standards-sdk-py 0.1.0__tar.gz

standards_sdk_py-0.1.0/.editorconfig

@@ -0,0 +1,18 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true
+
+[*.py]
+indent_size = 4
+
+[Makefile]
+indent_style = tab
+
+[*.md]
+trim_trailing_whitespace = false

standards_sdk_py-0.1.0/.github/codeql/codeql-config.yml

@@ -0,0 +1,10 @@
+name: standards-sdk-py-codeql-config
+
+paths:
+  - standards-sdk-py/src
+  - standards-sdk-py/tests
+
+paths-ignore:
+  - "**/__pycache__/**"
+  - "**/.venv/**"
+  - "**/dist/**"

standards_sdk_py-0.1.0/.github/dependabot.yml

@@ -0,0 +1,24 @@
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/standards-sdk-py"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "05:00"
+      timezone: "America/New_York"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+      - "python"
+  - package-ecosystem: "github-actions"
+    directory: "/standards-sdk-py/.github/workflows"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "05:15"
+      timezone: "America/New_York"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+      - "ci"

standards_sdk_py-0.1.0/.github/workflows/ci.yml

@@ -0,0 +1,135 @@
+name: standards-sdk-py-ci
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - master
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: standards-sdk-py-ci-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  quality:
+    name: Quality (py${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.11", "3.12", "3.13"]
+    defaults:
+      run:
+        working-directory: .
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: "pip"
+          cache-dependency-path: pyproject.toml
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+      - name: Lint
+        run: ruff check .
+      - name: Format
+        run: black --check .
+      - name: Typecheck
+        run: mypy src
+      - name: Unit tests
+        run: pytest -m "not integration" --cov=standards_sdk_py --cov-report=xml --cov-report=term-missing
+      - name: Parity manifest check
+        if: matrix.python-version == '3.11'
+        run: standards-sdk-py-check-parity
+      - name: Generate TS/Go inventories
+        if: matrix.python-version == '3.11'
+        run: |
+          if [ -d ../standards-sdk ] && [ -d ../standards-sdk-go ]; then
+            standards-sdk-py-generate-inventory --repo-root ..
+          else
+            echo "Skipping inventory generation (sibling TS/Go repos not present)."
+          fi
+      - name: Upload coverage artifact
+        if: matrix.python-version == '3.11'
+        uses: actions/upload-artifact@v4
+        with:
+          name: standards-sdk-py-coverage
+          path: coverage.xml
+          if-no-files-found: error
+
+  package:
+    name: Package Build Check
+    needs: quality
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: .
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          cache: "pip"
+          cache-dependency-path: pyproject.toml
+      - name: Install packaging toolchain
+        run: |
+          python -m pip install --upgrade pip
+          pip install build twine
+      - name: Build wheel and sdist
+        run: python -m build
+      - name: Validate package metadata
+        run: twine check dist/*
+      - name: Upload dist artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: standards-sdk-py-dist
+          path: dist/*
+          if-no-files-found: error
+
+  integration:
+    name: Live Integration (manual)
+    if: github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    environment: integration
+    defaults:
+      run:
+        working-directory: .
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          cache: "pip"
+          cache-dependency-path: pyproject.toml
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+          pip install hedera-sdk-py
+      - name: Run integration tests when credentials exist
+        env:
+          RUN_INTEGRATION: "1"
+          RUN_INSCRIBER_INTEGRATION: "1"
+          REGISTRY_BROKER_BASE_URL: ${{ secrets.REGISTRY_BROKER_BASE_URL }}
+          REGISTRY_BROKER_API_KEY: ${{ secrets.REGISTRY_BROKER_API_KEY }}
+          REGISTRY_BROKER_LEDGER_API_KEY: ${{ secrets.REGISTRY_BROKER_LEDGER_API_KEY }}
+          HEDERA_NETWORK: ${{ secrets.HEDERA_NETWORK }}
+          HEDERA_ACCOUNT_ID: ${{ secrets.HEDERA_ACCOUNT_ID }}
+          HEDERA_PRIVATE_KEY: ${{ secrets.HEDERA_PRIVATE_KEY }}
+          TESTNET_HEDERA_ACCOUNT_ID: ${{ secrets.TESTNET_HEDERA_ACCOUNT_ID }}
+          TESTNET_HEDERA_PRIVATE_KEY: ${{ secrets.TESTNET_HEDERA_PRIVATE_KEY }}
+          MAINNET_HEDERA_ACCOUNT_ID: ${{ secrets.MAINNET_HEDERA_ACCOUNT_ID }}
+          MAINNET_HEDERA_PRIVATE_KEY: ${{ secrets.MAINNET_HEDERA_PRIVATE_KEY }}
+        run: |
+          if [ -z "${REGISTRY_BROKER_API_KEY}" ] && [ -z "${REGISTRY_BROKER_LEDGER_API_KEY}" ] && [ -z "${HEDERA_ACCOUNT_ID}" ] && [ -z "${MAINNET_HEDERA_ACCOUNT_ID}" ] && [ -z "${TESTNET_HEDERA_ACCOUNT_ID}" ]; then
+            echo "No integration credentials configured; skipping live integration run."
+            exit 0
+          fi
+          pytest -m integration -vv -rs

