create-maa-project 0.1.0__py3-none-any.whl

create_maa_project/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.1.0"

create_maa_project/__main__.py

@@ -0,0 +1,218 @@
+from __future__ import annotations
+
+import hashlib
+import json
+import os
+import platform
+import subprocess
+import sys
+import urllib.request
+from urllib.parse import urlparse
+from pathlib import Path
+from typing import Optional
+
+from . import __version__
+from .release_manifest import RELEASE_MANIFEST_SHA256
+
+RELEASE_REPOSITORY = "Windsland52/create-maa-project"
+
+
+def main() -> None:
+    try:
+        binary = ensure_binary()
+    except RuntimeError as error:
+        raise SystemExit(fallback_message(error))
+
+    try:
+        raise SystemExit(subprocess.call([str(binary), *sys.argv[1:]]))
+    except OSError as error:
+        raise SystemExit(execution_failure_message(binary, error))
+
+
+def fallback_message(error: RuntimeError) -> str:
+    return (
+        f"{error}\n"
+        "Install Node.js and run `npx create-maa-project`, or run the TypeScript CLI from source. "
+        "The PyPI wrapper does not install Node.js or invoke npx automatically."
+    )
+
+
+def execution_failure_message(
+    binary: Path,
+    error: OSError,
+    system_name: Optional[str] = None,
+) -> str:
+    message = [
+        f"Unable to run downloaded create-maa-project binary at {binary}: {error}",
+        "Check that the cached binary is executable and has not been blocked by the operating system.",
+    ]
+    if (system_name or platform.system()) == "Windows":
+        message.extend(
+            [
+                "On Windows, check the PowerShell execution policy used by your shell, "
+                "confirm uvx or pipx is available on PATH if you launched through it, "
+                "and unblock the downloaded .exe if Windows marked it as downloaded from the Internet.",
+                "The PyPI wrapper does not modify PowerShell execution policy.",
+            ]
+        )
+    message.append("You can also install Node.js and run `npx create-maa-project`, or run the TypeScript CLI from source.")
+    return "\n".join(message)
+
+
+def ensure_binary() -> Path:
+    cache_dir = Path(os.getenv("CREATE_MAA_PROJECT_CACHE", Path.home() / ".cache" / "create-maa-project"))
+    target = cache_dir / __version__ / binary_name()
+    if cached_binary_is_valid(target):
+        return target
+    if not RELEASE_MANIFEST_SHA256:
+        raise RuntimeError(
+            "PyPI wrapper is missing the trusted CLI release manifest digest. "
+            "Install Node.js and run `npx create-maa-project`, or use an official release wheel."
+        )
+
+    manifest_url = (
+        f"https://github.com/{RELEASE_REPOSITORY}/releases/download/v{__version__}/"
+        "create-maa-project-manifest.json"
+    )
+    try:
+        manifest_bytes = download(manifest_url)
+    except OSError as error:
+        raise RuntimeError(
+            "Unable to download create-maa-project binary. Install Node.js and run "
+            "`npx create-maa-project`, or retry with network access."
+        ) from error
+
+    digest = hashlib.sha256(manifest_bytes).hexdigest()
+    if digest != RELEASE_MANIFEST_SHA256:
+        raise RuntimeError("Downloaded CLI release manifest failed sha256 verification.")
+
+    manifest = parse_manifest(manifest_bytes)
+    validate_manifest_version(manifest)
+    asset = select_asset(manifest)
+    try:
+        binary_bytes = download(asset["url"])
+    except OSError as error:
+        raise RuntimeError(
+            "Unable to download create-maa-project binary asset. Retry with network access."
+        ) from error
+    binary_digest = hashlib.sha256(binary_bytes).hexdigest()
+    if binary_digest != asset["sha256"]:
+        raise RuntimeError("Downloaded CLI binary failed sha256 verification.")
+
+    target.parent.mkdir(parents=True, exist_ok=True)
+    target.write_bytes(binary_bytes)
+    binary_digest_path(target).write_text(f"{binary_digest}\n", encoding="utf8")
+    target.chmod(0o755)
