crowdsecurity · he2ss · Feb 24, 2026 · Apr 9, 2026 · Apr 9, 2026
diff --git a/.github/workflows/publish_sdk.yml b/.github/workflows/publish_sdk.yml
@@ -0,0 +1,97 @@
+name: "SDK publication"
+
+on:
+  workflow_call:
+    inputs:
+      domain:
+        type: string
+        description: "Domain to release"
+        required: true
+        default: "crowdsec-dev"
+      package:
+        type: string
+        description: "Package to release"
+        required: true
+        default: "crowdsec-tracker-api"
+      env:
+        type: string
+        description: "Environment to release"
+        required: true
+        default: "dev"
+    secrets:
+      AWS_PROD_ACCOUNT:
+        required: true
+      AWS_PROD_ROLE:
+        required: true
+      AWS_REGION:
+        required: true
+
+jobs:
+  generate-sdks:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    name: publish python sdk client
+    env:
+      AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials for package publication
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_PROD_ROLE }}
+          role-session-name: github-action-codeartifact
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: setup python
+        uses: actions/setup-python@v3
+        with:
+          python-version: 3.11
+
+      - name: Install dependencies
+        run: |
+          export CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain crowdsec-prod --domain-owner ${{ secrets.AWS_PROD_ACCOUNT }} --query authorizationToken --output text --region ${{ secrets.AWS_REGION }})
+          pip install wheel twine build toml
+
+      - name: Get package version
+        id: package-version
+        run: |
+          version=$(python -c "import toml; print(toml.load('pyproject.toml')['project']['version'])")
+          # replace - with . to match the package version
+          version=${version/-/.}
+          echo "version=$version" >> "$GITHUB_OUTPUT"
+          echo "Version : $version"
+
+      - name: Build Python Package
+        run: |
+          python -m build
+
+      - name: Configure AWS credentials for package publication
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_PROD_ROLE }}
+          role-session-name: github-action-codeartifact
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Delete old package
+        if: ${{ inputs.env }} == "dev"
+        run: |
+          package_name=${{ inputs.package }}
+          # normalize package name
+          package_name=${package_name/"_"/"-"}
+          echo "Deleting old package $package_name version ${{ steps.package-version.outputs.version }}"
+          aws codeartifact delete-package-versions --domain ${{ inputs.domain }} --domain-owner ${{ secrets.AWS_PROD_ACCOUNT }} \
+          --repository crowdsec --format pypi \
+          --package $package_name --versions ${{ steps.package-version.outputs.version }} --region ${{ secrets.AWS_REGION }} || true
+
+      - name: Publish python Package
+        run: |
+          package_name=${{ inputs.package }}
+          # normalize package name
+          package_name=${package_name/"_"/"-"}
+          echo "Publishing version ${{ steps.package-version.outputs.version }}"
+          aws codeartifact login --tool twine --domain ${{ inputs.domain }} --domain-owner ${{ secrets.AWS_PROD_ACCOUNT }} --region ${{ secrets.AWS_REGION }} --repository crowdsec &&
+          twine upload --repository codeartifact dist/*
diff --git a/.github/workflows/publish_sdk_dev.yml b/.github/workflows/publish_sdk_dev.yml
@@ -0,0 +1,57 @@
+name: "SDK publication (DEV)"
+
+on:
+  pull_request:
+    branches:
+      - dev
+    paths:
+      - "crowdsec_tracker_api/**"
+      - ".github/workflows/publish_sdk_dev.yml"
+      - ".github/workflows/publish_sdk.yml"
+      - "pyproject.toml"
+
+jobs:
+  test-package:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - name: setup python
+        uses: actions/setup-python@v3
+        with:
+          python-version: 3.11
+      - name: Install dependencies
+        run: |
+          pip install -e .
