nab-python 0.0.4__py3-none-any.whl → 0.0.5__py3-none-any.whl

nab_python/_lockfile/pylock.py

@@ -45,11 +45,26 @@ if TYPE_CHECKING:
 
 
 __all__ = [
+    "DivergentBaseDependencyError",
     "build_pylock",
     "write_lock",
 ]
 
 
+class DivergentBaseDependencyError(ValueError):
+    """An environment's conflict forks disagree on a base dependency's pin.
+
+    A base dependency present in every fork of an environment drops its
+    membership clause so it installs even when no conflicting member is
+    selected, which requires the forks to agree on one (version, source).
+    When they diverge, every candidate entry keeps a membership clause,
+    so nothing would fire in the no-member install context and the
+    dependency would silently not install.  Surface the divergence with
+    the offending package and per-fork pins so the producer can
+    reconcile the forks rather than commit an incomplete lock.
+    """
+
+
 def write_lock(
     lock_input: LockInput,
     *,
@@ -317,7 +332,9 @@ def _build_per_tuple_packages(lock_input: LockInput, lock_dir: Path) -> list[Pac
     not by the base is absent from that set, so it keeps the
     membership clause and does not install when no member is selected.
     See :class:`LockInput.env_base_names` for the missing-signature
-    contract.
+    contract.  Forks of one environment that disagree on a base
+    dependency's pin raise :class:`DivergentBaseDependencyError`
+    instead of emitting a lock whose no-member context misses it.
     """
     out: list[Package] = []
     by_name = _group_by_name(lock_input.per_tuple_pins)
@@ -330,6 +347,14 @@ def _build_per_tuple_packages(lock_input: LockInput, lock_dir: Path) -> list[Pac
     )
     for canonical_name, per_tuple in by_name.items():
         groups = _group_pins_by_pin(per_tuple)
+        _check_base_fork_agreement(
+            canonical_name,
+            per_tuple,
+            groups,
+            env_signatures,
+            env_fork_counts,
+            lock_input.env_base_names,
+        )
         for pins, tuple_labels in groups:
             marker = _build_marker(
                 canonical_name,
@@ -452,6 +477,46 @@ def _merge_pins_in_group(pins: list[PinShape]) -> PinShape:
     )
 
 
+def _check_base_fork_agreement(
+    name: str,
+    per_tuple: Mapping[str, PinShape],
+    groups: list[tuple[list[PinShape], list[str]]],
+    env_signatures: Mapping[str, tuple[tuple[str, str], ...]],
+    env_fork_counts: Mapping[tuple[tuple[str, str], ...], int],
+    env_base_names: Mapping[tuple[tuple[str, str], ...], frozenset[str]],
+) -> None:
+    """Reject a base dep whose forks within one env pin it differently.
+
+    The env-only collapse in :func:`_build_marker` needs a single
+    (version, source) group spanning every fork of the environment.
+    Divergent pins split the forks across groups, so every entry would
+    keep its membership clause and none would fire when no member is
+    selected: the base dependency would silently not install.
+    """
+    by_env: defaultdict[tuple[tuple[str, str], ...], list[str]] = defaultdict(list)
+    for label in sorted(per_tuple.keys() & env_signatures.keys()):
+        by_env[env_signatures[label]].append(label)
+    for signature, labels in by_env.items():
+        if len(labels) < env_fork_counts[signature]:
+            continue
+        if name not in env_base_names.get(signature, frozenset()):
+            continue
+        in_env = set(labels)
+        widest = max(
+            sum(1 for label in group_labels if label in in_env)
+            for _, group_labels in groups
+        )
+        if widest >= env_fork_counts[signature]:
+            continue
+        forks = ", ".join(f"{label} -> {per_tuple[label].version}" for label in labels)
+        msg = (
+            f"{name}: the conflict forks of one environment pin this base"
+            f" dependency differently ({forks}); no lockfile entry would"
+            " install it when no conflicting member is selected"
+        )
+        raise DivergentBaseDependencyError(msg)
+
+
 def _build_marker(
     name: str,
     tuple_labels: Sequence[str],

nab_python/_lockfile/requirements.py

@@ -33,8 +33,10 @@ def write_requirements_with_hashes(
     Each line is ``name==version`` followed by one ``--hash=sha256:...``
     per recorded artefact, in the format pip's hash-checking mode
     accepts.  Local and VCS pins are emitted as ``name @ <url>`` lines
-    without hashes (pip does not hash-check those forms).  Returns the
-    text and, when ``output_path`` is provided, atomically writes it.
+    without hashes (pip does not hash-check those forms); an editable
+    local pin renders as ``-e <url>`` and a ``subdirectory`` as a
+    ``#subdirectory=`` fragment.  Returns the text and, when
+    ``output_path`` is provided, atomically writes it.
     """
     return _render_requirements(lock_input, with_hashes=True, output_path=output_path)
 
@@ -45,8 +47,8 @@ def write_requirements_without_hashes(
     """Render ``lock_input`` as a plain ``name==version`` list.
 
     Same shape as :func:`write_requirements_with_hashes` but without
-    the ``--hash=sha256:...`` lines.  Local and VCS pins still render
-    as ``name @ <url>``.  Returns the text and, when ``output_path``
+    the ``--hash=sha256:...`` lines.  Local and VCS pins render the
+    same in both variants.  Returns the text and, when ``output_path``
     is provided, atomically writes it.
     """
     return _render_requirements(lock_input, with_hashes=False, output_path=output_path)
@@ -97,7 +99,13 @@ def _render_pins(pins: Mapping[str, PinShape], *, with_hashes: bool) -> list[str
         if isinstance(pin, IndexPin):
             lines.extend(_render_index_pin(pin, with_hashes=with_hashes))
         elif isinstance(pin, LocalPin):
-            lines.append(f"{pin.name} @ {Path(pin.path).resolve().as_uri()}")
+            url = Path(pin.path).resolve().as_uri()
+            if pin.subdirectory is not None:
+                url += f"#subdirectory={pin.subdirectory}"
+            if pin.editable:
+                lines.append(f"-e {url}")
+            else:
+                lines.append(f"{pin.name} @ {url}")
         elif isinstance(pin, VcsPin):
             lines.append(f"{pin.name} @ {pin.repo_url}")
         else:  # pragma: no cover - exhaustive

nab_python/_provider/extras.py

@@ -76,17 +76,23 @@ def _pick_in_mode(
 ) -> Version | None:
     """Pick a candidate honoring ``ExtrasMode``.
 
