Migrate from socket-sdk-python to socketdev>=3.0.0 and switch to uv

- Update pyproject.toml to use socketdev>=3.0.0,<4.0.0 instead of socket-sdk-python
- Replace pip-tools with uv for dependency management
- Update Makefile to use uv commands (uv pip compile, uv pip sync, etc.)
- Update Dockerfile to install socketdev instead of socket-sdk-python
- Update deployment scripts to reference socketdev
- Update README to reflect uv usage
- Regenerate all requirements files with uv
- Add requirements-test.txt file
- Update SOCKET_SDK_PATH references to point to ../socketdev
- Version bump to 2.2.3

Author: dacoburn

Dockerfile

@@ -18,5 +18,5 @@ RUN for i in $(seq 1 10); do \
         sleep 30; \
     done && \
     if [ ! -z "$SDK_VERSION" ]; then \
-        pip install --index-url ${PIP_INDEX_URL} --extra-index-url ${PIP_EXTRA_INDEX_URL} socket-sdk-python==${SDK_VERSION}; \
+        pip install --index-url ${PIP_INDEX_URL} --extra-index-url ${PIP_EXTRA_INDEX_URL} socketdev==${SDK_VERSION}; \
     fi

Makefile

@@ -1,7 +1,7 @@
 .PHONY: setup compile-deps sync-deps clean test lint init-tools local-dev first-time-setup update-deps dev-setup sync-all first-time-local-setup
 
 # Environment variable for local SDK path (optional)
-SOCKET_SDK_PATH ?= ../socket-sdk-python
+SOCKET_SDK_PATH ?= ../socketdev
 
 # Environment variable to control local development mode
 USE_LOCAL_SDK ?= false
@@ -27,33 +27,33 @@ sync-all: sync-deps
 
 # === Implementation targets ===
 
-# Creates virtual environment and installs pip-tools
+# Creates virtual environment and installs uv
 init-tools:
-	python -m venv .venv
-	. .venv/bin/activate && pip install pip-tools
+	python3 -m venv .venv
+	. .venv/bin/activate && pip install uv
 
 # Installs dependencies needed for local development
-# Currently: socket-sdk-python from test PyPI or local path
+# Currently: socketdev from test PyPI or local path
 local-dev: init-tools
 ifeq ($(USE_LOCAL_SDK),true)
-	. .venv/bin/activate && pip install -e $(SOCKET_SDK_PATH)
+	. .venv/bin/activate && uv pip install -e $(SOCKET_SDK_PATH)
 endif
 
 # Creates/updates requirements.txt files with locked versions based on pyproject.toml
 compile-deps: local-dev
-	. .venv/bin/activate && pip-compile --output-file=requirements.txt pyproject.toml
-	. .venv/bin/activate && pip-compile --extra=dev --output-file=requirements-dev.txt pyproject.toml
-	. .venv/bin/activate && pip-compile --extra=test --output-file=requirements-test.txt pyproject.toml
+	. .venv/bin/activate && uv pip compile --output-file=requirements.txt pyproject.toml
+	. .venv/bin/activate && uv pip compile --extra=dev --output-file=requirements-dev.txt pyproject.toml
+	. .venv/bin/activate && uv pip compile --extra=test --output-file=requirements-test.txt pyproject.toml
 
 # Creates virtual environment and installs dependencies from pyproject.toml
 setup: compile-deps
-	. .venv/bin/activate && pip install -e ".[dev,test]"
+	. .venv/bin/activate && uv pip install -e ".[dev,test]"
 
 # Installs exact versions from requirements.txt into your virtual environment
 sync-deps:
-	. .venv/bin/activate && pip-sync requirements.txt requirements-dev.txt requirements-test.txt
+	. .venv/bin/activate && uv pip sync requirements.txt requirements-dev.txt requirements-test.txt
 ifeq ($(USE_LOCAL_SDK),true)
-	. .venv/bin/activate && pip install -e $(SOCKET_SDK_PATH)
+	. .venv/bin/activate && uv pip install -e $(SOCKET_SDK_PATH)
 endif
 
 # Removes virtual environment and cache files

README.md

@@ -371,9 +371,9 @@ make first-time-setup
 2. Local Development Setup (for SDK development):
 ```bash
 pyenv local 3.11  # Ensure correct Python version
-SOCKET_SDK_PATH=~/path/to/socket-sdk-python make first-time-local-setup
+SOCKET_SDK_PATH=~/path/to/socketdev make first-time-local-setup
 ```
-The default SDK path is `../socket-sdk-python` if not specified.
+The default SDK path is `../socketdev` if not specified.
 
