chore: lint fix

Signed-off-by: habeck <habeck@us.ibm.com>

Author: tedhabeck

cpex/tools/catalog.py

@@ -642,7 +642,9 @@ def install_folder_via_pip(self, manifest: PluginManifest, verify_integrity: boo
             if manifest.kind == "isolated_venv":
                 logger.info("Detected isolated_venv plugin from monorepo: %s", manifest.name)
                 # Install the package to make it available for venv initialization
-                package_path = self._download_monorepo_folder_to_temp(repo_url, manifest.name, verify_integrity=verify_integrity)
+                package_path = self._download_monorepo_folder_to_temp(
+                    repo_url, manifest.name, verify_integrity=verify_integrity
+                )
                 plugin_path = self._initialize_isolated_venv(manifest, package_path)
                 logger.info("Isolated venv initialized. Plugin will be auto-installed via requirements.txt")
             else:
@@ -835,7 +837,9 @@ def _extract_package_archive(self, package_file: Path, extract_dir: Path) -> Non
         else:
             raise RuntimeError(f"Unsupported package format: {package_file}")
 
-    def _download_monorepo_folder_to_temp(self, repo_url: str, package_name: str, verify_integrity: bool = True) -> Path:
+    def _download_monorepo_folder_to_temp(
+        self, repo_url: str, package_name: str, verify_integrity: bool = True
+    ) -> Path:
         """Download monorepo folder to temporary directory.
 
         Args:
@@ -873,16 +877,12 @@ def _download_monorepo_folder_to_temp(self, repo_url: str, package_name: str, ve
             if verify_integrity:
                 try:
                     from cpex.tools.integrity import compute_file_hash
+
                     package_hash = compute_file_hash(package_file)
                     logger.info(
-                        "Package integrity hash for %s (%s): SHA256=%s",
-                        package_name,
-                        package_file.name,
-                        package_hash
-                    )
-                    logger.info(
-                        "Store this hash for future verification or to detect tampering"
+                        "Package integrity hash for %s (%s): SHA256=%s", package_name, package_file.name, package_hash
                     )
+                    logger.info("Store this hash for future verification or to detect tampering")
                 except Exception as e:
                     logger.warning("Failed to compute package hash: %s", str(e))
 
@@ -940,14 +940,13 @@ def _download_package_to_temp(
                     if version_constraint:
                         # Try to extract exact version from constraint (e.g., "==1.0.0" -> "1.0.0")
                         import re
-                        version_match = re.search(r'==\s*([0-9.]+)', version_constraint)
+
+                        version_match = re.search(r"==\s*([0-9.]+)", version_constraint)
                         if version_match:
                             version_to_fetch = version_match.group(1)
-                    
+
                     expected_hashes = fetch_pypi_package_hashes(
-                        package_name=package_name,
-                        version=version_to_fetch,
-                        use_test=use_test
+                        package_name=package_name, version=version_to_fetch, use_test=use_test
                     )
                     if expected_hashes:
                         logger.info("Retrieved hashes for %d distribution files", len(expected_hashes))
@@ -988,16 +987,10 @@ def _download_package_to_temp(
                 if expected_hash:
                     logger.info("Verifying integrity of %s", package_file.name)
                     verify_package_integrity(
-                        file_path=package_file,
-                        expected_hash=expected_hash,
-                        package_name=package_name,
-                        strict=True
+                        file_path=package_file, expected_hash=expected_hash, package_name=package_name, strict=True
                     )
                 else:
-                    logger.warning(
-                        "No matching hash found for %s. Proceeding without verification.",
-                        package_file.name
-                    )
+                    logger.warning("No matching hash found for %s. Proceeding without verification.", package_file.name)
 
             extract_dir = temp_dir / "extracted"
             extract_dir.mkdir()
@@ -1509,16 +1502,12 @@ def install_from_git(self, url: str, verify_integrity: bool = True) -> tuple[Plu
             if verify_integrity:
                 try:
                     from cpex.tools.integrity import compute_file_hash
+
                     package_hash = compute_file_hash(archive_path)
                     logger.info(
-                        "Package integrity hash for %s (%s): SHA256=%s",
-                        package_name,
-                        archive_path.name,
-                        package_hash
-                    )
-                    logger.info(
-                        "Store this hash for future verification or to detect tampering"
+                        "Package integrity hash for %s (%s): SHA256=%s", package_name, archive_path.name, package_hash
                     )
+                    logger.info("Store this hash for future verification or to detect tampering")
                 except Exception as e:
                     logger.warning("Failed to compute package hash: %s", str(e))
 

cpex/tools/cli.py

@@ -47,10 +47,10 @@
 )
 from cpex.framework.settings import settings
 from cpex.tools.catalog import PluginCatalog
-from cpex.tools.settings import get_catalog_settings
 
 # Third-Party
 from cpex.tools.plugin_registry import PluginRegistry
+from cpex.tools.settings import get_catalog_settings
 
 # Exit codes for CLI commands
 EXIT_SUCCESS = 0
@@ -584,9 +584,9 @@ def _install_from_pypi(source: str, catalog: PluginCatalog, use_test: bool = Fal
     verify_integrity = catalog_settings.VERIFY_PACKAGE_INTEGRITY
 
     if verify_integrity:
-        console.log(f"Package integrity verification: enabled")
+        console.log("Package integrity verification: enabled")
     else:
-        console.log(f"Package integrity verification: disabled")
+        console.log("Package integrity verification: disabled")
 
     with console.status(f"Installing plugin {package_name} via pypi", spinner="dots"):
         manifest, plugin_path = catalog.install_from_pypi(

cpex/tools/integrity.py

@@ -297,4 +297,5 @@ def find_matching_hash(
     logger.warning("No matching hash found for %s in PyPI metadata", pkg_name)
     return None
 
+
 # Made with Bob

cpex/tools/settings.py

@@ -40,12 +40,10 @@ class CatalogSettings(BaseSettings):
     )
     FOLDER: str = Field(default="plugins", description="The folder where the plugins are located (r/w)")
     VERIFY_PACKAGE_INTEGRITY: bool = Field(
-        default=True,
-        description="Enable SHA256 hash verification for downloaded packages from PyPI"
+        default=True, description="Enable SHA256 hash verification for downloaded packages from PyPI"
     )
     STRICT_INTEGRITY_MODE: bool = Field(
-        default=False,
-        description="Fail installation if package hashes are unavailable (strict mode)"
+        default=False, description="Fail installation if package hashes are unavailable (strict mode)"
     )