chore: add CI workflow, CHANGELOG, SECURITY.md, CI badge

Test User · claude · Test User · commit 57aea416a5a4 · 2026-04-09T21:39:22.000-07:00
- CI: pytest on push/PR across Python 3.11-3.13
- CHANGELOG.md: v1.0 through v1.3.1 from git history
- SECURITY.md: supported versions, vulnerability reporting, SSRF
- README: add CI workflow badge
- GitHub topics: mcp-server, search-api, search-broker, web-search, etc.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,29 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.11", "3.12", "3.13"]
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+
+      - name: Run tests
+        run: python -m pytest tests/ -v --tb=short
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,100 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.3.1] - 2026-04-09
+
+### Added
+- DuckDuckGo search provider — zero-config free search, no API key, unlimited
+- `ddgs` package as core dependency
+
+### Fixed
+- Duplicate SearXNG entry in RESEARCH mode preferences causing double-dispatch
+
+### Changed
+- Documentation rewritten with free-first positioning and two deployment tiers
+- Hardware requirements table (Raspberry Pi, Mac Mini, laptop, cloud VM)
+- All credit claims corrected to standard signup amounts (not promo deals)
+
+## [1.3.0] - 2026-04-08
+
+### Added
+- 3 new search providers: Linkup, Parallel AI, You.com
+- 2 new extractors: You.com Contents API, Crawl4AI (local JS rendering)
+- Tier-based credit routing: Tier 0 (free) → Tier 1 (monthly) → Tier 3 (one-time)
+- Budget enforcement with per-provider query-count tracking on 30-day rolling window
+- `argus mcp init` command for MCP client configuration
+
+### Changed
+- Provider routing now sorts by credit tier first, mode preference second
+- Override provider lists are also tier-sorted
+- DuckDuckGo added to all 4 search mode preference lists
+
+## [1.2.1] - 2026-03-28
+
+### Changed
+- Renamed PyPI package from `argus` to `argus-search`
+- Updated install commands across all documentation
+
+### Fixed
+- MCP server sync with mcp 1.26.0 API changes
+
+## [1.2.0] - 2026-03-25
+
+### Added
+- Content extraction with quality gates — trafilatura, Playwright, Jina, Wayback, archive.is
+- `argus extract` CLI command for URL content extraction
+- `argus cookies import/health` commands for authenticated extraction
+- Cookie-based authenticated extraction for paywall domains
+- Quality gate system between extraction steps (paywall detection, soft 404s, minimum quality)
+- Docker multi-stage build with GHCR auto-publish on push/tag
+
+### Changed
+- Extract response now includes `quality_passed`, `quality_reason`, `extractors_tried`
+
+### Fixed
+- MCP server version kwarg removal and async fixes
+- Docker builder stage source copy
+
+## [1.1.0] - 2026-03-20
+
+### Added
+- Single retry for unhandled provider exceptions
+- Documented and configurable cost estimates
+
+### Changed
+- Lazy extractor initialization (no SQLite trigger at import time)
+- Deduplicated `_extract_domain` across providers
+- UTC-aware timestamps throughout
+
+### Removed
+- Docker files (replaced with direct install approach)
+
+## [1.0.0] - 2026-03-15
+
+### Added
+- 7 search providers: SearXNG, Brave, Serper, Tavily, Exa, You.com, SearchAPI
+- Tier-based routing policies (RECOVERY, DISCOVERY, GROUNDING, RESEARCH modes)
+- Reciprocal Rank Fusion (RRF) result ranking
+- URL deduplication with normalization (www, trailing slash, tracking params, case)
+- In-memory search cache with configurable TTL
+- Health tracker with failure threshold and cooldown
+- Budget tracker with 30-day rolling window
+- Multi-turn sessions with TTL, max turns, and context limits
+- Authenticated extraction for paywall domains via Playwright
+- HTTP API (FastAPI) with OpenAPI docs
+- CLI (Click) with search, health, budgets, extract commands
+- MCP server for LLM integration
+- PostgreSQL persistence layer
+- PyPI publishing pipeline
+
+## [1.0] - 2026-03-12
+
+### Added
+- Session TTL, max turns, max context chars, and delete endpoint
+- Runtime provider disable/enable/reset-health admin endpoints
+- Provenance fields on SearchResult model
+- Degraded-state test suite (14 tests)
diff --git a/README.md b/README.md
@@ -3,6 +3,7 @@
 [![Python 3.11+](https://img.shields.io/badge/python-3.11%2B-brightgreen)](https://www.python.org/downloads/)
 [![License: MIT](https://img.shields.io/badge/license-MIT-green)](LICENSE)
 [![PyPI](https://img.shields.io/pypi/v/argus-search)](https://pypi.org/project/argus-search/)
+[![CI](https://github.com/Khamel83/argus/actions/workflows/ci.yml/badge.svg)](https://github.com/Khamel83/argus/actions/workflows/ci.yml)
 [![MCP Server](https://img.shields.io/badge/MCP-server-purple)](https://modelcontextprotocol.io/)
 
 Search companies give you free web searches — 5,000+ per month across 10 providers, plus two unlimited with no API key at all. Argus puts them all in one place and routes every query to the right one at the right time.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,26 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest release is actively maintained. Check [PyPI](https://pypi.org/project/argus-search/) for the current version.
+
+## Reporting a Vulnerability
+
+If you find a security vulnerability, please open a [GitHub issue](https://github.com/Khamel83/argus/issues/new?template=bug_report.md) with the `security` label.
+
+## What Argus Handles
+
+- **SSRF protection**: All URL extraction blocks private/internal IP ranges (10.x, 172.16-31.x, 192.168.x, 127.x, ::1)
+- **Domain rate limiting**: 10 requests/minute per domain to prevent abuse
+- **No user data storage**: Search queries and sessions are stored locally by the user — nothing is sent to Argus servers
+- **API keys**: Keys are read from environment variables only — never logged, transmitted, or stored outside the user's config
+
+## Dependencies
+
+Argus relies on `httpx` for outbound HTTP requests. Keep dependencies updated:
+
+```bash
+pip install --upgrade argus-search
+```
+
+Dependabot is enabled on this repository for automated dependency tracking.
