datamasque-cli 1.0.0__tar.gz → 1.2.0__tar.gz

datamasque_cli-1.2.0/.claude-plugin/marketplace.json

@@ -0,0 +1,21 @@
+{
+  "name": "datamasque-tools",
+  "owner": { "name": "DataMasque" },
+  "plugins": [
+    {
+      "name": "datamasque-cli",
+      "source": "./claude-skills/datamasque-cli",
+      "description": "DataMasque command-line interface integration. Drive DataMasque from Claude Code: list connections, kick off runs, stream logs, download reports."
+    },
+    {
+      "name": "ruleset-builder",
+      "source": "./claude-skills/ruleset-builder",
+      "description": "Convert auto-generated DataMasque rulesets into production-ready form. Validate and iterate."
+    },
+    {
+      "name": "ruleset-splitter",
+      "source": "./claude-skills/ruleset-splitter",
+      "description": "Consolidate multi-file DataMasque rulesets for editing, then re-split them back out."
+    }
+  ]
+}

datamasque_cli-1.2.0/CHANGELOG.md

@@ -0,0 +1,69 @@
+# Changelog
+
+## v1.2.0
+
+### Added
+- `dm ifm` command group
+  for managing in-flight masking ruleset plans
+  and running mask operations against the IFM service:
+  - `dm ifm list` —
+    list all IFM ruleset plans.
+  - `dm ifm get <name>` —
+    show plan metadata,
+    or the ruleset YAML with `--yaml`.
+  - `dm ifm create --name <name> --file <yaml>` —
+    create a plan from a YAML ruleset,
+    with optional `--enabled/--disabled` and `--log-level`.
+  - `dm ifm update <name>` —
+    update a plan;
+    pass any of `--file`, `--enabled/--disabled`, `--log-level`
+    and only those fields are sent.
+  - `dm ifm delete <name>` —
+    delete a plan
+    (interactive confirm,
+    or `--yes` to skip).
+  - `dm ifm mask <name> --data <file|->` —
+    mask a JSON list of records against a plan,
+    with `--disable-instance-secret`,
+    `--run-secret`,
+    `--log-level`,
+    `--request-id`,
+    and `--json/--no-json` (NDJSON) output.
+  - `dm ifm verify-token` —
+    verify the current IFM token and list its scopes.
+
+  Authentication reuses your existing `dm` profile credentials
+  via the SDK's `DataMasqueIfmClient`,
+  which transparently exchanges admin-server credentials for an IFM JWT.
+
+## v1.1.0
+
+### Added
+- `dm catalog` command — emits the full subcommand tree as JSON for agent
+  introspection. `--compact` for `{path, help}` only (~1.4kB), default for
+  full options/arguments.
+- Auto-detection of agent context: output flips to JSON automatically when
+  stdout is not a TTY, when `DM_OUTPUT=json` is set, or when the
+  vendor-neutral `AI_AGENT` env var is present. `DM_OUTPUT=table` forces
+  human output.
+- Structured error envelope on stderr in agent mode:
+  `{"error": {"code": "...", "message": "...", "hint": "..."}}` — stdout
+  stays empty on failure so downstream pipes don't trip.
+
+### Changed
+- Exit codes are now differentiated by error category. Previously every
+  error returned 1; now: `not_found`=3, `invalid_input`=4, `ambiguous`=5,
+  `auth_required`=6, `auth_failed`=7, `conflict`=8, `transport_error`=9.
+  `error` (unclassified) remains 1; 2 is reserved for typer/click usage
+  errors. Stable across minor versions.
+- Long values (UUIDs especially) now fold across lines in table output
+  rather than being silently truncated with `…` in narrow terminals.
+
+### Internal
+- `ErrorCode` and `ConnectionType` are now `StrEnum`s; the abort code arg
+  is type-checked at edit time and the connection-type "Valid: ..." hint
+  is generated from the enum.
+
+## v1.0.0
+
+Initial release.