-    User-requested extras return the first candidate that does not have
-    known-invalid metadata. Transitive extras additionally validate the
-    base metadata parses, so a malformed PKG-INFO becomes a candidate
-    skip instead of a fatal error during the later dependency fetch.
-    BACKTRACK mode additionally checks ``Provides-Extra``.
-
-    Missing-metadata cases (no PEP 658, no sdist) fall through;
-    mock test coordinators rely on this.
+    Fetches base metadata so an extraction failure (unparseable
+    PKG-INFO, or an sdist build the policy disallows) becomes a
+    candidate skip instead of a fatal error during the later
+    dependency fetch.  BACKTRACK mode additionally checks
+    ``Provides-Extra`` for transitive extras.
+
+    Missing-metadata cases (no PEP 658, no sdist) skip transitive
+    extras but fall through for user-requested ones; mock test
+    coordinators rely on this.
     """
     # Late import: ``pypi`` imports this module at module load.
-    from ..provider import ExtrasMode, MetadataError, _normalize_extra
+    from ..provider import (
+        ExtrasMode,
+        MetadataError,
+        UnsupportedSdistError,
+        _normalize_extra,
+    )
 
     _, _, normalized = provider.split_and_normalize(base)
     is_user = (normalized, extra) in provider.root_extras
@@ -94,17 +100,15 @@ def _pick_in_mode(
     for version in candidates:
         if provider.has_invalid_metadata(normalized, version):
             continue
-        if is_user:
-            return version
-        # Fetch base metadata so an unparseable PKG-INFO is caught
-        # before the extras proxy decides this version. Any
-        # MetadataError (parse failure or no metadata source) is a
-        # candidate skip.
         try:
             provider.get_dependencies(base, version)
-        except MetadataError:
+        except UnsupportedSdistError:
             continue
-        if not backtrack:
+        except MetadataError:
+            if not is_user or provider.has_invalid_metadata(normalized, version):
+                continue
+            return version
+        if is_user or not backtrack:
             return version
         metadata = provider.metadata_cache.get((normalized, version))
         provided = (
@@ -188,7 +192,11 @@ def get_extra_dependencies(
         return handle_missing_extra(provider, normalized, extra, version, cache_key)
 
     deps = dict(extra_map[extra])
-    deps[normalized] = VersionRange.singleton(version)
+    # Pin the base, intersected with any bound the extra itself
+    # places on it (``foo>=2; extra == "bar"``).
+    deps[normalized] = deps.get(
+        normalized, VersionRange.full()
+    ) & VersionRange.singleton(version)
 
     provider.deps_cache[cache_key] = deps
     provider.prefetch_new_deps(deps)
@@ -223,9 +231,10 @@ def handle_missing_extra(
         version,
         extra,
     )
-    # Return empty deps: the extra doesn't exist, so the proxy
-    # contributes nothing. Don't pin to the base version, as that
-    # creates unnecessary coupling that causes backtracking storms
-    # when the resolver tries many base versions.
-    provider.deps_cache[cache_key] = {}
-    return {}
+    # The extra contributes no deps at this version, but the proxy
+    # must still pin its base: without the pin the proxy and the base
+    # can settle on different versions, and if the base's version does
+    # provide the extra its dependencies are silently dropped.
+    deps = {normalized: VersionRange.singleton(version)}
+    provider.deps_cache[cache_key] = deps
+    return deps

nab_python/_provider/listing.py

@@ -271,10 +271,10 @@ def excluded_by_python(provider: Provider, dist: DistFile) -> bool:
         try:
             spec = SpecifierSet(requires_python)
             cached = Version(provider.python_version) not in spec
-        except (InvalidSpecifier, InvalidVersion):
-            # Malformed Requires-Python on the dist or our own
-            # python_version: treat as not-excluded, let downstream
-            # logic decide.
+        except InvalidSpecifier:
+            # Malformed Requires-Python on the dist: treat as
+            # not-excluded, let downstream logic decide.  Our own
+            # python_version is validated at Provider construction.
             cached = False
         provider.requires_python_cache[requires_python] = cached
     if cached:
@@ -425,14 +425,21 @@ def await_metadata_batch(
         event.wait()
         text = provider.coordinator.index.get_metadata(package, ver_str)
         if text is None:
-            provider.deps_cache[cache_key] = {}
-        else:
-            try:
-                provider.parse_and_cache_metadata(cache_key, text)
-            except (ValueError, InvalidVersion, InvalidSpecifier):
-                # Malformed metadata: cache empty deps so the candidate
-                # acts as if it had no deps rather than bubbling.
-                provider.deps_cache[cache_key] = {}
+            # No PEP 658 text arrived: leave the version un-cached so
+            # look-ahead's get_dependencies runs the sdist fallback (or
+            # refuses it) rather than pinning it as dependency-free.
+            continue
+        if provider.coordinator.index.metadata_from_sdist(package, ver_str):
+            # The shared slot holds sdist PKG-INFO from an earlier
+            # fallback; caching it here would skip the PEP 643 gate
+            # that get_dependencies applies on the from_sdist path.
+            continue
+        try:
+            provider.parse_and_cache_metadata(cache_key, text)
+        except (ValueError, InvalidVersion, InvalidSpecifier):
+            # Malformed metadata: same reason, refuse via get_dependencies
+            # (_invalid_metadata) instead of caching empty deps.
+            continue
 
