aignostics
diff --git a/‎.github/CODEOWNERS‎
Lines changed: 5 additions & 0 deletions b/‎.github/CODEOWNERS‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.github/workflows/_install_dev_tools.bash‎
Lines changed: 6 additions & 1 deletion b/‎.github/workflows/_install_dev_tools.bash‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎.github/workflows/_install_dev_tools_project.bash‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/_install_dev_tools_project.bash‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/_package-publish.yml‎
Lines changed: 15 additions & 3 deletions b/‎.github/workflows/_package-publish.yml‎
Lines changed: 15 additions & 3 deletions
diff --git a/‎.github/workflows/_scheduled-test-daily.yml‎
Lines changed: 24 additions & 19 deletions b/‎.github/workflows/_scheduled-test-daily.yml‎
Lines changed: 24 additions & 19 deletions
diff --git a/‎.github/workflows/_scheduled-test-hourly.yml‎
Lines changed: 16 additions & 9 deletions b/‎.github/workflows/_scheduled-test-hourly.yml‎
Lines changed: 16 additions & 9 deletions
diff --git a/‎.github/workflows/ci-cd.yml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/ci-cd.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/claude-code-automation-operational-excellence-weekly.yml‎
Lines changed: 11 additions & 2 deletions b/‎.github/workflows/claude-code-automation-operational-excellence-weekly.yml‎
Lines changed: 11 additions & 2 deletions
diff --git a/‎.github/workflows/scheduled-audit-hourly.yml‎
Lines changed: 7 additions & 0 deletions b/‎.github/workflows/scheduled-audit-hourly.yml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎.github/workflows/scheduled-testing-production-daily.yml‎
Lines changed: 2 additions & 1 deletion b/‎.github/workflows/scheduled-testing-production-daily.yml‎
Lines changed: 2 additions & 1 deletion
@@ -0,0 +1,5 @@
+# aignostics code owners
+
+* @helmut-hoffer-von-ankershoffen
+
+# Reference: <https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners>
@@ -13,11 +13,16 @@ log "Starting installation of development tools..."
 # Disable man-db updates to speed up package installation
 sudo rm /var/lib/man-db/auto-update
 
+# Install APT packages
 wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
 echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
 sudo apt-get update
-sudo apt-get install --no-install-recommends -y curl gnupg2 imagemagick jq trivy xsltproc
+sudo apt-get install --no-install-recommends -y curl gnupg2 jq trivy xsltproc
 
+# Install further tools not project specific
+curl -sL https://sentry.io/get-cli/ | SENTRY_CLI_VERSION="2.57.0" sh
+
+# Install project specific tools
 .github/workflows/_install_dev_tools_project.bash
 
 log "Completed installation of development tools."
@@ -12,6 +12,6 @@ log "Starting installation of development tools specific to Aignostics Python SD
 
 # Add your project specific installation commands below
 # sudo apt-get install --no-install-recommends -y YOUR_PACKAGE
-sudo apt-get install --no-install-recommends -y p7zip-rar
+sudo apt-get install --no-install-recommends -y p7zip-rar imagemagick
 
 log "Completed installation of development tools specific to Aignostics Python SDK."
@@ -9,11 +9,13 @@ on:
         type: string
     secrets:
       UV_PUBLISH_TOKEN:
-        required: false
+        required: true
       SLACK_WEBHOOK_URL_RELEASE_ANNOUNCEMENT:
-        required: false
+        required: true
       SLACK_CHANNEL_ID_RELEASE_ANNOUNCEMENT:
-        required: false
+        required: true
+      SENTRY_AUTH_TOKEN:
+        required: true
 
 env:
   # https://gist.github.com/NodeJSmith/e7e37f2d3f162456869f015f842bcf15
@@ -220,6 +222,16 @@ jobs:
           gh release create ${{ github.ref_name }} ./dist/* ./dist_native_zipped/* ./audit-results/*   \
             --notes-file ${{ steps.git-cliff.outputs.changelog }}
             
+      - name: Inform Sentry about release
+        uses: getsentry/action-release@4f502acc1df792390abe36f2dcb03612ef144818 # v3.3.0
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_ORG: ${{ vars.SENTRY_ORG }}
+          SENTRY_PROJECT: ${{ vars.SENTRY_PROJECT }}
+        with:
+          environment: production
+          release: ${{ github.ref_name }}
+
       - name: Release Announcement
         uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
         with:
 
@@ -10,25 +10,27 @@ on:
         type: string
     secrets:
       AIGNOSTICS_CLIENT_ID_DEVICE_STAGING:
-        required: false
+        required: true
       AIGNOSTICS_REFRESH_TOKEN_STAGING:
-        required: false
+        required: true
       GCP_CREDENTIALS_STAGING:
-        required: false
+        required: true
       BETTERSTACK_HEARTBEAT_URL_FLOWS_STAGING:
-        required: false
+        required: true
       AIGNOSTICS_CLIENT_ID_DEVICE_PRODUCTION:
-        required: false
+        required: true
       AIGNOSTICS_REFRESH_TOKEN_PRODUCTION:
-        required: false
+        required: true
       GCP_CREDENTIALS_PRODUCTION:
-        required: false
+        required: true
       BETTERSTACK_HEARTBEAT_URL_FLOWS_PRODUCTION:
-        required: false
+        required: true
       CODECOV_TOKEN:
-        required: false
+        required: true
       SONAR_TOKEN:
-        required: false
+        required: true
+      SENTRY_DSN:
+        required: true
 
 env:
   # https://gist.github.com/NodeJSmith/e7e37f2d3f162456869f015f842bcf15
@@ -37,7 +39,7 @@ env:
 
 jobs:
 
