Metadata-Version: 2.4
Name: pypi-profile
Version: 0.3.0
Summary: The missing PyPI(tm) profile page — link your profile with signatures. Not associated with PSF.
Project-URL: Repository, https://github.com/matthewdeanmartin/matthewdeanmartin_pypi
Project-URL: homepage, https://github.com/matthewdeanmartin/matthewdeanmartin_pypi
Project-URL: issues, https://github.com/matthewdeanmartin/matthewdeanmartin_pypi/issues/
Project-URL: Documentation, https://matthewdeanmartin-pypi.readthedocs.io/en/latest/
Author-email: Matthew Martin <matthewdeanmartin@gmail.com>
License-Expression: Apache-2.0
License-File: LICENSE
Keywords: profile,pypi
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Requires-Python: >=3.10
Requires-Dist: cryptography>=41.0.0
Requires-Dist: fastapi>=0.115.0
Requires-Dist: jinja2>=3.1.0
Requires-Dist: keyring>=25.7.0
Requires-Dist: pluggy>=1.5.0
Requires-Dist: prompt-toolkit>=3.0.0
Requires-Dist: py-minisign>=0.13.2
Requires-Dist: pydantic>=2.0.0
Requires-Dist: schema-resume-validator>=1.1.0
Requires-Dist: starlette>=0.37.2
Requires-Dist: tomli>=2.0.0; python_version < '3.11'
Requires-Dist: uvicorn>=0.30.0
Provides-Extra: all
Provides-Extra: build
Provides-Extra: fast
Requires-Dist: orjson>=3.10.0; extra == 'fast'
Requires-Dist: rtoml>=0.13.0; extra == 'fast'
Provides-Extra: fetch
Provides-Extra: sign
Description-Content-Type: text/markdown

# pypi-profile

Pypi lacks a profile or a way to tie your identity to anything outside of pypi, other than a build server, via trusted
publishing.

`pypi-profile` is a tool for uses a `pypi_profile.toml` file to track signatures that can be verified at other websites.

It supports other use cases, such as resume display, contact info, package lists, and successor information.

## What the package does

`pypi-profile` currently ships:

- GUI for quick start and feature discovery.
- a CLI for `init`, `validate`, `inspect`, `serve`, `dump`, `doctor`, `fetch`, `keygen`, `sign`, `verify`,
  `update-proofs`, `build`, `find-profiles`, `gui`, and key management (`key-info`, `key-list`, `key-rotate`,
  `key-recover`, `key-export`, `key-import`)
- a TOML-first profile format for identity, packages, projects, hiring, contact, succession, and verification
  data
- a live website for validating signatures
- a static website for validating signatures within the constraints of javascript and CORS.

## Install

### Recommended: `pipx`

```bash
pipx install pypi-profile
```

### Alternative: `pip`

```bash
pip install pypi-profile
```

```bash
pipx install "pypi-profile[all]"
```

Or with `pip`:

```bash
pip install "pypi-profile[all]"
```

### From source

This repository is a `uv` workspace. Run commands from the repo root:

```bash
git clone https://github.com/matthewdeanmartin/matthewdeanmartin_pypi.git
cd matthewdeanmartin_pypi
uv sync --all-extras
uv run pypi-profile --help
```

Use the CLI entry point `pypi-profile`, not `python -m pypi_profile`.

## Usage

The shortest path from zero to a local profile site is:

```bash
pypi-profile init --username your-pypi-name
pypi-profile inspect pypi_profile.toml
pypi-profile serve pypi_profile.toml
```

That gives you a starter TOML file and serves the profile locally at `http://127.0.0.1:8000`.

Useful follow-up commands:

```bash
pypi-profile dump pypi_profile.toml
pypi-profile doctor
```

If you already have source data, you can bootstrap from it:

```bash
pypi-profile init --from-json-resume resume.json --output pypi_profile.toml
pypi-profile init --username your-pypi-name --fetch
```

## Security notes

- Proof-of-control signing is built around a local secret key. Keep that key out of version control.
- `serve --allow-code` is opt-in. Do not enable it for untrusted code.
- Verification proves account co-control, not legal identity or the truth of every profile claim.

## Legal

Apache license to match the Warehouse license for theme assets.

Not associated with the PSF. Trademarked logos are removed from the profile UI.

[PyPI is a trademark](https://pypi.org/trademarks/) of the Python Software Foundation.

[PyPI's template and theme](https://github.com/pypi/warehouse/blob/main/LICENSE) are Apache-licensed via
Warehouse.
