staticpin 0.1.0__tar.gz

staticpin-0.1.0/.editorconfig

@@ -0,0 +1,37 @@
+# https://editorconfig.org
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_style = space
+indent_size = 4
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{html,css,js,json,sh,yml,yaml}]
+indent_size = 2
+
+[*.bat]
+indent_style = tab
+end_of_line = crlf
+
+[LICENSE]
+insert_final_newline = false
+
+[justfile]
+indent_style = space
+indent_size = 4
+
+# Ignore binary or generated files
+[*.{png,jpg,gif,ico,woff,woff2,ttf,eot,svg,pdf}]
+charset = unset
+end_of_line = unset
+indent_style = unset
+indent_size = unset
+trim_trailing_whitespace = unset
+insert_final_newline = unset
+max_line_length = unset
+
+[*.{diff,patch}]
+trim_trailing_whitespace = false

staticpin-0.1.0/.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,61 @@
+name: Bug Report
+description: Something isn't working as expected.
+title: "BUG: "
+labels: [bug]
+body:
+  - type: textarea
+    id: description
+    attributes:
+      label: Describe the bug
+      description: What happened? What did you expect to happen?
+    validations:
+      required: true
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to reproduce
+      description: Minimal steps to trigger the bug.
+      placeholder: |
+        1. Install with `uv pip install staticpin`
+        2. Run `...`
+        3. See error
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected behavior
+    validations:
+      required: true
+  - type: input
+    id: version
+    attributes:
+      label: "staticpin version"
+      placeholder: "0.1.0"
+    validations:
+      required: true
+  - type: input
+    id: python-version
+    attributes:
+      label: Python version
+      placeholder: "3.13"
+    validations:
+      required: true
+  - type: dropdown
+    id: os
+    attributes:
+      label: Operating system
+      options:
+        - macOS
+        - Linux
+        - Windows
+        - Other
+    validations:
+      required: true
+  - type: textarea
+    id: context
+    attributes:
+      label: Additional context
+      description: Logs, tracebacks, screenshots, or anything else that helps.
+    validations:
+      required: false

staticpin-0.1.0/.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1 @@
+blank_issues_enabled: true

staticpin-0.1.0/.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,30 @@
+name: Feature Request
+description: Suggest something new.
+title: "FEAT: "
+labels: [enhancement]
+body:
+  - type: textarea
+    id: description
+    attributes:
+      label: Describe the feature
+    validations:
+      required: true
+  - type: textarea
+    id: motivation
+    attributes:
+      label: Motivation
+      description: What problem does this solve? What's the use case?
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives considered
+    validations:
+      required: false
+  - type: textarea
+    id: context
+    attributes:
+      label: Additional context
+    validations:
+      required: false

staticpin-0.1.0/.github/dependabot.yml

@@ -0,0 +1,9 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+    cooldown:
+      default-days: 7
+    open-pull-requests-limit: 5

staticpin-0.1.0/.github/pull_request_template.md

@@ -0,0 +1,17 @@
+## What
+
+<!-- 1-3 sentences. Link the issue if there is one. -->
+
+## AI Provenance
+
+<!-- Remove this section for human-authored PRs. -->
+
+- **Tool:** <!-- Claude Code, Cursor, Copilot, Codex, etc. -->
+- **Model:** <!-- Claude Opus 4.6, GPT-4o, etc. -->
+- **Prompt/thread:** <!-- Paste your prompt or a link to the thread. -->
+
+## Checklist
+
+- [ ] Addresses exactly one issue or feature
+- [ ] New or changed behavior has test coverage
+- [ ] Diff contains only changes for this task

staticpin-0.1.0/.github/workflows/ci.yml

@@ -0,0 +1,111 @@
+name: CI
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+
+permissions: {}
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
+
+      - name: Ruff format check
+        run: uv run ruff format --check .
+
+      - name: Ruff lint
+        run: uv run ruff check .
+
+  type-check:
+    name: Type check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
+
+      - name: Type check with ty
+        run: uv run ty check .
+
+  test:
+    name: Test (Python ${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.12", "3.13", "3.14"]
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
+
+      - name: Run tests with coverage
+        run: uv run --python=${{ matrix.python-version }} coverage run -m pytest
+
+      - name: Upload coverage data
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        with:
+          name: coverage-${{ matrix.python-version }}
+          path: .coverage.*
+          include-hidden-files: true
+
+  coverage:
+    name: Coverage
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
+
+      - name: Download coverage data
+        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        with:
+          pattern: coverage-*
+          merge-multiple: true
+
+      - name: Combine coverage
+        run: uv run coverage combine
+
+      - name: Coverage report
+        run: |
+          echo '## Coverage Report' >> $GITHUB_STEP_SUMMARY
+          echo '```' >> $GITHUB_STEP_SUMMARY
+          uv run coverage report | tee -a $GITHUB_STEP_SUMMARY
+          echo '```' >> $GITHUB_STEP_SUMMARY
+
+  all-checks-pass:
+    name: All checks pass
+    if: always()
+    needs: [lint, type-check, test, coverage]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check job results
+        uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
+        with:
+          jobs: ${{ toJSON(needs) }}

