Release v0.7.3 - Android workflows, LiteLLM integration, ARM64 support

.github/pull_request_template.md

@@ -0,0 +1,79 @@
+## Description
+
+<!-- Provide a brief description of the changes in this PR -->
+
+## Type of Change
+
+<!-- Mark the appropriate option with an 'x' -->
+
+- [ ] 🐛 Bug fix (non-breaking change which fixes an issue)
+- [ ] ✨ New feature (non-breaking change which adds functionality)
+- [ ] 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] 📝 Documentation update
+- [ ] 🔧 Configuration change
+- [ ] ♻️ Refactoring (no functional changes)
+- [ ] 🎨 Style/formatting changes
+- [ ] ✅ Test additions or updates
+
+## Related Issues
+
+<!-- Link to related issues using #issue_number -->
+<!-- Example: Closes #123, Relates to #456 -->
+
+## Changes Made
+
+<!-- List the specific changes made in this PR -->
+
+-
+-
+-
+
+## Testing
+
+<!-- Describe the tests you ran to verify your changes -->
+
+### Tested Locally
+
+- [ ] All tests pass (`pytest`, `uv build`, etc.)
+- [ ] Linting passes (`ruff check`)
+- [ ] Code builds successfully
+
+### Worker Changes (if applicable)
+
+- [ ] Docker images build successfully (`docker compose build`)
+- [ ] Worker containers start correctly
+- [ ] Tested with actual workflow execution
+
+### Documentation
+
+- [ ] Documentation updated (if needed)
+- [ ] README updated (if needed)
+- [ ] CHANGELOG.md updated (if user-facing changes)
+
+## Pre-Merge Checklist
+
+<!-- Ensure all items are completed before requesting review -->
+
+- [ ] My code follows the project's coding standards
+- [ ] I have performed a self-review of my code
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] I have made corresponding changes to the documentation
+- [ ] My changes generate no new warnings
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] New and existing unit tests pass locally with my changes
+- [ ] Any dependent changes have been merged and published
+
+### Worker-Specific Checks (if workers/ modified)
+
+- [ ] All worker files properly tracked by git (not gitignored)
+- [ ] Worker validation script passes (`.github/scripts/validate-workers.sh`)
+- [ ] Docker images build without errors
+- [ ] Worker configuration updated in `docker-compose.yml` (if needed)
+
+## Screenshots (if applicable)
+
+<!-- Add screenshots to help explain your changes -->
+
+## Additional Notes
+
+<!-- Any additional information that reviewers should know -->

