Bad3r · July 2, 2025 06:43
diff --git a/python .pre-commit-config.yaml b/python .pre-commit-config.yaml
 default_language_version:
  python: python3.13
 fail_fast: true
 repos:
  # Use the Ruff version managed by the project's dev dependencies for consistency
  - repo: local
    hooks:
      - id: ruff
        name: "Ruff (Linter)"
        stages: [pre-commit]
        language: system
        entry: bash -c "ruff check --fix"
        types: [python]

      - id: ruff-format
        name: "Ruff (Formatter)"
        stages: [pre-commit]
        language: system
        entry: bash -c "ruff format"
        types: [python]

  # Security (SAST), secrets detection is handled by detect-secrets
  # - repo: https://github.com/returntocorp/semgrep #TODO: Enable for production
  #   rev: v1.89.0
  #   hooks:
  #     - id: semgrep
  #       args:
  #         - "--config=auto"
  #         - "--config=p/python"
  #         - "--config=p/owasp-top-ten"
  #         - "--error"
  #         - "--skip-unknown-extensions"

  # Specialized secrets detection with baseline support
  - repo: https://github.com/Yelp/detect-secrets
    rev: v1.5.0
    hooks:
      - id: detect-secrets
        args: [--baseline, .secrets.baseline]
        exclude: \.secrets\.baseline$|backend/tests/|backend/docs/.*\.md$|backend/.*\.example$

  # General file quality checks (non-Python)
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v5.0.0
    hooks:
      # File format validation
      - id: check-yaml
      - id: check-toml
      - id: check-json
      - id: check-xml

      # Essential checks not covered by Ruff
      - id: check-merge-conflict
      - id: check-case-conflict
      - id: check-added-large-files
        args: [--maxkb=1000]

  - repo: https://github.com/compilerla/conventional-pre-commit
    rev: v4.2.0
    hooks:
      - id: conventional-pre-commit
        stages: [commit-msg]

  - repo: local
    hooks:
      - id: pyright # Must be last step as it takes long time to execute
        name: "Pyright (Type Checker)"
        stages: [pre-commit]
        language: system
        entry: bash -c "pyright --threads=10"
        types: [python]

      - id: pytest
        name: "Pytest"
        stages: [pre-commit]
        language: system
        entry: bash -c "cd backend && pytest"
        types: [python]
        pass_filenames: false
	default_language_version:
	python: python3.13
	fail_fast: true
	repos:
	# Use the Ruff version managed by the project's dev dependencies for consistency
	- repo: local
	hooks:
	- id: ruff
	name: "Ruff (Linter)"
	stages: [pre-commit]
	language: system
	entry: bash -c "ruff check --fix"
	types: [python]

	- id: ruff-format
	name: "Ruff (Formatter)"
	stages: [pre-commit]
	language: system
	entry: bash -c "ruff format"
	types: [python]

	# Security (SAST), secrets detection is handled by detect-secrets
	# - repo: https://github.com/returntocorp/semgrep #TODO: Enable for production
	# rev: v1.89.0
	# hooks:
	# - id: semgrep
	# args:
	# - "--config=auto"
	# - "--config=p/python"
	# - "--config=p/owasp-top-ten"
	# - "--error"
	# - "--skip-unknown-extensions"

	# Specialized secrets detection with baseline support
	- repo: https://github.com/Yelp/detect-secrets
	rev: v1.5.0
	hooks:
	- id: detect-secrets
	args: [--baseline, .secrets.baseline]
	exclude: \.secrets\.baseline$\|backend/tests/\|backend/docs/.\.md$\|backend/.\.example$

	# General file quality checks (non-Python)
	- repo: https://github.com/pre-commit/pre-commit-hooks
	rev: v5.0.0
	hooks:
	# File format validation
	- id: check-yaml
	- id: check-toml
	- id: check-json
	- id: check-xml

	# Essential checks not covered by Ruff
	- id: check-merge-conflict
	- id: check-case-conflict
	- id: check-added-large-files
	args: [--maxkb=1000]

	- repo: https://github.com/compilerla/conventional-pre-commit
	rev: v4.2.0
	hooks:
	- id: conventional-pre-commit
	stages: [commit-msg]

	- repo: local
	hooks:
	- id: pyright # Must be last step as it takes long time to execute
	name: "Pyright (Type Checker)"
	stages: [pre-commit]
	language: system
	entry: bash -c "pyright --threads=10"
	types: [python]

	- id: pytest
	name: "Pytest"
	stages: [pre-commit]
	language: system
	entry: bash -c "cd backend && pytest"
	types: [python]
	pass_filenames: false