-  test:
+  test-scheduled-daily:
     runs-on: "ubuntu-latest"
     permissions:
       attestations: write
@@ -59,7 +61,6 @@ jobs:
           cache-dependency-glob: uv.lock
 
       - name: Install dev tools
-        if: ${{ matrix.runner == 'ubuntu-latest' || matrix.runner == 'ubuntu-24.04-arm' }}
         shell: bash
         run: .github/workflows/_install_dev_tools.bash
 
@@ -177,7 +178,7 @@ jobs:
         uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         if: ${{ always() && (env.GITHUB_WORKFLOW_RUNTIME != 'ACT') }}
         with:
-          name: test-results-${{ matrix.runner }}
+          name: test-results-ubuntu-latest
           path: |
             reports/mypy_junit.xml
             reports/junit_*.xml
@@ -245,11 +246,15 @@ jobs:
         if: always()
         env:
           BETTERSTACK_HEARTBEAT_URL: "${{ inputs.platform_environment == 'staging' && secrets.BETTERSTACK_HEARTBEAT_URL_FLOWS_STAGING || secrets.BETTERSTACK_HEARTBEAT_URL_FLOWS_PRODUCTION }}"
+          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
         shell: bash
         run: |
           EXIT_CODE=${{ steps.test-status.outputs.exit_code }}
           FAILED_TESTS="${{ steps.test-status.outputs.failed_tests }}"
           
+          # Send heartbeat to Sentry, defining the schedule on the fly
+          SENTRY_EXIT_CODE=$(sentry-cli monitors run -e CI --schedule "0 12 * * *" --check-in-margin 30 --max-runtime 1 scheduled-testing-${{ inputs.platform_environment }}-hourly --timezone "Europe/Berlin" -- sh -c "exit $EXIT_CODE")
+
           # Provide heartbeat to BetterStack for monitoring/alerting if heartbeat url is configured as secret
           if [ -n "$BETTERSTACK_HEARTBEAT_URL" ]; then
             BETTERSTACK_METADATA_PAYLOAD=$(jq -n \
@@ -293,9 +298,9 @@ jobs:
                   smoke: $smoke_status,
                   unit: $unit_status,
                   integration: $integration_status,
-                  e2e: $e2e_status,
-                  e2e_long_running: $e2e_long_status,
-                  e2e_very_long_running: $e2e_very_long_status
+                  e2e_regular: $e2e_regular_status,
+                  e2e_long_runnin: $e2e_long_running_status,
+                  e2e_very_long_running: $e2e_very_long_running_status
                 },
                 timestamp: $timestamp,
               }'
@@ -314,19 +319,19 @@ jobs:
 
       - name: Upload coverage reports to Codecov
         uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        if: ${{ !cancelled() && (env.GITHUB_WORKFLOW_RUNTIME != 'ACT') && matrix.runner == 'ubuntu-latest' }}
+        if: ${{ !cancelled() && (env.GITHUB_WORKFLOW_RUNTIME != 'ACT')}}
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           slug: aignostics/python-sdk
 
       - name: Upload test results to Codecov
-        if: ${{ !cancelled() && (env.GITHUB_WORKFLOW_RUNTIME != 'ACT') && matrix.runner == 'ubuntu-latest' }}
+        if: ${{ !cancelled() && (env.GITHUB_WORKFLOW_RUNTIME != 'ACT') }}
         uses: codecov/test-results-action@47f89e9acb64b76debcd5ea40642d25a4adced9f # v1.1.1
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
 
       - name: SonarQube Scan
-        if: ${{ !cancelled() && (env.GITHUB_WORKFLOW_RUNTIME != 'ACT') && matrix.runner == 'ubuntu-latest' }}
+        if: ${{ !cancelled() && (env.GITHUB_WORKFLOW_RUNTIME != 'ACT') }}
         uses: SonarSource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -15,29 +15,31 @@ on:
         type: string
     secrets:
       AIGNOSTICS_CLIENT_ID_DEVICE_STAGING:
-        required: false
+        required: true
       AIGNOSTICS_REFRESH_TOKEN_STAGING:
-        required: false
+        required: true
       GCP_CREDENTIALS_STAGING:
-        required: false
+        required: true
       BETTERSTACK_HEARTBEAT_URL_STAGING:
-        required: false
+        required: true
       AIGNOSTICS_CLIENT_ID_DEVICE_PRODUCTION:
-        required: false
+        required: true
       AIGNOSTICS_REFRESH_TOKEN_PRODUCTION:
-        required: false
+        required: true
       GCP_CREDENTIALS_PRODUCTION:
-        required: false
+        required: true
       BETTERSTACK_HEARTBEAT_URL_PRODUCTION:
-        required: false
+        required: true
+      SENTRY_DSN:
+        required: true
 
