ci: add mypy, security scanning, and coverage to CI pipeline

Add type checking (mypy), security scanning (bandit), dependency
audit (pip-audit), and test coverage with codecov upload.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: Acquarts

.github/workflows/gaming-assistant-ci.yml

@@ -39,8 +39,27 @@ jobs:
           ruff check .
           ruff format --check .
 
+      - name: Type check with mypy
+        run: |
+          mypy my_agent/ app/ --ignore-missing-imports
+
+      - name: Security scan with bandit
+        run: |
+          bandit -r my_agent/ app/ -f json -o bandit-report.json --exit-zero
+          bandit -r my_agent/ app/ -ll
+
+      - name: Dependency audit
+        run: |
+          pip-audit --strict --desc on 2>&1 || true
+
       - name: Run tests
         env:
           GOOGLE_GENAI_USE_VERTEXAI: "False"
         run: |
-          pytest tests/ -v
+          pytest tests/ -v --cov=my_agent --cov=app --cov-report=xml
+
+      - name: Upload coverage
+        uses: codecov/codecov-action@v4
+        with:
+          file: ai-gaming-assistant-agent/coverage.xml
+          fail_ci_if_error: false

ai-gaming-assistant-agent/.github/workflows/ci.yml

@@ -34,6 +34,15 @@ jobs:
         run: |
           mypy my_agent/ app/ --ignore-missing-imports
 
+      - name: Security scan with bandit
+        run: |
+          bandit -r my_agent/ app/ -f json -o bandit-report.json --exit-zero
+          bandit -r my_agent/ app/ -ll
+
+      - name: Dependency audit
+        run: |
+          pip-audit --strict --desc on 2>&1 || true
+
       - name: Run tests
         env:
           GOOGLE_GENAI_USE_VERTEXAI: "False"

ai-gaming-assistant-agent/requirements-dev.txt

@@ -11,3 +11,7 @@ mypy>=1.9.0
 
 # Type stubs
 types-requests>=2.31.0
+
+# Security
+bandit>=1.7.0
+pip-audit>=2.7.0