standards_sdk_py-0.1.0/.github/workflows/codeql.yml

@@ -0,0 +1,29 @@
+name: standards-sdk-py-codeql
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - master
+  schedule:
+    - cron: "33 6 * * 1"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    name: CodeQL Analyze (Python)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: python
+          config-file: .github/codeql/codeql-config.yml
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3

standards_sdk_py-0.1.0/.github/workflows/dco.yml

@@ -0,0 +1,22 @@
+name: standards-sdk-py-dco
+
+on:
+  pull_request:
+    branches:
+      - main
+      - master
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  dco:
+    name: DCO Signed-Off
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Check DCO sign-off
+        uses: tim-actions/dco@master

standards_sdk_py-0.1.0/.github/workflows/publish.yml

@@ -0,0 +1,158 @@
+name: standards-sdk-py-publish
+
+on:
+  workflow_dispatch:
+    inputs:
+      publish_target:
+        description: "Target repository"
+        required: true
+        default: testpypi
+        type: choice
+        options:
+          - testpypi
+          - pypi
+  push:
+    tags:
+      - "standards-sdk-py-v*"
+
+permissions:
+  contents: read
+
+concurrency:
+  group: standards-sdk-py-publish-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  build:
+    name: Build + Verify
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: .
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          cache: "pip"
+          cache-dependency-path: pyproject.toml
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+          pip install build twine
+      - name: Validate quality gates
+        run: |
+          ruff check .
+          black --check .
+          mypy src
+          pytest -m "not integration"
+          standards-sdk-py-check-parity
+      - name: Build package
+        run: python -m build
+      - name: Validate package metadata
+        run: twine check dist/*
+      - name: Upload dist artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: standards-sdk-py-dist
+          path: dist/*
+          if-no-files-found: error
+
+  publish-testpypi:
+    name: Publish to TestPyPI
+    needs: build
+    if: github.event_name == 'push' || github.event.inputs.publish_target == 'testpypi' || github.event.inputs.publish_target == 'pypi'
+    runs-on: ubuntu-latest
+    environment: testpypi
+    env:
+      TEST_PYPI_API_TOKEN: ${{ secrets.TEST_PYPI_API_TOKEN }}
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Download dist artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: standards-sdk-py-dist
+          path: dist
+      - name: Publish package distributions to TestPyPI (API token)
+        if: env.TEST_PYPI_API_TOKEN != ''
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: https://test.pypi.org/legacy/
+          packages-dir: dist
+          password: ${{ env.TEST_PYPI_API_TOKEN }}
+          verbose: true
+      - name: Publish package distributions to TestPyPI (Trusted Publisher)
+        if: env.TEST_PYPI_API_TOKEN == ''
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: https://test.pypi.org/legacy/
+          packages-dir: dist
+          verbose: true
+
+  publish-pypi:
+    name: Publish to PyPI
+    needs:
+      - build
+      - publish-testpypi
+    if: (github.event_name == 'push' && !contains(github.ref_name, '-rc')) || github.event.inputs.publish_target == 'pypi'
+    runs-on: ubuntu-latest
+    environment: pypi
+    env:
+      PYPI_API_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Download dist artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: standards-sdk-py-dist
+          path: dist
+      - name: Publish package distributions to PyPI (API token)
+        if: env.PYPI_API_TOKEN != ''
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          packages-dir: dist
+          password: ${{ env.PYPI_API_TOKEN }}
+          verbose: true
+      - name: Publish package distributions to PyPI (Trusted Publisher)
+        if: env.PYPI_API_TOKEN == ''
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          packages-dir: dist
+          verbose: true
+
+  attest:
+    name: Attest Build Provenance
+    needs: publish-pypi
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      attestations: write
+      contents: read
+    steps:
+      - name: Download dist artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: standards-sdk-py-dist
+          path: dist
+      - name: Generate artifact attestations
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-path: "dist/*"
+
+  github-release:
+    name: GitHub Release
+    needs: publish-pypi
+    if: github.event_name == 'push'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Create GitHub release
+        uses: softprops/action-gh-release@v2
+        with:
+          generate_release_notes: true

