gitlab-api 25.36.0__tar.gz → 25.37.0__tar.gz

{gitlab_api-25.36.0/gitlab_api.egg-info → gitlab_api-25.37.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: gitlab-api
-Version: 25.36.0
+Version: 25.37.0
 Summary: GitLab API + MCP Server + A2A Server
 Author-email: Audel Rouhi <knucklessg1@gmail.com>
 License: MIT
@@ -12,13 +12,13 @@ Classifier: Programming Language :: Python :: 3
 Requires-Python: <3.14,>=3.11
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: agent-utilities>=0.34.0
+Requires-Dist: agent-utilities>=0.38.0
 Requires-Dist: python-dotenv>=1.0.0
 Requires-Dist: gql>=4.0.0
 Provides-Extra: mcp
-Requires-Dist: agent-utilities[mcp]>=0.34.0; extra == "mcp"
+Requires-Dist: agent-utilities[mcp]>=0.38.0; extra == "mcp"
 Provides-Extra: agent
-Requires-Dist: agent-utilities[agent,logfire]>=0.34.0; extra == "agent"
+Requires-Dist: agent-utilities[agent,logfire]>=0.38.0; extra == "agent"
 Provides-Extra: gql
 Requires-Dist: gql>=4.0.0; extra == "gql"
 Provides-Extra: all
@@ -52,7 +52,7 @@ Dynamic: license-file
 ![PyPI - Wheel](https://img.shields.io/pypi/wheel/gitlab-api)
 ![PyPI - Implementation](https://img.shields.io/pypi/implementation/gitlab-api)
 
-*Version: 25.36.0*
+*Version: 25.37.0*
 
 ---
 

{gitlab_api-25.36.0 → gitlab_api-25.37.0}/README.md

@@ -20,7 +20,7 @@
 ![PyPI - Wheel](https://img.shields.io/pypi/wheel/gitlab-api)
 ![PyPI - Implementation](https://img.shields.io/pypi/implementation/gitlab-api)
 
-*Version: 25.36.0*
+*Version: 25.37.0*
 
 ---
 

{gitlab_api-25.36.0 → gitlab_api-25.37.0}/gitlab_api/agent_server.py

@@ -4,7 +4,7 @@ import os
 import sys
 import warnings
 
-__version__ = "25.36.0"
+__version__ = "25.37.0"
 
 logging.basicConfig(
     level=logging.INFO,

{gitlab_api-25.36.0 → gitlab_api-25.37.0}/gitlab_api/mcp_server.py

@@ -33,7 +33,7 @@ from dotenv import find_dotenv, load_dotenv
 
 from gitlab_api.auth import get_client
 
-__version__ = "25.36.0"
+__version__ = "25.37.0"
 print(f"Gitlab MCP v{__version__}", file=sys.stderr)
 
 logger = get_logger(name="mcp_server")

{gitlab_api-25.36.0 → gitlab_api-25.37.0/gitlab_api.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: gitlab-api
-Version: 25.36.0
+Version: 25.37.0
 Summary: GitLab API + MCP Server + A2A Server
 Author-email: Audel Rouhi <knucklessg1@gmail.com>
 License: MIT
@@ -12,13 +12,13 @@ Classifier: Programming Language :: Python :: 3
 Requires-Python: <3.14,>=3.11
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: agent-utilities>=0.34.0
+Requires-Dist: agent-utilities>=0.38.0
 Requires-Dist: python-dotenv>=1.0.0
 Requires-Dist: gql>=4.0.0
 Provides-Extra: mcp
-Requires-Dist: agent-utilities[mcp]>=0.34.0; extra == "mcp"
+Requires-Dist: agent-utilities[mcp]>=0.38.0; extra == "mcp"
 Provides-Extra: agent
-Requires-Dist: agent-utilities[agent,logfire]>=0.34.0; extra == "agent"
+Requires-Dist: agent-utilities[agent,logfire]>=0.38.0; extra == "agent"
 Provides-Extra: gql
 Requires-Dist: gql>=4.0.0; extra == "gql"
 Provides-Extra: all
@@ -52,7 +52,7 @@ Dynamic: license-file
 ![PyPI - Wheel](https://img.shields.io/pypi/wheel/gitlab-api)
 ![PyPI - Implementation](https://img.shields.io/pypi/implementation/gitlab-api)
 
-*Version: 25.36.0*
+*Version: 25.37.0*
 
 ---
 

{gitlab_api-25.36.0 → gitlab_api-25.37.0}/gitlab_api.egg-info/SOURCES.txt

@@ -57,6 +57,7 @@ gitlab_api/mcp/mcp_releases.py
 gitlab_api/mcp/mcp_runners.py
 gitlab_api/mcp/mcp_snippets.py
 gitlab_api/mcp/mcp_tags.py
+scripts/security_sanitizer.py
 scripts/validate_a2a_agent.py
 scripts/validate_agent.py
 scripts/verify_api_integration.py

