v3.5.0 - Fix CI bugs, dev refactoring, and issue fixes

[DefinetlyNotAI]

Pull Request Template

Prerequisites

• I have searched for duplicate or closed issues.
• I have read the contributing guidelines.
• I have followed the instructions in the wiki about contributions.
• I have updated the documentation accordingly, if required.
• I have tested my code with the --dev flag, if required.

PR Type

• Bug fix
• Deprecation Change
• New feature
• Refactoring
• Documentation
  update
• ⚠️ Breaking change ⚠️

Description

This update changes the CI configuration to run jobs on Windows instead of Ubuntu. It includes running the --dev flag to update config.ini with new update info and testing Logicytics in default mode. The security documentation (security.md) has been updated, and a bug fix was applied to dump_memory.py to resolve a binary mode encoding error. Dev questions were refactored, and unimplemented flags were removed. File management and flag handling were refactored, along with an update to requirements for the sentence-transformers package. The README and installation instructions for the VulnScan feature have been updated. VulnScan tools and the v3 module were moved to a separate repository, retaining only the model and vectorizer in this repo. Lastly, issue labels and the CodeClimate badge were updated for better clarity.

Motivation and Context

Switching CI jobs to Windows ensures better compatibility and aligns with target deployment environments. Refactoring and bug fixes improve code stability and maintainability. Moving VulnScan tools to a dedicated repo simplifies this project and clarifies separation of concerns. Updated documentation and requirements make setup easier for users and contributors, enhancing overall project quality and usability.

Credit

N/A

Issues Fixed

#228

Summary by CodeRabbit

• Bug Fixes

  • Corrected file handling in memory dump to ensure proper binary writing.
  • Updated prompts in developer tools for clearer user interaction.
  • Fixed return behavior in file management methods for consistency.
  • Adjusted error variable naming in packet sniffer for clarity.

• New Features

  • Updated security policy to add support for version 3.5.x.

• Refactor

  • Changed directory names for model and vectorizer files to lowercase for consistency.
  • Updated configuration and workflow files to reflect new naming conventions and environments.

• Chores

  • Removed deprecated or unused GitHub Actions workflows and configuration files.
  • Streamlined and updated dependencies in requirements.txt, removing unused packages and adjusting versions.
  • Removed planned but unimplemented command-line flags.

• Documentation

  • Updated README with improved PyTorch installation guidance and maintainability badge.
  • Removed obsolete VulnScan documentation and plans related to deprecated features.

[coderabbitai]

Walkthrough

This update removes the VulnScan training, data generation, and visualization tools, along with related documentation and dependencies. Several workflow files are switched to Windows runners, and the CodeQL workflow is deleted. Minor code tweaks adjust prompts, fix file handling, and update config paths and labels. Dependency and documentation files are streamlined to reflect these changes.

Changes

Files/Group	Change Summary
.github/workflows/codeql.yml	CodeQL workflow file deleted.
.github/workflows/dependency-review.yml, .github/workflows/greetings.yml, .github/workflows/scorecard.yml, .github/workflows/stale.yml	Workflow runners switched from Ubuntu to Windows.
.github/config.yml	Label for insufficient info changed from "progress:Invalid" to "issue/Invalid".
CODE/VulnScan/tools/_study_network.py, CODE/VulnScan/tools/_test_gpu_acceleration.py, CODE/VulnScan/tools/_vectorizer.py, CODE/VulnScan/v3/_generate_data.py, CODE/VulnScan/v3/_train.py	VulnScan tool scripts and training pipeline deleted.
CODE/VulnScan/README.md	VulnScan documentation deleted.
CODE/_dev.py	Removed "[-] " prefix from prompt strings in checklist and file operation prompts.
CODE/config.ini	Version bumped to 3.5.0; VulnScan paths updated to lowercase.
CODE/dump_memory.py	Fixed binary file open by removing invalid encoding argument.
CODE/logicytics/FileManagement.py	Explicitly return None at end of two static methods for consistent return behavior.
CODE/logicytics/Flag.py	Removed --webhook and --restore flags; updated type hints and minor import cleanup.
CODE/Logicytics.py	Deleted two commented-out lines referencing planned webhook sub-action.
CODE/packet_sniffer.py	Exception variable in logging changed from e to err.
CODE/vulnscan.py	VulnScan model/vectorizer paths updated to lowercase; import order changed.
.idea/csv-editor.xml	New IDE config for CSV separator on a backup log file.
PLANS.md	Removed two v3.5.0 tasks: missing flags and VulnScan migration.
README.md	PyTorch install instructions replaced with a link to official guide; badge updated.
SECURITY.md	Added 3.5.x as supported; updated version statuses and column header.
requirements.txt	Dependencies reorganized; VulnScan-related packages removed; some versions updated/downgraded.

