The packaging and documentation discipline. Your Module 6 detector tool becomes a private-repo artefact a stranger can clone, install, and use. The README is the artefact that earns the tool-defensibility score on the capstone rubric.
Reading
- The PyPA Python Packaging User Guide (modern
pyproject.tomlpath). - The academy "good README" template (cohort archive).
- Your Module 6 tool source.
Lecture
Roughly three hours across two sessions. Key arc:
- Python package layout.
pyproject.toml,setup.cfg, the modern best practice. - The README discipline. Install, use, troubleshooting, examples.
- Versioning your detector tool. semver discipline.
- Test fixtures. The positive-test and negative-test virtualenvs.
- The private-repo publication step. Visibility and access control.
Lab pack
Lab Pack 9 packages the detector tool and publishes to a private repo. See Lab Pack 9.
Tools you will use
- Your detector tool source from Module 6.
- pip plus build plus twine for the packaging dry-run (no PyPI publication required).
- A private GitHub or GitLab repo for the publication step.
OWASP LLM and ASI anchor
The packaging discipline borrows from the OWASP-recommended SBOM publication pattern, scoped to the detector tool's own dependency manifest. The capstone report's tool-defensibility section references the packaging artefacts here.
Reflection prompts
- What is the smallest README that lets a stranger install and run your tool?
- What is the smallest test fixture set that catches the most common false-positive cases?
- If you had to ship the tool as a single-file executable, what would you give up?
What is next
Module 10 is capstone delivery. The full reproduction plus tool plus six-to-eight-page report plus five-minute demo, graded against the rubric in CAPSTONE.html.