-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.pre-commit-config.yaml
More file actions
56 lines (51 loc) · 1.83 KB
/
.pre-commit-config.yaml
File metadata and controls
56 lines (51 loc) · 1.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# See docs/DEVELOPMENT.md "Pre-commit setup" and docs/HARNESS.md for the
# defence-in-depth rationale. The same gitleaks scan runs in CI; this
# pre-commit layer is the first of three independent checkpoints.
repos:
# Ruff — format + lint with auto-fix.
- repo: https://github.com/astral-sh/ruff-pre-commit
rev: v0.15.12
hooks:
- id: ruff
args: [--fix]
- id: ruff-format
# Generic hygiene.
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v5.0.0
hooks:
- id: check-yaml
- id: check-toml
- id: check-json
# tsconfig.json uses JSONC (permits comments) per TS convention.
exclude: ^frontend/(tsconfig.*\.json|jsconfig\.json)$
- id: check-merge-conflict
- id: check-added-large-files
args: [--maxkb=500]
- id: end-of-file-fixer
- id: trailing-whitespace
- id: mixed-line-ending
args: [--fix=lf]
# Secret scan — third checkpoint (local → pre-commit → CI).
- repo: https://github.com/gitleaks/gitleaks
rev: v8.24.3
hooks:
- id: gitleaks
# Conventional commit enforcement — runs at commit-msg stage.
- repo: https://github.com/commitizen-tools/commitizen
rev: v4.1.0
hooks:
- id: commitizen
stages: [commit-msg]
# mypy — runs against the project's uv env so project deps are visible.
# CI runs the strict pass; pre-commit's job is fast feedback, not the gate.
- repo: local
hooks:
- id: mypy
name: mypy (strict, whole project)
# --frozen forbids uv from re-resolving the lockfile mid-invocation.
# Without it, a mid-edit pyproject.toml/uv.lock mismatch would
# trigger a silent transitive upgrade into the commit.
entry: uv run --frozen mypy src/ tests/
language: system
pass_filenames: false
types: [python]