slopguard-cli 0.1.2__tar.gz → 0.2.0__tar.gz

{slopguard_cli-0.1.2 → slopguard_cli-0.2.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: slopguard-cli
-Version: 0.1.2
+Version: 0.2.0
 Summary: Defend developers and AI coding agents against slopsquatting (hallucinated package names).
 Project-URL: Homepage, https://github.com/hariomunknownslab/slopguard
 Project-URL: Repository, https://github.com/hariomunknownslab/slopguard

{slopguard_cli-0.1.2 → slopguard_cli-0.2.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "slopguard-cli"
-version = "0.1.2"
+version = "0.2.0"
 description = "Defend developers and AI coding agents against slopsquatting (hallucinated package names)."
 readme = "README.md"
 license = { text = "MIT" }

{slopguard_cli-0.1.2 → slopguard_cli-0.2.0}/slopguard/__init__.py

@@ -2,6 +2,6 @@
 
 from __future__ import annotations
 
-__version__ = "0.1.2"
+__version__ = "0.2.0"
 
 __all__ = ["__version__"]

{slopguard_cli-0.1.2 → slopguard_cli-0.2.0}/slopguard/update.py

@@ -1,13 +1,21 @@
-"""``slopguard update`` — refresh the local hallucination DB from the SaaS feed.
+"""``slopguard update`` — refresh the local hallucination DB.
 
-Reads the public feed at ``$SLOPGUARD_API_URL/v1/hallucinations`` (defaults
-to the SlopGuard SaaS) and writes a seed-shaped file to
-``~/.cache/slopguard/hallucinations_db.json``. The next ``slopguard scan``
-prefers this cached file over the bundled seed (see
+Fetches the curated DB from the SlopGuard GitHub Pages site (no API,
+no account, no auth) and writes a seed-shaped file to
+``~/.cache/slopguard/hallucinations_db.json``. The next ``slopguard
+scan`` prefers this cached file over the bundled seed (see
 ``slopguard.data.load_hallucination_db``).
 
-No auth — the endpoint is public, intentionally, so air-gapped CI can
-hit it through a proxy without a token.
+Source of truth:
+  https://hariomunknownslab.github.io/slopguard/db.json
+
+Updated daily by the probe-cron GitHub Action; each entry goes through
+PR review before publication (see probe-data/README.md in the repo).
+
+Override the URL with ``SLOPGUARD_DB_URL`` to fetch from a fork or
+mirror. The legacy ``SLOPGUARD_API_URL`` env var still works for the
+0.1.x SaaS endpoint shape — used as a fallback for backward
+compatibility.
 """
 
 from __future__ import annotations
@@ -20,12 +28,21 @@ from typing import Any
 
 import httpx
 
-DEFAULT_API_URL = "https://api.slopguard.dev"
+DEFAULT_DB_URL = "https://hariomunknownslab.github.io/slopguard/db.json"
 CACHE_PATH = Path.home() / ".cache" / "slopguard" / "hallucinations_db.json"
 
 
-def _api_url() -> str:
-    return os.environ.get("SLOPGUARD_API_URL") or DEFAULT_API_URL
+def _db_url() -> str:
+    """Where to fetch the published DB.
+
+    Precedence: ``SLOPGUARD_DB_URL`` > legacy
+    ``SLOPGUARD_API_URL/v1/hallucinations`` > default GitHub Pages.
+    """
+    if explicit := os.environ.get("SLOPGUARD_DB_URL"):
+        return explicit
+    if legacy := os.environ.get("SLOPGUARD_API_URL"):
+        return legacy.rstrip("/") + "/v1/hallucinations"
+    return DEFAULT_DB_URL
 
 
 def _convert(wire: dict[str, Any]) -> dict[str, Any]:
@@ -53,7 +70,7 @@ def _convert(wire: dict[str, Any]) -> dict[str, Any]:
 
 
 def run() -> int:
-    url = _api_url().rstrip("/") + "/v1/hallucinations"
+    url = _db_url()
     try:
         resp = httpx.get(url, timeout=15.0)
         resp.raise_for_status()

