ghostcite 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (62) hide show
  1. ghostcite-0.1.0/.editorconfig +21 -0
  2. ghostcite-0.1.0/.github/ISSUE_TEMPLATE/bug_report.yml +62 -0
  3. ghostcite-0.1.0/.github/ISSUE_TEMPLATE/config.yml +5 -0
  4. ghostcite-0.1.0/.github/ISSUE_TEMPLATE/feature_request.yml +25 -0
  5. ghostcite-0.1.0/.github/PULL_REQUEST_TEMPLATE.md +28 -0
  6. ghostcite-0.1.0/.github/dependabot.yml +25 -0
  7. ghostcite-0.1.0/.github/workflows/ci.yml +63 -0
  8. ghostcite-0.1.0/.github/workflows/codeql.yml +36 -0
  9. ghostcite-0.1.0/.github/workflows/release.yml +92 -0
  10. ghostcite-0.1.0/.gitignore +14 -0
  11. ghostcite-0.1.0/.pre-commit-config.yaml +16 -0
  12. ghostcite-0.1.0/.pre-commit-hooks.yaml +10 -0
  13. ghostcite-0.1.0/CHANGELOG.md +38 -0
  14. ghostcite-0.1.0/CITATION.cff +25 -0
  15. ghostcite-0.1.0/CODE_OF_CONDUCT.md +83 -0
  16. ghostcite-0.1.0/CONTRIBUTING.md +85 -0
  17. ghostcite-0.1.0/LICENSE +21 -0
  18. ghostcite-0.1.0/PKG-INFO +271 -0
  19. ghostcite-0.1.0/README.md +235 -0
  20. ghostcite-0.1.0/SECURITY.md +46 -0
  21. ghostcite-0.1.0/action.yml +35 -0
  22. ghostcite-0.1.0/examples/README.md +46 -0
  23. ghostcite-0.1.0/examples/assets/demo-clean.png +0 -0
  24. ghostcite-0.1.0/examples/assets/demo.gif +0 -0
  25. ghostcite-0.1.0/examples/assets/demo.png +0 -0
  26. ghostcite-0.1.0/examples/assets/logo.png +0 -0
  27. ghostcite-0.1.0/examples/assets/social.png +0 -0
  28. ghostcite-0.1.0/examples/dois.txt +6 -0
  29. ghostcite-0.1.0/examples/gen_brand_assets.py +209 -0
  30. ghostcite-0.1.0/examples/gen_demo_anim.py +155 -0
  31. ghostcite-0.1.0/examples/gen_demo_card.py +165 -0
  32. ghostcite-0.1.0/examples/refs.bib +23 -0
  33. ghostcite-0.1.0/examples/refs.md +5 -0
  34. ghostcite-0.1.0/pyproject.toml +77 -0
  35. ghostcite-0.1.0/src/ghostcite/__init__.py +1 -0
  36. ghostcite-0.1.0/src/ghostcite/__main__.py +5 -0
  37. ghostcite-0.1.0/src/ghostcite/_pace.py +52 -0
  38. ghostcite-0.1.0/src/ghostcite/cli.py +174 -0
  39. ghostcite-0.1.0/src/ghostcite/compare.py +321 -0
  40. ghostcite-0.1.0/src/ghostcite/crossref.py +117 -0
  41. ghostcite-0.1.0/src/ghostcite/models.py +54 -0
  42. ghostcite-0.1.0/src/ghostcite/parsers/__init__.py +34 -0
  43. ghostcite-0.1.0/src/ghostcite/parsers/bibtex.py +54 -0
  44. ghostcite-0.1.0/src/ghostcite/parsers/doi.py +40 -0
  45. ghostcite-0.1.0/src/ghostcite/parsers/markdown.py +45 -0
  46. ghostcite-0.1.0/src/ghostcite/pubmed.py +146 -0
  47. ghostcite-0.1.0/src/ghostcite/py.typed +0 -0
  48. ghostcite-0.1.0/src/ghostcite/report.py +77 -0
  49. ghostcite-0.1.0/tests/test_bibtex.py +59 -0
  50. ghostcite-0.1.0/tests/test_cli.py +148 -0
  51. ghostcite-0.1.0/tests/test_color.py +79 -0
  52. ghostcite-0.1.0/tests/test_compare.py +184 -0
  53. ghostcite-0.1.0/tests/test_cross_check.py +127 -0
  54. ghostcite-0.1.0/tests/test_crossref.py +121 -0
  55. ghostcite-0.1.0/tests/test_doi.py +49 -0
  56. ghostcite-0.1.0/tests/test_markdown.py +46 -0
  57. ghostcite-0.1.0/tests/test_models.py +22 -0
  58. ghostcite-0.1.0/tests/test_pacer.py +108 -0
  59. ghostcite-0.1.0/tests/test_probe_live.py +70 -0
