WAIT — Slowing — last commit 9mo ago

• Last commit 9mo ago
• Apache-2.0 licensed
• ⚠ Slowing — last commit 9mo ago
• ⚠ Solo or near-solo (1 contributor active in recent commits)
• ⚠ No CI workflows detected
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

A comprehensive Python learning course organized as a progressive tutorial project with 100 video lessons (44 hours) spanning fundamentals through backend/frontend development, AI, and testing. The repository includes a runnable FastAPI backend (with MongoDB integration, JWT auth, and role-based access control) alongside structured lesson code in Basic/ and Intermediate/ directories, making it both an educational resource and a working example of production patterns. Three-layer monorepo: Basic/ (00–13 files covering syntax, operators, functions, classes, exceptions, modules) → Intermediate/ (00–08 files covering dates, comprehensions, lambdas, regex, file I/O, packages) → Backend/FastAPI/ (production-shaped structure with db/models/, db/schemas/, routers/, auth implementations). Static files and lesson examples coexist; the FastAPI app is self-contained under Backend/FastAPI/main.py with a Vercel deployment config.

Beginner Python programmers learning from zero experience, watching video lessons synchronized with the Basic/ and Intermediate/ directories. Also intermediate developers exploring FastAPI patterns (authentication, database modeling, REST routing) in the Backend/FastAPI/ structure.

Actively maintained educational project with a clear progression through 15+ foundational topics and additional intermediate modules. No production maturity markers visible (no CI config shown, no test directory listed), so this is primarily a learning resource with working example code rather than a battle-tested library. The FastAPI backend demonstrates real patterns (JWT, Bcrypt, MongoDB schemas) but is oriented toward teaching.

Low risk for learning purposes—no dependencies on this code; students copy examples. The actual Backend/FastAPI/ depends on fastapi, pymongo, passlib, bcrypt, python-jose (5 core deps), all production-grade. Risk emerges only if forking this as a template: no visible requirements.txt pinning, no CI/CD pipeline shown, and single-maintainer (mouredev) means documentation or breaking changes follow video release cadence, not semantic versioning.

No recent commit or PR data provided in the snapshot. The repository appears stable with complete lesson coverage (100 classes, 15 foundational + 8 intermediate + backend/AI modules documented in README). Active maintenance inferred from the structured progression and Vercel config, but no visible active development branch or pending issues in the snapshot.

git clone https://github.com/mouredev/Hello-Python.git
cd Hello-Python
# For learning Basic/Intermediate: run any .py file directly
python Basic/00_helloworld.py
# For FastAPI backend:
cd Backend/FastAPI
pip install -r requirements.txt
uvicorn main:app --reload

Daily commands: Backend dev server: cd Backend/FastAPI && pip install -r requirements.txt && uvicorn main:app --reload (auto-reloads on file changes, serves on http://127.0.0.1:8000). Lesson files: python Basic/XX_topic.py or python Intermediate/XX_topic.py in any Python 3.10+ environment. API docs: http://127.0.0.1:8000/docs (Swagger UI auto-generated by FastAPI).

• Backend/FastAPI/main.py — Entry point for the FastAPI backend application; all routers and middleware are initialized here.
• Backend/FastAPI/routers/users_db.py — Core user management router demonstrating database integration patterns used across the backend.
• Backend/FastAPI/db/models/user.py — User data model definition; establishes the schema for MongoDB persistence throughout the application.
• Backend/FastAPI/db/client.py — Database client initialization and connection logic; single point of MongoDB configuration for all routers.
• Backend/FastAPI/requirements.txt — Dependency manifest including FastAPI, authentication libraries (JWT, passlib, bcrypt), and MongoDB driver.
• Basic/00_helloworld.py — Starting point for beginners; demonstrates course structure and Python fundamentals philosophy.

