biston 0.2.0__tar.gz

biston-0.2.0/.github/dependabot.yml

@@ -0,0 +1,26 @@
+version: 2
+updates:
+  # Rust (Cargo) dependencies
+  - package-ecosystem: "cargo"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+      - "rust"
+    groups:
+      minor-and-patch:
+        update-types:
+          - "minor"
+          - "patch"
+
+  # GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"
+      - "ci"

biston-0.2.0/.github/workflows/audit.yml

@@ -0,0 +1,29 @@
+name: "Cargo Audit"
+
+on:
+  push:
+    paths:
+      - "Cargo.toml"
+      - "Cargo.lock"
+  pull_request:
+    paths:
+      - "Cargo.toml"
+      - "Cargo.lock"
+  schedule:
+    - cron: "0 0 * * *" # Daily at midnight UTC
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  audit:
+    name: Security Audit
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Run cargo-audit
+        uses: actions-rust-lang/audit@v1

biston-0.2.0/.github/workflows/cargo-deny.yml

@@ -0,0 +1,35 @@
+name: "Cargo Deny"
+
+on:
+  push:
+    branches: ["main"]
+    paths:
+      - "Cargo.lock"
+      - "Cargo.toml"
+      - "deny.toml"
+  pull_request:
+    paths:
+      - "Cargo.lock"
+      - "Cargo.toml"
+      - "deny.toml"
+
+permissions:
+  contents: read
+
+jobs:
+  deny:
+    name: ${{ matrix.check }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        check: [bans, licenses, sources]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Run cargo-deny (${{ matrix.check }})
+        uses: EmbarkStudios/cargo-deny-action@v2
+        with:
+          command: check ${{ matrix.check }}
+          arguments: --all-features

biston-0.2.0/.github/workflows/codeql.yml

@@ -0,0 +1,42 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: ["main"]
+    paths:
+      - "src/**"
+      - "Cargo.toml"
+      - "Cargo.lock"
+  pull_request:
+    branches: ["main"]
+    paths:
+      - "src/**"
+      - "Cargo.toml"
+      - "Cargo.lock"
+  schedule:
+    - cron: "0 6 * * 1" # Weekly on Monday at 06:00 UTC
+
+permissions:
+  security-events: write
+  packages: read
+  actions: read
+  contents: read
+
+jobs:
+  analyze:
+    name: Analyze Rust
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: rust
+          build-mode: none
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v4
+        with:
+          category: "/language:rust"

biston-0.2.0/.github/workflows/release.yml

@@ -0,0 +1,114 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+jobs:
+  build-wheels:
+    name: Build wheels on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-14, windows-latest]
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Build wheels
+        uses: PyO3/maturin-action@v1
+        with:
+          args: --release --strip
+          manylinux: 2_28
+
+      - name: Upload wheels
+        uses: actions/upload-artifact@v7
+        with:
+          name: wheels-${{ matrix.os }}
+          path: target/wheels/*.whl
+
+  build-sdist:
+    name: Build source distribution
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Set up Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: '3.11'
+
+      - name: Install maturin
+        run: pip install maturin
+
+      - name: Build sdist
+        run: maturin sdist
+
+      - name: Upload sdist
+        uses: actions/upload-artifact@v7
+        with:
+          name: sdist
+          path: target/wheels/*.tar.gz
+
+  create-release:
+    name: Create GitHub Release
+    needs: [build-wheels, build-sdist]
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/')
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Download all artifacts
+        uses: actions/download-artifact@v8
+        with:
+          path: dist
+
+      - name: Flatten artifacts
+        run: |
+          mkdir -p wheels
+          find dist -name '*.whl' -exec cp {} wheels/ \;
+          find dist -name '*.tar.gz' -exec cp {} wheels/ \;
+
+      - name: Create Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: wheels/*
+          generate_release_notes: true
+          draft: false
+          prerelease: false
+
+  publish-to-pypi:
+    name: Publish to PyPI
+    needs: [build-wheels, build-sdist, create-release]
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push'
+    environment:
+      name: pypi
+      url: https://pypi.org/p/biston
+    permissions:
+      id-token: write
+    steps:
+      - name: Download all artifacts
+        uses: actions/download-artifact@v8
+        with:
+          path: dist
+
+      - name: Flatten artifacts
+        run: |
+          mkdir -p wheels
+          find dist -name '*.whl' -exec cp {} wheels/ \;
+          find dist -name '*.tar.gz' -exec cp {} wheels/ \;
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          packages-dir: wheels/
+          skip-existing: true