{datamasque_cli-1.0.0 → datamasque_cli-1.2.0}/CONTRIBUTING.md

@@ -185,13 +185,10 @@ Each target runs `make check`,
 bumps the version in `pyproject.toml`,
 refreshes `uv.lock`,
 commits, tags, and pushes.
-CI handles the publish.
+CI handles the publish to PyPI.
 
-To publish manually without bumping:
-
-```console
-make publish
-```
+To smoke-test a release against TestPyPI without tagging,
+trigger the `Release (TestPyPI)` workflow manually from the GitHub Actions tab.
 
 ## Toolchain
 

{datamasque_cli-1.0.0 → datamasque_cli-1.2.0}/Makefile

@@ -1,4 +1,4 @@
-.PHONY: install lint format mypy test test-integration test-integration-local check build publish release-patch release-minor release-major
+.PHONY: install lint format mypy test test-integration test-integration-local check build release-patch release-minor release-major
 
 install:
 	uv sync
@@ -33,9 +33,6 @@ format-check:
 build:
 	uv build
 
-publish: check build
-	uv publish --index datamasque-private-pypi -u "" -p "" dist/*
-
 # Bump version, commit, tag, push — CI publishes automatically.
 # Usage: make release-patch  (0.1.0 → 0.1.1)
 #        make release-minor  (0.1.0 → 0.2.0)
@@ -47,7 +44,7 @@ release-patch: check
 	git commit -m "Release v$(VERSION)"
 	git tag "v$(VERSION)"
 	git push && git push --tags
-	@echo "Released v$(VERSION) — CI will publish to pypi.dtq.tools"
+	@echo "Released v$(VERSION) — CI will publish to PyPI (https://pypi.org/p/datamasque-cli)"
 
 release-minor: check
 	$(eval VERSION := $(shell python3 scripts/bump_version.py minor))
@@ -56,7 +53,7 @@ release-minor: check
 	git commit -m "Release v$(VERSION)"
 	git tag "v$(VERSION)"
 	git push && git push --tags
-	@echo "Released v$(VERSION) — CI will publish to pypi.dtq.tools"
+	@echo "Released v$(VERSION) — CI will publish to PyPI (https://pypi.org/p/datamasque-cli)"
 
 release-major: check
 	$(eval VERSION := $(shell python3 scripts/bump_version.py major))
@@ -65,4 +62,4 @@ release-major: check
 	git commit -m "Release v$(VERSION)"
 	git tag "v$(VERSION)"
 	git push && git push --tags
-	@echo "Released v$(VERSION) — CI will publish to pypi.dtq.tools"
+	@echo "Released v$(VERSION) — CI will publish to PyPI (https://pypi.org/p/datamasque-cli)"

{datamasque_cli-1.0.0 → datamasque_cli-1.2.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: datamasque-cli
-Version: 1.0.0
+Version: 1.2.0
 Summary: Official command-line interface for the DataMasque data-masking platform.
 Project-URL: Homepage, https://datamasque.com/
 Project-URL: Repository, https://github.com/datamasque/datamasque-cli
@@ -39,6 +39,7 @@ so teams can use production-shaped data in non-production environments without e
 DataMasque CLI `dm` covers:
 
 - connections, rulesets, ruleset libraries, and masking runs
+- in-flight masking (IFM) ruleset plans and on-demand mask requests
 - schema discovery and sensitive-data discovery
 - users, files, and DataMasque instance administration
 
@@ -89,6 +90,26 @@ dm run logs 42 --follow
 `dm run start` and `dm run wait` block until the run finishes.
 Pass `--background` to `start` to skip the wait.
 
