pyfabric 0.1.0a1__tar.gz

pyfabric-0.1.0a1/.gitattributes

@@ -0,0 +1,18 @@
+# Normalize all text files to LF in the repository
+* text=auto eol=lf
+
+# Explicitly mark binary files
+*.png binary
+*.jpg binary
+*.whl binary
+
+# Ensure key file types use LF everywhere
+*.py text eol=lf
+*.toml text eol=lf
+*.yml text eol=lf
+*.yaml text eol=lf
+*.md text eol=lf
+*.txt text eol=lf
+*.cfg text eol=lf
+*.ini text eol=lf
+*.json text eol=lf

pyfabric-0.1.0a1/.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# All changes require review from an admin
+* @hughdecatte

pyfabric-0.1.0a1/.github/dependabot.yml

@@ -0,0 +1,22 @@
+version: 2
+updates:
+  # Keep GitHub Actions current (no CVE tracking for Actions)
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
+
+  # Python deps: security updates ONLY (CVE-driven)
+  # Version updates are handled by Dependabot security updates (repo setting),
+  # not dependabot.yml version updates. This entry ensures the dependency
+  # graph stays current for vulnerability scanning without auto-bumping
+  # versions that have no known CVEs.
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 0  # Disable version update PRs

pyfabric-0.1.0a1/.github/workflows/ci.yml

@@ -0,0 +1,58 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  lint:
+    name: Lint & Format
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-python@v6
+        with:
+          python-version: "3.12"
+      - run: pip install -e ".[dev]"
+      - run: ruff check .
+      - run: ruff format --check .
+
+  type-check:
+    name: Type Check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-python@v6
+        with:
+          python-version: "3.12"
+      - run: pip install -e ".[dev]"
+      - run: mypy src/
+
+  test:
+    name: Test (Python ${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.12", "3.13"]
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-python@v6
+        with:
+          python-version: ${{ matrix.python-version }}
+      - run: pip install -e ".[dev]"
+      - run: pytest --cov=src/pyfabric --cov-branch --cov-report=term-missing --json-report --json-report-file=test-report.json
+      - uses: actions/upload-artifact@v7
+        if: always()
+        with:
+          name: test-report-py${{ matrix.python-version }}
+          path: test-report.json

pyfabric-0.1.0a1/.github/workflows/dependency-review.yml

@@ -0,0 +1,17 @@
+name: Dependency Review
+
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    name: Dependency Review
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/dependency-review-action@v4
+        with:
+          fail-on-severity: high
+          deny-licenses: GPL-3.0, AGPL-3.0

pyfabric-0.1.0a1/.github/workflows/publish.yml

@@ -0,0 +1,58 @@
+name: Publish to PyPI
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  build:
+    name: Build distribution
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0  # Required for hatch-vcs to derive version from tags
+      - uses: actions/setup-python@v6
+        with:
+          python-version: "3.12"
+      - run: pip install build pip-audit
+      - run: pip-audit
+      - run: python -m build
+      - uses: anchore/sbom-action@v0
+        with:
+          path: dist/
+          format: spdx-json
+          output-file: sbom.spdx.json
+      - uses: actions/upload-artifact@v7
+        with:
+          name: dist
+          path: dist/
+      - uses: actions/upload-artifact@v7
+        with:
+          name: sbom
+          path: sbom.spdx.json
+
+  publish:
+    name: Publish to PyPI
+    needs: build
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/pyfabric
+    permissions:
+      id-token: write
+      attestations: write
+      contents: read
+    steps:
+      - uses: actions/download-artifact@v8
+        with:
+          name: dist
+          path: dist/
+      - uses: actions/attest-build-provenance@v4
+        with:
+          subject-path: dist/*
+      - uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          attestations: true