Sequence Diagram(s)

No sequence diagram generated as changes are mostly removals, config tweaks, and minor code adjustments without new or altered control flow.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~35 minutes

Possibly related PRs

• DefinetlyNotAI/Logicytics#182: Both PRs modify prompt strings in _perform_checks() and _handle_file_operations() in CODE/_dev.py, making their changes related.

Suggested labels

progress/Duplicate

Suggested reviewers

• ski-sketch

Poem

Out with the old, VulnScan’s packed away,
Workflows now on Windows, ready for a new day.
Prompts are cleaner, code is tight,
Dependencies trimmed, everything’s light.
3.5 is here, the docs now gleam—
Progress in code, just like a dream! 🚀

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ab3ccfc and 2c75113.

📒 Files selected for processing (1)

• .github/workflows/dependency-review.yml (0 hunks)

💤 Files with no reviewable changes (1)

• .github/workflows/dependency-review.yml

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fixes-and-features

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

This pull request upgrades Logicytics to version 3.5.0, focusing on CI infrastructure improvements, code refactoring, and bug fixes. The update transitions CI workflows from Ubuntu to Windows and includes significant repository reorganization by moving VulnScan tools to a separate repository.

• CI workflow migration from Ubuntu to Windows for better compatibility
• Code refactoring in dev tools, flag handling, and file management
• Bug fixes including binary mode encoding error and removed unimplemented features

Reviewed Changes

Copilot reviewed 23 out of 25 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
SECURITY.md	Updated supported versions table with v3.5.x and deprecation of older versions
README.md	Updated installation instructions and changed CodeClimate badge to Qlty badge
PLANS.md	Removed completed tasks from project roadmap
CODE/vulnscan.py	Fixed import order and updated VulnScan model path reference
CODE/packet_sniffer.py	Renamed exception variable for consistency
CODE/logicytics/Flag.py	Removed unimplemented flags, refactored type hints, and cleaned up imports
CODE/logicytics/FileManagement.py	Added missing return statements to methods
CODE/dump_memory.py	Fixed binary file opening by removing conflicting encoding parameter
CODE/config.ini	Updated version to 3.5.0 and file paths for VulnScan components
CODE/_dev.py	Simplified dev question prompts by removing prefixes
.github/workflows/*	Migrated all CI workflows from ubuntu-latest to windows-latest
.github/config.yml	Updated issue label format
Multiple VulnScan files	Removed VulnScan training and tool files as part of repository separation

Files not reviewed (1)

• .idea/csv-editor.xml: Language not supported

[qltysh]

3 new issues

Tool	Category	Rule	Count
markdownlint	Style	Line length	2
markdownlint	Style	Link text should be descriptive	1

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (3)

SECURITY.md (1)

7-16: Release-date duplicates look suspicious

Both 3.4.x and 3.3.x share the exact “January 3 2025” major-release date.
If that isn’t intentional, tweak the date so the support table doesn’t confuse readers (or bots that parse it).

README.md (1)

40-46: Tiny wording + spelling tweak for the PyTorch note

1. “Nvidea” → “Nvidia”
2. The bullet about installer settings reads a bit like a CLI command; rephrase for clarity.

- If you have a supported GPU, it is recommended to install the Nvidea GPU version of PyTorch for better performance.
+ If you’ve got an Nvidia GPU, grab the CUDA-enabled build of PyTorch for a nice speed boost.

- Settings should be: `Stable -> Windows -> Pip -> Python` and if you have a supported CUDA version, select that too
- else CPU.
+ On the PyTorch site pick: **Stable ▸ Windows ▸ Pip ▸ Python**.  
+ Choose your matching CUDA toolkit (or “CPU-only” if you’re GPU-less).

.github/config.yml (1)

18-18: Update any docs that still reference progress:Invalid

The bot now adds issue/Invalid; hunt for leftover mentions (workflow filters, docs, labels) to avoid confusion.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ce6649d and ab3ccfc.