 #### Ongoing Development Tasks
 
@@ -397,7 +397,7 @@ High-level workflows:
 - `make dev-setup`: Setup for local development (included in first-time-local-setup)
 
 Implementation targets:
-- `make init-tools`: Creates virtual environment and installs pip-tools
+- `make init-tools`: Creates virtual environment and installs uv
 - `make local-dev`: Installs dependencies needed for local development
 - `make compile-deps`: Generates requirements.txt files with locked versions
 - `make setup`: Creates virtual environment and installs dependencies
@@ -410,7 +410,7 @@ Implementation targets:
 
 #### Core Configuration
 - `SOCKET_SECURITY_API_KEY`: Socket Security API token (alternative to --api-token parameter)
-- `SOCKET_SDK_PATH`: Path to local socket-sdk-python repository (default: ../socket-sdk-python)
+- `SOCKET_SDK_PATH`: Path to local socketdev repository (default: ../socketdev)
 
 #### GitLab Integration
 - `GITLAB_TOKEN`: GitLab API token for GitLab integration (supports both Bearer and PRIVATE-TOKEN authentication)

pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.2.2"
+version = "2.2.3"
 requires-python = ">= 3.10"
 license = {"file" = "LICENSE"}
 dependencies = [
@@ -16,7 +16,7 @@ dependencies = [
     'GitPython',
     'packaging',
     'python-dotenv',
-    'socket-sdk-python>=2.1.8,<3'
+    'socketdev>=3.0.0,<4.0.0'
 ]
 readme = "README.md"
 description = "Socket Security CLI for CI/CD"
@@ -45,7 +45,7 @@ test = [
 dev = [
     "ruff>=0.3.0",
     "twine", # for building
-    "pip-tools>=7.4.0",  # for pip-compile
+    "uv>=0.1.0",  # for dependency management
     "pre-commit",
     "hatch"
 ]

requirements-dev.txt

@@ -1,73 +1,158 @@
-# generated by rye
-# use `rye lock` or `rye sync` to update this lockfile
-#
-# last locked with the following flags:
-#   pre: false
-#   features: ["test"]
-#   all-features: false
-#   with-sources: false
-#   generate-hashes: false
-#   universal: false
-
-hatchling==1.27.0
-hatch==1.14.0
-argparse==1.4.0
-    # via socketsecurity
+# This file was autogenerated by uv via the following command:
+#    uv pip compile --extra=dev --output-file=requirements-dev.txt pyproject.toml
+anyio==4.10.0
+    # via httpx
 certifi==2024.12.14
-    # via requests
+    # via
+    #   httpcore
+    #   httpx
+    #   requests
+cfgv==3.4.0
+    # via pre-commit
 charset-normalizer==3.4.1
     # via requests
-colorama==0.4.6
-    # via pytest-watch
-coverage==7.6.10
-    # via pytest-cov
-docopt==0.6.2
-    # via pytest-watch
+click==8.2.1
+    # via
+    #   hatch
+    #   userpath
+distlib==0.4.0
+    # via virtualenv
+docutils==0.22
+    # via readme-renderer
+filelock==3.19.1
+    # via virtualenv
 gitdb==4.0.12
     # via gitpython
 gitpython==3.1.44
-    # via socketsecurity
+    # via socketsecurity (pyproject.toml)
+h11==0.16.0
+    # via httpcore
+hatch==1.14.0
+    # via socketsecurity (pyproject.toml)
+hatchling==1.27.0
+    # via hatch
+httpcore==1.0.9
+    # via httpx
+httpx==0.28.1
+    # via hatch
+hyperlink==21.0.0
+    # via hatch
+id==1.5.0
+    # via twine
+identify==2.6.13
+    # via pre-commit
 idna==3.10
-    # via requests
-iniconfig==2.0.0
-    # via pytest
+    # via
+    #   anyio
+    #   httpx
+    #   hyperlink
+    #   requests
+jaraco-classes==3.4.0
+    # via keyring
+jaraco-context==6.0.1
+    # via keyring
+jaraco-functools==4.3.0
+    # via keyring
+keyring==25.6.0
+    # via
+    #   hatch
+    #   twine
+markdown-it-py==4.0.0
+    # via rich
+mdurl==0.1.2
+    # via markdown-it-py
 mdutils==1.6.0
-    # via socketsecurity
+    # via socketsecurity (pyproject.toml)
+more-itertools==10.7.0
+    # via
+    #   jaraco-classes
+    #   jaraco-functools
+nh3==0.3.0
+    # via readme-renderer
+nodeenv==1.9.1
+    # via pre-commit
 packaging==24.2
-    # via pytest
-    # via socketsecurity
+    # via
+    #   socketsecurity (pyproject.toml)
+    #   hatch
+    #   hatchling
+    #   twine
+pathspec==0.12.1
+    # via hatchling
+pexpect==4.9.0
+    # via hatch
+platformdirs==4.3.8
+    # via
+    #   hatch
+    #   virtualenv
 pluggy==1.5.0
-    # via pytest
+    # via hatchling
+pre-commit==4.3.0
+    # via socketsecurity (pyproject.toml)
 prettytable==3.12.0
-    # via socketsecurity
-pytest==8.3.4
-    # via pytest-asyncio
-    # via pytest-cov
-    # via pytest-mock
-    # via pytest-watch
-    # via socketsecurity
-pytest-asyncio==0.25.1
-    # via socketsecurity
-pytest-cov==6.0.0
-    # via socketsecurity
-pytest-mock==3.14.0
-    # via socketsecurity
-pytest-watch==4.2.0
-    # via socketsecurity
+    # via socketsecurity (pyproject.toml)
+ptyprocess==0.7.0
+    # via pexpect
+pygments==2.19.2
+    # via
+    #   readme-renderer
+    #   rich
 python-dotenv==1.0.1
-    # via socketsecurity
+    # via socketsecurity (pyproject.toml)
+pyyaml==6.0.2
+    # via pre-commit
+readme-renderer==44.0
+    # via twine
 requests==2.32.4
-    # via socket-sdk-python
-    # via socketsecurity
+    # via
+    #   socketsecurity (pyproject.toml)
+    #   id
+    #   requests-toolbelt
+    #   socketdev
+    #   twine
+requests-toolbelt==1.0.0
+    # via twine
+rfc3986==2.0.0
+    # via twine
+rich==14.1.0
+    # via
+    #   hatch
+    #   twine
+ruff==0.12.10
+    # via socketsecurity (pyproject.toml)
+shellingham==1.5.4
+    # via hatch
 smmap==5.0.2
     # via gitdb
-socket-sdk-python==2.0.15
-    # via socketsecurity
+sniffio==1.3.1
+    # via anyio
+socketdev==3.0.0
+    # via socketsecurity (pyproject.toml)
+tomli-w==1.2.0
+    # via hatch
+tomlkit==0.13.3
+    # via hatch
+trove-classifiers==2025.8.6.13
+    # via hatchling
+twine==6.1.0
+    # via socketsecurity (pyproject.toml)
 typing-extensions==4.12.2
-    # via socket-sdk-python
+    # via socketdev
 urllib3==2.5.0
-    # via requests
-watchdog==6.0.0
-    # via pytest-watch
+    # via
+    #   requests
+    #   twine
+userpath==1.9.2
+    # via hatch
+uv==0.8.13
+    # via
+    #   socketsecurity (pyproject.toml)
+    #   hatch
+virtualenv==20.34.0
+    # via
+    #   hatch
+    #   pre-commit
 wcwidth==0.2.13
     # via prettytable
+zstandard==0.24.0
+    # via hatch

