Coderabbit fixes

Author: cyberjunky

README.md

@@ -2,6 +2,8 @@
 
 The Garmin Connect API demo (`example.py`) provides comprehensive access to **101 API methods** organized into **11 categories** for easy navigation:
 
+Note: The demo menu is generated dynamically; exact options may change between releases.
+
 ```bash
 $ ./example.py
 🏃‍♂️ Garmin Connect API Demo - Main Menu
@@ -45,8 +47,8 @@ Make your selection:
 
 - **Enhanced User Experience**: Categorized navigation with emoji indicators
 - **Smart Data Management**: Interactive weigh-in deletion with search capabilities
-- **Comprehensive Coverage**: All major Garmin Connect features accessible
-- **Error Handling**: Robust error handling and user-friendly prompts
+- **Comprehensive Coverage**: All major Garmin Connect features are accessible
+- **Error Handling**: Robust error handling with user-friendly prompts
 - **Data Export**: JSON export functionality for all data types
 
 [![Donate via PayPal](https://img.shields.io/badge/Donate-PayPal-blue.svg?style=for-the-badge&logo=paypal)](https://www.paypal.me/cyberjunkynl/)
@@ -71,7 +73,8 @@ Compatible with all Garmin Connect accounts. See <https://connect.garmin.com/>
 Install from PyPI:
 
 ```bash
-pip3 install garminconnect
+python3 -m pip install --upgrade pip
+python3 -m pip install garminconnect
 ```
 
 ## Run demo software (recommended)
@@ -81,7 +84,7 @@ python3 -m venv .venv --copies
 source .venv/bin/activate  # On Windows: .venv\Scripts\activate
 pip install pdm
 pdm install --group :example
-./example.py
+python3 ./example.py
 ```
 
 
@@ -178,6 +181,12 @@ garth.sso.OAUTH_CONSUMER = {
 
 **Token Storage:**
 Tokens are automatically saved to `~/.garminconnect` directory for persistent authentication.
+For security, ensure restrictive permissions:
+
+```bash
+chmod 700 ~/.garminconnect
+chmod 600 ~/.garminconnect/* 2>/dev/null || true
+```
 
 ## 🧪 Testing
 
@@ -198,6 +207,14 @@ pdm run test        # Run all tests
 pdm run testcov     # Run tests with coverage report
 ```
 
+Optional: keep test tokens isolated
+
+```bash
+export GARMINTOKENS="$(mktemp -d)"
+python3 ./example.py # create fresh tokens for tests
+pdm run test
+```
+
 **Note:** Tests automatically use `~/.garminconnect` as the default token file location. You can override this by setting the `GARMINTOKENS` environment variable. Run `example.py` first to generate authentication tokens for testing.
 
 **For Developers:** Tests use VCR cassettes to record/replay HTTP interactions. If tests fail with authentication errors, ensure valid tokens exist in `~/.garminconnect`
@@ -217,6 +234,14 @@ username = __token__
 password = <PyPI_API_TOKEN>
 ```
 
+# Recommended: use environment variables and restrict file perms
+
+```bash
+chmod 600 ~/.pypirc
+export TWINE_USERNAME="__token__"
+export TWINE_PASSWORD="<PyPI_API_TOKEN>"
+```
+
 **Publish new version:**
 ```bash
 pdm run publish    # Build and publish to PyPI
@@ -288,7 +313,7 @@ stats = client.get_stats(_today)
 
 # Get heart rate data
 hr_data = client.get_heart_rates(_today)
-print(f"Resting HR: {hr_data['restingHeartRate']}")
+print(f"Resting HR: {hr_data.get('restingHeartRate', 'n/a')}")
 ```
 
 ### Additional Resources

garminconnect/__init__.py

@@ -34,7 +34,7 @@ def _validate_date_format(date_str: str, param_name: str = "date") -> str:
     # Remove any extra whitespace
     date_str = date_str.strip()
 
