diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7ce4730..fac5562 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,10 +23,10 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} cache: pip diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..c96ecb1 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2026 0xLLM73 + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index b5097bc..f7fd2fb 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,17 @@ For a full first-run guide, see [docs/local-setup.md](docs/local-setup.md). For maintainer publication checks, see [docs/public-release.md](docs/public-release.md) and [SECURITY.md](SECURITY.md). +Install from GitHub for now: + +```bash +python3 -m venv .venv +. .venv/bin/activate +python -m pip install "prlearn @ git+https://github.com/0xLLM73/prlearn.git@v0.1.0" +``` + +`prlearn` is not published to PyPI yet. Until there is a signed release workflow +with trusted publishing, GitHub tags are the supported public distribution path. + ```bash python3 -m venv .venv . .venv/bin/activate diff --git a/SECURITY.md b/SECURITY.md index 0aa593e..df8ad23 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -43,6 +43,11 @@ optional OpenAI API key, optional Codex login, optional Ollama models, and local encryption passphrase. Maintainer credentials must never be reused by public users. +To rotate a Telegram bot token, open Telegram, message `@BotFather`, send +`/revoke`, choose the affected bot, and store only the new token in your private +local environment or secret manager. Do not paste the replacement token into +chat, issues, pull requests, commits, or CI logs. + ## Public Release Gate Before making a repository public, run: diff --git a/pyproject.toml b/pyproject.toml index 7e66a0b..bd695c0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,5 +1,5 @@ [build-system] -requires = ["setuptools>=68"] +requires = ["setuptools>=82.0.1"] build-backend = "setuptools.build_meta" [project] @@ -9,10 +9,10 @@ description = "Local-first CLI that turns GitHub PR feedback into personal codin readme = "README.md" requires-python = ">=3.11" authors = [{ name = "prlearn" }] -dependencies = ["cryptography>=42"] +dependencies = ["cryptography>=48.0.0"] [project.optional-dependencies] -test = ["pytest>=8"] +test = ["pytest>=9.0.3"] [project.scripts] prlearn = "prlearn.cli:main"