📒 Files selected for processing (25)

• .github/config.yml (1 hunks)
• .github/workflows/codeql.yml (0 hunks)
• .github/workflows/dependency-review.yml (1 hunks)
• .github/workflows/greetings.yml (1 hunks)
• .github/workflows/scorecard.yml (1 hunks)
• .github/workflows/stale.yml (1 hunks)
• .idea/csv-editor.xml (1 hunks)
• CODE/Logicytics.py (0 hunks)
• CODE/VulnScan/README.md (0 hunks)
• CODE/VulnScan/tools/_study_network.py (0 hunks)
• CODE/VulnScan/tools/_test_gpu_acceleration.py (0 hunks)
• CODE/VulnScan/tools/_vectorizer.py (0 hunks)
• CODE/VulnScan/v3/_generate_data.py (0 hunks)
• CODE/VulnScan/v3/_train.py (0 hunks)
• CODE/_dev.py (2 hunks)
• CODE/config.ini (1 hunks)
• CODE/dump_memory.py (1 hunks)
• CODE/logicytics/FileManagement.py (2 hunks)
• CODE/logicytics/Flag.py (2 hunks)
• CODE/packet_sniffer.py (1 hunks)
• CODE/vulnscan.py (2 hunks)
• PLANS.md (0 hunks)
• README.md (2 hunks)
• SECURITY.md (1 hunks)
• requirements.txt (1 hunks)

💤 Files with no reviewable changes (9)

• CODE/Logicytics.py
• PLANS.md
• .github/workflows/codeql.yml
• CODE/VulnScan/tools/_test_gpu_acceleration.py
• CODE/VulnScan/v3/_generate_data.py
• CODE/VulnScan/README.md
• CODE/VulnScan/tools/_vectorizer.py
• CODE/VulnScan/v3/_train.py
• CODE/VulnScan/tools/_study_network.py

🧰 Additional context used

🧠 Learnings (5)

📓 Common learnings

Learnt from: DefinetlyNotAI
PR: DefinetlyNotAI/Logicytics#158
File: CODE/VulnScan/v3/_generate_data.py:177-197
Timestamp: 2024-12-11T10:05:34.954Z
Learning: The `_generate_data.py` function in `CODE/VulnScan/v3/_generate_data.py` will be deprecated due to memory issues and won't be fixed in the current PR.

Learnt from: DefinetlyNotAI
PR: DefinetlyNotAI/Logicytics#158
File: CODE/VulnScan/v3/_generate_data.py:0-0
Timestamp: 2024-12-11T10:30:48.699Z
Learning: In `CODE/VulnScan/v3/_generate_data.py`, the deprecation due to memory issues will occur only when the type is `Model SenseMacro`, and it won't be fixed in the current PR.

Learnt from: DefinetlyNotAI
PR: DefinetlyNotAI/Logicytics#158
File: CODE/VulnScan/v2-deprecated/_generate_data.py:106-109
Timestamp: 2024-12-11T09:55:36.823Z
Learning: The script `CODE/VulnScan/v2-deprecated/_generate_data.py` is designed to generate files and should not delete the generated files after generation.

Learnt from: DefinetlyNotAI
PR: DefinetlyNotAI/Logicytics#158
File: CODE/VulnScan/v3/_train.py:393-394
Timestamp: 2024-12-11T10:44:02.233Z
Learning: In `CODE/VulnScan/v3/_train.py`, path existence checks are performed in the `validate_data()` function.

Learnt from: DefinetlyNotAI
PR: DefinetlyNotAI/Logicytics#225
File: CODE/logicytics/Flag.py:583-592
Timestamp: 2025-05-31T12:42:30.615Z
Learning: In the Logicytics codebase, DefinetlyNotAI prefers using exit() over sys.exit() and doesn't want suggestions to change this pattern.

Learnt from: DefinetlyNotAI
PR: DefinetlyNotAI/Logicytics#225
File: CODE/logicytics/Flag.py:583-592
Timestamp: 2025-05-31T12:42:30.615Z
Learning: In the Logicytics codebase, DefinetlyNotAI prefers to allow lines longer than 100 characters when they make sense contextually, rather than enforcing strict line length limits.

CODE/config.ini (2)

Learnt from: DefinetlyNotAI
PR: #158
File: CODE/VulnScan/v3/_generate_data.py:172-175
Timestamp: 2024-12-11T10:52:39.417Z
Learning: In CODE/VulnScan/v3/_generate_data.py, the config section 'VulnScan.generate Settings' always exists, and any installation issues are handled elsewhere. No need to add error handling for missing config sections in this file.

Learnt from: ski-sketch
PR: #160
File: CODE/bluetooth_details.py:5-6
Timestamp: 2024-12-12T08:36:07.659Z
Learning: In the Logicytics project, the logger must be initialized under if __name__ == "__main__": in bluetooth_details.py, and should not be moved into functions or accept parameters.

