Merge branch 'main' of https://github.com/hed-standard/hed-python into fix_extras

Author: VisLab

.context/ideas.md

@@ -0,0 +1,23 @@
+# HED Python Design Ideas
+
+## Purpose
+
+Capture design decisions, architectural ideas, and feature concepts before implementation.
+
+## Architecture Decisions
+
+<!-- Document key decisions with rationale. Example:
+### Decision: Unified CLI (hedpy)
+- Replaced 8 separate script entry points with single Click-based CLI
+- Subcommand groups: validate, schema, extract
+- Legacy commands kept as deprecated aliases in pyproject.toml
+-->
+
+## Feature Ideas
+
+<!-- Describe proposed features with user value and complexity. Example:
+### Feature: Batch validation mode
+**User Value:** Process many files without repeated schema loading
+**Complexity:** Medium
+**Priority:** Nice-to-have
+-->

.context/plan.md

@@ -0,0 +1,21 @@
+# HED Python Development Plan
+
+<!-- PLAN ROTATION POLICY:
+  - Only active/in-progress plans belong in "Active Tasks" below.
+  - When a plan is fully executed, collapse it to 1-2 summary lines
+    under "Completed" (include date and PR/issue number if applicable).
+  - Delete detailed steps of completed plans; do not let this file grow
+    into an archive. If historical detail is needed, link to the PR or
+    issue instead.
+  - Review this file at the start of each session; prune anything stale.
+-->
+
+## Active Tasks
+
+<!-- Add current tasks and phases here -->
+
+## Completed
+
+<!-- One-line summaries of finished plans, newest first -->
+
+<!-- Example: 2026-02-20 - Added CLI unified entry point (hedpy) - PR #1200 -->

.context/research.md

@@ -0,0 +1,21 @@
+# HED Python Research Notes
+
+## Purpose
+
+Track technical solutions, explored approaches, and references during development.
+
+## Research Log
+
+<!-- Document problems explored, solutions considered, and decisions made. Example:
+### Problem: Schema cache corruption on concurrent access
+**Date:** 2026-01-15
+**Solution:** portalocker for file locking
+**Reference:** https://github.com/WoLpH/portalocker
+-->
+
+## References
+
+- [HED Specification](https://hed-specification.readthedocs.io)
+- [HED Python API Docs](https://www.hedtags.org/hed-python/)
+- [HED Resources](https://www.hed-resources.org)
+- [BIDS Specification](https://bids-specification.readthedocs.io)

.context/scratch_history.md

@@ -0,0 +1,22 @@
+# HED Python Scratch History
+
+## Purpose
+
+Document failed attempts, dead ends, and lessons learned to prevent repeating mistakes.
+
+## Failed Attempts Log
+
+<!-- Record what was tried, why it failed, and what worked instead. Example:
+### Attempt: Using stdlib xml.etree for schema parsing
+**Date:** 2025-xx-xx
+**Issue:** XML bomb vulnerability (billion laughs attack)
+**Solution:** Switched to defusedxml
+-->
+
+## Common Pitfalls
+
+<!-- Document recurring issues and how to avoid them. Example:
+### Pitfall: Tests failing without submodule init
+**Symptoms:** FileNotFoundError in spec_tests
+**Fix:** Run `git submodule update --init --recursive`
+-->

.github/workflows/claude-code-review.yml

@@ -0,0 +1,44 @@
+name: Claude Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, ready_for_review, reopened]
+    # Optional: Only run on specific file changes
+    # paths:
+    #   - "src/**/*.ts"
+    #   - "src/**/*.tsx"
+    #   - "src/**/*.js"
+    #   - "src/**/*.jsx"
+
+jobs:
+  claude-review:
+    # Optional: Filter by PR author
+    # if: |
+    #   github.event.pull_request.user.login == 'external-contributor' ||
+    #   github.event.pull_request.user.login == 'new-developer' ||
+    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code Review
+        id: claude-review
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
+          plugins: 'code-review@claude-code-plugins'
+          prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://code.claude.com/docs/en/cli-reference for available options
+

.github/workflows/claude.yml

@@ -0,0 +1,50 @@
+name: Claude Code
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for Claude to read CI results on PRs
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+
+          # This is an optional setting that allows Claude to read CI results on PRs
+          additional_permissions: |
+            actions: read
+
+          # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
+          # prompt: 'Update the pull request description to include a summary of changes.'
+
+          # Optional: Add claude_args to customize behavior and configuration
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://code.claude.com/docs/en/cli-reference for available options
+          # claude_args: '--allowed-tools Bash(gh pr:*)'
+