+      - name: Run basic import
+        run: |
+          python -c "import crowdsec_tracker_api"
+
+  publish-tracker-api-sdks-dev:
+    needs: test-package
+    uses: ./.github/workflows/publish_sdk.yml
+    with:
+      env: "dev"
+      domain: "crowdsec-prod"
+      package: "crowdsec-tracker-api"
+    secrets:
+      AWS_PROD_ROLE: ${{ secrets.AWS_CODEARTIFACT_PROD_ROLE }}
+      AWS_PROD_ACCOUNT: ${{ secrets.AWS_PROD_ACCOUNT }}
+      AWS_REGION: ${{ secrets.AWS_REGION }}
+
+  delete-pr-and-branch:
+    needs: publish-tracker-api-sdks-dev
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    env:
+      GH_TOKEN: ${{ github.token }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Delete branch and PR
+        run: |
+          gh pr merge ${{ github.event.number }} --squash --auto
diff --git a/.github/workflows/publish_sdk_prod.yml b/.github/workflows/publish_sdk_prod.yml
@@ -0,0 +1,80 @@
+name: "Merge PR, release & publish SDKs (PROD)"
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "crowdsec_tracker_api/**"
+      - ".github/workflows/publish_sdk_prod.yml"
+      - "pyproject.toml"
+
+jobs:
+  test-package:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - name: setup python
+        uses: actions/setup-python@v3
+        with:
+          python-version: 3.11
+      - name: Install dependencies
+        run: |
+          pip install -e .
+      - name: Run basic import
+        run: |
+          python -c "import crowdsec_tracker_api"
+
+  merge-to-main:
+    needs: test-package
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    env:
+      GH_TOKEN: ${{ github.token }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Merge PR to main
+        run: |
+          gh pr merge ${{ github.event.number }} --squash --auto
+
+  make-release:
+    needs: merge-to-main
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    env:
+      GH_TOKEN: ${{ github.token }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install toml
+      - name: get package version
+        id: package-version
+        run: |
+          echo "version=$(python -c "import toml; print(toml.load('pyproject.toml')['project']['version'])")" >> "$GITHUB_OUTPUT"
+      - name: Create release
+        uses: ncipollo/release-action@v1
+        with:
+          tag: ${{ steps.package-version.outputs.version }}
+          makeLatest: true
+
+  publish-tracker-api-sdks-prod:
+    needs: make-release
+    uses: ./.github/workflows/publish_sdk.yml
+    with:
+      env: "prod"
+      domain: "crowdsec-prod"
+      package: "crowdsec-tracker-api"
+    secrets:
+      AWS_PROD_ROLE: ${{ secrets.AWS_CODEARTIFACT_PROD_ROLE }}
+      AWS_PROD_ACCOUNT: ${{ secrets.AWS_PROD_ACCOUNT }}
+      AWS_REGION: ${{ secrets.AWS_REGION }}
diff --git a/crowdsec_tracker_api/__init__.py b/crowdsec_tracker_api/__init__.py
@@ -1,85 +1,103 @@
 from enum import Enum
 from .models import *
 from .base_model import Page
-from .services.integrations import Integrations
 from .services.cves import Cves
 from .services.vendors import Vendors
 from .services.products import Products
-from .services.tags import Tags
+from .services.tracker_tags import TrackerTags
 from .services.fingerprints import Fingerprints
+from .services.tracker_events import TrackerEvents
+from .services.integrations import Integrations
 from .http_client import ApiKeyAuth
 
 class Server(Enum):
     production_server = 'https://admin.api.crowdsec.net/v1'
 
 __all__ = [
-    'Integrations',
     'Cves',
     'Vendors',
     'Products',
-    'Tags',
+    'TrackerTags',
     'Fingerprints',
-    'ApiKeyCredentials',
-    'BasicAuthCredentials',
-    'BlocklistSubscription',
-    'CVESubscription',
-    'FingerprintSubscription',
-    'HTTPValidationError',
-    'IntegrationCreateRequest',
-    'IntegrationCreateResponse',
-    'IntegrationGetResponse',
-    'IntegrationGetResponsePage',
-    'IntegrationType',
-    'IntegrationUpdateRequest',
-    'IntegrationUpdateResponse',
-    'Links',
-    'OutputFormat',
-    'Stats',
-    'ValidationError',
+    'TrackerEvents',
+    'Integrations',
     'AdjustmentScore',
     'AffectedComponent',
     'AllowlistSubscription',
     'AttackDetail',
     'Behavior',
-    'CVEEvent',
+    'BlocklistSubscription',
+    'CVEEventOutput',
+    'CVEExploitationPhase',
     'CVEResponseBase',
     'CVEsubscription',
     'CWE',
     'Classification',
     'Classifications',
     'EntityType',
     'ExploitationPhase',
+    'ExploitationPhaseChangeEventItem',
+    'ExploitationPhaseChangeEventsResponsePage',
+    'FacetBucket',
+    'FingerprintEventOutput',
     'FingerprintRuleResponse',
     'FingerprintRuleSummary',
+    'FingerprintSubscription',
     'FingerprintTimelineItem',
     'GetCVEIPsResponsePage',
+    'GetCVEProtectRulesResponse',
     'GetCVEResponse',
     'GetCVESubscribedIntegrationsResponsePage',
-    'GetCVEsFilterBy',
     'GetCVEsResponsePage',
     'GetCVEsSortBy',
     'GetCVEsSortOrder',
     'GetFingerprintIPsResponsePage',
     'GetFingerprintRulesResponsePage',
     'GetFingerprintSubscribedIntegrationsResponsePage',
+    'GetVendorIPsResponsePage',
+    'GetVendorSubscribedIntegrationsResponsePage',
+    'HTTPValidationError',
     'History',
     'IPItem',
     'IntegrationResponse',
     'IntervalOptions',
+    'IpsDetailsStats',
+    'Links',
     'Location',
     'LookupImpactCVEItem',
     'LookupImpactFingerprintItem',
     'LookupImpactResponsePage',
-    'LookupListItem',
-    'LookupListResponsePage',
+    'LookupListItemWithStats',
+    'LookupListWithStatsResponsePage',
     'MitreTechnique',
+    'OutputFormat',
+    'ProtectRule',
+    'ProtectRuleTag',
     'Reference',
     'ScoreBreakdown',
     'Scores',
     'SinceOptions',
     'SubscribeCVEIntegrationRequest',
     'SubscribeFingerprintIntegrationRequest',
+    'SubscribeVendorIntegrationRequest',
+    'ThreatContext',
     'TimelineItem',
+    'TopProductItem',
+    'ValidationError',
+    'VendorSortBy',
+    'VendorStatsResponse',
+    'VendorSubscription',
+    'ApiKeyCredentials',
+    'BasicAuthCredentials',
+    'CVESubscription',
+    'IntegrationCreateRequest',
+    'IntegrationCreateResponse',
+    'IntegrationGetResponse',
+    'IntegrationGetResponsePage',
+    'IntegrationType',
+    'IntegrationUpdateRequest',
+    'IntegrationUpdateResponse',
+    'Stats',
     'ApiKeyAuth',
     'Server',
     'Page'

diff --git a/crowdsec_tracker_api/__pycache__/__init__.cpython-311.pyc b/crowdsec_tracker_api/__pycache__/__init__.cpython-311.pyc
diff --git a/crowdsec_tracker_api/__pycache__/base_model.cpython-311.pyc b/crowdsec_tracker_api/__pycache__/base_model.cpython-311.pyc
diff --git a/crowdsec_tracker_api/__pycache__/http_client.cpython-311.pyc b/crowdsec_tracker_api/__pycache__/http_client.cpython-311.pyc
diff --git a/crowdsec_tracker_api/__pycache__/models.cpython-311.pyc b/crowdsec_tracker_api/__pycache__/models.cpython-311.pyc