{gitlab_api-25.36.0 → gitlab_api-25.37.0}/gitlab_api.egg-info/requires.txt

@@ -1,9 +1,9 @@
-agent-utilities>=0.34.0
+agent-utilities>=0.38.0
 python-dotenv>=1.0.0
 gql>=4.0.0
 
 [agent]
-agent-utilities[agent,logfire]>=0.34.0
+agent-utilities[agent,logfire]>=0.38.0
 
 [all]
 gitlab-api[agent,gql,logfire,mcp]>=25.36.0
@@ -12,7 +12,7 @@ gitlab-api[agent,gql,logfire,mcp]>=25.36.0
 gql>=4.0.0
 
 [mcp]
-agent-utilities[mcp]>=0.34.0
+agent-utilities[mcp]>=0.38.0
 
 [test]
 pytest-xdist>=3.6.0

{gitlab_api-25.36.0 → gitlab_api-25.37.0}/pyproject.toml

@@ -4,12 +4,12 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "gitlab-api"
-version = "25.36.0"
+version = "25.37.0"
 description = "GitLab API + MCP Server + A2A Server"
 readme = "README.md"
 classifiers = [ "Development Status :: 5 - Production/Stable", "License :: Public Domain", "Environment :: Console", "Operating System :: POSIX :: Linux", "Programming Language :: Python :: 3",]
 requires-python = ">=3.11, <3.14"
-dependencies = [ "agent-utilities>=0.34.0", "python-dotenv>=1.0.0", "gql>=4.0.0",]
+dependencies = [ "agent-utilities>=0.38.0", "python-dotenv>=1.0.0", "gql>=4.0.0",]
 [[project.authors]]
 name = "Audel Rouhi"
 email = "knucklessg1@gmail.com"
@@ -18,8 +18,8 @@ email = "knucklessg1@gmail.com"
 text = "MIT"
 
 [project.optional-dependencies]
-mcp = [ "agent-utilities[mcp]>=0.34.0",]
-agent = [ "agent-utilities[agent,logfire]>=0.34.0",]
+mcp = [ "agent-utilities[mcp]>=0.38.0",]
+agent = [ "agent-utilities[agent,logfire]>=0.38.0",]
 gql = [ "gql>=4.0.0",]
 all = [ "gitlab-api[mcp,agent,gql,logfire]>=25.36.0",]
 test = [

