simon-lund
diff --git a/‎.editorconfig‎
Lines changed: 23 additions & 0 deletions b/‎.editorconfig‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎.github/workflows/publish.yml‎
Lines changed: 35 additions & 0 deletions b/‎.github/workflows/publish.yml‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 35 additions & 0 deletions b/‎.pre-commit-config.yaml‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 22 additions & 0 deletions b/‎Makefile‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 151 additions & 0 deletions b/‎README.md‎
Lines changed: 151 additions & 0 deletions
diff --git a/‎docs/01-introduction.md‎
Lines changed: 78 additions & 0 deletions b/‎docs/01-introduction.md‎
Lines changed: 78 additions & 0 deletions
@@ -0,0 +1,23 @@
+# EditorConfig - https://editorconfig.org
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.py]
+indent_style = space
+indent_size = 4
+max_line_length = 88
+
+[*.{json,yaml,yml,toml}]
+indent_style = space
+indent_size = 2
+
+[*.md]
+trim_trailing_whitespace = false
+
+[Makefile]
+indent_style = tab
@@ -0,0 +1,35 @@
+name: Publish to PyPI
+
+on:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  build-and-publish:
+    name: Build and publish
+    runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
+      contents: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Necessary for hatch-vcs to read tags
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version-file: ".python-version"
+
+      - name: Build package
+        run: uv build
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
@@ -0,0 +1,35 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-yaml
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: check-added-large-files
+      - id: check-toml
+      - id: check-merge-conflict
+      - id: debug-statements
+
+  - repo: local
+    hooks:
+      - id: ruff
+        name: ruff
+        entry: uv run ruff check --fix
+        language: system
+        types: [python]
+        require_serial: true
+      - id: ruff-format
+        name: ruff-format
+        entry: uv run ruff format
+        language: system
+        types: [python]
+        require_serial: true
+
+  - repo: local
+    hooks:
+      - id: mypy
+        name: mypy
+        entry: uv run mypy
+        language: system
+        types: [python]
+        require_serial: true
@@ -0,0 +1,22 @@
+.PHONY: install format lint test check clean
+
+install:
+	uv sync --extra preview --group dev --group test
+	uv run pre-commit install
+
+format:
+	uv run ruff format openapi_burrito tests
+
+lint:
+	uv run ruff check --fix openapi_burrito tests
+	uv run mypy openapi_burrito tests
+
+test:
+	uv run pytest --cov=openapi_burrito
+
+# Run all checks (lint, typecheck, test)
+check: format lint test
+
+clean:
+	rm -rf .ruff_cache .pytest_cache .mypy_cache coverage.xml .coverage
+	find . -type d -name "__pycache__" -exec rm -rf {} +
@@ -0,0 +1,151 @@
+> [!WARNING]
+> **Early Development**: This project is under active development. APIs may
+> change.
+
+---
+
+<div align="center">
+
+<img src="docs/static/logo.png" alt="openapi-burrito logo" width="128" />
+
+# openapi-burrito
+
+**Wrap your OpenAPI specs in type-safe Python clients**
+
+[![PyPI version](https://img.shields.io/pypi/v/openapi-burrito?style=flat&logo=pypi&logoColor=white&color=3775A9)](https://pypi.org/project/openapi-burrito/)
+[![Python](https://img.shields.io/pypi/pyversions/openapi-burrito?style=flat&logo=python&logoColor=white)](https://pypi.org/project/openapi-burrito/)
+[![License](https://img.shields.io/github/license/simon-lund/openapi-burrito?style=flat&color=green)](LICENSE)
+[![OpenAPI](https://img.shields.io/badge/OpenAPI-3.0+-6BA539?style=flat&logo=openapiinitiative&logoColor=white)](https://www.openapis.org/)
+
+</div>
+
+## Table of Contents
+
+- [Quick Start](#quick-start)
+- [Features](#features)
+- [Installation](#installation)
+- [Documentation](#documentation)
+- [Examples](#examples)
+- [Star History](#star-history)
+
+## Quick Start
+
+```bash
+# Install
+uv tool install openapi-burrito
+
+# Generate
+openapi-burrito generate openapi.json -o ./my_client
+```
+
+```python
+from my_client import Client
+
+api = Client(base_url="https://api.example.com")
+
+# Path-first API: type-checked paths and snake_case parameters
+res = api.GET("/users/{user_id}", user_id=123)
+
+if res.is_success:
+    print(res.data)
+else:
+    print(f"Error {res.status_code}: {res.error}")
+```
+
+## Features
+
+- **Path-First API** - Call endpoints by path literal
+  (`api.GET("/users/{user_id}")`), with full IDE autocomplete for paths and
+  parameters
+- **Type-Safe** - `TypedDict` models and `@overload` signatures
+- **Zero Runtime** - Generated code is yours, no runtime dependency on this tool
+- **httpx-Based** - Async support, connection pooling, all httpx features
+- **Middleware System** - Logging, retry, auth via composable middleware
+- **Snake Case Params** - Path parameters auto-converted to Python style
+  (`{userId}` → `{user_id}`)
+
+## Installation
+
+### For Users
+
+```bash
+# As a CLI tool (recommended)
+uv tool install openapi-burrito
+
+# With preview server support (Swagger UI, Redoc)
+uv tool install openapi-burrito[preview]
+```
+
+### For Developers
+
+```bash
+# Clone and install all dev dependencies
+git clone https://github.com/simon-lund/openapi-burrito.git
+cd openapi-burrito
+make install
+
+# Run linting and type checks
+make lint
+
+# Run tests
+make test
+```
+
+## Security
+
+This generator sanitizes identifiers and string literals to prevent code
+injection from malformed OpenAPI specs. However, **always review untrusted specs
+before generating**.
