Skip to content

Add YAML linting and Python complexity tooling #757

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
forstmeier wants to merge 6 commits into from
Closed

Add YAML linting and Python complexity tooling #757

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
25c0458
Add code quality and security audit tooling
forstmeier Feb 15, 2026
86f36bf
Address pull request #757 feedback
forstmeier Feb 16, 2026
858dce0
Add missing files that were updated separate from feedback
forstmeier Feb 16, 2026
24e0d97
Fix Flox dependency issue
forstmeier Feb 16, 2026
167a050
Remove "audit" tooling
forstmeier Feb 16, 2026
34a3426
Add back Python "complexity" analysis
forstmeier Feb 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
245 changes: 242 additions & 3 deletions .flox/env/manifest.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@
"pkg-path": "cargo",
"pkg-group": "rust-toolchain"
},
"cargo-audit": {
"pkg-path": "cargo-audit"
},
"cargo-llvm-cov": {
"pkg-path": "cargo-llvm-cov",
"pkg-group": "rust-toolchain"
Expand Down Expand Up @@ -120,16 +123,16 @@
"vulture": {
"pkg-path": "python312Packages.vulture"
},
"xenon": {
"pkg-path": "xenon"
},
"yamllint": {
"pkg-path": "yamllint"
}
},
"hook": {
"on-activate": "if [[ -f .env ]]; then\n set -a\n source .env\n set +a\nfi\n"
},
"profile": {
"common": "if [[ -f .env ]]; then\n set -a\n source .env\n set +a\nfi\n"
},
"options": {
"systems": [
"aarch64-darwin",
Expand Down Expand Up @@ -1353,6 +1356,122 @@
"group": "toplevel",
"priority": 5
},
{
"attr_path": "cargo-audit",
"broken": false,
"derivation": "/nix/store/5l5z80gx41n0kqd6r28h02bnb78qqaqa-cargo-audit-0.21.2.drv",
"description": "Audit Cargo.lock files for crates with security vulnerabilities",
"install_id": "cargo-audit",
"license": "[ MIT, Apache-2.0 ]",
"locked_url": "https://github.com/flox/nixpkgs?rev=f61125a668a320878494449750330ca58b78c557",
"name": "cargo-audit-0.21.2",
"pname": "cargo-audit",
"rev": "f61125a668a320878494449750330ca58b78c557",
"rev_count": 907002,
"rev_date": "2025-12-05T15:54:32Z",
"scrape_date": "2025-12-07T02:54:46.841606Z",
"stabilities": [
"unstable"
],
"unfree": false,
"version": "0.21.2",
"outputs_to_install": [
"out"
],
"outputs": {
"out": "/nix/store/h3fclrsvyk6ylbw5hlwj23a5cpbc90i2-cargo-audit-0.21.2"
},
"system": "aarch64-darwin",
"group": "toplevel",
"priority": 5
},
{
"attr_path": "cargo-audit",
"broken": false,
"derivation": "/nix/store/nr6nrc98qfmmgf4094nz6kgj6134gy6w-cargo-audit-0.21.2.drv",
"description": "Audit Cargo.lock files for crates with security vulnerabilities",
"install_id": "cargo-audit",
"license": "[ MIT, Apache-2.0 ]",
"locked_url": "https://github.com/flox/nixpkgs?rev=f61125a668a320878494449750330ca58b78c557",
"name": "cargo-audit-0.21.2",
"pname": "cargo-audit",
"rev": "f61125a668a320878494449750330ca58b78c557",
"rev_count": 907002,
"rev_date": "2025-12-05T15:54:32Z",
"scrape_date": "2025-12-07T03:04:24.702412Z",
"stabilities": [
"unstable"
],
"unfree": false,
"version": "0.21.2",
"outputs_to_install": [
"out"
],
"outputs": {
"out": "/nix/store/wyfr4vw3wmgczajrj6ikfhq8wip0ash0-cargo-audit-0.21.2"
},
"system": "aarch64-linux",
"group": "toplevel",
"priority": 5
},
{
"attr_path": "cargo-audit",
"broken": false,
"derivation": "/nix/store/ykfgywkz04yk9zg5hb2ash6ywqrj218b-cargo-audit-0.21.2.drv",
"description": "Audit Cargo.lock files for crates with security vulnerabilities",
"install_id": "cargo-audit",
"license": "[ MIT, Apache-2.0 ]",
"locked_url": "https://github.com/flox/nixpkgs?rev=f61125a668a320878494449750330ca58b78c557",
"name": "cargo-audit-0.21.2",
"pname": "cargo-audit",
"rev": "f61125a668a320878494449750330ca58b78c557",
"rev_count": 907002,
"rev_date": "2025-12-05T15:54:32Z",
"scrape_date": "2025-12-07T03:14:44.969242Z",
"stabilities": [
"unstable"
],
"unfree": false,
"version": "0.21.2",
"outputs_to_install": [
"out"
],
"outputs": {
"out": "/nix/store/30y2a72jzbsais6d45nlcf5dhhnsm9yl-cargo-audit-0.21.2"
},
"system": "x86_64-darwin",
"group": "toplevel",
"priority": 5
},
{
"attr_path": "cargo-audit",
"broken": false,
"derivation": "/nix/store/av867g4gjbdjd48dyndqm34dpbv54cfm-cargo-audit-0.21.2.drv",
"description": "Audit Cargo.lock files for crates with security vulnerabilities",
"install_id": "cargo-audit",
"license": "[ MIT, Apache-2.0 ]",
"locked_url": "https://github.com/flox/nixpkgs?rev=f61125a668a320878494449750330ca58b78c557",
"name": "cargo-audit-0.21.2",