CODE/dump_memory.py (5)

Learnt from: DefinetlyNotAI
PR: #158
File: CODE/dump_memory.py:183-203
Timestamp: 2024-12-11T10:53:07.774Z
Learning: In dump_memory.py, when writing to Ram_Dump.txt, the data is saved in HEX format. Adding an encoding parameter can corrupt the file. Leave out the encoding when opening Ram_Dump.txt.

Learnt from: DefinetlyNotAI
PR: #158
File: CODE/dump_memory.py:161-177
Timestamp: 2024-12-11T10:53:59.261Z
Learning: In dump_memory.py, the SystemRam_Info.txt file is saved with the proper encoding by default, so specifying encoding="utf-8" is not necessary.

Learnt from: DefinetlyNotAI
PR: #158
File: CODE/dump_memory.py:93-152
Timestamp: 2024-12-11T10:46:20.128Z
Learning: Avoid refactoring the process handle in read_memory() function in CODE/dump_memory.py as it may break the code.

Learnt from: DefinetlyNotAI
PR: #158
File: CODE/dump_memory.py:87-91
Timestamp: 2024-12-11T10:45:11.595Z
Learning: In CODE/dump_memory.py, for functions like get_system_info(), prefer to handle exceptions and logging manually, rather than adding additional error handling as suggested.

Learnt from: DefinetlyNotAI
PR: #158
File: CODE/dump_memory.py:93-152
Timestamp: 2024-12-11T09:54:12.940Z
Learning: In the 'Logicytics' project, scripts like dump_memory.py are not supposed to consider legality concerns during code reviews.

README.md (2)

Learnt from: DefinetlyNotAI
PR: #158
File: CODE/vulnscan.py:48-48
Timestamp: 2024-12-11T10:49:03.037Z
Learning: In CODE/vulnscan.py, when using PyTorch 2.5.1, it's appropriate to include the weights_only=False parameter in torch.load() to prevent deprecation warnings during the False to True migration.

Learnt from: DefinetlyNotAI
PR: #225
File: CODE/logicytics/Flag.py:583-592
Timestamp: 2025-05-31T12:42:30.615Z
Learning: In the Logicytics codebase, DefinetlyNotAI prefers to allow lines longer than 100 characters when they make sense contextually, rather than enforcing strict line length limits.

CODE/vulnscan.py (8)

Learnt from: DefinetlyNotAI
PR: #158
File: CODE/VulnScan/v3/_train.py:393-394
Timestamp: 2024-12-11T10:44:02.233Z
Learning: In CODE/VulnScan/v3/_train.py, path existence checks are performed in the validate_data() function.

Learnt from: DefinetlyNotAI
PR: #158
File: CODE/VulnScan/v3/_generate_data.py:45-69
Timestamp: 2024-12-11T10:01:14.449Z
Learning: In CODE/VulnScan/v3/_generate_data.py, the script is not supposed to handle security concerns.

Learnt from: DefinetlyNotAI
PR: #158
File: CODE/VulnScan/v3/_generate_data.py:177-197
Timestamp: 2024-12-11T10:05:34.954Z
Learning: The _generate_data.py function in CODE/VulnScan/v3/_generate_data.py will be deprecated due to memory issues and won't be fixed in the current PR.

Learnt from: DefinetlyNotAI
PR: #158
File: CODE/VulnScan/v3/_generate_data.py:0-0
Timestamp: 2024-12-11T10:30:48.699Z
Learning: In CODE/VulnScan/v3/_generate_data.py, the deprecation due to memory issues will occur only when the type is Model SenseMacro, and it won't be fixed in the current PR.

Learnt from: DefinetlyNotAI
PR: #158
File: CODE/VulnScan/v2-deprecated/_generate_data.py:12-20
Timestamp: 2024-12-11T09:55:02.216Z
Learning: In CODE/VulnScan/v2-deprecated/_generate_data.py, the create_sensitive_file function doesn't need to include warnings about legality or sensitive data in the docstring.

Learnt from: DefinetlyNotAI
PR: #158
File: CODE/VulnScan/v3/_generate_data.py:172-175
Timestamp: 2024-12-11T10:52:39.417Z
Learning: In CODE/VulnScan/v3/_generate_data.py, the config section 'VulnScan.generate Settings' always exists, and any installation issues are handled elsewhere. No need to add error handling for missing config sections in this file.