  60. ghostcite-0.1.0/tests/test_pubmed.py +135 -0
  61. ghostcite-0.1.0/tests/test_report.py +61 -0
  62. ghostcite-0.1.0/tests/test_sniff.py +23 -0
@@ -0,0 +1,21 @@
1
+ root = true
2
+
3
+ [*]
4
+ charset = utf-8
5
+ end_of_line = lf
6
+ insert_final_newline = true
7
+ trim_trailing_whitespace = true
8
+ indent_style = space
9
+
10
+ [*.py]
11
+ indent_size = 4
12
+ max_line_length = 100
13
+
14
+ [*.{yml,yaml,json,toml}]
15
+ indent_size = 2
16
+
17
+ [*.md]
18
+ trim_trailing_whitespace = false
19
+
20
+ [Makefile]
21
+ indent_style = tab
@@ -0,0 +1,62 @@
1
+ name: Bug report
2
+ description: Report a bug in ghostcite
3
+ labels: ["bug"]
4
+ body:
5
+ - type: markdown
6
+ attributes:
7
+ value: |
8
+ Thanks for filing a bug. Please do **not** report security vulnerabilities here —
9
+ see [SECURITY.md](../SECURITY.md) for private disclosure.
10
+ - type: textarea
11
+ id: what-happened
12
+ attributes:
13
+ label: What happened?
14
+ description: A clear description of the bug and what you expected instead.
15
+ placeholder: I ran `ghostcite refs.bib` and expected ... but got ...
16
+ validations:
17
+ required: true
18
+ - type: dropdown
19
+ id: component
20
+ attributes:
21
+ label: Which component?
22
+ multiple: true
23
+ options:
24
+ - CLI (ghostcite command)
25
+ - CrossRef lookup
26
+ - PubMed cross-check
27
+ - Input parser (BibTeX / Markdown / DOI list)
28
+ - output / formatting
29
+ - not sure
30
+ validations:
31
+ required: true
32
+ - type: input
33
+ id: version
34
+ attributes:
35
+ label: ghostcite version
36
+ description: Output of `ghostcite --version`.
37
+ placeholder: "0.1.0"
38
+ validations:
39
+ required: true
40
+ - type: input
41
+ id: os
42
+ attributes:
43
+ label: OS / platform
44
+ description: e.g. Ubuntu 24.04, macOS 14, WSL2, Windows 11.
45
+ validations:
46
+ required: true
47
+ - type: textarea
48
+ id: repro
49
+ attributes:
50
+ label: Steps to reproduce
51
+ description: The exact command and a minimal `.bib` snippet (redact any private DOIs if needed).
52
+ render: shell
53
+ validations:
54
+ required: true
55
+ - type: textarea
56
+ id: output
57
+ attributes:
58
+ label: Actual output / error
59
+ description: Full terminal output, including any tracebacks.
60
+ render: shell
61
+ validations:
62
+ required: false
@@ -0,0 +1,5 @@
1
+ blank_issues_enabled: false
2
+ contact_links:
3
+ - name: Security vulnerability
4
+ url: https://github.com/musharna/ghostcite/security/advisories/new
5
+ about: Report security issues privately — do not open a public issue.
@@ -0,0 +1,25 @@
1
+ name: Feature request
2
+ description: Suggest an enhancement to ghostcite
3
+ labels: ["enhancement"]
4
+ body:
5
+ - type: textarea
6
+ id: problem
7
+ attributes:
8
+ label: What problem are you trying to solve?
9
+ description: The use case or pain point behind the request.
10
+ validations:
11
+ required: true
12
+ - type: textarea
13
+ id: proposal
14
+ attributes:
15
+ label: Proposed solution
16
+ description: What you'd like ghostcite to do. Note which component it touches (CrossRef lookup, PubMed check, parser, CLI, output).
