test: add table-driven tests and pre-push CI validation

- Add table-driven tests for Hasher class (59% → 98% coverage)
- Add table-driven tests for validation/secrets (63% → 72% coverage)
- Add pre-push hook to run pytest before pushing
- Add scripts/ci-local.sh for local CI validation
- Fix PT006 lint errors (parametrize tuple syntax)
- Fix mypy type narrowing errors
- Update pre-commit ruff to v0.9.0

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: kwschulz

.pre-commit-config.yaml

@@ -4,7 +4,7 @@
 # Update: pre-commit autoupdate
 
 default_language_version:
-  python: python3.10
+  python: python3
 
 repos:
   # ==========================================================================
@@ -36,7 +36,7 @@ repos:
   # Ruff - Linting & Formatting
   # ==========================================================================
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.5.0
+    rev: v0.9.0
     hooks:
       # Run the linter
       - id: ruff
@@ -76,6 +76,19 @@ repos:
       - id: commitizen
         stages: [commit-msg]
 
+  # ==========================================================================
+  # Pre-push: Full test suite
+  # ==========================================================================
+  - repo: local
+    hooks:
+      - id: pytest
+        name: pytest
+        entry: pytest --tb=short -q
+        language: system
+        pass_filenames: false
+        always_run: true
+        stages: [pre-push]
+
   # ==========================================================================
   # Documentation
   # ==========================================================================

CONTRIBUTING.md

@@ -11,7 +11,7 @@ Thank you for your interest in contributing to har-capture!
    cd har-capture
    ```
 
-2. **Create a virtual environment**
+1. **Create a virtual environment**
 
    ```bash
    python -m venv .venv
@@ -20,19 +20,26 @@ Thank you for your interest in contributing to har-capture!
    .venv\Scripts\activate     # Windows
    ```
 
-3. **Install in development mode**
+1. **Install in development mode**
 
    ```bash
    pip install -e ".[dev,full]"
    ```
 
-4. **Install pre-commit hooks**
+1. **Install pre-commit hooks**
 
    ```bash
    pre-commit install
    pre-commit install --hook-type commit-msg
+   pre-commit install --hook-type pre-push
    ```
 
+   This installs:
+
+   - **pre-commit**: Runs ruff lint/format on staged files
+   - **commit-msg**: Validates commit message format
+   - **pre-push**: Runs full test suite before push
+
 ## Code Quality Standards
 
 This project enforces strict quality standards:
@@ -96,6 +103,7 @@ type(scope): description
 ```
 
 Types:
+
 - `feat`: New feature
 - `fix`: Bug fix
 - `docs`: Documentation only
@@ -106,6 +114,7 @@ Types:
 - `chore`: Maintenance tasks
 
 Examples:
+
 ```
 feat(sanitization): add WiFi credential detection
 fix(cli): handle missing output directory
@@ -116,30 +125,38 @@ test(validation): add PII detection tests
 ## Pull Request Process
 
 1. **Create a branch** from `main`:
+
    ```bash
    git checkout -b feat/my-feature
    ```
 
-2. **Make your changes** following the code standards above
+1. **Make your changes** following the code standards above
+
+1. **Run all checks locally**:
 
-3. **Run all checks locally**:
    ```bash
+   # One command to run everything CI runs:
+   ./scripts/ci-local.sh
+
+   # Or run each check separately:
    pre-commit run --all-files
    pytest
    mypy src/
    ```
 
-4. **Push and create a PR**:
+1. **Push and create a PR**:
+
    ```bash
    git push -u origin feat/my-feature
    ```
 
-5. **Fill out the PR template** with:
+1. **Fill out the PR template** with:
+
    - Description of changes
    - Related issues
    - Testing performed
 
-6. **Wait for CI** to pass and address any feedback
+1. **Wait for CI** to pass and address any feedback
 
 ## Project Structure
 
@@ -158,10 +175,10 @@ har-capture/
 ## Adding New Features
 
 1. **Write tests first** (TDD encouraged)
-2. **Add type hints** to all functions
-3. **Add docstrings** (Google style)
-4. **Update CHANGELOG.md** under `[Unreleased]`
-5. **Update README.md** if adding user-facing features
+1. **Add type hints** to all functions
+1. **Add docstrings** (Google style)
+1. **Update CHANGELOG.md** under `[Unreleased]`
+1. **Update README.md** if adding user-facing features
 
 ## Dependencies
 
@@ -177,7 +194,7 @@ har-capture/
 
 Thank you for contributing!
 