{slopguard_cli-0.1.2 → slopguard_cli-0.2.0}/tests/test_cli.py

@@ -107,7 +107,7 @@ def runner() -> CliRunner:
 def test_version_subcommand(runner: CliRunner) -> None:
     result = runner.invoke(app, ["version"])
     assert result.exit_code == 0
-    assert result.stdout.strip() == "0.1.2"
+    assert result.stdout.strip() == "0.2.0"
 
 
 def test_scan_fixtures_no_network_terminal(runner: CliRunner, fixtures_dir: Path) -> None:
@@ -183,4 +183,4 @@ def test_module_main_runs() -> None:
         check=False,
     )
     assert result.returncode == 0
-    assert result.stdout.strip() == "0.1.2"
+    assert result.stdout.strip() == "0.2.0"

{slopguard_cli-0.1.2 → slopguard_cli-0.2.0}/tests/test_update.py

@@ -67,9 +67,7 @@ def test_update_writes_cache(
 def test_update_handles_network_failure(
     cache_at_tmp: Path, api_at_test: None, capsys: pytest.CaptureFixture[str]
 ) -> None:
-    respx.get("http://api.test/v1/hallucinations").mock(
-        side_effect=httpx.ConnectError("nope")
-    )
+    respx.get("http://api.test/v1/hallucinations").mock(side_effect=httpx.ConnectError("nope"))
     code = update.run()
     assert code == 1
     assert not cache_at_tmp.exists()
@@ -87,3 +85,57 @@ def test_update_rejects_malformed_payload(
     assert code == 1
     assert not cache_at_tmp.exists()
     assert "invalid response" in capsys.readouterr().out
+
+
+def test_default_db_url_is_github_pages(monkeypatch: pytest.MonkeyPatch) -> None:
+    """When neither override env var is set, fetch from GitHub Pages."""
+    monkeypatch.delenv("SLOPGUARD_DB_URL", raising=False)
+    monkeypatch.delenv("SLOPGUARD_API_URL", raising=False)
+    assert update._db_url() == update.DEFAULT_DB_URL
+    assert update.DEFAULT_DB_URL.startswith("https://hariomunknownslab.github.io/")
+
+
+def test_slopguard_db_url_takes_precedence(monkeypatch: pytest.MonkeyPatch) -> None:
+    monkeypatch.setenv("SLOPGUARD_DB_URL", "https://my.mirror/db.json")
+    monkeypatch.setenv("SLOPGUARD_API_URL", "https://legacy/api")  # should be ignored
+    assert update._db_url() == "https://my.mirror/db.json"
+
+
+def test_legacy_api_url_still_works(monkeypatch: pytest.MonkeyPatch) -> None:
+    """0.1.x users with SLOPGUARD_API_URL set keep working — we append
+    /v1/hallucinations the way the SaaS endpoint expected."""
+    monkeypatch.delenv("SLOPGUARD_DB_URL", raising=False)
+    monkeypatch.setenv("SLOPGUARD_API_URL", "https://legacy.example/")
+    assert update._db_url() == "https://legacy.example/v1/hallucinations"
+
+
+@respx.mock
+def test_update_fetches_from_pages_by_default(
+    cache_at_tmp: Path, monkeypatch: pytest.MonkeyPatch
+) -> None:
+    """End-to-end: no env overrides, hits the Pages URL."""
+    monkeypatch.delenv("SLOPGUARD_DB_URL", raising=False)
+    monkeypatch.delenv("SLOPGUARD_API_URL", raising=False)
+    respx.get(update.DEFAULT_DB_URL).mock(
+        return_value=httpx.Response(
+            200,
+            json={
+                "generated_at": "2026-05-24T03:17:00Z",
+                "count": 1,
+                "entries": [
+                    {
+                        "package_name": "react-secure-auth-helper",
+                        "ecosystem": "npm",
+                        "total_observations": 7,
+                        "recurrence_rate": 0.18,
+                        "first_observed_at": "2026-05-21T00:00:00Z",
+                        "last_observed_at": "2026-05-23T00:00:00Z",
+                        "published_at": "2026-05-24T03:17:00Z",
+                    }
+                ],
+            },
+        )
+    )
+    assert update.run() == 0
+    cached = json.loads(cache_at_tmp.read_text())
+    assert cached["entries"][0]["name"] == "react-secure-auth-helper"