From ee1303ac9f2dfbd1492da95b5d3fe41e0f3dd9f2 Mon Sep 17 00:00:00 2001
From: Kess Plasmeier <kessplas@amazon.com>
Date: Thu, 14 May 2026 16:23:20 -0700
Subject: [PATCH 1/4] chore: update README

---
 README.md | 53 ++++++++++++++++++++++-------------------------------
 1 file changed, 22 insertions(+), 31 deletions(-)

diff --git a/README.md b/README.md
index edcfd4ff..3562c52e 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# Amazon S3 Encryption Client Python
+# Amazon S3 Encryption Client for Python
 
 This library provides an S3 client that supports client-side encryption.
 
@@ -6,7 +6,7 @@ This library provides an S3 client that supports client-side encryption.
 
 ### Prerequisites
 
-- Python 3.11 or higher
+- Python 3.10 or higher
 - [uv](https://github.com/astral-sh/uv) for package and project management
 
 ### Setup
@@ -19,7 +19,7 @@ make install
 
 ### Testing
 
-Run all tests:
+Run all tests (unit + integration + examples):
 
 ```bash
 make test
@@ -39,47 +39,38 @@ make test-integration
 
 ### Code Quality
 
-This project uses [Black](https://black.readthedocs.io/) for code formatting, [isort](https://pycqa.github.io/isort/) for import sorting, and [Flake8](https://flake8.pycqa.org/) for linting.
+This project uses [Ruff](https://docs.astral.sh/ruff/) for linting and formatting.
 
-Check code quality:
+Check formatting:
 
 ```bash
-make lint
+make format-check
 ```
 
-Format code with Black and isort:
+Run linter:
 
 ```bash
-make format
+make lint
 ```
 
-Clean up cache files:
+Format code and auto-fix lint issues:
 