pyfabric-0.1.0a1/.gitignore

@@ -0,0 +1,215 @@
+# hatch-vcs generated version file
+src/pyfabric/_version.py
+
+# Test artifacts
+.test-report.json
+.logs/
+tests/fixtures/sample.duckdb
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[codz]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py.cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# UV
+#   Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#uv.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+#poetry.toml
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#   pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
+#   https://pdm-project.org/en/latest/usage/project/#working-with-version-control
+#pdm.lock
+#pdm.toml
+.pdm-python
+.pdm-build/
+
+# pixi
+#   Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
+#pixi.lock
+#   Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
+#   in the .venv directory. It is recommended not to include this directory in version control.
+.pixi
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.envrc
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+
+# Abstra
+# Abstra is an AI-powered process automation framework.
+# Ignore directories containing user credentials, local state, and settings.
+# Learn more at https://abstra.io/docs
+.abstra/
+
+# Visual Studio Code
+#  Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore 
+#  that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
+#  and can be added to the global gitignore or merged into this file. However, if you prefer, 
+#  you could uncomment the following to ignore the entire vscode folder
+# .vscode/
+
+# Ruff stuff:
+.ruff_cache/
+
+# PyPI configuration file
+.pypirc
+
+# Cursor
+#  Cursor is an AI-powered code editor. `.cursorignore` specifies files/directories to
+#  exclude from AI features like autocomplete and code analysis. Recommended for sensitive data
+#  refer to https://docs.cursor.com/context/ignore-files
+.cursorignore
+.cursorindexingignore
+
+# Marimo
+marimo/_static/
+marimo/_lsp/
+__marimo__/

pyfabric-0.1.0a1/CLAUDE.md

@@ -0,0 +1,104 @@
+# CLAUDE.md
+
+Instructions for AI coding assistants (Claude, Copilot, etc.) working in
+this repository.
+
+## Project Overview
+
+pyfabric is a Python library for programmatically creating, validating,
+and locally testing Microsoft Fabric items that are compatible with Fabric
+git sync. Target users are AI coding assistants and developers who need to
+generate and test Fabric item definitions locally.
+
+## Technical Stack
+
+- **Python**: 3.12+ (use modern syntax: `type X = ...`, `match`, `X | Y` unions)
+- **Build**: hatchling with hatch-vcs (version from git tags)
+- **Layout**: src-layout (`src/pyfabric/`)
+- **Linting**: ruff (configured in pyproject.toml)
+- **Type checking**: mypy in strict mode
+- **Logging**: structlog (JSON output, token masking, context binding)
+- **Testing**: pytest (tests in `tests/`)
+- **CI**: GitHub Actions (lint, type-check, test, dependency review)
+
+## Sub-package Structure
+
+```
+src/pyfabric/
+  client/       — Auth, REST API, HTTP client for Fabric service
+  items/        — Create, load, save, validate Fabric item definitions
+  data/         — OneLake DFS, SQL connections, lakehouse table I/O
+  workspace/    — Workspace-level operations
+  testing/      — pytest fixtures, DuckDB Spark mock for users
+  cli.py        — CLI entry point
+```
+
+## Key Conventions
+
+- All code must pass `ruff check`, `ruff format --check`, and `mypy --strict`
+- All public functions and classes must have type annotations
+- Use `X | None` not `typing.Optional[X]`; use `X | Y` not `typing.Union`
+- Use `list`, `dict`, `tuple` not `typing.List`, `typing.Dict`, `typing.Tuple`
+- `from __future__ import annotations` is NOT needed (Python 3.12+)
+- Prefer `pathlib.Path` over `os.path`
+- Prefer dataclasses or named tuples over plain dicts for structured data
+- Tests use pytest fixtures; avoid unittest.TestCase
+- No mutable default arguments
+- Use `import structlog` and `log = structlog.get_logger()` (NOT stdlib `logging`)
+- Use `log.info("message", key=value)` for structured context (NOT f-strings in messages)
+
+## Running Checks
+
+```bash
+ruff check .             # Lint
+ruff format --check .    # Format check
+mypy src/                # Type check
+pytest                   # Run tests
+```
+
+## Version Management
+
+Version is derived from git tags via hatch-vcs. Do NOT manually edit
+version strings. The file `src/pyfabric/_version.py` is auto-generated
+and must not be committed.
+
+## Dependencies
+
+- Runtime dependencies go in `[project] dependencies` in pyproject.toml
+- Optional dependency groups: `[azure]`, `[data]`, `[testing]`, `[all]`, `[dev]`
+- Keep runtime dependencies minimal — heavy deps belong in optional groups
+
+## Fabric Item Structure (git sync format)
+
+All Fabric items follow this directory structure:
+
+```
+{DisplayName}.{ItemType}/
+  .platform                 # Required: metadata + logicalId (UUID)
+  {definition_files...}     # Item-specific content
+```
+
+The `.platform` file uses schema version 2.0:
+```json
+{
+  "$schema": "https://developer.microsoft.com/json-schemas/fabric/gitIntegration/platformProperties/2.0.0/schema.json",
+  "metadata": {
+    "type": "{ItemType}",
+    "displayName": "{DisplayName}"
+  },
+  "config": {
+    "version": "2.0",
+    "logicalId": "{UUID}"
+  }
+}
+```
+
+Supported item types: Notebook, Lakehouse, Dataflow, Environment,
+VariableLibrary, SemanticModel, Report, Pipeline, Warehouse.
+
+## What NOT to Do
+
+- Do not add `__version__ = "..."` manually anywhere
+- Do not create setup.py or setup.cfg
+- Do not commit `src/pyfabric/_version.py`
+- Do not use `datetime.utcnow()` — use `datetime.now(timezone.utc)`

