Skip to content

Commit 4637786

Browse files
frankbriaTest User
andauthored
feat: v0.9.1 — silence CLI AUTH_SECRET warning, add cf --version, trademark policy (#627)
Fixes - Default-AUTH_SECRET warning fired at import time in auth/manager.py and, via logging's last-resort handler, printed on every `cf` command (the Golden Path never uses auth). Removed the import-time warning; server startup validation (ui/server.py:_validate_security_config) is unchanged — still warns in self-hosted mode and raises in hosted mode. Regression test added. Added - `cf --version` / `-V` resolves the installed version from package metadata (root Typer callback). Note for users: with `uv tool install`, check via `cf --version` or `uv tool list` — a system Python won't see the isolated env. - TRADEMARKS.md: the AGPL covers the code; the CodeFRAME name and logo are trademarks of Noatak Enterprises, LLC, dba Bria Strategy Group, reserved separately. Forks may use the code but must rename. README/LICENSING.md note the code/brand boundary; README header + footer carry the (TM) notice. Release - Version 0.9.0 -> 0.9.1; CHANGELOG updated. Refs #613. Co-authored-by: Test User <test@example.com>
1 parent bd4c2ba commit 4637786

10 files changed

Lines changed: 200 additions & 10 deletions

File tree

CHANGELOG.md

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,18 @@ and this project aims to follow [Semantic Versioning](https://semver.org/spec/v2
77

88
## [Unreleased]
99

10+
## [0.9.1] - 2026-06-13
11+
12+
### Added
13+
- `cf --version` / `cf -V` prints the installed version. (Note: with `uv tool install`, check the version via `uv tool list` or `cf --version` — the package is isolated, so a system Python's `importlib.metadata` will not see it.)
14+
- `TRADEMARKS.md` — trademark policy clarifying that the AGPL covers the code, while the CodeFRAME name and logo are reserved trademarks (a fork may use the code but must rename).
15+
16+
### Fixed
17+
- The default-`AUTH_SECRET` warning no longer prints on every `cf` command. It was emitted at import time and leaked onto the CLI (which never uses auth); the check now lives only in server startup validation, which still warns in self-hosted mode and fails hard in hosted mode.
18+
19+
### Changed
20+
- README marks the CodeFRAME™ trademark and links the new policy; `LICENSING.md` notes the code/brand boundary.
21+
1022
## [0.9.0] - 2026-06-12
1123

1224
First public beta and the first release published to PyPI as
@@ -28,5 +40,6 @@ name claim is being pursued in parallel. The CLI entry point remains `cf`.
2840
- Version bumped from a placeholder `0.1.0` to an honest beta `0.9.0`; development status classifier moved to `4 - Beta`.
2941
- README installation section now leads with `uv tool install` instead of git-clone; status badge updated to **beta** with a stability statement.
3042

31-
[Unreleased]: https://github.com/frankbria/codeframe/compare/v0.9.0...HEAD
43+
[Unreleased]: https://github.com/frankbria/codeframe/compare/v0.9.1...HEAD
44+
[0.9.1]: https://github.com/frankbria/codeframe/compare/v0.9.0...v0.9.1
3245
[0.9.0]: https://github.com/frankbria/codeframe/releases/tag/v0.9.0

LICENSING.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,11 @@ you — and what to do if the AGPL doesn't fit your situation.
77
> This is a practical summary, not legal advice. The [LICENSE](LICENSE) file is
88
> the binding text. When in doubt, consult a lawyer.
99
10+
> **Code vs. brand.** AGPL-3.0 licenses the **code**. It does **not** grant any
11+
> right to the **CodeFRAME™ name or logo**, which are trademarks covered
12+
> separately — see [TRADEMARKS.md](TRADEMARKS.md). You can fork the code under
13+
> the AGPL, but a fork must use a different name.
14+
1015
## Why AGPL-3.0
1116