 env:
   # https://gist.github.com/NodeJSmith/e7e37f2d3f162456869f015f842bcf15
   PYTHONIOENCODING: "utf8"
   AIGNOSTICS_PLATFORM_ENVIRONMENT: ${{ inputs.platform_environment }}
 
 jobs:
-  test-scheduled:
+  test-scheduled-hourly:
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -84,6 +86,7 @@ jobs:
       - name: Test / scheduled
         env:
           BETTERSTACK_HEARTBEAT_URL: "${{ inputs.platform_environment == 'staging' && secrets.BETTERSTACK_HEARTBEAT_URL_STAGING || secrets.BETTERSTACK_HEARTBEAT_URL_PRODUCTION }}"
+          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
         shell: bash
         run: |
           set +e
@@ -110,6 +113,10 @@ jobs:
             echo "# No test coverage computed." >> $GITHUB_STEP_SUMMARY
             echo "" >> $GITHUB_STEP_SUMMARY
           fi
+
+          # Send heartbeat to Sentry, defining the schedule on the fly
+          SENTRY_EXIT_CODE=$(sentry-cli monitors run -e CI --schedule "0 * * * *" --check-in-margin 30 --max-runtime 1 scheduled-testing-${{ inputs.platform_environment }}-hourly --timezone "Europe/Berlin" -- sh -c "exit $EXIT_CODE")
+
           # Provide heartbeat to BetterStack for monitoring/alerting if heartbeat url is configured as secret
           if [ -n "$BETTERSTACK_HEARTBEAT_URL" ]; then
             BETTERSTACK_METADATA_PAYLOAD=$(jq -n \
 
@@ -156,6 +156,7 @@ jobs:
       UV_PUBLISH_TOKEN: ${{ secrets.UV_PUBLISH_TOKEN }}
       SLACK_WEBHOOK_URL_RELEASE_ANNOUNCEMENT: ${{ secrets.SLACK_WEBHOOK_URL_RELEASE_ANNOUNCEMENT }}
       SLACK_CHANNEL_ID_RELEASE_ANNOUNCEMENT: ${{ secrets.SLACK_CHANNEL_ID_RELEASE_ANNOUNCEMENT }}
+      SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
 
   docker_publish:
     needs: [get-commit-message, ketryx_report_and_check]
 
@@ -22,7 +22,7 @@ jobs:
       platform_environment: ${{ inputs.platform_environment || 'staging' }}
       mode: 'automation'
       track_progress: ${{ github.event_name != 'workflow_dispatch' && true || false }}
-      allowed_tools: 'Read,Write,Edit,Glob,Grep,LS,Bash(git:*),Bash(gh:*)'
+      allowed_tools: 'Read,Write,Edit,Glob,Grep,LS,,WebFetch,WebSearch,Bash(git:*),Bash(gh:*)'
       prompt: |
         # 🎯 AI-POWERED OPERATIONAL EXCELLENCE AUDIT
 
@@ -35,9 +35,18 @@ jobs:
         tools (Ruff, MyPy, PyRight, Codecov, SonarQube, etc.) cannot assess.
 
         Read and apply standards from:
-        - **CODE_STYLE.md** - Coding standards for humans and AI
+        - **CODE_STYLE.md** - Coding standards for humans and AI assistants
         - **CONTRIBUTING.md** - Development workflow
         - **OPERATIONAL_EXCELLENCE.md** - Toolchain overview
+        - **Best practices** - Research independently, using web search and loading web pages as needed
+
+        Be critical, do never just rubber-stamp. 
+        - Getting 5 stars must be challenging; look for subtle issues.
+        - Insist to raise the bar; aim for excellence in every aspect.
+        - Provide clear examples to illustrate your points; don't just state opinions.
+        - Apply radical candor in your feedback; care personally while challenging directly.
+        - Prioritize findings by impact on customer experience, maintainability, and security
+        - Ultrathink to find patterns and learnings; don't settle for surface-level observations.
 
         ## Audit Areas
 
 
@@ -3,6 +3,13 @@ name: "+ Scheduled Audit (Hourly)"
 on:
   schedule:
     - cron: '0 * * * *'
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Branch to test (leave empty for main)'
+        required: false
+        type: string
+        default: ''
 
 jobs:
   audit-scheduled:
 
@@ -13,7 +13,7 @@ on:
 
 jobs:
 
-  test:
+  scheduled-testing-production-daily:
     uses: ./.github/workflows/_scheduled-test-daily.yml
     with:
       platform_environment: "production"
@@ -33,3 +33,4 @@ jobs:
       BETTERSTACK_HEARTBEAT_URL_FLOWS_PRODUCTION: ${{ secrets.BETTERSTACK_HEARTBEAT_URL_FLOWS_PRODUCTION }}
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      SENTRY_DSN: ${{ secrets.SENTRY_DSN }} # For heartbeat only