From f6fc17b533358989dc9b23e4e6339e4dceddf6a3 Mon Sep 17 00:00:00 2001 From: Yusuke Watanabe Date: Fri, 17 Jul 2026 03:29:23 +0900 Subject: [PATCH] fix: repoint scitex_audit -> scitex_security (audit is archived) scitex-audit is now a public archive on GitHub per the operator's ruling; the umbrella must not declare or re-export it. ADR-0002 made scitex-security the canonical package, and the reversal was never finished -- the umbrella still pinned scitex-audit==0.2.0 in main deps, in [audit], in [security], and lazily resolved scitex.security to scitex_audit.github. Nine lines, all code: pyproject: 4 dependency declarations -> scitex-security __init__: scitex.security external -> scitex_security.github re_export: "audit"/"security" mappings -> scitex_security cli/audit: _format import -> scitex_security docs: the mapping table Verified before changing a published package's dependency graph: scitex-security 0.2.0 is on PyPI, and scitex_security.github carries all five public symbols (check_github_alerts, save_alerts_to_file, format_alerts_report, check_gh_auth, GitHubSecurityError). Historical comments are deliberately left untouched. They describe ADR-0001 accurately, and rewriting them would make the file misdescribe its own history. No shim: the operator's ruling is explicit that a re-export shim is itself garbage. scitex-audit 0.2.0 stays on PyPI as historical -- an archive is not a yank, and yanking would break installed callers. --- pyproject.toml | 8 ++++---- src/scitex/__init__.py | 2 +- src/scitex/_skills/scitex/03_python-api.md | 2 +- src/scitex/cli/audit.py | 2 +- src/scitex/re_export.py | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 93d9f2ea1..cc0703645 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -100,7 +100,7 @@ dependencies = [ "scitex-etc==0.2.1", # media shipped here; scitex.media re-exports scitex_etc.media "scitex-genai==0.1.1", "scitex-gists==0.1.8", - "scitex-audit==0.2.0", + "scitex-security==0.2.0", "scitex-logging==0.1.7", "scitex-dict==0.1.8", "scitex-browser==0.1.15", @@ -191,7 +191,7 @@ audio = [ # Audit Module - Code and security auditing # Use: pip install scitex[audit] -audit = ["scitex-audit==0.2.0"] +audit = ["scitex-security==0.2.0"] # Benchmark Module - Performance monitoring # Use: pip install scitex[benchmark] @@ -671,7 +671,7 @@ schema = [] # "security" mapping). The standalone `scitex-security` 0.2.0 is a # deprecated thin shim and is NOT pulled here. # Use: pip install scitex[security] -security = ["scitex-audit==0.2.0"] +security = ["scitex-security==0.2.0"] # Session Module - Session management # Use: pip install scitex[session] @@ -946,7 +946,7 @@ dev = [ "scipy", "scitex-agent-container==0.21.11", "scitex-audio==0.3.0", - "scitex-audit==0.2.0", + "scitex-security==0.2.0", "scitex-browser==0.1.15", "scitex-clew==0.17.0", # NOTE: scitex-hub (optional peer powering cloud/module/project; formerly diff --git a/src/scitex/__init__.py b/src/scitex/__init__.py index 77bd53d07..6baf8e720 100755 --- a/src/scitex/__init__.py +++ b/src/scitex/__init__.py @@ -162,7 +162,7 @@ schema = _LazyModule("schema") # Data schema utilities canvas = _LazyModule("canvas") # Canvas utilities for figure composition security = _LazyModule( - "security", external="scitex_audit.github", fallback="scitex_security" + "security", external="scitex_security.github", fallback="scitex_security" ) # ADR-0001 (#139) routed scitex.security → scitex_audit.github; ADR-0002 # (#142) then made scitex_security the unified home (scitex-audit = deprecated # shim). Prefer scitex_audit.github when present, fall back to scitex_security. diff --git a/src/scitex/_skills/scitex/03_python-api.md b/src/scitex/_skills/scitex/03_python-api.md index 7f20c19c1..8be8d3c52 100644 --- a/src/scitex/_skills/scitex/03_python-api.md +++ b/src/scitex/_skills/scitex/03_python-api.md @@ -37,7 +37,7 @@ scitex.notification → scitex_notification scitex.audio → scitex_audio scitex.dataset → scitex_dataset scitex.app → scitex_app -scitex.audit → scitex_audit +scitex.audit → scitex_security scitex.compat → scitex_compat scitex.repro → scitex_repro scitex.dict → scitex_dict diff --git a/src/scitex/cli/audit.py b/src/scitex/cli/audit.py index 2c7524934..7cf0367eb 100755 --- a/src/scitex/cli/audit.py +++ b/src/scitex/cli/audit.py @@ -42,7 +42,7 @@ def audit(ctx, path, as_json, save, checks): return from scitex.audit import audit as do_audit - from scitex_audit._format import format_json, format_text + from scitex_security._format import format_json, format_text results = do_audit( path=path, diff --git a/src/scitex/re_export.py b/src/scitex/re_export.py index f8ec8add2..204d41d62 100755 --- a/src/scitex/re_export.py +++ b/src/scitex/re_export.py @@ -288,7 +288,7 @@ def __repr__(self): "etc": "scitex_etc", "media": "scitex_etc.media", # in-tree dir removed; shipped in scitex-etc (>=0.2.0) "gists": "scitex_gists", - "audit": "scitex_audit", + "audit": "scitex_security", "compat": "scitex_compat", "repro": "scitex_repro", "app": "scitex_app", @@ -320,7 +320,7 @@ def __repr__(self): # The 5 public symbols (check_github_alerts, save_alerts_to_file, # get_latest_alerts_file, format_alerts_report, GitHubSecurityError) are # exposed by both. - "security": "scitex_audit.github", + "security": "scitex_security.github", "session": "scitex_session", # @scitex.session decorator + INJECTED sentinel "tex": "scitex_tex", }