@@ -804,13 +804,13 @@ Indexes advertise their support for staged previews by returning two key pieces
804804:ref: `response to publishing session creation <publishing-session-response >`. Indexes which don't support
805805staged previews **MUST NOT ** include these in their responses.
806806
807- The ``session-token `` is a short token which could be used as a convenience for installation tool UX, if they
808- want to support staged previews via a command line switch, e.g. `` pip install --staged $SESSION_TOKEN ``. The
809- ``links.stage `` key gives the full URL to the stage, which could be used in the CLI, e.g. `` pip
810- install --extra-index-url $STAGE_URL ``. Both the session token and URL **MUST ** be cryptographically
811- unguessable, but the algorithm for generating the token is left to the index. The stage URL ** MUST ** be
812- calculable from the session token, using a format documented by the index, but the exact format of the URL is
813- also left to the index.
807+ The ``session-token `` is a short token which could be used as a convenience for installation tool UX. For
808+ example, `` pip `` could add a `` --stage $SESSION_TOKEN `` flag as a convenience for installing from a staged
809+ preview. The ``links.stage `` key gives the full URL to the stage, which can be used with installers today,
810+ e.g. `` pip install --extra-index-url $STAGE_URL ``. Both the session token and URL **MUST ** be
811+ cryptographically unguessable, but the algorithm for generating the token is left to the index. The stage URL
812+ ** MUST ** be calculable from the session token, using a format documented by the index, but the exact format of
813+ the URL is also left to the index.
814814
815815
816816File Upload Session
@@ -1390,13 +1390,13 @@ command. The Upload 2.0 protocol could be exposed through additional options:
13901390 commands. This session identifier is local to the client and is mapped internally to the
13911391 in-progress server session.
13921392
1393- ``twine publish <session-id> ``
1393+ ``twine session publish <session-id> ``
13941394 Publishes a previously staged session.
13951395
1396- ``twine cancel <session-id> ``
1396+ ``twine session cancel <session-id> ``
13971397 Cancels a staged session and discards all uploaded files.
13981398
1399- ``twine status <session-id> ``
1399+ ``twine session status <session-id> ``
14001400 Queries and displays the current status of a session.
14011401
14021402uv
@@ -1410,12 +1410,22 @@ uv
14101410
14111411``uv publish --stage dist/* ``
14121412 Uploads without publishing. Like twine, this is valuable even without stage preview support.
1413+ Prints a session identifier that can be used with the ``uv session `` subcommands.
14131414
14141415``uv publish --test-install dist/* ``
14151416 If the index supports stage previews, uploads files, installs the package from the stage URL
14161417 into a temporary virtual environment, optionally runs a smoke test command, and only publishes
14171418 if successful. This provides an integrated "upload, test, publish" workflow.
14181419
1420+ ``uv session publish <session-id> ``
1421+ Publishes a previously staged session.
1422+
1423+ ``uv session cancel <session-id> ``
1424+ Cancels a staged session and discards all uploaded files.
1425+
1426+ ``uv session status <session-id> ``
1427+ Queries and displays the current status of a session.
1428+
14191429GitHub Actions
14201430~~~~~~~~~~~~~~
14211431
@@ -1438,7 +1448,7 @@ leverage staged releases to enable powerful CI/CD workflows. A multi-job workfl
14381448 - id : upload
14391449 uses : pypa/gh-action-pypi-publish@v2
14401450 with :
1441- stage-only : true # Upload but don't publish
1451+ stage : true # Upload but don't publish
14421452
14431453 test :
14441454 needs : upload
@@ -1715,21 +1725,25 @@ Change History
17151725 publishers contributing to one session, and notes the related security implications.
17161726 * Remove the optional ``metadata `` key from the file upload session creation request. The uploaded file is
17171727 the authoritative source of metadata, which the index extracts from the file itself.
1718- * Define an explicit publishing-session state machine. Rename the session-level ``pending `` status to
1719- ``open ``, add a transitional ``processing `` status for deferred (``202 Accepted ``) publishing, and document
1720- the ``error `` status as a still-editable state that records a failed deferred publish (with the reason
1721- reported in ``notices ``). Add a **Publishing Session States ** section with state descriptions and a
1722- transition table, specify that a synchronous publish failure leaves the session editable rather than
1723- entering ``error ``, and require the server to reject cancellation with a `` 409 Conflict `` while a session is
1724- `` processing ``. Key the ** Multiple Session Creation Requests ** rule off any non-terminal state rather than
1725- ``pending ``.
1726- * Document the file upload session state machine with a **File Upload Session States ** section and transition
1727- table. Specify that any completion failure -- synchronous or deferred -- moves the session to `` error ``,
1728- that an ``error `` file cannot be repaired in place (the client cancels or deletes it and starts a new file
1729- upload session), and that the server **MUST ** reject a `` DELETE `` with a `` 409 Conflict `` while a session
1730- is ``processing ``.
1728+ * Define an explicit publishing-session state machine. Rename the session-level ``pending ``
1729+ status to ``open ``, add a transitional ``processing `` status for deferred (``202 Accepted ``)
1730+ publishing, and document the ``error `` status as a still-editable state that records a failed
1731+ deferred publish (with the reason reported in ``notices ``). Add a **Publishing Session States **
1732+ section with state descriptions and a transition table, specify that a synchronous publish
1733+ failure leaves the session editable rather than entering ``error ``, and require the server to
1734+ reject cancellation with a `` 409 Conflict `` while a session is `` processing ``. Key the
1735+ ** Multiple Session Creation Requests ** rule off any non-terminal state rather than ``pending ``.
1736+ * Document the file upload session state machine with a **File Upload Session States ** section and
1737+ transition table. Specify that any completion failure -- synchronous or deferred -- moves the
1738+ session to `` error ``, that an ``error `` file cannot be repaired in place (the client cancels or
1739+ deletes it and starts a new file upload session), and that the server **MUST ** reject a
1740+ `` DELETE `` with a `` 409 Conflict `` while a session is ``processing ``.
17311741 * Add state transition diagrams to the **Publishing Session States ** and **File Upload Session States **
17321742 sections, alongside the existing transition tables.
1743+ * Make the suggested ``twine `` and ``uv `` command-line interfaces consistent: group the staged-session
1744+ operations under a ``session `` subcommand (``session publish ``/``session cancel ``/``session status ``),
1745+ give ``uv `` the same staged-session follow-ups and session-id output as ``twine ``, and align the GitHub
1746+ Action's ``stage `` input with the ``--stage `` flag.
17331747
17341748* `07-Dec-2025 <https://discuss.python.org/t/pep-694-pypi-upload-api-2-0-round-2/101483/35 >`__
17351749
@@ -1744,7 +1758,8 @@ Change History
17441758 * Clarify publishing session steps such as status polling and session extension.
17451759 * Require that ``name `` conform to the normalization rules, and include a link.
17461760 * Require that ``version `` conform to the version specs, and include a link.
1747- * Require ``filename `` to conform to either the source or binary distribution file name convention, and include links.
1761+ * Require ``filename `` to conform to either the source or binary distribution file name convention, and
1762+ include links.
17481763 * Reference RFC 3399 instead of ISO 8601 as the timestamp spec. The RFC is a simpler format that
17491764 subsets the ISO standard, and is more appropriate to our use case.
17501765 * Other protocol clarifications.
0 commit comments