Add YAML/expand Python tooling checks

[forstmeier]

Overview

Changes

• added YAML linter Mask command
• incorporated YAML Mask command into GitHub workflow/pre-commit checks
• added Python complexity analyzer Mask command/updated all command

Context

Drastically pared back the checks I was adding in the other pull request because the audit checks were gonna take more time than I wanted to get all sorted. This is also setting the "complexity" check super low but we can dial that up over time and in pieces.

Summary by CodeRabbit

• Chores
  • Added YAML linting and a dedicated YAML CI job for repository validation.
  • Integrated a Python complexity analysis tool into dev checks.
  • Enhanced pre-commit hooks to validate YAML files.
  • Normalized and improved configuration formatting (YAML/markdown start markers, lint rules).
  • Updated Docker Compose for numeric port mappings, expanded service health checks, and network declarations.
  • Reformatted CI workflow conditionals for readability.

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds YAML linting and YAML-related CI checks, introduces Xenon to the Flox manifest and maskfile for Python complexity analysis, updates pre-commit hooks, and makes formatting/structure changes to Pulumi and docker-compose YAML files.

Changes

Cohort / File(s)	Summary
Flox manifest .flox/env/manifest.toml	Added xenon.pkg-path = "xenon" to the [install] section.
CI / Workflows .github/workflows/run_code_checks.yaml, .github/workflows/run_claude_code_coding_agent.yaml	Added run_yaml_code_checks job and integrated it into checks; changed upload_test_coverage condition to require both Rust and Python checks (AND); reflowed a multiline conditional for readability in the Claude agent workflow.
Pre-commit & linting configs .pre-commit-config.yaml, .yamllint.yaml, .markdownlint.yaml	Added a local yaml pre-commit hook; added .yamllint.yaml with rules/ignore patterns; added YAML document start --- to .markdownlint.yaml.
Documentation / maskfile maskfile.md	Added Xenon-based Python complexity analysis command and YAML development workflow targets (lint, all) to maskfile.
Infrastructure manifests infrastructure/Pulumi.yaml, infrastructure/Pulumi.production.yaml	Added YAML document start markers; set project metadata and Python runtime in Pulumi.yaml; disabled yamllint line-length in production manifest.
docker-compose infrastructure/docker-compose.yaml	Converted port mappings to numeric scalars, expanded service healthchecks into multiline YAML test blocks, and added app-network to additional services.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Infrastructure, Claude Code, and YAML Linting #520 — Modifies .flox/env/manifest.toml install entries and related YAML/tooling changes (strong overlap with xenon addition).
• data manager port to rust #623 — Adds package-path entries to Flox manifest (similar manifest edits and tool additions).
• Group GitHub workflow definitions by language #631 — Alters GitHub Actions workflow jobs and checks (related CI/workflow modifications).

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add YAML/expand Python tooling checks' directly and concisely describes the main changes across the pull request: introducing YAML linting/checks and expanding Python tooling (complexity analysis).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into master

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch add-yaml-linting-and-python-complexity-checks

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR adds YAML linting infrastructure (yamllint config, Mask commands, CI job, and pre-commit hook) and introduces a Python complexity analysis command using xenon. Existing YAML files are reformatted for compliance, and the Flox environment is updated to include the new xenon and yamllint packages.

• YAML linting: New .yamllint.yaml config, mask development yaml lint / all commands, GitHub Actions job, and pre-commit hook — all follow the established pattern for Markdown and Python checks.
• Python complexity: New mask development python complexity command using xenon with lenient thresholds (--max-absolute D --max-modules D --max-average A), but the all command was not updated to include it, so the check won't run in CI or pre-commit despite the PR description indicating otherwise.
• Coverage upload condition change: The upload_test_coverage job's if condition was changed from || (upload if either Rust or Python succeeds) to && (upload only if both succeed), which changes the existing behavior for partial coverage reporting.
• YAML reformatting: Added --- document start markers and expanded inline arrays in docker-compose.yaml and Pulumi configs for yamllint compliance.

Confidence Score: 3/5

• The PR is mostly safe but has two issues that should be addressed before merging: a missing complexity check in the Python all command and a behavioral change to coverage upload logic.
• Score of 3 reflects that while the YAML linting additions are well-structured, the Python complexity command is defined but not wired into the all command (contradicting the PR description), and the coverage upload condition was silently changed from OR to AND which alters when coverage gets reported.
• Pay close attention to maskfile.md (missing complexity in all command) and .github/workflows/run_code_checks.yaml (coverage upload condition change from OR to AND).