 
 def prefetch_new_deps(provider: Provider, deps: Mapping[str, VersionRange]) -> None:

nab_python/_provider/metadata_resolver.py

@@ -48,11 +48,11 @@ def resolve_metadata(
 
     text = provider.coordinator.index.get_metadata(normalized, ver_str)
     if text is not None:
-        # Decide source from listing: a wheel-with-metadata-url at this
-        # version means the text was wheel METADATA; otherwise sdist
-        # PKG-INFO.  ``_metadata`` and ``_sdist`` write to the same
-        # slot, so we can't tell from the index alone.
-        from_sdist = not has_wheel_metadata_at(versions, version)
+        # Wheel METADATA and sdist PKG-INFO share the slot; the index
+        # records which kind the last write was.  Inferring from the
+        # listing instead would mislabel the text whenever this
+        # provider's view differs from the one that stored it.
+        from_sdist = provider.coordinator.index.metadata_from_sdist(normalized, ver_str)
         return (text, from_sdist)
 
     dist = pick_dist_for_metadata(versions, version)
@@ -85,18 +85,6 @@ def resolve_metadata(
     raise MetadataError(msg)
 
 
-def has_wheel_metadata_at(
-    versions: Sequence[tuple[Version, DistFile]], version: Version
-) -> bool:
-    """Report whether the listing has a wheel with PEP 658 metadata."""
-    for v, d in versions:
-        if v != version:
-            continue
-        if isinstance(d, WheelFile) and d.metadata_url is not None:
-            return True
-    return False
-
-
 def pick_dist_for_metadata(
     versions: Sequence[tuple[Version, DistFile]], version: Version
 ) -> DistFile | None:

nab_python/_provider/priority.py

@@ -93,7 +93,9 @@ def compute_matching(
     elif has_local_source:
         matching = 1
     else:
-        matching = _NO_LISTING_PRIOR
+        # Not cached, so the next call re-checks the index and the
+        # listing-arrival side effect above can still fire.
+        return _NO_LISTING_PRIOR
 
     if per_pkg is None:
         per_pkg = provider.matching_cache[normalized] = {}

nab_python/_vcs_admission.py

@@ -103,15 +103,16 @@ def split_vcs_scheme(url: str) -> tuple[str | None, str]:
 def has_full_commit_sha(url: str) -> bool:
     """Return True if the URL pins to a 40-char hex commit hash.
 
-    Looks for ``@<sha>`` after the scheme://host portion; ignores any
-    ``#`` fragment.  Tolerates ``user@host`` syntax by taking the last
-    ``@`` in the path/ref portion.
+    Looks for ``@<sha>`` in the path component (after the authority);
+    ignores any ``#`` fragment.  A ``user@host`` in the authority is
+    left alone, matching the ref parsing in :mod:`nab_index.vcs`.
     """
     fragmentless = url.split("#", 1)[0]
-    after_authority = fragmentless.split("://", 1)[-1]
-    if "@" not in after_authority:
+    after_scheme = fragmentless.split("://", 1)[-1]
+    path = after_scheme.partition("/")[2]
+    if "@" not in path:
         return False
-    ref = after_authority.rsplit("@", 1)[1]
+    ref = path.rsplit("@", 1)[1]
     return bool(FULL_GIT_SHA_RE.match(ref))
 
 

nab_python/download.py

@@ -104,6 +104,8 @@ def _entries_for_pin(canonical: str, pin: PinShape) -> Iterable[DownloadEntry]:
 
 
 def _iter_index_pin(canonical: str, pin: IndexPin) -> Iterable[DownloadEntry]:
+    # Recorded digests are lowercased to match hashlib.hexdigest() output:
+    # index-fed flows already lowercase, but a caller-built LockInput may not.
     if pin.sdist is not None:
         algo, digest = pin.sdist.primary_digest
         yield DownloadEntry(
@@ -112,7 +114,7 @@ def _iter_index_pin(canonical: str, pin: IndexPin) -> Iterable[DownloadEntry]:
             filename=pin.sdist.filename,
             url=pin.sdist.url,
             hash_algo=algo,
-            digest=digest,
+            digest=digest.lower(),
         )
     for wheel in pin.wheels:
         algo, digest = wheel.primary_digest
@@ -122,7 +124,7 @@ def _iter_index_pin(canonical: str, pin: IndexPin) -> Iterable[DownloadEntry]:
             filename=wheel.filename,
             url=wheel.url,
             hash_algo=algo,
-            digest=digest,
+            digest=digest.lower(),
         )
 
 

nab_python/fetch.py

@@ -141,6 +141,10 @@ class InMemoryIndex:
         self._listing_errors: dict[str, BaseException] = {}
         self._listing_indexes: dict[str, str] = {}
         self._metadata: dict[tuple[str, str], str | None] = {}
+        # Keys whose ``_metadata`` slot was last written from an sdist
+        # PKG-INFO rather than a wheel METADATA; readers need the
+        # origin because only sdist deps go through the PEP 643 gate.
+        self._metadata_from_sdist: set[tuple[str, str]] = set()
         self._sdist_pyproject: dict[tuple[str, str], str | None] = {}
         self._sdist_archives: dict[tuple[str, str], bytes | None] = {}
         self._pending: dict[str, _Pending] = {}
@@ -227,6 +231,7 @@ class InMemoryIndex:
         key = f"metadata:{package}:{version}"
         with self._lock:
             self._metadata[(package, version)] = data
+            self._metadata_from_sdist.discard((package, version))
             pending = self._pending.get(key)
         if pending is not None:
             pending.result = data
@@ -241,15 +246,27 @@ class InMemoryIndex:
         because PKG-INFO is core-metadata-equivalent. The pending
         keys differ so a sdist request can run in parallel with (or
         after) a failed wheel metadata request.
+        :meth:`metadata_from_sdist` reports which kind the slot holds.
         """
         key = f"sdist:{package}:{version}"
         with self._lock:
             self._metadata[(package, version)] = data
+            self._metadata_from_sdist.add((package, version))
             pending = self._pending.get(key)
         if pending is not None:
             pending.result = data
             pending.event.set()
 
+    def metadata_from_sdist(self, package: str, version: str) -> bool:
+        """Return ``True`` when the metadata slot was last written from an sdist.
+
+        The slot itself cannot distinguish wheel METADATA from sdist
+        PKG-INFO; readers that apply the :pep:`643` dynamic-deps gate
+        only to sdist values ask here for the current text's origin.
+        """
+        with self._lock:
+            return (package, version) in self._metadata_from_sdist
+
     def store_sdist_pyproject(self, package: str, version: str, data: str) -> None:
         """Store sdist-derived pyproject.toml text for static-metadata fallback.
 
