chore(deps): bump python from 3.11-slim to 3.14-slim in /infrastructure/docker#5
Closed
dependabot[bot] wants to merge 33 commits intomainfrom
Closed
Conversation
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
added 29 commits
February 21, 2026 16:17
…RM64, chaos tests, RPi quickstart
…catalogued, sim-to-real roadmap
…n) - auto factory in main.py based on BESSAI_MODE
- safety.py: watchdog_loop acepta DataProvider (no solo UniversalDriver) - simulator_driver.py: corregir union-attr None en .lower() - modbus_driver.py: agregar properties is_connected/source_description del protocolo DataProvider - mqtt_publisher.py: corregir str-bytes-safe en f-string (str(self._host)) - test_reconnect_chaos.py: ModbusDriver -> UniversalDriver + fixture async (pytest_asyncio) - test_modbus_driver.py: mockear connect() en tests de connection_error 378 tests / 378 passed en 14.81s
- README.md: arbol de archivos actualizado, tests 54->378/378, tiempo 30s->15s - CHANGELOG.md: entrada AGENT HANDOFF v1.7.1 con commit e0258f0 (CI fixes) - PROJECT_STATUS.md: v1.7.1, timestamp 22:34, historial v1.7.0 + v1.7.1 Suite de tests: 378/378 pasan en ~15s
README.md: - Flujo de datos: añadidos modbus/luna2000/simulator drivers, MQTT, AI-IDS, ONNX, dashboard - GitHub Actions CI/CD: corregido 10 jobs -> 9 jobs reales (lint/typecheck/test/security/terraform/helm/docker/trivy/push) PROJECT_STATUS.md: - Eliminado modulo mega_scraper (PERTENECE a bessai-cen-data, no a este repo) - Corregido GitHub Actions: 7 jobs -> 9 jobs con nombres reales - Agregados modulos faltantes: SimulatorDriver, DataProvider (base.py), otel_setup.py, pubsub_publisher.py - Versiones actualizadas a v1.7.1: safety.py, modbus_driver.py, simulator_driver.py, mqtt_publisher.py 378/378 tests confirmados en 13.88s
…plate, badges Nuevos archivos: - .github/workflows/scorecard.yml: OpenSSF Scorecard automatico en cada push a main * Publica score en Security tab de GitHub (supply chain security) * Badge https://api.scorecard.dev/... activo en README - CITATION.cff: citacion estandar para papers IEEE/ACM * GitHub genera boton 'Cite this repository' con BibTeX/APA automatico * Referencias a IEC 62443 y NTSyCS CEN Chile - .github/ISSUE_TEMPLATE/hardware_support.yml: template para nuevos dispositivos * Campos: fabricante, modelo, protocolo, registro Modbus, prioridad README.md: - Badges: +Codecov (coverage live) +OpenSSF Scorecard - Version header: v1.7.0 -> v1.7.1 - Contributing: referencia a CITATION.cff para citas academicas 378/378 tests pasan - CI verde
Nuevos archivos: - docs/tutorials/quickstart_5min.md: Deploy BESSAI en 5 min sin hardware * Usa simulador Modbus integrado + docker compose * 5 pasos claros: clone -> up -> health check -> Grafana -> stop * Seccion troubleshooting comun - docs/tutorials/integration_homeassistant.md: MQTT + Home Assistant * Arquitectura publisher -> Mosquitto -> HA * Configuracion sensores YAML, dashboard Lovelace, automatizacion SOC < 20% * Compatible: Mosquitto / HiveMQ / AWS IoT Core / Azure IoT Hub - .github/FUNDING.yml: boton Sponsor en GitHub mkdocs.yml: - Nueva seccion Tutorials en nav (Deploy 5min, HA, MQTT full) - Getting Started incluye: quickstart_5min, RPi 4/5 - Architecture incluye Sim-First Strategy Objetivo: reducir tiempo de onboarding de 30min a < 5min 378/378 tests - CI verde
