upwork-learning 0.1.0__tar.gz

upwork_learning-0.1.0/.claude/hooks/stop-preflight.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+# .claude/hooks/stop-preflight.sh
+# Stop hook: запускает preflight.sh, результат возвращает как JSON systemMessage.
+# Если lint или pytest упали — устанавливает continue:false, чтобы Claude увидел ошибки.
+
+cd "$(git rev-parse --show-toplevel 2>/dev/null || pwd)"
+
+# Быстрый выход без проверок: SKIP_PREFLIGHT=1 claude
+if [ "${SKIP_PREFLIGHT:-0}" = "1" ]; then
+    echo '{"systemMessage": "⚡ Preflight skipped (SKIP_PREFLIGHT=1)"}'
+    exit 0
+fi
+
+OUTPUT=$(bash preflight.sh 2>&1)
+CODE=$?
+
+# Выводим JSON для Claude Code
+python3 - "$OUTPUT" "$CODE" <<'PY'
+import json, sys
+
+output = sys.argv[1]
+code   = int(sys.argv[2])
+
+result = {"systemMessage": output}
+if code != 0:
+    result["continue"]   = False
+    result["stopReason"] = "Preflight failed — исправь ошибки перед завершением"
+
+print(json.dumps(result))
+PY

upwork_learning-0.1.0/.claude/settings.json

@@ -0,0 +1,17 @@
+{
+  "$schema": "https://json.schemastore.org/claude-code-settings.json",
+  "hooks": {
+    "Stop": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/stop-preflight.sh",
+            "timeout": 120,
+            "statusMessage": "Running preflight: lint · mypy · pytest …"
+          }
+        ]
+      }
+    ]
+  }
+}

upwork_learning-0.1.0/.env.example

@@ -0,0 +1,24 @@
+# Google Sheets Integration
+GOOGLE_SHEETS_CREDENTIALS_PATH=config/credentials.json
+GOOGLE_SHEETS_SPREADSHEET_ID=your_spreadsheet_id_here
+
+# Email Configuration
+SMTP_HOST=smtp.gmail.com
+SMTP_PORT=587
+SMTP_USER=your_email@gmail.com
+SMTP_PASSWORD=your_app_password
+IMAP_HOST=imap.gmail.com
+IMAP_PORT=993
+IMAP_USER=your_email@gmail.com
+IMAP_PASSWORD=your_app_password
+
+# API Keys
+BOL_COM_API_KEY=your_bol_com_api_key
+BOL_COM_CLIENT_ID=your_client_id
+BOL_COM_CLIENT_SECRET=your_client_secret
+
+# Application Settings
+LOG_LEVEL=INFO
+MAX_RETRIES=3
+RATE_LIMIT_DELAY=1.0
+ENVIRONMENT=development

upwork_learning-0.1.0/.githooks/pre-commit

@@ -0,0 +1,18 @@
+#!/bin/bash
+# Pre-commit hook to run linting and type checking
+
+echo "Running pre-commit checks..."
+
+# Run ruff
+echo "Running ruff..."
+ruff check src/
+
+# Run mypy
+echo "Running mypy..."
+mypy src/
+
+# Run tests
+echo "Running tests..."
+pytest tests/
+
+echo "Pre-commit checks complete!"

upwork_learning-0.1.0/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,23 @@
+## Bug Report
+
+**Description**
+A clear description of the bug.
+
+**Steps to Reproduce**
+1. Go to '...'
+2. Click on '....'
+3. See error
+
+**Expected Behavior**
+What you expected to happen.
+
+**Actual Behavior**
+What actually happened.
+
+**Environment**
+- OS: [e.g., Windows 11]
+- Python version: [e.g., 3.11]
+- Package version: [e.g., 0.1.0]
+
+**Additional Context**
+Any other context about the problem.