standards_sdk_py-0.1.0/.github/workflows/security.yml

@@ -0,0 +1,73 @@
+name: standards-sdk-py-security
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - master
+  schedule:
+    - cron: "21 6 * * 1"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+    steps:
+      - uses: actions/checkout@v4
+      - name: Dependency review
+        uses: actions/dependency-review-action@v4
+        with:
+          fail-on-severity: high
+          base-ref: ${{ github.event.pull_request.base.sha }}
+          head-ref: ${{ github.event.pull_request.head.sha }}
+
+  static-and-vuln-scans:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+    defaults:
+      run:
+        working-directory: .
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          cache: "pip"
+          cache-dependency-path: pyproject.toml
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+      - name: Run pip-audit
+        run: pip-audit --progress-spinner off --format json --output pip-audit.json
+      - name: Run Bandit SAST
+        run: bandit -q -r src -f sarif -o bandit.sarif
+      - name: Upload pip-audit report
+        uses: actions/upload-artifact@v4
+        with:
+          name: standards-sdk-py-pip-audit
+          path: pip-audit.json
+          if-no-files-found: error
+      - name: Upload Bandit SARIF
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: bandit.sarif
+          category: bandit
+      - name: Secret scan (TruffleHog)
+        continue-on-error: true
+        uses: trufflesecurity/trufflehog@main
+        with:
+          path: .
+          extra_args: --only-verified

standards_sdk_py-0.1.0/.gitignore

@@ -0,0 +1,72 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+share/python-wheels/
+var/
+wheels/
+pip-wheel-metadata/
+*.egg-info/
+*.egg
+MANIFEST
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+.coverage
+.coverage.*
+coverage.xml
+nosetests.xml
+pytest.xml
+htmlcov/
+.pytest_cache/
+
+# Type checker / linter caches
+.mypy_cache/
+.pyre/
+.pytype/
+.ruff_cache/
+
+# Virtual environments
+.venv/
+venv/
+env/
+ENV/
+
+# Local environment files
+.env
+.env.*
+!.env.example
+
+# Jupyter
+.ipynb_checkpoints/
+
+# IDEs / editors
+.vscode/
+.idea/
+*.iml
+
+# OS generated files
+.DS_Store
+Thumbs.db
+
+# Docs / static site build artifacts
+site/
+docs/_build/

standards_sdk_py-0.1.0/.pre-commit-config.yaml

@@ -0,0 +1,34 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-merge-conflict
+      - id: check-yaml
+      - id: check-toml
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: detect-private-key
+
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.8.6
+    hooks:
+      - id: ruff
+        args: [--fix]
+      - id: ruff-format
+
+  - repo: https://github.com/psf/black
+    rev: 24.10.0
+    hooks:
+      - id: black
+        language_version: python3.11
+
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: v1.13.0
+    hooks:
+      - id: mypy
+        args: [--config-file=pyproject.toml]
+        additional_dependencies:
+          - httpx>=0.27.2,<1.0.0
+          - pydantic>=2.10.0,<3.0.0
+          - typing-extensions>=4.12.2,<5.0.0
+        files: ^src/

standards_sdk_py-0.1.0/.python-version

@@ -0,0 +1 @@
+3.11