.rules/ci_cd.md

@@ -0,0 +1,41 @@
+# CI/CD Configuration
+
+## GitHub Actions Workflows (.github/workflows/)
+
+### Core Testing
+
+| Workflow              | Triggers                 | Python                                           | Description                                                                   |
+| --------------------- | ------------------------ | ------------------------------------------------ | ----------------------------------------------------------------------------- |
+| `ci.yaml`             | Push + PR (all branches) | 3.10-3.14 (main/PR to main); 3.10, 3.13 (others) | Matrix-based unit + spec tests; continue-on-error for spec_tests              |
+| `ci_cov.yaml`         | Push to main             | 3.10                                             | Coverage reporting; uploads to Qlty                                           |
+| `ci_windows.yaml`     | Push + PR to main        | 3.10-3.12                                        | Windows-specific tests; skips submodules                                      |
+| `spec_tests.yaml`     | Push + PR (all branches) | 3.10                                             | test_errors, test_bids_datasets, test_hed_cache; fails if any spec test fails |
+| `test_installer.yaml` | Push + PR to main        | 3.10, 3.13                                       | Fresh venv pip install; imports HedString to verify                           |
+
+### Code Quality
+
+| Workflow         | Triggers                 | Python | Description                                  |
+| ---------------- | ------------------------ | ------ | -------------------------------------------- |
+| `ruff.yaml`      | Push + PR to main        | 3.12   | Ruff linter (>=0.8.0)                        |
+| `black.yaml`     | Push + PR (all branches) | 3.12   | Black formatter check (>=24.0.0)             |
+| `codespell.yaml` | Push + PR to main        | 3.10   | Spelling check                               |
+| `mdformat.yaml`  | Push + PR to main        | 3.12   | Markdown format check (docs/ and root \*.md) |
+
+### Documentation
+
+| Workflow              | Triggers                                                                  | Python     | Description                                       |
+| --------------------- | ------------------------------------------------------------------------- | ---------- | ------------------------------------------------- |
+| `docs.yaml`           | Push + PR to main                                                         | 3.10       | Sphinx build; GitHub Pages deploy on push to main |
+| `links.yaml`          | Weekly (Sun 3am UTC) + manual                                             | 3.12       | Sphinx build + Lychee link checker on HTML output |
+| `notebook_tests.yaml` | Push + PR to main (path-filtered: examples/\*\*, tests/test_notebooks.py) | 3.10, 3.13 | Notebook structure and import tests               |
+
+## Dependabot
+
+- Monitors GitHub Actions versions and git submodules for updates
+
+## All CI Must Pass Before Merge
+
+- Tests across Python 3.10-3.14
+- Linting (ruff), formatting (black), spelling (codespell), markdown (mdformat)
+- Documentation builds successfully
+- Package installs correctly in fresh environment

.rules/code_review.md

@@ -0,0 +1,27 @@
+# Code Review Process
+
+## Before Creating a PR
+
+1. All tests pass: `pytest tests/ --cov` and `pytest spec_tests/`
+2. Linting clean: `ruff check hed/ tests/`
+3. Formatting clean: `black --check hed/ tests/`
+4. Spelling clean: `codespell`
+5. New functionality has tests (real data, no mocks)
+
+## PR Review with pr-review-toolkit
+
+Run `/review-pr` with all subagents in parallel:
+
+- **Code reviewer:** bugs, logic errors, security vulnerabilities, code quality, project conventions
+- **Silent failure hunter:** error handling, catch blocks, fallback behavior
+- **Code simplifier:** unnecessary complexity
+- **Comment analyzer:** comment accuracy and maintainability
+- **Test analyzer:** test coverage quality and completeness
+- **Type design analyzer:** type design quality (encapsulation, invariants)
+
+## Review Standards
+
+- Address all critical and important findings (fix or explain why skipped)
+- Consider nice-to-haves if they improve quality without major effort
+- Document unaddressed items in PR comments
+- All 12 CI workflows must be green before merge

