✨ Guard CLI entrypoint, fix tempfile default, widen typer pin

sjquant · claude · sjquant · commit 8e5991a0cdcd · 2026-03-21T19:17:25.000+09:00
- Add quickthumb/_entry.py as the script entrypoint so a missing typer
  install prints a helpful pip install hint instead of a raw ImportError
- Replace hardcoded "/tmp" with tempfile.gettempdir() for Windows compat
- Widen typer version pin from &lt;0.25.0 to &lt;1.0 to reduce resolver conflicts

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/pyproject.toml b/pyproject.toml
@@ -46,12 +46,12 @@ rembg = [
     "rembg>=2.0.50,<3.0.0",
 ]
 cli = [
-    "typer>=0.24.1,<0.25.0",
+    "typer>=0.24.1,<1.0",
     "watchfiles>=1.0.0,<2.0.0",
 ]
 
 [project.scripts]
-quickthumb = "quickthumb.cli:main"
+quickthumb = "quickthumb._entry:main"
 
 [dependency-groups]
 docs = [
diff --git a/quickthumb/_entry.py b/quickthumb/_entry.py
@@ -0,0 +1,18 @@
+from __future__ import annotations
+
+import sys
+
+
+def main() -> None:
+    try:
+        import typer as _  # noqa: F401
+    except ImportError:
+        print(
+            "typer is not installed. Install it with:\n  pip install 'quickthumb[cli]'",
+            file=sys.stderr,
+        )
+        sys.exit(1)
+
+    from quickthumb.cli import main as _main
+
+    _main()
diff --git a/quickthumb/canvas.py b/quickthumb/canvas.py
@@ -2,6 +2,7 @@
 import hashlib
 import math
 import os
+import tempfile
 import warnings
 from collections.abc import Callable
 from dataclasses import dataclass, field
@@ -2328,7 +2329,7 @@ def _download_and_cache_font(self, url: str) -> str:
         url_hash = hashlib.md5(url.encode()).hexdigest()
         extension = os.path.splitext(url)[1] or ".ttf"
         cache_filename = f"quickthumb_font_{url_hash}{extension}"
-        cache_dir = os.environ.get("QUICKTHUMB_FONT_CACHE_DIR", "/tmp")
+        cache_dir = os.environ.get("QUICKTHUMB_FONT_CACHE_DIR", tempfile.gettempdir())
         os.makedirs(cache_dir, exist_ok=True)
         cache_path = os.path.join(cache_dir, cache_filename)
 
diff --git a/specs/TASKS.md b/specs/TASKS.md
@@ -59,22 +59,22 @@
 - [DONE] CLI `render`: catch `FileNotFoundError` / `PermissionError` from `spec.read_text()` and exit with code 1
 - [DONE] CLI `render`: catch `json.JSONDecodeError` from `Canvas.from_json()` and exit with code 1
 - [DONE] `_substitute_vars`: raise `ValidationError` on unresolved `$VAR` / `${VAR}` placeholders (currently passes them through silently)
-- [TODO] Guard CLI entrypoint import: print a helpful message and exit if `typer` is not installed instead of crashing with `ImportError`
+- [REVIEW] Guard CLI entrypoint import: print a helpful message and exit if `typer` is not installed instead of crashing with `ImportError`
 - [DONE] CLI `render`: validate `--var` entries contain `=`; raise a clear error when `--var keyonly` is passed (currently silently maps to empty string)
 - [DONE] CLI `render`: replace bare `except Exception` with `except (RenderingError, OSError)` to avoid masking real bugs
 - [DONE] CLI `render`: validate `--quality` is in `1–95` range (`typer.Option(..., min=1, max=95)`)
 - [DONE] CLI `render`: validate `--format` is one of `PNG`, `JPEG`, `WEBP`; reject unknown values early
 
 ### P2 — Font Cache Hardening (from code review)
 
-- [TODO] Use `tempfile.gettempdir()` instead of hardcoded `"/tmp"` as the default font cache dir (fixes Windows compatibility)
+- [REVIEW] Use `tempfile.gettempdir()` instead of hardcoded `"/tmp"` as the default font cache dir (fixes Windows compatibility)
 - [TODO] Validate downloaded font content before writing to cache (currently writes arbitrary data from any URL)
 - [DONE] Call `os.makedirs(cache_dir, exist_ok=True)` before writing cached font; `QUICKTHUMB_FONT_CACHE_DIR` pointing to a non-existent dir currently crashes with `FileNotFoundError`
 
 ### P2 — CLI Polish (from code review)
 
-- [TODO] Rename `format` parameter to `fmt` or `output_format` internally — currently shadows Python's built-in `format()`
-- [TODO] Widen typer version pin from `>=0.24.1,<0.25.0` to `>=0.24.1,<1.0` to avoid unnecessary resolver conflicts
+- [DONE] Rename `format` parameter to `fmt` or `output_format` internally — currently shadows Python's built-in `format()`
+- [REVIEW] Widen typer version pin from `>=0.24.1,<0.25.0` to `>=0.24.1,<1.0` to avoid unnecessary resolver conflicts
 
 ### P3 — Lower Priority
 

Original file line number	Diff line number	Diff line change
`@@ -46,12 +46,12 @@ rembg = [`
`46`	`46`	`"rembg>=2.0.50,<3.0.0",`
`47`	`47`	`]`
`48`	`48`	`cli = [`
`49`		`- "typer>=0.24.1,<0.25.0",`
	`49`	`+ "typer>=0.24.1,<1.0",`
`50`	`50`	`"watchfiles>=1.0.0,<2.0.0",`
`51`	`51`	`]`
`52`	`52`
`53`	`53`	`[project.scripts]`
`54`		`-quickthumb = "quickthumb.cli:main"`
	`54`	`+quickthumb = "quickthumb._entry:main"`
`55`	`55`
`56`	`56`	`[dependency-groups]`
`57`	`57`	`docs = [`