lifeos-cli 0.0.1__tar.gz

lifeos_cli-0.0.1/.github/workflows/dependency-review.yml

@@ -0,0 +1,31 @@
+name: Review Development Dependencies
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 3 1 * *"
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-health:
+    name: Audit Development Dependencies (Python 3.10 Baseline)
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.10"
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v7
+        with:
+          enable-cache: false
+
+      - name: Run dependency health checks
+        run: bash ./scripts/dependency_health.sh

lifeos_cli-0.0.1/.github/workflows/publish.yml

@@ -0,0 +1,129 @@
+name: Release Publish and Repair
+
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch:
+    inputs:
+      release_tag:
+        description: Existing v* tag to publish or repair
+        required: true
+        type: string
+      publish_to_pypi:
+        description: Publish artifacts to PyPI before syncing the GitHub Release
+        required: true
+        default: false
+        type: boolean
+      sync_github_release:
+        description: Create or repair the GitHub Release and release assets
+        required: true
+        default: true
+        type: boolean
+
+concurrency:
+  group: publish-${{ github.event_name == 'workflow_dispatch' && inputs.release_tag || github.ref_name }}
+  cancel-in-progress: false
+
+permissions:
+  contents: write
+  id-token: write
+
+jobs:
+  publish:
+    name: Build and Publish Release Artifacts
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event_name == 'workflow_dispatch' && inputs.release_tag || github.ref }}
+
+      - name: Ensure release target is reachable from main
+        run: |
+          git fetch --no-tags origin main
+          git merge-base --is-ancestor "$GITHUB_SHA" "origin/main"
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.13"
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v7
+        with:
+          enable-cache: false
+
+      - name: Run default regression baseline
+        run: bash ./scripts/doctor.sh
+
+      - name: Export runtime requirements for vulnerability audit
+        run: >
+          uv export --format requirements.txt --no-dev --locked --no-emit-project
+          --output-file /tmp/runtime-requirements.txt >/dev/null
+
+      - name: Run runtime dependency vulnerability audit
+        run: uv run pip-audit --requirement /tmp/runtime-requirements.txt
+
+      - name: Clean previous build artifacts
+        run: rm -rf build dist
+
+      - name: Build package artifacts
+        run: uv build --no-sources
+
+      - name: Verify published version matches tag
+        env:
+          RELEASE_TAG: ${{ github.event_name == 'workflow_dispatch' && inputs.release_tag || github.ref_name }}
+        run: |
+          python - <<'PY'
+          import os
+          import pathlib
+
+          dist_dir = pathlib.Path("dist")
+          wheels = sorted(dist_dir.glob("lifeos_cli-*.whl"))
+          sdists = sorted(dist_dir.glob("lifeos_cli-*.tar.gz"))
+          if len(wheels) != 1:
+              raise SystemExit(f"Expected exactly one wheel in dist/, found {len(wheels)}")
+          if len(sdists) != 1:
+              raise SystemExit(f"Expected exactly one sdist in dist/, found {len(sdists)}")
+          wheel = wheels[0].name
+          sdist = sdists[0].name
+          version = wheel.removeprefix("lifeos_cli-").split("-py3", 1)[0]
+          sdist_version = sdist.removeprefix("lifeos_cli-").removesuffix(".tar.gz")
+          tag = os.environ["RELEASE_TAG"].removeprefix("v")
+          if version != tag:
+              raise SystemExit(f"Wheel version {version!r} does not match tag {tag!r}")
+          if sdist_version != tag:
+              raise SystemExit(f"sdist version {sdist_version!r} does not match tag {tag!r}")
+          print(f"Validated release version: {version}")
+          PY
+
+      - name: Publish to PyPI
+        if: ${{ github.event_name != 'workflow_dispatch' || inputs.publish_to_pypi }}
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+      - name: Sync GitHub Release
+        if: ${{ github.event_name != 'workflow_dispatch' || inputs.sync_github_release }}
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          RELEASE_TAG: ${{ github.event_name == 'workflow_dispatch' && inputs.release_tag || github.ref_name }}
+        run: |
+          set -euo pipefail
+
+          if gh release view "$RELEASE_TAG" --json url >/dev/null 2>&1; then
+            echo "Release ${RELEASE_TAG} already exists."
+          else
+            gh release create "$RELEASE_TAG" --verify-tag --generate-notes
+          fi
+
+          for asset in dist/*.tar.gz dist/*.whl; do
+            asset_name="$(basename "$asset")"
+            if gh release view "$RELEASE_TAG" --json assets --jq '.assets[].name' | grep -Fxq "$asset_name"; then
+              echo "Release asset already present: $asset_name"
+              continue
+            fi
+
+            gh release upload "$RELEASE_TAG" "$asset"
+          done

