Merge remote-tracking branch 'origin/refactor/dependencies'

Author: sumeshi

.cursor/rules/01_python.mdc

@@ -0,0 +1,73 @@
+---
+description: 
+globs: 
+alwaysApply: false
+---
+---
+description: Python development standards
+globs: ["**/*"]
+alwaysApply: true
+---
+
+# Python Standards
+
+## Language & Framework
+- **Language**: Python 3.8+
+- **Package Manager**: pip or uv
+- **Virtual Environment**: Always use virtual environments
+
+## Code Style
+- Follow PEP 8 style guidelines
+- Use type hints for all functions and methods
+- Maximum line length: 88 characters (Black formatter compatible)
+- Use snake_case for variables and functions, PascalCase for classes
+- Use UPPER_CASE for constants
+- Write docstrings for all public functions and classes
+
+## Development Tools
+- **Formatter**: black (recommended) or autopep8
+- **Linter**: flake8, pylint, or ruff
+- **Type Checker**: mypy or pyright
+- **Testing**: pytest or unittest
+- **Import Sorting**: isort
+
+## Code Quality
+- Maintain type safety with type checker
+- Keep functions focused and single-purpose
+- Use descriptive error messages
+- Handle exceptions appropriately
+- Use context managers for resource management
+
+## File Organization
+```
+project/
+├── src/                 # Source code
+├── tests/               # Test files
+├── pyproject.toml       # Project configuration
+└── README.md           # Project documentation
+```
+
+## Dependencies
+- Always specify minimum versions
+- Keep dependencies minimal and well-justified
+- Pin exact versions in lock files
+- Document new dependencies and their purpose
+
+## Error Handling
+- Use appropriate exception types
+- Provide meaningful error messages
+- Log errors appropriately
+- Fail gracefully with helpful suggestions
+
+## Performance
+- Use appropriate data structures
+- Consider memory usage for large data processing
+- Use generators for large datasets
+- Profile code when performance is critical
+
+## Security
+- Never hardcode credentials
+- Validate input parameters
+- Handle sensitive data appropriately
+- Follow security best practices
+

.cursor/rules/02_tasks.mdc

@@ -0,0 +1,72 @@
+---
+description: 
+globs: 
+alwaysApply: false
+---
+---
+description: Task execution framework
+globs: ["**/*"]
+alwaysApply: true
+---
+
+# Task Execution Framework
+
+You are an AI assistant with advanced problem-solving capabilities. Follow these instructions to perform tasks efficiently and accurately.
+
+## 1. Analysis and Planning
+- Briefly summarize the main tasks
+- Review the specified technology stack and constraints
+- Identify important requirements and limitations
+- List potential challenges
+- Enumerate specific steps for task execution
+- Determine the optimal execution order
+
+### Preventing Duplicate Implementation
+Before implementation, verify:
+- Existence of similar existing functionality
+- Functions or components with the same or similar names
+- Duplicate API endpoints
+- Common processes that can be shared
+
+## 2. Task Execution
+- Execute each identified step systematically
+- Report progress briefly after completing each step
+- Maintain consistency in naming conventions and structure
+- Follow proper directory organization
+
+## 3. Quality Control
+- Verify execution results of each task
+- For errors or issues:
+  1. Isolate and identify root cause
+  2. Create and implement countermeasures
+  3. Verify fixes work correctly
+  4. Document the resolution
+
+## 4. Final Verification
+- Evaluate overall deliverables
+- Verify consistency with original instructions
+- Confirm no duplicate functionality was created
+
+## 5. Results Reporting
+Report results in this format:
+```
+## Summary
+[Brief overview]
+
+## Steps Completed
+1. [Step description and result]
+2. [Step description and result]
+
+## Issues Resolved
+- [Problem and solution if any]
+
+## Recommendations
+- [Suggestions for improvement if any]
+```
+
+## Important Guidelines
+- Confirm unclear points before starting work
+- Report important decisions and get approval
+- Do not make changes not explicitly requested
+- Get approval before UI/UX changes
+- Do not change technology stack versions without permission

.cursor/rules/03_project.mdc

@@ -0,0 +1,92 @@
+---
+description: 
+globs: 
+alwaysApply: false
+---
+---
+description: Project-specific rules for evtx2es
+globs: ["**/*"]
+alwaysApply: true
+---
+
+# evtx2es - Project Specific Rules
+
+## Project Overview
+evtx2es is a Python tool for fast import of Windows EventLogs (.evtx) into Elasticsearch using Rust library pyevtx-rs for high performance.
+
+## Technology Stack
+- **Language**: Python 3.8+
+- **Core Dependencies**: 
+  - pyevtx-rs (Rust-based EVTX parser)
+  - elasticsearch (Elasticsearch client)
+  - Click (CLI framework)
+- **Package Manager**: pip/poetry
+- **Development Tools**: pytest, black, mypy
+
+## Project Structure
+```
+evtx2es/
+├── src/evtx2es/          # Main package
+├── tests/                # Test files
+├── docs/                 # Documentation
+├── examples/             # Usage examples
+├── requirements.txt      # Production dependencies
+├── requirements-dev.txt  # Development dependencies
+└── README.md            # Project documentation
+```
+
+## Domain-Specific Requirements
+
+### Performance Considerations
+- Optimize for large EVTX file processing
+- Use streaming/chunked processing for memory efficiency
+- Leverage Rust-based pyevtx-rs for maximum performance
+- Implement progress reporting for long-running operations
+
+### Elasticsearch Integration
+- Support multiple Elasticsearch versions
+- Implement proper index mapping for Windows Event Log fields
+- Handle connection errors and retries gracefully
+- Support bulk indexing for performance
+
+### CLI Design
+- Use Click for consistent command-line interface
+- Provide clear progress indicators
+- Support configuration files
+- Implement proper error messages and help text
+
+### Windows Event Log Specifics
+- Handle various EVTX file formats correctly
+- Preserve all relevant event metadata
+- Support filtering and transformation of events
+- Handle malformed or corrupted EVTX files gracefully
+
+### Data Processing
+- Implement proper JSON serialization for Elasticsearch
+- Handle timestamp conversion and formatting
+- Support custom field mapping and transformation
+- Ensure data integrity during processing
+
+## Development Workflow
+- Focus on CLI usability and performance
+- Test with real EVTX files of various sizes
+- Benchmark performance improvements
+- Document configuration options thoroughly
+
+---
+
+## AI Assistant Instructions
+
+### Project Context Awareness
+- Always consider the Windows Event Log processing context
+- Understand the performance-critical nature of the tool
+- Be aware of Elasticsearch indexing requirements
+- Consider CLI user experience in suggestions
+
+### Enhancement Suggestions
+- When suggesting improvements, consider:
+  - Performance impact on large file processing
+  - Elasticsearch compatibility
+  - CLI usability
+  - Memory efficiency
+- Always test suggestions with the project's core functionality in mind 