• FastAPI main.py (FastAPI, Starlette) — Application bootstrap; registers all routers, configures CORS, serves static files, defines global exception handlers
  • Failure mode: Router import failures crash startup; missing database connection causes subsequent endpoint failures
• Router modules (users_db.py, jwt_auth_users.py, etc.) (FastAPI, Pydantic) — HTTP endpoint implementations; parse requests, call database/auth logic, return JSON responses
  • Failure mode: Invalid request validation returns 422; missing JWT token returns 401; database errors return 500
• Database client (db/client.py) (pymongo) — Singleton MongoDB connection management; provides db reference to all routers
  • Failure mode: Connection timeout causes all database operations to hang; credential errors prevent startup
• Pydantic schemas (db/schemas/user.py) (Pydantic, Python type hints) — Request/response validation and serialization; enforces API contracts and type safety
  • Failure mode: Schema validation failures return 422 with detailed error messages
• Learning modules (Basic/, Intermediate/) (Python 3.10+) — Progressive Python concept demonstrations with executable examples and comments
  • Failure mode: Syntax errors prevent execution; students must debug manually as teaching aid

• HTTP Client → FastAPI Router — Request with JSON body and optional JWT token header
• FastAPI Router → Pydantic Schema — Raw request data validated and deserialized into Python objects
• FastAPI Router → JWT Auth module — Token extracted from Authorization header and verified using python-jose
• FastAPI Router → MongoDB client — CRUD operations (insert/find/update/delete) sent as pymongo calls
• MongoDB → FastAPI Router — Document data returned as dictionary; transformed to Pydantic schema for response
• FastAPI Router → HTTP Client — JSON response with status code; Pydantic auto-serializes response schema

Add a new FastAPI endpoint with database persistence

1. Create Pydantic schema for request/response validation in Backend/FastAPI/db/schemas/ (Backend/FastAPI/db/schemas/user.py)
2. Define MongoDB document model in Backend/FastAPI/db/models/ (Backend/FastAPI/db/models/user.py)
3. Implement CRUD logic in a new router file under Backend/FastAPI/routers/ (Backend/FastAPI/routers/users_db.py)
4. Register the router in Backend/FastAPI/main.py using app.include_router() (Backend/FastAPI/main.py)

Add JWT authentication to an existing endpoint

1. Review JWT implementation pattern in Backend/FastAPI/routers/jwt_auth_users.py (Backend/FastAPI/routers/jwt_auth_users.py)
2. Add Depends(get_current_user) parameter to endpoint function (Backend/FastAPI/routers/users_db.py)
3. Verify token validation and user extraction logic matches project configuration (Backend/FastAPI/main.py)

Add a new Python fundamentals lesson

1. Create new file in Basic/ following naming convention (NN_concept_name.py where NN is sequential) (Basic/10_functions.py)
2. Follow code comment and example structure from existing lessons (Basic/01_variables.py)
3. If demonstrating module/package concepts, reference mypackage pattern (Intermediate/mypackage/__init__.py)

• FastAPI — Modern async Python framework with automatic OpenAPI documentation; ideal for teaching API design and async patterns.
• MongoDB — NoSQL document database simplifies schema-less learning; integrates well with Python through pymongo for teaching data persistence.
• JWT (python-jose) + Passlib + Bcrypt — Industry-standard authentication pattern; demonstrates secure password hashing and token-based authorization in real applications.
• Pydantic — Data validation and serialization library; teaches data contract design and type safety in Python APIs.

• Single monolithic FastAPI application with local routing

  • Why: Simpler for teaching; minimal infrastructure setup required for beginners.
  • Consequence: Does not scale to microservices; all code colocated limits separation of concerns lessons.

• MongoDB over relational database

  • Why: Faster initial learning curve; flexible schema removes normalization complexity.
  • Consequence: Does not teach relational design, transactions, or SQL; students miss ACID fundamentals.

• No testing framework integrated into backend

  • Why: Keeps course focused on core concepts first; testing is a later module topic.
  • Consequence: No production-ready test suite; contributors must follow testing patterns from Intermediate module.

