dppvalidator/.pre-commit-config.yaml at main · artiso-ai/dppvalidator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v6.0.0
    hooks:
      - id: check-yaml
        args: [ --unsafe ]
      # ``end-of-file-fixer`` and ``trailing-whitespace`` mutate files —
      # which is incompatible with the SHA-pinned vendored artefacts
      # under ``src/dppvalidator/{schemas,vocabularies}/data/``. Those
      # files are byte-pinned in
      # ``src/dppvalidator/schemas/data/MANIFEST.json`` and verified by
      # ``tests/unit/test_manifest_integrity.py``. Adding a trailing
      # newline silently invalidates the SHA. The exclusion guards
      # both that contract and the upstream-vendored fixtures under
      # ``tests/fixtures/upstream/`` (also SHA-recorded in SOURCES.md).
      - id: end-of-file-fixer
        exclude: ^(src/dppvalidator/(schemas|vocabularies)/data/|tests/fixtures/upstream/).*$
      - id: trailing-whitespace
        exclude: ^(src/dppvalidator/(schemas|vocabularies)/data/|tests/fixtures/upstream/).*$
      - id: detect-private-key
      - id: debug-statements
      - id: check-added-large-files
        exclude: ^(uv\.lock|docs/assets/logo\.png)$

  - repo: https://github.com/executablebooks/mdformat
    rev: 1.0.0
    hooks:
      - id: mdformat
        additional_dependencies:
          - mdformat-gfm
          - mdformat-black
          - mdformat-admon
        exclude: ^(\.windsurf/(rules|skills|workflows)|\.claude|docs/plans|tests/fixtures/upstream)/.*\.md$

  - repo: https://github.com/hadialqattan/pycln
    rev: v2.6.0
    hooks:
      - id: pycln
        args: [ --config=pyproject.toml ]

  - repo: https://github.com/astral-sh/ruff-pre-commit
    rev: v0.14.14
    hooks:
      # bandit (security) - exclude notebooks (example code uses random)
      # ``scripts/`` is excluded too: it holds dev-only utilities (e.g. the
      # functional smoke test) that legitimately drive ``subprocess.run``
      # with controlled, env-overridable binary paths — not user input.
      - id: ruff
        types_or: [ python, pyi ]
        args: [ "--fix", "--select=S", "--ignore=S101,S110" ]
        exclude: ^(tests/|mutants/|examples/|scripts/)
      # isort
      - id: ruff
        types_or: [ python, pyi, jupyter ]
        args: [ --fix, "--select=I" ]
      # type annotations - exclude notebooks (educational examples)
      - id: ruff
        types_or: [ python, pyi ]
        args: [ "--select", "ANN", "--ignore", "ANN101,ANN102,ANN401,ANN002,ANN003" ]
        exclude: ^(tests/|mutants/|benchmarks/|examples/|scripts/).*$
      # Replace %s statements with f-string syntax
      - id: ruff
        types_or: [ python, pyi, jupyter ]
        args: [ "--select=FLY002" ]
      # Comprehensive ruff check (no auto-fix) - only on src code
      - id: ruff
        name: ruff-check-all
        types_or: [ python, pyi ]
        args: [ "--output-format=github" ]
        exclude: ^(tests/|mutants/|benchmarks/|examples/|scripts/)
      # formatting
      - id: ruff-format
        types_or: [ python, pyi, jupyter ]

  # ty type checking via uv (uses project's dev dependencies)
  - repo: local
    hooks:
      - id: ty
        name: ty
        entry: uv run ty check src/dppvalidator/
        language: system
        types: [ python ]
        pass_filenames: false
      # Audit the actually-installed non-editable packages rather than
      # plain ``uv run pip-audit --skip-editable``. The bare command
      # ships its own pip 25.3 in the tool environment, which surfaces
      # pip-the-installer CVEs unrelated to anything dppvalidator
      # imports or ships. ``pip freeze --exclude-editable`` excludes
      # both pip itself and our editable package.
      - id: pip-audit
        name: pip-audit
        entry: bash -c 'uv pip freeze --exclude-editable > /tmp/audit-requirements.txt && uv run pip-audit --requirement /tmp/audit-requirements.txt --strict'
        language: system
        pass_filenames: false
        stages: [ pre-push ]
      # Phase 7 of the Docs Coherence Plan — guard against the
      # "default UNTP version" claim drifting away from the registry.
      # Runs against user-facing docs (README, AGENTS.md, mkdocs pages,
      # llms*.txt). See tools/check_doc_default_version.py for the
      # exempt list and detection algorithm.
      - id: check-doc-default-version
        name: check-doc-default-version
        entry: uv run python tools/check_doc_default_version.py
        language: system
        pass_filenames: false
        files: ^(README\.md|AGENTS\.md|CLAUDE\.md|docs/(?!plans/|adr/0006).*\.(md|txt)|src/dppvalidator/schemas/registry\.py)$