+    return target
+
+
+def cached_binary_is_valid(target: Path) -> bool:
+    if not target.exists():
+        return False
+    digest_path = binary_digest_path(target)
+    if not digest_path.exists():
+        return False
+    try:
+        expected_digest = digest_path.read_text(encoding="utf8").strip()
+        actual_digest = hashlib.sha256(target.read_bytes()).hexdigest()
+    except OSError:
+        return False
+    try:
+        validate_sha256(expected_digest)
+    except RuntimeError:
+        return False
+    return actual_digest == expected_digest
+
+
+def binary_digest_path(target: Path) -> Path:
+    return target.with_name(f"{target.name}.sha256")
+
+
+def binary_name() -> str:
+    suffix = ".exe" if platform.system() == "Windows" else ""
+    return f"create-maa-project{suffix}"
+
+
+def parse_manifest(manifest_bytes: bytes) -> dict[str, object]:
+    try:
+        manifest = json.loads(manifest_bytes)
+    except json.JSONDecodeError as error:
+        raise RuntimeError("Downloaded CLI release manifest is not valid JSON.") from error
+    if not isinstance(manifest, dict):
+        raise RuntimeError("Downloaded CLI release manifest must be a JSON object.")
+    return manifest
+
+
+def validate_manifest_version(manifest: dict[str, object]) -> None:
+    version = manifest_version(manifest)
+    if version != __version__:
+        raise RuntimeError(
+            f"CLI release manifest version {version or '<missing>'} does not match "
+            f"PyPI wrapper version {__version__}."
+        )
+
+
+def select_asset(
+    manifest: dict[str, object],
+    system_name: Optional[str] = None,
+    machine_name: Optional[str] = None,
+) -> dict[str, str]:
+    validate_manifest_version(manifest)
+    system = {"Windows": "win", "Linux": "linux", "Darwin": "macos"}.get(system_name or platform.system())
+    machine = (machine_name or platform.machine()).lower()
+    arch = "aarch64" if machine in {"arm64", "aarch64"} else "x86_64"
+    for asset in manifest.get("assets", []):
+        if not isinstance(asset, dict):
+            continue
+        if asset.get("os") == system and asset.get("arch") == arch and asset.get("kind") == "sea":
+            asset_version = manifest_version(asset)
+            if asset_version != __version__:
+                raise RuntimeError(
+                    f"CLI binary asset version {asset_version or '<missing>'} does not match "
+                    f"PyPI wrapper version {__version__}."
+                )
+            url = asset_string(asset, "url")
+            sha256 = asset_string(asset, "sha256")
+            validate_asset_url(url)
+            validate_sha256(sha256)
+            return {
+                "url": url,
+                "sha256": sha256,
+            }
+    raise RuntimeError(f"No CLI binary is available for {system}/{arch}.")
+
+
+def manifest_version(manifest: dict[str, object]) -> str:
+    for key in ("version", "tag"):
+        value = manifest.get(key)
+        if isinstance(value, str) and value:
+            return value[1:] if value.startswith("v") else value
+    return ""
+
+
+def asset_string(asset: dict[str, object], key: str) -> str:
+    value = asset.get(key)
+    if not isinstance(value, str) or not value:
+        raise RuntimeError(f"CLI binary asset must include a non-empty {key}.")
+    return value
+
+
+def validate_asset_url(url: str) -> None:
+    parsed = urlparse(url)
+    if parsed.scheme != "https" or not parsed.netloc:
+        raise RuntimeError("CLI binary asset must include an https URL.")
+
+
+def validate_sha256(value: str) -> None:
+    if len(value) != 64 or any(char not in "0123456789abcdefABCDEF" for char in value):
+        raise RuntimeError("CLI binary asset must include a 64-character sha256 digest.")
+
+
+def download(url: str) -> bytes:
+    request = urllib.request.Request(url, headers={"User-Agent": f"create-maa-project/{__version__}"})
+    with urllib.request.urlopen(request, timeout=30) as response:
+        return response.read()
+
+
+if __name__ == "__main__":
+    main()