"pname": "cargo-audit",
"rev": "f61125a668a320878494449750330ca58b78c557",
"rev_count": 907002,
"rev_date": "2025-12-05T15:54:32Z",
"scrape_date": "2025-12-07T03:23:59.181238Z",
"stabilities": [
"unstable"
],
"unfree": false,
"version": "0.21.2",
"outputs_to_install": [
"out"
],
"outputs": {
"out": "/nix/store/x69l7ybsvq1zjgvi1d0rbq87nii5q2qb-cargo-audit-0.21.2"
},
"system": "x86_64-linux",
"group": "toplevel",
"priority": 5
},
{
"attr_path": "cargo-nextest",
"broken": false,
Expand Down Expand Up @@ -3846,6 +3965,126 @@
"group": "toplevel",
"priority": 5
},
{
"attr_path": "xenon",
"broken": false,
"derivation": "/nix/store/yimma6wljfig168ilbki8iwfannznniz-xenon-0.9.3.drv",
"description": "Monitoring tool based on radon",
"install_id": "xenon",
"license": "MIT",
"locked_url": "https://github.com/flox/nixpkgs?rev=f61125a668a320878494449750330ca58b78c557",
"name": "xenon-0.9.3",
"pname": "xenon",
"rev": "f61125a668a320878494449750330ca58b78c557",
"rev_count": 907002,
"rev_date": "2025-12-05T15:54:32Z",
"scrape_date": "2025-12-07T02:57:24.134342Z",
"stabilities": [
"unstable"
],
"unfree": false,
"version": "0.9.3",
"outputs_to_install": [
"out"
],
"outputs": {
"dist": "/nix/store/h707xs7v5p453a3ld80ykawgbmskqsmr-xenon-0.9.3-dist",
"out": "/nix/store/12fqv1v3pl5bj068xk6iarari7af9qfm-xenon-0.9.3"
},
"system": "aarch64-darwin",
"group": "toplevel",
"priority": 5
},
{
"attr_path": "xenon",
"broken": false,
"derivation": "/nix/store/qn3i7jk8cmrq1syirx11lipk3i2hzcw0-xenon-0.9.3.drv",
"description": "Monitoring tool based on radon",
"install_id": "xenon",
"license": "MIT",
"locked_url": "https://github.com/flox/nixpkgs?rev=f61125a668a320878494449750330ca58b78c557",
"name": "xenon-0.9.3",
"pname": "xenon",
"rev": "f61125a668a320878494449750330ca58b78c557",
"rev_count": 907002,
"rev_date": "2025-12-05T15:54:32Z",
"scrape_date": "2025-12-07T03:07:48.320764Z",
"stabilities": [
"unstable"
],
"unfree": false,
"version": "0.9.3",
"outputs_to_install": [
"out"
],
"outputs": {
"dist": "/nix/store/6gdi03dhwl9r1r1kk1isds1sdvxjlqk0-xenon-0.9.3-dist",
"out": "/nix/store/2cqazgb5nvvlw2m2i704ni55a0a070mx-xenon-0.9.3"
},
"system": "aarch64-linux",
"group": "toplevel",
"priority": 5
},
{
"attr_path": "xenon",
"broken": false,
"derivation": "/nix/store/l6h708isjw1k8nxwf29lyl4zssg7xpnk-xenon-0.9.3.drv",
"description": "Monitoring tool based on radon",
"install_id": "xenon",
"license": "MIT",
"locked_url": "https://github.com/flox/nixpkgs?rev=f61125a668a320878494449750330ca58b78c557",
"name": "xenon-0.9.3",
"pname": "xenon",
"rev": "f61125a668a320878494449750330ca58b78c557",
"rev_count": 907002,
"rev_date": "2025-12-05T15:54:32Z",
"scrape_date": "2025-12-07T03:17:11.917914Z",
"stabilities": [
"unstable"
],
"unfree": false,
"version": "0.9.3",
"outputs_to_install": [
"out"
],
"outputs": {
"dist": "/nix/store/rvgppp1fj1jpxkgyql9dni0b64gy07jn-xenon-0.9.3-dist",
"out": "/nix/store/13x9sz293mi4hkp2p3nn9hsm4qdbyx15-xenon-0.9.3"
},
"system": "x86_64-darwin",
"group": "toplevel",
"priority": 5
},
{
"attr_path": "xenon",
"broken": false,
"derivation": "/nix/store/631zg34bnfrnqr3jfdgvh5glnm278ddf-xenon-0.9.3.drv",
"description": "Monitoring tool based on radon",
"install_id": "xenon",
"license": "MIT",
"locked_url": "https://github.com/flox/nixpkgs?rev=f61125a668a320878494449750330ca58b78c557",
"name": "xenon-0.9.3",
"pname": "xenon",
"rev": "f61125a668a320878494449750330ca58b78c557",
"rev_count": 907002,
"rev_date": "2025-12-05T15:54:32Z",
"scrape_date": "2025-12-07T03:27:23.885060Z",
"stabilities": [
"unstable"
],
"unfree": false,
"version": "0.9.3",
"outputs_to_install": [
"out"
],
"outputs": {
"dist": "/nix/store/sgjrpkpv7nri4pbwh07ixr5829rhkg43-xenon-0.9.3-dist",
"out": "/nix/store/4l814ds66cdq01prr8q5krjzz29fchri-xenon-0.9.3"
},
"system": "x86_64-linux",
"group": "toplevel",
"priority": 5
},
{
"attr_path": "yamllint",
"broken": false,
Expand Down
3 changes: 2 additions & 1 deletion .flox/env/manifest.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ ruff.pkg-path = "ruff"
ruff.version = "0.14.7"
uv.pkg-path = "uv"
vulture.pkg-path = "python312Packages.vulture"
yamllint.pkg-path = "yamllint"
nushell.pkg-path = "nushell"
fselect.pkg-path = "fselect"
awscli2.pkg-path = "awscli2"
Expand Down Expand Up @@ -46,6 +45,8 @@ direnv.pkg-path = "direnv"
jq.pkg-path = "jq"
markdownlint-cli.pkg-path = "markdownlint-cli"
pre-commit.pkg-path = "pre-commit"
yamllint.pkg-path = "yamllint"
xenon.pkg-path = "xenon"

