Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
a291271
chore: add local opencode config files to .gitignore
May 29, 2026
33d7410
ci: add auto-code-review caller workflow
Coding-Dev-Tools May 31, 2026
7ba4bfd
feat: add push trigger, workflow_dispatch, and master branch to auto-…
Coding-Dev-Tools May 31, 2026
bb2bdbb
ci: update publish workflow and package versions
Coding-Dev-Tools Jun 10, 2026
6da680f
feat: improve auth CLI/keystore/verify; fix pyproject CRLF; ruff-format
ArtificialSight Jun 10, 2026
d1439e9
cowork-bot: fix verify JWT dispatch + add audit --exit-on-expired/--e…
Jun 13, 2026
f1b23c9
cowork-bot: seed cowork-auto-pr.yml for autonomous PR creation
Jun 13, 2026
a451a9d
fix: correct author email TOML syntax in pyproject.toml (#7)
Coding-Dev-Tools Jun 14, 2026
9616c27
fix: pre-publish metadata audit + supply chain CI hardening (#6)
Coding-Dev-Tools Jun 14, 2026
260f1f4
fix: handle non-string expiry values in check_expiry, add .gitattribu…
Coding-Dev-Tools Jun 14, 2026
5f51cf4
chore: update .gitignore and README
Coding-Dev-Tools Jun 17, 2026
f7b27ec
merge: resolve conflicts with remote master
Coding-Dev-Tools Jun 17, 2026
ee08ecf
merge: resolve cowork/improve-apiauth conflict, normalize CRLF
Jun 20, 2026
fc2137e
fix(cli): correct command names (show/rotate/revoke/verify/export/aud…
Coding-Dev-Tools Jun 21, 2026
5f0b6f5
docs: add AGENTS.md for agent discoverability
Coding-Dev-Tools Jun 23, 2026
80a8392
chore: normalize line endings to LF (per .gitattributes eol=lf)
Coding-Dev-Tools Jun 25, 2026
d15d7b9
fix: resolve 7 verify() test failures - api_key parameter mismatch
Coding-Dev-Tools Jun 25, 2026
417fd2a
improve: add pre-commit config for formatting checks (#14)
Coding-Dev-Tools Jun 29, 2026
a2e399a
chore: add CODEOWNERS file
Coding-Dev-Tools Jun 29, 2026
90019c1
improve: add requirements.txt, enhance SECURITY.md, update CONTRIBUTI…
Coding-Dev-Tools Jun 29, 2026
18e618d
fix(ci): repin trufflehog to v3.95.6 (unblock security job)
Coding-Dev-Tools Jun 29, 2026
a6b70a2
chore: normalize end-of-file newlines to match .editorconfig (#17)
Coding-Dev-Tools Jun 29, 2026
3768d39
fix(README): replace bare pip install with verified --index-url + git…
Coding-Dev-Tools Jun 30, 2026
d6a20e9
chore(apiauth): add gitignore, docs, CI workflow, build config
Jun 30, 2026
982ef0f
fix(verify): add generic type params to dict annotation
Coding-Dev-Tools Jul 3, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# EditorConfig — https://editorconfig.org
root = true

[*]
charset = utf-8
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
indent_style = space
indent_size = 4

[*.py]
indent_size = 4

[*.{yml,yaml,toml,cfg,ini}]
indent_size = 2

[*.md]
trim_trailing_whitespace = false

[Makefile]
indent_style = tab
38 changes: 38 additions & 0 deletions .gitattributes
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
# Auto-detect text files and normalize to LF
* text=auto eol=lf