• Does not provide frontend/UI beyond static image serving (no React, Vue, or web templating)
• Does not implement real-time features (WebSockets, streaming)
• Does not cover deployment pipelines or CI/CD (only Vercel config provided)
• Does not teach advanced IA/ML beyond ChatGPT integration mention in README

• Global database client without lifecycle management — Backend/FastAPI/db/client.py + Backend/FastAPI/main.py: Database connection created at module level without explicit startup

No .env example or secrets management shown: FastAPI backend likely needs MongoDB connection string and JWT secret (not visible in files). No pytest or unittest directory: lessons teach exceptions but repo lacks automated test structure—contributors must infer testing patterns from FastAPI docs. Vercel config without deployment docs: Backend/FastAPI/vercel.json present but no README section on deploying. Python 3.10+ requirement (in badge) not enforced in code: type hints use newer syntax, but no setup.py or pyproject.toml constraints visible. Static images hard-coded: static/images/python.jpg referenced but not versioned; changing it breaks examples without warning.

• Pydantic schema validation — Separates API contracts (db/schemas/user.py) from database models (db/models/user.py) in FastAPI; critical for teaching request validation without tangling persistence logic.
• JWT (JSON Web Tokens) for stateless authentication — Demonstrated in routers/jwt_auth_users.py; essential pattern for REST APIs that don't rely on server-side sessions. Learners see how token claims encode identity without database lookups on every request.
• Role-based access control (RBAC) — Two auth routers (basic_auth_users.py, jwt_auth_users.py) hint at authorization patterns; teaches the difference between authentication (proving identity) and authorization (proving permissions).
• Dependency injection in FastAPI — FastAPI's Depends() pattern (used in routers) decouples database clients and auth checks from business logic; critical for testing and code reuse, though not explicitly called out in Basic/ lessons.
• List comprehensions and generator expressions — Covered in Intermediate/01_list_comprehension.py; Python-specific syntax that makes data transformation concise. Widely used in backend routers for filtering and mapping.
• Regular expressions (regex) for pattern matching — Taught in Intermediate/07_regular_expressions.py; essential for validating email, usernames, and other string patterns in the backend (e.g., user schema validation).
• Password hashing with Bcrypt — Used in routers/jwt_auth_users.py (via passlib); never storing plaintext passwords is a fundamental security principle. The repo demonstrates correct salted hashing.

• real-python/cpython — The CPython source; relevant for understanding how language features taught in Basic/ (operators, functions, classes) are actually implemented.
• tiangolo/fastapi — Official FastAPI repository; canonical reference for the Backend/FastAPI/ patterns (routing, dependency injection, Pydantic integration).
• mongodb/mongo-python-driver — Official PyMongo docs and examples; directly underpins the Backend/FastAPI/db/client.py MongoDB integration.
• pydantic/pydantic — Pydantic v2 (used in FastAPI schemas); teaches validation patterns mirrored in Backend/FastAPI/db/schemas/.

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for FastAPI authentication routers

The Backend/FastAPI/routers directory contains critical authentication logic (basic_auth_users.py, jwt_auth_users.py) and database operations (users_db.py) with no corresponding test files. This is essential for a teaching repository to demonstrate testing best practices and prevent regressions in security-sensitive code.

• [ ] Create Backend/FastAPI/tests/ directory structure
• [ ] Add test_basic_auth_users.py with tests for basic authentication endpoints
• [ ] Add test_jwt_auth_users.py with tests for JWT token generation, validation, and refresh flows
• [ ] Add test_users_db.py with tests for database CRUD operations against the User model
• [ ] Update Backend/FastAPI/requirements.txt to include pytest and pytest-asyncio
• [ ] Add a conftest.py fixture for mock MongoDB client setup

Add GitHub Actions CI workflow for FastAPI backend validation

The repo contains a FastAPI backend (Backend/FastAPI/main.py) with dependencies (requirements.txt) and a vercel.json deployment config, but no CI pipeline. A workflow would validate that dependencies install correctly, imports work, and FastAPI app starts without errors—critical for a learning repository with students potentially forking it.

