fix: repoint scitex_audit -> scitex_security (audit is archived)#359
Open
ywatanabe1989 wants to merge 1 commit into
Open
fix: repoint scitex_audit -> scitex_security (audit is archived)#359ywatanabe1989 wants to merge 1 commit into
ywatanabe1989 wants to merge 1 commit into
Conversation
scitex-audit is now a public archive on GitHub per the operator's ruling; the umbrella must not declare or re-export it. ADR-0002 made scitex-security the canonical package, and the reversal was never finished -- the umbrella still pinned scitex-audit==0.2.0 in main deps, in [audit], in [security], and lazily resolved scitex.security to scitex_audit.github. Nine lines, all code: pyproject: 4 dependency declarations -> scitex-security __init__: scitex.security external -> scitex_security.github re_export: "audit"/"security" mappings -> scitex_security cli/audit: _format import -> scitex_security docs: the mapping table Verified before changing a published package's dependency graph: scitex-security 0.2.0 is on PyPI, and scitex_security.github carries all five public symbols (check_github_alerts, save_alerts_to_file, format_alerts_report, check_gh_auth, GitHubSecurityError). Historical comments are deliberately left untouched. They describe ADR-0001 accurately, and rewriting them would make the file misdescribe its own history. No shim: the operator's ruling is explicit that a re-export shim is itself garbage. scitex-audit 0.2.0 stays on PyPI as historical -- an archive is not a yank, and yanking would break installed callers.
ywatanabe1989
force-pushed
the
fix/repoint-audit-to-security
branch
from
July 17, 2026 00:18
de6ea96 to
f6fc17b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
scitex-auditis now a public archive on GitHub per the operator's ruling. The umbrella must not declare or re-export an archived package.ADR-0002 made
scitex-securitycanonical and reversed ADR-0001's direction — but the reversal was never finished. The umbrella still pinnedscitex-audit==0.2.0in main deps, in[audit], in[security], and lazily resolvedscitex.security→scitex_audit.github.The migration is a no-op — nothing to port
Established by comparing symbols, not filenames, before touching anything: audit has 51 public symbols, security 52. All six audit-only symbols are mirror images, not gaps — and the docstrings settle the direction:
_migrate_legacy_security_dir→ "Per ADR-0001" (security→audit)_migrate_legacy_audit_dir→ "One-shot REVERSE migration… Per ADR-0002" (audit→security)So audit's uniques are the superseded direction. Porting them in would reimport the very thing being removed. The other two are
_cmd-suffix renames; four modules are byte-identical after name normalization.Verified before changing a published dependency graph
scitex-security==0.2.0is on PyPI (a repoint to an unpublished package would break installs).scitex_security.githubcarries all five public symbols:check_github_alerts,save_alerts_to_file,format_alerts_report,check_gh_auth,GitHubSecurityError.Scope: nine lines, all code
pyproject.tomlscitex-securitysrc/scitex/__init__.pyscitex.securityexternal →scitex_security.githubsrc/scitex/re_export.py"audit"/"security"mappings →scitex_securitysrc/scitex/cli/audit.py_formatimport →scitex_security_skills/scitex/03_python-api.mdHistorical comments are deliberately untouched. They describe ADR-0001 accurately; rewriting them would make the file misdescribe its own history. (I initially applied a blanket
sed, which silently rewrote those comments to claim ADR-0001 routed toscitex_security— false. Reverted and redid it line by line.)No shim — the operator's ruling is explicit that a re-export shim is itself garbage. And no yank:
scitex-audit0.2.0 stays on PyPI as historical; archiving is not yanking, and yanking breaks installed callers.Not in scope
scitex_security/_paths.pyreferencesscitex-auditby design — those are the reverse-migration's identity strings (.migrated_from_scitex_audit_user,audit/github-alerts). Renaming them would re-fire the one-shot migration on users who already migrated. Left alone.