# Python source
*.py text eol=lf
*.pyi text eol=lf

# Config files
*.toml text eol=lf
*.cfg text eol=lf
*.ini text eol=lf
*.yaml text eol=lf
*.yml text eol=lf

# Documentation
*.md text eol=lf
*.rst text eol=lf
*.txt text eol=lf
LICENSE text eol=lf

# Shell scripts (may run in Git Bash / WSL)
*.sh text eol=lf

# Windows scripts
*.bat text eol=crlf
*.cmd text eol=crlf
*.ps1 text eol=crlf

# Binary files
*.png binary
*.jpg binary
*.jpeg binary
*.gif binary
*.ico binary
*.pdf binary
*.zip binary
*.gz binary
*.whl binary
1 change: 1 addition & 0 deletions .github/CODEOWNERS
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
* @Coding-Dev-Tools
2 changes: 1 addition & 1 deletion .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,4 @@ updates:
directory: "/"
schedule:
interval: weekly
open-pull-requests-limit: 3
open-pull-requests-limit: 3
28 changes: 28 additions & 0 deletions .github/workflows/auto-code-review.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Automated Code Review — caller workflow
#
# Drop this file into any Coding-Dev-Tools repo at
# .github/workflows/auto-code-review.yml to enable
# automated PR code review (lint, format, secret detection,
# TODO/FIXME check, large file check, and PR comment summary).
#
# The reusable workflow is defined in the org .github repo:
# Coding-Dev-Tools/.github/.github/workflows/auto-code-review.yml@main

name: Auto Code Review

on:
pull_request:
branches: [main, master]
types: [opened, synchronize, reopened]
push:
branches: [main, master]
workflow_dispatch:

permissions:
contents: read
pull-requests: write
security-events: write

jobs:
code-review:
uses: Coding-Dev-Tools/.github/.github/workflows/auto-code-review.yml@main
58 changes: 56 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,12 @@ jobs:
python-version: ["3.10", "3.11", "3.12", "3.13"]

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
with:
persist-credentials: false

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
with:
python-version: ${{ matrix.python-version }}

Expand All @@ -42,3 +42,57 @@ jobs:
apiauth --version
apiauth --help
apiauth generate --help

security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
with:
persist-credentials: false

- name: Set up Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
with:
python-version: "3.12"

- name: Install pip-audit
run: pip install pip-audit

- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e ".[dev]"

- name: Security audit (pip-audit)
run: pip-audit -r requirements.txt || pip-audit --desc

- name: Check for secrets
uses: trufflesecurity/trufflehog@30d5bb91af1a771378349dbbb0c82129392acf70 # v3.95.6
with:
path: ./
base: ""
head: ${{ github.sha }}

build:
runs-on: ubuntu-latest
needs: [test, security]
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
with:
persist-credentials: false

- name: Set up Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
with:
python-version: "3.12"

- name: Install build tools
run: |
python -m pip install --upgrade pip
pip install build twine

- name: Build package
run: python -m build

- name: Check package
run: twine check dist/*
28 changes: 28 additions & 0 deletions .github/workflows/cowork-auto-pr.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Seeded by the repo-improver-rotation Cowork job into cowork/improve-* branches.
# Opens a PR automatically when such a branch is pushed (sandbox cannot reach
# the GitHub API directly; this runs server-side with the repo's GITHUB_TOKEN).
name: cowork-auto-pr
on:
push:
branches: ['cowork/improve-**']
permissions:
contents: read
pull-requests: write
jobs:
ensure-pr:
runs-on: ubuntu-latest
steps:
- name: Open PR for this branch if none exists
env:
GH_TOKEN: ${{ github.token }}
run: |
set -eu
existing=$(gh pr list --repo "$GITHUB_REPOSITORY" --head "$GITHUB_REF_NAME" --state open --json number --jq 'length')
if [ "$existing" = "0" ]; then
gh pr create --repo "$GITHUB_REPOSITORY" \
--head "$GITHUB_REF_NAME" \
--title "cowork-bot: automated improvements ($GITHUB_REF_NAME)" \
--body "Automated improvement PR from the Cowork repo-improver rotation (one coherent senior-dev improvement per run; see individual commit messages). Subsequent runs push additional commits to this PR rather than opening new ones."
else
echo "Open PR already exists for $GITHUB_REF_NAME — nothing to do."
fi
6 changes: 3 additions & 3 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,12 @@ jobs:
environment: pypi

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
with:
persist-credentials: false

- name: Set up Python
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
with:
python-version: "3.12"

Expand All @@ -38,4 +38,4 @@ jobs:
run: pip install twine && twine check dist/*

- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b
64 changes: 64 additions & 0 deletions .github/workflows/release-audit.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
name: release-audit

on:
pull_request:
branches: [main, master]
push:
branches: [main, master]
workflow_dispatch:

jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 (pinned)
with:
path: target

