Flamehaven-Filesearch/.pre-commit-config.yaml at main · flamehaven01/Flamehaven-Filesearch · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
# Pre-commit hooks configuration for FLAMEHAVEN FileSearch
# Install: pip install pre-commit
# Setup: pre-commit install
# Run manually: pre-commit run --all-files

repos:
  # Code formatting
  - repo: https://github.com/psf/black
    rev: 24.3.0
    hooks:
      - id: black
        language_version: python3
        args: ['--line-length=88']

  # Import sorting
  - repo: https://github.com/PyCQA/isort
    rev: 5.13.2
    hooks:
      - id: isort
        args: ['--profile', 'black']

  # Linting
  - repo: https://github.com/PyCQA/flake8
    rev: 7.0.0
    hooks:
      - id: flake8
        args: ['--max-line-length=88', '--extend-ignore=E203,W503']
        additional_dependencies: [flake8-docstrings]

  # Security scanning
  - repo: https://github.com/PyCQA/bandit
    rev: 1.7.7
    hooks:
      - id: bandit
        args: ['-c', 'pyproject.toml']
        additional_dependencies: ['bandit[toml]']
        exclude: ^tests/

  # Secret detection
  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.18.2
    hooks:
      - id: gitleaks

  # YAML validation
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
      - id: check-yaml
        args: ['--safe']
      - id: check-json
      - id: check-toml
      - id: check-added-large-files
        args: ['--maxkb=1000']
      - id: check-case-conflict
      - id: check-merge-conflict
      - id: detect-private-key
      - id: end-of-file-fixer
      - id: trailing-whitespace
      - id: mixed-line-ending

  # Python-specific checks
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
      - id: check-ast
      - id: check-builtin-literals
      - id: check-docstring-first
      - id: debug-statements
      - id: name-tests-test
        args: ['--pytest-test-first']

  # Type checking (optional - uncomment if using mypy)
  # - repo: https://github.com/pre-commit/mirrors-mypy
  #   rev: v1.8.0
  #   hooks:
  #     - id: mypy
  #       additional_dependencies: [types-all]
  #       args: ['--ignore-missing-imports']

  # Docstring coverage (optional)
  # - repo: https://github.com/econchick/interrogate
  #   rev: 1.5.0
  #   hooks:
  #     - id: interrogate
  #       args: ['-vv', '--fail-under=80']

  # Security: Check dependencies for vulnerabilities
  - repo: local
    hooks:
      - id: safety-check
        name: Safety dependency check
        entry: bash -c 'pip install safety && safety scan --output text || true'
        language: system
        pass_filenames: false
        stages: [push]

  # Custom: Path traversal detection
  - repo: local
    hooks:
      - id: check-path-traversal
        name: Check for path traversal vulnerabilities
        entry: bash -c 'grep -rn "\\.\\./\\|os\\.path\\.join.*\\.\\." flamehaven_filesearch/ && exit 1 || exit 0'
        language: system
        pass_filenames: false
        verbose: true

  # Custom: Ensure no hardcoded secrets
  - repo: local
    hooks:
      - id: check-hardcoded-secrets
        name: Check for hardcoded API keys
        entry: bash -c 'grep -rE "(api_key|password|secret|token)\s*=\s*[\"'\''][A-Za-z0-9_-]{20,}[\"'\'']" flamehaven_filesearch/ --exclude-dir=__pycache__ && exit 1 || exit 0'
        language: system
        pass_filenames: false
        verbose: true

  # Custom: Run security tests before commit
  - repo: local
    hooks:
      - id: security-tests
        name: Run security test suite
        entry: bash -c 'pytest tests/test_security.py -v -m security || true'
        language: system
        pass_filenames: false
        stages: [push]

  # Custom: Check test coverage
  - repo: local
    hooks:
      - id: coverage-check
        name: Check test coverage (90% threshold)
        entry: bash -c 'pytest --cov=flamehaven_filesearch --cov-fail-under=90 -q || echo "Warning: Coverage below 90%"'
        language: system
        pass_filenames: false
        stages: [push]

# Configuration options
default_language_version:
  python: python3.11

# Skip hooks for specific commits (use with caution)
# SKIP=bandit,flake8 git commit -m "WIP: temporary commit"

ci:
  autofix_commit_msg: |
    [pre-commit.ci] auto fixes from pre-commit hooks

    for more information, see https://pre-commit.ci
  autofix_prs: true
  autoupdate_branch: ''
  autoupdate_commit_msg: '[pre-commit.ci] pre-commit autoupdate'
  autoupdate_schedule: weekly
  skip: [safety-check, security-tests, coverage-check]
  submodules: false