lifeos_cli-0.0.1/.github/workflows/validate.yml

@@ -0,0 +1,74 @@
+name: Validate PRs and Main
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  quality-gate:
+    name: Validate Default Toolchain
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.13"
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v7
+        with:
+          enable-cache: false
+
+      - name: Run default validation
+        run: bash ./scripts/doctor.sh
+
+      - name: Export runtime requirements for vulnerability audit
+        run: >
+          uv export --format requirements.txt --no-dev --locked --no-emit-project
+          --output-file /tmp/runtime-requirements.txt >/dev/null
+
+      - name: Run runtime dependency vulnerability audit
+        run: uv run pip-audit --requirement /tmp/runtime-requirements.txt
+
+      - name: Clean previous build artifacts
+        run: rm -rf build dist
+
+      - name: Build package artifacts
+        run: uv build --no-sources
+
+  runtime-matrix:
+    name: Validate Runtime Matrix (Python ${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.10", "3.11", "3.12"]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v7
+        with:
+          enable-cache: false
+
+      - name: Sync locked dependencies
+        run: uv sync --all-extras --frozen
+
+      - name: Run runtime regression tests
+        run: uv run pytest

lifeos_cli-0.0.1/.gitignore

@@ -0,0 +1,38 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# Distribution / packaging
+build/
+dist/
+*.egg-info/
+.eggs/
+
+# Virtual environments
+.venv/
+venv/
+env/
+ENV/
+
+# Testing / coverage
+.pytest_cache/
+.coverage
+.coverage.*
+htmlcov/
+
+# Type checkers
+.mypy_cache/
+.pyre/
+.ruff_cache/
+
+# Jupyter
+.ipynb_checkpoints/
+
+# IDEs and editors
+.idea/
+.vscode/
+
+# OS files
+.DS_Store
+Thumbs.db

lifeos_cli-0.0.1/.pre-commit-config.yaml

@@ -0,0 +1,33 @@
+minimum_pre_commit_version: 4.5.0
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-toml
+  - repo: https://github.com/shellcheck-py/shellcheck-py
+    rev: v0.11.0.1
+    hooks:
+      - id: shellcheck
+        args: ["--severity=error"]
+        files: ^scripts/.*\.sh$
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.14.0
+    hooks:
+      - id: ruff
+        args: ["--fix"]
+      - id: ruff-format
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
+    hooks:
+      - id: detect-secrets
+        args: ["--baseline", ".secrets.baseline"]
+  - repo: local
+    hooks:
+      - id: mypy
+        name: mypy
+        entry: uv run mypy src/lifeos_cli tests
+        language: system
+        pass_filenames: false

lifeos_cli-0.0.1/.secrets.baseline

@@ -0,0 +1,127 @@
+{
+  "version": "1.5.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "GitLabTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "IPPublicDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "OpenAIDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "PypiTokenDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TelegramBotTokenDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {},
+  "generated_at": "2026-04-09T03:55:21Z"
+}

lifeos_cli-0.0.1/AGENTS.md

@@ -0,0 +1,41 @@
+# AGENTS.md
+
+The following rules apply to coding agent collaboration in this repository. These complement the general [CONTRIBUTING.md](CONTRIBUTING.md) workflow.
+
+## 1. Core Principles
+
+- Keep repository governance, release safety, and Python compatibility aligned.
+- Prefer small, traceable changes that preserve a releasable `main` branch.
+
+## 2. Collaboration Workflow
+
+- Follow the Git, Issue, and PR workflow defined in [CONTRIBUTING.md](CONTRIBUTING.md).
+- Use `gh` CLI for all issue and PR operations. Do not edit through the web UI.
+- Create a new tracking issue for any development task that does not already have one.
+- Link the relevant issue in the PR description with `Closes #xx` or `Related #xx` as appropriate.
+- Keep issue and PR status synchronized when work scope changes.
+
+## 3. Text and Language Conventions
+
+- Use Simplified Chinese for issues, PR descriptions, comments, and review notes.
+- Use English for repository files, code, comments, commit messages, and Markdown documentation stored in the repository.
+- For multi-line PR bodies or comments, write to a temporary file first and pass it through `gh`.
+
+## 4. Validation and Release Safety
+
+- Use the primary validation entrypoint for code changes:
+  ```bash
+  bash ./scripts/doctor.sh
+  ```
+- If changes affect compatibility claims, packaging metadata, or CI, validate the impacted Python versions explicitly.
+- Keep release-related changes aligned with:
+  - [pyproject.toml](pyproject.toml)
+  - [.github/workflows/validate.yml](.github/workflows/validate.yml)
+  - [.github/workflows/publish.yml](.github/workflows/publish.yml)
+- Do not weaken checks that protect trusted publishing, locked dependency resolution, or tag/version consistency without explicit justification.
+
+## 5. Security and Documentation
+
+- Never commit secrets, tokens, private keys, or `.env` contents.
+- Ensure logs and examples do not expose credentials or sensitive local paths unintentionally.
+- Update [SECURITY.md](SECURITY.md), [README.md](README.md), and release-related docs when changing publishing, dependency, or security-sensitive behavior.