@@ -470,6 +487,11 @@ class FetchCoordinator:
         self._thread.join(timeout=_COORDINATOR_JOIN_TIMEOUT_SECONDS)
         self._thread = None
         self._started = False
+        # Drop the dead loop so a later start() waits for the fresh one
+        # instead of submitting to a closed loop.
+        self._loop = None
+        self._async_q = None
+        self._queue_ready.clear()
 
     def _submit(self, item: _QueueItem) -> None:
         """Schedule ``item`` on the fetcher loop's queue from any thread."""
@@ -711,7 +733,8 @@ class FetchCoordinator:
 
         client = self._build_client()
         try:
-            while True:
+            stopping = False
+            while not stopping:
                 item = await queue.get()
                 if item is None:
                     break
@@ -725,10 +748,11 @@ class FetchCoordinator:
                     except asyncio.QueueEmpty:
                         break
                     if extra is None:
-                        for t in tasks:
-                            t.cancel()
-                        await asyncio.gather(*tasks, return_exceptions=True)
-                        return
+                        # Fall through to the gather below instead of
+                        # cancelling: a cancelled _handle never records a
+                        # result, leaving its waiter's event unset forever.
+                        stopping = True
+                        break
                     self._dispatch(extra, client, sem, tasks)
 
             if tasks:
@@ -856,9 +880,12 @@ class FetchCoordinator:
         pkg_info, pyproject = await client.get_sdist_files(
             req.package, req.version, req.url
         )
-        self.index.store_sdist_metadata(req.package, req.version, pkg_info)
+        # Store pyproject.toml first: store_sdist_metadata fires the
+        # pending event, and a released waiter reads the pyproject slot
+        # with no further synchronisation.
         if pyproject is not None:
             self.index.store_sdist_pyproject(req.package, req.version, pyproject)
+        self.index.store_sdist_metadata(req.package, req.version, pkg_info)
 
     async def _fetch_sdist_archive(
         self,

nab_python/lockfile.py

@@ -24,7 +24,7 @@ from ._lockfile.builder import (
     read_lockfile_packages,
 )
 from ._lockfile.disjointness import DisjointnessError
-from ._lockfile.pylock import build_pylock, write_lock
+from ._lockfile.pylock import DivergentBaseDependencyError, build_pylock, write_lock
 from ._lockfile.requirements import (
     write_requirements_with_hashes,
     write_requirements_without_hashes,
@@ -44,6 +44,7 @@ __all__ = [
     "ACCEPTED_HASH_ALGORITHMS",
     "LOCK_VERSION",
     "DisjointnessError",
+    "DivergentBaseDependencyError",
     "IndexPin",
     "LocalPin",
     "LockInput",

nab_python/metadata.py

@@ -12,7 +12,7 @@ from __future__ import annotations
 import email.parser
 from dataclasses import dataclass, field
 from functools import lru_cache
-from typing import Any
+from typing import TYPE_CHECKING, Any
 
 import tomli
 
@@ -20,6 +20,9 @@ from ._vendor.packaging.requirements import Requirement
 from ._vendor.packaging.specifiers import SpecifierSet
 from ._vendor.packaging.version import Version
 
+if TYPE_CHECKING:
+    from ._vendor.packaging.markers import Marker
+
 __all__ = [
     "DEPENDENCY_FIELDS",
     "WheelMetadata",
@@ -88,6 +91,22 @@ def metadata_deps_are_static(metadata: WheelMetadata) -> bool:
     return not (DEPENDENCY_FIELDS & metadata.dynamic)
 
 
+@lru_cache(maxsize=8192)
+def _intern_marker(marker: Marker) -> Marker:
+    """Return a shared :class:`Marker` for an equal marker expression.
+
+    ``Marker`` hashes and compares by its text, so a single marker like
+    ``extra == "test"`` recurs across hundreds of distinct dep strings
+    (``pytest; extra == "test"``, ``coverage; extra == "test"``, ...),
+    each parsing to its own object.  The provider caches marker
+    evaluation by ``id(marker)``, so sharing one object per distinct
+    expression lets that cache hit across every candidate instead of
+    re-evaluating the same expression per dep.  Markers are read-only,
+    so sharing is safe.
+    """
+    return marker
+
+
 @lru_cache(maxsize=16384)
 def _parse_requirement_cached(req_str: str) -> Requirement:
     """Cache ``Requirement(req_str)`` parsing across wheel metadata.
@@ -97,7 +116,10 @@ def _parse_requirement_cached(req_str: str) -> Requirement:
     only read operations (specifier, marker, extras, name) so sharing
     parsed objects is safe.
     """
-    return Requirement(req_str)
+    req = Requirement(req_str)
+    if req.marker is not None:
+        req.marker = _intern_marker(req.marker)
+    return req
 
 
 @lru_cache(maxsize=65536)

nab_python/provider.py

@@ -7,7 +7,6 @@ types.  Uses a thread pool with a shared HTTP session to overlap I/O.
 
 from __future__ import annotations
 
-import contextlib
 import enum
 import logging
 import re
@@ -98,16 +97,17 @@ _PYTHON_FULL_VERSION_PARTS = 3
 def python_axis_environment(python_version: str) -> dict[str, str]:
     """Map an explicit Python version to its PEP 508 marker keys.
 
