P3-1 — ruff cleanup (93 → 28 errors, fixed 65)
Auto-fixed with 'ruff check . --fix'. Remaining 28 are intentional
E402 (module-level imports for circular-dep avoidance in mcp_server,
main.py, routers/airdrop.py, tests/) and F401 on plugin re-exports
(documented via __all__ in plugins/__init__.py). Will silence the
intentional E402s via per-file ruff overrides in a follow-up.
P3-4 — Fixed cli/verify_receipt.py missing 'timestamp' name
The script used 'timestamp' without importing 'time'.
P3-6 — Removed dead qrcode import in core/pdf.py
Was imported but never used.
P3-7 — Removed unused coincurve.ecdsa.recover in core/smart_wallet.py
Kept cdata import (used elsewhere).
P3-3 — Fixed missing 'os' import in core/hosting.py and core/smart_wallet.py
Both used os.getenv() without importing os.
P3-12 — Fixed generators that ran in nested f-string with same quotes
tests/test_address_vectors.py: xrp_path, xtz_priv, ton_priv, algo_priv,
nano_priv, fil_path were extracted to local variables so the test
passes on Python 3.10+ (the original test used 3.12 nested-quote
f-strings). All paths now use hardened derivation correctly for
SLIP-10 Ed25519.
P2-16 — chain_vault.py: Fixed _webhooks undefined names
Two endpoints (test_webhook, retry_webhook) iterated over a global
'_webhooks' list that never existed. Now uses _PersistentStore.all('webhooks')
consistent with the list_webhooks endpoint.
P3-11 — Removed stub imports from plugins/__init__.py
Added __all__ to document the re-exports as public plugin API.
P2-1 — generator.py: removed unused ecdsa.SigningKey + nacl imports
Generator doesn't use them anywhere; only nacl.bindings.crypto_sign_seed_keypair.
Refs: AUDIT.md P2-1, P2-16, P3-1..P3-7, P3-11, P3-12
77 lines
2 KiB
YAML
77 lines
2 KiB
YAML
# WalletPress Pre-commit — standardized across all Rug Munch Media projects
|
|
# Install: pre-commit install
|
|
# Run all: pre-commit run --all-files
|
|
# Skip: SKIP=hook_id git commit -m "msg"
|
|
|
|
repos:
|
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
rev: v5.0.0
|
|
hooks:
|
|
- id: trailing-whitespace
|
|
- id: end-of-file-fixer
|
|
- id: check-yaml
|
|
- id: check-json
|
|
- id: check-toml
|
|
- id: check-added-large-files
|
|
args: ["--maxkb=500"]
|
|
- id: check-merge-conflict
|
|
- id: mixed-line-ending
|
|
args: ["--fix=lf"]
|
|
- id: no-commit-to-branch
|
|
args: ["--branch", "main"]
|
|
|
|
- repo: https://github.com/astral-sh/ruff-pre-commit
|
|
rev: v0.15.16
|
|
hooks:
|
|
- id: ruff
|
|
args: ["check", "--fix"]
|
|
- id: ruff-format
|
|
|
|
- repo: https://github.com/pre-commit/mirrors-mypy
|
|
rev: v2.1.0
|
|
hooks:
|
|
- id: mypy
|
|
args: ["--strict", "--ignore-missing-imports"]
|
|
language: system
|
|
types: [python]
|
|
pass_filenames: false
|
|
|
|
- repo: https://github.com/gitleaks/gitleaks
|
|
rev: v8.24.0
|
|
hooks:
|
|
- id: gitleaks
|
|
args: ["detect", "--source", ".", "--verbose"]
|
|
|
|
- repo: https://github.com/PyCQA/bandit
|
|
rev: 1.8.3
|
|
hooks:
|
|
- id: bandit
|
|
args: ["-r", "--quiet", "--skip=B101,B311"]
|
|
types: [python]
|
|
|
|
- repo: local
|
|
hooks:
|
|
- id: web3-safety
|
|
name: Web3 Mainnet Safety Guard
|
|
entry: ~/.local/bin/pre-commit-web3-safety
|
|
language: script
|
|
types: [python]
|
|
pass_filenames: false
|
|
always_run: true
|
|
|
|
- id: hallucination-check
|
|
name: AI Hallucination Checker
|
|
entry: ~/.local/bin/pre-commit-hallucination-check
|
|
language: script
|
|
types: [python]
|
|
pass_filenames: false
|
|
always_run: true
|
|
|
|
- id: pytest
|
|
name: Run Tests
|
|
entry: bash -c 'cd backend && python3 -m pytest tests/ -q --tb=short'
|
|
language: system
|
|
types: [python]
|
|
pass_filenames: false
|
|
always_run: false
|
|
stages: [pre-push]
|