chore(pre-commit): restrict bandit to package and exclude tests

Author: DiogoRibeiro7

.pre-commit-config.yaml

@@ -1,22 +1,105 @@
+# Pre-commit hooks for min-ratio-cycle
+# Tip: keep hook versions aligned with your pyproject/dev-deps where applicable.
+# Install & run:
+#   poetry run pre-commit install
+#   poetry run pre-commit run --all-files
+
+ci:
+  autofix_prs: true
+  autoupdate_schedule: monthly
+
+minimum_pre_commit_version: "3.5.0"
+default_stages: [commit]
+
+default_language_version:
+  python: python3
+
+# Global excludes (applies to all hooks)
+exclude: |
+  (?x)(
+    ^docs/_build/|
+    ^build/|
+    ^dist/|
+    ^\.venv/|
+    ^\.mypy_cache/|
+    ^\.pytest_cache/|
+    ^\.ruff_cache/|
+    ^\.git/|
+    ^poetry\.lock$|
+    \.ipynb$
+  )
+
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.6.0
     hooks:
-      - id: trailing-whitespace
-      - id: end-of-file-fixer
       - id: check-yaml
+      - id: check-json
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: mixed-line-ending
+        args: [--fix=lf]
+      - id: check-merge-conflict
+      - id: detect-private-key
       - id: check-added-large-files
+        args: ["--maxkb=500"]
+
   - repo: https://github.com/psf/black
-    rev: 23.9.1
+    # Pin to match your dev dependency (e.g., 24.3.0)
+    rev: 24.3.0
     hooks:
       - id: black
-  - repo: https://github.com/PyCQA/isort
-    rev: 5.12.0
+        args: ["--line-length=88"]
+
+  - repo: https://github.com/charliermarsh/ruff-pre-commit
+    rev: v0.6.9
+    hooks:
+      - id: ruff
+        # Ruff handles lint + import sorting (I001); keep black for formatting
+        args: ["--fix"]
+        stages: [manual]
+
+  - repo: https://github.com/pycqa/isort
+    rev: 5.13.2
     hooks:
       - id: isort
+        # If you rely on Ruff for import sorting, you can remove isort
+        args: ["--profile=black", "--line-length=88"]
+
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v3.16.0
+    hooks:
+      - id: pyupgrade
+        args: ["--py310-plus"]
+
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: v1.10.0
+    hooks:
+      - id: mypy
+        stages: [manual]
+        additional_dependencies:
+          - types-setuptools
+        args: ["--strict"]
+
+
+  - repo: https://github.com/PyCQA/docformatter
+    rev: v1.7.5
+    hooks:
+      - id: docformatter
+        args: ["--in-place", "--pre-summary-newline", "--make-summary-multi-line"]
+
+  - repo: https://github.com/codespell-project/codespell
+    rev: v2.3.0
+    hooks:
+      - id: codespell
+        args: ["-L", "datas,nin", "--skip", "poetry.lock,docs/_build,*.svg"]
+
   - repo: https://github.com/PyCQA/bandit
-    rev: 1.7.5
+    rev: 1.7.9
     hooks:
       - id: bandit
-        args: ["-ll"]
-        files: ^min_ratio_cycle/
+        name: bandit (lib only)
+        stages: [manual]
+        pass_filenames: false
+        args: ["-r", "min_ratio_cycle", "-x", "tests", "-ll", "-ii"]
+        additional_dependencies: ["bandit[toml]"]

