The following is a poem, but not a silly one, which I’m using to help me justify (to myself and others) my choices: past, present, and hopefully future. Enjoy!

Some people stand on the shoulders of giants,

while others go run with the bulls.

I’ve seen if I tried I could stand and could run,

but it leaves my glass only half full.

-

Well, that’s not quite true, see, it’s filled to the brim.

‘Cuz my glass truly doth runneth over.

But only half full with the blood of my being,

while the other half’s empty with water.

-

I think I’ll gulp less from the Fountain of Knowledge,

the beverage which sates not the soul.

And hope that the liquid which flows from my heart,

will fill cups before I’m too old.

Technology brings so much excitement and innovation and, most-importantly brings us closer to being our most human selves, free from toil.

I’ve been reflecting on all the wonderful advances in toil-reducing automation I now realize I’ve come to assume as commonplace. As an exercise in gratitude, I thought I’d list them.

Thanks to personal automobiles, humans have been freed from the toil involved in short and medium distance travel. Although, this was true when the automobile became a household accessory, it became true yet again when the technology advanced to a point where you could travel in a similiarly-sized autombile at twice the speed (which also had the added benefit of removing the toil of a slow and prolonged death for a great multitude of people).

For long-distance travel, look no farther than your local airport. The airplane, the legendary FLYING transport of the sky, now offers humanity a way to travel across continents and oceans without the slightest inkling of toil. Just close your eyes and imagine how, after a day spent traveling with your family, you lack the fatigue associated with the toils of long-distance travel of yore.

And speaking of fatigue, let’s be grateful for the technological advancements hiding in plain sight in our homes. I remember a time, before the advent of the washer and dryer, when folks would complain about the laundry. But now? We’ve washed our lives clean of toiling for outwear without a stain or wrinkle.

The (clothes) washer isn’t the only washer which requires praise for innovation. Such toilful duties “the dishes” used to require, before the advent of the dishwasher. Where there was sweat and labor and sore muscles before, now jubilent smiles and a song on the lips as “doing the dishes” has become a synonym for “leisure”.

And speaking of dishes, cooking the food on them also went through a technological revolution. Not only did the electric stove and oven elminate the toil of making heat from sticks, but again the toil (which was already vanquished) was eliminated when mankind introduced: the microwave. Gone was the struggles of slowly and painstakingly exherting yourself over a hot stove or oven. The microwave as a technological advncement can be thanked for having a hot, nutrious, sating meal every meal.

All the technological advancements (and so many more) sum up to a life spent in bliss. The free time I enjoy because of them I’ve been able to trade for currency which unlocks EVEN MORE toil-expelling technologies.

My life simply couldn’t get any easier or more relaxing, and yet somehow it will with tomorrow’s “latest and greatest” innovation in automation.

After I announced I was leaving Anthropic I sent this meme to my wife and a friend:

Exhibit B

Thank you for taking the time to interview with <Human>, <Human>, and <Human>. I’ve read their feedback and based on our discussion about salary expectations, which fall into the range of Principal Engineer at <Company>, I’ve decided not to move forward with an offer at this time.

Exhibit C

Thanks for taking the time to speak with us about opportunities at <Company>. After reviewing your candidacy with the larger team, it seems your background isn’t an exact match for the current needs.

(this one was from me flubbing a surprise leetcode question. Oof)

Exhibit D

After much deliberation the team decided that it is not a great fit at this time. Please let me know if you have any questions or feedback. We highly encourage you to apply to other roles that may appear to be a better fit within <Company>.

Exhibit E

After talking as a team, we’ve made the hard decision not to move forward from here. I understand this is a disappointing outcome, but the reality is that we hold an exceptionally high bar and say no to a lot of strong candidates — we truly need to be blown away to move forward.

Verdict

It’s good to be confident. I’d make and send the meme again if I had to. But deep down I’m also guilty of having felt like the meme wasn’t a joke. This time I lucked out:

Do you have a second to connect today? I’ve got some feedback for you :)

Next time (oh I REALLY hope there won’t be a next time), I’ll work hard and avoid getting any desserts.

TL;DR [ \]; exec <COMMAND> $0 "$@"; ]:#

Try it! curl https://raw.githubusercontent.com/thejcannon/joshcannon.me/refs/heads/main/scripts/magic-word.md | sh

(or save it to a file, chmod +x it, then run it)

What the hell?