17
+ validations:
18
+ required: true
19
+ - type: textarea
20
+ id: alternatives
21
+ attributes:
22
+ label: Alternatives considered
23
+ description: Other approaches or workarounds you've tried.
24
+ validations:
25
+ required: false
@@ -0,0 +1,28 @@
1
+ <!-- Thanks for contributing to ghostcite! -->
2
+
3
+ ## What does this PR do?
4
+
5
+ <!-- A short description of the change and the motivation. Link any related issue. -->
6
+
7
+ Fixes #
8
+
9
+ ## Component(s) touched
10
+
11
+ <!-- Check all that apply -->
12
+
13
+ - [ ] core checker (`ghostcite/checker.py`)
14
+ - [ ] CrossRef client (`ghostcite/crossref.py`)
15
+ - [ ] PubMed client (`ghostcite/pubmed.py`)
16
+ - [ ] BibTeX parser (`ghostcite/parser.py`)
17
+ - [ ] CLI (`ghostcite/cli.py`)
18
+ - [ ] docs / CI / packaging
19
+
20
+ ## Checklist
21
+
22
+ - [ ] `uv run --extra dev ruff check .` passes
23
+ - [ ] `uv run --extra dev ruff format --check .` passes
24
+ - [ ] `uv run --extra dev pytest -m "not live" -q` passes
25
+ - [ ] Coverage stays at or above 85 % (`--cov=ghostcite --cov-fail-under=85`)
26
+ - [ ] Added/updated tests for the change (used the `live` marker only where a real API call is genuinely required)
27
+ - [ ] Updated `CHANGELOG.md` for any user-facing change
28
+ - [ ] Updated docs (`README.md`, `docs/`) if install/usage/config surface changed
@@ -0,0 +1,25 @@
1
+ version: 2
2
+ updates:
3
+ # Python dependencies (pyproject.toml + uv.lock)
4
+ - package-ecosystem: "pip"
5
+ directory: "/"
6
+ schedule:
7
+ interval: "weekly"
8
+ open-pull-requests-limit: 5
9
+ groups:
10
+ python-minor-patch:
11
+ update-types:
12
+ - "minor"
13
+ - "patch"
14
+
15
+ # GitHub Actions used in .github/workflows
16
+ - package-ecosystem: "github-actions"
17
+ directory: "/"
18
+ schedule:
19
+ interval: "weekly"
20
+ open-pull-requests-limit: 5
21
+ groups:
22
+ actions-minor-patch:
23
+ update-types:
24
+ - "minor"
25
+ - "patch"
@@ -0,0 +1,63 @@
1
+ name: CI
2
+
3
+ on:
4
+ push:
5
+ branches: [main]
6
+ pull_request:
7
+ branches: [main]
8
+
9
+ concurrency:
10
+ group: ci-${{ github.ref }}
11
+ cancel-in-progress: true
12
+
13
+ permissions:
14
+ contents: read
15
+
16
+ jobs:
17
+ test:
18
+ runs-on: ubuntu-latest
19
+ strategy:
20
+ fail-fast: false
21
+ matrix:
22
+ python-version: ["3.9", "3.11", "3.13"]
23
+ steps:
24
+ - uses: actions/checkout@v6
25
+
26
+ - name: Install uv
27
+ uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
28
+ with:
29
+ python-version: ${{ matrix.python-version }}
30
+ enable-cache: true
31
+
32
+ - name: Tests + coverage (excluding live CrossRef/NCBI calls)
33
+ run: uv run --extra dev pytest --cov=ghostcite --cov-report=term-missing -m "not live"
34
+
35
+ lint:
36
+ runs-on: ubuntu-latest
37
+ steps:
38
+ - uses: actions/checkout@v6
39
+
40
+ - name: Install uv
41
+ uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
42
+ with:
43
+ enable-cache: true
44
+
45
+ - name: Lint (ruff)
46
+ run: uv run --extra dev ruff check .
47
+
48
+ - name: Format check (ruff)
49
+ run: uv run --extra dev ruff format --check .
50
+
51
+ types:
52
+ runs-on: ubuntu-latest
53
+ steps:
54
+ - uses: actions/checkout@v6
55
+
56
+ - name: Install uv
57
+ uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
58
+ with:
59
+ enable-cache: true
60
+
61
+ # mypy is clean and now gates the build: type regressions fail CI.