+## Claude Code skills
+
+The [`claude-skills/`](claude-skills/) directory ships three
+[Claude Code](https://claude.com/claude-code) plugins that drive `dm` on your behalf:
+
+- **`datamasque-cli`** — operate a DataMasque instance (start runs, list connections, fetch discovery reports).
+- **`ruleset-builder`** — turn auto-generated rulesets into production-ready ones.
+- **`ruleset-splitter`** — join many-file rulesets into one file for editing, then re-split.
+
+Install via the Claude Code plugin marketplace:
+
+```
+/plugin marketplace add datamasque/datamasque-cli
+/plugin install datamasque-cli@datamasque-tools
+/plugin install ruleset-builder@datamasque-tools
+/plugin install ruleset-splitter@datamasque-tools
+```
+
+See [`claude-skills/README.md`](claude-skills/README.md) for more.
+
 ## Shell completion
 
 `dm` provides built-in completion for bash, zsh, and fish:
@@ -176,6 +197,26 @@ dm libraries validate <name>                      # Re-validate against current
 dm libraries usage <name>                         # Show rulesets using it
 ```
 
+### In-flight masking
+
+The IFM service runs alongside the admin server,
+reached at `<DataMasque URL>/ifm` via the standard nginx topology.
+
+```console
+dm ifm list                                            # List ruleset plans
+dm ifm get <name>                                      # Show plan metadata
+dm ifm get <name> --yaml                               # Print the ruleset YAML
+dm ifm create --name myplan --file rules.yaml          # Create (server suffixes a random string to the name)
+dm ifm create --name myplan --file rules.yaml --disabled --log-level DEBUG
+dm ifm update <name> --file rules.yaml                 # Replace the ruleset YAML
+dm ifm update <name> --enabled                         # Toggle without re-sending the YAML
+dm ifm update <name> --log-level INFO
+dm ifm delete <name> --yes                             # Delete a plan
+dm ifm mask <name> --data input.json                   # Mask a JSON list of records
+dm ifm mask <name> --data -                            # Read records from stdin
+dm ifm verify-token                                    # Show scopes granted to the current IFM token
+```
+
 ### Masking runs
 
 ```console
@@ -249,6 +290,56 @@ STATUS=$(dm run status 42 --json | jq -r '.status')
 dm rulesets get myruleset --json | jq -r '.yaml' > ruleset.yaml
 ```
 
+JSON is also emitted automatically when:
+
+- `stdout` is not a TTY (piped or captured),
+- `DM_OUTPUT=json` is set in the environment, or
+- a vendor-neutral `AI_AGENT` env var is set (e.g. by Claude Code).
+
+Set `DM_OUTPUT=table` to force human-readable output regardless of context.
+
+## Agent / scripting interface
+
+For programmatic use (CI, AI coding agents, shell scripts), the CLI exposes
+a discovery command and a stable error contract.
+
+### Command catalog
+
+`dm catalog` dumps every visible subcommand as JSON so an agent can introspect
+the surface without paging through `--help` screens:
+
+```console
+dm catalog --compact   # ~1.4kB — {path, help} per command