Figuring out the puzzle is left as an exercise for the reader, but I’ll present two key pieces of information:

1. [ <anything> ]:# is a valid Markdown comment
   • You cannot put a space between the ] and the :
2. [ is not Bash syntax, it is a program. (man [ if you don’t believe me)

Enjoy!

Its a game the spare neurons (yes I have a few to spare) like to play while life goes on. Instead of elevator music playing in my cerebellum, the vast empty silence is masked with silly word games.

I’ve found them to be quite quite useful at times.

Let me demonstrate with a silly example.

A Silly Example

There’s a joke that gets told, usually when trying to demonstrate that correlation doesn’t imply causation:

100% of people who drink water die.

Aside from the living people who have drank water and aren’t dead yet (who are probably statistical anomalies or are maybe just “pre-dead”), this is a universally true fact.

My retort is usually:

100% of people who don’t drink water also die. Almost always quicker.

Also a universally true fact. Leaving us with two, universally true, almost useless facts…

…unless you’re bored and want to play a game of “find the bounds”.

Bounding

If you don’t drink water your lower bound is T+0 (you could, of course die immediately following your questionble decision), and your upper bound is T+4 days (the average is 3, but this is an upper bound so I’m fine shooting higher. Jesus was likely much smaller than a temple).

If you choose to continue on with your dihydrogen monoxide addiction, you also enjoy a lower bound of T+0 (oops, down the wrong pipe!). Your upper bound is literally “the upper bound of a human lifespan” (assuming you’re a human) which is about as generous as an upper bound can be.

In finding our bounds, something has emerged. You are dead either way (drats) but drinking water does seem the better choice.

Which leads us then to question, what are the bounds for people who drink soda? Alcohol? Soylent? Coffee?

Now let’s try this using something I heard at work today.

Something I heard at work today

We don’t invest enough in the infrastructure that allows us to forge new paths forward.

This was said earnestly and in the context that implied we ought to have built or be building (more of) this infrastructure. Let’s take a moment and acknowledge the speaker. They are probably saying this out of frustration that they can’t forge the new path forward that they would like to, due to the lack of supporting infrastructure. That sucks - let’s be a good person and tell them we understand their frustrations, then sit in the uncomfortable silence so they they know we know the difficulty.

(while we’re doing that, there’ll likely be some neurons you aren’t using. Queue elevator music)

Bounding

It’s easy to imagine a lower bound here: no investment (do not pass Go, do not collect $200). No paths forged - womp womp. Surprisngly I’d actually argue this bound isn’t a bad place to be on the spectrum. It’s very unambiguous and somewhat final (“there is no investment here - go elsewhere”).

For the upper bound, we could say “infinite investment”, but let’s be more realistic: “every time someone wants to forge a new path, the infrasturcure already exists”.

You could argue the upper bound be further along the spectrum (something along the lines of “more infrastructure than you could ever conceivably need”, but I would argue this isn’t a realistic upper bound.

In finding our bounds, something has emerged. Unless our organization lives at the very tippy tip of the spectrum, our dilemma is doomed to feel underfunded (drats). This may feel bleak and unhelpful, but let me pose an alternative perspective.

Assume you’re guaranteed to underinvest in infrastructure and therefore miss forging some new paths forward.

• What paths might be more or less forgeable today?
• What paths are worth forging, and how much infrastratructure is required?
• What investments in our infrastructure would unlock the most paths?

The point

By taking a data point, and imagining it on a spectrum with realistic bounds, we’re able to see a “bigger picture”. This reframing helps turn a potentially unhelpful singular point into an array of choices and tradeoffs. You’re no longer trying to push or nudge the point this way or that, you’re creatively imaginging the places the point could be and how it might get there.

…or at the very least, your neurons have something fun to do.

Let’s assume these humans are rational (most are!), have a good memory (present company only maybe included), and understand how other humans generally work (as most do).

Now all you can control is one thing: do you let them hunker down in separate rooms, or bring them all into one?

…this isn’t about “Return to Office.” It’s about monorepos!

And TL;DR: The more you co-locate, the more you co-operate and co-llaborate.

(aside) A Pedant’s “Repo” Rant

A “repository” is defined as “a place, building, or receptacle where things are or may be stored.”

As there’s no comment on size or shape, this implies that my belly button is a lint repository just as much as Earth is a humans repository.