+
+### Parser Safety Audit
+
+All fields output by the parser are validated/sanitized:
+
+| Field                                 | Validation             | Notes                                 |
+| ------------------------------------- | ---------------------- | ------------------------------------- |
+| Model/param names                     | `sanitize(mode="id")`  | Converted to valid Python identifiers |
+| Paths                                 | `sanitize(mode="str")` | String-escaped for literals           |
+| Descriptions/docs                     | `sanitize(mode="doc")` | Docstring-escaped                     |
+| `type` strings                        | Type translator        | Built from validated schema types     |
+| `method`                              | `HTTPMethod` enum      | Only known HTTP methods allowed       |
+| `in` (param location)                 | Enum check             | Only `path\|query\|header\|cookie`    |
+| `required`, `read_only`, `write_only` | `bool()` cast          | Forced to boolean                     |
+| `default`                             | `repr()`               | Python string representation          |
+
+A malicious spec could attempt injection like:
+
+```yaml
+components:
+  schemas:
+    "User:\n    pass\nimport os; os.system('rm -rf /')  # ":
+      type: object
+```
+
+While this generator escapes such payloads, the safest approach is to only
+generate clients from trusted sources.
+
+See
+[CVE-2020-15142](https://github.com/openapi-generators/openapi-python-client/security/advisories/GHSA-9x4c-63pf-525f)
+for an example of this vulnerability class in other generators.
+
+## Documentation
+
+| Guide                                       | Description                                    |
+| ------------------------------------------- | ---------------------------------------------- |
+| [Introduction](docs/01-introduction.md)     | Installation and basic usage                   |
+| [Authentication](docs/02-authentication.md) | API keys, tokens, OAuth patterns               |
+| [Middleware](docs/03-middleware.md)         | Logging, retry, custom handling                |
+| [Type System](docs/04-type-system.md)       | `UNSET`, `Unknown`, `NotRequired`, limitations |
+| [CLI Reference](docs/05-cli-reference.md)   | `generate` and `preview` commands              |
+| [Contributing](docs/06-contributing.md)     | Development setup and guidelines               |
+
+## Examples
+
+See the [`examples/`](examples/) directory:
+
+- **[Petstore](examples/petstore/)** - Classic Swagger Petstore API
+- **[Artifacts MMO](examples/artifactsmmo/)** - Game API with complex schemas
+
+## Star History
+
+[![Star History Chart](https://api.star-history.com/svg?repos=klementine/openapi-burrito&type=date&legend=top-left)](https://www.star-history.com/#klementine/openapi-burrito&type=date&legend=top-left)
@@ -0,0 +1,78 @@
+# Introduction
+
+This guide covers installation and basic usage of `openapi-burrito`.
+
+## Installation
+
+We recommend using [uv](https://docs.astral.sh/uv/) for fast, isolated
+installation:
+
+```bash
+uv tool install openapi-burrito
+```
+
+## Generate a Client
+
+Point the CLI to your OpenAPI spec (local file or URL) and specify an output
+directory:
+
+```bash
+openapi-burrito generate openapi.json -o ./my_client
+```
+
+This creates a self-contained Python package with:
+
+| File             | Description                                                     |
+| ---------------- | --------------------------------------------------------------- |
+| `client.py`      | Main client with typed `@overload` signatures for each endpoint |
+| `models.py`      | All API schemas as `TypedDict` definitions                      |
+| `pyproject.toml` | Dependencies (`httpx`)                                          |
+| `__init__.py`    | Package exports                                                 |
+
+## Basic Usage
+
+```python
+from my_client import Client
+
+# Initialize with base URL
+api = Client(base_url="https://api.example.com")
+
+# GET request with path parameter (note: snake_case)
+res = api.GET("/users/{user_id}", user_id=123)
+
+if res.is_success:
+    print(res.data)
+else:
+    print(f"Error: {res.error}")
+
+# POST request with JSON body
+res = api.POST("/users", json={"name": "Alice", "email": "alice@example.com"})
+```
+
+> **Note**: Path parameters are automatically converted to snake_case. OpenAPI's
+> `{userId}` becomes `{user_id}` in the generated client.
+
+## httpx Configuration
+
+The generated client wraps [httpx](https://www.python-httpx.org/), so all
+`httpx.Client` constructor arguments are supported:
+
+```python
+client = Client(
+    base_url="https://api.example.com",
+    timeout=30.0,
+    headers={"User-Agent": "MyApp/1.0"},
+    proxies={"https://": "http://localhost:8080"},
+    verify=False,  # Disable SSL verification (dev only)
+)
+```
+
+See [httpx documentation](https://www.python-httpx.org/) for all available
+options.
+
+## Next Steps
+
+- [CLI Reference](cli-reference.md) - All commands and options
+- [Authentication](authentication.md) - API keys, tokens, OAuth
+- [Middleware](middleware.md) - Logging, retry, custom handling
+- [Type System](type-system.md) - Understanding generated types