pradelgorithm · pradelgorithm · Apr 24, 2026 · Apr 24, 2026
@@ -1,6 +1,6 @@
 ---
 name: Bug report
-about: Something in OpenAURA is broken
+about: Something in Open AURA is broken
 labels: [bug]
 ---
 

@@ -1,6 +1,6 @@
 ---
 name: Feature request
-about: Suggest an addition or change to OpenAURA
+about: Suggest an addition or change to Open AURA
 labels: [enhancement]
 ---
 
@@ -14,9 +14,9 @@ labels: [enhancement]
 
 ## Alternatives considered
 
-## Does it fit OpenAURA's scope?
+## Does it fit Open AURA's scope?
 
-OpenAURA is **stateless, CI-native, agent-generated weekly briefs**. It is not a
+Open AURA is **stateless, CI-native, agent-generated weekly briefs**. It is not a
 dashboard, not a server, not a SaaS. Features that require persistent state, a UI,
 or a hosted service are unlikely to land.
 

@@ -0,0 +1,21 @@
+annotations:
+  - checks:
+      - code-review
+    reasons:
+      - reason: remediated # main now requires PR review, Code Owner review, and latest-push approval.
+  - checks:
+      - pinned-dependencies
+    reasons:
+      - reason: not-applicable # Open AURA is a Python library; CI intentionally resolves package metadata across supported Python versions.
+  - checks:
+      - fuzzing
+    reasons:
+      - reason: not-applicable # Current inputs are typed API fixtures/config models covered by unit tests, not binary/parser surfaces.
+  - checks:
+      - maintained
+    reasons:
+      - reason: not-applicable # The repository is new; maintenance age will improve naturally after the 90-day window.
+  - checks:
+      - cii-best-practices
+    reasons:
+      - reason: not-detected # Best Practices badge registration is a manual maintainer step outside the repository.
@@ -43,6 +43,15 @@ jobs:
         run: python -m bandit -r openaura -ll
       - name: Pytest
         run: python -m pytest --cov=openaura --cov-report=xml --cov-fail-under=80
+      - name: Upload coverage to Codecov
+        if: matrix.python-version == '3.11'
+        uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe  # v5.5.4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: coverage.xml
+          flags: py311
+          name: py311
+          fail_ci_if_error: false
 
   audit:
     name: pip-audit

@@ -5,6 +5,8 @@ on:
     - cron: "15 4 * * 2"   # Tuesdays at 04:15 UTC
   push:
     branches: [main]
+  pull_request:
+    branches: [main]
   workflow_dispatch:
 
 permissions: read-all

@@ -1,6 +1,6 @@
-# Contributing to OpenAURA
+# Contributing to Open AURA
 
-Thanks for your interest in contributing! OpenAURA is small and opinionated — the rules
+Thanks for your interest in contributing! Open AURA is small and opinionated — the rules
 below keep it that way.
 
 ## Ground rules

@@ -10,16 +10,21 @@
 <p>
 
 <a href="./LICENSE"><img alt="License: Apache 2.0" src="https://img.shields.io/badge/License-Apache_2.0-3b82f6.svg"></a>
+<img alt="Install" src="https://img.shields.io/badge/pip%20install-open--aura-3b82f6?logo=pypi&logoColor=white">
 <img alt="Python 3.11+" src="https://img.shields.io/badge/python-3.11%2B-3b82f6?logo=python&logoColor=white">
 <img alt="Status: alpha" src="https://img.shields.io/badge/status-alpha-orange">
+<a href="https://github.com/pradelgorithm/openaura/actions/workflows/ci.yml"><img alt="CI" src="https://github.com/pradelgorithm/openaura/actions/workflows/ci.yml/badge.svg"></a>
+<a href="https://github.com/pradelgorithm/openaura/actions/workflows/codeql.yml"><img alt="CodeQL" src="https://github.com/pradelgorithm/openaura/actions/workflows/codeql.yml/badge.svg"></a>
+<a href="https://securityscorecards.dev/viewer/?uri=github.com/pradelgorithm/openaura"><img alt="OpenSSF Scorecard" src="https://api.securityscorecards.dev/projects/github.com/pradelgorithm/openaura/badge"></a>
+<a href="https://codecov.io/gh/pradelgorithm/openaura"><img alt="Coverage" src="https://codecov.io/gh/pradelgorithm/openaura/graph/badge.svg"></a>
 <a href="https://docs.astral.sh/ruff/"><img alt="Ruff" src="https://img.shields.io/badge/lint-ruff-261230?logo=ruff"></a>
 <a href="http://mypy-lang.org/"><img alt="Checked with mypy" src="https://img.shields.io/badge/mypy-strict-blue"></a>
 <a href="https://coderabbit.ai"><img alt="CodeRabbit" src="https://img.shields.io/badge/CodeRabbit-reviewed-ff69b4"></a>
 <a href="./SECURITY.md"><img alt="Security Policy" src="https://img.shields.io/badge/security-policy-3b82f6.svg"></a>
 
 </p>
 
-<sub>Badges for PyPI, CI, CodeQL, OpenSSF Scorecard, and Codecov activate once the repo is public and the package is published.</sub>
+<p><code>pip install open-aura</code></p>
 
 <br>
 
@@ -201,7 +206,7 @@ outruns manual reporting.
 
