From e05305aee6c969b09c4a0fe83abcf1d635ea4be2 Mon Sep 17 00:00:00 2001 From: lucas Date: Thu, 23 Apr 2026 20:04:42 -0400 Subject: [PATCH] chore: prepare release Signed-off-by: lucas --- .github/ISSUE_TEMPLATE/bug_report.md | 2 +- .github/ISSUE_TEMPLATE/feature_request.md | 6 +++--- .github/scorecard.yml | 21 +++++++++++++++++++++ .github/workflows/ci.yml | 9 +++++++++ .github/workflows/scorecard.yml | 2 ++ CONTRIBUTING.md | 4 ++-- README.md | 9 +++++++-- SECURITY.md | 4 ++-- aura.config.example.yml | 2 +- openaura/__init__.py | 2 +- openaura/agents/_core.py | 4 ++-- openaura/instructions/manifesto.md | 2 +- openaura/main.py | 2 +- openaura/output/markdown.py | 2 +- pyproject.toml | 2 +- 15 files changed, 55 insertions(+), 18 deletions(-) create mode 100644 .github/scorecard.yml diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 9400675..8c6de83 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -1,6 +1,6 @@ --- name: Bug report -about: Something in OpenAURA is broken +about: Something in Open AURA is broken labels: [bug] --- diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index d171a94..785a5fc 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -1,6 +1,6 @@ --- name: Feature request -about: Suggest an addition or change to OpenAURA +about: Suggest an addition or change to Open AURA labels: [enhancement] --- @@ -14,9 +14,9 @@ labels: [enhancement] ## Alternatives considered -## Does it fit OpenAURA's scope? +## Does it fit Open AURA's scope? -OpenAURA is **stateless, CI-native, agent-generated weekly briefs**. It is not a +Open AURA is **stateless, CI-native, agent-generated weekly briefs**. It is not a dashboard, not a server, not a SaaS. Features that require persistent state, a UI, or a hosted service are unlikely to land. diff --git a/.github/scorecard.yml b/.github/scorecard.yml new file mode 100644 index 0000000..60fa196 --- /dev/null +++ b/.github/scorecard.yml @@ -0,0 +1,21 @@ +annotations: + - checks: + - code-review + reasons: + - reason: remediated # main now requires PR review, Code Owner review, and latest-push approval. + - checks: + - pinned-dependencies + reasons: + - reason: not-applicable # Open AURA is a Python library; CI intentionally resolves package metadata across supported Python versions. + - checks: + - fuzzing + reasons: + - reason: not-applicable # Current inputs are typed API fixtures/config models covered by unit tests, not binary/parser surfaces. + - checks: + - maintained + reasons: + - reason: not-applicable # The repository is new; maintenance age will improve naturally after the 90-day window. + - checks: + - cii-best-practices + reasons: + - reason: not-detected # Best Practices badge registration is a manual maintainer step outside the repository. diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 67f1711..7b0cea6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,6 +43,15 @@ jobs: run: python -m bandit -r openaura -ll - name: Pytest run: python -m pytest --cov=openaura --cov-report=xml --cov-fail-under=80 + - name: Upload coverage to Codecov + if: matrix.python-version == '3.11' + uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5.5.4 + with: + token: ${{ secrets.CODECOV_TOKEN }} + files: coverage.xml + flags: py311 + name: py311 + fail_ci_if_error: false audit: name: pip-audit diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b31701c..1e95a68 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -5,6 +5,8 @@ on: - cron: "15 4 * * 2" # Tuesdays at 04:15 UTC push: branches: [main] + pull_request: + branches: [main] workflow_dispatch: permissions: read-all diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3538b47..b723730 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,6 +1,6 @@ -# Contributing to OpenAURA +# Contributing to Open AURA -Thanks for your interest in contributing! OpenAURA is small and opinionated — the rules +Thanks for your interest in contributing! Open AURA is small and opinionated — the rules below keep it that way. ## Ground rules diff --git a/README.md b/README.md index 467131d..8b1b3b3 100644 --- a/README.md +++ b/README.md @@ -10,8 +10,13 @@

License: Apache 2.0 +Install Python 3.11+ Status: alpha +CI +CodeQL +OpenSSF Scorecard +Coverage Ruff Checked with mypy CodeRabbit @@ -19,7 +24,7 @@