1217
CodeFRAME is **open core**: the project is fully open source, and we intend to

README.md

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
![CodeFRAME Header](./codeframe_github_header_1600x500.png)
22

3-
# CodeFRAME
3+
# CodeFRAME
44

55
![Status](https://img.shields.io/badge/status-beta-orange)
66
[![PyPI](https://img.shields.io/pypi/v/codeframe-ai)](https://pypi.org/project/codeframe-ai/)
@@ -428,6 +428,7 @@ CodeFRAME is in **public beta**.
428428

429429
- **Security:** found a vulnerability? Report it privately via [GitHub private vulnerability reporting](https://github.com/frankbria/codeframe/security/advisories/new) (or `security@codeframe.sh`) -- never a public issue. See [SECURITY.md](SECURITY.md) for scope and response expectations.
430430
- **Licensing:** CodeFRAME is [AGPL-3.0](LICENSE), an open-core stance. [LICENSING.md](LICENSING.md) explains what that means for individuals, internal company use, and embedding -- and how to reach us about **commercial licensing or a hosted offering** (both planned). Commercial inquiries: `licensing@codeframe.sh`.
431+
- **Trademark:** the code is AGPL-3.0, but the **CodeFRAME name and logo are trademarks** and are *not* covered by the code license. See [TRADEMARKS.md](TRADEMARKS.md) before using the name for a fork or product.
431432
- **Early access / design partners:** email `hello@codeframe.sh` or reply to the pinned [Discussion](https://github.com/frankbria/codeframe/discussions) to be included.
432433
- **Help & community:** [Discussions -> Q&A](https://github.com/frankbria/codeframe/discussions/categories/q-a) for questions, [Ideas](https://github.com/frankbria/codeframe/discussions/categories/ideas) for feature requests, and [bug reports](https://github.com/frankbria/codeframe/issues/new/choose) for confirmed bugs.
433434

@@ -437,8 +438,12 @@ CodeFRAME is in **public beta**.
437438

438439
[AGPL-3.0](LICENSE) -- Free to use, modify, and distribute. Derivative works and network services must release source code under the same license. See [LICENSING.md](LICENSING.md) for a plain-language explanation and commercial options.
439440

441+
The code is AGPL-3.0; the **CodeFRAME™ name and logo are trademarks** of Noatak Enterprises, LLC, dba Bria Strategy Group, and are not licensed under the AGPL -- see [TRADEMARKS.md](TRADEMARKS.md).
442+
440443
---
441444

442445
**Built by [Frank Bria](https://x.com/FrankBria18044)**
443446

444447
[Issues](https://github.com/frankbria/codeframe/issues) | [Discussions](https://github.com/frankbria/codeframe/discussions) | [Documentation](https://github.com/frankbria/codeframe/tree/main/docs)
448+
449+
_CodeFRAME™ is a trademark of Noatak Enterprises, LLC, dba Bria Strategy Group. All rights reserved._