create_maa_project/release_manifest.py

@@ -0,0 +1,2 @@
+# Filled by the release workflow when publishing the PyPI wrapper.
+RELEASE_MANIFEST_SHA256 = "62b98efc13c404ef204457e802c42317efecaca9a7fe6a5cd63a10611f1874a6"

create_maa_project-0.1.0.dist-info/METADATA

@@ -0,0 +1,51 @@
+Metadata-Version: 2.4
+Name: create-maa-project
+Version: 0.1.0
+Summary: PyPI wrapper for create-maa-project
+License-File: LICENSE
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+
+# create-maa-project
+
+MaaFW pure pipeline project scaffolding CLI.
+
+```bash
+npx create-maa-project my-project
+```
+
+Current implementation covers the local pipeline scaffold core:
+
+- interactive create flow without LLM
+- default `resource/base` project shape
+- committed `maa-project.json` and `maa-project.lock.json`
+- project-owned files such as `interface.json`, `package.json`, `tasks/`, `resource/`, editor ignores/settings, and OCR model files are created once instead of managed as template baselines
+- metadata sync for interface, package, controller, license, network mode, display name, and validated GitHub repository URLs
+- managed file hash checks through `--doctor` and `--diff`
+- `--accept-changes [path...]` to accept selected or all changed managed files
+- accepted local baseline reporting in `--doctor` and generated `tools/check-project.mjs`
+- `--update node-deps` dependency refresh with successful pending-action cleanup
+- `--update schema` refreshes the generated project from the CLI's embedded schema baseline
+- runtime updates resolve MaaFramework and MFAAvalonia assets from GitHub Releases, verify GitHub-provided sha256 digests, cache MFAAvalonia GUI files for release staging, and extract MaaFramework into the generated runtime layout
+- `pnpm sync:runtime` in generated projects calls `create-maa-project --update maafw --update runtime:mfa`; set `CREATE_MAA_PROJECT_RUNTIME_PLATFORM=all` to sync every desktop platform instead of the current platform
+- default asset downloads retry transient network failures; set `CREATE_MAA_PROJECT_DOWNLOAD_ATTEMPTS=<n>` to override the default
+- OCR downloads can be seeded for local/offline verification with `CREATE_MAA_PROJECT_OCR_ZIP_PATH`
+- OCR model updates use a verified manifest from `CREATE_MAA_PROJECT_OCR_MANIFEST_URL` when configured, with the existing OCR zip as fallback
+- explicit schema baseline sync through `pnpm sync:schema`, plus generated daily schema-sync workflow
+- CLI project creation attempts OCR model download and `pnpm install` by default, keeping actionable pending items if either fails
+- conservative `--update template` with `--update template --diff` preview and `--force` overwrite
+- generated project lint and release dry-run smoke checks, including pending-action, pnpm lockfile, VS Code settings, and interface schema guards
+- release staging through generated `tools/build-release.mjs`, with MFAAvalonia GUI files laid down first, MaaFramework runtime overlaid after it, package-only `interface.json` rewriting, tag-based version injection, dev-file exclusion, package smoke checks, and Unix tar executable metadata smoke in the release workflow
+- default release workflow packages the 3 OS x 2 arch desktop artifact matrix using M9A-style GUI suffixes such as `-MFAA`: Windows zip artifacts, plus Linux/macOS tar.gz artifacts; MFAAvalonia runtime sync uses its upstream `win/linux/osx` and `x64/arm64` asset matrix separately
+- explicit `--git`/`--no-git` creation flow with parent-repository and pending-commit guards
+- write lock, explicit stale-lock cleanup, local backups for file overwrites and non-empty target directories, cache cleanup, and backup restore
+
+Schema syncing is explicit and workflow-based rather than part of build.
+
+## Release
+
+Pushing a `v*` tag runs `.github/workflows/release.yml`. The workflow checks the
+repo, builds the npm package, builds SEA binaries for Windows/Linux/macOS on
+`x86_64` and `aarch64`, writes `create-maa-project-manifest.json`, publishes the
+GitHub Release assets, publishes npm, then builds the PyPI wrapper with the
+release manifest digest embedded and publishes it through trusted publishing.

create_maa_project-0.1.0.dist-info/RECORD

@@ -0,0 +1,8 @@
+create_maa_project/__init__.py,sha256=kUR5RAFc7HCeiqdlX36dZOHkUI5wI6V_43RpEcD8b-0,22
+create_maa_project/__main__.py,sha256=DQsHMyZ8gPPsRvhW4LtJVNRvj7jOEo3MvO0jwJht3fo,7754
+create_maa_project/release_manifest.py,sha256=JgTv0l2RA5aTjalwYwLycu7GSSsMsSLZa7tShi92eyE,160
+create_maa_project-0.1.0.dist-info/METADATA,sha256=gvN8d3hVkfCyOkQiqRzOERqVs5nzxlE150WvlVXa1V8,3847
+create_maa_project-0.1.0.dist-info/WHEEL,sha256=mffPy8wBnZQn2VnJUU5jE99KsxaSfiyMHV9Yt0aLVxs,87
+create_maa_project-0.1.0.dist-info/entry_points.txt,sha256=Ixyerv6d0PGlLSIDuSOanwYXWQAQk-FjfhufgYbhocw,72
+create_maa_project-0.1.0.dist-info/licenses/LICENSE,sha256=jUvKLUlcNGeNxq6tetag2sJFRnMroZ05HuigHZMXOQI,18
+create_maa_project-0.1.0.dist-info/RECORD,,

create_maa_project-0.1.0.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.30.1
+Root-Is-Purelib: true
+Tag: py3-none-any

create_maa_project-0.1.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+create-maa-project = create_maa_project.__main__:main

create_maa_project-0.1.0.dist-info/licenses/LICENSE

@@ -0,0 +1 @@
+AGPL-3.0-or-later