rebalance 0.3.1__tar.gz

rebalance-0.3.1/.github/.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "0.3.1"
+}

rebalance-0.3.1/.github/branch-protection-ruleset.json

@@ -0,0 +1,45 @@
+{
+    "name": "Protect main branch",
+    "target": "branch",
+    "enforcement": "active",
+    "conditions": {
+        "ref_name": {
+            "include": [
+                "refs/heads/main"
+            ],
+            "exclude": []
+        }
+    },
+    "rules": [
+        {
+            "type": "pull_request",
+            "parameters": {
+                "required_approving_review_count": 0,
+                "dismiss_stale_reviews_on_push": false,
+                "require_code_owner_review": false,
+                "require_last_push_approval": false,
+                "required_review_thread_resolution": false
+            }
+        },
+        {
+            "type": "deletion"
+        },
+        {
+            "type": "non_fast_forward"
+        },
+        {
+            "type": "required_linear_history"
+        },
+        {
+            "type": "required_signatures",
+            "parameters": {}
+        }
+    ],
+    "bypass_actors": [
+        {
+            "actor_id": 5,
+            "actor_type": "RepositoryRole",
+            "bypass_mode": "always"
+        }
+    ]
+}

rebalance-0.3.1/.github/release-please-config.json

@@ -0,0 +1,13 @@
+{
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
+  "release-type": "python",
+  "packages": {
+    ".": {
+      "release-type": "python",
+      "package-name": "rebalance",
+      "include-component-in-tag": false,
+      "bump-minor-pre-major": true,
+      "bump-patch-for-minor-pre-major": false
+    }
+  }
+}

rebalance-0.3.1/.github/renovate.json5

@@ -0,0 +1,53 @@
+{
+  $schema: 'https://docs.renovatebot.com/renovate-schema.json',
+  extends: [
+    'config:recommended',
+    'customManagers:githubActionsVersions',
+  ],
+  schedule: [
+    'every weekend',
+  ],
+  labels: [
+    'dependencies',
+  ],
+  customManagers: [
+    {
+      customType: 'regex',
+      managerFilePatterns: [
+        '/^prek\\.toml$/',
+      ],
+      matchStrings: [
+        '# renovate: datasource=(?<datasource>[\\w-]+) depName=(?<depName>\\S+)\\s+rev\\s*=\\s*"(?<currentValue>[^"]+)"',
+      ],
+      versioningTemplate: 'semver',
+    },
+    {
+      customType: 'regex',
+      managerFilePatterns: [
+        '/^\\.github/workflows/.*\\.ya?ml$/',
+      ],
+      matchStrings: [
+        '# renovate: datasource=(?<datasource>[\\w-]+) depName=(?<depName>\\S+)\\s+PREK_VERSION:\\s+"(?<currentValue>[^"]+)"',
+      ],
+      versioningTemplate: 'semver',
+    },
+  ],
+  packageRules: [
+    {
+      matchManagers: [
+        'github-actions',
+      ],
+      groupName: 'GitHub Actions',
+      pinDigests: true,
+    },
+    {
+      matchManagers: [
+        'pip_requirements',
+        'pip-compile',
+        'pipenv',
+        'pep621',
+      ],
+      groupName: 'Python dependencies',
+    },
+  ],
+}

rebalance-0.3.1/.github/workflows/build.yaml

@@ -0,0 +1,50 @@
+---
+name: Build
+
+"on":
+  pull_request:
+    branches: [main, develop]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+# Deny all permissions by default for security
+permissions: {}
+
+jobs:
+  build:
+    name: Build Package
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
+        with:
+          version: "latest"
+          enable-cache: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Python
+        run: uv python install 3.12
+
+      - name: Install dependencies
+        run: uv sync --group dev
+
+      - name: Install just
+        uses: extractions/setup-just@53165ef7e734c5c07cb06b3c8e7b647c5aa16db3 # v4
+
+      - name: Build package
+        run: uv run just build
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: dist
+          path: dist/
+          retention-days: 7