staticpin-0.1.0/.github/workflows/codeql.yml

@@ -0,0 +1,32 @@
+name: CodeQL
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: '0 6 * * 1'
+
+permissions: {}
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
+        with:
+          languages: python  # Add c-cpp, go, java-kotlin, or swift if needed
+          build-mode: none   # Switch to autobuild for compiled languages
+          queries: security-extended
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4

staticpin-0.1.0/.github/workflows/docs.yml

@@ -0,0 +1,50 @@
+name: Documentation
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+permissions: {}
+
+concurrency:
+  group: docs-deploy
+  # Let in-flight deployments finish to avoid a half-deployed site.
+  cancel-in-progress: false
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
+
+      - name: Build docs
+        run: uv run --group docs zensical build --clean
+
+      - uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
+
+      - uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0
+        with:
+          path: site
+
+  deploy:
+    name: Deploy
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      pages: write
+      id-token: write
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    steps:
+      - uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
+        id: deployment

staticpin-0.1.0/.github/workflows/publish.yml

@@ -0,0 +1,62 @@
+name: Publish to PyPI
+
+on:
+  push:
+    tags:
+      - "v*"
+
+permissions: {}
+
+concurrency:
+  group: publish
+
+jobs:
+  build:
+    name: Build distribution
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      # Cache disabled to prevent cache-poisoning attacks on release artifacts.
+      - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
+        with:
+          enable-cache: false
+
+      - name: Build
+        run: uv build
+
+      - name: Upload distribution
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        with:
+          name: dist
+          path: dist/
+
+  publish:
+    name: Publish to PyPI
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      attestations: write
+    # Requires environment protection rules in GitHub Settings:
+    # Settings > Environments > pypi > Add required reviewers
+    # and restrict deployment to v* tags.
+    environment:
+      name: pypi
+      url: https://pypi.org/p/staticpin
+    steps:
+      - name: Download distribution
+        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        with:
+          name: dist
+          path: dist/
+
+      - name: Attest build provenance
+        uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
+        with:
+          subject-path: "dist/*"
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0

staticpin-0.1.0/.github/workflows/zizmor.yml

@@ -0,0 +1,34 @@
+name: Workflow security analysis
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/workflows/**"
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+    paths:
+      - ".github/workflows/**"
+
+permissions: {}
+
+jobs:
+  zizmor:
+    name: Run zizmor
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Run zizmor
+        uses: zizmorcore/zizmor-action@0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d # v0.5.0
+        with:
+          inputs: ./.github/

staticpin-0.1.0/.gitignore

@@ -0,0 +1,54 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[codz]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+build/
+dist/
+eggs/
+.eggs/
+*.egg-info/
+*.egg
+MANIFEST
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+coverage.xml
+.hypothesis/
+.pytest_cache/
+
+# Environments
+.env
+.envrc
+.venv
+
+# uv
+#   Generally recommended to include uv.lock in version control for
+#   reproducibility. Uncomment for libraries where you want consumers
+#   to resolve their own dependencies.
+# uv.lock
+
+# Ruff
+.ruff_cache/
+
+# Type checkers
+.mypy_cache/
+.dmypy.json
+dmypy.json
+.pyre/
+.pytype/
+
+# Documentation build output
+site/
+
+# IDE files
+# .idea/
+# .vscode/

staticpin-0.1.0/CHANGELOG/0.1.0.md

@@ -0,0 +1 @@
+First release on PyPI.