Important Files Changed

Filename	Overview
.flox/env/manifest.toml	Adds xenon to the Flox environment manifest, consistent with the new complexity check in maskfile.md.
.github/workflows/run_code_checks.yaml	Adds YAML code checks job and reformats the coverage upload condition, but the condition logic changed from OR to AND, which may block coverage uploads when only one job succeeds. Also contains a typo ("Alows").
.pre-commit-config.yaml	Adds a new YAML pre-commit hook that runs mask development yaml all, consistent with the existing hook pattern for Python, Rust, and Markdown.
.yamllint.yaml	New yamllint config file with sensible defaults: 120 char line limit, truthy value restrictions, and appropriate directory ignores.
infrastructure/docker-compose.yaml	Reformatted for yamllint compliance: added document start marker, expanded inline arrays to block style, removed quoted port mappings, and removed blank lines between services.
maskfile.md	Adds complexity and yaml Mask commands, but the complexity command is NOT included in the Python all subcommand despite the PR description claiming it was updated.

_{Last reviewed commit: 767fdb3}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

maskfile.md (1)

585-607: ⚠️ Potential issue | 🟠 Major

mask development python complexity is not included in the all command.

The PR description states the all command was updated to include the complexity check, but mask development python complexity is missing from this block. This means running mask development python all will skip the complexity analysis.

Proposed fix

 mask development python dead-code
 
 mask development python test
 
+mask development python complexity
+
 echo "Python development checks completed successfully"

Based on learnings: "Use 'mask development python all' for comprehensive Python checks" — the complexity step should be part of this comprehensive suite.

🤖 Fix all issues with AI agents

In @.github/workflows/run_code_checks.yaml:
- Line 6: Fix the typo in the workflow comment: change "Alows for Rust cache to
be established on master branch" to "Allows for Rust cache to be established on
master branch" in the .github/workflows/run_code_checks.yaml comment so the
header reads "Allows" instead of "Alows".

In `@maskfile.md`:
- Around line 571-583: Update the xenon invocation in the "complexity" block to
exclude non-project dirs like other checks do: modify the existing xenon command
(the line starting with "xenon --max-absolute D --max-modules D --max-average A
.") to include the exclusion flag -i '.flox,.venv,target' so it mirrors the
exclusion pattern used by other tools in this maskfile.

[greptile-apps]

_{11 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Additional Comments (1)

maskfile.md
Complexity check missing from all command

The PR description says the all command was updated to include the new complexity check, but mask development python complexity is not called in the all subcommand. The complexity task (line 571) is defined but never invoked as part of the full suite, so it won't run in CI or pre-commit hooks.

#### all

> Full Python development checks

```bash
set -euo pipefail

echo "Running Python development checks"

mask development python install

mask development python format

mask development python lint

mask development python type-check

mask development python dead-code

mask development python complexity

mask development python test

echo "Python development checks completed successfully"

<details><summary>Prompt To Fix With AI</summary>

`````markdown
This is a comment left during a code review.
Path: maskfile.md
Line: 585:607

Comment:
**Complexity check missing from `all` command**

The PR description says the `all` command was updated to include the new complexity check, but `mask development python complexity` is not called in the `all` subcommand. The `complexity` task (line 571) is defined but never invoked as part of the full suite, so it won't run in CI or pre-commit hooks.

```suggestion
#### all

> Full Python development checks

```bash
set -euo pipefail

echo "Running Python development checks"

mask development python install

mask development python format

mask development python lint

mask development python type-check

mask development python dead-code

mask development python complexity

mask development python test

echo "Python development checks completed successfully"

How can I resolve this? If you propose a fix, please make it concise.

[Copilot]

Pull request overview

Adds YAML linting and expands Python tooling checks to strengthen the repo’s automated quality gates (Mask + pre-commit + GitHub Actions), while also normalizing YAML formatting across infrastructure/config files.

Changes:

• Add yamllint configuration + Mask commands, and wire YAML checks into pre-commit and CI.
• Add a Python complexity check command (xenon) and update Flox tooling to include it.
• Normalize YAML files (document start ---, formatting tweaks) to satisfy linting.

Reviewed changes

Copilot reviewed 10 out of 11 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
maskfile.md	Adds Python complexity task and new YAML lint/all tasks.
infrastructure/docker-compose.yaml	YAML formatting normalization (document start, ports/healthcheck formatting).
infrastructure/Pulumi.yaml	Adds YAML document start for lint compatibility.
infrastructure/Pulumi.production.yaml	Adds yamllint line-length disable + document start to accommodate long secrets.
.yamllint.yaml	Introduces repository yamllint configuration and ignores.
.pre-commit-config.yaml	Adds YAML checks to pre-commit via Mask.
.markdownlint.yaml	Adds YAML document start.
.github/workflows/run_code_checks.yaml	Adds YAML checks job and adjusts coverage upload condition formatting/logic.
.github/workflows/run_claude_code_coding_agent.yaml	Reformats YAML condition for readability/lint compliance.
.flox/env/manifest.toml	Adds xenon to Flox toolchain.
.flox/env/manifest.lock	Locks xenon dependency and updates lock contents accordingly.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coveralls]

coverage: 86.212%. remained the same
when pulling efc4136 on add-yaml-linting-and-python-complexity-checks
into 17d5629 on master.

