From 01fdbeeeac75725412b2e10ea5eaa1dca7873147 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 27 Feb 2026 21:00:29 +0000
Subject: [PATCH 1/2] chore(deps): update astral-sh/setup-uv action to v7

---
 .github/workflows/release.yml      | 2 +-
 .github/workflows/version-bump.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 647b9d18..64db2276 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -54,7 +54,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
+        uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
       - name: Build
         run: uv build
       - name: Publish
diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml
index 63d1f8ad..025cbcdf 100644
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@@ -63,7 +63,7 @@ jobs:
           echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT
 
       - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
+        uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
 
       - name: Update version in pyproject.toml
         run: |

From d984a78e2d6b6725e2a0e7e7853c82095b79aab3 Mon Sep 17 00:00:00 2001
From: "Garen J. Torikian" <gjtorikian@users.noreply.github.com>
Date: Fri, 27 Feb 2026 16:05:11 -0500
Subject: [PATCH 2/2] unused

---
 .github/workflows/coana-analysis.yml  | 28 -----------
 .github/workflows/coana-guardrail.yml | 67 ---------------------------
 2 files changed, 95 deletions(-)
 delete mode 100644 .github/workflows/coana-analysis.yml
 delete mode 100644 .github/workflows/coana-guardrail.yml

diff --git a/.github/workflows/coana-analysis.yml b/.github/workflows/coana-analysis.yml
deleted file mode 100644
index cac82a7a..00000000
--- a/.github/workflows/coana-analysis.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-name: Coana Vulnerability Analysis
-
-on:
-  schedule:
-    - cron: "0 3 * * *" # every day at 3 AM
-  workflow_dispatch:
-    inputs:
-      tags:
-        description: "Manually run vulnerability analysis"
-      # Required by the return-dispatch action
-      distinct_id:
-
-jobs:
-  coana-vulnerability-analysis:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
-      - name: Run Coana CLI
-        id: coana-cli
-        uses: docker://coana/coana:latest
-        with:
-          args: |
-            coana run . \
-              --api-key ${{ secrets.COANA_API_KEY }} \
-              --repo-url https://github.com/${{github.repository}}
diff --git a/.github/workflows/coana-guardrail.yml b/.github/workflows/coana-guardrail.yml
deleted file mode 100644
index 4d32ef1f..00000000
--- a/.github/workflows/coana-guardrail.yml
+++ /dev/null
@@ -1,67 +0,0 @@
-name: Coana Guardrail
-
-on: pull_request
-
-jobs:
-  guardrail:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout the ${{github.base_ref}} branch
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          ref: ${{github.base_ref}} # checkout the base branch (usually master/main).
-
-      - name: Fetch the PR branch
-        run: |
-          git fetch ${{ github.event.pull_request.head.repo.clone_url }} ${{ github.head_ref }}:${{ github.head_ref }} --depth=1
-
-      - name: Get list of changed files relative to the main/master branch
-        id: changed-files
-        run: |
-          echo "all_changed_files=$(git diff --name-only ${{ github.base_ref }} ${{ github.head_ref }} | tr '\n' ' ')" >> $GITHUB_OUTPUT
-
-      - name: Use Node.js 24.x
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
-        with:
-          node-version: 24.x
-
-      - name: Run Coana on the ${{github.base_ref}} branch
-        run: |
-          npx @coana-tech/cli run . \
-            --guardrail-mode \
-            --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \
-            -o /tmp/main-branch \
-            --changed-files ${{ steps.changed-files.outputs.all_changed_files }} \
-            --lightweight-reachability \
-
-      # Reset file permissions.
-      # This is necessary because the Coana CLI may add
-      # new files with root ownership since it's using docker.
-      # These files will not be deleted by the clean step in checkout
-      # if the permissions are not reset.
-      - name: Reset file permissions
-        run: sudo chown -R $USER:$USER .
-
-      - name: Checkout the current branch
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          clean: true
-
-      - name: Run Coana on the current branch
-        run: |
-          npx @coana-tech/cli run . \
-            --guardrail-mode \
-            --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \
-            -o /tmp/current-branch \
-            --changed-files ${{ steps.changed-files.outputs.all_changed_files }} \
-            --lightweight-reachability \
-
-      - name: Run Report Comparison
-        run: |
-          npx @coana-tech/cli compare-reports \
-            --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \
-            /tmp/main-branch/coana-report.json \
-            /tmp/current-branch/coana-report.json
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}