Skip to content

Add pre-commit config matching fullsend-ai/fullsend#21

Merged
rh-hemartin merged 2 commits into
mainfrom
add-pre-commit-config
May 8, 2026
Merged

Add pre-commit config matching fullsend-ai/fullsend#21
rh-hemartin merged 2 commits into
mainfrom
add-pre-commit-config

Conversation

@rh-hemartin
Copy link
Copy Markdown
Contributor

@rh-hemartin rh-hemartin commented May 8, 2026

Summary

  • Add .pre-commit-config.yaml mirroring fullsend-ai/fullsend so this submodule enforces the same checks independently
  • Fix all ruff-format, end-of-file, and ty type errors across 55 files
  • Prevents pre-commit failures in the parent repo when analyzing this submodule

Test plan

  • pre-commit run --all-files passes all checks
  • Verify parent repo pre-commit no longer flags this submodule

🤖 Generated with Claude Code

@rh-hemartin @claude
chore: add pre-commit config matching fullsend-ai/fullsend
a56e6eb 
Submodule was triggering pre-commit failures in the parent repo.
Bringing the same checks here lets this repo enforce them
independently: ruff, ruff-format, ty, bandit, gitleaks, actionlint,
and standard pre-commit-hooks.

Includes auto-fixes from ruff-format and end-of-file-fixer, plus
manual fixes for ty type errors in agent_runner_server.py, runner.py,
and test_monitor.py.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@rh-hemartin rh-hemartin requested a review from a team as a code owner May 8, 2026 08:57
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 8, 2026

fullsend review is working on this — view logs

@fullsend-ai-review
Copy link
Copy Markdown

fullsend-ai-review Bot commented May 8, 2026
edited
Loading

Review: #21

Head SHA: 6669672
Timestamp: 2026-05-08T00:00:00Z
Outcome: approve

Summary

This PR adds a .pre-commit-config.yaml mirroring the parent repo's configuration and applies the resulting auto-formatter and linter fixes across 54 files. The vast majority of changes are mechanical ruff-format line wrapping and end-of-file newline additions. Three substantive changes were verified as correct: (1) type-narrowing assert statements in agent_runner_server.py that follow explicit sys.exit(1) guards, (2) replacing a type: ignore with a proper cast() in reasoning-monitor/runner.py for better type safety, and (3) removing an unused USER_CONTENT_TOOLS import in test_monitor.py. No correctness, security, or injection concerns were found.

Findings

Info

  • [style/conventions] .pre-commit-config.yaml — Bandit is configured with --skip B101,B404,B603, suppressing assert-usage, subprocess-import, and subprocess-call warnings. This is appropriate for a security-experiments repo that intentionally uses subprocesses and asserts for type narrowing, but worth documenting if the config is shared to other repos.

  • [correctness] reasoning-monitor/monitor/tool_allowlist.py:42-45 — ruff-format swapped which of _ERR_MALFORMED / _ERR_UNEXPECTED uses parenthesized wrapping. String values are unchanged; the formatting difference is due to line-length thresholds. No behavior change.

Footer

Outcome: approve
This review applies to SHA 6669672f74b2fe31f8a964ba9ac03033832a0ca0. Any push to the PR head clears this review and requires a new evaluation.

Protected paths detected — this PR modifies files under one or more
protected paths. The review agent cannot approve PRs that touch these paths.
A human reviewer must approve this PR.

Protected files in this PR:

  • .pre-commit-config.yaml
Previous run

Review: #21

Head SHA: a56e6eb
Timestamp: 2026-05-08T00:00:00Z
Outcome: approve

Summary

This PR adds a .pre-commit-config.yaml mirroring the parent repo's configuration and applies the resulting auto-fixes (ruff-format line wrapping, end-of-file newlines, and type checker error resolution) across 55 files. All changes are mechanical formatting or minimal type-narrowing fixes with no behavioral impact. No security, correctness, or intent concerns were found.

Findings

Critical

None.

High

None.

Medium

None.

Low

None.

Info

  • [style/conventions] .pre-commit-config.yaml:43bandit hook is scoped to only hack/ directory via args: ["-r", "hack/", ...]. This means Python files outside hack/ are not scanned by bandit. Likely intentional for an experiments repo but worth confirming.
  • [style/conventions] .pre-commit-config.yaml:11check-yaml uses --unsafe flag which allows loading arbitrary custom YAML constructors. Reasonable for repos containing K8s/Tekton YAML with custom tags.
  • [correctness] agent-scoped-tools-triage/tools/agent-runner/agent_runner_server.py:118-121 — Four assert statements added for type narrowing after a loop that already calls sys.exit(1) on missing values. Correct and safe; asserts will never fire at runtime but satisfy the ty type checker.
  • [correctness] reasoning-monitor/runner.py:165cast(Literal["haiku", "sonnet", "opus"], model) replaces a # type: ignore[arg-type] comment. Proper type narrowing that preserves runtime behavior.

Footer

Outcome: approve
This review applies to SHA a56e6ebfb1a0098ad149dcf7ec950ad84bf94746. Any push to the PR head clears this review and requires a new evaluation.

Protected paths detected — this PR modifies files under one or more
protected paths. The review agent cannot approve PRs that touch these paths.
A human reviewer must approve this PR.

Protected files in this PR:

  • .pre-commit-config.yaml

@rh-hemartin @claude
fix: bandit scans committed Python files instead of just hack/
6669672 
Removed `-r hack/` target and `pass_filenames: false` so pre-commit
passes staged files directly to bandit.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 8, 2026

fullsend review is working on this — view logs

@rh-hemartin rh-hemartin mentioned this pull request May 8, 2026
Closed
@rh-hemartin rh-hemartin added this pull request to the merge queue May 8, 2026
Merged via the queue into main with commit be7bcf0 May 8, 2026
9 checks passed
@rh-hemartin rh-hemartin deleted the add-pre-commit-config branch May 8, 2026 09:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rh-hemartin