• [ ] Create .github/workflows/fastapi-ci.yml
• [ ] Add steps to set up Python 3.10+, install Backend/FastAPI/requirements.txt
• [ ] Add step to validate Backend/FastAPI/main.py imports and FastAPI app initialization (using fastapi.testclient or import check)
• [ ] Add linting step (flake8 or ruff) on Backend/FastAPI/ directory
• [ ] Configure workflow to trigger on push to main and pull requests

Create comprehensive FastAPI backend documentation with API endpoints reference

The Backend/FastAPI directory has a main.py with routers (users.py, products.py, jwt_auth_users.py, basic_auth_users.py) and a MongoDB schema (db/models/user.py, db/schemas/user.py), but no Backend/README.md or API documentation. This leaves contributors unclear about available endpoints, authentication flows, and how to run the backend locally.

• [ ] Create Backend/README.md documenting how to set up and run the FastAPI server locally
• [ ] Document MongoDB connection setup (required environment variables, connection string format)
• [ ] Add API endpoint reference section listing all routers: /users, /products, /auth/login, /auth/jwt/login, /auth/basic
• [ ] Include request/response examples for authentication (basic auth vs JWT flows)
• [ ] Add instructions for testing endpoints (using curl, Postman, or FastAPI's /docs Swagger UI)
• [ ] Document the User model schema from db/models/user.py and db/schemas/user.py

• Add a Testing/ directory with pytest examples mirroring Basic/12_exceptions.py and Intermediate/05_error_types.py—create Testing/00_unit_tests.py and Testing/01_fixtures.py to teach test-driven development before learners encounter the FastAPI backend.: Exceptions are taught but testing is not, leaving a gap before students write backend code.
• Create Backend/FastAPI/.env.example documenting required env vars (MONGODB_URL, JWT_SECRET) and add a Local Setup section to README.md with copy-paste instructions—currently new contributors would struggle to run the backend without trial-and-error.: FastAPI backend depends on secrets not visible in the repo, creating friction for first-time runners.
• Add inline docstrings and type hints to routers (e.g., Backend/FastAPI/routers/users_db.py) showing async/await patterns; create a new Intermediate/09_async_await.py lesson linking to these examples.: FastAPI uses async heavily but no intermediate lesson covers async/await; backend code becomes harder to understand for learners following the progression.