[hook]
on-activate = '''
Expand Down
2 changes: 2 additions & 0 deletions .flox/pip.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
[global]
require-virtualenv = true
14 changes: 10 additions & 4 deletions .github/workflows/run_claude_code_coding_agent.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,16 @@ on:
jobs:
claude:
if: |
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
(github.event_name == 'issue_comment' &&
contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review_comment' &&
contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review' &&
contains(github.event.review.body, '@claude')) ||
(github.event_name == 'issues' && (
contains(github.event.issue.body, '@claude') ||
contains(github.event.issue.title, '@claude')
))
runs-on: ubuntu-latest
permissions:
contents: read
Expand Down
14 changes: 13 additions & 1 deletion .github/workflows/run_code_checks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,11 +83,23 @@ jobs:
uses: flox/activate-action@v1
with:
command: mask development markdown all
run_yaml_code_checks:
name: Run YAML code checks
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Flox
uses: flox/install-flox-action@v2
- name: Run YAML code checks
uses: flox/activate-action@v1
with:
command: mask development yaml all
upload_test_coverage:
needs:
- run_rust_code_checks
- run_python_code_checks
if: ${{ always() && (needs.run_rust_code_checks.result == 'success' || needs.run_python_code_checks.result == 'success') }}
if: always() && (needs.run_rust_code_checks.result == 'success' && needs.run_python_code_checks.result == 'success')
Copy link