 ### 1. Install
 
-OpenAURA supports Python 3.11 and newer. The CI matrix currently verifies Python
+Open AURA supports Python 3.11 and newer. The CI matrix currently verifies Python
 3.11, 3.12, 3.13, and 3.14.
 
 ```bash

@@ -2,7 +2,7 @@
 
 ## Supported versions
 
-OpenAURA is pre-1.0. Only the latest minor release receives security patches.
+Open AURA is pre-1.0. Only the latest minor release receives security patches.
 
 | Version | Supported |
 |---------|-----------|
@@ -55,7 +55,7 @@ once a fix ships, crediting the reporter unless anonymity is requested.
 
 ## Secrets handling expectations
 
-OpenAURA runs in CI and reads signals from external APIs. It:
+Open AURA runs in CI and reads signals from external APIs. It:
 
 - Accepts secrets only from environment variables (never from config files).
 - Never logs secret values; tokens are redacted in error messages.

@@ -7,7 +7,7 @@ project: "my-project"
 trigger: weekly
 schedule: "friday-5pm"     # documentation only — the real cron lives in your CI workflow
 
-# Pydantic AI model string. OpenAURA uses the same typed output schemas for
+# Pydantic AI model string. Open AURA uses the same typed output schemas for
 # Anthropic and OpenAI responses.
 # - Anthropic: set ANTHROPIC_API_KEY in CI
 # - OpenAI: set OPENAI_API_KEY in CI

@@ -1,4 +1,4 @@
-"""OpenAURA — Agentic Updates, Reviews, and Accountability."""
+"""Open AURA — Agentic Updates, Reviews, and Accountability."""
 
 from __future__ import annotations
 

@@ -43,7 +43,7 @@ def model_id(config_model: str) -> str:
     """Build the Pydantic AI model string.
 
     Provider-prefixed strings pass through unchanged. Bare model names remain
-    Anthropic for backwards compatibility with early OpenAURA configs.
+    Anthropic for backwards compatibility with early Open AURA configs.
     """
     if ":" in config_model:
         return config_model
@@ -58,6 +58,6 @@ def model_ref(config_model: str | Model) -> str | Model:
 
 
 def model_api_key_env_var(config_model: str) -> str | None:
-    """Return the API key env var OpenAURA can infer from a Pydantic AI model string."""
+    """Return the API key env var Open AURA can infer from a Pydantic AI model string."""
     provider = model_id(config_model).split(":", maxsplit=1)[0]
     return MODEL_PROVIDER_ENV_VARS.get(provider)
@@ -1,6 +1,6 @@
 # AURA Manifesto
 
-OpenAURA is not a framework in the heavy sense. It is an update protocol: a small,
+Open AURA is not a framework in the heavy sense. It is an update protocol: a small,
 repeatable way for any repo to turn delivery signals into accurate project briefs.
 
 The protocol exists so teams can stop translating work into status by hand. A repo

@@ -18,7 +18,7 @@
 from openaura.models.config import AuraConfig, Trigger
 from openaura.output import markdown as md_out
 
-app = typer.Typer(add_completion=False, no_args_is_help=True, help="OpenAURA — weekly briefs.")
+app = typer.Typer(add_completion=False, no_args_is_help=True, help="Open AURA — weekly briefs.")
 log = logging.getLogger("openaura")
 
 EXIT_CONFIG = 1

@@ -20,7 +20,7 @@ def _template_src() -> str:
 @lru_cache(maxsize=1)
 def _env() -> Environment:
     return Environment(
-        autoescape=False,  # nosec B701  # noqa: S701 - markdown output, not HTML
+        autoescape=True,
         trim_blocks=True,
         lstrip_blocks=True,
         undefined=StrictUndefined,

@@ -10,7 +10,7 @@ readme = "README.md"
 requires-python = ">=3.11"
 license = "Apache-2.0"
 license-files = ["LICENSE"]
-authors = [{ name = "OpenAURA contributors" }]
+authors = [{ name = "Open AURA contributors" }]
 keywords = ["ai", "agents", "devops", "pydantic-ai", "ci", "reporting", "openai", "anthropic"]
 classifiers = [
     "Development Status :: 3 - Alpha",