• High · Use of python-jose without explicit algorithm specification — Backend/FastAPI/routers/jwt_auth_users.py (inferred) and Backend/FastAPI/requirements.txt. The dependency 'python-jose' is included, which is commonly used for JWT handling. Without proper configuration and explicit algorithm whitelisting in JWT validation, the application may be vulnerable to algorithm confusion attacks (e.g., HS256 vs RS256 substitution). Fix: Ensure JWT validation explicitly specifies allowed algorithms. Use 'verify' parameter with algorithms=['HS256'] or appropriate algorithm list. Never use 'verify=False'.
• High · Plaintext password handling risk — Backend/FastAPI/routers/basic_auth_users.py and Backend/FastAPI/db/models/user.py. While 'bcrypt' and 'passlib' are included for password hashing, there is no visible enforcement mechanism in the file structure to guarantee all passwords are hashed. The Basic/11_classes.py and authentication routers may contain examples with plaintext passwords or incomplete password handling. Fix: Implement mandatory password hashing on all user creation/update operations. Use passlib's CryptContext with 'bcrypt' scheme. Never store plaintext passwords.
• High · MongoDB connection without authentication details visibility — Backend/FastAPI/db/client.py (inferred). The pymongo dependency is included for MongoDB operations, but connection credentials and URI configuration are not visible in the file structure. Database connection strings may be hardcoded or missing authentication. Fix: Use environment variables for MongoDB URI and credentials. Implement proper connection pooling. Use authentication and IP whitelisting in MongoDB Atlas or similar. Never hardcode credentials.
• Medium · Missing security headers configuration — Backend/FastAPI/main.py. FastAPI application files (Backend/FastAPI/main.py) likely lack explicit security headers like HSTS, X-Frame-Options, X-Content-Type-Options, and CSP headers. Fix: Add middleware for security headers using FastAPI's add_middleware() with CORSMiddleware and custom headers. Configure: HSTS, X-Frame-Options: deny, X-Content-Type-Options: nosniff.
• Medium · Potential hardcoded secrets in example/educational code — Backend/FastAPI routers and Basic/Intermediate example files. As this is a Python learning repository with examples, Basic and Intermediate modules may contain hardcoded API keys, passwords, or secrets as part of educational demonstrations. Fix: Review all example files for hardcoded secrets. Use placeholder values (e.g., 'your_secret_here'). Implement .env file examples in documentation without committing actual secrets.
• Medium · CORS misconfiguration risk — Backend/FastAPI/main.py. FastAPI application may have overly permissive CORS settings allowing requests from any origin, especially in educational examples. Fix: Configure CORS with specific allowed origins: CORSMiddleware(app, allow_origins=['https://yourdomain.com'], allow_credentials=True, allow_methods=['GET','POST'], allow_headers=['*'])
• Low · Missing input validation documentation — Backend/FastAPI/routers/ (all files) and Backend/FastAPI/db/schemas/user.py. No visible Pydantic schema validation patterns in file names suggest potential missing input sanitization in routers. Fix: Use Pydantic models for all input validation. Implement field constraints (min_length, max_length, regex patterns). Validate all user inputs server-side.
• Low · Static files served without access control — Backend/FastAPI/static/. Backend/FastAPI/static directory is present but access controls are not evident in the file structure. Fix: Ensure static files are served with appropriate cache headers and access controls. Use FastAPI's StaticFiles with proper path restrictions.
• Low · Lack of rate limiting — Backend/FastAPI/routers/basic_auth_users.py and Backend/FastAPI/routers/jwt_auth_. No visible rate limiting implementation in router files, which could allow brute force attacks on authentication endpoints. Fix: undefined

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/mouredev/Hello-Python shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live mouredev/Hello-Python repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/mouredev/Hello-Python.

What it runs against: a local clone of mouredev/Hello-Python — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in mouredev/Hello-Python | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch main exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 301 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of mouredev/Hello-Python. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/mouredev/Hello-Python.git
#   cd Hello-Python
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of mouredev/Hello-Python and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "mouredev/Hello-Python(\\.git)?\\b" \\
  && ok "origin remote is mouredev/Hello-Python" \\
  || miss "origin remote is not mouredev/Hello-Python (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify main >/dev/null 2>&1 \\
  && ok "default branch main exists" \\
  || miss "default branch main no longer exists"

# 4. Critical files exist
test -f "Backend/FastAPI/main.py" \\
  && ok "Backend/FastAPI/main.py" \\
  || miss "missing critical file: Backend/FastAPI/main.py"
test -f "Backend/FastAPI/routers/users_db.py" \\
  && ok "Backend/FastAPI/routers/users_db.py" \\
  || miss "missing critical file: Backend/FastAPI/routers/users_db.py"
test -f "Backend/FastAPI/db/models/user.py" \\
  && ok "Backend/FastAPI/db/models/user.py" \\
  || miss "missing critical file: Backend/FastAPI/db/models/user.py"
test -f "Backend/FastAPI/db/client.py" \\
  && ok "Backend/FastAPI/db/client.py" \\
  || miss "missing critical file: Backend/FastAPI/db/client.py"
test -f "Backend/FastAPI/requirements.txt" \\
  && ok "Backend/FastAPI/requirements.txt" \\
  || miss "missing critical file: Backend/FastAPI/requirements.txt"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 301 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~271d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/mouredev/Hello-Python"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.