infrastructure/k8s/ (nuevo directorio): - namespace.yaml: namespace 'bessai' aislado - configmap.yaml: config no-sensible (site_id, inversor IP, MQTT, OTEL) - secrets.yaml.template: PLANTILLA para credenciales GCP/MQTT * 3 metodos: kubectl create secret / Sealed Secrets / External Secrets - service.yaml: ClusterIP + anotaciones Prometheus auto-discovery - deployment.yaml: Deployment production-ready * Init container wait-for-inverter (evita crashloopbackoff) * SecurityContext hardened: non-root, drop ALL capabilities * Health/readiness probes contra /health * Recursos calibrados para RPi (100m CPU / 128Mi RAM) * Toleraciones para nodos edge * Rolling update zero-downtime - kustomization.yaml: kubectl apply -k infrastructure/k8s/ * Compatible con ArgoCD y Flux GitOps Compatible con: K3s (RPi 4/5), K8s 1.28+, EKS, GKE, AKS 378/378 tests - CI verde
…olicy, mutation testing docs/pitch_deck.md - pitch ejecutivo para inversores y StartUp Chile TAM Chile 3.2M / LatAm 24M USD. Open core + SaaS 299/mes + enterprise 2.5k/mes Funding request 150k seed docs/startup_chile_ssaf.md - formulario SSAF S16 completo (9 secciones) KPIs 10 clientes SaaS, 3k MRR, 500 stars. Plan uso 80k USD docs/compliance/iec62443_sl2_gap.md - gap analysis SL-1 hacia SL-2 12 controles por FR1/FR2/FR3/FR4/FR7. Plan 3 fases, cert 15k USD Desbloquea minas BHP/Codelco y parques solares +50MW docs/bounty_program.md - 7 bounties activos Tesla Powerwall 3 150usd / ABB REACT2 100usd / mTLS 200usd / OPC UA 300usd infrastructure/k8s/network-policy.yaml - NetworkPolicy IEC 62443 SL-2 UC-2 Ingress solo Prometheus desde monitoring namespace Egress DNS + Modbus 502 + MQTT 1883/8883 + GCP 443 + OTel 4317 .github/workflows/mutation-test.yml - mutation testing semanal mutmut en safety.py y config.py cada domingo. Reporte HTML + Step Summary infrastructure/k8s/kustomization.yaml - incluye network-policy en apply -k
# Template de commit para PowerShell (sin caracteres especiales問題) --- feat(openssf-gold): tutorial hardware real, Gold checklist, SLSA L2, Maintainer Security Policy docs/tutorials/connecting_real_hardware.md 7 pasos para conectar Huawei/SMA/Victron/Fronius a BESSAI Discovery IP con nmap, test pymodbus, seleccion perfil JSON Troubleshooting: registros 65535, slave ID, timeout docs/openssf_gold_checklist.md Criterios Silver/Gold con estado actual (checked/unchecked) Responsable: Antigravity vs Rodrigo para cada item Links directos a formulario bestpractices.dev/projects/12001 CONTRIBUTING.md Two-person integrity rule explicitada en PR Process Nueva seccion Maintainer Security Policy (OpenSSF Silver/Gold) 2FA obligatoria, GPG signing, no force-push a main Link a openssf_gold_checklist.md .github/workflows/release.yml Job slsa-provenance: SLSA Level 2 build provenance Usa slsa-framework/slsa-github-generator@v2.0.0 create-release ahora depende de slsa-provenance Cumple criterio OpenSSF Gold: signed provenance en releases
…egables semanas 1-3
Eje 2 — Formal Specifications: - docs/specs/BESSAI-SPEC-001.md — BESSDriver Interface (RFC 2119, IEC 61850) - docs/specs/BESSAI-SPEC-002.md — Safety Requirements (IEC 62619, IEC 62443) - docs/specs/BESSAI-SPEC-003.md — Telemetry Schema (JSON Schema 2020-12) - docs/adr/0007-json-schema-telemetry-specification.md - docs/adr/0008-bep-process-for-specification-changes.md Eje 5 — Open Governance: - docs/bep/BEP-0001.md — Meta-BEP process definition - GOVERNANCE.md — TSC (>=40% external) + BEP process - .github/DISCUSSION_TEMPLATE/bep_discussion.yml - .github/DISCUSSION_TEMPLATE/adopter_introduction.yml Eje 4 — Interoperability: - docs/interoperability/interop_test_suite.md - docs/interoperability/BESSAI-CERTIFIED.md - tests/interop/test_driver_contract.py - registry/TEMPLATE_interop_certification.json Eje 6 — Public Benchmarks: - docs/benchmarks/BENCHMARK-001/002/003-*.md - scripts/run_benchmarks.py - .github/workflows/benchmark.yml Eje 3 — Certification: - docs/compliance/iec_62443_sl2_certification_path.md - docs/compliance/ieee_2030_5_compliance.md - .github/workflows/compliance-report.yml Eje 1 — Adoption: - docs/adopters.md - docs/partnership_program.md - docs/lf_energy_proposal.md Modified: README.md, GOVERNANCE.md, mkdocs.yml, CHANGELOG.md, PROJECT_STATUS.md Tests: 378/378 passed