62
+ - name: Types (mypy)
63
+ run: uv run --extra dev mypy src/ghostcite
@@ -0,0 +1,36 @@
1
+ name: CodeQL
2
+
3
+ on:
4
+ push:
5
+ branches: [main]
6
+ pull_request:
7
+ branches: [main]
8
+ schedule:
9
+ # Weekly, Mondays at 07:00 UTC
10
+ - cron: "0 7 * * 1"
11
+
12
+ jobs:
13
+ analyze:
14
+ name: Analyze
15
+ runs-on: ubuntu-latest
16
+ permissions:
17
+ security-events: write
18
+ contents: read
19
+ actions: read
20
+ strategy:
21
+ fail-fast: false
22
+ matrix:
23
+ language: ["python"]
24
+ steps:
25
+ - name: Checkout
26
+ uses: actions/checkout@v6
27
+
28
+ - name: Initialize CodeQL
29
+ uses: github/codeql-action/init@v4
30
+ with:
31
+ languages: ${{ matrix.language }}
32
+
33
+ - name: Perform CodeQL Analysis
34
+ uses: github/codeql-action/analyze@v4
35
+ with:
36
+ category: "/language:${{ matrix.language }}"
@@ -0,0 +1,92 @@
1
+ name: Release
2
+
3
+ # Tag-driven release: push a `vX.Y.Z` tag and this builds, publishes to PyPI
4
+ # via Trusted Publishing (OIDC — no API token stored anywhere), and cuts a
5
+ # GitHub release with the artifacts attached.
6
+ #
7
+ # git tag v0.1.0 && git push origin v0.1.0
8
+ #
9
+ # One-time setup required on PyPI: project `ghostcite` → Settings → Publishing →
10
+ # add a GitHub Actions trusted publisher (owner=musharna, repo=ghostcite,
11
+ # workflow=release.yml, environment=pypi). And create a GitHub environment
12
+ # named `pypi` (Settings → Environments).
13
+
14
+ on:
15
+ push:
16
+ tags: ["v*"]
17
+
18
+ jobs:
19
+ build:
20
+ name: Build distributions
21
+ runs-on: ubuntu-latest
22
+ steps:
23
+ - uses: actions/checkout@v6
24
+ - name: Install uv
25
+ uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
26
+ - name: Verify tag matches package version
27
+ run: |
28
+ TAG="${GITHUB_REF_NAME#v}"
29
+ VER=$(python3 -c "import tomllib; print(tomllib.load(open('pyproject.toml','rb'))['project']['version'])")
30
+ if [ "$TAG" != "$VER" ]; then
31
+ echo "Release tag '$TAG' != pyproject version '$VER'"; exit 1
32
+ fi
33
+ - name: Build sdist + wheel
34
+ run: uv build
35
+ - name: Upload artifacts
36
+ uses: actions/upload-artifact@v7
37
+ with:
38
+ name: dist
39
+ path: dist/
40
+
41
+ pypi:
42
+ name: Publish to PyPI
43
+ needs: build
44
+ runs-on: ubuntu-latest
45
+ environment: pypi
46
+ permissions:
47
+ id-token: write # OIDC token for Trusted Publishing; no password/token needed
48
+ steps:
49
+ - uses: actions/download-artifact@v8
50
+ with:
51
+ name: dist
52
+ path: dist/
53
+ - name: Publish to PyPI (trusted publishing)
54
+ uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
55
+
56
+ github-release:
57
+ name: Create GitHub release
58
+ needs: pypi
59
+ runs-on: ubuntu-latest
60
+ permissions:
61
+ contents: write # create the release + upload assets
62
+ steps:
63
+ - uses: actions/checkout@v6 # for CHANGELOG.md
64
+ - uses: actions/download-artifact@v8
65
+ with:
66
+ name: dist
67
+ path: dist/
68
+ - name: Create release with artifacts
69
+ env:
70
+ GH_TOKEN: ${{ github.token }}
71
+ run: |
72
+ # Prefer the matching CHANGELOG.md section as release notes; fall back
73
+ # to GitHub's auto-generated notes if the version has no section.
