diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index 9400675..8c6de83 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,6 +1,6 @@
---
name: Bug report
-about: Something in OpenAURA is broken
+about: Something in Open AURA is broken
labels: [bug]
---
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
index d171a94..785a5fc 100644
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -1,6 +1,6 @@
---
name: Feature request
-about: Suggest an addition or change to OpenAURA
+about: Suggest an addition or change to Open AURA
labels: [enhancement]
---
@@ -14,9 +14,9 @@ labels: [enhancement]
## Alternatives considered
-## Does it fit OpenAURA's scope?
+## Does it fit Open AURA's scope?
-OpenAURA is **stateless, CI-native, agent-generated weekly briefs**. It is not a
+Open AURA is **stateless, CI-native, agent-generated weekly briefs**. It is not a
dashboard, not a server, not a SaaS. Features that require persistent state, a UI,
or a hosted service are unlikely to land.
diff --git a/.github/scorecard.yml b/.github/scorecard.yml
new file mode 100644
index 0000000..60fa196
--- /dev/null
+++ b/.github/scorecard.yml
@@ -0,0 +1,21 @@
+annotations:
+ - checks:
+ - code-review
+ reasons:
+ - reason: remediated # main now requires PR review, Code Owner review, and latest-push approval.
+ - checks:
+ - pinned-dependencies
+ reasons:
+ - reason: not-applicable # Open AURA is a Python library; CI intentionally resolves package metadata across supported Python versions.
+ - checks:
+ - fuzzing
+ reasons:
+ - reason: not-applicable # Current inputs are typed API fixtures/config models covered by unit tests, not binary/parser surfaces.
+ - checks:
+ - maintained
+ reasons:
+ - reason: not-applicable # The repository is new; maintenance age will improve naturally after the 90-day window.
+ - checks:
+ - cii-best-practices
+ reasons:
+ - reason: not-detected # Best Practices badge registration is a manual maintainer step outside the repository.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 67f1711..7b0cea6 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -43,6 +43,15 @@ jobs:
run: python -m bandit -r openaura -ll
- name: Pytest
run: python -m pytest --cov=openaura --cov-report=xml --cov-fail-under=80
+ - name: Upload coverage to Codecov
+ if: matrix.python-version == '3.11'
+ uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5.5.4
+ with:
+ token: ${{ secrets.CODECOV_TOKEN }}
+ files: coverage.xml
+ flags: py311
+ name: py311
+ fail_ci_if_error: false
audit:
name: pip-audit
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index b31701c..1e95a68 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -5,6 +5,8 @@ on:
- cron: "15 4 * * 2" # Tuesdays at 04:15 UTC
push:
branches: [main]
+ pull_request:
+ branches: [main]
workflow_dispatch:
permissions: read-all
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 3538b47..b723730 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,6 +1,6 @@
-# Contributing to OpenAURA
+# Contributing to Open AURA
-Thanks for your interest in contributing! OpenAURA is small and opinionated — the rules
+Thanks for your interest in contributing! Open AURA is small and opinionated — the rules
below keep it that way.
## Ground rules
diff --git a/README.md b/README.md
index 467131d..8b1b3b3 100644
--- a/README.md
+++ b/README.md
@@ -10,8 +10,13 @@
+
+
+
+
+
@@ -19,7 +24,7 @@
-Badges for PyPI, CI, CodeQL, OpenSSF Scorecard, and Codecov activate once the repo is public and the package is published.
+pip install open-aura
@@ -201,7 +206,7 @@ outruns manual reporting.
### 1. Install
-OpenAURA supports Python 3.11 and newer. The CI matrix currently verifies Python
+Open AURA supports Python 3.11 and newer. The CI matrix currently verifies Python
3.11, 3.12, 3.13, and 3.14.
```bash
diff --git a/SECURITY.md b/SECURITY.md
index b51f9e9..7a64862 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,7 +2,7 @@
## Supported versions
-OpenAURA is pre-1.0. Only the latest minor release receives security patches.
+Open AURA is pre-1.0. Only the latest minor release receives security patches.
| Version | Supported |
|---------|-----------|
@@ -55,7 +55,7 @@ once a fix ships, crediting the reporter unless anonymity is requested.
## Secrets handling expectations
-OpenAURA runs in CI and reads signals from external APIs. It:
+Open AURA runs in CI and reads signals from external APIs. It:
- Accepts secrets only from environment variables (never from config files).
