auditable uv cooldown exceptions for emergency dependency upgrades
Project description
cooldown-guard
cooldown-guard makes uv cooldown exceptions auditable, narrow, and easy to clean up.
it is built around four ideas:
- keep global
exclude-neweron - allow temporary package-specific exceptions for emergency fixes
- pin the exception with
constraint-dependencies - automatically relax the exception once the normal cooldown window catches up
what it writes
given a project like:
[tool.uv]
exclude-newer = "7 days"
an approval like:
cooldown-guard approve urllib3==2.7.0 \
--project /path/to/repo \
--approved-by alice \
--reason "security fix" \
--advisory CVE-2026-12345 \
--introduced-via requests \
--introduced-via types-tqdm
will update the target pyproject.toml to look like:
[tool.uv]
exclude-newer = "7 days"
exclude-newer-package = { urllib3 = "2026-05-07T16:13:18Z" }
constraint-dependencies = ["urllib3==2.7.0"]
and create a .cooldown-guard.toml ledger beside it.
commands
cooldown-guard approve <package>==<version>: add a narrow exception and runuv lockcooldown-guard validate: verify that the ledger andpyproject.tomlagreecooldown-guard status: show active and cleaned exceptionscooldown-guard cleanup --check: test whether an active exception can now be relaxed from==to>=cooldown-guard cleanup --apply: apply that relaxation and runuv lock
ci
the repo includes:
- .github/workflows/ci.yml: tests the tool itself
- examples/github-actions/validate.yml: consumer-side validation on pull requests
- examples/github-actions/reconcile.yml: nightly cleanup that can open a pull request
the example workflows install from a git url placeholder. swap your-org/your-repo for the real repo path, or replace it with a pypi package name once published.
notes
approved_byis audit metadata, not authorization. real authorization should still come from codeowners, branch protection, and normal review policy.- the tool shells out to
uv lockinstead of reimplementing resolution. - v1 intentionally targets the common case where the repo-level
exclude-neweris a duration like"7 days".
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cooldown_guard-0.1.0.tar.gz.
File metadata
- Download URL: cooldown_guard-0.1.0.tar.gz
- Upload date:
- Size: 40.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.13 {"installer":{"name":"uv","version":"0.11.13","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fef07674619bb897ad8dcbdb6e41b157233cb4488480cd5978a643098bdb04a7
|
|
| MD5 |
a08aebe575d3ece2baa729fdbdd6dd1e
|
|
| BLAKE2b-256 |
1464592c1faf4d30ca7d026d0727ab67d624287853c46a2305910732681eb50e
|
File details
Details for the file cooldown_guard-0.1.0-py3-none-any.whl.
File metadata
- Download URL: cooldown_guard-0.1.0-py3-none-any.whl
- Upload date:
- Size: 10.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.13 {"installer":{"name":"uv","version":"0.11.13","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
18bd1df4b9404136e04ff3838fe3ed78a38056a0e945ece1f33ba7202e519fad
|
|
| MD5 |
8513032365e63a3acb0e5c2931b4bdc3
|
|
| BLAKE2b-256 |
e0c304f09ce1078ecfa4fd3903894d857ab17daeb2fc42b715c9b9b3c391be1a
|