74
+ VER="${GITHUB_REF_NAME#v}"
75
+ awk -v h="## [$VER]" '
76
+ index($0, h) == 1 { grab = 1; next }
77
+ grab && index($0, "## ") == 1 { exit }
78
+ grab { print }
79
+ ' CHANGELOG.md > release-notes.md
80
+ if grep -q '[^[:space:]]' release-notes.md; then
81
+ gh release create "${GITHUB_REF_NAME}" \
82
+ --repo "${GITHUB_REPOSITORY}" \
83
+ --title "${GITHUB_REF_NAME}" \
84
+ --notes-file release-notes.md \
85
+ dist/*
86
+ else
87
+ gh release create "${GITHUB_REF_NAME}" \
88
+ --repo "${GITHUB_REPOSITORY}" \
89
+ --title "${GITHUB_REF_NAME}" \
90
+ --generate-notes \
91
+ dist/*
92
+ fi
@@ -0,0 +1,14 @@
1
+ __pycache__/
2
+ *.pyc
3
+ .pytest_cache/
4
+ .coverage
5
+ .coverage.*
6
+ htmlcov/
7
+ dist/
8
+ build/
9
+ *.egg-info/
10
+ .venv/
11
+ uv.lock
12
+
13
+ # local dev artifacts (design spec + implementation plan) — not shipped publicly
14
+ docs/
@@ -0,0 +1,16 @@
1
+ repos:
2
+ - repo: https://github.com/pre-commit/pre-commit-hooks
3
+ rev: v6.0.0
4
+ hooks:
5
+ - id: trailing-whitespace
6
+ exclude: '\.md$'
7
+ - id: end-of-file-fixer
8
+ - id: check-yaml
9
+ - id: check-toml
10
+
11
+ - repo: https://github.com/astral-sh/ruff-pre-commit
12
+ rev: v0.15.16
13
+ hooks:
14
+ - id: ruff
15
+ args: [--fix]
16
+ - id: ruff-format
@@ -0,0 +1,10 @@
1
+ - id: ghostcite
2
+ name: ghostcite (ghost-citation check)
3
+ description: Catch citations whose claimed author/year does not match the DOI's CrossRef record.
4
+ entry: ghostcite
5
+ language: python
6
+ files: \.(bib|md)$
7
+ # ghostcite's CLI takes exactly one positional bibliography file, but pre-commit
8
+ # would auto-append every matched staged file. Disable that and have users name
9
+ # their file explicitly via `args:` in .pre-commit-config.yaml.
10
+ pass_filenames: false
@@ -0,0 +1,38 @@
1
+ # Changelog
2
+
3
+ All notable changes to this project are documented here. The format is based on
4
+ [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres
5
+ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
6
+
7
+ ## [0.1.0] - 2026-06-08
8
+
9
+ Initial release.
10
+
11
+ ### Added
12
+
13
+ - CrossRef author/year cross-check: compares each citation's claimed first-author
14
+ surname and year against CrossRef's canonical record for the DOI.
15
+ - Input auto-detection for BibTeX, Markdown reference lists, and bare DOI lists
16
+ (override with `--format {auto,bibtex,markdown,doi}`).
17
+ - Read the bibliography from stdin by passing `-` as the filename
18
+ (e.g. `cat refs.bib | ghostcite -`).
19
+ - Severity tiers: A (author mismatch), B (year mismatch), C (cosmetic fold-only),
20
+ R (retraction / expression-of-concern), U (unresolvable / not verifiable).
21
+ - Retraction and expression-of-concern detection via CrossRef `updated-by` /
22
+ `update-to` / `relation` metadata.
23
+ - `--cross-check pubmed`: optional second source of truth via PubMed / NCBI
24
+ E-utilities. Corroborates or conflicts CrossRef findings, can raise findings
25
+ CrossRef missed, and supplies records for DOIs absent from CrossRef. Honors
26
+ `--ncbi-email` / `--ncbi-api-key` (or `NCBI_EMAIL` / `NCBI_API_KEY`) for NCBI
27
+ etiquette and a higher rate limit.
28
+ - Proactive rate pacing: self-throttles to CrossRef's advertised rate limit (read
29
+ from response headers); `--max-rps` to cap further.
30
+ - `--color {auto,always,never}` colorized tier glyphs, honoring `NO_COLOR`.
31
+ - No-DOI entries resolved by best-effort bibliographic search, flagged
32
+ low-confidence and never escalated above a warning on their own.
33
+ - `--json` machine-readable output, `--dry-run` parse-and-count (no network), and
34
+ `--fail-on` CI gate to select which tiers force a non-zero exit.