- Never logs secret values; tokens are redacted in error messages.
diff --git a/aura.config.example.yml b/aura.config.example.yml
index 95436f8..78e53e9 100644
--- a/aura.config.example.yml
+++ b/aura.config.example.yml
@@ -7,7 +7,7 @@ project: "my-project"
trigger: weekly
schedule: "friday-5pm" # documentation only — the real cron lives in your CI workflow
-# Pydantic AI model string. OpenAURA uses the same typed output schemas for
+# Pydantic AI model string. Open AURA uses the same typed output schemas for
# Anthropic and OpenAI responses.
# - Anthropic: set ANTHROPIC_API_KEY in CI
# - OpenAI: set OPENAI_API_KEY in CI
diff --git a/openaura/__init__.py b/openaura/__init__.py
index 77bab50..955988d 100644
--- a/openaura/__init__.py
+++ b/openaura/__init__.py
@@ -1,4 +1,4 @@
-"""OpenAURA — Agentic Updates, Reviews, and Accountability."""
+"""Open AURA — Agentic Updates, Reviews, and Accountability."""
from __future__ import annotations
diff --git a/openaura/agents/_core.py b/openaura/agents/_core.py
index a38fd3f..d1581d2 100644
--- a/openaura/agents/_core.py
+++ b/openaura/agents/_core.py
@@ -43,7 +43,7 @@ def model_id(config_model: str) -> str:
"""Build the Pydantic AI model string.
Provider-prefixed strings pass through unchanged. Bare model names remain
- Anthropic for backwards compatibility with early OpenAURA configs.
+ Anthropic for backwards compatibility with early Open AURA configs.
"""
if ":" in config_model:
return config_model
@@ -58,6 +58,6 @@ def model_ref(config_model: str | Model) -> str | Model:
def model_api_key_env_var(config_model: str) -> str | None:
- """Return the API key env var OpenAURA can infer from a Pydantic AI model string."""
+ """Return the API key env var Open AURA can infer from a Pydantic AI model string."""
provider = model_id(config_model).split(":", maxsplit=1)[0]
return MODEL_PROVIDER_ENV_VARS.get(provider)
diff --git a/openaura/instructions/manifesto.md b/openaura/instructions/manifesto.md
index cedb77f..4c2d9a5 100644
--- a/openaura/instructions/manifesto.md
+++ b/openaura/instructions/manifesto.md
@@ -1,6 +1,6 @@
# AURA Manifesto
-OpenAURA is not a framework in the heavy sense. It is an update protocol: a small,
+Open AURA is not a framework in the heavy sense. It is an update protocol: a small,
repeatable way for any repo to turn delivery signals into accurate project briefs.
The protocol exists so teams can stop translating work into status by hand. A repo
diff --git a/openaura/main.py b/openaura/main.py
index fa39313..ebfe9a9 100644
--- a/openaura/main.py
+++ b/openaura/main.py
@@ -18,7 +18,7 @@
from openaura.models.config import AuraConfig, Trigger
from openaura.output import markdown as md_out
-app = typer.Typer(add_completion=False, no_args_is_help=True, help="OpenAURA — weekly briefs.")
+app = typer.Typer(add_completion=False, no_args_is_help=True, help="Open AURA — weekly briefs.")
log = logging.getLogger("openaura")
EXIT_CONFIG = 1
diff --git a/openaura/output/markdown.py b/openaura/output/markdown.py
index 3a2b44f..ba2a398 100644
--- a/openaura/output/markdown.py
+++ b/openaura/output/markdown.py
@@ -20,7 +20,7 @@ def _template_src() -> str:
@lru_cache(maxsize=1)
def _env() -> Environment:
return Environment(
- autoescape=False, # nosec B701 # noqa: S701 - markdown output, not HTML
+ autoescape=True,
trim_blocks=True,
lstrip_blocks=True,
undefined=StrictUndefined,
diff --git a/pyproject.toml b/pyproject.toml
index 4be74db..e5affc4 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -10,7 +10,7 @@ readme = "README.md"
requires-python = ">=3.11"
license = "Apache-2.0"
license-files = ["LICENSE"]
-authors = [{ name = "OpenAURA contributors" }]
+authors = [{ name = "Open AURA contributors" }]
keywords = ["ai", "agents", "devops", "pydantic-ai", "ci", "reporting", "openai", "anthropic"]
classifiers = [
"Development Status :: 3 - Alpha",