-    ``python_full_version`` is padded to three components so patch-precision
-    markers evaluate the same here as in the universal matrix. Raises
-    ``InvalidVersion`` if the input is not a version.
+    ``python_version`` is padded to two components and
+    ``python_full_version`` to three so patch-precision markers evaluate
+    the same here as in the universal matrix. Raises ``InvalidVersion``
+    if the input is not a version.
     """
-    release = Version(python_version).release
-    minor = (
-        f"{release[0]}.{release[1]}"
-        if len(release) >= _PYTHON_VERSION_PARTS
-        else python_version
-    )
+    try:
+        release = Version(python_version).release
+    except InvalidVersion:
+        msg = f"python_version {python_version!r} is not a valid version"
+        raise InvalidVersion(msg) from None
+    minor = ".".join(str(part) for part in (*release, 0)[:_PYTHON_VERSION_PARTS])
     full = (
         python_version
         if len(release) >= _PYTHON_FULL_VERSION_PARTS
@@ -494,8 +494,7 @@ class Provider:
         }
         self.environment: dict[str, str] = env_init
         if python_version is not None:
-            with contextlib.suppress(InvalidVersion):
-                self.environment.update(python_axis_environment(python_version))
+            self.environment.update(python_axis_environment(python_version))
         if marker_environment:
             for key, value in marker_environment.items():
                 self.environment[key] = value

nab_python/resolve.py

@@ -2,7 +2,6 @@
 
 from __future__ import annotations
 
-import contextlib
 import itertools
 import logging
 import sys
@@ -23,7 +22,7 @@ from ._vendor.packaging.ranges import VersionRange
 from ._vendor.packaging.requirements import Requirement
 from ._vendor.packaging.specifiers import SpecifierSet
 from ._vendor.packaging.utils import canonicalize_name
-from ._vendor.packaging.version import InvalidVersion, Version
+from ._vendor.packaging.version import Version
 from .config import (
     ConfigError,
     ConflictFork,
@@ -689,8 +688,7 @@ def _build_marker_environment(
         for key, value in default_environment().items()
         if isinstance(value, str)
     }
-    with contextlib.suppress(InvalidVersion):
-        env.update(python_axis_environment(python_version))
+    env.update(python_axis_environment(python_version))
     env.update(overrides)
     return env
 

nab_python/universal/matrix.py

@@ -231,9 +231,9 @@ class Matrix:
         """Expand the matrix into concrete tuples.
 
         Validates inputs eagerly: unknown platform ids, unknown
-        implementations, an empty python range, or an invalid
-        ``python_order`` each raise a ``ValueError`` before any work
-        happens.
+        implementations, ``python_patches`` keys that are not known
+        minors, an empty python range, or an invalid ``python_order``
+        each raise a ``ValueError`` before any work happens.
 
         ``platforms`` accepts either bare platform-id strings (use
         default tag floors) or :class:`PlatformSpec` instances for
@@ -258,13 +258,20 @@ class Matrix:
         if unknown_impl:
             msg = f"Unknown implementations: {unknown_impl!r}"
             raise ValueError(msg)
+        patches = self.python_patches or {}
+        unknown_patches = [m for m in patches if m not in _KNOWN_PYTHON_MINORS]
+        if unknown_patches:
+            msg = (
+                f"Unknown python_patches minors: {unknown_patches!r};"
+                " keys must be major.minor like '3.11'"
+            )
+            raise ValueError(msg)
         py_versions = list(_pythons_in_range(self.python))
         if not py_versions:
             msg = f"No known Python versions match {self.python!r}"
             raise ValueError(msg)
         if self.python_order == "desc":
             py_versions.reverse()
-        patches = self.python_patches or {}
         multi_impl = len(self.implementations) > 1
         return [
             MatrixTuple(

nab_python/universal/reresolve.py

@@ -201,9 +201,12 @@ def _resolve_one_tuple_with_overrides(  # noqa: PLR0913
     resolution_strategy: str,
 ) -> dict[str, str]:
     """Re-resolve ``tup`` with the given metadata overrides; return pins."""
+    # Carry the original tuple's patch release so markers gated on
+    # python_full_version evaluate the same in both passes.
     one_tuple_matrix = _Matrix(
         python=f"=={tup.python_version}",
         platforms=(tup.platform_spec,),
+        python_patches={tup.python_version: tup.environment["python_full_version"]},
         implementations=(tup.implementation,),
     )
     with _override_metadata(coordinator, wheel_metadata):
@@ -294,17 +297,24 @@ def _override_metadata(
     overridden raw text rather than serving the prior tuple's view.
     """
     text_snapshot: dict[tuple[str, str], str | None] = {}
+    from_sdist_snapshot: dict[tuple[str, str], bool] = {}
     parsed_snapshot: dict[tuple[str, str], object | None] = {}
     for key in overrides:
         text_snapshot[key] = coordinator.index.get_metadata(*key)
+        from_sdist_snapshot[key] = coordinator.index.metadata_from_sdist(*key)
         parsed_snapshot[key] = coordinator.index.pop_parsed_metadata(*key)
     try:
         for key, text in overrides.items():
             coordinator.index.store_metadata(*key, text)
         yield
     finally:
+        # Restore through the matching store call so the slot's sdist
+        # provenance survives the override cycle.
         for key, prior in text_snapshot.items():
-            coordinator.index.store_metadata(*key, prior)
+            if from_sdist_snapshot[key]:
+                coordinator.index.store_sdist_metadata(*key, prior)
+            else:
+                coordinator.index.store_metadata(*key, prior)
         for key, parsed in parsed_snapshot.items():
             coordinator.index.pop_parsed_metadata(*key)
             if parsed is not None:

nab_python/universal/validate.py

@@ -26,7 +26,7 @@ from .._vendor.packaging.requirements import (
     InvalidRequirement,
     Requirement,
 )
-from .._vendor.packaging.utils import canonicalize_name
+from .._vendor.packaging.utils import canonicalize_name, canonicalize_version
 from ..metadata import load_static_project, metadata_deps_are_static, parse_metadata
 from .wheel_selection import select_wheel_for_tuple
 