Copilot AI Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The conditional logic has been changed from OR to AND. Previously, coverage would be uploaded if EITHER Rust OR Python checks succeeded. Now it requires BOTH to succeed. This is a significant behavioral change that means if either language's tests fail, no coverage will be uploaded at all. This may be intentional to ensure complete coverage data, but it's a breaking change in the workflow behavior that should be highlighted.

Suggested change
if: always() && (needs.run_rust_code_checks.result == 'success' && needs.run_python_code_checks.result == 'success')
if: always() && (needs.run_rust_code_checks.result == 'success' || needs.run_python_code_checks.result == 'success')

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps Bot Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Coverage upload condition changed from OR to AND

The original condition used ||, meaning coverage was uploaded if either Rust or Python checks succeeded. The new condition uses &&, requiring both to succeed. This means if one suite has a transient failure, neither suite's coverage gets uploaded — potentially losing valid coverage data from the passing suite. Was this intentional?

Suggested change
if: always() && (needs.run_rust_code_checks.result == 'success' && needs.run_python_code_checks.result == 'success')
if: always() && (needs.run_rust_code_checks.result == 'success' || needs.run_python_code_checks.result == 'success')
Prompt To Fix With AI 
This is a comment left during a code review.
Path: .github/workflows/run_code_checks.yaml
Line: 102:102

Comment:
**Coverage upload condition changed from OR to AND**

The original condition used `||`, meaning coverage was uploaded if *either* Rust or Python checks succeeded. The new condition uses `&&`, requiring *both* to succeed. This means if one suite has a transient failure, neither suite's coverage gets uploaded — potentially losing valid coverage data from the passing suite. Was this intentional?

```suggestion
    if: always() && (needs.run_rust_code_checks.result == 'success' || needs.run_python_code_checks.result == 'success')
```

How can I resolve this? If you propose a fix, please make it concise.

Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps Bot Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changing || to && means coverage only uploads when both Rust and Python checks pass. If one suite has a transient failure, valid coverage data from the passing suite won't be uploaded. This was flagged in previous threads - was this change intentional?

Prompt To Fix With AI 
This is a comment left during a code review.
Path: .github/workflows/run_code_checks.yaml
Line: 102:102

Comment:
Changing `||` to `&&` means coverage only uploads when both Rust and Python checks pass. If one suite has a transient failure, valid coverage data from the passing suite won't be uploaded. This was flagged in previous threads - was this change intentional?

How can I resolve this? If you propose a fix, please make it concise.

name: Upload coverage to Coveralls
runs-on: ubuntu-latest
steps:
Expand Down
1 change: 1 addition & 0 deletions .markdownlint.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
# Markdownlint configuration
# See https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md

Expand Down
9 changes: 9 additions & 0 deletions .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,12 @@ repos:
- markdown
language: system
fail_fast: true
- id: yaml
name: Check all YAML code
entry: mask development yaml all
pass_filenames: false
types:
- file
- yaml
language: system
fail_fast: true
13 changes: 13 additions & 0 deletions .yamllint
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
extends: default

ignore: |
.venv/
target/
.flox/

rules:
line-length:
max: 120
truthy:
allowed-values: ['true', 'false', 'on']
Loading