+dm catalog             # full — also includes options and arguments
+```
+
+### Structured errors
+
+In agent mode, errors are emitted as a JSON envelope on stderr (stdout stays
+empty on failure):
+
+```json
+{"error": {"code": "not_found", "message": "Connection 'foo' not found.", "hint": "Run dm connections list."}}
+```
+
+### Exit codes
+
+| Code | Meaning           | When                                           |
+| ---: | ----------------- | ---------------------------------------------- |
+|    0 | success           | command completed                              |
+|    1 | error             | unclassified failure                           |
+|    2 | usage error       | unknown flag or missing argument (typer/click) |
+|    3 | not_found         | resource lookup failed                         |
+|    4 | invalid_input     | argument values rejected                       |
+|    5 | ambiguous         | name matched multiple resources                |
+|    6 | auth_required     | no credentials configured                      |
+|    7 | auth_failed       | credentials rejected by server                 |
+|    8 | conflict          | operation rejected by server state             |
+|    9 | transport_error   | network or TLS failure                         |
+
+Exit codes are stable across minor versions. The `error.code` string in the
+JSON envelope mirrors these names.
+
 ## Documentation
 
 Documentation for the DataMasque product,

{datamasque_cli-1.0.0 → datamasque_cli-1.2.0}/README.md

@@ -9,6 +9,7 @@ so teams can use production-shaped data in non-production environments without e
 DataMasque CLI `dm` covers:
 
 - connections, rulesets, ruleset libraries, and masking runs
+- in-flight masking (IFM) ruleset plans and on-demand mask requests
 - schema discovery and sensitive-data discovery
 - users, files, and DataMasque instance administration
 
@@ -59,6 +60,26 @@ dm run logs 42 --follow
 `dm run start` and `dm run wait` block until the run finishes.
 Pass `--background` to `start` to skip the wait.
 
+## Claude Code skills
+
+The [`claude-skills/`](claude-skills/) directory ships three
+[Claude Code](https://claude.com/claude-code) plugins that drive `dm` on your behalf:
+
+- **`datamasque-cli`** — operate a DataMasque instance (start runs, list connections, fetch discovery reports).
+- **`ruleset-builder`** — turn auto-generated rulesets into production-ready ones.
+- **`ruleset-splitter`** — join many-file rulesets into one file for editing, then re-split.
+
+Install via the Claude Code plugin marketplace:
+
+```
+/plugin marketplace add datamasque/datamasque-cli
+/plugin install datamasque-cli@datamasque-tools
+/plugin install ruleset-builder@datamasque-tools
+/plugin install ruleset-splitter@datamasque-tools
+```
+
+See [`claude-skills/README.md`](claude-skills/README.md) for more.
+
 ## Shell completion
 
 `dm` provides built-in completion for bash, zsh, and fish:
@@ -146,6 +167,26 @@ dm libraries validate <name>                      # Re-validate against current
 dm libraries usage <name>                         # Show rulesets using it
 ```
 