@@ -47,7 +47,9 @@ __all__ = [
 
 # Statuses that always fail the lock at install time, regardless of
 # build policy.
-_ALWAYS_FATAL_STATUSES = frozenset({"no_compatible_wheel", "no_metadata"})
+_ALWAYS_FATAL_STATUSES = frozenset(
+    {"version_not_found", "no_compatible_wheel", "no_metadata"}
+)
 
 # Statuses that fail only when the build policy refuses to build
 # from sdist (BuildPolicy.NEVER).  These pins resolve fine if the
@@ -77,8 +79,10 @@ class PinValidation:
 
     - ``ok``: chosen wheel's deps (after marker eval) match the resolver's.
     - ``divergent``: wheel has metadata but deps differ from baseline.
-    - ``sdist_only``: no wheels at all; the user must build from sdist.
-      Fatal under ``BuildPolicy.NEVER``.
+    - ``sdist_only``: an sdist but no wheels; the user must build from
+      sdist. Fatal under ``BuildPolicy.NEVER``.
+    - ``version_not_found``: the index has no files at the pinned
+      version (or no listing for the package). Always fatal.
     - ``no_compatible_wheel``: wheels exist but none match the tuple's
       tags and no buildable sdist exists. Always fatal.
     - ``no_compatible_wheel_with_sdist``: as above but a sdist is
@@ -112,9 +116,10 @@ class ValidationReport:
     def fatal_findings(self, *, build_allowed: bool = False) -> list[PinValidation]:
         """Return findings that would prevent installation.
 
-        Always fatal: ``no_compatible_wheel`` (no installable
-        artifact) and ``no_metadata`` (we can't trust the resolver
-        ran with the right deps).
+        Always fatal: ``version_not_found`` (nothing at the pinned
+        version), ``no_compatible_wheel`` (no installable artifact)
+        and ``no_metadata`` (we can't trust the resolver ran with
+        the right deps).
 
         Fatal under BuildPolicy.NEVER: ``sdist_only`` and
         ``no_compatible_wheel_with_sdist`` (only sdist available).
@@ -165,6 +170,14 @@ def _validate_pin(  # noqa: PLR0911 - one return per outcome reads cleaner here
     files_at_version = [f for f in listing if f.version == str(version)]
     wheels_at_version = [f for f in files_at_version if isinstance(f, WheelFile)]
     has_sdist = any(not isinstance(f, WheelFile) for f in files_at_version)
+    if not files_at_version:
+        return PinValidation(
+            tuple_label=tup.label,
+            package=package,
+            version=str(version),
+            status="version_not_found",
+            detail="index has no files at this version; nothing to install or build",
+        )
     if not wheels_at_version:
         return PinValidation(
             tuple_label=tup.label,
@@ -408,7 +421,9 @@ def _evaluate_metadata_deps_by_extra(
     references go to the base bucket; markers with ``extra ==
     "name"`` go to that named bucket.  This lets the validator catch
     per-extra divergence between the resolver's listing baseline and
-    the chosen wheel, even when base deps match.
+    the chosen wheel, even when base deps match.  Bucket members are
+    :func:`_requirement_key` strings, so two wheels that agree on dep
+    names but disagree on specifiers still diverge.
     """
     metadata = parse_metadata(metadata_text)
     extras = {canonicalize_name(e) for e in metadata.provides_extra}
@@ -421,12 +436,35 @@ def _evaluate_metadata_deps_by_extra(
             req = Requirement(str(req_text))
         except InvalidRequirement:  # pragma: no cover
             continue
-        name = canonicalize_name(req.name)
+        key = _requirement_key(req)
         marker = req.marker
         if marker is None or marker.evaluate(base_env):
-            out[None].add(name)
+            out[None].add(key)
             continue
         for e in extras:
             if marker.evaluate({**environment, "extra": e}):
-                out[e].add(name)
+                out[e].add(key)
     return out
+
+
+def _requirement_key(req: Requirement) -> str:
+    """Render a requirement's name, extras and constraint canonically.
+
+    Versions are canonicalized per specifier so equivalent spellings
+    (``>=2.0`` vs ``>=2``) compare equal across wheels; the marker is
+    omitted because bucketing by extra already accounts for it.
+    """
+    name: str = canonicalize_name(req.name)
+    if req.extras:
+        name += "[" + ",".join(sorted(canonicalize_name(e) for e in req.extras)) + "]"
+    if req.url is not None:
+        return f"{name} @ {req.url}"
+    return name + ",".join(
+        sorted(
+            spec.operator
+            + canonicalize_version(
+                spec.version, strip_trailing_zero=spec.operator != "~="
+            )
+            for spec in req.specifier
+        )
+    )

nab_python/universal/wheel_selection.py

@@ -108,8 +108,8 @@ class PlatformSpec:
             ("glibc", _floor_tag(self.manylinux_floor)),
             ("musl", _floor_tag(self.musllinux_floor)),
             ("macos", _floor_tag(self.macos_min)),
-            ("rel", "_".join(self.platform_release.split())),
-            ("ver", "_".join(self.platform_version.split())),
+            ("rel", _escape_label_value(self.platform_release)),
+            ("ver", _escape_label_value(self.platform_version)),
         )
         return "".join(f"-{tag}{value}" for tag, value in fields if value)
 
@@ -138,6 +138,26 @@ def _floor_tag(floor: tuple[int, int] | None) -> str:
     return f"{floor[0]}.{floor[1]}" if floor is not None else ""
 