.rules/git.md

@@ -0,0 +1,49 @@
+# Git Workflow
+
+## Branch Strategy
+
+- `stable`: Released versions on PyPI
+- `main`/`master`: Most recent usable version
+- `develop`: Experimental, evolving features
+- Feature branches: `feature/<issue-number>-short-description`
+- PRs target `develop` branch
+
+## Commits
+
+- Atomic, focused changes
+- Messages \<50 chars, no emojis
+- No AI attribution in commits or PRs
+- Pre-commit hook runs ruff check + format on staged .py files
+
+## Submodules
+
+Three submodules under `spec_tests/`, all tracking `main`:
+
+- `hed-tests` - Official HED specification tests
+- `hed-examples` - Example BIDS datasets
+- `hed-schemas` - Official HED schema repository
+- Initialize: `git submodule update --init --recursive`
+
+## PR Process
+
+1. Create issue (except for minor fixes)
+2. Use `gh issue develop` to create branch from `develop`
+3. Implement with atomic commits
+4. Run tests: `pytest tests/ --cov` and `pytest spec_tests/`
+5. Run linting: `ruff check hed/ tests/` and `black --check hed/ tests/`
+6. Create PR targeting `develop`
+7. Run `/review-pr` for code review
+8. Address all critical/important findings
+9. Merge when all CI (12 workflows) is green
+
+## Release Process (see RELEASE_GUIDE.md)
+
+1. Update CHANGELOG.md
+2. Run code quality checks (black, ruff, codespell)
+3. Run all tests (unit + spec)
+4. Push CHANGELOG PR, merge to main
+5. Create git tag (semantic versioning: MAJOR.MINOR.PATCH)
+6. Build: `python -m build`; check: `twine check dist/*`
+7. Upload to PyPI: `twine upload dist/*`
+8. Verify Zenodo DOI generation
+9. setuptools-scm derives version from git tags automatically

.rules/python.md

@@ -0,0 +1,59 @@
+# Python Code Standards
+
+## Style
+
+- PEP 8 compliant with 127-char line length (configured in pyproject.toml)
+- Google-style docstrings for all public classes and functions
+- Type hints where appropriate
+
+## Formatting and Linting
+
+- **ruff:** Lint (`ruff check --fix --unsafe-fixes hed/ tests/`)
+  - Rules enabled: E (pycodestyle errors), W (warnings), F (pyflakes), N (pep8-naming), B (bugbear), C4 (comprehensions)
+  - Max McCabe complexity: 10
+  - Excludes: .git, .venv, __pycache__, build, dist, hed/\_version.py, spec_tests submodules
+  - Per-file: F401 ignored in `__init__.py` (unused imports are re-exports)
+- **black:** Format (`black hed/ tests/`); 127-char line, targets py310-py314
+- **codespell:** Spell checking; skips binary/data files, ignores domain-specific words (hed, parms, etc.)
+
+## Naming Conventions
+
+- Classes: PascalCase (e.g., `HedString`, `HedSchema`, `TabularInput`)
+- Functions/methods: snake_case
+- Constants: UPPER_SNAKE_CASE
+- Private members: leading underscore
+- Test methods: may use camelCase (legacy convention; N802 ignored by ruff)
+
+## Import Order (ruff isort)
+
+1. Standard library
+2. Third-party packages
+3. Local `hed` package (`known-first-party = ["hed"]`)
+
+## Dependencies
+
+- **Core:** click, click-option-group, pandas (\<3.0), numpy (>=2.0.2), openpyxl, defusedxml, inflect, semantic-version, portalocker
+- **Dev:** ruff (>=0.8.0), codespell, black[jupyter], mdformat, mdformat-myst
+- **Docs:** sphinx (\<10), furo, sphinx-copybutton, myst-parser, sphinx-autodoc-typehints, linkify-it-py
+- **Test:** coverage
+- **Examples:** jupyter, notebook, nbformat, nbconvert, ipykernel
+- **Target:** Python 3.10+
+
+## Common Patterns
+
+- `defusedxml` for XML parsing (security; never use stdlib xml directly)
+- DataFrames for tabular data (pandas)
+- `portalocker` for file locking (schema cache at `~/.hedtools/`)
+- `semantic-version` for schema version comparison
+- `click` + `click-option-group` for CLI with grouped options
+
+## Quality Metrics (qlty.toml)
+
+- Max argument count: 4
+- Max method complexity: 5
+- Max method lines: 50
+- Max file lines: 300
+- Max method count per class: 20
+- Max nested control flow: 4
+- Max return statements: 4
+- Similar/identical code detection enabled