Learnt from: DefinetlyNotAI
PR: #158
File: CODE/VulnScan/v3/_generate_data.py:45-69
Timestamp: 2024-12-11T10:01:31.708Z
Learning: In CODE/VulnScan/v3/_generate_data.py, it's intentional to generate realistic sensitive data, and security considerations for data generation aren't a concern.

Learnt from: DefinetlyNotAI
PR: #158
File: CODE/VulnScan/v2-deprecated/_generate_data.py:106-109
Timestamp: 2024-12-11T09:55:36.823Z
Learning: The script CODE/VulnScan/v2-deprecated/_generate_data.py is designed to generate files and should not delete the generated files after generation.

🧬 Code Graph Analysis (1)

CODE/packet_sniffer.py (1)

CODE/logicytics/Logger.py (1)

• warning (253-261)

🪛 GitHub Actions: Automatic Dependency Submission (Python)

requirements.txt

[error] 1-1: Python dependency resolution failed: No matching distribution found for pywin32 required by wmi. This caused pip-compile --dry-run to fail with exit code 1.

🔇 Additional comments (15)

CODE/dump_memory.py (1)

101-101: Perfect fix for the binary mode issue!

You nailed it by removing the encoding parameter when opening the file in binary mode. In Python, you can't mix binary mode ("wb") with text encoding - it's like trying to put ketchup on ice cream, it just doesn't work! The file now properly handles the raw binary data without any encoding conflicts.

CODE/logicytics/FileManagement.py (2)

33-33: Good practice - explicit return statement!

Adding the explicit return None makes your code way clearer! Even though Python would return None anyway, being explicit about it helps anyone reading the code understand exactly what's happening. This matches perfectly with your type hint that says the method can return either a string or None.

---

149-149: Consistency win - explicit return statement!

Just like the other method, adding return None here makes your code super consistent and clear. When someone reads this, they immediately know that if no errors happen, the method returns None. It's like being upfront about what your code does instead of leaving people guessing!

CODE/packet_sniffer.py (2)

70-71: Good variable naming improvement!

Changing e to err makes the code way more readable. It's immediately clear what the variable represents when someone's debugging.

---

115-116: Consistent naming across the file - nice work!

You've applied the same err variable naming in both exception handlers. This kind of consistency makes the codebase much easier to follow.

.idea/csv-editor.xml (1)

1-16: Standard IDE config file looks good!

This is just setting up how your IDE handles CSV files - pretty standard stuff. Having it in version control means everyone on the team gets the same CSV editing experience, which is actually pretty helpful.

CODE/_dev.py (2)

102-106: Much friendlier prompts now!

Dropping the "[-] " prefix makes these questions feel way less intimidating. Instead of feeling like you're getting scolded, it's more like a helpful checklist. Good call on the UX improvement!

---

142-142: Consistent prompt styling throughout!

You've kept the same friendly tone here too. When someone's reviewing their file changes, a neutral question feels way better than something that looks like a warning.

CODE/logicytics/Flag.py (3)

213-221: Way better type hints!

Making the return type explicit as dict instead of leaving it unclear is super helpful. Anyone reading this code (or using an IDE) immediately knows what they're getting back.

---

235-235: Nice type consistency!

Having save_history take a dict parameter that matches what load_history returns makes total sense. Good job keeping the types aligned!

---

547-550: Good cleanup of unimplemented stuff!

Removing those placeholder flags that weren't actually implemented yet keeps the code cleaner. No point having dead code hanging around confusing people.

CODE/config.ini (1)

29-30: Double-check the file list for typos before shipping

The files entry now points to
vulnscan\Model SenseMini .3n3.pth / Vectorizer .3n3.pkl (note the extra space right before the extension).
A stray space changes the actual filename on disk, so lookups like Path("vulnscan/Model SenseMini .3n3.pth") will 404 in real life.

Consider trimming those spaces, or at least quoting the exact filenames in the repo so Windows doesn’t silently “fix” the path for you.

.github/workflows/stale.yml (1)

18-18: Looks fine – action is Node-only

actions/stale is JavaScript-based and works on any runner, so the Windows switch shouldn’t hurt.

.github/workflows/greetings.yml (1)

10-10: Windows runner OK here

actions/first-interaction is also Node-only; the change is safe.

.github/workflows/dependency-review.yml (1)

17-17: Double-check execution time

The dependency-review action runs fine on Windows, but Windows runners are noticeably slower and scarcer in the free tier. Make sure the longer queue time is acceptable.