-    if not re.match(DATE_FORMAT_REGEX, date_str):
+    if not re.fullmatch(DATE_FORMAT_REGEX, date_str):
         raise ValueError(
             f"{param_name} must be in format 'YYYY-MM-DD', got: {date_str}"
         )
@@ -299,11 +299,8 @@ def download(self, path: str, **kwargs: Any) -> Any:
         try:
             return self.garth.download(path, **kwargs)
         except Exception as e:
-            logger.exception("Download error path=%s", path)
             status = getattr(getattr(e, "response", None), "status_code", None)
-            logger.error(
-                "Download failed for path '%s': %s (status=%s)", path, e, status
-            )
+            logger.exception("Download failed for path '%s' (status=%s)", path, status)
             if status == 401:
                 raise GarminConnectAuthenticationError(f"Download error: {e}") from e
             if status == 429:
@@ -622,8 +619,8 @@ def add_weigh_in(
         # Apply timezone offset to get UTC/GMT time
         dtGMT = dt.astimezone(timezone.utc)
         payload = {
-            "dateTimestamp": f"{_fmt_ts(dt)}.000",
-            "gmtTimestamp": f"{_fmt_ts(dtGMT)}.000",
+            "dateTimestamp": _fmt_ts(dt),
+            "gmtTimestamp": _fmt_ts(dtGMT),
             "unitKey": unitKey,
             "sourceType": "MANUAL",
             "value": weight,
@@ -657,8 +654,8 @@ def add_weigh_in_with_timestamps(
         weight = _validate_positive_number(weight, "weight")
         # Build the payload
         payload = {
-            "dateTimestamp": f"{_fmt_ts(dt)}.000",  # Local time
-            "gmtTimestamp": f"{_fmt_ts(dtGMT)}.000",  # GMT/UTC time
+            "dateTimestamp": _fmt_ts(dt),  # Local time (ms)
+            "gmtTimestamp": _fmt_ts(dtGMT),  # GMT/UTC time (ms)
             "unitKey": unitKey,
             "sourceType": "MANUAL",
             "value": weight,
@@ -777,8 +774,8 @@ def set_blood_pressure(
         # Apply timezone offset to get UTC/GMT time
         dtGMT = dt.astimezone(timezone.utc)
         payload = {
-            "measurementTimestampLocal": f"{_fmt_ts(dt)}.000",
-            "measurementTimestampGMT": f"{_fmt_ts(dtGMT)}.000",
+            "measurementTimestampLocal": _fmt_ts(dt),
+            "measurementTimestampGMT": _fmt_ts(dtGMT),
             "systolic": systolic,
             "diastolic": diastolic,
             "pulse": pulse,
@@ -1738,6 +1735,9 @@ def get_goals(
 
         goals = []
         url = self.garmin_connect_goals_url
+        valid_statuses = {"active", "future", "past"}
+        if status not in valid_statuses:
+            raise ValueError(f"status must be one of {valid_statuses}")
         start = _validate_positive_integer(start, "start")
         limit = _validate_positive_integer(limit, "limit")
         params = {
@@ -1924,7 +1924,7 @@ def get_activity_gear(self, activity_id: int | str) -> dict[str, Any]:
         return self.connectapi(url, params=params)
 
     def get_gear_activities(
-        self, gearUUID: str, limit: int = 9999
+        self, gearUUID: str, limit: int = 1000
     ) -> list[dict[str, Any]]:
         """Return activities where gear uuid was used.
         :param gearUUID: UUID of the gear to get activities for
@@ -1933,6 +1933,8 @@ def get_gear_activities(
         """
         gearUUID = str(gearUUID)
         limit = _validate_positive_integer(limit, "limit")
+        # Optional: enforce a reasonable ceiling to avoid heavy responses
+        limit = min(limit, MAX_ACTIVITY_LIMIT)
         url = f"{self.garmin_connect_activities_baseurl}{gearUUID}/gear?start=0&limit={limit}"
         logger.debug("Requesting activities for gearUUID %s", gearUUID)