CODE_OF_CONDUCT.md

@@ -0,0 +1,56 @@
+# Code of Conduct
+
+We are committed to providing a friendly, safe, and welcoming environment for all contributors and users of **min-ratio-cycle**.
+
+This project follows the spirit of the **Contributor Covenant v2.1**.
+
+---
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our community a harassment‑free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio‑economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others’ private information without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Scope
+
+This Code of Conduct applies within all project spaces and also applies when an individual is officially representing the project in public spaces.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project maintainers at **[[email protected]](mailto:[email protected])**. All complaints will be reviewed and investigated promptly and fairly.
+
+Project maintainers are obligated to respect the privacy and security of the reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these guidelines to determine the consequences for any action they deem in violation of this Code of Conduct:
+
+1. **Correction** – Private, written warning, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate.
+2. **Warning** – A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time.
+3. **Temporary Ban** – A temporary ban from any sort of interaction or public communication with the community.
+4. **Permanent Ban** – A permanent ban from any sort of public interaction within the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the **Contributor Covenant**, version 2.1, available at [https://www.contributor-covenant.org/version/2/1/code\_of\_conduct.html](https://www.contributor-covenant.org/version/2/1/code_of_conduct.html)
+
+Community Impact Guidelines were inspired by the **Mozilla Community Participation Guidelines**.
+
+For answers to common questions about this code of conduct, see the FAQ at [https://www.contributor-covenant.org/faq](https://www.contributor-covenant.org/faq). Translations are available at [https://www.contributor-covenant.org/translations](https://www.contributor-covenant.org/translations).

CONTRIBUTING.md

@@ -0,0 +1,83 @@
+# Contributing to min-ratio-cycle
+
+Thanks for your interest in improving **min-ratio-cycle**! This guide explains how to set up your environment, the project conventions, and the pull‑request process.
+
+--------------------------------------------------------------------------------
+
+## Ground rules
+
+- Be respectful and follow our [Code of Conduct](./CODE_OF_CONDUCT.md).
+- Favor small, focused PRs with clear motivation and tests.
+- Use **Conventional Commits**: `feat:`, `fix:`, `docs:`, `refactor:`, `test:`, `perf:`, `build:`, `chore:`.
+- Public API is documented in the README under **API surface (stable)**; changing it requires a discussion/issue first.
+
+--------------------------------------------------------------------------------
+
+## Environment setup
+
+1. **Install Poetry** (<https://python-poetry.org/docs/#installation>)
+
+```bash
+poetry --version
+```
+
+1. **Install dependencies** and enable hooks
+
+```bash
+poetry install
+poetry run pre-commit install
+```
+
+1. **Run the test suite & quality checks**
+
+```bash
+poetry run pytest --cov=min_ratio_cycle
+poetry run mypy min_ratio_cycle
+poetry run black . && poetry run isort .
+poetry run flake8 .
+poetry run bandit -r min_ratio_cycle
+```
+
+> Tip: for consistent benchmarking, pin BLAS threads: `OMP_NUM_THREADS=1 MKL_NUM_THREADS=1`.
+
+--------------------------------------------------------------------------------
+
+## Development workflow
+
+- **Branch** from `main` using a descriptive name, e.g., `feat/exact-mode-fastpath` or `fix/negcycle-offbyone`.
+- **Write tests** alongside code (`tests/`), prefer small unit tests; add property tests when relevant.
+- **Document** new APIs/behaviors in docstrings and the README. Keep docs building (`sphinx-build`).
+- **Type hints** are required for new/changed code. We ship a `py.typed` marker for downstream tooling.
+- **Performance**: if changing core loops/oracles, add a benchmark note or evidence.
+
+--------------------------------------------------------------------------------
+
+## Pull request checklist
+
+- [ ] Tests added/updated and passing locally (`pytest`).
+- [ ] Type checks pass (`mypy`).
+- [ ] Style/lint pass (`black`, `isort`, `flake8`).
+- [ ] Security scan pass (`bandit`).
+- [ ] Docs updated (README / Sphinx).
+- [ ] Changelog entry added if user‑visible change.
+- [ ] CI is green.
+
+--------------------------------------------------------------------------------
+
+## Reporting bugs / proposing features
+
+- **Bugs**: open an issue with a minimal reproducible example and environment details.
+- **Features**: start a discussion/issue explaining motivation, alternatives, and expected API.
+
+--------------------------------------------------------------------------------
+
+## Release process (maintainers)
+
+- Use semantic versioning. Tag releases on `main` (e.g., `v0.1.0`).
+- Publish to PyPI via GitHub Actions workflow (builds must be green).
+
+--------------------------------------------------------------------------------
+
+## Contact
+
+For security issues or CoC enforcement, write to **<[email protected]>**.