Or, put another way, not only is the CPython GitHub repo a repository, the Python GitHub org is a repository, as is GitHub (.com) itself.

This is important because when people talk about a “monorepo,” sometimes we aren’t all talking about the exact same thing. Google’s “monorepo” is not like Meta’s is not like (org I’ve worked at using a GitHub git monorepo).

What’s that human doing in my machine?

I often approach solving common organizational problems in a way that is likely uncomfortable to some: ignore the technology and focus on the humans. They are the ones writing the code, they are the ones working together, they are the ones that define success or failure.

This is because I strongly believe that “software engineering” is not just engineering, but is also an artistic exercise and a social experience (I also believe that driving is a form of dancing, just to go ahead and put that out there). Perhaps put another way, it’s a game.

I recently watched a video talking about the “Iterated Prisoner’s Dilemma”. In the version I watched, centered around Axelrod’s Tournament, people submitted BASIC programs to compete in a game where both programs “cooperating” earned them each 5 points, only one cooperating earned that one 3 (and the other 0), and neither cooperating earned them both 1. Breaking this down a bit:

• If you only ever focus on yourself (don’t choose to cooperate) you’ll earn at most 3 points or as little as 1 point
• The fact that the game is played continuously with the same agents is important. The agents have memory and there’s no end in sight
• Cooperation takes continued trust, but yields the highest outcome for everyone

This kind of experimental study is used to help us understand otherwise confounding behaviors in evolved creatures. We’re quite literally evolved to work together. Which is a good thing, since “working together” is usually a requirement for a successful organization.

A simple thought experiment

Let’s take away everything that goes into software development that isn’t interacting with source code control. After you stop salivating about no longer worrying about CI, JIRA, or Agile, you then take the code from every repo in your org (within reason) and shove them each in a subdirectory in a new single organization.

…what do you think would happen over time? What kind of culture would emerge?

Conclusion

Coding is a social activity. As evolved, social beings we work best when we’re “all in the same room” so to speak. That includes our code - one of (but not our only) means of communication.

(And once we decide to cooperate and collaborate, I’m sure we’ll find solutions to the technical problems a monorepo usually entails. I’m not sure it won’t be Bazel (sorry))

Buildkite step-level notify

Buildkite pipelines offer a nice feature where the pipeline YAML can have a notify key which can be configured to list different services to receive “notifications” about the pipeline’s status (e.g. “in progress” or “failed” or “succeeded”).

These services include Slack (to send messages/updates) and PagerDuty (presumably to alert on failure) and also GitHub, although not documented on the linked page - for that you’d need to go here.

This feature is also extended to individual pipeline steps, as well as group steps, with a subset of the configurable services.

As an example:

steps:
  - label: "Example Script"
    command: "script.sh"
    notify:
      - ...

github_commit_status

One of the configurable services services is github_commit_status, which takes an arbitrary string context, and tells Buildkite to send commit statuses (e.g. “pending”, “failure”) representing the pipeline step status (“running”, “failed”) using the provided context.

It hopefully isn’t hard to imagine how this can be a useful feature! Unfortunately it also isn’t hard to imagine how this can be abused.

Setting up the board

1. Configure your repository to require Pull Requests, and require that PRs MUST pass a required status check (which for this purpose, let’s assume does some security checks) which MUST come from the Buildkite GitHub App using the context buildkite/security-pipeline (the one sent by the “Security Pipeline” pipeline).
2. In the same repository, have a pipeline (could be any) which allows developers to change/upload pipeline steps (e.g. edit the steps or run buildkite-agent pipeline upload). (Due to the nature of Buildkite and their “dynamic pipelines” feature, this is usually a possibility).

The “Play”

1. Make a malicious commit which would fail the security check
2. Wait for the security pipeline to fail
3. Upload some pipeline YAML containing ```yaml steps:
   • command: echo “gotcha” notify:
   • github_commit_status: context: “buildkite/security-pipeline” ```
4. Trigger that pipeline on the malicious commit
5. Your PR is now mergeable

For step 3, it helps if you find a way to upload pipeline YAML outside of the code changes itself (otherwise you’ll need to get creative in crafting your malicious commit - although most folks aren’t scrutinizing Buildkite pipeline steps for security flaws).

BONUS: Every security bug is a security feature

Once I discovered this bug, I immediately reported it to Buildkite.

Then, of course, I set out to use this to my advantage.