- name: Check out the shared release-audit harness
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 (pinned)
with:
repository: Coding-Dev-Tools/release-audit
path: harness
# Pin to a tag once a stable release is published; main is fine
# for now since the harness is small and self-contained.
ref: main

- name: Set up Python
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 (pinned)
with:
python-version: "3.11"

- name: Run the 8-angle release audit
working-directory: harness
env:
GITHUB_WORKSPACE: ${{ github.workspace }}
run: |
python audit.py "$GITHUB_WORKSPACE/target" --out-dir scorecard
python3 - <<'PY'
import json, os, pathlib
repo = pathlib.Path(os.environ["GITHUB_WORKSPACE"], "target").name
data = json.loads(pathlib.Path("scorecard", f"{repo}.json").read_text())
print("## Release Audit (8 angles)")
print()
print(f"**Overall grade: {data['overall_grade']}** ({data['angles_passing']}/{data['angles_total']} angles passing)")
print()
print("| Angle | Grade |")
print("|-------|-------|")
for a in data["angles"]:
print(f"| {a['angle']} | {a['grade']} |")
PY

- name: Fail on blockers
working-directory: harness
env:
GITHUB_WORKSPACE: ${{ github.workspace }}
run: |
python3 - <<'PY'
import json, os, pathlib, sys
repo = pathlib.Path(os.environ["GITHUB_WORKSPACE"], "target").name
data = json.loads(pathlib.Path("scorecard", f"{repo}.json").read_text())
if data["blockers"] > 0:
print(f"::error::{data['blockers']} release-blocker angle(s) — see audit output above")
sys.exit(1)
PY
38 changes: 38 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
<<<<<<< Updated upstream
# Byte-compiled
__pycache__/
*.py[cod]
Expand All @@ -18,3 +19,40 @@ build/
.DS_Store
Thumbs.db
.ruff_cache/

# Local opencode config
.agents/
=======
# Byte-compiled
__pycache__/
*.py[cod]
*.egg-info/
.coverage
.pytest_cache/
htmlcov/

# Build
dist/
build/

# IDE
.vscode/
.idea/

# OS
.DS_Store
Thumbs.db
.ruff_cache/

# Local opencode config
AGENTS.md
.agents/

# Added by release-prep
.env
node_modules

# Operational state (not for commit)
LEARNING/
_cowork_ops/
>>>>>>> Stashed changes
17 changes: 17 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.6.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml
- repo: https://github.com/psf/black
rev: 24.4.2
hooks:
- id: black
language_version: python3.11
- repo: https://github.com/astral-sh/ruff-pre-commit
rev: v0.5.5
hooks:
- id: ruff
args: [--fix]
30 changes: 30 additions & 0 deletions AGENTS.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# apiauth

## Purpose
CLI tool for API key and JWT lifecycle management with encrypted local store — generate, store, verify, rotate, and revoke keys with an encrypted local keystore.

## Build & Test Commands
- Install: `pip install -e .` or `pip install apiauth`
- Test: `pytest tests/` (or `python -m pytest tests/ -v --tb=short`)
- Lint: `ruff check src/ --target-version py310`
- Build: `pip wheel . --wheel-dir dist/`
- CLI check: `apiauth --version && apiauth --help`

## Architecture
Key directories:
- `src/apiauth/` — Main package (CLI, keystore, crypto, commands)
- `tests/` — Test suite
- `.github/workflows/` — CI/CD (auto-code-review.yml, ci.yml, publish.yml)
- `dist/` — Built distributions

## Conventions
- Language: Python 3.10+
- Test framework: pytest
- CI: GitHub Actions (matrix: Python 3.10, 3.11, 3.12, 3.13)
- Linting: ruff (line-length 120, target py310)
- Formatting: ruff
- Package layout: src/ layout with setuptools
- Type checking: py.typed included
- Dependencies: click, cryptography, pyjwt, rich, python-dateutil
- CLI entry point: apiauth.cli:cli
- Master branch: master
Loading
Loading