Readmeai

🚀 Features

- Add CLI option to run *readme-ai* offline, generating the same README output excluding the LLM generated text.
- This option is useful for users who want to generate READMEs without an API key.
- The option can be used by passing the `-offline-mode` flag to the CLI.

🛠 Changes

- Refactor remaining dataclasses in [conf.py](https://github.com/eli64s/readme-ai/blob/main/readmeai/conf.py) to Pydantic models.

---

🚀 Features

- Deploy project on Streamlit Community Cloud to provide a web-based interface for generating READMEs.
- [🛸 Go to readme-ai on Streamlit!](https://readmeai.streamlit.app/)

🐛 Bug Fixes

- Update configuration [ignore_files.toml](https://github.com/eli64s/readme-ai/blob/main/readmeai/conf/ignore_files.toml) to stop ignoring the following file extensions:
- yaml, toml, txt, lock

🧹 Chore

- Regenerate all README files in the [examples](https://github.com/eli64s/readme-ai/tree/main/examples) directory to reflect the latest changes to the tool.

---

🧹 Chore

- Update README file to enhance project documentation.
- Add [Configuration](https://github.com/eli64s/readme-ai/blob/main/README.md#-configuration) section to provide context for customizing the tool.
- Simplify [Getting Started](https://github.com/eli64s/readme-ai/blob/main/README.md#-getting-started) section install and run instructions.
- Update [Roadmap](https://github.com/eli64s/readme-ai/blob/main/README.md#-roadmap) section with latest project goals.

---

🐛 Bug Fixes

- Update file parsing logic in [parse.py](https://github.com/eli64s/readme-ai/blob/main/readmeai/parse.py) and [preprocess.py](https://github.com/eli64s/readme-ai/blob/main/readmeai/preprocess.py) for codebases containing the following dependency files (issue [#37](https://github.com/eli64s/readme-ai/issues/37)).
- *CMakeLists.txt*
- *Makefile.am*
- *configure.ac*
- Credit to [mooujarrar](https://github.com/mooujarrar) for the help in solving this issue!
🔐 Security

- Bump [gitpython](https://github.com/gitpython-developers/GitPython) module to version *3.1.36* to address security vulnerability (Dependabot Alert [#5](https://github.com/eli64s/readme-ai/security/dependabot/5) and issue [#43](https://github.com/eli64s/readme-ai/issues/43)).

---

⚠️ Release v0.0.7 addresses a security vulnerability cloning git repositories via the *GitPython* package on Windows systems. This vulnerability could allow arbitrary command execution if code is run from a directory containing a malicious `git.exe` or `git` executable.

🔐 Security
*Arbitrary Command Execution Mitigation*

- Dependabot Alert [3](https://github.com/eli64s/readme-ai/security/dependabot/3): GitPython untrusted search path on Windows systems leading to arbitrary code execution.
- The previous git clone implementation sets the `env` argument to the path of the git executable in the current working directory. This poses a security risk as the code is susceptible to running arbitrary `git` commands from a malicious repository.
python
git.Repo.clone_from(repo_path, temp_dir, depth=1)

- Updated the `env` argument to explicitly set the absolute path of the git executable. This ensures that the git executable used to clone the repository is the one thats installed in the system path, and not the one located in the current working directory.
python
git.Repo.clone_from(repo_path, temp_dir, depth=1, env=git_exec_path)

🚀 Features and Enhancements

*Code Modularity*

- Introduced three methods to help isolate the Git executable discovery and validation logic.
- `find_git_executable()`: Determines the absolute path of the Git executable.
- `validate_git_executable()`: Validates the found Git executable path.
- `validate_file_permissions()`: Validates the file permissions of the cloned repository.

*File Permission Checks*

- For Unix systems, added checks to ensure the permissions of the cloned repository are set to `0o700`. This is a best practice for secure temporary directories and prevents unauthorized users from accessing the directory.

⚠️ These updates aim to mitigate the vulnerbility raised in Dependabot alert [3](https://github.com/eli64s/readme-ai/security/dependabot/3). Users are advised to update *readme-ai* to the latest version, i.e pip install --upgrade readmeai. Please be mindful of this vulnerability and use caution when cloning repositories from untrusted sources, especially for Windows users.

---

🐛 Bug Fixes

- Corrected PyPI issue where the *readmeai* package was not being installed correctly.
- The [conf](./readmeai/conf/) directory was not being included in the PyPI distribution as it was located in the project's root directory.
- The tool now uses the [pkg_resources](https://setuptools.pypa.io/en/latest/pkg_resources.html#) module to access the *conf* directory from the *readmeai* package.

---