.github/scripts/validate-workers.sh

@@ -0,0 +1,127 @@
+#!/bin/bash
+# Worker Validation Script
+# Ensures all workers defined in docker-compose.yml exist in the repository
+# and are properly tracked by git.
+
+set -e
+
+echo "🔍 Validating worker completeness..."
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+ERRORS=0
+WARNINGS=0
+
+# Extract worker service names from docker-compose.yml
+echo ""
+echo "📋 Checking workers defined in docker-compose.yml..."
+WORKERS=$(grep -E "^\s+worker-" docker-compose.yml | grep -v "#" | cut -d: -f1 | tr -d ' ' | sort -u)
+
+if [ -z "$WORKERS" ]; then
+    echo -e "${RED}❌ No workers found in docker-compose.yml${NC}"
+    exit 1
+fi
+
+echo "Found workers:"
+for worker in $WORKERS; do
+    echo "  - $worker"
+done
+
+# Check each worker
+echo ""
+echo "🔎 Validating worker files..."
+for worker in $WORKERS; do
+    WORKER_DIR="workers/${worker#worker-}"
+
+    echo ""
+    echo "Checking $worker ($WORKER_DIR)..."
+
+    # Check if directory exists
+    if [ ! -d "$WORKER_DIR" ]; then
+        echo -e "${RED}  ❌ Directory not found: $WORKER_DIR${NC}"
+        ERRORS=$((ERRORS + 1))
+        continue
+    fi
+
+    # Check Dockerfile (single file or multi-platform pattern)
+    if [ -f "$WORKER_DIR/Dockerfile" ]; then
+        # Single Dockerfile
+        if ! git ls-files --error-unmatch "$WORKER_DIR/Dockerfile" &> /dev/null; then
+            echo -e "${RED}  ❌ File not tracked by git: $WORKER_DIR/Dockerfile${NC}"
+            echo -e "${YELLOW}     Check .gitignore patterns!${NC}"
+            ERRORS=$((ERRORS + 1))
+        else
+            echo -e "${GREEN}  ✓ Dockerfile (tracked)${NC}"
+        fi
+    elif compgen -G "$WORKER_DIR/Dockerfile.*" > /dev/null; then
+        # Multi-platform Dockerfiles (e.g., Dockerfile.amd64, Dockerfile.arm64)
+        PLATFORM_DOCKERFILES=$(ls "$WORKER_DIR"/Dockerfile.* 2>/dev/null)
+        DOCKERFILE_FOUND=false
+        for dockerfile in $PLATFORM_DOCKERFILES; do
+            if git ls-files --error-unmatch "$dockerfile" &> /dev/null; then
+                echo -e "${GREEN}  ✓ $(basename "$dockerfile") (tracked)${NC}"
+                DOCKERFILE_FOUND=true
+            else
+                echo -e "${RED}  ❌ File not tracked by git: $dockerfile${NC}"
+                ERRORS=$((ERRORS + 1))
+            fi
+        done
+        if [ "$DOCKERFILE_FOUND" = false ]; then
+            echo -e "${RED}  ❌ No platform-specific Dockerfiles found${NC}"
+            ERRORS=$((ERRORS + 1))
+        fi
+    else
+        echo -e "${RED}  ❌ Missing Dockerfile or Dockerfile.* files${NC}"
+        ERRORS=$((ERRORS + 1))
+    fi
+
+    # Check other required files
+    REQUIRED_FILES=("requirements.txt" "worker.py")
+    for file in "${REQUIRED_FILES[@]}"; do
+        FILE_PATH="$WORKER_DIR/$file"
+
+        if [ ! -f "$FILE_PATH" ]; then
+            echo -e "${RED}  ❌ Missing file: $FILE_PATH${NC}"
+            ERRORS=$((ERRORS + 1))
+        else
+            # Check if file is tracked by git
+            if ! git ls-files --error-unmatch "$FILE_PATH" &> /dev/null; then
+                echo -e "${RED}  ❌ File not tracked by git: $FILE_PATH${NC}"
+                echo -e "${YELLOW}     Check .gitignore patterns!${NC}"
+                ERRORS=$((ERRORS + 1))
+            else
+                echo -e "${GREEN}  ✓ $file (tracked)${NC}"
+            fi
+        fi
+    done
+done
+
+# Check for any ignored worker files
+echo ""
+echo "🚫 Checking for gitignored worker files..."
+IGNORED_FILES=$(git check-ignore workers/*/* 2>/dev/null || true)
+if [ -n "$IGNORED_FILES" ]; then
+    echo -e "${YELLOW}⚠️  Warning: Some worker files are being ignored:${NC}"
+    echo "$IGNORED_FILES" | while read -r file; do
+        echo -e "${YELLOW}  - $file${NC}"
+    done
+    WARNINGS=$((WARNINGS + 1))
+fi
+
+# Summary
+echo ""
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+if [ $ERRORS -eq 0 ] && [ $WARNINGS -eq 0 ]; then
+    echo -e "${GREEN}✅ All workers validated successfully!${NC}"
+    exit 0
+elif [ $ERRORS -eq 0 ]; then
+    echo -e "${YELLOW}⚠️  Validation passed with $WARNINGS warning(s)${NC}"
+    exit 0
+else
+    echo -e "${RED}❌ Validation failed with $ERRORS error(s) and $WARNINGS warning(s)${NC}"
+    exit 1
+fi

.github/workflows/test.yml

@@ -2,11 +2,100 @@ name: Tests
 
 on:
   push:
-    branches: [ main, master, develop, feature/** ]
+    branches: [ main, master, dev, develop, feature/** ]
   pull_request:
-    branches: [ main, master, develop ]
+    branches: [ main, master, dev, develop ]
 
