Commit graph

2 commits

Author SHA1 Message Date
2fb571ee44 build(rmi-backend,audit): install pre-commit hooks + wire into make install (P1.7)
Phase 1 of AUDIT-2026-Q3.md item P1.7.

.pre-commit-config.yaml was defined but hooks were not installed in
this repo (no .git/hooks/pre-commit). Installed via pre-commit install
and verified the full hook chain fires on a staged Python file:

  trim trailing whitespace........Passed
  fix end of files.................Passed
  check yaml/json..................Skipped (not Python)
  check for added large files.....Passed
  check for merge conflicts.......Passed
  mixed line ending...............Passed
  ruff check......................Passed
  ruff format.....................Passed
  mypy............................Passed
  Detect hardcoded secrets........Passed (gitleaks)

Makefile install target now runs pre-commit install after pip install
so every fresh checkout gets the hook chain automatically. Idempotent:
exits cleanly if pre-commit is not on PATH.

Config fixes applied to make hooks actually run (audit findings):

  - detect-private-keys: removed (dropped from pre-commit-hooks v5.0.0)
  - no-commit-to-branch: removed (project policy: main is primary)
  - git-hound repo: removed (ejcx/git-hound no longer maintained)
  - ruff hook id: legacy "ruff" alias produced E902 because the
    pre-commit-hooks entry already prepends "ruff check --force-exclude";
    switching to the canonical "ruff-check" id with args=["--fix"]
    fixes the spurious file lookup. ruff-format was already correct.
  - gitleaks args: dropped --no-git/--source; pre-commit auto-invokes
    the gitleaks "git" subcommand in pre-commit mode so the manual
    flags conflict.

Phase 5 will tighten the hooks (auto-fix currently skipped to avoid
the ~2K ruff warnings from prior refactors landing in one commit).
2026-07-06 18:21:40 +02:00
root
3c7d1638f2 chore: add Makefile + .env.example for rmi-backend
Makefile: standard targets (install/dev/build/lint/format/check/
typecheck/test/test-all/security/ci/clean) matching fleet convention.

.env.example: documents all env vars used by the backend:
- Runtime, Database, Auth, CORS, Rate limiting
- AI providers (Ollama, OpenRouter, DeepSeek, HuggingFace)
- Langfuse observability
- External APIs (CoinGecko, Etherscan, Birdeye, GoPlus, Basescan)
- Supabase, Telegram bot, Scan limits, Apify, RAG
2026-07-02 14:52:19 +02:00