…t) + weekly-update improvements ci.yml: - Job 4: Interop Contract Tests (BESSAI-SPEC-001 Category A) Uses SimulatorDriver — no hardware needed JUnit XML artifact uploaded on every PR/push Runs after test job, parallel to security docs/bep/BEP-0100.md: - Standards Track BEP proposing IEEE 2030.5 SEP 2.0 adapter DERStatus/DERSettings/DERControl mapping defined 11-day implementation estimate Unlocks CA/AUS markets + DR revenue weekly-update.yml: - 3 new Discord embed fields: test suite count, P99 latency, BESSAI-SPEC version - Updated footer with compliance info (IEC 62443 SL-1) - BEPs link added to community links field mkdocs.yml: - BEP-0100 added to BEPs nav section
OpenSSF Silver/Gold foundations: - docs/security_guide_maintainer.md: guia completa de seguridad para maintainers - docs/release_process.md: proceso de release documentado step-by-step - .github/workflows/fuzzing.yml: fuzzing Atheris semanal (Modbus + MQTT parsers) - docs/openssf_gold_checklist.md: 12 items marcados completados (85% Gold cubierto) IEC 62443 SL-2 Phase 1 — Pre-Assessment Deliverables: - docs/architecture/network_diagram.md: zonas OT/DMZ/IT + conduits C1-C4 + SR 5.2 - docs/architecture/system_security_plan.md: SSP FR1-FR7 mapeados a implementacion - docs/compliance/psirt_process.md: proceso PSIRT formal (SR 2.12) - docs/compliance/patch_management_sla.md: SLA Critical 14d / High 30d / Medium 90d (SR 2.2) Updated: PROJECT_STATUS.md v1.9.0 + CHANGELOG.md entry Tests: 379 passed (sin regresion)
…SIEM Fix: 18 → 0 errores en interop test suite (BESSAI-SPEC-001 §5.1) - src/drivers/simulator_driver.py: 6 tags SPEC-001 normalizadas (SOC_%, P_kW, T_battery_C, V_dc_V, alarm_code, mode) - src/drivers/simulator_driver.py: KeyError para tags desconocidos (SPEC-001 §4.5) - src/drivers/simulator_driver.py: ValueError para valores inf/nan en write_tag (SPEC-001 §4.6) - tests/conftest.py: root conftest para --driver-class - pytest.ini: cambio [tool:pytest] → [pytest] para asyncio_mode=auto Feat: IEC 62443 GAP-001 CLOSED — TOTP MFA (SR 1.3) - src/interfaces/totp_auth.py: módulo TOTP con soft-dep pyotp - src/interfaces/dashboard_api.py: TOTP en _check_auth + /api/v1/auth/totp-info - tests/test_totp_auth.py: 17 tests TOTP - requirements.txt: pyotp>=2.9.0 Feat: IEC 62443 GAP-002 CLOSED — Loki SIEM log forwarding (SR 6.1, SR 6.2) - infrastructure/docker/otel-collector-config.yaml: exporter loki + pipeline logs - infrastructure/docker/docker-compose.yml: servicio bessai-loki (perfil monitoring) - infrastructure/loki/loki-config.yaml: Loki config edge (filesystem, 30d retención) Test: 410 passed, 4 skipped — suite completa sin failures ni errors