lifeos_cli-0.0.1/CODE_OF_CONDUCT.md

@@ -0,0 +1,25 @@
+# Code of Conduct
+
+This project expects respectful, technically focused collaboration.
+
+## Expected Behavior
+
+- Assume good intent and communicate directly.
+- Keep discussions specific, evidence-based, and relevant to the repository.
+- Use welcoming language in public issues, pull requests, and review comments.
+- Respect maintainers' time by providing reproducible reports and clear context.
+
+## Unacceptable Behavior
+
+- Harassment, discrimination, or personal attacks.
+- Doxxing, threats, or sustained hostile behavior.
+- Repeated spam, bad-faith disruption, or intentionally misleading reports.
+- Sharing secrets, tokens, or private data in public threads.
+
+## Reporting
+
+For normal collaboration problems, open an issue with enough context to review the situation. For security-sensitive or private concerns, follow the disclosure path in [SECURITY.md](SECURITY.md).
+
+## Enforcement
+
+Repository maintainers may edit, hide, lock, or remove content that violates this policy, and may restrict participation when needed to keep collaboration safe and productive.

lifeos_cli-0.0.1/CONTRIBUTING.md

@@ -0,0 +1,76 @@
+# Contributing
+
+Thanks for contributing to `lifeos-cli`.
+
+This repository ships the `lifeos-cli` distribution and the `lifeos` command-line entrypoint. Changes should keep package metadata, CLI behavior, CI, security expectations, and release workflows aligned.
+
+## Before You Start
+
+- Read [README.md](README.md) for project scope and local development commands.
+- Read [SECURITY.md](SECURITY.md) before changing publishing, credentials, or dependency handling.
+- Read [AGENTS.md](AGENTS.md) if you are contributing through an automated coding workflow.
+
+## Development Setup
+
+Requirements:
+
+- Python 3.10, 3.11, 3.12, or 3.13
+- `uv`
+
+Install dependencies:
+
+```bash
+uv sync --all-extras
+```
+
+## Validation
+
+Run the default validation baseline before opening a PR:
+
+```bash
+bash ./scripts/doctor.sh
+```
+
+If you change CI, packaging metadata, or compatibility declarations, also validate the relevant interpreter targets explicitly. Examples:
+
+```bash
+rm -rf .venv && uv sync --all-extras --python 3.10 --frozen && .venv/bin/python -m pytest
+rm -rf .venv && uv sync --all-extras --python 3.11 --frozen && .venv/bin/python -m pytest
+rm -rf .venv && uv sync --all-extras --python 3.12 --frozen && .venv/bin/python -m pytest
+rm -rf .venv && uv sync --all-extras --python 3.13 --frozen && bash ./scripts/doctor.sh
+```
+
+If you change dependency or release workflows, also run:
+
+```bash
+bash ./scripts/dependency_health.sh
+uv export --format requirements.txt --no-dev --locked --no-emit-project --output-file /tmp/runtime-requirements.txt >/dev/null
+uv run pip-audit --requirement /tmp/runtime-requirements.txt
+rm -rf build dist && uv build --no-sources
+```
+
+## Change Expectations
+
+- Keep code, comments, commit messages, and repository docs in English.
+- Keep issue and PR collaboration in Simplified Chinese for this repository.
+- Prefer explicit, additive changes over hidden behavioral shifts.
+- Keep Python compatibility declarations, CI matrices, and packaging metadata consistent with each other.
+- Treat release and trusted publishing changes as security-sensitive infrastructure work.
+
+## Git and PR Workflow
+
+- Branch from the latest `main`.
+- Use `git fetch` and `git merge --ff-only` to sync from `main`.
+- Do not push directly to protected branches.
+- Create or link a tracking issue for substantive development work.
+- Use English commit-message style for PR titles.
+- Link relevant issues in the PR description using `Closes #xx` or `Related #xx`.
+
+## Documentation
+
+Update docs together with code whenever you change:
+
+- supported Python versions
+- validation or dependency workflows
+- release or publishing behavior
+- security or disclosure guidance