chore: Configure Renovate

[renovate]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 Renovate will begin keeping your dependencies up-to-date only once you merge or close this Pull Request.

📚 See our Reading List for relevant documentation you may be interested in reading.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

Detected Package Files

• .github/workflows/build-tests.yml (github-actions)
• .github/workflows/conventional-label.yml (github-actions)
• .github/workflows/coverage.yml (github-actions)
• .github/workflows/license_check.yml (github-actions)
• .github/workflows/lint.yml (github-actions)
• .github/workflows/opm-check.yml (github-actions)
• .github/workflows/pip_audit.yml (github-actions)
• .github/workflows/publish_stable.yml (github-actions)
• .github/workflows/release-preview.yml (github-actions)
• .github/workflows/release_workflow.yml (github-actions)
• .github/workflows/repo-health.yml (github-actions)
• pyproject.toml (poetry)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Hopefully safe environment variables to allow users to configure.
• Show all Merge Confidence badges for pull requests.
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Show only the Age and Confidence Merge Confidence badges for pull requests.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.
• Ensure that every dependency pinned by digest and sourced from Forgejo contains a link to the commit-to-commit diff
• Ensure that every dependency pinned by digest and sourced from Gitea contains a link to the commit-to-commit diff
• Ensure that every dependency pinned by digest and sourced from GitHub.com and Github enterprise contains a link to the commit-to-commit diff
• Ensure that every dependency pinned by digest and sourced from GitLab.com contains a link to the commit-to-commit diff
• Correctly link to the source code for golang.org/x packages
• Link to pkg.go.dev/... for golang.org/x packages' title
• Provide a link to octochangelog's improved breakdown for Renovate's changelogs

---

What to Expect

It looks like your repository dependencies are already up-to-date and no Pull Requests will be necessary right away.

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

The bots have finished their work. Take a look! 🤖

I've aggregated the results of the automated checks for this PR below.

🔍 Lint

I've performed a routine sweep of your changes. 🧹

❌ ruff: issues found — see job log

📊 Coverage

Exploring the coverage frontier of your PR. 🚀

✅ 94.3% total coverage

Full report: download the coverage-report artifact.

🔌 Plugin Detection

Let's see if this plugin can be found by the plugin manager! 🔌

ℹ️ Not an OVOS plugin — OPM check skipped.

🏷️ Release Preview

I've checked the 'Documentation Updates' link. 📖

Current: 0.1.0 → Next: 0.1.1a1

Signal	Value
Label	(none)
PR title	chore: Configure Renovate
Bump	alpha

✅ PR title follows conventional commit format.

---

🚀 Release Channel Compatibility

Predicted next version: 0.1.1a1

Channel	Status	Note	Current Constraint
Stable	⚪	Not in channel	-
Testing	⚪	Not in channel	-
Alpha	✅	Compatible	ovos-agentic-loop>=0.1.0

📋 Repo Health

I've checked the repo's flexibility (aka refactorability). 🧘‍♂️

⚠️ Some required files are missing.

Latest Version: 0.1.0

✅ ovos_agentic_loop/version.py — Version file
✅ README.md — README
❌ LICENSE — License file
✅ pyproject.toml — pyproject.toml
⚠️ setup.py — setup.py
⚠️ CHANGELOG.md — Changelog
✅ ovos_agentic_loop/version.py has valid version block markers

🔒 Security (pip-audit)

Security report: No threats detected in the area. ✅

✅ No known vulnerabilities found (64 packages scanned).

⚖️ License Check

Checking the pedigree of your dependencies. 🐕

✅ No license violations found (45 packages).

License distribution: 11× MIT License, 9× MIT, 6× Apache-2.0, 5× Apache Software License, 2× BSD-3-Clause, 2× ISC License (ISCL), 2× PSF-2.0, 2× Python Software Foundation License, +6 more

Full breakdown — 45 packages

Package	Version	License	URL
annotated-types	0.7.0	MIT License	link
audioop-lts	0.2.2	PSF-2.0	link
build	1.4.3	MIT	link
certifi	2026.2.25	Mozilla Public License 2.0 (MPL 2.0)	link
charset-normalizer	3.4.7	MIT	link
click	8.3.2	BSD-3-Clause	link
combo_lock	0.3.1	Apache-2.0	link
filelock	3.28.0	MIT	link
idna	3.11	BSD-3-Clause	link
importlib_metadata	9.0.0	Apache-2.0	link
json-database	0.10.1	MIT	link
kthread	0.2.3	MIT License	link
langcodes	3.5.1	MIT License	link
markdown-it-py	4.0.0	MIT License	link
mdurl	0.1.2	MIT License	link
memory-tempfile	2.2.3	MIT License	link
ovos-agentic-loop	0.1.0	Apache-2.0	link
ovos-config	2.1.1	Apache-2.0	link
ovos-plugin-manager	2.4.0a1	Apache-2.0	link
ovos-utils	0.8.5	Apache-2.0	link
ovos_bus_client	1.5.0	Apache Software License	link
packaging	26.1	Apache-2.0 OR BSD-2-Clause	link
pexpect	4.9.0	ISC License (ISCL)	link
ptyprocess	0.7.0	ISC License (ISCL)	link
pydantic	2.13.1	MIT	link
pydantic_core	2.46.1	MIT	link
pyee	12.1.1	MIT License	link
Pygments	2.20.0	BSD-2-Clause	link
pyproject_hooks	1.2.0	MIT License	link
python-dateutil	2.9.0.post0	Apache Software License; BSD License	link
PyYAML	6.0.3	MIT License	link
quebra-frases	0.3.7	Apache Software License	link
regex	2026.4.4	Apache-2.0 AND CNRI-Python	link
requests	2.33.1	Apache Software License	link
rich	13.9.4	MIT License	link
rich-click	1.9.7	MIT License

Copyright (c) 2022 Phil Ewels

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
| link |
| six | 1.17.0 | MIT License | link |
| standard-aifc | 3.13.0 | Python Software Foundation License | link |
| standard-chunk | 3.13.0 | Python Software Foundation License | link |
| typing-inspection | 0.4.2 | MIT | link |
| typing_extensions | 4.15.0 | PSF-2.0 | link |
| urllib3 | 2.6.3 | MIT | link |
| watchdog | 6.0.0 | Apache Software License | link |
| websocket-client | 1.9.0 | Apache Software License | link |
| zipp | 3.23.1 | MIT | link |

Policy: Apache 2.0 (universal donor). StrongCopyleft / NetworkCopyleft / WeakCopyleft / Other / Error categories fail. MPL allowed.

🔨 Build Tests

The build engine is firing on all cylinders. 🏎️

✅ All versions pass

Python	Build	Install	Tests
3.10	✅	✅	✅
3.11	✅	✅	✅
3.12	✅	✅	✅
3.13	✅	✅	✅
3.14	✅	✅	✅

---

Standard Automated Signature v2.0 🏷️

[JarbasAl]

The opm_check failure is a known bug in gh-automations check_opm.py: plugin types with a dot in the group name (agents.chat, agents.toolbox, agents.memory) are not in PLUGIN_TYPE_FINDERS, causing not enough values to unpack. All other checks (build, coverage, license, lint) pass. Fix is in gh-automations, not this repo.