+### In-flight masking
+
+The IFM service runs alongside the admin server,
+reached at `<DataMasque URL>/ifm` via the standard nginx topology.
+
+```console
+dm ifm list                                            # List ruleset plans
+dm ifm get <name>                                      # Show plan metadata
+dm ifm get <name> --yaml                               # Print the ruleset YAML
+dm ifm create --name myplan --file rules.yaml          # Create (server suffixes a random string to the name)
+dm ifm create --name myplan --file rules.yaml --disabled --log-level DEBUG
+dm ifm update <name> --file rules.yaml                 # Replace the ruleset YAML
+dm ifm update <name> --enabled                         # Toggle without re-sending the YAML
+dm ifm update <name> --log-level INFO
+dm ifm delete <name> --yes                             # Delete a plan
+dm ifm mask <name> --data input.json                   # Mask a JSON list of records
+dm ifm mask <name> --data -                            # Read records from stdin
+dm ifm verify-token                                    # Show scopes granted to the current IFM token
+```
+
 ### Masking runs
 
 ```console
@@ -219,6 +260,56 @@ STATUS=$(dm run status 42 --json | jq -r '.status')
 dm rulesets get myruleset --json | jq -r '.yaml' > ruleset.yaml
 ```
 
+JSON is also emitted automatically when:
+
+- `stdout` is not a TTY (piped or captured),
+- `DM_OUTPUT=json` is set in the environment, or
+- a vendor-neutral `AI_AGENT` env var is set (e.g. by Claude Code).
+
+Set `DM_OUTPUT=table` to force human-readable output regardless of context.
+
+## Agent / scripting interface
+
+For programmatic use (CI, AI coding agents, shell scripts), the CLI exposes
+a discovery command and a stable error contract.
+
+### Command catalog
+
+`dm catalog` dumps every visible subcommand as JSON so an agent can introspect
+the surface without paging through `--help` screens:
+
+```console
+dm catalog --compact   # ~1.4kB — {path, help} per command
+dm catalog             # full — also includes options and arguments
+```
+
+### Structured errors
+
+In agent mode, errors are emitted as a JSON envelope on stderr (stdout stays
+empty on failure):
+
+```json
+{"error": {"code": "not_found", "message": "Connection 'foo' not found.", "hint": "Run dm connections list."}}
+```
+
+### Exit codes
+
+| Code | Meaning           | When                                           |
+| ---: | ----------------- | ---------------------------------------------- |
+|    0 | success           | command completed                              |
+|    1 | error             | unclassified failure                           |
+|    2 | usage error       | unknown flag or missing argument (typer/click) |
+|    3 | not_found         | resource lookup failed                         |
+|    4 | invalid_input     | argument values rejected                       |
+|    5 | ambiguous         | name matched multiple resources                |
+|    6 | auth_required     | no credentials configured                      |
+|    7 | auth_failed       | credentials rejected by server                 |
+|    8 | conflict          | operation rejected by server state             |
+|    9 | transport_error   | network or TLS failure                         |
+
+Exit codes are stable across minor versions. The `error.code` string in the
+JSON envelope mirrors these names.
+
 ## Documentation
 
 Documentation for the DataMasque product,

datamasque_cli-1.2.0/claude-skills/README.md

@@ -0,0 +1,60 @@
+# Claude Code skills
+
+- **`datamasque-cli/`** —
+teaches Claude how to operate a DataMasque instance with `dm`:
+  - authenticate,
+  - list connections,
+  - start runs,
+  - fetch discovery reports.
+- **`ruleset-builder/`** —
+turns auto-generated rulesets into production-ready ones:
+  - extracts a `ruleset_library`,
+  - adds `hash_columns`,
+  - applies `skip_defaults`,
+  - validates.
+- **`ruleset-splitter/`** —
+joins DataMasque's many-file generated rulesets into one file for editing, then re-splits back to the original filenames.
+
+## Install
+
+In [Claude Code](https://claude.com/claude-code), add this repo as a plugin marketplace and install the plugins you want:
+
+```
+/plugin marketplace add datamasque/datamasque-cli
+/plugin install datamasque-cli@datamasque-tools
+/plugin install ruleset-builder@datamasque-tools
+/plugin install ruleset-splitter@datamasque-tools
+```
+
+## Uninstall
+
+```
+/plugin uninstall datamasque-cli@datamasque-tools
+/plugin uninstall ruleset-builder@datamasque-tools
+/plugin uninstall ruleset-splitter@datamasque-tools
+```
+
+## Working on these skills locally
+
+If you're editing these skills in-repo and want Claude Code to pick up changes without reinstalling, symlink each directory into `~/.claude/skills/`:
+
+```bash
+ln -sfn ~/repos/datamasque-cli/claude-skills/datamasque-cli/skills/datamasque-cli \
+  ~/.claude/skills/datamasque-cli
+
+ln -sfn ~/repos/datamasque-cli/claude-skills/ruleset-builder/skills/ruleset-builder \
+  ~/.claude/skills/ruleset-builder
+
+ln -sfn ~/repos/datamasque-cli/claude-skills/ruleset-splitter/skills/ruleset-splitter \
+  ~/.claude/skills/ruleset-splitter
+```
+
+Reload inside Claude Code (`/reload-plugins` or start a new session). Edits to any `SKILL.md` go live on the next reload — no reinstall.
+
+Remove the symlinks when done:
+
+```bash
+rm ~/.claude/skills/datamasque-cli
+rm ~/.claude/skills/ruleset-builder
+rm ~/.claude/skills/ruleset-splitter
+```