…R 3.1) Implement mutual TLS for Modbus TCP OT segment — all 3 IEC 62443 gaps now CLOSED. SL-2 readiness: ~65% → ~85% Component 1 — PKI / Certificates: - infrastructure/certs/gen_certs.sh: openssl script for CA + gateway client + stunnel proxy certs - .gitignore: exclude *.key, *.pem, *.srl from commits (private keys MUST NOT be committed) Component 2 — stunnel mTLS proxy: - infrastructure/docker/stunnel-ot.conf: stunnel client config (TLS 1.3, verify=2, ECDHE ciphers) - infrastructure/docker/docker-compose.yml: add bessai-stunnel service (profile: ot-security) Architecture: Gateway → TCP:502 (bess-net) → stunnel → TLS 1.3:8502 → Inversor BESS Component 3 — UniversalDriver TLS native support: - src/interfaces/ot_tls_config.py: OtTlsConfig.from_env() + build_ssl_context() Env vars: OT_MTLS_ENABLED, OT_CA_CERT_PATH, OT_CLIENT_CERT_PATH, OT_CLIENT_KEY_PATH - src/drivers/modbus_driver.py: optional tls_context/tls_ca_cert/tls_client_cert/tls_client_key params in UniversalDriver.__init__() — fully backwards compatible Tests: - tests/test_ot_tls_config.py: 9 passed, 1 skipped (openssl not in PATH on Windows CI) - Suite: 419 passed, 5 skipped — 0 failures, 0 errors (+9 vs v2.0.0) Documentation: - docs/compliance/iec_62443_sl2_certification_path.md: GAP-001/002/003 marked CLOSED, readiness ~85%
…% readiness) 4 formal documents required for SL-2 pre-assessment: NAD-001: docs/architecture/network_diagram.md - 3 security zones (Z1 IT / Z2 Edge / Z3 OT) per IEC 62443-3-2 - 5 conduits (C1-C5) with protocol, port, and security controls - Port exposure table: only 8080 and 3000 published externally - ASCII architecture diagram (IT → Edge → OT) SSP-001: docs/compliance/ssp_iec62443_sl2.md - Maps BESSAI v2.1.0 against all 7 IEC 62443-3-3 Foundational Requirements (FR 1-7) - SR-by-SR coverage table — all SL-2 SRs addressed - Residual risks documented (SR 7.1 partial — rate limiting planned v2.3) - Evidence index for auditors (code, tests, CI, certs) PMS-001: docs/compliance/patch_management_sla.md - Critical: ≤7 days fix + ≤24h deployment - High: ≤30 days fix + ≤72h deployment - Emergency ICS protocol for physical-harm CVEs - Tooling: Dependabot, Trivy, OSSF Scorecard, CISA ICS-CERT PSIRT: SECURITY.md (PSIRT section added) - 7-step coordinated disclosure process - 4h emergency SLA for physical-safety vulnerabilities - Coordinated disclosure with CISA ICS-CERT for CVSS >= 9.0 - Version support updated: 2.1.x active / 2.0.x security patches / 1.7.x critical only Cert path: docs/compliance/iec_62443_sl2_certification_path.md - All 7 gaps now CLOSED - SL-2 readiness: ~65% → ~85% → ~95% Next: engage pre-assessment body (TUV SUD / DNV) — Phase 1 Q1 2026
…ELOG/PROJECT_STATUS sync
…pinning scaffold (OpenSSF Gold)
…sistency Fixes: - pytest.ini: add missing slow + asyncio markers (--strict-markers compatibility) - pyproject.toml: version 1.4.0->2.4.0, add markers to [tool.pytest.ini_options] - .github/workflows/ci.yml: --cov-fail-under 70->80 (sync with pyproject fail_under=80) - infrastructure/docker/Dockerfile: OCI version label 0.1.0->2.4.0 All source Python, tests, and docs verified OK -- no functional changes needed.
Bumps python from 3.11-slim to 3.14-slim. --- updated-dependencies: - dependency-name: python dependency-version: 3.14-slim dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/docker/infrastructure/docker/python-3.14-slim
branch
from
c562974 to
412ae0f
Compare
bess-solutions
force-pushed
the
main
branch
2 times, most recently
from
39107f6 to
f502d34
Compare
bess-solutions
force-pushed
the
dependabot/docker/infrastructure/docker/python-3.14-slim
branch
from
412ae0f to
0514f43
Compare
Contributor
|
👋 This PR has been inactive for 30 days. Closing in 14 days unless updated. |
Contributor
|
🔒 Closed due to inactivity. Branch and commits are preserved — reopen anytime! |
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
bot
deleted the
dependabot/docker/infrastructure/docker/python-3.14-slim
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps python from 3.11-slim to 3.14-slim.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)