Skip to content

fix(ci): heal mypy tech-debt — unblock 10 Dependabot PRs (closes #60 P2)#62

Merged
LEEI1337 merged 2 commits into
mainfrom
nss-tech-debt-heal-w47-g
May 26, 2026
Merged

fix(ci): heal mypy tech-debt — unblock 10 Dependabot PRs (closes #60 P2)#62
LEEI1337 merged 2 commits into
mainfrom
nss-tech-debt-heal-w47-g

Conversation

@LEEI1337
Copy link
Copy Markdown
Member

@LEEI1337 LEEI1337 commented May 26, 2026

Summary

Heals the 27 mypy --ignore-missing-imports errors on main that block every open Dependabot PR (#50#59). The Dockerfile (P1) and ruff 0.15 noise (P3) from issue #60 were already fixed in commit db4b9b9 — this PR addresses the remaining P2.

  • 2 commits (atomic):
    1. fix(knowledge): migrate qdrant search()query_points() (qdrant-client ≥1.13 removed search; tests masked via MagicMock).
    2. chore(types): 10 files of precise type-hint fixes — no # type: ignore blanket-suppressions, no global ruff/mypy disables. Per-file rationale in the commit message.

Verification (local, W47-G)

  • mypy src/nss/ --ignore-missing-imports0 errors (38 source files)
  • ruff check src/ tests/All checks passed
  • pytest tests/ -v209/209 pass (Python 3.12, 52s, with all 10 Dependabot dep-bumps installed simultaneously: fastapi 0.136.3, pydantic 2.13.4, cryptography 48.0.0, structlog 25.5.0, redis 7.4.0, ruff 0.15.14, sentence-transformers 5.5.1, httpx 0.28.1, pytest 9.0.3, pydantic-settings 2.14.1)

A33 / DEC-050 compliance

  • Zero mock data, zero hardcoded fallbacks introduced.
  • Each Any widening (only in metrics_server.kwargs and _fire_dpia.entities: list[Any]) carries an in-line code comment justifying why a narrower type would be a false positive.
  • qdrant migration is a real runtime bug-fix (production previously raised AttributeError), not just an annotation patch.

Next (post-merge cascade)

After this lands, the W47-G plan continues with the 10 Dependabot PRs in risk order:

  1. PATCH: deps: update pydantic requirement from >=2.13.0 to >=2.13.4 #52 pydantic, deps: update httpx requirement from >=0.28.0 to >=0.28.1 #57 httpx
  2. MINOR: deps: update pydantic-settings requirement from >=2.7.0 to >=2.14.1 #59 pydantic-settings
  3. MAJOR-low: deps: update fastapi requirement from >=0.115.0 to >=0.136.3 #51 fastapi, deps: update structlog requirement from >=24.4.0 to >=25.5.0 #55 structlog, deps: update pytest requirement from >=8.3.0 to >=9.0.3 #58 pytest
  4. MAJOR-medium: deps: update redis requirement from >=5.2.0 to >=7.4.0 #50 redis, deps: update sentence-transformers requirement from >=3.3.0 to >=5.4.1 #56 sentence-transformers
  5. MAJOR-security: deps: update ruff requirement from >=0.8.0 to >=0.15.11 #54 ruff, deps: update cryptography requirement from >=44.0.0 to >=48.0.0 #53 cryptography (cryptography never auto-merged per Brain doctrine — Joe-decision)

Test plan

  • CI green on test (3.11), test (3.12), build, secrets-scan, sast
  • After merge: re-trigger Dependabot PRs to inherit green main

Closes #60 (P2).

Co-authored-by: Claude Opus 4.7 (1M context)

mackbook and others added 2 commits May 26, 2026 03:17
@claude
fix(knowledge): migrate qdrant search() to query_points() for v1.18 (#60
b32dd1a 
 P2a)

qdrant-client >=1.13 removed the `search()` method. Production code raised
`AttributeError: 'QdrantClient' has no attribute 'search'`; tests masked the
bug via MagicMock.

- src/nss/knowledge/vector_store.py: call query_points() and iterate
  the QueryResponse.points list.
- tests/test_knowledge/test_vector_store.py: mock query_points returning
  a response object with a .points attribute.

Verified locally: 209/209 pytest tests pass with qdrant-client 1.18.0,
no behavior change in the search contract (id/score/payload dict shape).

Refs: nss#60 (mypy attr-defined on vector_store.py:90)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@claude
chore(types): resolve 26 remaining mypy errors blocking CI (#60 P2b)
25caac4 
Heal `mypy --ignore-missing-imports` on main (red since W46). Per-file fixes:

- src/nss/middleware.py — type `call_next: RequestResponseEndpoint` and
  `app: ASGIApp` (starlette types); removes 4× `no-any-return` from
  `await call_next()` and the `Any` ASGI app param.
- src/nss/knowledge/sag_encryption.py — type-annotate decoded payload.
- src/nss/knowledge/rag_pipeline.py — annotate `results` so the return
  type matches `list[dict[str, Any]]`.
- src/nss/knowledge/embeddings.py — replace 2× now-stale
  `type: ignore[union-attr]` with explicit `list[float]`/`list[list[float]]`
  intermediates (no-any-return).
- src/nss/cache.py — handle redis-py 7.4 `Awaitable[bool] | bool` return
  of `ping()` without awaiting a bool literal.
- src/nss/auth.py — return-type for `require_role` factory:
  `Callable[..., Awaitable[dict[str, Any]]]`.
- src/nss/guardian/sentinel.py — `float(...)` cast on cosine result.
- src/nss/guardian/server.py — `lifespan(app) -> AsyncIterator[None]`.
- src/nss/metrics_server.py — return type on `metrics()` /
  `metrics_prometheus()`, hoist `PlainTextResponse` import, and widen
  `kwargs: dict[str, Any]` for uvicorn.run (uvicorn's **kwargs is
  heterogeneous; `dict[str, str]` produced 11 false-positive arg-type
  errors against the uvicorn stubs).
- src/nss/gateway/server.py — `list[Any]` for `_fire_dpia.entities`.

Verified locally (Python 3.12, pytest 9.0.3 + all 10 Dependabot dep-bumps
installed simultaneously): mypy = 0 errors, ruff = clean, 209/209 tests
pass. Unblocks Dependabot PRs #50-#59.

Refs: nss#60 (27 mypy errors). qdrant migration carved out into prior
commit so this change is pure annotation work with no runtime delta.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@LEEI1337 LEEI1337 merged commit 8534439 into main May 26, 2026
5 checks passed
@LEEI1337 LEEI1337 deleted the nss-tech-debt-heal-w47-g branch May 26, 2026 02:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CI: heal main branch (mypy + Dockerfile + ruff) — unblocks 10 Dependabot PRs

1 participant

@LEEI1337