datamasque_cli-1.2.0/claude-skills/datamasque-cli/.claude-plugin/plugin.json

@@ -0,0 +1,9 @@
+{
+  "name": "datamasque-cli",
+  "version": "1.1.0",
+  "description": "DataMasque command-line interface integration. Drive DataMasque from Claude Code: list connections, kick off runs, stream logs, download reports.",
+  "author": { "name": "DataMasque Ltd" },
+  "repository": "https://github.com/datamasque/datamasque-cli",
+  "license": "Apache-2.0",
+  "keywords": ["datamasque", "data-masking", "cli"]
+}

datamasque_cli-1.2.0/claude-skills/datamasque-cli/skills/datamasque-cli/SKILL.md

@@ -0,0 +1,105 @@
+---
+name: datamasque-cli
+description: Use when the user wants to interact with a DataMasque instance — start masking runs, check run status, list connections or rulesets, manage seeds, manage ruleset libraries, check system health, or any task involving the DataMasque API. Triggers on "mask the data", "start a run", "check the run", "list connections", "list rulesets", "upload a seed", "check DataMasque health", "dm status", "ruleset library", or any request to operate DataMasque programmatically.
+argument-hint: e.g. "start a run with docx_masking on var_input_docx"
+user-invocable: true
+---
+
+# DataMasque CLI
+
+Operate a DataMasque instance via the `dm` command-line tool.
+
+Run `dm catalog --compact` for a JSON list of every subcommand. The sections
+below cover idioms the catalog can't show you.
+
+## Output and errors
+
+In agent mode — auto-detected when stdout is not a TTY, `AI_AGENT` is set, or
+`DM_OUTPUT=json` — output is JSON on stdout, errors are JSON on stderr:
+
+```json
+{"error": {"code": "not_found", "message": "...", "hint": "..."}}
+```
+
+`error.code` is the stable identifier; branch on it rather than the message.
+The set is `not_found`, `invalid_input`, `ambiguous`, `auth_required`,
+`auth_failed`, `conflict`, `transport_error`, `error`. Exit code is non-zero
+on any error; exit 2 specifically means a CLI usage error (unknown flag,
+missing argument) from typer.
+
+`DM_OUTPUT=table` forces human-readable output.
+
+## Authentication
+
+Set `DATAMASQUE_URL`, `DATAMASQUE_USERNAME`, `DATAMASQUE_PASSWORD` to auth
+without saving anything (right choice for CI / one-offs). For interactive
+use, `dm auth login --profile <name>` prompts and persists to
+`~/.config/datamasque-cli/config.toml`. `--insecure` (on login) or
+`DATAMASQUE_VERIFY_SSL=false` (per call) skip TLS verification.
+
+## Quick start: a masking run
+
+```bash
+dm connections list                                   # find a source
+dm rulesets list                                      # find a ruleset
+dm run start -c <source> -r <ruleset> [-d <dest>]     # blocks until done
+```
+
+Add `--background` to return immediately with the run id, then poll with
+`dm run wait <id>`, `dm run status <id>`, or `dm run logs <id> --follow`.
+Pass repeated `--options key=value` for server-side knobs
+(e.g. `--options batch_size=1000 --options dry_run=true`).
+
+## Idioms and gotchas
+
+- **Ruleset namespaces.** `database` and `file` rulesets share a name
+  namespace, so `customers` can exist in both. `dm run start` reads the
+  source connection's type and picks the matching ruleset automatically.
+  For `get` / `create` / `delete`, pass `--type file|database` only when
+  two rows share the name and you need to disambiguate.
+
+- **File masking needs a destination.** Database masking is in-place;
+  file masking writes through to a destination connection and fails
+  with `invalid_input` without `--destination`.
+
+- **`dm run start` blocks by default.** No flag needed for "wait then
+  return"; use `--background` only when you genuinely want fire-and-forget.
+
+- **`dm run report` is file-masking-only.** The CSV is one row per file
+  the worker considered, with `path`, `file_size`, `file_type`, and
+  `skip_reason` (e.g. "File archived with Glacier", "File type unsupported
+  by data discovery", "Matched a skip filter"). Database runs don't
+  produce a report — `not_found` is expected for them, and for any run
+  that hasn't reached a terminal state yet.
+
+- **`dm libraries delete` refuses to delete libraries imported by a
+  ruleset.** Run `dm libraries usage <name>` first to see what depends on
+  it; pass `--force` only after you've made an informed decision.
+
+- **`dm connections update` preserves the UUID.** Use it to rotate
+  passwords or change hosts without invalidating the rulesets and runs
+  that already reference the connection.
+
+- **`dm rulesets create` is also "update"** — it reads the existing
+  `mask_type` from the server, so you only need `--type` for brand-new
+  rulesets or to disambiguate a same-name update.
+
+- **Discovery is a kind of run.** `dm discover schema <connection>` kicks
+  off a discovery run and returns a run id. Poll with `dm run status <id>`,
+  then fetch results with `dm discover schema-results <id>` /
+  `sdd-report` / `db-report` / `file-report`.
+
+- **`dm rulesets validate --file <file> --type <type>`** runs server-side
+  validation without committing the ruleset. Use this before `create`
+  when you want a clean failure mode for bad YAML.
+
+- **"Build a ruleset" usually means the `ruleset-builder` skill, not
+  `dm rulesets generate`.** `generate` is server-side scaffolding from a
+  JSON generation request. The `ruleset-builder` skill (separate skill in
+  this repo) handles the production-quality workflow — hash columns,
+  library extraction, refinement — which is what users typically want.
+
+- **Names or UUIDs, either works.** `dm connections get <x>`,
+  `dm run start -c <x>`, `dm discover schema <x>`, etc. all try the name
+  first and fall back to a UUID match. Prefer names for readability;
+  reach for UUIDs only when names collide (rare).