staticpin-0.1.0/CODE_OF_CONDUCT.md

@@ -0,0 +1,89 @@
+# Contributor Covenant 3.0
+
+## Our Pledge
+
+We pledge to make our community welcoming, safe, and equitable for all.
+
+We are committed to fostering an environment that respects and promotes the dignity, rights, and contributions of all individuals, regardless of characteristics including race, ethnicity, caste, color, age, physical characteristics, neurodiversity, disability, sex or gender, gender identity or expression, sexual orientation, language, philosophy or religion, national or social origin, socio-economic position, level of education, or other status. The same privileges of participation are extended to everyone who participates in good faith and in accordance with this Covenant.
+
+
+## Encouraged Behaviors
+
+While acknowledging differences in social norms, we all strive to meet our community's expectations for positive behavior. We also understand that our words and actions may be interpreted differently than we intend based on culture, background, or native language.
+
+With these considerations in mind, we agree to behave mindfully toward each other and act in ways that center our shared values, including:
+
+1. Respecting the **purpose of our community**, our activities, and our ways of gathering.
+2. Engaging **kindly and honestly** with others.
+3. Respecting **different viewpoints** and experiences.
+4. **Taking responsibility** for our actions and contributions.
+5. Gracefully giving and accepting **constructive feedback**.
+6. Committing to **repairing harm** when it occurs.
+7. Behaving in other ways that promote and sustain the **well-being of our community**.
+
+
+## Restricted Behaviors
+
+We agree to restrict the following behaviors in our community. Instances, threats, and promotion of these behaviors are violations of this Code of Conduct.
+
+1. **Harassment.** Violating explicitly expressed boundaries or engaging in unnecessary personal attention after any clear request to stop.
+2. **Character attacks.** Making insulting, demeaning, or pejorative comments directed at a community member or group of people.
+3. **Stereotyping or discrimination.** Characterizing anyone’s personality or behavior on the basis of immutable identities or traits.
+4. **Sexualization.** Behaving in a way that would generally be considered inappropriately intimate in the context or purpose of the community.
+5. **Violating confidentiality**. Sharing or acting on someone's personal or private information without their permission.
+6. **Endangerment.** Causing, encouraging, or threatening violence or other harm toward any person or group.
+7. Behaving in other ways that **threaten the well-being** of our community.
+
+### Other Restrictions
+
+1. **Misleading identity.** Impersonating someone else for any reason, or pretending to be someone else to evade enforcement actions.
+2. **Failing to credit sources.** Not properly crediting the sources of content you contribute.
+3. **Promotional materials**. Sharing marketing or other commercial content in a way that is outside the norms of the community.
+4. **Irresponsible communication.** Failing to responsibly present content which includes, links or describes any other restricted behaviors.
+
+
+## Reporting an Issue
+
+Tensions can occur between community members even when they are trying their best to collaborate. Not every conflict represents a code of conduct violation, and this Code of Conduct reinforces encouraged behaviors and norms that can help avoid conflicts and minimize harm.
+
+When an incident does occur, it is important to report it promptly. To report a possible violation, email daniel@feldroy.com.
+
+Community Moderators take reports of violations seriously and will make every effort to respond in a timely manner. They will investigate all reports of code of conduct violations, reviewing messages, logs, and recordings, or interviewing witnesses and other participants. Community Moderators will keep investigation and enforcement actions as transparent as possible while prioritizing safety and confidentiality. In order to honor these values, enforcement actions are carried out in private with the involved parties, but communicating to the whole community may be part of a mutually agreed upon resolution.
+
+
+## Addressing and Repairing Harm
+
+If an investigation by the Community Moderators finds that this Code of Conduct has been violated, the following enforcement ladder may be used to determine how best to repair harm, based on the incident's impact on the individuals involved and the community as a whole. Depending on the severity of a violation, lower rungs on the ladder may be skipped.
+
+1) Warning
+   1) Event: A violation involving a single incident or series of incidents.
+   2) Consequence: A private, written warning from the Community Moderators.
+   3) Repair: Examples of repair include a private written apology, acknowledgement of responsibility, and seeking clarification on expectations.
+2) Temporarily Limited Activities
+   1) Event: A repeated incidence of a violation that previously resulted in a warning, or the first incidence of a more serious violation.
+   2) Consequence: A private, written warning with a time-limited cooldown period designed to underscore the seriousness of the situation and give the community members involved time to process the incident. The cooldown period may be limited to particular communication channels or interactions with particular community members.
+   3) Repair: Examples of repair may include making an apology, using the cooldown period to reflect on actions and impact, and being thoughtful about re-entering community spaces after the period is over.
+3) Temporary Suspension
+   1) Event: A pattern of repeated violation which the Community Moderators have tried to address with warnings, or a single serious violation.
+   2) Consequence: A private written warning with conditions for return from suspension. In general, temporary suspensions give the person being suspended time to reflect upon their behavior and possible corrective actions.
+   3) Repair: Examples of repair include respecting the spirit of the suspension, meeting the specified conditions for return, and being thoughtful about how to reintegrate with the community when the suspension is lifted.
+4) Permanent Ban
+   1) Event: A pattern of repeated code of conduct violations that other steps on the ladder have failed to resolve, or a violation so serious that the Community Moderators determine there is no way to keep the community safe with this person as a member.
+   2) Consequence: Access to all community spaces, tools, and communication channels is removed. In general, permanent bans should be rarely used, should have strong reasoning behind them, and should only be resorted to if working through other remedies has failed to change the behavior.
+   3) Repair: There is no possible repair in cases of this severity.
+
+This enforcement ladder is intended as a guideline. It does not limit the ability of Community Managers to use their discretion and judgment, in keeping with the best interests of our community.
+
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public or other spaces. Examples of representing our community include using an official email address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
+
+
+## Attribution
+
+This Code of Conduct is adapted from the Contributor Covenant, version 3.0, permanently available at [https://www.contributor-covenant.org/version/3/0/](https://www.contributor-covenant.org/version/3/0/).
+
+Contributor Covenant is stewarded by the Organization for Ethical Source and licensed under CC BY-SA 4.0. To view a copy of this license, visit [https://creativecommons.org/licenses/by-sa/4.0/](https://creativecommons.org/licenses/by-sa/4.0/)
+
+For answers to common questions about Contributor Covenant, see the FAQ at [https://www.contributor-covenant.org/faq](https://www.contributor-covenant.org/faq). Translations are provided at [https://www.contributor-covenant.org/translations](https://www.contributor-covenant.org/translations). Additional enforcement and community guideline resources can be found at [https://www.contributor-covenant.org/resources](https://www.contributor-covenant.org/resources). The enforcement ladder was inspired by the work of [Mozilla’s code of conduct team](https://github.com/mozilla/inclusion).