rebalance-0.3.1/.github/workflows/lint.yaml

@@ -0,0 +1,84 @@
+---
+name: Lint
+
+"on":
+  pull_request:
+    branches: ["**"]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions: {}
+
+jobs:
+  pre-commit:
+    name: Pre-commit Hooks
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
+        with:
+          version: "latest"
+          enable-cache: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Python
+        run: uv python install 3.12
+
+      - name: Install dependencies
+        run: uv sync --group dev
+
+      - name: Install prek
+        env:
+          # renovate: datasource=github-releases depName=j178/prek
+          PREK_VERSION: "0.3.13"
+        run: |
+          curl --proto '=https' --tlsv1.2 -LsSf \
+            "https://github.com/j178/prek/releases/download/v${PREK_VERSION}/prek-x86_64-unknown-linux-gnu.tar.gz" \
+            | tar -xz --strip-components=1 -C /usr/local/bin
+
+      - name: Install just
+        uses: extractions/setup-just@53165ef7e734c5c07cb06b3c8e7b647c5aa16db3 # v4
+
+      - name: Run linters
+        run: uv run just lint
+
+  actionlint:
+    name: GitHub Actions Syntax
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read # Required to checkout repository code
+      pull-requests: write # Required for reviewdog to post PR review comments
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Run actionlint
+        uses: reviewdog/action-actionlint@6fb7acc99f4a1008869fa8a0f09cfca740837d9d # v1.72
+        with:
+          reporter: github-pr-review
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+  zizmor:
+    name: Security Audit with zizmor
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write # Required to upload SARIF file to GitHub Security
+      contents: read # Required to checkout repository code
+      actions: read # Required to read workflow and action metadata
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Run zizmor
+        uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3

rebalance-0.3.1/.github/workflows/publish.yaml

@@ -0,0 +1,131 @@
+---
+name: Publish to PyPI
+
+"on":
+  release:
+    types: [published]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+# Deny all permissions by default for security
+permissions: {}
+
+jobs:
+  publish:
+    name: Publish to PyPI
+    runs-on: ubuntu-latest
+    # Grant minimal permissions required for PyPI trusted publishing
+    permissions:
+      actions: read # Required for SBOM action to find workflow artifacts when attaching release assets
+      contents: write # Required to upload release artifacts
+      id-token: write # Required for trusted publishing
+      attestations: write # Required for generating attestations
+    environment:
+      name: pypi
+      url: https://pypi.org/p/rebalance
+
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
+        with:
+          version: "latest"
+          enable-cache: false # avoids cache poisoning upon build and publish
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Python
+        run: uv python install 3.12
+
+      - name: Install dependencies
+        run: uv sync --group dev
+
+      - name: Install just
+        uses: extractions/setup-just@53165ef7e734c5c07cb06b3c8e7b647c5aa16db3 # v4
+
+      - name: Build package
+        run: uv run just build
+
+      - name: Generate SHA256 checksums
+        run: |
+          cd dist
+          sha256sum ./* > SHA256SUMS
+          cat SHA256SUMS
+
+      - name: Generate SBOM
+        uses: anchore/sbom-action@e22c389904149dbc22b58101806040fa8d37a610 # v0.24.0
+        with:
+          path: ./
+          artifact-name: sbom.spdx.json
+          output-file: dist/sbom.spdx.json
+          format: spdx-json
+          upload-artifact: true
+          upload-release-assets: false
+          dependency-snapshot: true
+
+      - name: Attest SBOM
+        uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
+        with:
+          subject-path: "dist/*.whl"
+          sbom-path: "dist/sbom.spdx.json"
+
+      - name: Generate build provenance attestations
+        id: attest
+        uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
+        with:
+          subject-path: "dist/*"
+
+      - name: Publish to PyPI with trusted publishing
+        run: uv publish
+
+      - name: Capture build metadata
+        id: build-meta
+        run: |
+          {
+            echo "python_version=$(uv run python --version | cut -d' ' -f2)"
+            echo "uv_version=$(uv --version | cut -d' ' -f2)"
+            echo "build_time=$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Create GitHub Release
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ATTESTATION_URL: ${{ steps.attest.outputs.attestation-url }}
+          PYTHON_VERSION: ${{ steps.build-meta.outputs.python_version }}
+          UV_VERSION: ${{ steps.build-meta.outputs.uv_version }}
+          BUILD_TIME: ${{ steps.build-meta.outputs.build_time }}
+        run: |
+          # Preserve existing release notes from release-please
+          gh release view "$GITHUB_REF_NAME" --json body --jq '.body // ""' \
+            > /tmp/release-notes.md
+
+          # Append build metadata and verification instructions
+          cat >> /tmp/release-notes.md << EOF
+
+          ---
+
+          ### Build Information
+          - **Python:** ${PYTHON_VERSION}
+          - **uv:** ${UV_VERSION}
+          - **Built:** ${BUILD_TIME}
+          - **Commit:** ${GITHUB_SHA}
+
+          ### Verification
+
+          This release includes [SLSA Build Level 3](https://slsa.dev/spec/v1.0/levels) attestations.
+
+          \`\`\`bash
+          gh attestation verify rebalance-*.whl --owner ${GITHUB_REPOSITORY_OWNER}
+          gh attestation verify rebalance-*.whl --owner ${GITHUB_REPOSITORY_OWNER} --sbom
+          \`\`\`
+
+          View SLSA Provenance: ${ATTESTATION_URL}
+          EOF
+
+          gh release edit "$GITHUB_REF_NAME" --notes-file /tmp/release-notes.md
+          gh release upload "$GITHUB_REF_NAME" \
+            dist/*.whl dist/*.tar.gz dist/sbom.spdx.json dist/SHA256SUMS LICENSE