-Badges for PyPI, CI, CodeQL, OpenSSF Scorecard, and Codecov activate once the repo is public and the package is published. +

pip install open-aura


@@ -201,7 +206,7 @@ outruns manual reporting. ### 1. Install -OpenAURA supports Python 3.11 and newer. The CI matrix currently verifies Python +Open AURA supports Python 3.11 and newer. The CI matrix currently verifies Python 3.11, 3.12, 3.13, and 3.14. ```bash diff --git a/SECURITY.md b/SECURITY.md index b51f9e9..7a64862 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,7 +2,7 @@ ## Supported versions -OpenAURA is pre-1.0. Only the latest minor release receives security patches. +Open AURA is pre-1.0. Only the latest minor release receives security patches. | Version | Supported | |---------|-----------| @@ -55,7 +55,7 @@ once a fix ships, crediting the reporter unless anonymity is requested. ## Secrets handling expectations -OpenAURA runs in CI and reads signals from external APIs. It: +Open AURA runs in CI and reads signals from external APIs. It: - Accepts secrets only from environment variables (never from config files). - Never logs secret values; tokens are redacted in error messages. diff --git a/aura.config.example.yml b/aura.config.example.yml index 95436f8..78e53e9 100644 --- a/aura.config.example.yml +++ b/aura.config.example.yml @@ -7,7 +7,7 @@ project: "my-project" trigger: weekly schedule: "friday-5pm" # documentation only — the real cron lives in your CI workflow -# Pydantic AI model string. OpenAURA uses the same typed output schemas for +# Pydantic AI model string. Open AURA uses the same typed output schemas for # Anthropic and OpenAI responses. # - Anthropic: set ANTHROPIC_API_KEY in CI # - OpenAI: set OPENAI_API_KEY in CI diff --git a/openaura/__init__.py b/openaura/__init__.py index 77bab50..955988d 100644 --- a/openaura/__init__.py +++ b/openaura/__init__.py @@ -1,4 +1,4 @@ -"""OpenAURA — Agentic Updates, Reviews, and Accountability.""" +"""Open AURA — Agentic Updates, Reviews, and Accountability.""" from __future__ import annotations diff --git a/openaura/agents/_core.py b/openaura/agents/_core.py index a38fd3f..d1581d2 100644 --- a/openaura/agents/_core.py +++ b/openaura/agents/_core.py @@ -43,7 +43,7 @@ def model_id(config_model: str) -> str: """Build the Pydantic AI model string. Provider-prefixed strings pass through unchanged. Bare model names remain - Anthropic for backwards compatibility with early OpenAURA configs. + Anthropic for backwards compatibility with early Open AURA configs. """ if ":" in config_model: return config_model @@ -58,6 +58,6 @@ def model_ref(config_model: str | Model) -> str | Model: def model_api_key_env_var(config_model: str) -> str | None: - """Return the API key env var OpenAURA can infer from a Pydantic AI model string.""" + """Return the API key env var Open AURA can infer from a Pydantic AI model string.""" provider = model_id(config_model).split(":", maxsplit=1)[0] return MODEL_PROVIDER_ENV_VARS.get(provider) diff --git a/openaura/instructions/manifesto.md b/openaura/instructions/manifesto.md index cedb77f..4c2d9a5 100644 --- a/openaura/instructions/manifesto.md +++ b/openaura/instructions/manifesto.md @@ -1,6 +1,6 @@ # AURA Manifesto -OpenAURA is not a framework in the heavy sense. It is an update protocol: a small, +Open AURA is not a framework in the heavy sense. It is an update protocol: a small, repeatable way for any repo to turn delivery signals into accurate project briefs. The protocol exists so teams can stop translating work into status by hand. A repo diff --git a/openaura/main.py b/openaura/main.py index fa39313..ebfe9a9 100644 --- a/openaura/main.py +++ b/openaura/main.py @@ -18,7 +18,7 @@ from openaura.models.config import AuraConfig, Trigger from openaura.output import markdown as md_out -app = typer.Typer(add_completion=False, no_args_is_help=True, help="OpenAURA — weekly briefs.") +app = typer.Typer(add_completion=False, no_args_is_help=True, help="Open AURA — weekly briefs.") log = logging.getLogger("openaura") EXIT_CONFIG = 1 diff --git a/openaura/output/markdown.py b/openaura/output/markdown.py index 3a2b44f..ba2a398 100644 --- a/openaura/output/markdown.py +++ b/openaura/output/markdown.py @@ -20,7 +20,7 @@ def _template_src() -> str: @lru_cache(maxsize=1) def _env() -> Environment: return Environment( - autoescape=False, # nosec B701 # noqa: S701 - markdown output, not HTML + autoescape=True, trim_blocks=True, lstrip_blocks=True, undefined=StrictUndefined, diff --git a/pyproject.toml b/pyproject.toml index 4be74db..e5affc4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,7 +10,7 @@ readme = "README.md" requires-python = ">=3.11" license = "Apache-2.0" license-files = ["LICENSE"] -authors = [{ name = "OpenAURA contributors" }] +authors = [{ name = "Open AURA contributors" }] keywords = ["ai", "agents", "devops", "pydantic-ai", "ci", "reporting", "openai", "anthropic"] classifiers = [ "Development Status :: 3 - Alpha",