staticpin-0.1.0/CONTRIBUTING.md

@@ -0,0 +1,143 @@
+# Contributing
+
+Contributions are welcome, and they are greatly appreciated! Every little bit helps, and credit will always be given.
+
+You can contribute in many ways:
+
+## Types of Contributions
+
+### Report Bugs
+
+Report bugs at https://github.com/feldroy/staticpin/issues.
+
+If you are reporting a bug, please include:
+
+- Your operating system name and version.
+- Any details about your local setup that might be helpful in troubleshooting.
+- Detailed steps to reproduce the bug.
+
+### Fix Bugs
+
+Look through the GitHub issues for bugs. Anything tagged with "bug" and "help wanted" is open to whoever wants to implement it.
+
+### Implement Features
+
+Look through the GitHub issues for features. Anything tagged with "enhancement" and "help wanted" is open to whoever wants to implement it.
+
+### Write Documentation
+
+staticpin could always use more documentation, whether as part of the official docs, in docstrings, or even on the web in blog posts, articles, and such.
+
+To preview the docs locally:
+
+```sh
+just docs-serve
+```
+
+This starts a local server at http://localhost:8000 with live reload. Edit files in `docs/` or add docstrings to your code (the API reference page is auto-generated).
+
+### Submit Feedback
+
+The best way to send feedback is to file an issue at https://github.com/feldroy/staticpin/issues.
+
+If you are proposing a feature:
+
+- Explain in detail how it would work.
+- Keep the scope as narrow as possible, to make it easier to implement.
+- Remember that this is a volunteer-driven project, and that contributions are welcome :)
+
+## Get Started!
+
+Ready to contribute? Here's how to set up `staticpin` for local development.
+
+1. Fork the `staticpin` repo on GitHub.
+2. Clone your fork locally:
+
+   ```sh
+   git clone git@github.com:your_name_here/staticpin.git
+   ```
+
+3. Install your local copy with uv:
+
+   ```sh
+   cd staticpin/
+   uv sync
+   ```
+
+4. Create a branch for local development:
+
+   ```sh
+   git checkout -b name-of-your-bugfix-or-feature
+   ```
+
+   Now you can make your changes locally.
+
+5. When you're done making changes, check that your changes pass linting and the tests:
+
+   ```sh
+   just qa
+   ```
+
+   Or run the tests alone:
+
+   ```sh
+   just test
+   ```
+
+6. Commit your changes and push your branch to GitHub:
+
+   ```sh
+   git add .
+   git commit -m "Your detailed description of your changes."
+   git push origin name-of-your-bugfix-or-feature
+   ```
+
+7. Submit a pull request through the GitHub website.
+
+## Pull Request Guidelines
+
+Before you submit a pull request, check that it meets these guidelines:
+
+1. The pull request should include tests.
+2. If the pull request adds functionality, the docs should be updated. Put your new functionality into a function with a docstring, and add the feature to the list in README.md.
+3. The pull request should work for Python 3.12, 3.13, and 3.14. Tests run in GitHub Actions on every pull request to the main branch, make sure that the tests pass for all supported Python versions.
+
+## Tips
+
+To run a subset of tests:
+
+```sh
+uv run pytest tests/
+```
+
+## Releasing a New Version
+
+1. **Bump the version** and **write the changelog:**
+   ```bash
+   uv version <version>        # or: uv version --bump minor
+   ```
+   Then write `CHANGELOG/<version>.md`. See previous entries for the format.
+2. **Commit:**
+   ```bash
+   git add pyproject.toml uv.lock CHANGELOG/
+   git commit -m "Release <version>"
+   ```
+3. **Tag and push:**
+   ```bash
+   just tag
+   ```
+   This creates an annotated `v*` tag from the version in `pyproject.toml`
+   and pushes the commit and tag to GitHub.
+4. **Wait for the publish workflow.** The tag triggers `.github/workflows/publish.yml`,
+   which builds the package, generates SLSA provenance attestations, and publishes
+   to PyPI via trusted publishing.
+5. **Create the GitHub Release:**
+   ```bash
+   gh release create v<version> --verify-tag \
+     --title "staticpin <version>" \
+     --notes-file CHANGELOG/<version>.md
+   ```
+
+## Code of Conduct
+
+Please note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.