[greptile-apps]

Greptile Summary

Added YAML linting (yamllint) and Python complexity analysis (xenon) to the development workflow. These new checks are integrated into pre-commit hooks, GitHub Actions workflow, and Mask commands.

Key changes

• Created .yamllint.yaml configuration with 120-character line length limit and truthy value rules
• Added xenon complexity analyzer to Python development checks with thresholds set to D (absolute/modules) and A (average)
• Integrated YAML linting into pre-commit hooks and CI workflow as a new job
• Reformatted existing YAML files to comply with new linting rules (added document separators, array-style healthcheck commands, unquoted port mappings)
• Updated coverage upload condition to require both Rust AND Python checks to succeed (previous behavior used OR)

Confidence Score: 5/5

• Safe to merge - adds linting tools with minimal risk
• All changes are additive (new tooling) or formatting-related (YAML standardization). The xenon complexity thresholds are intentionally set low as mentioned in PR description. The reformatted YAML files maintain functional equivalence while meeting linting standards. No logic changes or behavioral modifications.
• No files require special attention

Important Files Changed

Filename	Overview
.github/workflows/run_code_checks.yaml	Added YAML linting job and updated coverage upload condition to require both Rust and Python success
.pre-commit-config.yaml	Added YAML pre-commit hook to check all YAML files
.yamllint.yaml	Created new YAML linting configuration file with 120 char line length and truthy value rules
infrastructure/docker-compose.yaml	Reformatted to comply with yamllint: unquoted port mappings and array-style healthcheck commands
maskfile.md	Added Python complexity checking with xenon and new YAML linting commands

_{Last reviewed commit: 1286461}

[Copilot]

Pull request overview

Copilot reviewed 10 out of 12 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[greptile-apps]

Greptile Summary

This PR adds YAML linting and Python complexity analysis to the project's development toolchain. It introduces a .yamllint.yaml configuration, a new mask development yaml command set, a corresponding CI job, and a pre-commit hook for YAML files. It also adds xenon for Python cyclomatic complexity analysis (with intentionally lenient D/D/A thresholds as a starting baseline) and integrates it into the Python all checks. Existing YAML files are reformatted for compliance (document start markers, expanded arrays, unquoted ports). The Cargo.lock update is a routine dependency bump unrelated to the tooling changes.

• Added .yamllint.yaml with 120-char line limit, restricted truthy values, and directory ignores
• New run_yaml_code_checks CI job in the code checks workflow
• New mask development yaml lint and mask development yaml all commands in maskfile.md
• New mask development python complexity command using xenon with lenient thresholds
• YAML pre-commit hook added following existing pattern for Python/Rust/Markdown
• xenon added to Flox environment (manifest.toml and manifest.lock)
• Reformatted docker-compose.yaml, Pulumi configs, and .markdownlint.yaml for yamllint compliance
• Coverage upload condition reformatted from || to && (intentional — requires both Rust and Python checks to pass)

Confidence Score: 5/5

• This PR is safe to merge — it adds development tooling with no runtime code changes.
• All changes are limited to development tooling configuration (linting, CI, pre-commit hooks) and auto-generated lock files. No application logic is modified. The YAML reformatting changes are cosmetic and functionally equivalent. The coverage upload condition change from OR to AND was confirmed intentional by the developer. No issues were found that would affect runtime behavior.
• No files require special attention.

Important Files Changed

Filename	Overview
.yamllint.yaml	New yamllint configuration file with sensible defaults: 120-char line limit, truthy restricted to true/false/on, and ignores for .venv/, target/, and .flox/ directories.
.pre-commit-config.yaml	Adds a YAML pre-commit hook that runs mask development yaml all on YAML file changes, consistent with the existing pattern for Python, Rust, and Markdown hooks.
.github/workflows/run_code_checks.yaml	Adds a run_yaml_code_checks CI job and reformats the coverage upload condition from `
maskfile.md	Adds complexity subcommand using xenon with lenient thresholds (D/D/A), integrates it into the Python all command, and adds a new yaml section with lint and all subcommands. Follows existing maskfile patterns.
infrastructure/docker-compose.yaml	Reformatted for yamllint compliance: added document start marker, changed port mappings from quoted to unquoted (safe for these port numbers), expanded healthcheck test arrays to multi-line format.
infrastructure/Pulumi.production.yaml	Added yamllint disable directive for line-length rule and document start marker. The disable is necessary since Pulumi encrypted values exceed the 120-char limit.
.flox/env/manifest.toml	Adds xenon package dependency for Python complexity analysis.

_{Last reviewed commit: efc4136}