At the time, I was helping support our usage of GitHub’s Merge Queue. One displeasure was when parts of CI (say a set of tests) were still running for a particular entry, where they’d passed on a “downstream” entry. In this scenario we knew it was 99% safe to merge, but had no way of kicking Buildkite/GitHub into action.

So, easiest way to move forward is… make a pipeline which does the above! Trigger the pipeline on the SHA of the merge queue entry and ✨ merged ✨

This is largely used for checks such as “has CI run?”, but can be used for many many more things since this is automatable.

There are all kinds of GitHub Automations leveraging these. Ones for:

• Code Coverage gates
• “DO NOT MERGE” checks
• Code Review requirements (because CODEOWNERS isn’t great)
• Pull Request title/description checks
• Merge Queue semantics
• …and of course every AI code reviewer ever

How it works

Just use the API (REST or GraphQL) to send a commit status (passing, failing, or pending) along with a “context” (e.g. a slug) some optional description (e.g. “you didn’t say the magic word”) and an optional URL. If configured, the Pull Request MUST have a passing status sent from the exact configured GitHub App before it is able to merge.

The Problem(s)

Arbitrary, arbitrary. Everything is arbitrary.

The APIs for commit statuses aren’t limited to apps, and contexts aren’t limited by anything, and URLs aren’t limited, and API callers are only limited to those with write access to the repository.

Feeling bored and want to mess with your peers? Pick a PR, grab the SHA and…

gh api \
  /repos/{owner}/{repo}/statuses/{SHA} \
   -f 'state=failure' \
   -f 'target_url=https://media0.giphy.com/media/v1.Y2lkPTc5MGI3NjExcDkwajRocjlpazJ6NXIzbXRlbWg1ZThneml5NzQ4a29sajZkcmZ6MyZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/owRSsSHHoVYFa/giphy.gif' \
   -f 'description=YOU DIDNT SAY THE MAGIC WORD' \
   -f 'context=i-hate-this-hacker-crap'

From a security standpoint, required checks are configured along with the GitHub App they are expected to come from. Meaning if you’re expecting the required “passes security checks” commit status to come from the GitHub App “Scruff McGruff”, a passing status from another GitHub App, or from a user, will not be honored.

The status will of course still exist and be displayed, which is some sucky UI/UX. Speaking of…

The UI/UX sucks

In addition to aribitrary statuses or descriptions or senders, there’s also the juggling of required status checks with all the other (not-aribitrary-but-not-required) ones. Not only can it get overwhelming, but it can get downright misleading!

GitHub’s UX changes if you have failing NOT required status checks. The nice green merge button (the one that feels SO GOOD to click) turns into a clickable-but-greytone one. I can’t count the number of times I’ve had to help people in realizing the button is clickable, it just isn’t green. I’m also pretty sure as every company matures they make a set of Userscripts or a Chrome Extension just for GitHub, and this is the first piece of functionality.

Context is Key

Lastly, everything is keyed off of the (aribtrary) context in the payload.

A new status with the same context (but different state or description) just overwrites the previous one.

If you’re adding a new required status - hope all of your opened opened (and currently mergeable) PRs have a passing status already.

Or if you want to rename/change the context, good luck!

One Commit SHA: 0 to inifinite PRs

Since commit statuses are sent to commit SHAs that means the relationship between the Pull Request and the “required” statuses is the same relationship between a branch and a commit.

In the case of Pull Requests, let’s say we have a check that the PR description includes a reference to HeadOn (“Apply directly to the forehead”). And I open a PR against the default branch omitting the reference. I presumably get a failing commit status check and can’t merge my PR. Then, because our development cycle is weird I also have to open the same change against the superbowl feature branch, so I do, remembering the required reference. I get a passing commit status check (apply directly to the commit SHA).

One SHA. One branch (but could be two). Two PRs. Both (now) mergeable.

(The pain of which is felt beyond just the forehead)

Background

This blog post is about Python “namespace packages”. Unfortunately because the Zen of Python didn’t include “There should be one– and preferably only one –defintion for a term”, I have to disambiguate.

I assume when you read “Python package” your first thought is of packages as found on the Python Package Index (PyPI for short, pronunciation: “🥧 P 👁️”). That is mine as well. However, in the statement import x.y, Python calls x a “module” as well as a “package”, and y a “submodule” and a “subpackage”.