staticpin-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026, Daniel Roy Greenfeld
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

staticpin-0.1.0/PKG-INFO

@@ -0,0 +1,78 @@
+Metadata-Version: 2.4
+Name: staticpin
+Version: 0.1.0
+Summary: Pin frontend static dependencies for Python web projects
+Project-URL: bugs, https://github.com/feldroy/staticpin/issues
+Project-URL: changelog, https://github.com/feldroy/staticpin/releases
+Project-URL: documentation, https://feldroy.github.io/staticpin/
+Project-URL: homepage, https://github.com/feldroy/staticpin
+Author-email: Daniel Roy Greenfeld <daniel@feldroy.com>
+Maintainer-email: Daniel Roy Greenfeld <daniel@feldroy.com>
+License: MIT
+License-File: LICENSE
+Classifier: Typing :: Typed
+Requires-Python: >=3.12
+Requires-Dist: rich
+Requires-Dist: typer
+Description-Content-Type: text/markdown
+
+# staticpin
+
+![PyPI version](https://img.shields.io/pypi/v/staticpin.svg)
+
+Pin frontend static dependencies for Python web projects
+
+* Created by **[Daniel Roy Greenfeld](https://daniel.feldroy.com/)**
+  * GitHub: https://github.com/pydanny
+  * PyPI: https://pypi.org/user/pydanny/
+* PyPI package: https://pypi.org/project/staticpin/
+* Free software: MIT License
+
+## Features
+
+* TODO
+
+## Documentation
+
+Documentation is built with [Zensical](https://zensical.org/) and deployed to GitHub Pages.
+
+* **Live site:** https://feldroy.github.io/staticpin/
+* **Preview locally:** `just docs-serve` (serves at http://localhost:8000)
+* **Build:** `just docs-build`
+
+API documentation is auto-generated from docstrings using [mkdocstrings](https://mkdocstrings.github.io/).
+
+Docs deploy automatically on push to `main` via GitHub Actions. To enable this, go to your repo's Settings > Pages and set the source to **GitHub Actions**.
+
+## Development
+
+To set up for local development:
+
+```bash
+# Clone your fork
+git clone git@github.com:your_username/staticpin.git
+cd staticpin
+
+# Install in editable mode with live updates
+uv tool install --editable .
+```
+
+This installs the CLI globally but with live updates - any changes you make to the source code are immediately available when you run `staticpin`.
+
+Run tests:
+
+```bash
+uv run pytest
+```
+
+Run quality checks (format, lint, type check, test):
+
+```bash
+just qa
+```
+
+## Author
+
+staticpin was created in 2026 by Daniel Roy Greenfeld.
+
+Built with [Cookiecutter](https://github.com/cookiecutter/cookiecutter) and the [audreyfeldroy/cookiecutter-pypackage](https://github.com/audreyfeldroy/cookiecutter-pypackage) project template.