gitlab_api-25.37.0/scripts/security_sanitizer.py

@@ -0,0 +1,160 @@
+#!/usr/bin/env python3
+import os
+import re
+import sys
+import subprocess
+from pathlib import Path
+
+# Config
+ALLOWED_TXT_NAMES = {"requirements.txt", "requirements-dev.txt"}
+TRANSIENT_PY_PATTERNS = [
+    re.compile(r"^test_.*\.py$"),
+    re.compile(r"^fix_.*\.py$"),
+    re.compile(r"^debug_.*\.py$"),
+    re.compile(r"^scratch_.*\.py$"),
+    re.compile(r"^temp_.*\.py$"),
+]
+
+SECRET_PATTERNS = [
+    ("GitHub PAT", re.compile(r"ghp_[A-Za-z0-9_]{36,255}")),
+    ("GitHub Fine-grained PAT", re.compile(r"github_pat_[A-Za-z0-9_]{82,255}")),
+    ("GitLab PAT", re.compile(r"glpat-[A-Za-z0-9\-]{20,255}")),
+    ("Generic Secret Assignment", re.compile(r"secret[A-Za-z0-9_]*\s*[:=]\s*['\"][A-Za-z0-9_\-\.\~\*]{16,255}['\"]", re.IGNORECASE)),
+    ("Generic Token Assignment", re.compile(r"token\s*[:=]\s*['\"][A-Za-z0-9_\-\.\~\*]{16,255}['\"]", re.IGNORECASE))
+]
+
+EXCLUDED_DIRS = {".git", ".venv", "venv", "node_modules", "build", "dist", "__pycache__", ".tox", ".specify"}
+EXCLUDED_EXTENSIONS = {
+    ".png", ".jpg", ".jpeg", ".gif", ".webp", ".ico", ".pyc", ".db", ".kuzu",
+    ".sqlite", ".sqlite3", ".zip", ".tar.gz", ".tgz", ".bz2", ".xz", ".pdf",
+    ".bin", ".exe", ".dll", ".so", ".dylib", ".woff", ".woff2", ".eot", ".ttf",
+    ".mp4", ".mp3", ".wav", ".lock", ".svg"
+}
+
+# Placeholder / Mock indicators
+PLACEHOLDER_SUBSTRINGS = [
+    "1234567890", "abcdef12345", "abc123youandme", "askdfalskdvjas", "your_", "YOUR_", "your-",
+    "dummy", "DUMMY", "example", "EXAMPLE", "mock", "MOCK", "test_token", "test_secret",
+    "glpat-askdfalskdvjas", "github_pat_12345", "glpat-abc123youandme", "github_pat_...",
+    "glpat-*************", "ghp_*************", "github_pat_*************", "token_*************",
+    "secret_*************", "glpat-abc", "ghp_abc", "github_pat_abc", "${env:"
+]
+
+def is_placeholder(match_str: str) -> bool:
+    match_lower = match_str.lower()
+    for placeholder in PLACEHOLDER_SUBSTRINGS:
+        if placeholder in match_lower:
+            return True
+
+    # Check if match is mostly asterisks or single repeated char
+    cleaned = match_str.replace("'", "").replace('"', "").strip()
+    if not cleaned:
+        return True
+
+    # Check if there are sequences of asterisks indicating masked values
+    if "*" in cleaned:
+        # e.g., glpat-*************
+        return True
+
+    return False
+
+def get_repo_files(repo_path: Path):
+    try:
+        result = subprocess.run(
+            ["git", "ls-files", "--cached", "--others", "--exclude-standard"],
+            cwd=str(repo_path),
+            capture_output=True,
+            text=True,
+            check=True
+        )
+        files = []
+        for line in result.stdout.splitlines():
+            if line.strip():
+                # Avoid files inside excluded directories
+                parts = Path(line.strip()).parts
+                if not any(part in EXCLUDED_DIRS for part in parts):
+                    files.append(repo_path / line.strip())
+        return files
+    except Exception as e:
+        # Fallback to manual recursive scan
+        files = []
+        for root, dirs, walk_files in os.walk(str(repo_path)):
+            dirs[:] = [d for d in dirs if d not in EXCLUDED_DIRS and not d.startswith('.')]
+            for file in walk_files:
+                files.append(Path(root) / file)
+        return files
+
+def scan_repository(repo_path: Path):
+    violations = []
+    files_to_scan = get_repo_files(repo_path)
+
+    for file_path in files_to_scan:
+        if not file_path.is_file():
+            continue
+
+        # 1. Check root level naming constraints
+        if file_path.parent == repo_path:
+            # Check txt files
+            if file_path.suffix == ".txt":
+                if file_path.name.lower() not in ALLOWED_TXT_NAMES:
+                    violations.append(
+                        f"Non-standard root-level text file detected: '{file_path.name}'. Only 'requirements.txt' and 'requirements-dev.txt' are allowed."
+                    )
+            # Check transient py files
+            elif file_path.suffix == ".py":
+                for pattern in TRANSIENT_PY_PATTERNS:
+                    if pattern.match(file_path.name):
+                        violations.append(
+                            f"Transient/temporary script detected in root: '{file_path.name}'. Please move it to a subfolder or delete it."
+                        )
+                        break
+
+        # 2. Check for secrets
+        if file_path.suffix.lower() in EXCLUDED_EXTENSIONS:
+            continue
+
+        if file_path.name == "security_sanitizer.py":
+            continue
+
+        try:
+            content = file_path.read_text(encoding="utf-8", errors="ignore")
+            lines = content.splitlines()
+
+            for idx, line in enumerate(lines, 1):
+                if any(bypass in line for bypass in ["# sanitizer:ignore", "# sanitizer-ignore", "# nosec"]):
+                    continue
+
+                for label, pattern in SECRET_PATTERNS:
+                    for match in pattern.findall(line):
+                        match_str = match[0] if isinstance(match, tuple) else match
+                        if not is_placeholder(match_str):
+                            rel_path = file_path.relative_to(repo_path)
+                            violations.append(
+                                f"Potential unmasked secret ({label}) detected in {rel_path}:{idx}\n"
+                                f"  Line: {line.strip()}"
+
+                            )
+        except Exception:
+            pass
+
+    return violations
+
+def main():
+    repo_path = Path.cwd()
+
+    print("🔒 Running Security and Garbage Sanitizer...")
+    violations = scan_repository(repo_path)
+
+    if violations:
+        print("\n❌ SECURITY AND GARBAGE VALIDATION FAILED!")
+        print("Please correct the following issues before committing:")
+        for idx, violation in enumerate(violations, 1):
+            print(f"\n[{idx}] {violation}")
+        print("\nNote: To bypass secret checks on specific lines, append '# sanitizer:ignore' to the end of the line.")
+        sys.exit(1)
+
+    print("✅ All checks passed! No root garbage or unmasked secrets detected.")
+    sys.exit(0)
+
+if __name__ == "__main__":
+    main()