biston-0.2.0/.github/workflows/review.yml

@@ -0,0 +1,64 @@
+name: Code Review
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "src/**"
+      - "tests/**"
+      - "Cargo.toml"
+      - "Cargo.lock"
+      - "rust-toolchain.toml"
+      - "clippy.toml"
+      - "rustfmt.toml"
+  pull_request:
+    paths:
+      - "src/**"
+      - "tests/**"
+      - "Cargo.toml"
+      - "Cargo.lock"
+      - "rust-toolchain.toml"
+      - "clippy.toml"
+      - "rustfmt.toml"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  fmt:
+    name: Formatting
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          components: rustfmt
+      - run: cargo fmt --all --check
+
+  clippy:
+    name: Clippy
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          components: clippy
+      - uses: Swatinem/rust-cache@v2
+      - run: cargo clippy --all-targets --all-features -- -D warnings
+
+  test:
+    name: Tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@v2
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.11"
+      - run: cargo test --all-features

biston-0.2.0/.gitignore

@@ -0,0 +1,71 @@
+# Rust
+/target/
+**/*.rs.bk
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Virtual environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Logs
+*.log
+
+# Temporary files
+*.tmp
+*.temp
+.cache/
+
+# maturin / PyO3
+*.so
+*.pyd
+.eggs/
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/

biston-0.2.0/CLAUDE.md

@@ -0,0 +1,80 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+biston is a tool for analyzing Python code. It's a hybrid Rust/Python project that builds a Rust binary (`biston`) but packages it as a Python package using maturin for easy distribution via pip/uv.
+
+## Common Commands
+
+```bash
+# Pre-commit checks (always run before committing)
+cargo fmt --check && cargo clippy --all-targets --all-features -- -D warnings && cargo test --all-features
+
+# Run tests
+cargo test
+
+# Build and install locally for testing
+maturin develop
+
+# Full review (fmt, clippy, tests, audit, deny)
+make review
+```
+
+## Development Workflow
+
+All features and bug fixes follow TDD (red-green-refactor). No implementation code without a failing test first. Bug fixes must include a regression test that fails without the fix.
+
+## Test Changes Require Deliberation
+
+When a test fails during implementation:
+
+1. **Stop and diagnose.** Understand WHY it fails before changing anything.
+2. **Default assumption: the test is right.** Fix the implementation first.
+3. **If the test genuinely needs updating** (requirements changed, API evolved), explain what changed and why the old assertion is no longer correct before modifying it.
+4. **Never weaken an assertion just to make it pass.**
+5. **If uncertain, ask.**
+
+## Branch Hygiene
+
+**Always merge `main` into your feature branch before creating a PR.** Run:
+
+```bash
+git fetch origin main && git merge origin/main
+```
+
+Then re-run the full check suite to verify the merge didn't introduce breakage.
+
+## When Stuck
+
+If hitting a wall:
+1. Do not silently work around it — state the problem explicitly.
+2. Do not attempt more than 3 approaches without reporting what was tried and why each failed.
+3. Do not modify unrelated code hoping it fixes the issue.
+4. Revert to last known good state if changes made things worse.
+5. When in doubt, ask.
+
+## Review Before Completing Work
+
+Before marking any task as complete:
+
+1. **Automated checks** (run automatically via prek pre-commit hook on `git commit`):
+   - `cargo fmt --all -- --check`
+   - `cargo clippy --all-targets --all-features -- -D warnings`
+   - `cargo test --all-features --bins`
+
+2. **Deep review** (REQUIRED for all significant changes):
+   - Run the `rust-review` skill (`/rust-review`) before marking work as complete
+   - Address all 🔴 Must Fix items before completing
+   - Address 🟡 Should Fix items unless there's a documented reason not to
+
+3. **Full review** (run before pushing):
+   - `make review`
+
+### Code Rules
+- No `.unwrap()` outside tests — use `.context()` when propagating errors with `?`
+- No `MutexGuard` held across `.await`
+- Prefer `&str`/`&[T]`/`&Path` over owned types in function parameters when ownership isn't needed
+- Tests must assert on values, not just "runs without panic"
+- Flaky tests need root-cause analysis, not looser assertions