staticpin-0.1.0/README.md

@@ -0,0 +1,60 @@
+# staticpin
+
+![PyPI version](https://img.shields.io/pypi/v/staticpin.svg)
+
+Pin frontend static dependencies for Python web projects
+
+* Created by **[Daniel Roy Greenfeld](https://daniel.feldroy.com/)**
+  * GitHub: https://github.com/pydanny
+  * PyPI: https://pypi.org/user/pydanny/
+* PyPI package: https://pypi.org/project/staticpin/
+* Free software: MIT License
+
+## Features
+
+* TODO
+
+## Documentation
+
+Documentation is built with [Zensical](https://zensical.org/) and deployed to GitHub Pages.
+
+* **Live site:** https://feldroy.github.io/staticpin/
+* **Preview locally:** `just docs-serve` (serves at http://localhost:8000)
+* **Build:** `just docs-build`
+
+API documentation is auto-generated from docstrings using [mkdocstrings](https://mkdocstrings.github.io/).
+
+Docs deploy automatically on push to `main` via GitHub Actions. To enable this, go to your repo's Settings > Pages and set the source to **GitHub Actions**.
+
+## Development
+
+To set up for local development:
+
+```bash
+# Clone your fork
+git clone git@github.com:your_username/staticpin.git
+cd staticpin
+
+# Install in editable mode with live updates
+uv tool install --editable .
+```
+
+This installs the CLI globally but with live updates - any changes you make to the source code are immediately available when you run `staticpin`.
+
+Run tests:
+
+```bash
+uv run pytest
+```
+
+Run quality checks (format, lint, type check, test):
+
+```bash
+just qa
+```
+
+## Author
+
+staticpin was created in 2026 by Daniel Roy Greenfeld.
+
+Built with [Cookiecutter](https://github.com/cookiecutter/cookiecutter) and the [audreyfeldroy/cookiecutter-pypackage](https://github.com/audreyfeldroy/cookiecutter-pypackage) project template.

staticpin-0.1.0/SECURITY.md

@@ -0,0 +1,32 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you find a security vulnerability in staticpin, please report it through [GitHub's private vulnerability reporting](https://github.com/feldroy/staticpin/security/advisories/new). This keeps the details private while we work on a fix.
+
+Please include:
+
+- What you found and how to reproduce it
+- Which version you're using
+- Any relevant logs or output (redact secrets)
+
+## Security Measures
+
+This project ships with security hardening out of the box:
+
+- **CodeQL** scans code for injection, SSRF, path traversal, and other dataflow vulnerabilities using the `security-extended` query suite
+- **Zizmor** audits GitHub Actions workflows for excessive permissions, unpinned actions, credential exposure, and cache poisoning risks
+- **Dependabot** keeps GitHub Actions pinned by SHA and opens PRs for updates, with a 7-day cooldown to avoid adopting compromised releases immediately
+- **All actions pinned by SHA** with version comments, not floating tags
+- **Minimal workflow permissions** (`permissions: {}` at the top level, scoped per job)
+- **`persist-credentials: false`** on checkout steps to prevent token leakage
+
+## Response Times
+
+This is a volunteer-maintained open source project. Security reports are taken seriously, but there are no guaranteed response times.
+
+**Enterprise support** is available, with priority response SLAs. Contact daniel@feldroy.com for details.
+
+## Supported Versions
+
+Security fixes are applied to the latest release on the `main` branch. There is no backport policy for older versions.

staticpin-0.1.0/docs/api.md

@@ -0,0 +1,3 @@
+# API Reference
+
+::: staticpin

staticpin-0.1.0/docs/index.md

@@ -0,0 +1,9 @@
+# staticpin
+
+Pin frontend static dependencies for Python web projects
+
+## Getting started
+
+- [Installation](installation.md) - how to install staticpin
+- [Usage](usage.md) - how to use staticpin
+- [API Reference](api.md) - auto-generated API documentation

staticpin-0.1.0/docs/installation.md

@@ -0,0 +1,38 @@
+# Installation
+
+## Stable release
+
+To install staticpin, run this command in your terminal:
+
+```sh
+uv add staticpin
+```
+
+Or if you prefer to use `pip`:
+
+```sh
+pip install staticpin
+```
+
+## From source
+
+The source files for staticpin can be downloaded from the [Github repo](https://github.com/feldroy/staticpin).
+
+You can either clone the public repository:
+
+```sh
+git clone https://github.com/feldroy/staticpin
+```
+
+Or download the [tarball](https://github.com/feldroy/staticpin/tarball/main):
+
+```sh
+curl -OJL https://github.com/feldroy/staticpin/tarball/main
+```
+
+Once you have a copy of the source, you can install it with:
+
+```sh
+cd staticpin
+uv sync
+```