upwork_learning-0.1.0/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,13 @@
+## Feature Request
+
+**Is your feature request related to a problem? Please describe.**
+A clear description of the problem.
+
+**Describe the solution you'd like**
+A clear description of what you want to happen.
+
+**Describe alternatives you've considered**
+Any alternative solutions you've considered.
+
+**Additional context**
+Any other context about the feature request.

upwork_learning-0.1.0/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,28 @@
+## Pull Request Description
+
+### Type of Change
+
+- [ ] Bug fix
+- [ ] New feature
+- [ ] Documentation update
+- [ ] Code refactoring
+- [ ] Test update
+
+### Checklist
+
+- [ ] My code follows the style guidelines of this project
+- [ ] I have performed a self-review of my own code
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] I have made corresponding changes to the documentation
+- [ ] My changes generate no new warnings
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] New and existing unit tests pass locally with my changes
+- [ ] Any dependent changes have been merged and published
+
+### Description
+
+Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context.
+
+### Related Issues
+
+Fixes #(issue number)

upwork_learning-0.1.0/.github/workflows/ci.yml

@@ -0,0 +1,93 @@
+name: CI
+
+on:
+  push:
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.11", "3.12"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        run: uv python install ${{ matrix.python-version }}
+
+      - name: Create virtual environment
+        run: uv venv
+
+      - name: Install dependencies
+        run: uv pip install -e ".[dev,security]" --python .venv/bin/python
+
+      - name: Lint with ruff
+        run: .venv/bin/ruff check src/ tests/
+
+      - name: Check formatting
+        run: .venv/bin/ruff format --check src/ tests/
+
+      - name: Type check with mypy
+        run: .venv/bin/mypy src/
+
+      - name: Run tests
+        run: .venv/bin/pytest --cov=src --cov-report=xml
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v4
+        with:
+          file: ./coverage.xml
+          fail_ci_if_error: false
+
+  audit:
+    name: Dependency Audit
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v4
+
+      - name: Set up Python
+        run: uv python install 3.12
+
+      - name: Create virtual environment
+        run: uv venv
+
+      - name: Install dependencies
+        run: uv pip install -e ".[dev]" --python .venv/bin/python
+
+      - name: Audit dependencies for known vulnerabilities
+        # CVE-2026-4539 (pygments): no patched release available yet; pinned to 2.19.2 in pyproject.toml
+        run: uv pip install pip-audit --python .venv/bin/python && .venv/bin/pip-audit --ignore-vuln CVE-2026-4539
+
+  docs:
+    name: Docs
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v4
+
+      - name: Set up Python
+        run: uv python install 3.12
+
+      - name: Create virtual environment
+        run: uv venv
+
+      - name: Install docs dependencies
+        run: uv pip install --python .venv/bin/python mkdocs-material mike
+
+      - name: Deploy documentation
+        run: uv run mkdocs gh-deploy --force

upwork_learning-0.1.0/.github/workflows/release.yml

@@ -0,0 +1,72 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+# OIDC Trusted Publishing — no API token stored in secrets.
+# One-time setup required on PyPI:
+#   https://pypi.org/manage/account/publishing/
+#   Publisher: petro-nazarenko / Agent-Guidelines-for-Upwork-Learning-Projects
+#   Workflow: release.yml  |  Environment: (leave blank)
+permissions:
+  contents: write   # create GitHub release + upload assets
+  id-token: write   # OIDC token for PyPI trusted publishing
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v4
+
+      - name: Set up Python
+        run: uv python install 3.12
+
+      - name: Build package
+        run: uv build
+
+      - name: Upload dist artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+  publish:
+    name: Publish to PyPI
+    runs-on: ubuntu-latest
+    needs: build
+
+    steps:
+      - name: Download dist artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+      - name: Publish to PyPI (trusted publishing)
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+  github-release:
+    name: Create GitHub Release
+    runs-on: ubuntu-latest
+    needs: build
+
+    steps:
+      - name: Download dist artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: dist/*
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

upwork_learning-0.1.0/.github/workflows/secret-scan.yml

@@ -0,0 +1,22 @@
+name: Secret Scanning
+
+on:
+  push:
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  gitleaks:
+    name: Gitleaks Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Run Gitleaks
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}

