Jan Giacomelli’s Post

Want good code? Let the 𝐢𝐦𝐩𝐥𝐞𝐦𝐞𝐧𝐭𝐚𝐭𝐢𝐨𝐧 𝐟𝐨𝐥𝐥𝐨𝐰 𝐫𝐮𝐥𝐞𝐬 ⚙️ There are two ways of doing that in Python: with either 𝐀𝐁𝐂 𝐈𝐧𝐭𝐞𝐫𝐟𝐚𝐜𝐞𝐬 or with 𝐏𝐫𝐨𝐭𝐨𝐜𝐨𝐥𝐬. 𝐀𝐁𝐂 𝐈𝐧𝐭𝐞𝐫𝐟𝐚𝐜𝐞𝐬 is when you (1) write a base class with methods, (2) let implementations 𝑖𝑛ℎ𝑒𝑟𝑖𝑡 from that class and 𝑓𝑜𝑟𝑐𝑒 𝑡ℎ𝑒𝑚 𝑡𝑜 𝑖𝑚𝑝𝑙𝑒𝑚𝑒𝑛𝑡 all the required methods. This way you catch errors early, but it may require more code. 🧱 𝐏𝐫𝐨𝐭𝐨𝐜𝐨𝐥𝐬 are when you (1) write a protocol class, and (2) during use 𝑎𝑐𝑐𝑒𝑝𝑡 𝑎𝑛𝑦 𝑐𝑙𝑎𝑠𝑠 𝑡ℎ𝑎𝑡 ℎ𝑎𝑠 𝑡ℎ𝑒 𝑠𝑎𝑚𝑒 𝑚𝑒𝑡ℎ𝑜𝑑𝑠 as defined in the protocol. This gives you flexibility to plug-and-play quickly. Less code, but errors may only appear at runtime. 🧩 𝐆𝐞𝐧𝐞𝐫𝐚𝐥 𝐫𝐮𝐥𝐞: - Protocols are good for 𝘦𝘹𝘵𝘦𝘳𝘯𝘢𝘭 𝘴𝘵𝘶𝘧𝘧 like APIs, LLM providers, data sources 🌍 - Interfaces are good for 𝘪𝘯𝘵𝘦𝘳𝘯𝘢𝘭 𝘴𝘵𝘶𝘧𝘧 like core logic of your system ⚙️ 𝐹𝑙𝑒𝑥𝑖𝑏𝑙𝑒 𝑎𝑡 𝑡ℎ𝑒 𝑒𝑑𝑔𝑒𝑠, 𝑠𝑡𝑟𝑖𝑐𝑡 𝑎𝑡 𝑡ℎ𝑒 𝑐𝑜𝑟𝑒. #software #engineering #best #practices

Built something that could save an engineer hours. Feed it any Python function → it uses Claude to automatically generate a full pytest test suite: happy path, edge cases, error handling, security. 🔗 https://lnkd.in/gwg7RZ65

Security API for RACF 0.6.0 just released and delivers generic checking for resource and dataset profiles. It also comes with a more flexible Python build process if you want to build the Python version yourself. In addition to the new features it also comes with a ton of bug fixes. pySEAR can be acquired here: https://lnkd.in/dtvsu_Tt The repository can be viewed here: https://lnkd.in/dXRRv2Vu Documentation here: https://lnkd.in/eAcBtx_J Thanks to everyone who contributed, whether it be bug reports or code.

In Software Development, you'll often run into XML when working with config files, API responses, and so on. And if you're working in Python, you don't need an external library to parse XML - it's all built into the standard library. In this guide, Bala shows you how to parse XML in Python using the built-in xml.etree.ElementTree module. https://lnkd.in/g-arfg-G

Any Gradio Space is now callable from a terminal one-liner. The Gradio CLI now has predict and info commands.👇 This matters because coding agents (Claude Code, Cursor, Codex) can now call any of the 400k+ Gradio Spaces on Hugging Face without writing a Python script first 🤯

𝗪𝗵𝘆 𝗥𝘂𝗻𝗻𝗶𝗻𝗴 𝗨𝘀𝗲𝗿 𝗖𝗼𝗱𝗲 𝗼𝗻 𝗬𝗼𝘂𝗿 𝗦𝗲𝗿𝘃𝗲𝗿 𝗜𝘀 𝗗𝗮𝗻𝗴𝗲𝗿𝗼𝘂𝘀 While building a Python script execution API, I realized how risky it is to run user-submitted code on a server. A script could try to delete files, access sensitive directories, run infinite loops, or consume all system resources. What sounds like a simple feature quickly becomes a serious security and reliability problem. To explore this, I built 𝗣𝘆𝘁𝗵𝗼𝗻𝗦𝗰𝗿𝗶𝗽𝘁_𝗦𝗲𝗿𝘃𝗶𝗰𝗲𝗦𝗮𝗻𝗱𝗯𝗼𝘅, which executes scripts inside an isolated environment using 𝗻𝘀𝗷𝗮𝗶𝗹 locally and 𝗴𝗩𝗶𝘀𝗼𝗿 in production, enforcing filesystem restrictions and resource limits. The real challenge was 𝗱𝗲𝘀𝗶𝗴𝗻𝗶𝗻𝗴 𝗴𝘂𝗮𝗿𝗱𝗿𝗮𝗶𝗹𝘀 that safely handle untrusted code. If you're curious, you can go through the project and some of the test cases to see how the sandbox handles different scenarios 👇 https://lnkd.in/eZP5mMhP

Many of us are now coding with the help of LLMs, where the bottleneck has shifted to code review. We have to make sure the forced TDD approach really is testing what we want, and that the LLM didn’t bullshit us with fake assertions. It’s about truly understanding that our code works. From that struggle, I decided to create an open-source Python testing library, which also includes an MCP server. It allows you to specify the intent of your tests semantically! Take a look at the example code:

Most 'security' tools require 50+ third-party dependencies just to run a simple handshake. Every dependency is a potential entry point for a supply chain attack. We just stripped the Aethelgard Python SDK to its bones. Zero Dependencies. > * Standard Library Only. > * 100% Auditable. > We don't ask you to trust a web of external developers. We ask you to trust the physics of Forensic Nullity. pip install aethelgard-sdk , No fat. No risk. Just the Hardline.... Securepasspro.co gets better by the day.

There is much talk about coding agents leveraging #CLI tools -- even in favor of #MCP. But it needs to be spelled out: The most powerful CLI tool to give an LLM is… …not necessarily any of the vendor-supplied cli tools. But: python.exe / #python Once your coding agent has figured out that there is an **interpreter** it will happily generate one-off scripts. Caveats about isolation and permissions apply, as usual. But: Wow, does Sonnet do powerful things!

Claude Code skill. What is it? At its core it's just a .md file with instructions and supporting examples. But that simple file tells Claude exactly how you want your output for example specific framework, specific style, specific structure. And it does it really well! Super powerful for Python especially. Want it to always use a certain framework or follow your team's patterns? Just put it in the skill file and Claude follows it every time. Best use case I found is when writing a report, I can give it a report writing skill and it simply reads that file with instructions to create a structured output designed by me consistently! It's basically a way to permanently refine Claude's output to match your standards. Simple concept. Big impact.