Metadata-Version: 2.1
Name: publication
Version: 0.0.3
Summary: Publication helps you maintain public-api-friendly modules by preventing unintentional access to private implementation details via introspection.
Home-page: https://github.com/glyph/publication
License: UNKNOWN
Author: Glyph
Author-email: glyph@twistedmatrix.com
Description-Content-Type: text/x-rst
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 2

What is this?
=============

Setting expectations around what APIs you can rely on in a Python
library is very difficult.

Publication makes it easy.

The Problem
-----------

As `Hyrum's Law <http://www.hyrumslaw.com>`_ somewhat grimly states,

    | With a sufficient number of users of an API,
    | it does not matter what you promise in the contract:
    | all observable behaviors of your system
    | will be depended on by somebody.

In general, Python famously has a somewhat different philosophical view of this
reality.  We assume each other to be `responsible users
<https://github.com/realpython/python-guide/pull/524/files>`_ of the libraries
we consume.  Mucking with implementation details might break every time you
upgrade, but it's sufficiently useful for testing, debugging, and
experimentation that retaining that ability is worth paying the cost.

But, critical to this assumption is that everybody *knows* when they're
breaking into the "private" area of the library's interface.  Here, there's a
mismatch of expectations:

- *library authors* write documentation, and then think that users sit down and
  read the documentation, front to back, and learn about what the "public"
  interface is by doing so.  they then assume that users will know that they've
  used private implementation details if they ever deviate from these
  documented features.
- *library users* ``pip install`` a thing, open up a REPL, import the module,
  and discover the library by doing ``dir()`` on the module and its contents,
  assuming that their program is not using any private implementation details
  as long as they never had to type ``library._something_private()`` while
  doing so.  If they ever encounter a traceback they may consult the
  documentation, briefly, until it is resolved.

Publication makes it possible to align the wildly divergent expectations of
these groups, so that users can still get the benefits of being able to use
internal details if they want, but they'll know that they're doing so.  It
makes the runtime namespace of your module look like the public documentation
of your library.

How does this look in practice?
-------------------------------

You, a prospective library author, want to write a library that makes it easy to zorf a sprocket.
Great! You do, and it looks like this:

.. code:: python

   # sprocket_zorfer.py
   from sprocket import sprocket_with_name
   from zorf import zorfable_thing

   def zorf_sprocket_internal(sprocket, zorfulations):
       ...
   def compute_zorfulations():
       ...

   def zorf_sprocket_named(sprocket_name, how_much):
       sprocket = sprocket_with_name(sprocket_name)
       zorfulations = compute_zorfulations(how_much)
       return zorf_sprocket_internal(sprocket, zorfulations)


   __all__ = [
       'zorf_sprocket_named'
   ]

Your intent here, of course, is that you have exposed a module with a
single function: ``zorf_sprocket_named``, and everything else is an
implementation detail. You even said so, explicitly, with ``__all__``.
Your API documentation says the same.

However, reading reference documentation and cleanly respecting
conventions is not how working programmers really figure out how to use
stuff. Your users all do stuff like:

-  Load up an interactive ``python`` interpreter and call ``dir()`` on
   your module
-  Install Jupyter and tab-complete their way around your module to find
   what they want
-  use the auto-import function in PyCharm to grab some private
   implementation detail

and, before you know it, you have thousands of users of your library
with code like

.. code:: python

   from sprocket_zorfer import compute_zorfulations, zorf_sprocket_internal, sprocket_with_name

   sprocket = sprocket_with_name(name)
   zorf_sprocket_internal(sprocket, compute_zorfulations(7) * 2)

Now you can never change *any* of your implementation details! Worse
yet, ``sprocket_with_name`` isn’t even your own code; that’s something
you got from a library! But when someone does
``import sprocket_zorfer; sprocket_zorfer.<tab>`` in an interactive
shell, none of that information comes through.

Underscore Paranoia
-------------------

The convention in Python is that we use ``_`` to indicate private names.
So when we library authors notice this problem starting to happen, a
common reaction is to start putting ``_`` in front of *everything* –
class names, function names, module names – and only explicitly export
those things that should be public by “moving” them via an import and an
entry in a public module’s ``__all__``.

However, this has a bunch of disadvantages:

-  Most code inspection tooling and IDEs won’t see that the public name
   is “moved”, so code exploration just makes it seem like *everything*
   is an implementation detail now, rather than making it seem like
   nothing is.

-  All your ``__repr__``\ s now have ugly and inaccurate function and
   class names in them, at least from the perspective of your users; how
   are they supposed to know ``zorf_sprocket_named`` is actually defined
   in ``zorf_sprocket._impl_details.funcs._zorf_sprocket_public`` now?
   How are they supposed to find the good, public name once they’re
   looking at the goofy internal one?

-  You constantly need to remember to put *all* of your code in these
   ugly ``_``-prefixed modules, and educate new contributors as to the
   risks of creating new modules in your package that are not carefully
   hidden away from public users.

A Better World
--------------

What if you could write all your code *as if* it were just regular
public code, and have all your implementation details and imports
automatically squirreled away in an underscore namespace so that curious
coders won’t accidentally find every module you ever imported and every
temporary helper function you ever defined and think they’re part of the
permanent public face of your library?

Enter ``publication``.

``publication`` uses the existing convention of ``__all__`` and a little
runtime hackery to hide everything that you have not marked as
explicitly public, like so:

.. code:: python

   # sprocket_zorfer.py

   from publication import publish

   from sprocket import sprocket_with_name
   from zorf import zorfable_thing

   def zorf_sprocket_internal(sprocket, zorfulations):
       ...
   def compute_zorfulations():
       ...

   def zorf_sprocket_named(sprocket_name, how_much):
       sprocket = sprocket_with_name(sprocket_name)
       zorfulations = compute_zorfulations(how_much)
       return zorf_sprocket_internal(sprocket, zorfulations)


   __all__ = [
       'zorf_sprocket_named'
   ]

   publish()

That’s it! Now, ``from sprocket_zorfer import zorf_sprocket_named``
works as intended, but
``from sprocket_zorfer import compute_zorfulations`` is an
``ImportError``.

But what about…
---------------

Other modules in my package, like tests, that need to peek at implementation details?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Don’t worry, your code didn’t go anywhere. The original module is still
available as a special pseudo-module called ``<your_module>._private``.
In the example above, ``sprocket_zorfer.py``\ ’s tests can still do:

.. code:: python

   from sprocket_zorfer._private import compute_zorfulations

   def test_compute_zorfulations():
       assert compute_zorfulations(0) > 7

Mypy?
~~~~~

Your types should *probably* just be part of your published API, if
you’re expecting that users will need to know about them. But, if there
are cases which need to be type-checked internally in your library, as
far as Mypy is concerned, all your private classes are still there. So,
in the simple case you can just do this:

.. code:: python

   from typing import TYPE_CHECKING
   if TYPE_CHECKING:
       from something import T

   def returns_a() -> "T":
       ...

and in the hopefully very unusual case you need to mix runtime and
type-checking access to a different module’s private details,

.. code:: python

   from typing import TYPE_CHECKING
   if TYPE_CHECKING:
       from something import T
   else:
       from something._private import T

   def returns_a() -> A:
       ...