upwork_learning-0.1.0/.gitignore

@@ -0,0 +1,143 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+Pipfile.lock
+
+# uv
+# uv.lock is intentionally tracked — see ROADMAP.md §5.6
+
+# poetry
+poetry.lock
+
+# PEP 582
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Project specific
+logs/
+data/
+config/credentials.json
+*.sample.json
+
+# Claude Code local settings (personal overrides)
+.claude/settings.local.json

upwork_learning-0.1.0/.gitleaks.toml

@@ -0,0 +1,171 @@
+# Gitleaks configuration
+# https://github.com/gitleaks/gitleaks
+
+[allowlist]
+description = "Allowlisted paths and patterns"
+paths = [
+    "^examples?/",
+    "^docs?/",
+    "^config/samples?/",
+    "^\\.venv/",
+    "^venv/",
+    "^dist/",
+    "^build/",
+    "^\\.git/",
+    # Fixture files contain intentionally fake keys for unit tests
+    "^tests/fixtures/",
+]
+regexes = [
+    "^ пример? ",
+    "^ example ",
+    "^placeholder[_-]?",
+    "^test[_-]?",
+    # Python type annotations — field definitions, not real secrets
+    # e.g. smtp_password: SecretStr | None = None
+    "^SecretStr",
+    "^str \\| None",
+    "^None$",
+]
+
+[[rules]]
+id = "aws-access-key"
+description = "AWS Access Key"
+regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+tags = ["key", "AWS"]
+
+[[rules]]
+id = "aws-secret-access-key"
+description = "AWS Secret Access Key"
+regex = '''(?i)aws[_-]?secret[_-]?access[_-]?key\s*[:=]\s*['"]?[A-Za-z0-9/+=]{40}['"]?'''
+tags = ["key", "AWS"]
+
+[[rules]]
+id = "generic-api-key"
+description = "Generic API Key"
+regex = '''(?i)(api[_-]?key|apikey)\s*[:=]\s*['"]?[a-zA-Z0-9]{16,64}['"]?'''
+tags = ["key", "API"]
+
+[[rules]]
+id = "generic-secret-key"
+description = "Generic Secret Key"
+regex = '''(?i)(secret[_-]?key|private[_-]?key|client[_-]?secret)\s*[:=]\s*['"]?[a-zA-Z0-9+/=]{20,64}['"]?'''
+tags = ["key", "secret"]
+
+[[rules]]
+id = "google-api-key"
+description = "Google API Key"
+regex = '''AIza[0-9A-Za-z\\-_]{35}'''
+tags = ["key", "Google"]
+
+[[rules]]
+id = "google-oauth-access-token"
+description = "Google OAuth Access Token"
+regex = '''ya29\.[0-9A-Za-z\\-_]+'''
+tags = ["key", "Google", "OAuth"]
+
+[[rules]]
+id = "github-token"
+description = "GitHub Token"
+regex = '''gh[pousr]_[A-Za-z0-9_]{36,255}'''
+tags = ["key", "GitHub"]
+
+[[rules]]
+id = "gitlab-personal-access-token"
+description = "GitLab Personal Access Token"
+regex = '''glpat-[0-9a-zA-Z\\-_]{20}'''
+tags = ["key", "GitLab"]
+
+[[rules]]
+id = "slack-token"
+description = "Slack Token"
+regex = '''xox[baprs]-[0-9]{10,13}-[0-9]{10,13}[a-zA-Z0-9-]*'''
+tags = ["key", "Slack"]
+
+[[rules]]
+id = "stripe-api-key"
+description = "Stripe API Key"
+regex = '''sk_live_[0-9a-zA-Z]{24,32}'''
+tags = ["key", "Stripe"]
+
+[[rules]]
+id = "stripe-publishable-key"
+description = "Stripe Publishable Key"
+regex = '''pk_live_[0-9a-zA-Z]{24,32}'''
+tags = ["key", "Stripe"]