rebalance-0.3.1/.github/workflows/release-please.yaml

@@ -0,0 +1,38 @@
+---
+name: Release Please
+
+"on":
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+# Deny all permissions by default for security
+permissions: {}
+
+jobs:
+  release-please:
+    name: Create Release PR
+    runs-on: ubuntu-latest
+    # Grant minimal permissions required for release-please to create releases and PRs
+    permissions:
+      contents: write # Required to create releases and push commits
+      issues: write # Required to create release issues
+      pull-requests: write # Required to create and update release PRs
+    steps:
+      - name: Generate GitHub App token
+        id: app-token
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        with:
+          client-id: ${{ secrets.RELEASE_PLEASE_APP_ID }}
+          private-key: ${{ secrets.RELEASE_PLEASE_APP_PRIVATE_KEY }}
+
+      - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0
+        id: release
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          config-file: .github/release-please-config.json
+          manifest-file: .github/.release-please-manifest.json

rebalance-0.3.1/.github/workflows/test.yaml

@@ -0,0 +1,69 @@
+---
+name: Tests
+
+"on":
+  pull_request:
+    branches: [main, develop]
+    paths:
+      - "rebalance/**"
+      - "pyproject.toml"
+      - "uv.lock"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+# Deny all permissions by default for security
+permissions: {}
+
+jobs:
+  test:
+    name: Test (Python ${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.11", "3.12", "3.13"]
+
+    env:
+      PYTHON_VERSION: ${{ matrix.python-version }}
+
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
+        with:
+          version: "latest"
+          enable-cache: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Python ${{ env.PYTHON_VERSION }}
+        run: |
+          # Use env variable to avoid template injection
+          uv python install "$PYTHON_VERSION"
+
+      - name: Install dependencies
+        run: |
+          uv sync --group dev
+
+      - name: Run all tests with coverage
+        run: |
+          uv run pytest rebalance/tests/ -v \
+            --cov=rebalance \
+            --cov-report=xml \
+            --cov-report=term-missing \
+            --cov-branch
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6
+        if: always()
+        with:
+          files: ./coverage.xml
+          fail_ci_if_error: false
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}

rebalance-0.3.1/.gitignore

@@ -0,0 +1,62 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+.DS_Store
+
+# C extensions
+*.so
+
+# Distribution / packaging
+bin/
+build/
+develop-eggs/
+dist/
+eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+.tox/
+.coverage
+.cache
+nosetests.xml
+coverage.xml
+htmlcov
+
+# Translations
+*.mo
+
+# Mr Developer
+.mr.developer.cfg
+.project
+.pydevproject
+
+# Rope
+.ropeproject
+
+# Django stuff:
+*.log
+*.pot
+
+# Portfolio data (contains personal financial positions)
+portfolios/*.json
+!portfolios/example.json
+
+# Downloaded market data
+*.csv
+
+# Sphinx documentation
+docs/_build/
+
+# Data files
+*.csv

rebalance-0.3.1/.yamllint.yaml

@@ -0,0 +1,11 @@
+---
+extends: default
+
+rules:
+  line-length:
+    max: 120
+  indentation:
+    spaces: 2
+    indent-sequences: consistent
+  comments:
+    min-spaces-from-content: 1

rebalance-0.3.1/AGENTS.md

@@ -0,0 +1,5 @@
+# AGENTS.md
+
+- Use tools when handling files. Never use the terminal for file handling.
+- Use the tool when fetching websites. Never use the terminal for fetching websites.
+- Use conventional commits when committing code.

