Add release docs and packaging metadata

Author: ja7den2006

.github/workflows/tests.yml

@@ -0,0 +1,31 @@
+name: tests
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  pytest:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.8", "3.11", "3.12"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install package
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e .[dev]
+
+      - name: Run tests
+        run: python -m pytest -q

.gitignore

@@ -0,0 +1,18 @@
+__pycache__/
+*.py[cod]
+*.pyo
+*.pyd
+.pytest_cache/
+.coverage
+htmlcov/
+.venv/
+venv/
+build/
+dist/
+*.egg-info/
+*.log
+*.tmp
+*.session
+*.cookies
+*.bundle.json
+

LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2026 jayden
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

README.md

@@ -0,0 +1,205 @@
+# SteamCommunityKit
+
+`SteamCommunityKit` is a Python library for real Steam user workflows:
+
+- public Steam Web API reads with a normal `steamcommunity.com/dev` key
+- public no-key community reads such as profile XML, market data, inventory URLs, and group URLs
+- logged-in Steam Community actions such as profile edits, privacy updates, avatar upload, trade URL management, and group creation checks
+- session persistence helpers for refresh tokens, cookies, JSON bundles, and external `requests.Session` reuse
+
+This package is built around the workflows normal users can actually use. It does not try to wrap Steamworks publisher-only administration endpoints that require partner permissions.
+
+## Install
+
+```bash
+pip install SteamCommunityKit
+```
+
+For local development:
+
+```bash
+pip install -e .[dev]
+```
+
+## Choose The Right Mode
+
+Use no key when you only need public community data:
+
+```python
+from steamcommunitykit import SteamClient
+
+client = SteamClient()
+print(client.resolve_steam_id("gaben"))
+print(client.get_player_summary("https://steamcommunity.com/id/gaben/"))
+print(client.get_market_price_overview(730, "AK-47 | Redline (Field-Tested)"))
+```
+
+Use a normal Steam Web API key when you need Web API calls:
+
+```python
+from steamcommunitykit import SteamClient
+
+client = SteamClient(api_key="YOUR_WEB_API_KEY")
+summary = client.get_player_summary("gaben")
+games = client.get_owned_games_for_user("https://steamcommunity.com/id/gaben/")
+news = client.get_news_summary(570, count=2)
+
+print(summary["personaname"])
+print(games["game_count"])
+print(news["items"][0]["title"])
+```
+
+Use community login when you need account-backed actions:
+
+```python
+from steamcommunitykit import SteamClient
+
+client = SteamClient()
+client.login_to_community("YOUR_USERNAME", "YOUR_PASSWORD")
+
+print(client.get_account_info())
+print(client.get_trade_offer_url())
+print(client.get_group_membership_state("Valve"))
+```
+
+## Verified Workflow Examples
+
+### Save and restore a logged-in session
+
+```python
+from steamcommunitykit import SteamClient
+
+client = SteamClient()
+client.login_to_community("YOUR_USERNAME", "YOUR_PASSWORD")
+client.save_community_session_bundle("steam_session.json")
+
+restored = SteamClient()
+restored.load_community_session_bundle("steam_session.json")
+print(restored.get_community_session_state())
+```
+
+### Reuse Steam Community auth with raw requests
+
+```python
+from steamcommunitykit import SteamClient
+
+client = SteamClient()
+client.login_to_community("YOUR_USERNAME", "YOUR_PASSWORD")
+
+session = client.build_community_requests_session()
+response = session.get("https://steamcommunity.com/my/edit/")
+print(response.status_code)
+```
+
+### Market snapshot from a full listing URL
+
+```python
+from steamcommunitykit import SteamClient
+
+client = SteamClient()
+snapshot = client.get_market_price_snapshot_by_url(
+    "https://steamcommunity.com/market/listings/730/AK-47%20%7C%20Redline%20%28Field-Tested%29"
+)
+print(snapshot["price_overview"]["lowest_price"])
+print(snapshot["listing_summary"]["listing_count"])
+```
+
+## Major Features
+
+### Authentication and session management
+
+- credential login with Steam Guard support
+- refresh-token login reuse
+- cookie string, cookie mapping, and JSON bundle import/export
+- file-based session save/load helpers
+- ready-to-use authenticated `requests.Session`
+
+### Community account features
+
+- account/profile bundle reads
+- profile edits for persona name, vanity URL, summary, real name, and location
+- privacy reads and writes
+- avatar upload
+- trade offer URL read/rotate
+- Web API key status page parsing
+
+### Groups
+
+- name, URL, and tag availability checks
+- group details, members, and multi-page member aggregation
+- group member summaries and indexed maps
+- group membership state parsing for the logged-in account
+- group creation with validation and clear limited-account errors
+
+### Market
+
+- search, normalized results, and exact-match helpers
+- price overview
+- listing summaries, maps, filtered lookups, and multi-page aggregation
+- item name ID, order histogram, order summary, and price history
+- one-shot market snapshots
+- full URL-based helper variants
+
+### Inventory
+
+- raw and normalized inventory reads
+- full pagination helpers
+- item search/filtering
+- item counts, asset ID lookup, and URL-based inventory helpers
+
+### Workshop and collections
+
+- published file detail helpers
+- collection details and child item helpers
+- query helpers with cursor pagination
+- normalized maps and exact-match finders
+- full workshop URL helper variants
+
+### Web API reads
+
+- users, friends, bans, owned games, recently played games, badges, levels
+- apps, news, user stats, trade/econ summaries, store searches, and utility endpoints
+
+## Documentation
+
+- [Authentication Guide](docs/authentication.md)
+- [Community Guide](docs/community.md)
+- [Groups Guide](docs/groups.md)
+- [Market Guide](docs/market.md)
+- [Inventory Guide](docs/inventory.md)
+- [Workshop Guide](docs/workshop.md)
+- [Web API Guide](docs/webapi.md)
+- [Testing Guide](docs/testing.md)
+- [Security Policy](SECURITY.md)
+
+## Testing
+
+Run the unit suite:
+
+```bash
+python -m pytest -q
+```
+
+Run the public smoke suite with an API key:
+
+```bash
+python examples/smoke_test.py --api-key YOUR_WEB_API_KEY --public-only
+```
+
+Run the community smoke suite with a Steam account:
+
+```bash
+python examples/smoke_test.py --username YOUR_USERNAME --password YOUR_PASSWORD --community-only
+```
+
+## Notes
+
+- Some Web API features require a normal Steam Web API key.
+- Some community features require a logged-in session.
+- Some actions are restricted by Steam account state, such as limited accounts, Family View, or profile privacy.
+- When a feature requires more auth than the current client state provides, the package raises explicit `SteamAuthenticationError` or `SteamValidationError` messages instead of failing silently.
+
+## Disclaimer
+
+This project is not affiliated with Valve or Steam. Steam pages and response shapes can change over time, so some community-backed helpers may need maintenance if Steam updates its HTML or request flows.
+