 
+def _escape_label_value(value: str) -> str:
+    """Escape a free-form marker value for a label suffix field.
+
+    Alphanumerics and ``.`` pass through, ``_`` doubles itself, and any
+    other character becomes ``_<hex codepoint>_``.  This keeps the
+    encoding injective and the output free of ``-``, so a value can
+    never forge a field boundary and collapse two distinct specs onto
+    one label.
+    """
+    out: list[str] = []
+    for ch in value:
+        if ch == "_":
+            out.append("__")
+        elif ch.isalnum() or ch == ".":
+            out.append(ch)
+        else:
+            out.append(f"_{ord(ch):x}_")
+    return "".join(out)
+
+
 def _linux_platform_tags(
     arch: str,
     *,

{nab_python-0.0.4.dist-info → nab_python-0.0.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: nab-python
-Version: 0.0.4
+Version: 0.0.5
 Summary: Index-backed provider, lockfile emitter, and downloader for nab
 Project-URL: Homepage, https://github.com/notatallshaw/nab
 Project-URL: Documentation, https://nab.readthedocs.io/
@@ -19,8 +19,8 @@ Classifier: Typing :: Typed
 Requires-Python: >=3.10
 Requires-Dist: build>=1.2
 Requires-Dist: installer>=0.7
-Requires-Dist: nab-index==0.0.4
-Requires-Dist: nab-resolver==0.0.4
+Requires-Dist: nab-index==0.0.5
+Requires-Dist: nab-resolver==0.0.5
 Requires-Dist: pyproject-hooks>=1.2
 Requires-Dist: tomli-w>=1.2
 Requires-Dist: tomli>=2.0