datamasque_cli-1.2.0/claude-skills/ruleset-builder/.claude-plugin/plugin.json

@@ -0,0 +1,9 @@
+{
+  "name": "ruleset-builder",
+  "version": "1.0.0",
+  "description": "Convert auto-generated DataMasque rulesets into production-ready form. Validate and iterate.",
+  "author": { "name": "DataMasque Ltd" },
+  "repository": "https://github.com/datamasque/datamasque-cli",
+  "license": "Apache-2.0",
+  "keywords": ["datamasque", "ruleset", "yaml"]
+}

datamasque_cli-1.2.0/claude-skills/ruleset-splitter/.claude-plugin/plugin.json

@@ -0,0 +1,9 @@
+{
+  "name": "ruleset-splitter",
+  "version": "1.0.0",
+  "description": "Consolidate multi-file DataMasque rulesets for editing, then re-split them back out.",
+  "author": { "name": "DataMasque Ltd" },
+  "repository": "https://github.com/datamasque/datamasque-cli",
+  "license": "Apache-2.0",
+  "keywords": ["datamasque", "ruleset", "yaml"]
+}

{datamasque_cli-1.0.0 → datamasque_cli-1.2.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "datamasque-cli"
-version = "1.0.0"
+version = "1.2.0"
 description = "Official command-line interface for the DataMasque data-masking platform."
 authors = [
     { name = "DataMasque Ltd" },
@@ -99,6 +99,8 @@ ignore = [
     "S",
     "SLF001",
 ]
+# Standalone helper scripts that legitimately print to stdout for shell consumption.
+"scripts/**/*" = ["T20"]
 
 [tool.ruff.lint.isort]
 known-first-party = ["datamasque_cli"]

{datamasque_cli-1.0.0 → datamasque_cli-1.2.0}/scripts/active_profile_env.py

@@ -19,7 +19,8 @@ except ImportError:
 path = os.path.expanduser("~/.config/datamasque-cli/config.toml")
 
 try:
-    data = tomllib.loads(open(path).read())
+    with open(path, "rb") as f:
+        data = tomllib.load(f)
 except FileNotFoundError:
     sys.exit(f"No profile config at {path}. Run 'dm auth login' first.")