And now a tongue twister: “Petr promptly packaged Python package pello producing Python package pello, then published Python package pello containing Python package pello to the Python Package Index promptly.”

…whew!

In order to disambiguate, we can use the term “distribution packages” to refer to the PyPI-flavored ones and “import packages”
for the module-flavored ones.

Definition(s) and Terminology

PEP 420 starts with

Namespace packages are a mechanism for splitting a single Python package across multiple directories on disk.

A better definition might be

Namespace packages are a mechanism for splitting a single Import Package across one or more directories on disk. They can either be “explicit” or “implicit”, depending on the mechanism.

The Python docs define namespace packages as:

A package which serves only as a container for subpackages. […]

This is the most correct, in my opinion, because Python import packages don’t have to come from directories on disk. They may also come from other exotic places like zip archives.

Rationale

Let’s say you’re a megacorp named Gooble and you want all of your code to be known to be Gooble code so you’d prefer all of your modules to start with gooble.. You now have a choice. Put everything inside of one distribution package named gooble (combining code for your Earth Engine with Big Lake code along with your Cloud APIs - much to the confusion of Hydrologists everywhere). Or split things into logical sections, each sharing a piece of the gooble. pie, making gooble a namespace package.

You may be thinking “ok, so what’s the big deal?” - and in most “vanilla” cases there’d be no big deal. Most of the time you install a Python package, it goes into some site-packages directory along with all its installed brothers and sisters and cousins. Install gooble-storage and site-packages/gooble/storage/... exists. Likewise install gooble-functions and site-packages/gooble/functions/... will join in.

There are other ways of loading modules from disk, however. And therein lies the challenge.

The challenge

The reason the code in your site-packages is found when you import is due to Python’s default path based finder. It works kinda like this:

• Given a module (like gooble), iterate through the paths in sys.path trying to find a valid gooble module underneath. This may look like gooble/__init__.py or gooble.py or any of the other valid ways of defining a Python module on disk.
• Given a submodule (like gooble.firewall), first load module gooble, take the path we found it at (__path__) and look underneath for submodule firewall.

Undoubtedly, your sys.path has your site-packages directory in it, and this is how most “third-party” code is loaded most of the time.

But imagine with me, instead of a single sys.path entry containing every installed distribution package we instead used one sys.path entry for each distribution package. This is certainly an attractive idea if you were designing a Python environment manager with an emphasis on speed. Each package could be installed, in parallel, into a cache directory and then in order to construct a Python environment you’d simply need to populate sys.path with the correct cache directories.

Re-enter gooble. How should the default path finder find gooble.firestore, given it already loaded gooble and gooble.firebase from /cached/gooble-firebase/gooble/firebase.py?

Namespace packages is the how. They are mechanism for splitting a single Import Package across one or more directories on disk.

Namespace Packages

So now we know what namespace packages aim to solve. Its a way to tell the import machinery that an import package belongs to many (or none, depending on how you want to look at it) distribution packages, and all that entails.

Historically, there were only explicit namespace packages (I suspect at the time they were just called “namespace packages”, and then PEP 420 came along and gave us implicit namespace packages). Of course, the Zen of Python does say “There should be one– and preferably only one –obvious way to do it” but I’m not sure it applies here, given it isn’t called “the Zen of Python Packaging”. I suspect that rule was skipped over and the rule which reads “Namespaces are one honking great idea – let’s do more of those!” was instead double-clicked on.

Explicit Namespace Packages

These come in two flavors, but they both accomplish roughly the same thing: declaring a Python import package as a namespace package. In your namespace package (gooble/__init__.py in our case), use

from pkgutil import extend_path
__path__ = extend_path(__path__, __name__)
# or...
import pkg_resources
pkg_resources.declare_namespace(__name__)

These use __path__ shenanigans to trick the Python import machinery into searching additional directories when searching for submodules.

It is important to note that one quirk of this solution is that every gooble/__init__.py in every distribution package MUST agree on doing this. Otherwise, if gooble-cloud-walk accidentally shipped an empty gooble/__init__.py AND it had an “early” sys.path entry, then it claims the import package gooble all to itself.

(Remember this way is the “legacy” way)

Implicit Namespace Packages

PEP 420 gave us a (better) alternative, implicit namespace packages. These are easy to make and easy to explain. Just don’t make gooble/__init__.py. Easy peasy lemon squeezy. The import machinery was changed to allow this new way of saying “hey keep looking for gooble.cloud_build if gooble/ has no __init__.py.