rebalance-0.3.1/CHANGELOG.md

@@ -0,0 +1,36 @@
+# Changelog
+
+## [0.3.1](https://github.com/kallegrens/rebalance/compare/v0.3.0...v0.3.1) (2026-05-09)
+
+
+### Documentation
+
+* replace README.rst with README.md (RST raw directives rejected by PyPI) ([e7da7e6](https://github.com/kallegrens/rebalance/commit/e7da7e67a8a74f434fdfb74935ba3263970511a8))
+
+## [0.3.0](https://github.com/kallegrens/rebalance/compare/v0.2.0...v0.3.0) (2026-05-09)
+
+
+### Features
+
+* initial release ([2036616](https://github.com/kallegrens/rebalance/commit/203661664856c7fb233abd3dc578c0ba0cf00ee4))
+
+## [0.2.0](https://github.com/kallegrens/rebalance/compare/v0.1.0...v0.2.0) (2026-05-09)
+
+
+### Features
+
+* add common_currency field and validator to PortfolioConfig ([fd8299b](https://github.com/kallegrens/rebalance/commit/fd8299b755d5563da59c90daa4dbe28e87c12772))
+* add loguru logging with LOG_LEVEL env var and notification stub ([6247747](https://github.com/kallegrens/rebalance/commit/624774751381b81313ae9731f013871a88191446))
+
+
+### Bug Fixes
+
+* improved table printing ([122fdb3](https://github.com/kallegrens/rebalance/commit/122fdb39de672626aaa2a034534f7885eeb4068f))
+* set yfinance session to None ([19956de](https://github.com/kallegrens/rebalance/commit/19956de279be41221f14918a6a8409c2e1e6f8c4))
+* switch currency dependency ([197200e](https://github.com/kallegrens/rebalance/commit/197200ea1e841a939bc7b6ac16cd100db79824ae))
+* TargetException check ([eac494d](https://github.com/kallegrens/rebalance/commit/eac494d7f0d827b12c0e3d2707a93fbb698ec9e4))
+
+
+### Reverts
+
+* remove Pipfile ([59f09f3](https://github.com/kallegrens/rebalance/commit/59f09f35b6d47d2ffbdc37be5a937e0ccfa142db))

rebalance-0.3.1/PKG-INFO

@@ -0,0 +1,78 @@
+Metadata-Version: 2.4
+Name: rebalance
+Version: 0.3.1
+Summary: A calculator which tells you how to split your investment amongst your portfolio's assets based on your target asset allocation.
+Project-URL: Homepage, https://github.com/kallegrens/rebalance
+Author-email: Karl Lundgren <k.github@lundgrens.net>
+Requires-Python: >=3.11
+Requires-Dist: loguru>=0.7
+Requires-Dist: numpy>=1.26.1
+Requires-Dist: pydantic>=2.0
+Requires-Dist: requests>=2.31.0
+Requires-Dist: rich>=13.0
+Requires-Dist: scipy>=1.11.3
+Requires-Dist: tenacity>=9.1.4
+Requires-Dist: yfinance>=0.2.65
+Description-Content-Type: text/markdown
+
+# Rebalance
+
+A calculator that tells you how to split your investment amongst your portfolio's assets based on your target asset allocation.
+
+To use it, install the package and write a portfolio JSON file as described below.
+
+## Installation
+
+```bash
+pip install rebalance
+```
+
+## Usage
+
+```bash
+rebalance portfolios/my_portfolio.json
+```
+
+## Portfolio file format
+
+Create a JSON file describing your portfolio:
+
+```json
+{
+  "name": "My portfolio",
+  "selling_allowed": false,
+  "cash": [
+    {"amount": 3000.0, "currency": "USD"},
+    {"amount": 200.0, "currency": "CAD"}
+  ],
+  "assets": [
+    {"ticker": "XBB.TO", "quantity": 36, "target_allocation": 20},
+    {"ticker": "XIC.TO", "quantity": 64, "target_allocation": 20},
+    {"ticker": "ITOT",   "quantity": 32, "target_allocation": 36},
+    {"ticker": "IEFA",   "quantity": 8,  "target_allocation": 20},
+    {"ticker": "IEMG",   "quantity": 7,  "target_allocation": 4}
+  ]
+}
+```
+
+## Example output
+
+```
+ Ticker      Ask     Quantity      Amount    Currency     Old allocation   New allocation     Target allocation
+                      to buy         ($)                      (%)              (%)                 (%)
+---------------------------------------------------------------------------------------------------------------
+  XBB.TO    33.43       30         1002.90      CAD          17.52            19.99               20.00
+  XIC.TO    24.27       27          655.29      CAD          22.61            20.01               20.00
+    ITOT    69.38       10          693.80      USD          43.93            35.88               36.00
+    IEFA    57.65       20         1153.00      USD           9.13            19.88               20.00
+    IEMG    49.14        0            0.00      USD           6.81             4.24                4.00
+
+Largest discrepancy between the new and the target asset allocation is 0.24 %.
+
+Before making the above purchases, the following currency conversion is required:
+    1072.88 USD to 1458.19 CAD at a rate of 1.3591.
+
+Remaining cash:
+    80.32 USD.
+    0.00 CAD.
+```