 jobs:
+  validate-workers:
+    name: Validate Workers
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run worker validation
+        run: |
+          chmod +x .github/scripts/validate-workers.sh
+          .github/scripts/validate-workers.sh
+
+  build-workers:
+    name: Build Worker Docker Images
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Fetch all history for proper diff
+
+      - name: Check which workers were modified
+        id: check-workers
+        run: |
+          if [ "${{ github.event_name }}" == "pull_request" ]; then
+            # For PRs, check changed files
+            CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD)
+            echo "Changed files:"
+            echo "$CHANGED_FILES"
+          else
+            # For direct pushes, check last commit
+            CHANGED_FILES=$(git diff --name-only HEAD~1 HEAD)
+          fi
+
+          # Check if docker-compose.yml changed (build all workers)
+          if echo "$CHANGED_FILES" | grep -q "^docker-compose.yml"; then
+            echo "workers_to_build=worker-python worker-secrets worker-rust worker-android worker-ossfuzz" >> $GITHUB_OUTPUT
+            echo "workers_modified=true" >> $GITHUB_OUTPUT
+            echo "✅ docker-compose.yml modified - building all workers"
+            exit 0
+          fi
+
+          # Detect which specific workers changed
+          WORKERS_TO_BUILD=""
+
+          if echo "$CHANGED_FILES" | grep -q "^workers/python/"; then
+            WORKERS_TO_BUILD="$WORKERS_TO_BUILD worker-python"
+            echo "✅ Python worker modified"
+          fi
+
+          if echo "$CHANGED_FILES" | grep -q "^workers/secrets/"; then
+            WORKERS_TO_BUILD="$WORKERS_TO_BUILD worker-secrets"
+            echo "✅ Secrets worker modified"
+          fi
+
+          if echo "$CHANGED_FILES" | grep -q "^workers/rust/"; then
+            WORKERS_TO_BUILD="$WORKERS_TO_BUILD worker-rust"
+            echo "✅ Rust worker modified"
+          fi
+
+          if echo "$CHANGED_FILES" | grep -q "^workers/android/"; then
+            WORKERS_TO_BUILD="$WORKERS_TO_BUILD worker-android"
+            echo "✅ Android worker modified"
+          fi
+
+          if echo "$CHANGED_FILES" | grep -q "^workers/ossfuzz/"; then
+            WORKERS_TO_BUILD="$WORKERS_TO_BUILD worker-ossfuzz"
+            echo "✅ OSS-Fuzz worker modified"
+          fi
+
+          if [ -z "$WORKERS_TO_BUILD" ]; then
+            echo "workers_modified=false" >> $GITHUB_OUTPUT
+            echo "⏭️  No worker changes detected - skipping build"
+          else
+            echo "workers_to_build=$WORKERS_TO_BUILD" >> $GITHUB_OUTPUT
+            echo "workers_modified=true" >> $GITHUB_OUTPUT
+            echo "Building workers:$WORKERS_TO_BUILD"
+          fi
+
+      - name: Set up Docker Buildx
+        if: steps.check-workers.outputs.workers_modified == 'true'
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build worker images
+        if: steps.check-workers.outputs.workers_modified == 'true'
+        run: |
+          WORKERS="${{ steps.check-workers.outputs.workers_to_build }}"
+          echo "Building worker Docker images: $WORKERS"
+          docker compose build $WORKERS --no-cache
+        continue-on-error: false
+
   lint:
     name: Lint
     runs-on: ubuntu-latest
@@ -143,11 +232,15 @@ jobs:
   test-summary:
     name: Test Summary
     runs-on: ubuntu-latest
-    needs: [lint, unit-tests]
+    needs: [validate-workers, lint, unit-tests]
     if: always()
     steps:
       - name: Check test results
         run: |
+          if [ "${{ needs.validate-workers.result }}" != "success" ]; then
+            echo "Worker validation failed"
+            exit 1
+          fi
           if [ "${{ needs.unit-tests.result }}" != "success" ]; then
             echo "Unit tests failed"
             exit 1

.gitignore

@@ -188,6 +188,10 @@ logs/
 # Docker volume configs (keep .env.example but ignore actual .env)
 volumes/env/.env
 
+# Vendored proxy sources (kept locally for reference)
+ai/proxy/bifrost/
+ai/proxy/litellm/
+
 # Test project databases and configurations
 test_projects/*/.fuzzforge/
 test_projects/*/findings.db*
@@ -304,4 +308,8 @@ test_projects/*/.npmrc
 test_projects/*/.git-credentials
 test_projects/*/credentials.*
 test_projects/*/api_keys.*
-test_projects/*/ci-*.sh
+test_projects/*/ci-*.sh
+
+# -------------------- Internal Documentation --------------------
+# Weekly summaries and temporary project documentation
+WEEK_SUMMARY*.md