Validate user input from init command

[rbogart1990]

This PR introduces validation for user input values during the poetry init command. It uses the rules defined in the project-schema.json schema. These rules are already enforced when running the poetry add command, so this change extends the same validation rules to the poetry init command.

Previously, user inputs were not validated against these schema rules, allowing the creation of Poetry projects with invalid or disallowed names (e.g. "new+project").

This change ensures that inputs conform to the schema before proceeding, preventing invalid project configurations.

Pull Request Check List

Resolves: #10170

• Added tests for changed code.
• Updated documentation for changed code.

Summary by Sourcery

Validate user inputs against the project schema in the 'poetry init' command and abort on validation errors.

New Features:

• Add schema-based validation of project metadata in the init command

Enhancements:

• Extend existing validation rules from 'poetry add' to the 'poetry init' command

Tests:

• Add parametrized tests for valid and invalid project names during initialization

[sourcery-ai]

Reviewer's Guide

A new validation step for user inputs in the poetry init command is implemented—reusing the existing project-schema rules via Factory.validate—and corresponding unit tests are added to cover valid and invalid project names.

Sequence diagram for user input validation in poetry init command

sequenceDiagram
    actor User
    participant InitCommand as poetry init
    participant Factory
    User->>InitCommand: Run poetry init and provide project info
    InitCommand->>Factory: validate(pyproject_data)
    Factory-->>InitCommand: Validation results
    alt Validation errors
        InitCommand-->>User: Show validation error and abort
    else Validation passes
        InitCommand->>InitCommand: Save pyproject.toml
        InitCommand-->>User: Project initialized
    end

Loading

File-Level Changes

Change	Details	Files
Extend InitCommand to validate pyproject data before saving	Insert pre-save validation call in _init_pyproject, aborts on errors Add staticmethod _validate using Factory.validate	src/poetry/console/commands/init.py
Add parameterized tests for project name validation	Create build_pyproject_data helper Add tests for valid project names Add tests for invalid project names	tests/console/commands/test_init.py

Possibly linked issues

• Prevent poetry from creating projects with invalid project names #10170: The PR adds validation to poetry init to prevent creating projects with invalid names, resolving the issue.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey @rbogart1990 - I've reviewed your changes and they look great!

Prompt for AI Agents

Please address the comments from this code review:
## Individual Comments

### Comment 1
<location> `src/poetry/console/commands/init.py:548` </location>
<code_context>
         return self._pool
+
+    @staticmethod
+    def _validate(pyproject_data: dict[str, Any]) -> dict[str, Any]:
+        """
+        Validates the given pyproject data and returns the validation results.
</code_context>

<issue_to_address>
Type annotation for dict[str, Any] may not be compatible with Python <3.9.

Use `Dict[str, Any]` from `typing` for compatibility with Python 3.8 and earlier.
</issue_to_address>

<suggested_fix>
<<<<<<< SEARCH
    @staticmethod
    def _validate(pyproject_data: dict[str, Any]) -> dict[str, Any]:
=======
    from typing import Dict

    @staticmethod
    def _validate(pyproject_data: Dict[str, Any]) -> Dict[str, Any]:
>>>>>>> REPLACE

</suggested_fix>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[radoering]

Factory.validate(pyproject.data) should suffice.

[rbogart1990]

@radoering , thanks for the suggestion. I updated the code to call Factory.validate(pyproject.data) directly. All tests are passing!

I kept it inside of InitCommand()._validate() so that I can unit-test it.

[radoering]

Hmm, I see. So we are actually just unit testing Factory.validate(), which does not give much value because it is (or at least should be) already tested in test_factory.py.

Further, my comment suggests that converting pyproject.data to string and parsing it is unnecessary. You probably also do this just for unit testing to have a clear interface? I do not like that the production code becomes more complicated just for unit testing.

I think you should check the other (non-interactive) unit tests in test_init.py and use one of these as base for your unit test so that you do not need a separate method to test. Further, this is probably the wrong place to test the regex in detail because as mentioned the validation is part of Factory. Here, we should just check that validation is called and gives a nicely formatted output.

[radoering]

The output is not so nicely formatted. It contains a raw dict, e.g.:

Validation failed: {'errors': ['project.name must match pattern ^([a-zA-Z\\d]|[a-zA-Z\\d][\\w.-]*[a-zA-Z\\d])$'], 'warnings': []}

You may take a look at https://github.com/python-poetry/poetry-core/blob/002aa3e16f98d21645bb9a45f698b55adc40f317/src/poetry/core/factory.py#L53-L60 for better formatting.

[rbogart1990]

@radoering , thanks for the feedback about this.

Would this format be acceptable?

Validation failed:
  - project.name must match pattern ^([a-zA-Z\d]|[a-zA-Z\d][\w.-]*[a-zA-Z\d])$

[radoering]

Absolutely.

[rbogart1990]

Thank you!

[rbogart1990]

@radoering , change made.

[Secrus]

You must be kidding. Error messages should be readable and clear for users. Imagine some beginner developer getting hit by that error message. Hell, 9/10 seasoned developers would have a hard time understanding that error message without some sort of regex explorer. This should be a clear message, that a 5 year old is able to understand. I would split the checks and make a separate clear message for each condition, gather the errors and list them clearly. Poetry's motto is "Python packaging and dependency management made easy". Getting hit with a regex is not "easy" by any means.

[radoering]

My comment was just about formatting the output. At this point, we get a dict with lists of messages and the output should just be nicely formatted. The content of the single messages has been created before and is fixed at this point.

In my opinion, it is too much effort to improve each possible message that comes from schema validation - or at least this is clearly out of scope of this PR. The message is the same message if you run poetry check on such an invalid pyproject.toml.