{nab_python-0.0.4.dist-info → nab_python-0.0.5.dist-info}/RECORD

@@ -2,17 +2,17 @@ nab_python/__init__.py,sha256=tKRFGIR13xvNEftDBxxdczeKtcrvaqcOPiYbmdyFOOs,62
 nab_python/_conflict_kind.py,sha256=ZDVR_8WvyNnxvk0v5pqupKWN3CoSi4DpV6mr4yEOxRE,755
 nab_python/_packaging_provider.py,sha256=-dxbaed8UoPtqxBnrOqxw2N_jPzHaQEMT1RJOoMHdRI,3435
 nab_python/_toml.py,sha256=r_8CfSxoNHWsnchzmdHEsyzd0iigBp9XWDszUN5mhSM,581
-nab_python/_vcs_admission.py,sha256=sjAdqN0HtJI0Dtz6gHHAW24S_ETiyMwNx0Y62_bU7Ao,6360
+nab_python/_vcs_admission.py,sha256=wG9S0naO7nfVI-jJrEyweJUsk9Avv4KBLUA-ga0xjZw,6406
 nab_python/build_backend.py,sha256=T-KBp-VulIQATUjYvTt_hJronFceDSjvB-wZ3YHWPpw,6519
 nab_python/config.py,sha256=LplXzroZluUFKtN7WuaBKVEquerrAcfrRA8dkfY7H7M,53288
-nab_python/download.py,sha256=EwGpCjLkvcDjZ1_wOGv3xE7NxickXZv1vWXT6ncHodM,6680
-nab_python/fetch.py,sha256=V9FSNeRax7-vYGYrloEp-bfpBeJz8SpC9uaon2bRosI,33708
-nab_python/lockfile.py,sha256=U7h2B5kcfIP8Ve2oCFd9i8DGEan888HmZkQeLR7p3Kg,11362
-nab_python/metadata.py,sha256=eMDyQ4vBg1gZLW1S_aiJ7sMV9onB2t86hLN4fbYwo0c,5727
-nab_python/provider.py,sha256=9GnV4qHiyg4bHNjq1p6r1xCBuW41Pli3zoPHIDYvjaQ,53448
+nab_python/download.py,sha256=tPf6bryLbM85hez88nvqmBJr6GdGj1Ux8tNdRmfeqS8,6850
+nab_python/fetch.py,sha256=aZZu-H-3uScF4kNLh45Cy5Ur1TNUF0GxauwX7NWsC3s,35180
+nab_python/lockfile.py,sha256=bAO9WybifQd2v7QSOcTmKcBoxKB7jVhuiAaE0nbWUbE,11428
+nab_python/metadata.py,sha256=_1CvzZ7O8jricjBhPm3AfS3-yrdgL8F_2xpVqBq_ZqY,6586
+nab_python/provider.py,sha256=teuTYZhxAm16qGNsicaLckFDku23VaKAz3oOeoSKZco,53512
 nab_python/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 nab_python/requirements_file.py,sha256=YdXc9wdomhEWwxwUwKPa6kCcQ5c5E0IpXqufo8oOV0Y,10708
-nab_python/resolve.py,sha256=PynfoS1CRUC6gxvZjmpAt8WU0Se2PJ1oG85weiyhVnU,34738
+nab_python/resolve.py,sha256=5V-9TctP_PowlNYZglRkHqU3STJPY5aM3JtXjwsRwGE,34654
 nab_python/workspace.py,sha256=WhTUIgFP0IKigmeUvaV1S0j-lK9IHEjhMy57OK0rGpY,8270
 nab_python/_build/__init__.py,sha256=7qW6Gk8Tr8fc3xon-yZ1zW5Z1oUU-LPRpgyucso1GNc,61
 nab_python/_build/env.py,sha256=hhst05zByIn0ZblYlsitJTdCWJZMEm1MzUG24xWMaSw,14036
@@ -21,15 +21,15 @@ nab_python/_build/runner.py,sha256=6yV1sz4bxOuOAgPp5vpO1w8X1EifDLcB9vSCOzxsLYM,9
 nab_python/_lockfile/__init__.py,sha256=gfbgTLr4C66nEZeaI5G5DGGo6_s_qrB2uWAo3DjXC7Q,59
 nab_python/_lockfile/builder.py,sha256=YPRb35YTWhd68B7-nXTfrbtJnPE3tTGcdWGakqkkWv0,20528
 nab_python/_lockfile/disjointness.py,sha256=CyEuinsVkIoPjTjE_CFzRi5mvp8X7CVSGQZbNCVup3g,17212
-nab_python/_lockfile/pylock.py,sha256=kTgEQ0eFA8jNEIO9T5YybUqMDwJJLASrwkyDYmoBqsU,21765
-nab_python/_lockfile/requirements.py,sha256=DXWMtt6QVxbEFNWZiQyOyl5we47uK7gN2OOKIrQ5spU,4467
+nab_python/_lockfile/pylock.py,sha256=m2CRlPaIBr_qufVXFFDYx6YPkekQ8-EDF6tQujzGPTM,24678
+nab_python/_lockfile/requirements.py,sha256=5FRO0ul9stXumRUHt2q5fIO0q1ogW-LYt26ajA6t4hs,4797
 nab_python/_provider/__init__.py,sha256=FJwoSdUfrfhhXfaeJAIXQEWzY6KV4hKFNnvRkQVccfA,59
 nab_python/_provider/build_remote.py,sha256=nqQ4rzXNkWxNouAyhhDC-rPZmtSsbPOaREoAPYm4Oz4,3411
-nab_python/_provider/extras.py,sha256=DBPqXAFho5dK1KKmbZhdDzVu_NVz4Lxoi9huWIZKPfI,8331
-nab_python/_provider/listing.py,sha256=0gO7w-cIiDK4T7Dic2alkRgcj0qnkPusBwCkHLzoQKk,17342
+nab_python/_provider/extras.py,sha256=Jom9EMtEMJc5WI3yhqbbkuYTrn8XTt1iRMdnaHe9iys,8574
+nab_python/_provider/listing.py,sha256=QnM4uGqdsEBTLfLD-STRsSBV6iW40SKNixUuJpfiXJk,17791
 nab_python/_provider/lookahead.py,sha256=xgX0f4h9dt2rdXZ_HmQmzXKyac2H4pDoaRMpVUqFotQ,5895
-nab_python/_provider/metadata_resolver.py,sha256=Bnrl0Ntzsmn2EU__q8EJ8Dpvi7pRzmpSY7lLAuklfvQ,17587
-nab_python/_provider/priority.py,sha256=mYJHoMsoi71qTycyloWMmQ8ey00uNgBdIIkfXuar9yM,5975
+nab_python/_provider/metadata_resolver.py,sha256=CVIAUadBSprWAj2Ti_UmsJ2Id7AfkVp_Wc3HFZ-nYsQ,17252
+nab_python/_provider/priority.py,sha256=vdtS08Gf9kAtoXQ2xa5-WCA7r-dCYpOwfzMT4Curfks,6098
 nab_python/_provider/sources.py,sha256=DeG3oQv3iCrZPgW9VsM_6c5EDiVF3b5jWvdvx7TH9M8,7837
 nab_python/_testing/__init__.py,sha256=WiMwVVwq6kg2mHFeM7JNA4-2tiXWVOPXq6YJd49vJQ0,44
 nab_python/_testing/coordinator_fake.py,sha256=4RDaZkEHwEHt1hK-dgUqMZbcrJhbvVSbDihMD710_gE,9311
@@ -63,12 +63,12 @@ nab_python/_vendor/packaging/version.py,sha256=daDMk4YRlKNgSiQkkIlxfmpsj_qGiWhVg
 nab_python/_vendor/packaging/licenses/__init__.py,sha256=_Jx0XRiD_58palsWnyLrLuh59ZpGCPIPXLKdZo9OJvQ,7293
 nab_python/_vendor/packaging/licenses/_spdx.py,sha256=WW7DXiyg68up_YND_wpRYlr1SHhiV4FfJLQffghhMxQ,51122
 nab_python/universal/__init__.py,sha256=eNFMbsK-jBNy1J7wAE702vI-LVXF_aaQQvX7G02ImUw,48
-nab_python/universal/matrix.py,sha256=hEGT37F0tx_alYtHUPUO1B_7tPfW3m3PbpOaYi2FPvs,12705
+nab_python/universal/matrix.py,sha256=DSXzmojLGCJQI_Qgy6m2W8P-AziFuCcDzgNcYwsBIk0,13059
 nab_python/universal/provider.py,sha256=lAHEJ8HQPK1nWvNhKaKoFFRQsxTkliW-QY07W42WK3M,9904
-nab_python/universal/reresolve.py,sha256=hSh9hqz0A6BTr-ixfY4h4r6AcRuQWN64-nbtsKc-mvM,11595
+nab_python/universal/reresolve.py,sha256=iA7_QRnLJbdAaN0XS1woLRDVRKBmggIUqLfZZUqZbO0,12195
 nab_python/universal/resolve.py,sha256=M1r_Tb1kvG3SMlXGKAUWhTGqc3A0Ah1GomMa4CSlGKU,28351
-nab_python/universal/validate.py,sha256=ehYPaiDjFmSm9z4D_sMjTqslVuDHG_ozOAIG0CMaqS8,15944
-nab_python/universal/wheel_selection.py,sha256=jmukmHs5k3hqEXKFdj0ZTa5z3-v3FmsHwzkriXf0Mn4,13765
-nab_python-0.0.4.dist-info/METADATA,sha256=_mx97j9RuTeo89hqyi7kuRxtDsYbRRXDGjTAzdRkJSE,1768
-nab_python-0.0.4.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
-nab_python-0.0.4.dist-info/RECORD,,
+nab_python/universal/validate.py,sha256=-T084FTML0joZcfUOyiooLk56fL_0pfXi7lVb7bjLjs,17408
+nab_python/universal/wheel_selection.py,sha256=A7Ozb6jOCDkw5qp1GZ55TmBTrUTpIN7qmI19LXW02JI,14425
+nab_python-0.0.5.dist-info/METADATA,sha256=mkirolKaVgtidr-7EHQNuxp6VDPrfPMYsky0eQjMXvY,1768
+nab_python-0.0.5.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
+nab_python-0.0.5.dist-info/RECORD,,