staticpin-0.1.0/docs/usage.md

@@ -0,0 +1,7 @@
+# Usage
+
+To use staticpin in a project:
+
+```python
+import staticpin
+```

staticpin-0.1.0/justfile

@@ -0,0 +1,116 @@
+# Justfile for staticpin
+
+# Show available commands
+list:
+    @just --list
+
+alias b := build
+alias c := clean
+alias d := docs-serve
+alias t := test
+alias tc := type-check
+
+# Type check the project with ty
+type-check:
+    uv run --python=3.13 ty check .
+
+# Type check with concise output (one diagnostic per line)
+type-check-concise:
+    uv run --python=3.13 ty check --output-format=concise .
+
+# Type check in watch mode (rechecks on file changes)
+type-check-watch:
+    uv run --python=3.13 ty check --watch .
+
+# Run all the formatting, linting, and testing commands
+qa:
+    uv run --python=3.13 ruff format .
+    uv run --python=3.13 ruff check . --fix
+    uv run --python=3.13 ruff check --select I --fix .
+    uv run --python=3.13 ty check --output-format=concise .
+    uv run --python=3.13 pytest .
+
+# Run all the tests for all the supported Python versions
+testall:
+    uv run --python=3.12 pytest
+    uv run --python=3.13 pytest
+    uv run --python=3.14 pytest
+
+# Run all the tests, but allow for arguments to be passed
+test *ARGS:
+    @echo "Running with arg: {{ARGS}}"
+    uv run --python=3.13 pytest {{ARGS}}
+
+# Run all the tests, but on failure, drop into the debugger
+pdb *ARGS:
+    @echo "Running with arg: {{ARGS}}"
+    uv run --python=3.13 pytest --pdb --maxfail=10 {{ARGS}}
+
+# Run tests with coverage across all supported Python versions
+coverage:
+    uv run --python=3.12 coverage run -m pytest
+    uv run --python=3.13 coverage run -m pytest
+    uv run --python=3.14 coverage run -m pytest
+    uv run --python=3.13 coverage combine
+    uv run --python=3.13 coverage report
+    uv run --python=3.13 coverage html
+
+# Serve docs locally with live reload
+docs-serve:
+    -lsof -ti :8000 | xargs kill
+    uv run --group docs zensical serve
+
+# Build docs (strict mode, fails on warnings)
+docs-build:
+    uv run --group docs zensical build --clean
+
+# Build the project, useful for checking that packaging is correct
+build:
+    rm -rf build
+    rm -rf dist
+    uv build
+
+VERSION := `uv version --short`
+
+# Print the current version of the project
+version:
+    @echo "Current version: {{VERSION}}"
+
+# Tag the current version in git and put to github
+tag:
+    echo "Tagging version v{{VERSION}}"
+    git tag -a v{{VERSION}} -m "Creating version v{{VERSION}}"
+    git push origin v{{VERSION}}
+
+# Remove all build, test, coverage and Python artifacts
+clean:
+	clean-build
+	clean-pyc
+	clean-test
+
+# Remove build artifacts
+clean-build:
+	rm -fr build/
+	rm -fr dist/
+	rm -fr .eggs/
+	find . -name '*.egg-info' -exec rm -fr {} +
+	find . -name '*.egg' -exec rm -f {} +
+
+# Remove Python file artifacts
+clean-pyc:
+	find . -name '*.pyc' -exec rm -f {} +
+	find . -name '*.pyo' -exec rm -f {} +
+	find . -name '*~' -exec rm -f {} +
+	find . -name '__pycache__' -exec rm -fr {} +
+
+# Remove test and coverage artifacts
+clean-test:
+	rm -f .coverage
+	rm -f .coverage.*
+	rm -fr htmlcov/
+	rm -fr .pytest_cache
+
+# Publish to PyPI (manual alternative to GitHub Actions)
+publish:
+    uv build
+    uv publish

