feat: v0.9.1 — silence CLI AUTH_SECRET warning, add cf --version, trademark policy#627
Conversation
…demark policy Fixes - Default-AUTH_SECRET warning fired at import time in auth/manager.py and, via logging's last-resort handler, printed on every `cf` command (the Golden Path never uses auth). Removed the import-time warning; server startup validation (ui/server.py:_validate_security_config) is unchanged — still warns in self-hosted mode and raises in hosted mode. Regression test added. Added - `cf --version` / `-V` resolves the installed version from package metadata (root Typer callback). Note for users: with `uv tool install`, check via `cf --version` or `uv tool list` — a system Python won't see the isolated env. - TRADEMARKS.md: the AGPL covers the code; the CodeFRAME name and logo are trademarks of Noatak Enterprises, LLC, dba Bria Strategy Group, reserved separately. Forks may use the code but must rename. README/LICENSING.md note the code/brand boundary; README header + footer carry the (TM) notice. Release - Version 0.9.0 -> 0.9.1; CHANGELOG updated. Refs #613.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (9)
WalkthroughBumps the package to version 0.9.1. Adds a ChangesCLI version flag and quiet auth import
Trademark policy documentation
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
Code Review — v0.9.1 patchThis is a clean, well-scoped patch that addresses the three issues from the v0.9.0 publish. Overall quality is high. A few observations: Auth warning removal (manager.py) — the fix is correct. Moving the guard from module-level to _validate_security_config() (called only at server startup) is the right model. The explanatory comment in place of the old warning is genuinely helpful for the next reader. Verified that the server-side check still distinguishes self-hosted (warn) from hosted (raise) — nothing was lost. cf --version (app.py) — textbook Typer idiom: is_eager=True, raise typer.Exit(), and the @app.callback() placement is correct. The inline import in _get_version() is a minor style note (imports inside functions are unconventional), but it is reasonable here to defer the importlib.metadata import until the flag is actually requested. Not worth changing. Test quality — all three test patterns are solid:
TRADEMARKS.md — correctly uses TM (pending, not yet registered), the nominative-use section is clear, and the LICENSING.md cross-link closes the loop. The attorney-review flag in the PR description is appropriate given the legal nature. Minor observations (none blocking):
Verdict: All core changes are correct, the regression test coverage pins the exact behavior that broke in v0.9.0, and the trademark policy is appropriate for a pending-registration mark. Ready to merge once you have confirmed cf --help output looks right with the new @app.callback() docstring in place. |
Bundles the follow-ups that surfaced after the v0.9.0 publish into a single v0.9.1. Refs #613 (does not close it — PyPI go-live for 0.9.1 is the tag push).
Fixes
The
AUTH_SECRET not setwarning on everycfcommand. It was a module-level side effect incodeframe/auth/manager.pythat ran at import; Python's last-resort logging handler then printed it to stderr, so it leaked onto the CLI even though the Golden Path never uses auth. Removed the import-time warning. The check that matters is untouched:ui/server.py:_validate_security_config()(called at startup) still warns in self-hosted mode and raises in hosted mode. Covered by a new regression test (fresh-interpreter import is silent; hosted-mode still raises; self-hosted still warns).Added
cf --version/cf -V— resolves the installed version from package metadata via a root Typer callback. This also fixes the verification confusion: withuv tool install, the package is isolated, so a system Python'simportlib.metadata.version('codeframe-ai')raisesPackageNotFoundError(expected, not a bug). Usecf --versionoruv tool list.TRADEMARKS.md— trademark policy. The AGPL covers the code; the CodeFRAME™ name and logo are trademarks of Noatak Enterprises, LLC, dba Bria Strategy Group, reserved separately. Permits nominative use ("works with CodeFRAME"); requires permission to name a fork/product "CodeFRAME". Uses ™ (mark is pending, not yet registered — ® would be improper now). Conservative language, flagged for your attorney's review.Changed
LICENSING.md: a code-vs-brand callout linking the policy.0.9.0 → 0.9.1;CHANGELOG.mdupdated.Verification
tests/auth/test_import_is_quiet.py,tests/cli/test_version_flag.py— pass.tests/cli/+tests/auth/: 494 passed, 9 skipped (serve stubs) — the new root callback doesn't disturb existing commands.uv build→0.9.1;cf --version→codeframe 0.9.1; wheel still complete (24 packages);cf --helpshows zero AUTH_SECRET lines.ruff checkclean.After merge (you)
Tag
v0.9.1to publish:git tag -a v0.9.1 -m "CodeFRAME 0.9.1" && git push origin v0.9.1→ the release workflow builds, publishes to PyPI (trusted publishing is already set up), and cuts the GitHub Release. ™ → ® swap is a future change once registration issues.Summary by CodeRabbit
Release Notes
New Features
--version/-VCLI flag to display installed versionBug Fixes
AUTH_SECRETwarnings appearing in CLI outputDocumentation