35
+ - `--version` flag and `python -m ghostcite` module entry point.
36
+ - Composite GitHub Action (`musharna/ghostcite@v1`) for drop-in CI usage.
37
+ - Exit-code policy: `0` clean, `1` findings at/above the fail threshold, `2` tool
38
+ error (network down, unparseable input).
@@ -0,0 +1,25 @@
1
+ cff-version: 1.2.0
2
+ message: "If you use ghostcite in your work, please cite it as below."
3
+ title: ghostcite
4
+ abstract: >-
5
+ A deterministic, no-LLM command-line tool that catches ghost citations —
6
+ references whose claimed author or year does not match the canonical record
7
+ for the DOI at CrossRef (and optionally PubMed) — and flags retracted or
8
+ expression-of-concern works.
9
+ type: software
10
+ authors:
11
+ - family-names: Arnold
12
+ given-names: Jaret
13
+ orcid: "https://orcid.org/0009-0003-4055-5238"
14
+ repository-code: "https://github.com/musharna/ghostcite"
15
+ url: "https://github.com/musharna/ghostcite"
16
+ license: MIT
17
+ version: 0.1.0
18
+ date-released: "2026-06-08"
19
+ keywords:
20
+ - citations
21
+ - crossref
22
+ - pubmed
23
+ - bibtex
24
+ - research-integrity
25
+ - doi
@@ -0,0 +1,83 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
6
+
7
+ We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
8
+
9
+ ## Our Standards
10
+
11
+ Examples of behavior that contributes to a positive environment for our community include:
12
+
13
+ - Demonstrating empathy and kindness toward other people
14
+ - Being respectful of differing opinions, viewpoints, and experiences
15
+ - Giving and gracefully accepting constructive feedback
16
+ - Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
17
+ - Focusing on what is best not just for us as individuals, but for the overall community
18
+
19
+ Examples of unacceptable behavior include:
20
+
21
+ - The use of sexualized language or imagery, and sexual attention or advances of any kind
22
+ - Trolling, insulting or derogatory comments, and personal or political attacks
23
+ - Public or private harassment
24
+ - Publishing others' private information, such as a physical or email address, without their explicit permission
25
+ - Other conduct which could reasonably be considered inappropriate in a professional setting
26
+
27
+ ## Enforcement Responsibilities
28
+
29
+ Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.
30
+
31
+ Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate.
32
+
33
+ ## Scope
34
+
35
+ This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
36
+
37
+ ## Enforcement
38
+
39
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue at <https://github.com/musharna/ghostcite/issues> or via GitHub's private advisory mechanism. All complaints will be reviewed and investigated promptly and fairly.
40
+
41
+ All community leaders are obligated to respect the privacy and security of the reporter of any incident.
42
+
43
+ ## Enforcement Guidelines
44
+
45
+ Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct:
46
+
47
+ ### 1. Correction
48
+
49
+ **Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.
50
+
51
+ **Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.
52
+
53
+ ### 2. Warning
54
+
55
+ **Community Impact**: A violation through a single incident or series of actions.
56
+
57
+ **Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.
58
+
59
+ ### 3. Temporary Ban
60
+
61
+ **Community Impact**: A serious violation of community standards, including sustained inappropriate behavior.
62
+
63
+ **Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.
64
+
65
+ ### 4. Permanent Ban
66
+
67
+ **Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.
68
+
69
+ **Consequence**: A permanent ban from any sort of public interaction within the community.
70
+
71
+ ## Attribution
72
+
73
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.1, available at [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
74
+
75
+ Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder][Mozilla CoC].
76
+
77
+ For answers to common questions about this code of conduct, see the FAQ at [https://www.contributor-covenant.org/faq][FAQ]. Translations are available at [https://www.contributor-covenant.org/translations][translations].
78
+
79
+ [homepage]: https://www.contributor-covenant.org
80
+ [v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
81
+ [Mozilla CoC]: https://github.com/mozilla/diversity
82
+ [FAQ]: https://www.contributor-covenant.org/faq
83
+ [translations]: https://www.contributor-covenant.org/translations
@@ -0,0 +1,85 @@
1
+ # Contributing to ghostcite
2
+
3
+ Thanks for your interest in ghostcite — a deterministic, no-LLM Python CLI that catches ghost citations by cross-checking a bibliography's claimed author/year against CrossRef, with optional PubMed verification and retraction flagging.