TRADEMARKS.md

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
# CodeFRAME Trademark Policy
2+
3+
> This policy explains how you may and may not use the CodeFRAME name and logo.
4+
> It is intentionally conservative and is **not legal advice**; it may be revised
5+
> as the trademark application progresses.
6+
7+
## Ownership
8+
9+
**CodeFRAME™** and the CodeFRAME logo are trademarks of **Noatak Enterprises,
10+
LLC, dba Bria Strategy Group** ("the owner"). A U.S. trademark application for
11+
the CodeFRAME mark is pending. All rights are reserved.
12+
13+
The ™ symbol is used because the mark is not yet federally registered; it will
14+
be updated to ® if and when registration issues.
15+
16+
## The code license does not grant trademark rights
17+
18+
CodeFRAME's source code is licensed under [AGPL-3.0](LICENSE) (see
19+
[LICENSING.md](LICENSING.md)). **That license covers copyright in the code only.
20+
It does not grant any right to use the CodeFRAME name or logo.** This is the
21+
standard position for open-source licenses, which deliberately exclude
22+
trademarks.
23+
24+
In other words: you are free to use, modify, and redistribute the *code* under
25+
the AGPL — but the *name and logo* are not part of that grant.
26+
27+
## What you may do (no permission needed)
28+
29+
- **Refer to CodeFRAME truthfully** ("nominative use") — e.g., "compatible with
30+
CodeFRAME", "a plugin for CodeFRAME", "built on CodeFRAME" — provided you do
31+
not imply that the owner endorses, sponsors, or is affiliated with your
32+
project.
33+
- **State that your fork is derived from CodeFRAME**, as long as the fork is
34+
clearly named something else (see below).
35+
- Use the name in **blog posts, talks, tutorials, and reviews** that discuss the
36+
software.
37+
38+
## What requires written permission
39+
40+
- Using **"CodeFRAME" (or a confusingly similar name) as the name of your own**
41+
product, service, company, fork, or distribution.
42+
- Using the **CodeFRAME logo** other than to refer to the unmodified project.
43+
- Any use that **suggests affiliation, sponsorship, or endorsement** by the
44+
owner, or that could confuse users about the source of the software.
45+
- Use on **merchandise** or in **domain names**, social handles, or app-store
46+
listings.
47+
48+
If you maintain a fork, please give it a distinct name and may say, for example,
49+
"based on CodeFRAME" — but do not call the fork itself "CodeFRAME".
50+
51+
## Using the mark correctly
52+
53+
- Write it as **CodeFRAME** and include the ™ symbol on first or most prominent
54+
use: **CodeFRAME™**.
55+
- Use it as an adjective modifying a noun ("the CodeFRAME platform"), not as a
56+
verb or a generic noun.
57+
- `codeframe-ai` (the PyPI package) and `cf` (the command) are technical
58+
identifiers, not the brand.
59+
60+
## Requesting permission
61+
62+
For any use that requires permission, or if you are unsure, contact
63+
**licensing@codeframe.sh** describing the intended use. We are generally happy to
64+
allow community uses that don't create confusion.

codeframe/auth/manager.py

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -27,12 +27,11 @@
2727
JWT_AUDIENCE = ["fastapi-users:auth"]
2828
JWT_LIFETIME_SECONDS = int(os.getenv("JWT_LIFETIME_SECONDS", "604800")) # 7 days
2929

30-
# Warn if using default secret (but allow for development)
31-
if SECRET == DEFAULT_SECRET:
32-
logger.warning(
33-
"⚠️ AUTH_SECRET not set - using default value. "
34-
"DO NOT USE IN PRODUCTION! Set AUTH_SECRET environment variable."
35-
)
30+
# NOTE: The default-secret warning is intentionally NOT emitted at import time.
31+
# Importing this module must stay silent so it never leaks onto the CLI (the
32+
# Golden Path never uses auth). The check that matters runs when the server
33+
# actually starts — see codeframe/ui/server.py:_validate_security_config(),
34+
# which warns in self-hosted mode and fails hard in hosted mode.
3635

3736
# Create async SQLAlchemy engine for auth
3837
# Uses aiosqlite driver for async SQLite access

codeframe/cli/app.py

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,36 @@
5454
console = Console()
5555

5656

57+
def _get_version() -> str:
58+
"""Resolve the installed CodeFRAME version, falling back gracefully."""
59+
from importlib.metadata import PackageNotFoundError, version
60+
61+
try:
62+
return version("codeframe-ai")
63+
except PackageNotFoundError: # running from an uninstalled source tree
64+
return "0.0.0+unknown"
65+
66+
67+
def _version_callback(value: bool) -> None:
68+
if value:
69+
typer.echo(f"codeframe {_get_version()}")
70+
raise typer.Exit()
71+
72+
73+
@app.callback()
74+
def _root(
75+
version: Optional[bool] = typer.Option(
76+
None,
77+
"--version",
78+
"-V",
79+
help="Show the CodeFRAME version and exit.",
80+
callback=_version_callback,
81+
is_eager=True,
82+
),
83+
) -> None:
84+
"""CodeFRAME: Autonomous coding agent orchestration (v2 CLI)."""
85+
86+
5787
# =============================================================================
5888
# Root-level commands (per GOLDEN_PATH.md)
5989
# =============================================================================

pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
44

55
[project]
66
name = "codeframe-ai"
7-
version = "0.9.0"
7+
version = "0.9.1"
88
description = "A project delivery system that orchestrates frontier coding agents: Think, Build, Prove, Ship."
99
readme = "README.md"
1010
requires-python = ">=3.11"

tests/auth/test_import_is_quiet.py

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
"""Regression: importing auth must not warn, and the CLI must stay quiet.
2+
3+
The default-AUTH_SECRET warning used to fire at *import* time in
4+
``codeframe.auth.manager``. Because Python's last-resort logging handler prints
5+
WARNING records to stderr, that leaked onto every ``cf`` command (the Golden
6+
Path never uses auth). The warning now lives only in the server's startup
7+
validation. These tests pin that behavior.
8+
"""
9+
import subprocess
10+
import sys
11+
12+
import pytest
13+
14+
pytestmark = pytest.mark.v2
15+
16+
17+
def test_importing_auth_manager_emits_no_warning():
18+
"""A fresh interpreter importing auth.manager prints nothing to stderr."""
19+
result = subprocess.run(
20+
[sys.executable, "-c", "import codeframe.auth.manager"],
21+
capture_output=True,
22+
text=True,
23+
)
24+
assert result.returncode == 0, result.stderr
25+
assert "AUTH_SECRET" not in result.stderr
26+
assert "DO NOT USE IN PRODUCTION" not in result.stderr
27+
28+
29+
def test_server_validation_still_raises_in_hosted_mode(monkeypatch):
30+
"""The check that matters did not disappear — hosted + default secret fails."""
31+
import codeframe.auth.manager as manager
32+
from codeframe.ui.server import _validate_security_config
33+
34+
monkeypatch.setenv("CODEFRAME_DEPLOYMENT_MODE", "hosted")
35+
monkeypatch.setattr(manager, "SECRET", manager.DEFAULT_SECRET)
36+
37+
with pytest.raises(RuntimeError, match="AUTH_SECRET"):
38+
_validate_security_config()
39+
40+
41+
def test_server_validation_warns_but_allows_in_self_hosted_mode(monkeypatch, caplog):
42+
"""Self-hosted + default secret is allowed, with a warning at startup."""
43+
import logging
44+
45+
import codeframe.auth.manager as manager
46+
from codeframe.ui.server import _validate_security_config
47+
48+
monkeypatch.setenv("CODEFRAME_DEPLOYMENT_MODE", "self_hosted")
49+
monkeypatch.setattr(manager, "SECRET", manager.DEFAULT_SECRET)
50+
51+
with caplog.at_level(logging.WARNING):
52+
_validate_security_config() # must not raise
53+
54+
assert any("default AUTH_SECRET" in r.message for r in caplog.records)

tests/cli/test_version_flag.py

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
"""`cf --version` / `cf -V` print the version and exit cleanly."""
2+
import re
3+
4+
import pytest
5+
from typer.testing import CliRunner
6+
7+
from codeframe.cli.app import app
8+
9+
pytestmark = pytest.mark.v2
10+
11+
runner = CliRunner()
12+
13+
14+
@pytest.mark.parametrize("flag", ["--version", "-V"])
15+
def test_version_flag_prints_version_and_exits(flag):
16+
result = runner.invoke(app, [flag])
17+
assert result.exit_code == 0
18+
assert "codeframe" in result.stdout
19+
# A semver-ish token must be present (e.g. 0.9.1 or 0.0.0+unknown).
20+
assert re.search(r"\d+\.\d+\.\d+", result.stdout)

uv.lock

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)