dreadnode/ares
-   cd ares
+   gh repo clone dreadnode/python-template
+   cd python-template
    ```
 
 1. Set up your development environment with your preferred package manager:
@@ -58,7 +58,8 @@ task types   # Type checking with mypy
 task test    # Run tests with pytest
 ```
 
-The pre-commit hooks will automatically run most checks when you commit changes.
+The pre-commit hooks will automatically run most checks when you commit
+changes.
 
 ### Documentation
 

docs/index.md

@@ -1,82 +1,52 @@
-# Ares Documentation
+# Python Project Template Documentation
 
-Welcome to the Ares documentation.
-Ares is an autonomous security operations agent with dual capabilities:
-**Blue Team** (SOC investigation) and **Red Team** (penetration testing).
+Welcome to the Python Project Template documentation.
+A modern Python project scaffold with batteries included.
 
 ## Quick Links
 
 - [Project README](../README.md)
-- [Taskfile Usage Guide](taskfile_usage.md)
-- [Grafana MCP Integration](grafana_mcp_usage.md)
-- [Prompt Templates](prompt_templates.md)
 - [Contributing Guide](contributing.md)
 - [Security Policy](../SECURITY.md)
+- [Changelog](../CHANGELOG.md)
+- [Project Setup Guide](topics/project-from-template.md)
 
 ## Overview
 
-Ares provides autonomous security operations through two specialized agents:
+This template provides a complete Python project structure with modern
+development tools and best practices pre-configured.
+It's designed to help you start new Python projects quickly with quality
+tooling already in place.
 
-**Blue Team Agent** - Transforms security alerts into actionable threat
-intelligence through question-driven investigations. Uses MITRE ATT&CK
-framework and Pyramid of Pain methodology.
+## Key Features
 
-**Red Team Agent** - Autonomous penetration testing for Active Directory
-environments. Systematically enumerates, harvests credentials, and attempts
-domain admin access.
-
-Built with the [Dreadnode Agent SDK](https://github.com/dreadnode/agent-sdk).
-
-## Key Capabilities
-
-### Blue Team (SOC Investigation)
-
-- Autonomous Grafana alert investigation
-- MITRE ATT&CK technique mapping
-- Pyramid of Pain-based analysis elevation
-- Multi-stage investigation workflow (Triage, Causation, Lateral, Synthesis)
-- Integration with Grafana, Loki, and Prometheus via MCP
-- Comprehensive markdown reporting
-
-### Red Team (Penetration Testing)
-
-- Active Directory enumeration (hosts, users, shares)
-- Credential harvesting (secretsdump, kerberoasting, AS-REP roasting)
-- Password hash cracking (hashcat, John the Ripper)
-- BloodHound integration for ACL abuse paths
-- ADCS exploitation (ESC1-15 vulnerabilities)
-- Golden ticket generation
-- Delegation attacks (RBCD, unconstrained, constrained)
+- 📝 Modern `pyproject.toml` configuration
+- 🧪 Testing setup with pytest
+- 🔍 Code quality tools (Black, Ruff, mypy)
+- 🔄 GitHub Actions workflows
+- 📚 Documentation with MkDocs
+- 🔒 Security policy and Semgrep analysis
 
 ## Getting Started
 
-See the [README](../README.md) for installation instructions and usage
-examples.
+See the [README](../README.md) for quick start instructions, or check out the
+detailed [Project Setup Guide](topics/project-from-template.md) for step-by-step
+instructions on using this template.
 
 ## Repository Layout
 
 ```text
-ares/
-├── src/ares/                    # Main package
-│   ├── agents/                  # Agent orchestrators
-│   │   ├── blue/                # SOC investigation agent
-│   │   └── red/                 # Penetration testing agent
-│   ├── core/                    # Core models and engines
-│   │   └── factories/           # Agent factories
-│   ├── integrations/            # External integrations (MITRE)
-│   ├── reports/                 # Report generators
-│   └── tools/                   # Agent toolsets
-│       ├── blue/                # Blue team tools
-│       ├── red/                 # Red team tools
-│       └── shared/              # Shared tools (MITRE)
-├── templates/                   # Jinja2 prompt templates
-│   ├── agent/                   # Blue team agent templates
-│   ├── engines/                 # Question engine templates
-│   ├── redteam/                 # Red team agent templates
-│   └── reports/                 # Report templates
-├── tests/                       # Test suite
-├── docs/                        # Documentation
-└── reports/                     # Generated reports
+python-template/
+├── CODEOWNERS          # Repository access control
+├── LICENSE             # Apache License 2.0
+├── README.md           # Project overview
+├── SECURITY.md         # Security policy
+├── Taskfile.yaml       # Task automation
+├── docs/               # Documentation
+├── examples/           # Usage examples
+├── pyproject.toml      # Python project config
+├── requirements.txt    # Dependencies
+└── tests/              # Test suite
 ```
 
 ## Development