+
+[[rules]]
+id = "ssh-private-key"
+description = "SSH Private Key"
+regex = '''-----BEGIN (RSA |DSA |EC |OPENSSH |PGP )?PRIVATE KEY-----'''
+tags = ["key", "SSH"]
+
+  [rules.allowlist]
+  # tests/fixtures/credentials.json contains a deliberately fake RSA key for unit tests
+  paths = ['''tests/fixtures/''']
+
+[[rules]]
+id = "email-password-credentials"
+description = "Email/Password credentials"
+regex = '''(?i)(smtp|imap|email)[_-]?(password|passwd|pwd)\s*[:=]\s*['"]?[a-zA-Z0-9!@#$%^&*()_+\-=\[\]{}|;:,.<>?]{6,}['"]?'''
+tags = ["credentials", "email"]
+
+  [rules.allowlist]
+  # regexTarget="line" lets us match the whole source line so we can distinguish:
+  #   field definition:  smtp_password: SecretStr | None = None   ← allowed
+  #   real assignment:   smtp_password = "actualpassword"         ← blocked
+  regexTarget = "line"
+  regexes = [
+    # Type annotations in dataclasses / Pydantic settings (colon, not equals)
+    '''(?i)(smtp|imap)[_-]?password\s*:\s*SecretStr''',
+    # Module-level test constant — value comes from os.environ, not a literal
+    '''_TEST_SECRET\s*=\s*SecretStr\(os\.environ''',
+    # Call sites that reference the constant (no string literal on the line)
+    '''(smtp|imap)_password\s*=\s*_TEST_SECRET''',
+  ]
+
+[[rules]]
+id = "basic-auth-header"
+description = "Basic Auth Header"
+regex = '''(?i)authorization\s*[:=]\s*['"]?(basic|bearer)\s+[a-zA-Z0-9+/=]{20,}['"]?'''
+tags = ["auth", "header"]
+
+[[rules]]
+id = "authorization-header"
+description = "Authorization Header"
+regex = '''(?i)authorization\s*[:=]\s*['"]?[a-zA-Z0-9+/=]{20,}['"]?'''
+tags = ["auth", "header"]
+
+[[rules]]
+id = "database-connection-string"
+description = "Database Connection String"
+regex = '''(?i)(mysql|postgres|postgresql|mongodb|redis|mssql)://[a-zA-Z0-9:@%/_\-?=&]+'''
+tags = ["connection", "database"]
+
+[[rules]]
+id = "jwt-token"
+description = "JWT Token"
+regex = '''eyJ[A-Za-z0-9_=-]+\.eyJ[A-Za-z0-9_=-]+\.?[A-Za-z0-9_.+/=-]*'''
+tags = ["token", "JWT"]
+
+[[rules]]
+id = "generic-api-token"
+description = "Generic API Token"
+regex = '''['"]token['"]\s*[:=]\s*['"]?[a-zA-Z0-9]{20,}['"]?'''
+tags = ["key", "API", "token"]
+
+[[rules]]
+id = "connection-string-with-password"
+description = "Connection String with Password"
+regex = '''(?i)(password|passwd|pwd|secret)\s*[:=]\s*['"]?[a-zA-Z0-9!@#$%^&*()_+\-=\[\]{}|;:,.<>?]{6,}['"]?'''
+tags = ["credentials", "password"]
+
+  [rules.allowlist]
+  regexTarget = "line"
+  regexes = [
+    # Type annotations in dataclasses / Pydantic settings (colon, not equals)
+    '''(?i)(smtp|imap)[_-]?password\s*:\s*SecretStr''',
+    # Module-level test constant — value comes from os.environ, not a literal
+    '''_TEST_SECRET\s*=\s*SecretStr\(os\.environ''',
+    # Call sites that reference the constant (no string literal on the line)
+    '''(smtp|imap)_password\s*=\s*_TEST_SECRET''',
+  ]