----
+______________________________________________________________________
 
 ## Maintainer Setup
 
@@ -186,9 +203,11 @@ One-time setup for repository maintainers:
 ### GitHub Repository Settings
 
 1. **Enable private vulnerability reporting**
+
    - Settings → Code security and analysis → Private vulnerability reporting → Enable
 
-2. **Create GitHub Environments**
+1. **Create GitHub Environments**
+
    - Settings → Environments → New environment
    - Create `pypi` (for production releases)
    - Create `test-pypi` (for test releases)
@@ -198,13 +217,15 @@ One-time setup for repository maintainers:
 Configure OIDC publishing (no API tokens needed):
 
 1. **PyPI:** https://pypi.org/manage/account/publishing/
+
    - Add publisher
    - Owner: `solentlabs`
    - Repository: `har-capture`
    - Workflow: `publish.yml`
    - Environment: `pypi`
 
-2. **Test PyPI:** https://test.pypi.org/manage/account/publishing/
+1. **Test PyPI:** https://test.pypi.org/manage/account/publishing/
+
    - Same settings, environment: `test-pypi`
 
 ### Releasing

scripts/ci-local.sh

@@ -0,0 +1,91 @@
+#!/usr/bin/env bash
+# Run the same checks as CI locally
+# Usage: ./scripts/ci-local.sh [--quick]
+#
+# --quick: Skip slow tests (pytest -m "not slow")
+
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# Auto-activate virtual environment if not already active
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+if [ -z "$VIRTUAL_ENV" ]; then
+    if [ -f "$REPO_ROOT/.venv/bin/activate" ]; then
+        source "$REPO_ROOT/.venv/bin/activate"
+    elif [ -f "$REPO_ROOT/venv/bin/activate" ]; then
+        source "$REPO_ROOT/venv/bin/activate"
+    fi
+fi
+
+echo -e "${YELLOW}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
+echo -e "${YELLOW}  Running local CI checks                              ${NC}"
+echo -e "${YELLOW}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
+
+# Parse arguments
+QUICK=false
+for arg in "$@"; do
+    case $arg in
+        --quick)
+            QUICK=true
+            shift
+            ;;
+    esac
+done
+
+# Track failures
+FAILED=0
+
+# Step 1: Ruff lint
+echo -e "\n${YELLOW}[1/3] Running ruff check...${NC}"
+if ruff check .; then
+    echo -e "${GREEN}✓ Ruff check passed${NC}"
+else
+    echo -e "${RED}✗ Ruff check failed${NC}"
+    FAILED=1
+fi
+
+# Step 2: Ruff format check
+echo -e "\n${YELLOW}[2/3] Checking ruff format...${NC}"
+if ruff format --check .; then
+    echo -e "${GREEN}✓ Ruff format check passed${NC}"
+else
+    echo -e "${RED}✗ Ruff format check failed${NC}"
+    echo -e "${YELLOW}  Run 'ruff format .' to fix${NC}"
+    FAILED=1
+fi
+
+# Step 3: Pytest
+echo -e "\n${YELLOW}[3/3] Running pytest...${NC}"
+if [ "$QUICK" = true ]; then
+    echo -e "${YELLOW}  (quick mode - skipping slow tests)${NC}"
+    if pytest --tb=short -q -m "not slow"; then
+        echo -e "${GREEN}✓ Tests passed${NC}"
+    else
+        echo -e "${RED}✗ Tests failed${NC}"
+        FAILED=1
+    fi
+else
+    if pytest --tb=short -q; then
+        echo -e "${GREEN}✓ Tests passed${NC}"
+    else
+        echo -e "${RED}✗ Tests failed${NC}"
+        FAILED=1
+    fi
+fi
+
+# Summary
+echo -e "\n${YELLOW}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
+if [ $FAILED -eq 0 ]; then
+    echo -e "${GREEN}✓ All CI checks passed - safe to push${NC}"
+    exit 0
+else
+    echo -e "${RED}✗ CI checks failed - fix before pushing${NC}"
+    exit 1
+fi

src/har_capture/capture/browser.py

@@ -376,7 +376,7 @@ def _is_missing_deps_error(error_msg: str) -> bool:
             if not keep_raw and result.sanitized_path and result.sanitized_path.exists():
                 try:
                     output_path.unlink()
-                    result.har_path = None  # type: ignore[assignment]
+                    result.har_path = None
                 except Exception as e:
                     _LOGGER.warning("Failed to delete raw HAR: %s", e)
         except Exception as e:

src/har_capture/cli/capture.py

@@ -135,7 +135,7 @@ def capture(
 
     if requires_basic:
         typer.echo(f"  Detected: HTTP Basic Auth{f' ({realm})' if realm else ''}")
-        if username and password:
+        if username is not None and password is not None:
             http_credentials = {"username": username, "password": password}
         else:
             typer.echo()
@@ -144,9 +144,9 @@ def capture(
             else:
                 typer.echo("This site requires HTTP Basic Authentication.")
             typer.echo()
-            username = typer.prompt("Username", default="admin")
-            password = typer.prompt("Password", hide_input=True)
-            http_credentials = {"username": username, "password": password}
+            prompted_user = typer.prompt("Username", default="admin")
+            prompted_pass = typer.prompt("Password", hide_input=True)
+            http_credentials = {"username": prompted_user, "password": prompted_pass or ""}
     else:
         typer.echo("  Detected: Form-based or no auth required")