We still have to make sure every gooble distribution package agrees NOT to contain the file, but now we don’t have to worry about multiple distribution packages containing the same path.

(If you’ve ever forgotten to make a __init__.py file and importing still worked - this is why)

The Pain of Python (Namespace Packages)

Unfortunately, both explicit and implicit namespace packages still exist today - meaning we have two ways of accomplishing the same thing (two strikes against “the Zen” - one for having “one obvious way” and one for “explicit is better than implicit”).

Secondly, newcomers (or forgetful old-timers) might omit the __init__.py and now implicitly have an implicit namespace package (as opposed to someone adhering to PEP 420 and explicitly having an implicit namespace package). There’s also a slight import performance hit when doing this (but likely not enough to matter).

Third, for hard-workin’ folks like myself who would like to associate module (and submodule) names to packages, this is nigh impossible. It’s impossible to correctly determine if the omission of a __init__.py was implicit or explicit. Educated guesses can be made, but as we can see from that blog post they are just guesses.

Fourth, implicit namespace packages are still brittle. Developer X knows that gooble/ is a namespace package and omits __init__.py. But it can very easily be added. Consider how many Pull Requests you’ve reviewed where you’ve scrutinized the addition of a __init__.py file (hint: it’s likely an integer less than one). This is because explicit really is better than implicit.

Last, because most installations involve overlapping unpacking in a shared directory (site-packages), there are several distribution packages which have namespace import packages, but lack the mechanism. It’s all too easy to have gooble-deploy and gooble-console contain gooble/__init__.py, and everything “just work” most of the time. This is a large reason environment-management tools don’t use the sys.path trick. It exposes annoying and hard-to-diagnose bugs.

Conclusion

Namespace packages are a useful mechanism which solves a real problem. However, the precise semantics come at the cost of cognitive complexity, especially for developer tool authors/maintainers. Here are my suggestions:

• Avoid accidental namespace packages - always include __init__.py files in directories
• Avoid purposeful namespace packages - they’re a pain in the ass

References

• PEP 420
• Packaging Namespace Packages
• Python Glossary - “Namespace Package”
• Python Language Reference - “Namespace Packages”

Do you prefer absolute or relative imports for inter-module imports within applications?

Go ahead and call me a Sith because I deal in absolutes.

And here’s why.

Ways of running Python files

Python has more than a few ways of running a “Python file”:

• python path/to/file.py: Run the file at this path
• python -m path.to.file: Run the module found with this dotted name
• python path/to: Run the __main__.py file under this directory path
• python -m path/to: Run the module found with this dotted name, which this time would be the directory’s __init__.py
• python path/to/zipapp.zip: Run this zipapp
• pytest or any other installed script name: Run the script found at <Python environment directory>/bin/<name>, e.g. .venv/bin/pytest

Ways of importing your fellow module

• from . import sibling: Imports sibling from under the same/parent directory this module is in
  • This first would try to import attribute sibling from __init__.py
  • then try to import the module named sibling (either sibling/__init__.py or sibling.py)
• from .sibling import boogers: Same idea, but this time we need to load module sibling and attribute/submodule boogers
• from .. import uncle: Imports uncle from under the grandparent directory (using similar rules)
• from ..uncle import tickles: (you get the jist)
• from ... import great_aunt: …

These are all examples of relative imports. What they import is relative to the module importing them.

(By the way, in case you needed one, here’s an example of an absolute import: from pkgname.child import fun)

Ways of running Python files which import their fellow modules

Given this flat layout project:

.
├── macaroni/
│   ├── __init__.py
│   ├── salad.py
│   └── and_/
│       ├── __init__.py
│       └── cheese.py

Why is that?

Buried in the Python docs’ tutorials, in Chapter 6 “Modules”, Section 4 “Packages”, Subsection 2 “Intra-package References” (6.4.2. here), there is this paragraph ¹:

Note that relative imports are based on the name of the current module’s package. Since the main module does not have a package, modules intended for use as the main module of a Python application must always use absolute imports.

When Python encounters a relative import, it is relative to the current package, which for the “main module” (the module being invoked), doesn’t exist.

The bottom line: Absolute imports work consistently irrespective of how your Python file is executed. Relative imports don’t give you that luxury.