SECURITY.md

@@ -0,0 +1,47 @@
+# Security Policy
+
+## Supported Versions
+
+Security fixes are applied to the latest public version on `main`.
+
+## Sensitive Data
+
+SteamCommunityKit can work with:
+
+- Steam usernames and passwords
+- Steam Guard codes
+- Steam Web API keys
+- refresh tokens
+- `steamLoginSecure` cookies
+- saved session bundle files
+
+Treat all of those as secrets.
+
+## Safe Usage Guidelines
+
+- never commit session bundle files, cookie files, API keys, or credentials
+- prefer test accounts when exercising profile writes or group flows
+- rotate credentials if they are pasted into logs, terminals, or screenshots
+- store exported session files outside version-controlled directories when possible
+
+The provided `.gitignore` covers common local artifacts, but it cannot protect secrets that are deliberately committed.
+
+## Reporting A Vulnerability
+
+If you discover a security issue in this repository:
+
+1. do not open a public issue with live credentials or exploit details
+2. contact the maintainer privately first
+3. include a minimal reproduction, affected version, and impact summary
+
+## Scope Notes
+
+This library intentionally supports account-backed community flows. That means the biggest security risk is usually operational misuse rather than a remote code execution class issue.
+
+Focus first on:
+
+- credential leakage
+- cookie or refresh-token leakage
+- unsafe persistence of exported session bundles
+- missing validation around destructive account actions
+