pyfabric-0.1.0a1/CONTRIBUTING.md

@@ -0,0 +1,94 @@
+# Contributing
+
+This project is maintained exclusively by the Creative Planning engineering
+team. We do not accept external pull requests, issues, or feature requests.
+
+You are welcome to fork this repository and modify it under the terms of
+the [MIT License](LICENSE).
+
+---
+
+## For Creative Planning Team Members
+
+### Development Setup
+
+```bash
+git clone https://github.com/Creative-Planning/pyfabric.git
+cd pyfabric
+python -m venv .venv
+source .venv/bin/activate  # or .venv\Scripts\activate on Windows
+pip install -e ".[dev]"
+```
+
+### Running Checks Locally
+
+```bash
+ruff check .               # Lint
+ruff format --check .      # Format check
+ruff format .              # Auto-format
+mypy src/                  # Type check
+pytest                     # Tests
+pytest --cov=pyfabric      # Tests with coverage
+pip-audit                  # Vulnerability scan
+```
+
+### Branch Workflow
+
+1. Create a feature branch from `main`
+2. Make your changes and commit locally
+3. Push your branch and open a pull request against `main`
+4. CI checks must pass (lint, format, type check, tests, dependency review)
+5. A CODEOWNERS review is required
+6. PRs are **squash merged** — your commits are combined into one clean
+   commit on `main` with a linear history
+
+Squash merge is the only merge strategy enabled on this repo.
+
+### Commit Signing
+
+The `main` branch requires signed commits. Because all PRs are squash
+merged through the GitHub UI, **GitHub signs the squash commit
+automatically** — you do not need to configure commit signing on your
+machine to contribute via pull requests.
+
+If you want verified signatures on your own branch commits (optional),
+configure SSH signing:
+
+1. Generate or import an ed25519 SSH key
+2. Add the public key to your GitHub account as a **signing key**
+   (Settings > SSH and GPG keys > New SSH key > Key type: Signing key)
+3. Configure git:
+   ```bash
+   git config --global gpg.format ssh
+   git config --global user.signingkey "key::ssh-ed25519 AAAA...your-public-key..."
+   git config --global commit.gpgsign true
+   ```
+4. On Windows, point git at the Windows OpenSSH binaries so it can reach
+   the system SSH agent:
+   ```bash
+   git config --global core.sshCommand "C:/Windows/System32/OpenSSH/ssh.exe"
+   git config --global gpg.ssh.program "C:/Windows/System32/OpenSSH/ssh-keygen.exe"
+   ```
+5. Ensure the Windows OpenSSH agent service is running (requires
+   administrator PowerShell):
+   ```powershell
+   Set-Service ssh-agent -StartupType Automatic
+   Start-Service ssh-agent
+   ```
+
+### Pull Request Requirements
+
+All PRs require:
+
+- Passing CI (lint, type check, tests, dependency review)
+- One approving review from a code owner
+- Signed commits on `main` (handled automatically by squash merge)
+
+### Releasing
+
+1. Merge all changes to `main`.
+2. Create a git tag: `git tag v0.1.0`
+3. Push the tag: `git push origin v0.1.0`
+4. Create a GitHub Release from the tag.
+5. The publish workflow handles PyPI upload, SBOM generation, and
+   SLSA attestation automatically.

pyfabric-0.1.0a1/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Creative Planning
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.