requirements-test.txt

@@ -0,0 +1,67 @@
+# This file was autogenerated by uv via the following command:
+#    uv pip compile --extra=test --output-file=requirements-test.txt pyproject.toml
+certifi==2025.8.3
+    # via requests
+charset-normalizer==3.4.3
+    # via requests
+colorama==0.4.6
+    # via pytest-watch
+coverage==7.10.5
+    # via pytest-cov
+docopt==0.6.2
+    # via pytest-watch
+gitdb==4.0.12
+    # via gitpython
+gitpython==3.1.45
+    # via socketsecurity (pyproject.toml)
+idna==3.10
+    # via requests
+iniconfig==2.1.0
+    # via pytest
+mdutils==1.8.0
+    # via socketsecurity (pyproject.toml)
+packaging==25.0
+    # via
+    #   socketsecurity (pyproject.toml)
+    #   pytest
+pluggy==1.6.0
+    # via
+    #   pytest
+    #   pytest-cov
+prettytable==3.16.0
+    # via socketsecurity (pyproject.toml)
+pygments==2.19.2
+    # via pytest
+pytest==8.4.1
+    # via
+    #   socketsecurity (pyproject.toml)
+    #   pytest-asyncio
+    #   pytest-cov
+    #   pytest-mock
+    #   pytest-watch
+pytest-asyncio==1.1.0
+    # via socketsecurity (pyproject.toml)
+pytest-cov==6.2.1
+    # via socketsecurity (pyproject.toml)
+pytest-mock==3.14.1
+    # via socketsecurity (pyproject.toml)
+pytest-watch==4.2.0
+    # via socketsecurity (pyproject.toml)
+python-dotenv==1.1.1
+    # via socketsecurity (pyproject.toml)
+requests==2.32.5
+    # via
+    #   socketsecurity (pyproject.toml)
+    #   socketdev
+smmap==5.0.2
+    # via gitdb
+socketdev==3.0.0
+    # via socketsecurity (pyproject.toml)
+typing-extensions==4.14.1
+    # via socketdev
+urllib3==2.5.0
+    # via requests
+watchdog==6.0.0
+    # via pytest-watch
+wcwidth==0.2.13
+    # via prettytable