4
+
5
+ ## Dev environment setup
6
+
7
+ ghostcite uses [`uv`](https://docs.astral.sh/uv/) for dependency management. CI resolves
8
+ dependencies on the fly via `uv run --extra dev ...` (there is no committed lockfile;
9
+ `uv.lock` is gitignored, so there is no frozen-lockfile gate). Mirror it locally:
10
+
11
+ ```bash
12
+ # install all extras the test/lint/type checks need
13
+ uv sync --extra dev
14
+ ```
15
+
16
+ This installs the `dev` tools (pytest, pytest-httpx, ruff, mypy, coverage). Requires **Python ≥ 3.9** (CI tests 3.9, 3.11, and 3.13).
17
+
18
+ ## Running the checks (what CI runs)
19
+
20
+ CI (`.github/workflows/ci.yml`) runs these (tests on the 3.9 / 3.11 / 3.13 matrix). Run them locally before opening a PR:
21
+
22
+ ```bash
23
+ # Lint + format check (gates the build)
24
+ uv run --extra dev ruff check .
25
+ uv run --extra dev ruff format --check .
26
+
27
+ # Tests, excluding tests that hit real external APIs
28
+ uv run --extra dev pytest -m "not live" -q
29
+
30
+ # Coverage gate (85 % floor)
31
+ uv run --extra dev pytest -m "not live" --cov=ghostcite --cov-fail-under=85 -q
32
+
33
+ # Type-check (hard CI gate — type errors fail the build)
34
+ uv run --extra dev mypy src/ghostcite
35
+ ```
36
+
37
+ ### Tests and the `live` marker
38
+
39
+ Most of the suite runs against in-process fixtures (pytest-httpx mocks CrossRef/NCBI responses). Tests marked `live` hit the **real CrossRef API** (and optionally NCBI E-utilities) and are skipped by default in CI.
40
+
41
+ To run them locally:
42
+
43
+ ```bash
44
+ # Basic live probes (CrossRef only)
45
+ uv run --extra dev pytest -m live -q
46
+
47
+ # With PubMed cross-check (supply your NCBI API key for higher rate limits)
48
+ NCBI_API_KEY=<your-key> uv run --extra dev pytest -m live -q
49
+ ```
50
+
51
+ Live tests should be rare, narrowly scoped (a single known-good DOI + a known ghost), and must not assert on network-variable fields.
52
+
53
+ ### Linting & formatting
54
+
55
+ Ruff is configured in `pyproject.toml` (`line-length = 100`, `target-version = py39`).
56
+ `uv run --extra dev ruff check .` is the gate; `uv run --extra dev ruff check --fix .` and
57
+ `uv run --extra dev ruff format .` apply autofixes.
58
+
59
+ ### Type-checking
60
+
61
+ `uv run --extra dev mypy src/ghostcite` is a **hard CI gate** (the `types` job has no `continue-on-error`, so type errors fail the build). Keep it green — add annotations to new/changed code.
62
+
63
+ ## Running ghostcite locally for manual testing
64
+
65
+ ```bash
66
+ # Check a BibTeX file
67
+ uv run --extra dev ghostcite refs.bib
68
+
69
+ # Read from stdin (pipe from another tool)
70
+ cat refs.bib | uv run --extra dev ghostcite -
71
+
72
+ # With PubMed cross-check and colored output
73
+ uv run --extra dev ghostcite --cross-check pubmed --color always refs.bib
74
+
75
+ # Never fail the exit code (report only, no CI gate)
76
+ uv run --extra dev ghostcite --fail-on none refs.bib
77
+ ```
78
+
79
+ ## Commits & pull requests
80
+
81
+ - **CI must pass.** Ruff, the `not live` test suite, and the 85 % coverage gate must be green across the full Python matrix.
82
+ - Keep changes focused and add tests for new behavior. Use the `live` marker only for tests that genuinely need to hit a real external API.
83
+ - Update [`CHANGELOG.md`](CHANGELOG.md) for any user-facing change.
84
+ - Update docs (`README.md`, `docs/`) when you change install/usage/config surface.
85
+ - **Commit style:** conventional commits (`fix:`, `feat:`, `docs:`, `chore:`, `test:`, `refactor:`). No trailers required.
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Jaret Arnold
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.