.cursor/rules/04_forjapanese.mdc

@@ -0,0 +1,23 @@
+---
+description: 
+globs: 
+alwaysApply: false
+---
+---
+description: Japanese language settings for development
+globs: ["**/*"]
+alwaysApply: true
+---
+
+# 日本語設定ルール
+
+## 基本設定
+- **主要言語**: 日本語で応答してください
+- **コードとコメント**: 英語を使用してください
+- **技術的な説明**: 日本語で行ってください
+- **エラーメッセージ**: 日本語で説明してください
+
+## コミュニケーション方針
+- 丁寧語を使用してください
+- 技術的な内容も分かりやすく説明してください
+- 専門用語は適切に日本語化するか、英語の場合は説明を併記してください

.cursor/rules/README.md

@@ -0,0 +1,8 @@
+# Cursor Rules
+This directory contains rule files for consistent development assistance.
+
+## Files
+- **`01_python.mdc`** - Python development standards
+- **`02_tasks.mdc`** - Task execution framework
+- **`03_project.mdc`** - Project-specific rules for evtx2es
+- **`04_forjapanese.mdc`** - Japanese language settings for development (If you are not a Japanese speaker, please ignore this)

.devcontainer/Dockerfile

@@ -1,11 +1,25 @@
-FROM python:3.11.6-bullseye
+FROM python:3.13.5-slim-bookworm
 
 RUN apt -y update && apt upgrade -qqy && apt -y install \
     curl \
     gcc \
     git \
     fish \
+    patchelf \
     && apt clean
 
-RUN chsh -s /usr/bin/fish
-RUN pip install -U pip && pip install poetry
+ARG USERNAME=dev
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
+RUN groupadd --gid $USER_GID $USERNAME \
+    && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME \
+    && apt-get update \
+    && apt-get install -y sudo \
+    && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
+    && chmod 0440 /etc/sudoers.d/$USERNAME
+
+RUN chsh -s /usr/bin/fish $USERNAME
+
+USER $USERNAME
+RUN pip install -U pip && pip install uv

.devcontainer/devcontainer.json

@@ -1,6 +1,7 @@
 {
     "name": "dev",
     "dockerComposeFile": "docker-compose.yaml",
+    "remoteUser": "dev",
 	"service": "dev",
 	"workspaceFolder": "/workspace/",
     "postCreateCommand": "/usr/bin/fish ./.devcontainer/postCreateCommands.fish",

.devcontainer/docker-compose.yaml

@@ -6,12 +6,12 @@ services:
       context: .
       dockerfile: Dockerfile
     volumes:
-      - ..:/workspace:cached
+      - ../:/workspace:cached
     network_mode: service:elasticsearch
     tty: true
 
   elasticsearch:
-    image: elasticsearch:8.11.1
+    image: elasticsearch:9.0.2
     container_name: evtx2es-elasticsearch
     ports:
         - "9200:9200"
@@ -23,10 +23,10 @@ services:
         soft: -1
         hard: -1
 
-  # kibana:
-  #   image: kibana:8.11.1
-  #   container_name: evtx2es-kibana
-  #   ports:
-  #       - 5601:5601
-  #   environment:
-  #     - elasticsearch.host="http://localhost:9200"
+  kibana:
+    image: kibana:9.0.2
+    container_name: evtx2es-kibana
+    ports:
+        - 5601:5601
+    environment:
+      - elasticsearch.host="http://localhost:9200"

.devcontainer/postCreateCommands.fish

@@ -1,3 +1,2 @@
 #!/usr/bin/fish
-poetry config virtualenvs.in-project true
-poetry install
+echo 'set -x PATH $PATH $HOME/.local/bin' >> $HOME/.config/fish/config.fish

.github/workflows/publish-binary-pypi.yaml

@@ -10,16 +10,19 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
+
     - name: Set up Python
       uses: actions/setup-python@v1
       with:
         python-version: '3.11'
+
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
-        pip install poetry
+        pip install uv
+
     - name: Build and publish
       run: |
-        poetry config pypi-token.pypi ${{secrets.PYPI_TOKEN}}
-        poetry publish --build
+        uv build
+        uv publish --token ${{secrets.PYPI_TOKEN}}