 ```bash
-make clean
+make format
 ```
 
-#### Linting Standards
-
-The project is configured with Black, isort, and Flake8 to enforce consistent code style and quality. Currently, Flake8 is set to report issues but not fail the build, allowing for gradual adoption of linting standards.
+### Integration Test Resources
 
-Common Flake8 issues in the codebase include:
+Integration tests require AWS credentials and the following resources. The tests use environment variables to override CI defaults:
 
-- **Missing docstrings** (D100-D104): Add docstrings to modules, classes, and functions
-- **Docstring formatting** (D200, D212, D415): Follow Google docstring style
-- **Line length** (E501): Keep lines under 100 characters
-- **Unused imports** (F401): Remove unused imports
-- **Unused variables** (F841): Remove or use assigned variables
-- **Code complexity** (C901): Refactor complex functions
-
-When contributing to this project, please try to fix linting issues in the files you modify.
-
-### Pull Request Command
-While this project is in development,
-it is useful to use `gh pr` to create the pull-requests,
-so they can be associated with the GitHub project.
-
-```sh
-gh pr create -B staging -p "S3EC-Python" -f 
-```
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `CI_S3_BUCKET` | S3 bucket for read/write tests | `s3ec-python-github-test-bucket` |
+| `CI_AWS_REGION` | Primary AWS region | `us-west-2` |
+| `CI_KMS_KEY_ALIAS` | KMS key ARN or alias for encryption | `arn:aws:kms:us-west-2:370957321024:alias/S3EC-Python-Github-KMS-Key` |
+| `CI_MRK_KEY_ID_PRIMARY` | Multi-region key ARN (primary region) | `arn:aws:kms:us-west-2:370957321024:key/mrk-cea4cf67c6a046ba829f61f69db5c191` |
+| `CI_MRK_KEY_ID_REPLICA` | Multi-region key ARN (replica region) | `arn:aws:kms:us-east-1:370957321024:key/mrk-cea4cf67c6a046ba829f61f69db5c191` |
+| `CI_S3_STATIC_TEST_BUCKET` | Bucket with pre-existing test objects for instruction file tests | `s3ec-static-test-objects` |
+| `CI_KMS_KEY_STATIC_TESTS` | KMS key used for static test objects | `arn:aws:kms:us-west-2:370957321024:key/a3889cd9-99eb-4138-a93a-aea9d52ec2ef` |
 
+To run integration tests locally, configure AWS credentials with access to these resources (or your own equivalents) and set the environment variables accordingly.

From 70574f1188366327611e2db7ef290569d3605337 Mon Sep 17 00:00:00 2001
From: Kess Plasmeier <kessplas@amazon.com>
Date: Thu, 14 May 2026 16:31:48 -0700
Subject: [PATCH 2/4] update Support Policy

---
 SUPPORT_POLICY.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/SUPPORT_POLICY.rst b/SUPPORT_POLICY.rst
index 3eafd39b..5920fb8b 100644
--- a/SUPPORT_POLICY.rst
+++ b/SUPPORT_POLICY.rst
@@ -21,9 +21,9 @@ This table describes the current support status of each major version of the Ama
       - Current status
       - Next status
       - Next status date
-    * - 3.x
-      - Pre-Release
+    * - 4.x
       - Generally Available
       -
+      -
 
 .. _AWS SDKs and Tools Maintenance Policy: https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle

From e7702694cff9248fb23282cdda38a8d8b3e3459a Mon Sep 17 00:00:00 2001
From: Kess Plasmeier <kessplas@amazon.com>
Date: Thu, 14 May 2026 16:39:50 -0700
Subject: [PATCH 3/4] other misc fixes

---
 NOTICE                  | 1 +
 README.md               | 2 +-
 test/test_exceptions.py | 2 ++
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/NOTICE b/NOTICE
index 616fc588..3d299504 100644
--- a/NOTICE
+++ b/NOTICE
@@ -1 +1,2 @@
+Amazon S3 Encryption Client for Python
 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
diff --git a/README.md b/README.md
index 3562c52e..48af4d1f 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Amazon S3 Encryption Client for Python
 
-This library provides an S3 client that supports client-side encryption.
+This library provides an S3 client that supports client-side encryption. For more information and detailed instructions for how to use this library, refer to the [Amazon S3 Encryption Client Developer Guide](https://docs.aws.amazon.com/amazon-s3-encryption-client/latest/developerguide/python.html).
 
 ## Development
 
diff --git a/test/test_exceptions.py b/test/test_exceptions.py
index 4fe46bcc..84fec0d0 100644
--- a/test/test_exceptions.py
+++ b/test/test_exceptions.py
@@ -1,3 +1,5 @@
+# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
 import pytest
 from botocore.exceptions import BotoCoreError
 

From 1a0f764fd1ac1ce380aca80730f2c82406df5db3 Mon Sep 17 00:00:00 2001
From: Kess Plasmeier <kessplas@amazon.com>
Date: Fri, 15 May 2026 11:42:17 -0700
Subject: [PATCH 4/4] more info

---
 README.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/README.md b/README.md
index 48af4d1f..70866688 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,32 @@
 
 This library provides an S3 client that supports client-side encryption. For more information and detailed instructions for how to use this library, refer to the [Amazon S3 Encryption Client Developer Guide](https://docs.aws.amazon.com/amazon-s3-encryption-client/latest/developerguide/python.html).
 
+## Getting Started
+
+Requires Python 3.10 or greater. An AWS account is required; standard S3 and KMS charges apply.
+
+The S3 Encryption Client wraps a standard boto3 S3 client and uses a KMS keyring to manage data key encryption. Objects are encrypted before upload and decrypted after download transparently. By default, the client uses AES-GCM with key commitment for content encryption.
+
+```python
+import boto3
+from s3_encryption import S3EncryptionClient, S3EncryptionClientConfig
+from s3_encryption.materials.kms_keyring import KmsKeyring
+
+kms_client = boto3.client("kms", region_name="us-west-2")
+keyring = KmsKeyring(kms_client, "arn:aws:kms:us-west-2:123456789012:alias/my-key")
+
+s3_client = boto3.client("s3")
+config = S3EncryptionClientConfig(keyring=keyring)
+s3ec = S3EncryptionClient(s3_client, config)
+
+# Encrypt and upload
+s3ec.put_object(Bucket="my-bucket", Key="my-object", Body=b"secret data")
+
+# Download and decrypt
+response = s3ec.get_object(Bucket="my-bucket", Key="my-object")
+plaintext = response["Body"].read()
+```
+
 ## Development
 
 ### Prerequisites