staticpin-0.1.0/pyproject.toml

@@ -0,0 +1,97 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "staticpin"
+version = "0.1.0"
+description = "Pin frontend static dependencies for Python web projects"
+readme = "README.md"
+authors = [
+  {name = "Daniel Roy Greenfeld", email = "daniel@feldroy.com"}
+]
+maintainers = [
+  {name = "Daniel Roy Greenfeld", email = "daniel@feldroy.com"}
+]
+classifiers = [
+    "Typing :: Typed",
+    # TODO: Add additional classifiers as needed
+]
+license = {text = "MIT"}
+dependencies = [
+  "typer",
+  "rich",
+]
+requires-python = ">= 3.12"
+
+[dependency-groups]
+dev = [
+    { include-group = "lint" },
+    { include-group = "test" },
+    { include-group = "typecheck" },
+]
+lint = [
+    "ruff",
+]
+test = [
+    "coverage",
+    "pytest",
+]
+typecheck = [
+    "ty",
+]
+docs = [
+    "zensical",
+    "mkdocstrings-python",
+]
+
+[project.urls]
+bugs = "https://github.com/feldroy/staticpin/issues"
+changelog = "https://github.com/feldroy/staticpin/releases"
+documentation = "https://feldroy.github.io/staticpin/"
+homepage = "https://github.com/feldroy/staticpin"
+
+[project.scripts]
+staticpin = "staticpin.cli:app"
+
+[tool.ty]
+# All rules are enabled as "error" by default; no need to specify unless overriding.
+# Example override: relax a rule for the entire project (uncomment if needed).
+# rules.TY015 = "warn"  # For invalid-argument-type, warn instead of error.
+
+[tool.ruff]
+line-length = 120
+
+[tool.ruff.lint]
+select = [
+    "E",   # pycodestyle errors
+    "W",   # pycodestyle warnings
+    "F",   # Pyflakes
+    "I",   # isort
+    "B",   # flake8-bugbear
+    "UP",  # pyupgrade
+]
+
+[tool.coverage.run]
+branch = true
+parallel = true
+source = ["src/", "tests/"]
+
+[tool.coverage.report]
+show_missing = true
+skip_covered = true
+fail_under = 50
+exclude_also = [
+    "if TYPE_CHECKING:",
+    "if typing.TYPE_CHECKING:",
+    "@overload",
+    "@typing.overload",
+    "class .*\\bProtocol\\):",
+    "@(abc\\.)?abstractmethod",
+    "raise NotImplementedError",
+    "\\.\\.\\.",
+]
+
+[tool.uv]
+package = true
+default-groups = ["dev"]

staticpin-0.1.0/src/staticpin/__init__.py

@@ -0,0 +1 @@
+"""Top-level package for staticpin."""

staticpin-0.1.0/src/staticpin/__main__.py

@@ -0,0 +1,4 @@
+from .cli import app
+
+if __name__ == "__main__":
+    app()

staticpin-0.1.0/src/staticpin/cli.py

@@ -0,0 +1,22 @@
+"""Console script for staticpin."""
+
+import typer
+from rich.console import Console
+
+from staticpin import utils
+
+app = typer.Typer()
+console = Console()
+
+
+@app.command()
+def main() -> None:
+    """Console script for staticpin."""
+    console.print("Replace this message by putting your code into "
+               "staticpin.cli.main")
+    console.print("See Typer documentation at https://typer.tiangolo.com/")
+    utils.do_something_useful()
+
+
+if __name__ == "__main__":
+    app()

staticpin-0.1.0/src/staticpin/py.typed

@@ -0,0 +1 @@
+# Marker file for PEP 561

staticpin-0.1.0/src/staticpin/utils.py

@@ -0,0 +1,2 @@
+def do_something_useful() -> None:
+    print("Replace this with a utility function")

staticpin-0.1.0/tests/test_staticpin.py

@@ -0,0 +1,8 @@
+"""Tests for `staticpin` package."""
+
+import staticpin
+
+
+def test_import():
+    """Verify the package can be imported."""
+    assert staticpin

staticpin-0.1.0/zensical.toml

@@ -0,0 +1,27 @@
+[project]
+site_name = "staticpin"
+site_url = "https://feldroy.github.io/staticpin/"
+repo_url = "https://github.com/feldroy/staticpin"
+repo_name = "feldroy/staticpin"
+
+nav = [
+  { "Home" = "index.md" },
+  { "Installation" = "installation.md" },
+  { "Usage" = "usage.md" },
+  { "API Reference" = "api.md" },
+]
+
+[[project.theme.palette]]
+media = "(prefers-color-scheme: light)"
+scheme = "default"
+toggle.icon = "material/brightness-7"
+toggle.name = "Switch to dark mode"
+
+[[project.theme.palette]]
+media = "(prefers-color-scheme: dark)"
+scheme = "slate"
+toggle.icon = "material/brightness-4"
+toggle.name = "Switch to light mode"
+
+[project.plugins.mkdocstrings.handlers.python]
+paths = ["src"]