release: rename PyPI distribution darnit -> darnit-core#260
Merged
mlieberman85 merged 2 commits intoMay 14, 2026
Merged
Conversation
The bare `darnit` name on PyPI conflicts with a similarly-named existing project. Renames the PyPI distribution to `darnit-core` to avoid the conflict before reserving names for v0.1.0. The change is deliberately scoped to ONLY the PyPI distribution name: - Python import name stays `darnit` (packages/darnit/src/darnit/ on disk, `import darnit.core.composition` in code) — unchanged - CLI command stays `darnit` — `[project.scripts]` entry point in packages/darnit/pyproject.toml maps `darnit` to `darnit.cli:main` - The four other public package names (`darnit-baseline`, `darnit-gittuf`, `darnit-mcp`) keep their slugs unchanged Files touched: - packages/darnit/pyproject.toml — name field - 6 dependent packages' pyproject.toml — dep on `darnit>=0.1.0` -> `darnit-core>=0.1.0` (baseline, gittuf, example, hello, plugins, testchecks) - pyproject.toml (root) — workspace mapping, dependency list, and the `attestation` extras dep. mypy `packages` and ruff `known-first-party` entries stay `darnit` because those refer to the IMPORT name, not the distribution name. - packaging/pypi/public-packages.txt — first line - scripts/generate_docs.py — `pip install darnit darnit-baseline` -> `pip install darnit-core darnit-baseline` - docs/generated/USAGE_GUIDE.md — auto-regenerated from the script - packages/darnit/src/darnit/cli.py — `importlib.metadata.version()` lookup updated to `darnit-core`. ALSO: wrapped the lookup in a new `_resolve_version()` helper that falls back to "dev" when metadata isn't on the import path (e.g., running from a source checkout with no editable install, or when a stale binary outside the workspace venv is invoked). This was a latent crash before — the pre-rename code only worked locally because of an unrelated stale install. - packages/darnit/src/darnit/core/verification.py — sigstore install hint message - tests/darnit/core/test_verification.py::test_verify_darnit_core — the test ironically named for the new package now verifies the new distribution name, with a docstring explaining the import vs distribution split. Verification: - ruff check: clean - full suite: 2122 passed / 6 skipped / 0 failed - validate_sync.py: PASS Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The initial rename commit missed four workflow files that hardcoded the old `darnit` PyPI distribution name. CI's Build job failed on kusari-oss#260 with `error: Package darnit not found in workspace`. Workflows updated: - ci.yml: `uv build --package darnit` -> `--package darnit-core` - publish.yml: same build step + the `publish-darnit` job is now `publish-darnit-core` (job name, step name, downstream `needs:`) - release.yml: the orchestrator's `publish-darnit` job renamed to `publish-darnit-core`, including the per-job `packages-dir` (`dist/darnit/` -> `dist/darnit-core/`), three downstream `needs:` references in publish-darnit-baseline / publish-darnit-gittuf / finalize, and the PYPI_DARNIT env-var sourcing for finalize's result aggregation. Updated the comment block explaining the publish sequencing to reference `darnit-core>=...` deps. The per-package build loop (line 222-228) already reads from packaging/pypi/public-packages.txt and picks up darnit-core automatically — no change needed. - release-smoke.yml: the per-package smoke `case` arm `"darnit")` is now `"darnit-core")` (the renamed package's smoke). Updated the darnit-mcp comment to mention `darnit-core` dependency. User-facing names that intentionally stay `darnit` (separate identifiers from the PyPI distribution): - Container image: `ghcr.io/.../darnit` - Binary asset filenames: `darnit-${VERSION}-${OS}-${ARCH}` - Homebrew formula: `brew install kusari-oss/tap/darnit` - Claude Code plugin zip: `darnit-claude-plugin-${VERSION}.zip` - The CLI command itself: `darnit --version` - Python import: `import darnit` actionlint v1.7.12: clean. Same suite (2122 pass) still applies. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The bare `darnit` name on PyPI conflicts with a similarly-named existing project. Renames the PyPI distribution to `darnit-core` to avoid the conflict before reserving names for v0.1.0.
Deliberately scoped to ONLY the PyPI distribution name. Three identifiers exist independently:
Users still type `darnit audit` and write `import darnit` — the only visible change is `pip install darnit-core` instead of `pip install darnit`, and most users won't see that because they install `darnit-mcp` (the meta-package) which pulls the core in transitively.
What changed (15 files)
Distribution / dependency declarations
Documentation
Runtime metadata lookups
Test
Intentionally NOT changed (these are import names, not distribution names)
Confirmed by their siblings (`darnit_baseline` with underscore = import name; distinct from `darnit-baseline` with hyphen = distribution name).
Test plan
Next step
After this merges, the v0.1.0 release prereqs become: reserve `darnit-core` (instead of `darnit`) on PyPI + TestPyPI as Trusted Publisher, then continue with the rest of the runbook in `packaging/README.md`.
🤖 Generated with Claude Code