diff --git a/CHANGELOG.md b/CHANGELOG.md index 4b18a30..086f074 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,24 @@ # Changelog +## [1.5.0] - 2026-04-18 + +### Added +- Added strict grouped `chains` artifact reuse for compatible local source JSON so repeated family + reruns can reuse already-produced evidence truthfully instead of recollecting every backing + command. +- Added YAML-backed Azure DevOps pipeline evidence so `devops` and `chains deployment-path` can + admit repo-backed Azure service connections and variable groups from real Azure Repos pipeline + definitions and same-repo local templates. + +### Changed +- Batched the expensive Graph fanout behind `role-trusts`, which keeps live grouped `chains` + families responsive on fresh runs instead of stalling on serial trust-edge collection. +- Tightened reduced-view and maintenance-mode truthfulness across `permissions`, + `tokens-credentials`, `credential-path`, `deployment-path`, `functions`, `arm-deployments`, and + `resource-trusts` so reduced or partial visibility reads as exactly that instead of broader proof. +- Bumped the published package and output schema version to `1.5.0` for the completed minor + release boundary. + ## [1.4.0] - 2026-04-12 ### Added diff --git a/pyproject.toml b/pyproject.toml index d327e48..24050ec 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" [project] name = "azurefox" -version = "1.4.0" +version = "1.5.0" description = "AzureFox - offensive-focused Azure situational awareness CLI" readme = "README.md" requires-python = ">=3.11" diff --git a/src/azurefox/__init__.py b/src/azurefox/__init__.py index bc07c82..37b6fa0 100644 --- a/src/azurefox/__init__.py +++ b/src/azurefox/__init__.py @@ -2,4 +2,4 @@ __all__ = ["__version__"] -__version__ = "1.4.0" +__version__ = "1.5.0" diff --git a/src/azurefox/models/common.py b/src/azurefox/models/common.py index 4fd095f..743b112 100644 --- a/src/azurefox/models/common.py +++ b/src/azurefox/models/common.py @@ -6,7 +6,7 @@ from pydantic import BaseModel, Field, model_validator -SCHEMA_VERSION = "1.4.0" +SCHEMA_VERSION = "1.5.0" class OutputMode(StrEnum): diff --git a/tests/golden/acr.json b/tests/golden/acr.json index 935c015..a09b8c8 100644 --- a/tests/golden/acr.json +++ b/tests/golden/acr.json @@ -4,7 +4,7 @@ "metadata": { "command": "acr", "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/aks.json b/tests/golden/aks.json index a05362c..283fbcf 100644 --- a/tests/golden/aks.json +++ b/tests/golden/aks.json @@ -79,7 +79,7 @@ "metadata": { "command": "aks", "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/api-mgmt.json b/tests/golden/api-mgmt.json index 6ad1488..96faab6 100644 --- a/tests/golden/api-mgmt.json +++ b/tests/golden/api-mgmt.json @@ -56,7 +56,7 @@ "metadata": { "command": "api-mgmt", "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/app-services.json b/tests/golden/app-services.json index f5044e7..d6af98e 100644 --- a/tests/golden/app-services.json +++ b/tests/golden/app-services.json @@ -56,7 +56,7 @@ "metadata": { "command": "app-services", "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/application-gateway.json b/tests/golden/application-gateway.json index 8161437..2e5eaf9 100644 --- a/tests/golden/application-gateway.json +++ b/tests/golden/application-gateway.json @@ -118,7 +118,7 @@ "metadata": { "command": "application-gateway", "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/arm-deployments.json b/tests/golden/arm-deployments.json index 45d3b7f..799dd41 100644 --- a/tests/golden/arm-deployments.json +++ b/tests/golden/arm-deployments.json @@ -120,7 +120,7 @@ "command": "arm-deployments", "devops_organization": null, "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/auth-policies.json b/tests/golden/auth-policies.json index 8e2d383..2ea5d88 100644 --- a/tests/golden/auth-policies.json +++ b/tests/golden/auth-policies.json @@ -107,7 +107,7 @@ "metadata": { "command": "auth-policies", "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/automation.json b/tests/golden/automation.json index 8bee0b9..f935546 100644 --- a/tests/golden/automation.json +++ b/tests/golden/automation.json @@ -1,6 +1,6 @@ { "metadata": { - "schema_version": "1.4.0", + "schema_version": "1.5.0", "command": "automation", "generated_at": "", "tenant_id": "11111111-1111-1111-1111-111111111111", diff --git a/tests/golden/container-apps.json b/tests/golden/container-apps.json index 1c134a0..5bd21f5 100644 --- a/tests/golden/container-apps.json +++ b/tests/golden/container-apps.json @@ -1,6 +1,6 @@ { "metadata": { - "schema_version": "1.4.0", + "schema_version": "1.5.0", "command": "container-apps", "generated_at": "", "tenant_id": "11111111-1111-1111-1111-111111111111", diff --git a/tests/golden/container-instances.json b/tests/golden/container-instances.json index 742a2d2..e9f1ee1 100644 --- a/tests/golden/container-instances.json +++ b/tests/golden/container-instances.json @@ -1,6 +1,6 @@ { "metadata": { - "schema_version": "1.4.0", + "schema_version": "1.5.0", "command": "container-instances", "generated_at": "", "tenant_id": "11111111-1111-1111-1111-111111111111", diff --git a/tests/golden/cross-tenant.json b/tests/golden/cross-tenant.json index eb41c46..6ae8177 100644 --- a/tests/golden/cross-tenant.json +++ b/tests/golden/cross-tenant.json @@ -71,7 +71,7 @@ "command": "cross-tenant", "devops_organization": null, "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/databases.json b/tests/golden/databases.json index 9b3a7e6..af9b976 100644 --- a/tests/golden/databases.json +++ b/tests/golden/databases.json @@ -118,7 +118,7 @@ "metadata": { "command": "databases", "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/devops.json b/tests/golden/devops.json index eb718b8..ad4dc92 100644 --- a/tests/golden/devops.json +++ b/tests/golden/devops.json @@ -1,6 +1,6 @@ { "metadata": { - "schema_version": "1.4.0", + "schema_version": "1.5.0", "command": "devops", "generated_at": "", "tenant_id": "11111111-1111-1111-1111-111111111111", diff --git a/tests/golden/dns.json b/tests/golden/dns.json index 49458e1..9c1dc4a 100644 --- a/tests/golden/dns.json +++ b/tests/golden/dns.json @@ -2,7 +2,7 @@ "metadata": { "command": "dns", "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "tenant_id": "11111111-1111-1111-1111-111111111111", "subscription_id": "22222222-2222-2222-2222-222222222222", "token_source": null diff --git a/tests/golden/endpoints.json b/tests/golden/endpoints.json index 7b55cee..b2f15ba 100644 --- a/tests/golden/endpoints.json +++ b/tests/golden/endpoints.json @@ -108,7 +108,7 @@ "command": "endpoints", "devops_organization": null, "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/env-vars.json b/tests/golden/env-vars.json index 528c796..cd4c718 100644 --- a/tests/golden/env-vars.json +++ b/tests/golden/env-vars.json @@ -110,7 +110,7 @@ "command": "env-vars", "devops_organization": null, "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/functions.json b/tests/golden/functions.json index 0f24751..2625d6b 100644 --- a/tests/golden/functions.json +++ b/tests/golden/functions.json @@ -40,7 +40,7 @@ "metadata": { "command": "functions", "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/inventory.json b/tests/golden/inventory.json index b37025a..e9db89b 100644 --- a/tests/golden/inventory.json +++ b/tests/golden/inventory.json @@ -4,7 +4,7 @@ "command": "inventory", "devops_organization": null, "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/keyvault.json b/tests/golden/keyvault.json index 5f3b1f4..0c238fd 100644 --- a/tests/golden/keyvault.json +++ b/tests/golden/keyvault.json @@ -108,7 +108,7 @@ "command": "keyvault", "devops_organization": null, "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/lighthouse.json b/tests/golden/lighthouse.json index d5723aa..3e3853a 100644 --- a/tests/golden/lighthouse.json +++ b/tests/golden/lighthouse.json @@ -124,7 +124,7 @@ "command": "lighthouse", "devops_organization": null, "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/managed-identities.json b/tests/golden/managed-identities.json index b3db80f..7d851f0 100644 --- a/tests/golden/managed-identities.json +++ b/tests/golden/managed-identities.json @@ -1,6 +1,6 @@ { "metadata": { - "schema_version": "1.4.0", + "schema_version": "1.5.0", "command": "managed-identities", "generated_at": "2026-04-12T04:41:01.427084Z", "tenant_id": "11111111-1111-1111-1111-111111111111", diff --git a/tests/golden/network-effective.json b/tests/golden/network-effective.json index 8348675..7d95ddc 100644 --- a/tests/golden/network-effective.json +++ b/tests/golden/network-effective.json @@ -50,7 +50,7 @@ "command": "network-effective", "devops_organization": null, "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/network-ports.json b/tests/golden/network-ports.json index c56eb7a..5ea45a3 100644 --- a/tests/golden/network-ports.json +++ b/tests/golden/network-ports.json @@ -4,7 +4,7 @@ "metadata": { "command": "network-ports", "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/nics.json b/tests/golden/nics.json index 01127f2..1567997 100644 --- a/tests/golden/nics.json +++ b/tests/golden/nics.json @@ -4,7 +4,7 @@ "metadata": { "command": "nics", "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/permissions.json b/tests/golden/permissions.json index 5d4e386..570bc1d 100644 --- a/tests/golden/permissions.json +++ b/tests/golden/permissions.json @@ -1,6 +1,6 @@ { "metadata": { - "schema_version": "1.4.0", + "schema_version": "1.5.0", "command": "permissions", "generated_at": "2026-04-13T04:16:02.407341Z", "tenant_id": "11111111-1111-1111-1111-111111111111", diff --git a/tests/golden/principals.json b/tests/golden/principals.json index 779d20b..916db3b 100644 --- a/tests/golden/principals.json +++ b/tests/golden/principals.json @@ -5,7 +5,7 @@ "command": "principals", "devops_organization": null, "generated_at": "2026-04-12T18:56:06.240867Z", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/privesc.json b/tests/golden/privesc.json index 60f28ac..ba4be34 100644 --- a/tests/golden/privesc.json +++ b/tests/golden/privesc.json @@ -5,7 +5,7 @@ "command": "privesc", "devops_organization": null, "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/rbac.json b/tests/golden/rbac.json index cdaf161..c5f5036 100644 --- a/tests/golden/rbac.json +++ b/tests/golden/rbac.json @@ -4,7 +4,7 @@ "command": "rbac", "devops_organization": null, "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/resource-trusts.json b/tests/golden/resource-trusts.json index a328d55..4f86718 100644 --- a/tests/golden/resource-trusts.json +++ b/tests/golden/resource-trusts.json @@ -51,7 +51,7 @@ "command": "resource-trusts", "devops_organization": null, "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/role-trusts.json b/tests/golden/role-trusts.json index 202e797..c65cc8a 100644 --- a/tests/golden/role-trusts.json +++ b/tests/golden/role-trusts.json @@ -1,6 +1,6 @@ { "metadata": { - "schema_version": "1.4.0", + "schema_version": "1.5.0", "command": "role-trusts", "generated_at": "2026-04-13T04:32:36.867098Z", "tenant_id": "11111111-1111-1111-1111-111111111111", diff --git a/tests/golden/snapshots-disks.json b/tests/golden/snapshots-disks.json index 868f2cd..968c5fd 100644 --- a/tests/golden/snapshots-disks.json +++ b/tests/golden/snapshots-disks.json @@ -1,6 +1,6 @@ { "metadata": { - "schema_version": "1.4.0", + "schema_version": "1.5.0", "command": "snapshots-disks", "generated_at": "", "tenant_id": "11111111-1111-1111-1111-111111111111", diff --git a/tests/golden/storage.json b/tests/golden/storage.json index ea017e5..0bed4db 100644 --- a/tests/golden/storage.json +++ b/tests/golden/storage.json @@ -24,7 +24,7 @@ "command": "storage", "devops_organization": null, "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/tokens-credentials.json b/tests/golden/tokens-credentials.json index dd806f2..9c67fde 100644 --- a/tests/golden/tokens-credentials.json +++ b/tests/golden/tokens-credentials.json @@ -168,7 +168,7 @@ "command": "tokens-credentials", "devops_organization": null, "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/vms.json b/tests/golden/vms.json index 52016fc..ce83831 100644 --- a/tests/golden/vms.json +++ b/tests/golden/vms.json @@ -16,7 +16,7 @@ "command": "vms", "devops_organization": null, "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/vmss.json b/tests/golden/vmss.json index f341518..2a61dbe 100644 --- a/tests/golden/vmss.json +++ b/tests/golden/vmss.json @@ -5,7 +5,7 @@ "command": "vmss", "devops_organization": null, "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/golden/whoami.json b/tests/golden/whoami.json index 2ae98fa..c7de18e 100644 --- a/tests/golden/whoami.json +++ b/tests/golden/whoami.json @@ -12,7 +12,7 @@ "command": "whoami", "devops_organization": null, "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": "fixture" diff --git a/tests/golden/workloads.json b/tests/golden/workloads.json index a9cae7d..2992311 100644 --- a/tests/golden/workloads.json +++ b/tests/golden/workloads.json @@ -6,7 +6,7 @@ "command": "workloads", "devops_organization": null, "generated_at": "", - "schema_version": "1.4.0", + "schema_version": "1.5.0", "subscription_id": "22222222-2222-2222-2222-222222222222", "tenant_id": "11111111-1111-1111-1111-111111111111", "token_source": null diff --git a/tests/test_models.py b/tests/test_models.py index 0823e13..9517bea 100644 --- a/tests/test_models.py +++ b/tests/test_models.py @@ -29,7 +29,7 @@ def test_schema_version() -> None: - assert SCHEMA_VERSION == "1.4.0" + assert SCHEMA_VERSION == "1.5.0" def test_collection_issue_scope_defaults_from_context_collector() -> None: