From b471a85ce584a89100aa066fe7c3610953776311 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9D=91=86=F0=9D=91=9D=F0=9D=91=96=F0=9D=91=91?= =?UTF-8?q?=F0=9D=91=92=F0=9D=91=A6?= <146075220+spideystreet@users.noreply.github.com> Date: Wed, 29 Apr 2026 18:08:55 +0200 Subject: [PATCH 1/3] fix(ci): Dagster smoke test env on GHA (#40) * fix(ci): set DAGSTER_* env for Dagster smoke test on GitHub Actions dagster.yaml uses env-based DAGSTER_STORAGE_DIR/DAGSTER_LOGS_DIR; the runner otherwise fails instance config loading and never reaches Serving dagster-webserver. Made-with: Cursor * ci: run Publish develop checks on PRs to develop Made-with: Cursor --- .github/workflows/publish-develop.yml | 2 +- .github/workflows/quality-checks.yml | 9 ++++++++- .gitignore | 3 +++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-develop.yml b/.github/workflows/publish-develop.yml index 26719d8..809202f 100644 --- a/.github/workflows/publish-develop.yml +++ b/.github/workflows/publish-develop.yml @@ -2,7 +2,7 @@ name: Publish develop on: pull_request: - branches: [ main, staging ] + branches: [ develop, main, staging ] push: branches: - staging diff --git a/.github/workflows/quality-checks.yml b/.github/workflows/quality-checks.yml index be33950..0e0fd24 100644 --- a/.github/workflows/quality-checks.yml +++ b/.github/workflows/quality-checks.yml @@ -42,7 +42,14 @@ jobs: run: uv run pytest -m api --no-cov - name: Dagster startup smoke test - run: uv run pytest -m integration -k test_dagster_startup --no-cov + env: + # Match dagster.yaml (env-based storage/logs); runner has no Docker .env defaults. + DAGSTER_HOME: ${{ github.workspace }} + DAGSTER_STORAGE_DIR: ${{ github.workspace }}/tmp_dagster/storage + DAGSTER_LOGS_DIR: ${{ github.workspace }}/tmp_dagster/logs + run: | + mkdir -p "$DAGSTER_STORAGE_DIR" "$DAGSTER_LOGS_DIR" + uv run pytest -m integration -k test_dagster_startup --no-cov dbt-check: runs-on: ubuntu-latest diff --git a/.gitignore b/.gitignore index 316f343..60a6334 100644 --- a/.gitignore +++ b/.gitignore @@ -79,6 +79,9 @@ PR.md PR.txt TODO.md +# CI ephemeral Dagster dirs (quality-checks sets DAGSTER_* under repo root) +tmp_dagster/ + # Local .actrc .mcp.json From a2096f3d46682ab54d3489e62bc6474712b56d1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9D=91=86=F0=9D=91=9D=F0=9D=91=96=F0=9D=91=91?= =?UTF-8?q?=F0=9D=91=92=F0=9D=91=A6?= <146075220+spideystreet@users.noreply.github.com> Date: Wed, 29 Apr 2026 18:27:28 +0200 Subject: [PATCH 2/3] chore(deps): clear pip-audit CVEs (security CI) (#42) * chore(deps): bump packages for pip-audit (CVE clears) Constraints: cryptography, deepdiff, pygments, pyjwt, pip; requests>=2.33, pytest>=9 dev. Locked with uv. Made-with: Cursor * ci: retrigger workflow Made-with: Cursor --- pyproject.toml | 14 +++++- uv.lock | 123 ++++++++++++++++++++++++++----------------------- 2 files changed, 78 insertions(+), 59 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 93b7138..878375e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -19,7 +19,7 @@ dependencies = [ "pydantic>=2.0.0,<3", "pgvector>=0.4.1,<0.5", "python-dotenv>=1.1.1,<2", - "requests>=2.31.0,<3", + "requests>=2.33.0,<3", "dagster>=1.12.17,<2", "dagster-webserver>=1.12.17,<2", "dagster-postgres>=0.28.17,<0.29", @@ -47,7 +47,7 @@ Issues = "https://github.com/opensource-together/ost-linker/issues" [dependency-groups] dev = [ "ruff>=0.12.0,<0.13", - "pytest>=8.4.1,<9", + "pytest>=9.0.3,<10", "pytest-cov>=6.0.0,<7", "pytest-dotenv>=0.5.2,<0.6", "faker>=26.0.0,<27", @@ -71,6 +71,16 @@ build-backend = "hatchling.build" [tool.hatch.build.targets.wheel] packages = ["src"] +[tool.uv] +# Security: minimum patched versions for transitive deps (see `uv run pip-audit`). +constraint-dependencies = [ + "cryptography>=46.0.7", + "deepdiff>=8.6.2", + "pygments>=2.20.0", + "pyjwt>=2.12.0", + "pip>=26.1", +] + [tool.dagster] module_name = "src.linker.definitions" diff --git a/uv.lock b/uv.lock index de320c4..f33922b 100644 --- a/uv.lock +++ b/uv.lock @@ -2,6 +2,15 @@ version = 1 revision = 3 requires-python = "==3.11.*" +[manifest] +constraints = [ + { name = "cryptography", specifier = ">=46.0.7" }, + { name = "deepdiff", specifier = ">=8.6.2" }, + { name = "pip", specifier = ">=26.1" }, + { name = "pygments", specifier = ">=2.20.0" }, + { name = "pyjwt", specifier = ">=2.12.0" }, +] + [[package]] name = "accessible-pygments" version = "0.0.5" @@ -317,47 +326,47 @@ toml = [ [[package]] name = "cryptography" -version = "46.0.5" +version = "47.0.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "cffi", marker = "platform_python_implementation != 'PyPy'" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/60/04/ee2a9e8542e4fa2773b81771ff8349ff19cdd56b7258a0cc442639052edb/cryptography-46.0.5.tar.gz", hash = "sha256:abace499247268e3757271b2f1e244b36b06f8515cf27c4d49468fc9eb16e93d", size = 750064, upload-time = "2026-02-10T19:18:38.255Z" } -wheels = [ - { url = "https://files.pythonhosted.org/packages/f7/81/b0bb27f2ba931a65409c6b8a8b358a7f03c0e46eceacddff55f7c84b1f3b/cryptography-46.0.5-cp311-abi3-macosx_10_9_universal2.whl", hash = "sha256:351695ada9ea9618b3500b490ad54c739860883df6c1f555e088eaf25b1bbaad", size = 7176289, upload-time = "2026-02-10T19:17:08.274Z" }, - { url = "https://files.pythonhosted.org/packages/ff/9e/6b4397a3e3d15123de3b1806ef342522393d50736c13b20ec4c9ea6693a6/cryptography-46.0.5-cp311-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:c18ff11e86df2e28854939acde2d003f7984f721eba450b56a200ad90eeb0e6b", size = 4275637, upload-time = "2026-02-10T19:17:10.53Z" }, - { url = "https://files.pythonhosted.org/packages/63/e7/471ab61099a3920b0c77852ea3f0ea611c9702f651600397ac567848b897/cryptography-46.0.5-cp311-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:4d7e3d356b8cd4ea5aff04f129d5f66ebdc7b6f8eae802b93739ed520c47c79b", size = 4424742, upload-time = "2026-02-10T19:17:12.388Z" }, - { url = "https://files.pythonhosted.org/packages/37/53/a18500f270342d66bf7e4d9f091114e31e5ee9e7375a5aba2e85a91e0044/cryptography-46.0.5-cp311-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:50bfb6925eff619c9c023b967d5b77a54e04256c4281b0e21336a130cd7fc263", size = 4277528, upload-time = "2026-02-10T19:17:13.853Z" }, - { url = "https://files.pythonhosted.org/packages/22/29/c2e812ebc38c57b40e7c583895e73c8c5adb4d1e4a0cc4c5a4fdab2b1acc/cryptography-46.0.5-cp311-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:803812e111e75d1aa73690d2facc295eaefd4439be1023fefc4995eaea2af90d", size = 4947993, upload-time = "2026-02-10T19:17:15.618Z" }, - { url = "https://files.pythonhosted.org/packages/6b/e7/237155ae19a9023de7e30ec64e5d99a9431a567407ac21170a046d22a5a3/cryptography-46.0.5-cp311-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:3ee190460e2fbe447175cda91b88b84ae8322a104fc27766ad09428754a618ed", size = 4456855, upload-time = "2026-02-10T19:17:17.221Z" }, - { url = "https://files.pythonhosted.org/packages/2d/87/fc628a7ad85b81206738abbd213b07702bcbdada1dd43f72236ef3cffbb5/cryptography-46.0.5-cp311-abi3-manylinux_2_31_armv7l.whl", hash = "sha256:f145bba11b878005c496e93e257c1e88f154d278d2638e6450d17e0f31e558d2", size = 3984635, upload-time = "2026-02-10T19:17:18.792Z" }, - { url = "https://files.pythonhosted.org/packages/84/29/65b55622bde135aedf4565dc509d99b560ee4095e56989e815f8fd2aa910/cryptography-46.0.5-cp311-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:e9251e3be159d1020c4030bd2e5f84d6a43fe54b6c19c12f51cde9542a2817b2", size = 4277038, upload-time = "2026-02-10T19:17:20.256Z" }, - { url = "https://files.pythonhosted.org/packages/bc/36/45e76c68d7311432741faf1fbf7fac8a196a0a735ca21f504c75d37e2558/cryptography-46.0.5-cp311-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:47fb8a66058b80e509c47118ef8a75d14c455e81ac369050f20ba0d23e77fee0", size = 4912181, upload-time = "2026-02-10T19:17:21.825Z" }, - { url = "https://files.pythonhosted.org/packages/6d/1a/c1ba8fead184d6e3d5afcf03d569acac5ad063f3ac9fb7258af158f7e378/cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:4c3341037c136030cb46e4b1e17b7418ea4cbd9dd207e4a6f3b2b24e0d4ac731", size = 4456482, upload-time = "2026-02-10T19:17:25.133Z" }, - { url = "https://files.pythonhosted.org/packages/f9/e5/3fb22e37f66827ced3b902cf895e6a6bc1d095b5b26be26bd13c441fdf19/cryptography-46.0.5-cp311-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:890bcb4abd5a2d3f852196437129eb3667d62630333aacc13dfd470fad3aaa82", size = 4405497, upload-time = "2026-02-10T19:17:26.66Z" }, - { url = "https://files.pythonhosted.org/packages/1a/df/9d58bb32b1121a8a2f27383fabae4d63080c7ca60b9b5c88be742be04ee7/cryptography-46.0.5-cp311-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:80a8d7bfdf38f87ca30a5391c0c9ce4ed2926918e017c29ddf643d0ed2778ea1", size = 4667819, upload-time = "2026-02-10T19:17:28.569Z" }, - { url = "https://files.pythonhosted.org/packages/ea/ed/325d2a490c5e94038cdb0117da9397ece1f11201f425c4e9c57fe5b9f08b/cryptography-46.0.5-cp311-abi3-win32.whl", hash = "sha256:60ee7e19e95104d4c03871d7d7dfb3d22ef8a9b9c6778c94e1c8fcc8365afd48", size = 3028230, upload-time = "2026-02-10T19:17:30.518Z" }, - { url = "https://files.pythonhosted.org/packages/e9/5a/ac0f49e48063ab4255d9e3b79f5def51697fce1a95ea1370f03dc9db76f6/cryptography-46.0.5-cp311-abi3-win_amd64.whl", hash = "sha256:38946c54b16c885c72c4f59846be9743d699eee2b69b6988e0a00a01f46a61a4", size = 3480909, upload-time = "2026-02-10T19:17:32.083Z" }, - { url = "https://files.pythonhosted.org/packages/e2/fa/a66aa722105ad6a458bebd64086ca2b72cdd361fed31763d20390f6f1389/cryptography-46.0.5-cp38-abi3-macosx_10_9_universal2.whl", hash = "sha256:4108d4c09fbbf2789d0c926eb4152ae1760d5a2d97612b92d508d96c861e4d31", size = 7170514, upload-time = "2026-02-10T19:17:56.267Z" }, - { url = "https://files.pythonhosted.org/packages/0f/04/c85bdeab78c8bc77b701bf0d9bdcf514c044e18a46dcff330df5448631b0/cryptography-46.0.5-cp38-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:7d1f30a86d2757199cb2d56e48cce14deddf1f9c95f1ef1b64ee91ea43fe2e18", size = 4275349, upload-time = "2026-02-10T19:17:58.419Z" }, - { url = "https://files.pythonhosted.org/packages/5c/32/9b87132a2f91ee7f5223b091dc963055503e9b442c98fc0b8a5ca765fab0/cryptography-46.0.5-cp38-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:039917b0dc418bb9f6edce8a906572d69e74bd330b0b3fea4f79dab7f8ddd235", size = 4420667, upload-time = "2026-02-10T19:18:00.619Z" }, - { url = "https://files.pythonhosted.org/packages/a1/a6/a7cb7010bec4b7c5692ca6f024150371b295ee1c108bdc1c400e4c44562b/cryptography-46.0.5-cp38-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:ba2a27ff02f48193fc4daeadf8ad2590516fa3d0adeeb34336b96f7fa64c1e3a", size = 4276980, upload-time = "2026-02-10T19:18:02.379Z" }, - { url = "https://files.pythonhosted.org/packages/8e/7c/c4f45e0eeff9b91e3f12dbd0e165fcf2a38847288fcfd889deea99fb7b6d/cryptography-46.0.5-cp38-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:61aa400dce22cb001a98014f647dc21cda08f7915ceb95df0c9eaf84b4b6af76", size = 4939143, upload-time = "2026-02-10T19:18:03.964Z" }, - { url = "https://files.pythonhosted.org/packages/37/19/e1b8f964a834eddb44fa1b9a9976f4e414cbb7aa62809b6760c8803d22d1/cryptography-46.0.5-cp38-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:3ce58ba46e1bc2aac4f7d9290223cead56743fa6ab94a5d53292ffaac6a91614", size = 4453674, upload-time = "2026-02-10T19:18:05.588Z" }, - { url = "https://files.pythonhosted.org/packages/db/ed/db15d3956f65264ca204625597c410d420e26530c4e2943e05a0d2f24d51/cryptography-46.0.5-cp38-abi3-manylinux_2_31_armv7l.whl", hash = "sha256:420d0e909050490d04359e7fdb5ed7e667ca5c3c402b809ae2563d7e66a92229", size = 3978801, upload-time = "2026-02-10T19:18:07.167Z" }, - { url = "https://files.pythonhosted.org/packages/41/e2/df40a31d82df0a70a0daf69791f91dbb70e47644c58581d654879b382d11/cryptography-46.0.5-cp38-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:582f5fcd2afa31622f317f80426a027f30dc792e9c80ffee87b993200ea115f1", size = 4276755, upload-time = "2026-02-10T19:18:09.813Z" }, - { url = "https://files.pythonhosted.org/packages/33/45/726809d1176959f4a896b86907b98ff4391a8aa29c0aaaf9450a8a10630e/cryptography-46.0.5-cp38-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:bfd56bb4b37ed4f330b82402f6f435845a5f5648edf1ad497da51a8452d5d62d", size = 4901539, upload-time = "2026-02-10T19:18:11.263Z" }, - { url = "https://files.pythonhosted.org/packages/99/0f/a3076874e9c88ecb2ecc31382f6e7c21b428ede6f55aafa1aa272613e3cd/cryptography-46.0.5-cp38-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:a3d507bb6a513ca96ba84443226af944b0f7f47dcc9a399d110cd6146481d24c", size = 4452794, upload-time = "2026-02-10T19:18:12.914Z" }, - { url = "https://files.pythonhosted.org/packages/02/ef/ffeb542d3683d24194a38f66ca17c0a4b8bf10631feef44a7ef64e631b1a/cryptography-46.0.5-cp38-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:9f16fbdf4da055efb21c22d81b89f155f02ba420558db21288b3d0035bafd5f4", size = 4404160, upload-time = "2026-02-10T19:18:14.375Z" }, - { url = "https://files.pythonhosted.org/packages/96/93/682d2b43c1d5f1406ed048f377c0fc9fc8f7b0447a478d5c65ab3d3a66eb/cryptography-46.0.5-cp38-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:ced80795227d70549a411a4ab66e8ce307899fad2220ce5ab2f296e687eacde9", size = 4667123, upload-time = "2026-02-10T19:18:15.886Z" }, - { url = "https://files.pythonhosted.org/packages/45/2d/9c5f2926cb5300a8eefc3f4f0b3f3df39db7f7ce40c8365444c49363cbda/cryptography-46.0.5-cp38-abi3-win32.whl", hash = "sha256:02f547fce831f5096c9a567fd41bc12ca8f11df260959ecc7c3202555cc47a72", size = 3010220, upload-time = "2026-02-10T19:18:17.361Z" }, - { url = "https://files.pythonhosted.org/packages/48/ef/0c2f4a8e31018a986949d34a01115dd057bf536905dca38897bacd21fac3/cryptography-46.0.5-cp38-abi3-win_amd64.whl", hash = "sha256:556e106ee01aa13484ce9b0239bca667be5004efb0aabbed28d353df86445595", size = 3467050, upload-time = "2026-02-10T19:18:18.899Z" }, - { url = "https://files.pythonhosted.org/packages/eb/dd/2d9fdb07cebdf3d51179730afb7d5e576153c6744c3ff8fded23030c204e/cryptography-46.0.5-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:3b4995dc971c9fb83c25aa44cf45f02ba86f71ee600d81091c2f0cbae116b06c", size = 3476964, upload-time = "2026-02-10T19:18:20.687Z" }, - { url = "https://files.pythonhosted.org/packages/e9/6f/6cc6cc9955caa6eaf83660b0da2b077c7fe8ff9950a3c5e45d605038d439/cryptography-46.0.5-pp311-pypy311_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:bc84e875994c3b445871ea7181d424588171efec3e185dced958dad9e001950a", size = 4218321, upload-time = "2026-02-10T19:18:22.349Z" }, - { url = "https://files.pythonhosted.org/packages/3e/5d/c4da701939eeee699566a6c1367427ab91a8b7088cc2328c09dbee940415/cryptography-46.0.5-pp311-pypy311_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:2ae6971afd6246710480e3f15824ed3029a60fc16991db250034efd0b9fb4356", size = 4381786, upload-time = "2026-02-10T19:18:24.529Z" }, - { url = "https://files.pythonhosted.org/packages/ac/97/a538654732974a94ff96c1db621fa464f455c02d4bb7d2652f4edc21d600/cryptography-46.0.5-pp311-pypy311_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:d861ee9e76ace6cf36a6a89b959ec08e7bc2493ee39d07ffe5acb23ef46d27da", size = 4217990, upload-time = "2026-02-10T19:18:25.957Z" }, - { url = "https://files.pythonhosted.org/packages/ae/11/7e500d2dd3ba891197b9efd2da5454b74336d64a7cc419aa7327ab74e5f6/cryptography-46.0.5-pp311-pypy311_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:2b7a67c9cd56372f3249b39699f2ad479f6991e62ea15800973b956f4b73e257", size = 4381252, upload-time = "2026-02-10T19:18:27.496Z" }, - { url = "https://files.pythonhosted.org/packages/bc/58/6b3d24e6b9bc474a2dcdee65dfd1f008867015408a271562e4b690561a4d/cryptography-46.0.5-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:8456928655f856c6e1533ff59d5be76578a7157224dbd9ce6872f25055ab9ab7", size = 3407605, upload-time = "2026-02-10T19:18:29.233Z" }, +sdist = { url = "https://files.pythonhosted.org/packages/ef/b2/7ffa7fe8207a8c42147ffe70c3e360b228160c1d85dc3faff16aaa3244c0/cryptography-47.0.0.tar.gz", hash = "sha256:9f8e55fe4e63613a5e1cc5819030f27b97742d720203a087802ce4ce9ceb52bb", size = 830863, upload-time = "2026-04-24T19:54:57.056Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/a4/98/40dfe932134bdcae4f6ab5927c87488754bf9eb79297d7e0070b78dd58e9/cryptography-47.0.0-cp311-abi3-macosx_10_9_universal2.whl", hash = "sha256:160ad728f128972d362e714054f6ba0067cab7fb350c5202a9ae8ae4ce3ef1a0", size = 7912214, upload-time = "2026-04-24T19:53:03.864Z" }, + { url = "https://files.pythonhosted.org/packages/34/c6/2733531243fba725f58611b918056b277692f1033373dcc8bd01af1c05d4/cryptography-47.0.0-cp311-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:b9a8943e359b7615db1a3ba587994618e094ff3d6fa5a390c73d079ce18b3973", size = 4644617, upload-time = "2026-04-24T19:53:06.909Z" }, + { url = "https://files.pythonhosted.org/packages/00/e3/b27be1a670a9b87f855d211cf0e1174a5d721216b7616bd52d8581d912ed/cryptography-47.0.0-cp311-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f5c15764f261394b22aef6b00252f5195f46f2ca300bec57149474e2538b31f8", size = 4668186, upload-time = "2026-04-24T19:53:09.053Z" }, + { url = "https://files.pythonhosted.org/packages/81/b9/8443cfe5d17d482d348cee7048acf502bb89a51b6382f06240fd290d4ca3/cryptography-47.0.0-cp311-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:9c59ab0e0fa3a180a5a9c59f3a5abe3ef90d474bc56d7fadfbe80359491b615b", size = 4651244, upload-time = "2026-04-24T19:53:11.217Z" }, + { url = "https://files.pythonhosted.org/packages/5d/5e/13ed0cdd0eb88ba159d6dd5ebfece8cb901dbcf1ae5ac4072e28b55d3153/cryptography-47.0.0-cp311-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:34b4358b925a5ea3e14384ca781a2c0ef7ac219b57bb9eacc4457078e2b19f92", size = 5252906, upload-time = "2026-04-24T19:53:13.532Z" }, + { url = "https://files.pythonhosted.org/packages/64/16/ed058e1df0f33d440217cd120d41d5dda9dd215a80b8187f68483185af82/cryptography-47.0.0-cp311-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:0024b87d47ae2399165a6bfb20d24888881eeab83ae2566d62467c5ff0030ce7", size = 4701842, upload-time = "2026-04-24T19:53:15.618Z" }, + { url = "https://files.pythonhosted.org/packages/02/e0/3d30986b30fdbd9e969abbdf8ba00ed0618615144341faeb57f395a084fe/cryptography-47.0.0-cp311-abi3-manylinux_2_31_armv7l.whl", hash = "sha256:1e47422b5557bb82d3fff997e8d92cff4e28b9789576984f08c248d2b3535d93", size = 4289313, upload-time = "2026-04-24T19:53:17.755Z" }, + { url = "https://files.pythonhosted.org/packages/df/fd/32db38e3ad0cb331f0691cb4c7a8a6f176f679124dee746b3af6633db4d9/cryptography-47.0.0-cp311-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:6f29f36582e6151d9686235e586dd35bb67491f024767d10b842e520dc6a07ac", size = 4650964, upload-time = "2026-04-24T19:53:20.062Z" }, + { url = "https://files.pythonhosted.org/packages/86/53/5395d944dfd48cb1f67917f533c609c34347185ef15eb4308024c876f274/cryptography-47.0.0-cp311-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:a9b761f012a943b7de0e828843c5688d0de94a0578d44d6c85a1bae32f87791f", size = 5207817, upload-time = "2026-04-24T19:53:22.498Z" }, + { url = "https://files.pythonhosted.org/packages/34/4f/e5711b28e1901f7d480a2b1b688b645aa4c77c73f10731ed17e7f7db3f0d/cryptography-47.0.0-cp311-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:4e1de79e047e25d6e9f8cea71c86b4a53aced64134f0f003bbcbf3655fd172c8", size = 4701544, upload-time = "2026-04-24T19:53:24.356Z" }, + { url = "https://files.pythonhosted.org/packages/22/22/c8ddc25de3010fc8da447648f5a092c40e7a8fadf01dd6d255d9c0b9373d/cryptography-47.0.0-cp311-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:ef6b3634087f18d2155b1e8ce264e5345a753da2c5fa9815e7d41315c90f8318", size = 4783536, upload-time = "2026-04-24T19:53:26.665Z" }, + { url = "https://files.pythonhosted.org/packages/66/b6/d4a68f4ea999c6d89e8498579cba1c5fcba4276284de7773b17e4fa69293/cryptography-47.0.0-cp311-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:11dbb9f50a0f1bb9757b3d8c27c1101780efb8f0bdecfb12439c22a74d64c001", size = 4926106, upload-time = "2026-04-24T19:53:28.686Z" }, + { url = "https://files.pythonhosted.org/packages/54/ed/5f524db1fade9c013aa618e1c99c6ed05e8ffc9ceee6cda22fed22dda3f4/cryptography-47.0.0-cp311-abi3-win32.whl", hash = "sha256:7fda2f02c9015db3f42bb8a22324a454516ed10a8c29ca6ece6cdbb5efe2a203", size = 3258581, upload-time = "2026-04-24T19:53:31.058Z" }, + { url = "https://files.pythonhosted.org/packages/b2/dc/1b901990b174786569029f67542b3edf72ac068b6c3c8683c17e6a2f5363/cryptography-47.0.0-cp311-abi3-win_amd64.whl", hash = "sha256:f5c3296dab66202f1b18a91fa266be93d6aa0c2806ea3d67762c69f60adc71aa", size = 3775309, upload-time = "2026-04-24T19:53:33.054Z" }, + { url = "https://files.pythonhosted.org/packages/e0/34/a4fae8ae7c3bc227460c9ae43f56abf1b911da0ec29e0ebac53bb0a4b6b7/cryptography-47.0.0-cp38-abi3-macosx_10_9_universal2.whl", hash = "sha256:14432c8a9bcb37009784f9594a62fae211a2ae9543e96c92b2a8e4c3cd5cd0c4", size = 7904072, upload-time = "2026-04-24T19:54:06.411Z" }, + { url = "https://files.pythonhosted.org/packages/01/64/d7b1e54fdb69f22d24a64bb3e88dc718b31c7fb10ef0b9691a3cf7eeea6e/cryptography-47.0.0-cp38-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:07efe86201817e7d3c18781ca9770bc0db04e1e48c994be384e4602bc38f8f27", size = 4635767, upload-time = "2026-04-24T19:54:08.519Z" }, + { url = "https://files.pythonhosted.org/packages/8b/7b/cca826391fb2a94efdcdfe4631eb69306ee1cff0b22f664a412c90713877/cryptography-47.0.0-cp38-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:2b45761c6ec22b7c726d6a829558777e32d0f1c8be7c3f3480f9c912d5ee8a10", size = 4654350, upload-time = "2026-04-24T19:54:10.795Z" }, + { url = "https://files.pythonhosted.org/packages/4c/65/4b57bcc823f42a991627c51c2f68c9fd6eb1393c1756aac876cba2accae2/cryptography-47.0.0-cp38-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:edd4da498015da5b9f26d38d3bfc2e90257bfa9cbed1f6767c282a0025ae649b", size = 4643394, upload-time = "2026-04-24T19:54:13.275Z" }, + { url = "https://files.pythonhosted.org/packages/f4/c4/2c5fbeea70adbbca2bbae865e1d605d6a4a7f8dbd9d33eaf69645087f06c/cryptography-47.0.0-cp38-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:9af828c0d5a65c70ec729cd7495a4bf1a67ecb66417b8f02ff125ab8a6326a74", size = 5225777, upload-time = "2026-04-24T19:54:15.18Z" }, + { url = "https://files.pythonhosted.org/packages/7e/b8/ac57107ef32749d2b244e36069bb688792a363aaaa3acc9e3cf84c130315/cryptography-47.0.0-cp38-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:256d07c78a04d6b276f5df935a9923275f53bd1522f214447fdf365494e2d515", size = 4688771, upload-time = "2026-04-24T19:54:17.835Z" }, + { url = "https://files.pythonhosted.org/packages/56/fc/9f1de22ff8be99d991f240a46863c52d475404c408886c5a38d2b5c3bb26/cryptography-47.0.0-cp38-abi3-manylinux_2_31_armv7l.whl", hash = "sha256:5d0e362ff51041b0c0d219cc7d6924d7b8996f57ce5712bdcef71eb3c65a59cc", size = 4270753, upload-time = "2026-04-24T19:54:19.963Z" }, + { url = "https://files.pythonhosted.org/packages/00/68/d70c852797aa68e8e48d12e5a87170c43f67bb4a59403627259dd57d15de/cryptography-47.0.0-cp38-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:1581aef4219f7ca2849d0250edaa3866212fb74bf5667284f46aa92f9e65c1ca", size = 4642911, upload-time = "2026-04-24T19:54:21.818Z" }, + { url = "https://files.pythonhosted.org/packages/a5/51/661cbee74f594c5d97ff82d34f10d5551c085ca4668645f4606ebd22bd5d/cryptography-47.0.0-cp38-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:a49a3eb5341b9503fa3000a9a0db033161db90d47285291f53c2a9d2cd1b7f76", size = 5181411, upload-time = "2026-04-24T19:54:24.376Z" }, + { url = "https://files.pythonhosted.org/packages/94/87/f2b6c374a82cf076cfa1416992ac8e8ec94d79facc37aec87c1a5cb72352/cryptography-47.0.0-cp38-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:2207a498b03275d0051589e326b79d4cf59985c99031b05bb292ac52631c37fe", size = 4688262, upload-time = "2026-04-24T19:54:26.946Z" }, + { url = "https://files.pythonhosted.org/packages/14/e2/8b7462f4acf21ec509616f0245018bb197194ab0b65c2ea21a0bdd53c0eb/cryptography-47.0.0-cp38-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:7a02675e2fabd0c0fc04c868b8781863cbf1967691543c22f5470500ff840b31", size = 4775506, upload-time = "2026-04-24T19:54:28.926Z" }, + { url = "https://files.pythonhosted.org/packages/70/75/158e494e4c08dc05e039da5bb48553826bd26c23930cf8d3cd5f21fa8921/cryptography-47.0.0-cp38-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:80887c5cbd1774683cb126f0ab4184567f080071d5acf62205acb354b4b753b7", size = 4912060, upload-time = "2026-04-24T19:54:30.869Z" }, + { url = "https://files.pythonhosted.org/packages/06/bd/0a9d3edbf5eadbac926d7b9b3cd0c4be584eeeae4a003d24d9eda4affbbd/cryptography-47.0.0-cp38-abi3-win32.whl", hash = "sha256:ed67ea4e0cfb5faa5bc7ecb6e2b8838f3807a03758eec239d6c21c8769355310", size = 3248487, upload-time = "2026-04-24T19:54:33.494Z" }, + { url = "https://files.pythonhosted.org/packages/60/80/5681af756d0da3a599b7bdb586fac5a1540f1bcefd2717a20e611ddade45/cryptography-47.0.0-cp38-abi3-win_amd64.whl", hash = "sha256:835d2d7f47cdc53b3224e90810fb1d36ca94ea29cc1801fb4c1bc43876735769", size = 3755737, upload-time = "2026-04-24T19:54:35.408Z" }, + { url = "https://files.pythonhosted.org/packages/1b/a0/928c9ce0d120a40a81aa99e3ba383e87337b9ac9ef9f6db02e4d7822424d/cryptography-47.0.0-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:7f1207974a904e005f762869996cf620e9bf79ecb4622f148550bb48e0eb35a7", size = 3909893, upload-time = "2026-04-24T19:54:38.334Z" }, + { url = "https://files.pythonhosted.org/packages/81/75/d691e284750df5d9569f2b1ce4a00a71e1d79566da83b2b3e5549c84917f/cryptography-47.0.0-pp311-pypy311_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:1a405c08857258c11016777e11c02bacbe7ef596faf259305d282272a3a05cbe", size = 4587867, upload-time = "2026-04-24T19:54:40.619Z" }, + { url = "https://files.pythonhosted.org/packages/07/d6/1b90f1a4e453009730b4545286f0b39bb348d805c11181fc31544e4f9a65/cryptography-47.0.0-pp311-pypy311_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:20fdbe3e38fb67c385d233c89371fa27f9909f6ebca1cecc20c13518dae65475", size = 4627192, upload-time = "2026-04-24T19:54:42.849Z" }, + { url = "https://files.pythonhosted.org/packages/dc/53/cb358a80e9e359529f496870dd08c102aa8a4b5b9f9064f00f0d6ed5b527/cryptography-47.0.0-pp311-pypy311_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:f7db373287273d8af1414cf95dc4118b13ffdc62be521997b0f2b270771fef50", size = 4587486, upload-time = "2026-04-24T19:54:44.908Z" }, + { url = "https://files.pythonhosted.org/packages/8b/57/aaa3d53876467a226f9a7a82fd14dd48058ad2de1948493442dfa16e2ffd/cryptography-47.0.0-pp311-pypy311_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:9fe6b7c64926c765f9dff301f9c1b867febcda5768868ca084e18589113732ab", size = 4626327, upload-time = "2026-04-24T19:54:47.813Z" }, + { url = "https://files.pythonhosted.org/packages/ab/9c/51f28c3550276bcf35660703ba0ab829a90b88be8cd98a71ef23c2413913/cryptography-47.0.0-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:cffbba3392df0fa8629bb7f43454ee2925059ee158e23c54620b9063912b86c8", size = 3698916, upload-time = "2026-04-24T19:54:49.782Z" }, ] [[package]] @@ -685,14 +694,14 @@ wheels = [ [[package]] name = "deepdiff" -version = "8.6.1" +version = "8.6.2" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "orderly-set" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/19/76/36c9aab3d5c19a94091f7c6c6e784efca50d87b124bf026c36e94719f33c/deepdiff-8.6.1.tar.gz", hash = "sha256:ec56d7a769ca80891b5200ec7bd41eec300ced91ebcc7797b41eb2b3f3ff643a", size = 634054, upload-time = "2025-09-03T19:40:41.461Z" } +sdist = { url = "https://files.pythonhosted.org/packages/89/50/767448e792d41bfb6094ee317a355c1cb221dca24b2e178e2203bbea2a77/deepdiff-8.6.2.tar.gz", hash = "sha256:186dcbd181e4d76cef11ab05f802d0056c5d6083c5a6748c1473e9d7481e183e", size = 634860, upload-time = "2026-03-18T17:16:33.785Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/f7/e6/efe534ef0952b531b630780e19cabd416e2032697019d5295defc6ef9bd9/deepdiff-8.6.1-py3-none-any.whl", hash = "sha256:ee8708a7f7d37fb273a541fa24ad010ed484192cd0c4ffc0fa0ed5e2d4b9e78b", size = 91378, upload-time = "2025-09-03T19:40:39.679Z" }, + { url = "https://files.pythonhosted.org/packages/2b/5f/c52bd1255db763d0cdcb7084d2e90c42119cb229302c56bdf1d0aa78abd2/deepdiff-8.6.2-py3-none-any.whl", hash = "sha256:4d22034a866c3928303a9332c279362f714192d9305bac17c498720d095fd1b4", size = 91979, upload-time = "2026-03-18T17:16:32.171Z" }, ] [[package]] @@ -1839,7 +1848,7 @@ requires-dist = [ { name = "pydantic-settings", specifier = ">=2.4.0,<3" }, { name = "pygithub", specifier = ">=2.6.1,<3" }, { name = "python-dotenv", specifier = ">=1.1.1,<2" }, - { name = "requests", specifier = ">=2.31.0,<3" }, + { name = "requests", specifier = ">=2.33.0,<3" }, { name = "schedule", specifier = ">=1.1.0,<2" }, { name = "sentence-transformers", specifier = ">=5.1.2,<6" }, { name = "slowapi", specifier = ">=0.1.9,<0.2" }, @@ -1857,7 +1866,7 @@ dev = [ { name = "pandas-stubs", specifier = ">=3.0.0.260204" }, { name = "pip-audit", specifier = ">=2.7.0,<3" }, { name = "pre-commit", specifier = ">=4.0.0,<5" }, - { name = "pytest", specifier = ">=8.4.1,<9" }, + { name = "pytest", specifier = ">=9.0.3,<10" }, { name = "pytest-cov", specifier = ">=6.0.0,<7" }, { name = "pytest-dotenv", specifier = ">=0.5.2,<0.6" }, { name = "ruff", specifier = ">=0.12.0,<0.13" }, @@ -1960,11 +1969,11 @@ wheels = [ [[package]] name = "pip" -version = "26.0.1" +version = "26.1" source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/48/83/0d7d4e9efe3344b8e2fe25d93be44f64b65364d3c8d7bc6dc90198d5422e/pip-26.0.1.tar.gz", hash = "sha256:c4037d8a277c89b320abe636d59f91e6d0922d08a05b60e85e53b296613346d8", size = 1812747, upload-time = "2026-02-05T02:20:18.702Z" } +sdist = { url = "https://files.pythonhosted.org/packages/73/7e/d2b04004e1068ad4fdfa2f227b839b5d03e602e47cdbbf49de71137c9546/pip-26.1.tar.gz", hash = "sha256:81e13ebcca3ffa8cc85e4deff5c27e1ee26dea0aa7fc2f294a073ac208806ff3", size = 1840316, upload-time = "2026-04-26T21:00:05.406Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/de/f0/c81e05b613866b76d2d1066490adf1a3dbc4ee9d9c839961c3fc8a6997af/pip-26.0.1-py3-none-any.whl", hash = "sha256:bdb1b08f4274833d62c1aa29e20907365a2ceb950410df15fc9521bad440122b", size = 1787723, upload-time = "2026-02-05T02:20:16.416Z" }, + { url = "https://files.pythonhosted.org/packages/70/7a/be4bd8bcbb24ea475856dd68159d78b03b2bb53dae369f69c9606b8888f5/pip-26.1-py3-none-any.whl", hash = "sha256:4e8486d821d814b77319acb7b9e8bf5a4ee7590a643e7cb21029f209be8573c1", size = 1812804, upload-time = "2026-04-26T21:00:03.194Z" }, ] [[package]] @@ -2229,20 +2238,20 @@ wheels = [ [[package]] name = "pygments" -version = "2.19.2" +version = "2.20.0" source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/b0/77/a5b8c569bf593b0140bde72ea885a803b82086995367bf2037de0159d924/pygments-2.19.2.tar.gz", hash = "sha256:636cb2477cec7f8952536970bc533bc43743542f70392ae026374600add5b887", size = 4968631, upload-time = "2025-06-21T13:39:12.283Z" } +sdist = { url = "https://files.pythonhosted.org/packages/c3/b2/bc9c9196916376152d655522fdcebac55e66de6603a76a02bca1b6414f6c/pygments-2.20.0.tar.gz", hash = "sha256:6757cd03768053ff99f3039c1a36d6c0aa0b263438fcab17520b30a303a82b5f", size = 4955991, upload-time = "2026-03-29T13:29:33.898Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/c7/21/705964c7812476f378728bdf590ca4b771ec72385c533964653c68e86bdc/pygments-2.19.2-py3-none-any.whl", hash = "sha256:86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b", size = 1225217, upload-time = "2025-06-21T13:39:07.939Z" }, + { url = "https://files.pythonhosted.org/packages/f4/7e/a72dd26f3b0f4f2bf1dd8923c85f7ceb43172af56d63c7383eb62b332364/pygments-2.20.0-py3-none-any.whl", hash = "sha256:81a9e26dd42fd28a23a2d169d86d7ac03b46e2f8b59ed4698fb4785f946d0176", size = 1231151, upload-time = "2026-03-29T13:29:30.038Z" }, ] [[package]] name = "pyjwt" -version = "2.11.0" +version = "2.12.1" source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/5c/5a/b46fa56bf322901eee5b0454a34343cdbdae202cd421775a8ee4e42fd519/pyjwt-2.11.0.tar.gz", hash = "sha256:35f95c1f0fbe5d5ba6e43f00271c275f7a1a4db1dab27bf708073b75318ea623", size = 98019, upload-time = "2026-01-30T19:59:55.694Z" } +sdist = { url = "https://files.pythonhosted.org/packages/c2/27/a3b6e5bf6ff856d2509292e95c8f57f0df7017cf5394921fc4e4ef40308a/pyjwt-2.12.1.tar.gz", hash = "sha256:c74a7a2adf861c04d002db713dd85f84beb242228e671280bf709d765b03672b", size = 102564, upload-time = "2026-03-13T19:27:37.25Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/6f/01/c26ce75ba460d5cd503da9e13b21a33804d38c2165dec7b716d06b13010c/pyjwt-2.11.0-py3-none-any.whl", hash = "sha256:94a6bde30eb5c8e04fee991062b534071fd1439ef58d2adc9ccb823e7bcd0469", size = 28224, upload-time = "2026-01-30T19:59:54.539Z" }, + { url = "https://files.pythonhosted.org/packages/e5/7a/8dd906bd22e79e47397a61742927f6747fe93242ef86645ee9092e610244/pyjwt-2.12.1-py3-none-any.whl", hash = "sha256:28ca37c070cad8ba8cd9790cd940535d40274d22f80ab87f3ac6a713e6e8454c", size = 29726, upload-time = "2026-03-13T19:27:35.677Z" }, ] [package.optional-dependencies] @@ -2293,7 +2302,7 @@ wheels = [ [[package]] name = "pytest" -version = "8.4.2" +version = "9.0.3" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "colorama", marker = "sys_platform == 'win32'" }, @@ -2302,9 +2311,9 @@ dependencies = [ { name = "pluggy" }, { name = "pygments" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/a3/5c/00a0e072241553e1a7496d638deababa67c5058571567b92a7eaa258397c/pytest-8.4.2.tar.gz", hash = "sha256:86c0d0b93306b961d58d62a4db4879f27fe25513d4b969df351abdddb3c30e01", size = 1519618, upload-time = "2025-09-04T14:34:22.711Z" } +sdist = { url = "https://files.pythonhosted.org/packages/7d/0d/549bd94f1a0a402dc8cf64563a117c0f3765662e2e668477624baeec44d5/pytest-9.0.3.tar.gz", hash = "sha256:b86ada508af81d19edeb213c681b1d48246c1a91d304c6c81a427674c17eb91c", size = 1572165, upload-time = "2026-04-07T17:16:18.027Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/a8/a4/20da314d277121d6534b3a980b29035dcd51e6744bd79075a6ce8fa4eb8d/pytest-8.4.2-py3-none-any.whl", hash = "sha256:872f880de3fc3a5bdc88a11b39c9710c3497a547cfa9320bc3c5e62fbf272e79", size = 365750, upload-time = "2025-09-04T14:34:20.226Z" }, + { url = "https://files.pythonhosted.org/packages/d4/24/a372aaf5c9b7208e7112038812994107bc65a84cd00e0354a88c2c77a617/pytest-9.0.3-py3-none-any.whl", hash = "sha256:2c5efc453d45394fdd706ade797c0a81091eccd1d6e4bccfcd476e2b8e0ab5d9", size = 375249, upload-time = "2026-04-07T17:16:16.13Z" }, ] [[package]] @@ -2465,7 +2474,7 @@ wheels = [ [[package]] name = "requests" -version = "2.32.5" +version = "2.33.1" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "certifi" }, @@ -2473,9 +2482,9 @@ dependencies = [ { name = "idna" }, { name = "urllib3" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/c9/74/b3ff8e6c8446842c3f5c837e9c3dfcfe2018ea6ecef224c710c85ef728f4/requests-2.32.5.tar.gz", hash = "sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf", size = 134517, upload-time = "2025-08-18T20:46:02.573Z" } +sdist = { url = "https://files.pythonhosted.org/packages/5f/a4/98b9c7c6428a668bf7e42ebb7c79d576a1c3c1e3ae2d47e674b468388871/requests-2.33.1.tar.gz", hash = "sha256:18817f8c57c6263968bc123d237e3b8b08ac046f5456bd1e307ee8f4250d3517", size = 134120, upload-time = "2026-03-30T16:09:15.531Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/1e/db/4254e3eabe8020b458f1a747140d32277ec7a271daf1d235b70dc0b4e6e3/requests-2.32.5-py3-none-any.whl", hash = "sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6", size = 64738, upload-time = "2025-08-18T20:46:00.542Z" }, + { url = "https://files.pythonhosted.org/packages/d7/8e/7540e8a2036f79a125c1d2ebadf69ed7901608859186c856fa0388ef4197/requests-2.33.1-py3-none-any.whl", hash = "sha256:4e6d1ef462f3626a1f0a0a9c42dd93c63bad33f9f1c1937509b8c5c8718ab56a", size = 64947, upload-time = "2026-03-30T16:09:13.83Z" }, ] [[package]] From 2556e24c569f69ebb6440568870237bd6306c2f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9D=91=86=F0=9D=91=9D=F0=9D=91=96=F0=9D=91=91?= =?UTF-8?q?=F0=9D=91=92=F0=9D=91=A6?= <146075220+spideystreet@users.noreply.github.com> Date: Wed, 29 Apr 2026 18:31:13 +0200 Subject: [PATCH 3/3] docs(readme): tighten Getting Started; remove internal readiness audit from tree (#43) - README: ports, env, ci-check scope vs full GitHub Actions - Stop tracking docs/READINESS-AUDIT.md; gitignore path for local maintainer use Made-with: Cursor --- .gitignore | 3 + README.md | 14 ++-- docs/READINESS-AUDIT.md | 174 ---------------------------------------- 3 files changed, 10 insertions(+), 181 deletions(-) delete mode 100644 docs/READINESS-AUDIT.md diff --git a/.gitignore b/.gitignore index 60a6334..78bb6ff 100644 --- a/.gitignore +++ b/.gitignore @@ -82,6 +82,9 @@ TODO.md # CI ephemeral Dagster dirs (quality-checks sets DAGSTER_* under repo root) tmp_dagster/ +# Maintainer-only / local audit notes (do not commit) +docs/READINESS-AUDIT.md + # Local .actrc .mcp.json diff --git a/README.md b/README.md index fe3140f..689b9cf 100644 --- a/README.md +++ b/README.md @@ -21,17 +21,17 @@ It analyzes open-source projects and matches them to contributors — so you fin ## Getting Started ```bash -cp .env.example .env # configure environment -make setup # install deps + compile Go binaries -npm ci # Prisma / ts-node (package.json is in-repo) -docker compose up --build -d # start services (Dagster UI at :3000) -make db-init # apply schema + seed data -make ci-check # same Python gates as GitHub Actions (before a PR) +cp .env.example .env # set DATABASE_URL, tokens, optional host ports (see file + AGENTS.md) +make setup # uv sync + compile Go binaries +npm ci # Prisma / Node (needed before db-init) +docker compose up --build -d # Dagster + API + db (default host: Dagster :3000, API :8000 unless overridden in .env) +make db-init # Prisma schema + seed +make ci-check # Python parity with CI quality job (before a PR); full CI is broader — see AGENTS.md ``` ## Contributing -Contributions are welcome. See [CONTRIBUTING.md](CONTRIBUTING.md) for how to propose changes, run checks, and open PRs. A maintainer-facing [readiness audit](docs/READINESS-AUDIT.md) covers OSS posture, security, CI, and recommendations pipeline health. +See [CONTRIBUTING.md](CONTRIBUTING.md) (branch flow, conventions, **`make ci-check`**). For command cheat-sheets (**dbt**, API, Docker overrides), see [AGENTS.md](AGENTS.md). ## License diff --git a/docs/READINESS-AUDIT.md b/docs/READINESS-AUDIT.md deleted file mode 100644 index ee00f51..0000000 --- a/docs/READINESS-AUDIT.md +++ /dev/null @@ -1,174 +0,0 @@ -# OST Linker — readiness audit - -**Date:** 2026-04-29 -**Follow-up (same day):** `API_RATE_LIMIT` wired to SlowAPI (`rate_limit.py`); optional `API_ENABLE_OPENAPI` for `/docs` and OpenAPI JSON; `docker-compose.yml` + `.env.example` document strict token and OpenAPI; README license paragraph clarifies CC BY-NC vs OSI. -**Scope:** Full repository (`ost-linker`): OSS posture, contribution flow, onboarding, dev/prod split, recommendations (dbt + API), CI/tests, code hygiene, API security, system design. -**Local truth gate:** `make ci-check` passed (ruff, format, mypy, unit + api + Dagster startup smoke). - ---- - -## Executive summary - -| Area | Verdict | Notes | -|------|---------|--------| -| **Contributor experience** | Strong | `CONTRIBUTING.md` + `AGENTS.md` split is clear; PR template and branch rules are explicit. | -| **“Open source” licensing** | Needs product clarity | Code is under **CC BY-NC 4.0** (`LICENSE`, README badge). That is **not** an OSI-approved “open source” license; fine for source-available / community builds, misleading if marketed as OSS in the OSI sense. | -| **Security** | Solid baseline; gaps actionable | Timing-safe token compare; optional auth has an **open mode** when token unset; `API_RATE_LIMIT` env drift vs hardcoded SlowAPI limits; OpenAPI/docs exposure in default FastAPI. | -| **Recommendations** | Coherent pipeline | `match_*` marts + dbt tests cover bounds, duplicates, bookmarks, ignored projects; freshness omits feedback tables; CI only `dbt parse`, not `dbt build`. | -| **Dev / Prod** | Well separated | `docker-compose.override.yml` documents prod path (`docker compose -f docker-compose.yml`); dev adds `db`, bind-mounts, local `dagster.yaml`. | -| **CI / tests** | Broad CI; local parity partial | GitHub runs Python, dbt parse, Go, Docker build, Prisma validate, pip-audit, gitleaks, docs submodule; **`make ci-check` is Python-only** (same gap as documented in parallel audit). | -| **Legacy / verbose comments** | Low debt | No `TODO`/`FIXME` in `src/`; minor redundant comments and Prisma template header. | - ---- - -## Methodology / workers - -Parallel **Explore** tasks (scoped read-only) + file review + **`make ci-check`**: - -| Task | Worker | Model | -|------|--------|--------| -| OSS & onboarding | Task (Explore) | composer-2-fast | -| CI & tests | Task (Explore) | composer-2-fast | -| API & security | Task (Explore) | claude-4.6-sonnet-medium-thinking | -| dbt recommendations | Task (Explore) | composer-2-fast | -| Dev / prod environments | Task (Explore) | composer-2-fast | -| Code hygiene | Task (Explore) | composer-2-fast | -| Synthesis | Composer | — | - ---- - -## OSS and licensing - -- **LICENSE / README:** [CC BY-NC 4.0](https://creativecommons.org/licenses/by-nc/4.0/). **Recommendation:** State in README/CONTRIBUTING whether the intent is **source-available with NC restriction** vs migrating to **OSI-approved license** for stricter “open source” claims. -- **`CONTRIBUTING.md`:** Prerequisites table, fork/clone, `AGENTS.md` deep link, conventional commits, PR target `staging` — **light onboarding** without duplicating all of `AGENTS.md`. -- **`.github`:** Issue templates (`bug_report`, `feature_request`), PR checklist aligned with CI, **`CODEOWNERS`** → `@spideystreet` (bus factor risk — document co-maintainers when added). -- **`SECURITY.md`:** Exists; private disclosure via email; supports production reporting expectations. - ---- - -## Onboarding burden - -- **Heavy parts (acceptable):** Go compile, Docker, Node/Prisma, optional full pipeline — all documented; seed explicitly does **not** fill projects/embeddings/recos (correct expectation setting). -- **Duplication:** README → CONTRIBUTING → AGENTS is layered, not contradictory. Optional improvement: single “5-minute smoke” vs “full reco path” TOC in README. - ---- - -## Dev vs production environments - -| Concern | Development (default compose) | Staging/production-style | -|--------|-------------------------------|---------------------------| -| Compose files | Base + **`docker-compose.override.yml`** auto-loaded | **`docker compose -f docker-compose.yml`** skips override (`override.yml` header) | -| Postgres | **`db` service**, host port `POSTGRES_PORT` (default **5433**) | Use external DB / operator config | -| Dagster storage | **`dagster.yaml`** bind-mounted SQLite config | **`dagster.prod.yaml`** / Postgres-oriented layout in prod images | -| `DBT_TARGET` | **`docker`** in container shared env (`docker-compose.yml` `common-env`) | Host tools often `local` per `profiles.yml` + `.env` | -| API secrets | Compose passes `OST_LINKER_SERVICE_TOKEN`; may be empty | Operators must set token + **`OST_LINKER_REQUIRE_SERVICE_TOKEN=true`** for strict deployments | - ---- - -## Recommendations pipeline (dbt + API) - -**Strengths:** - -- Personalized: preference overlap → embeddings similarity → hybrid score → **`reco_top_n`** cap; exclusions for bookmarks and “shown but ignored” events. -- **Data tests:** max rows per user, uniqueness, score bounds, bookmark/ignore invariants (`dbt/tests/`). -- **Source freshness:** GitHub/ml/public Project tables have warn/error horizons in `sources.yml`. - -**Gaps:** - -1. **CI:** `dbt parse` only — no Postgres job for `dbt build` / data tests on critical models. -2. **Vars:** reco weights / `ignored_*` defaults live in SQL `var(..., default)` — centralize in `dbt_project.yml` or Dagster for parity across envs. -3. **Feedback data:** Limited freshness monitoring for **`recommendation_event`** / **`project_bookmark`** compared to embeddings. -4. **Product semantics:** **`DISMISSED`** in events may need suppression logic if product demands it (staging lists values; mart logic may omit). -5. **API vs mart ordering:** Trending endpoint re-sorts global recos (`stars`) — documented mismatch risk between materialized order and HTTP response order. -6. **Cold users:** Personalized mart can be empty; ensure product/API fallback to global trending is explicit (document + test). - ---- - -## API and security - -**Route inventory (authenticated except `/health`):** references (`/categories`, `/domains`, `/techstacks`), projects search/detail/similarity, semantic search, recommendations trending — all behind **`require_service_token`** at router level except health. - -| ID | Severity | Finding | Mitigation | -|----|----------|---------|------------| -| F1 | High | **Unset token ⇒ open “protected” API** (`auth.py`) | Production: set token + **`OST_LINKER_REQUIRE_SERVICE_TOKEN=true`** | -| F2 | Medium | Compose does not set **`OST_LINKER_REQUIRE_SERVICE_TOKEN`** | Add to prod templates | -| F3 | Medium | **`API_RATE_LIMIT`** documented but routes use **`60/minute`** literals | Wire config into SlowAPI or document | -| F4 | Medium | **`/docs` / `/openapi.json`** exposed by default | Disable or restrict in production | -| F5–F7 | Low | Health DB probe; proxy-unaware rate limit client key; semantic search CPU on large `q` | Network controls; max query length | - -**Hygiene:** `secrets.compare_digest` for token check; parameterized SQL in audited routes; **gitleaks** + **pip-audit** in CI per `quality-checks.yml`. - ---- - -## CI and tests - -**GitHub Actions (`quality-checks.yml`):** Python quality (ruff, mypy, unit with coverage ≥50%, api, Dagster startup), **`dbt deps` + `parse`**, Go vet/build/test (scraper/fetcher/trending), Docker image build (no push in check job), **`prisma validate`**, **`pip-audit`**, **`gitleaks`** (`--no-git` working-tree), conditional docs submodule check (fork skips). - -**Gaps:** - -- **`make ci-check`:** Python parity only — label as such or add optional targets (`dbt-parse`, `go-check`) for maintainer prep. -- **dbt:** No `sqlfluff` in CI despite dev dependency; no `dbt build` against real DB. -- **performance** marker unused in workflows. -- **Pre-commit:** ruff + mypy only. - -**Local verification (2026-04-29):** `make ci-check` — **passed** (128 unit, 50 api, 1 integration). - ---- - -## Code hygiene - -- **Markers:** No `TODO`/`FIXME`/`HACK` in Python `src/` or tests (Explore scan). -- **Noise:** Prisma boilerplate header; `definitions.py` import layout; occasional “comment repeats next line” in scraper assets — **P2** trim when touching files. -- **Coverage:** Overall ~60% with 50% floor; scraping/embedding paths under-covered (expected cost). - ---- - -## System design lens (concise) - -- **Interfaces:** FastAPI JSON, Prisma-managed schema, dbt **`match_*`** tables — stable for MCP if versioned externally. -- **Data flow:** Ingest → enrich → embeddings → dbt → API read path; writes isolated to pipeline/runtime, API read-mostly. -- **Failure modes:** Open auth mode fails “closed” only when strict env set; stale data surfaced partly via dbt freshness, not uniformly on events. -- **Observability:** Dagster schedules, pytest markers, CI security jobs — adequate for OSS; prod needs log/metric policy outside this audit. - ---- - -## Prioritized backlog - -### P0 (before claiming “secured production API”) - -1. Enforce **`OST_LINKER_SERVICE_TOKEN`** in real deployments (**`OST_LINKER_REQUIRE_SERVICE_TOKEN=true`**). -2. Align **`API_RATE_LIMIT`** with SlowAPI behavior or fix docs. - -### P1 - -1. **`docker-compose` / Helm / docs:** Add strict token requirement for prod-like stacks. -2. **dbt:** Centralize reco **`vars`**; add Postgres CI job OR document why `parse` suffices. -3. **Product/docs:** Clarify **CC BY-NC** vs “open source”; link **`SECURITY.md`** from README optionally. -4. **OpenAPI:** Disable or fence docs in prod. - -### P2 - -1. **`make ci-check`:** Rename or extend for optional full parity. -2. **Fork PR docs** in workflow or `AGENTS.md` (which jobs need secrets). -3. **DISMISSED** handling, freshness on event/bookmark sources, **`sqlfluff`** in CI optional. -4. Comment cleanup in **`raw_github__extract_projects.py`** / Prisma header when convenient. - ---- - -## PR readiness - -- **Audit-only PR:** Add/commit **`docs/READINESS-AUDIT.md`** (this file) → ready for review; no CI change required for merge. -- **Remediation PRs:** Prefer one theme per PR (security config vs dbt vars vs CI), keep **`make ci-check`** green and match PR template checklist; add **`dbt parse`**/`dbt test` steps when touching SQL. - ---- - -## Appendix: Related paths - -| Topic | Paths | -|--------|--------| -| API entry | `src/services/api/main.py`, `routes/` | -| Auth | `src/services/api/auth.py` | -| Recommendations API | `src/services/api/routes/recommendations.py` | -| dbt marts | `dbt/models/marts/match_user_recommendation.sql`, `match_global_recommendation.sql` | -| Compose | `docker-compose.yml`, `docker-compose.override.yml` | -| CI | `.github/workflows/quality-checks.yml`, `publish-develop.yml`, `Makefile` |