The data root was hardcoded as Path(os.path.expanduser("~/.pry")) in
25+ modules, making it impossible to point Pry at a different data
directory (production systemd, Docker volumes, CI scratch, tests).
Changes:
- New module paths.py: single source of truth
PRY_DATA_DIR: Path # read once at import, overridable via env var
subdir(name) -> Path # mkdir+return helper
ensure_data_dir() -> Path # eager init
- 25 modules: replace
X_DIR = Path(os.path.expanduser("~/.pry/x"))
with
X_DIR = PRY_DATA_DIR / "x"
(plus the import; total 53 changes across 26 files)
- .env.example: document PRY_DATA_DIR with examples
- Verified:
- 407 tests collect (was 5 collection errors before fix)
- 83 sampled tests pass
- 0 remaining hardcoded ~/.pry references in py files
The deploy at /srv/pry/ had a thin proxy_referrals.py with 5 curated
proxy provider affiliate entries (Bright Data, Oxylabs, Smartproxy,
IPRoyal, Webshare). The repo was missing this file, so deploy and repo
were out of sync.
Changes:
- Add proxy_referrals.py (MIT) with the 5-provider curated catalog
- proxy_manager.py: import PROVIDER_REFERRALS, add 4 helper methods:
get_proxy_referral(tag)
get_proxy_referral_url(tag)
list_proxy_referrals()
get_proxy_referral_summary() - per-tier breakdown
- api.py: expose 2 new endpoints
GET /v1/proxy/referrals - full catalog + summary
GET /v1/proxy/referrals/{tag} - single provider
- 12/12 existing proxy_manager tests still pass
- Total routes: 195 -> 197
The previous CI had a single build job with mypy marked as
continue-on-error, and no secret scanning or security audit. The
pre-commit config has gitleaks + bandit but they were never enforced
in CI.
Changes:
- Split monolithic build job into focused jobs: lint, typecheck, test,
secrets (gitleaks), security (bandit)
- Promote mypy to a real required job (not continue-on-error)
- Add gitleaks scan (v8.24.0) against the full git history
- Add bandit scan at high+medium severity (low severity is too noisy
for an OSS project)
- Each job has its own container to keep failures isolated
The committed openapi.json was a 293-line sample covering only 11 paths
and 7 tags. The actual FastAPI app exposes 183 paths across 50 tags.
This was making API documentation, SDK generation, and any external
integration effectively guess at the real surface.
Re-generate via:
python3 -c "import json; from api import app; print(json.dumps(app.openapi(), indent=2))" > openapi.json
Going forward, regenerate before each release. Add a Makefile target.
Squashed from chore/license-relicense. Full message preserved in the
original branch commit bb77eb5. See ADR-0002 for the decision rationale.
Refs: ADR-0002, commit bb77eb5
Python CI: uv setup, ruff lint+format, mypy (warn), pytest (non-integration).
Runs on docker-x64 runner on Talos.
55 tests exist, now they will run in CI.
- .forgejo/ISSUE_TEMPLATE/bug.yml
- .forgejo/ISSUE_TEMPLATE/feature.yml
- .forgejo/ISSUE_TEMPLATE/config.yml: blank_issues_enabled=false,
contact_links to discussions (Q&A, Feature Requests, Announcements)
Discussions per repo land in a separate follow-up commit.