lintro 0.3.2__tar.gz → 0.4.3__tar.gz

{lintro-0.3.2 → lintro-0.4.3}/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2024 Eitel Dagnin
+Copyright (c) 2024 TurboCoder13
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

{lintro-0.3.2/lintro.egg-info → lintro-0.4.3}/PKG-INFO

@@ -1,11 +1,11 @@
 Metadata-Version: 2.4
 Name: lintro
-Version: 0.3.2
+Version: 0.4.3
 Summary: A unified CLI tool for code formatting, linting, and quality assurance
 Author-email: TurboCoder13 <turbocoder13@gmail.com>
 License: MIT License
         
-        Copyright (c) 2024 Eitel Dagnin
+        Copyright (c) 2024 TurboCoder13
         
         Permission is hereby granted, free of charge, to any person obtaining a copy
         of this software and associated documentation files (the "Software"), to deal
@@ -36,10 +36,10 @@ Classifier: Programming Language :: Python :: 3.13
 Classifier: Topic :: Software Development :: Quality Assurance
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Topic :: Utilities
-Requires-Python: <3.14,>=3.13
+Requires-Python: ==3.13.7
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: click==8.2.1
+Requires-Dist: click==8.1.8
 Requires-Dist: coverage-badge==1.1.2
 Requires-Dist: darglint==1.8.1
 Requires-Dist: loguru==0.7.3
@@ -47,25 +47,28 @@ Requires-Dist: tabulate==0.9.0
 Requires-Dist: yamllint==1.37.1
 Requires-Dist: httpx==0.28.1
 Requires-Dist: toml==0.10.2
-Requires-Dist: python-semantic-release>=9.12.0
+Requires-Dist: defusedxml==0.7.1
 Provides-Extra: dev
 Requires-Dist: pytest==8.4.1; extra == "dev"
 Requires-Dist: pytest-cov==6.2.1; extra == "dev"
 Requires-Dist: pytest-mock==3.14.1; extra == "dev"
-Requires-Dist: pytest-xdist==3.6.1; extra == "dev"
+Requires-Dist: pytest-xdist==3.8.0; extra == "dev"
 Requires-Dist: tox==4.28.4; extra == "dev"
 Requires-Dist: allure-pytest==2.15.0; extra == "dev"
 Requires-Dist: ruff; extra == "dev"
 Requires-Dist: mypy; extra == "dev"
 Requires-Dist: coverage-badge==1.1.2; extra == "dev"
-Requires-Dist: python-semantic-release==9.12.0; extra == "dev"
+Requires-Dist: python-semantic-release==10.3.1; extra == "dev"
+Requires-Dist: assertpy==1.1; extra == "dev"
+Requires-Dist: httpx==0.28.1; extra == "dev"
 Provides-Extra: test
 Requires-Dist: pytest==8.4.1; extra == "test"
 Requires-Dist: pytest-cov==6.2.1; extra == "test"
 Requires-Dist: pytest-mock==3.14.1; extra == "test"
-Requires-Dist: pytest-xdist==3.6.1; extra == "test"
+Requires-Dist: pytest-xdist==3.8.0; extra == "test"
+Requires-Dist: assertpy==1.1; extra == "test"
 Provides-Extra: typing
-Requires-Dist: types-setuptools==80.9.0.20250809; extra == "typing"
+Requires-Dist: types-setuptools==80.9.0.20250822; extra == "typing"
 Requires-Dist: types-tabulate==0.9.0.20241207; extra == "typing"
 Dynamic: license-file
 
@@ -79,6 +82,17 @@ A comprehensive CLI tool that unifies various code formatting, linting, and qual
 
 Lintro is a unified command-line interface that brings together multiple code quality tools into a single, easy-to-use package. Instead of managing separate tools like Ruff, Prettier, Yamllint, and others individually, Lintro provides a consistent interface for all your code quality needs.
 
+[![Python](https://img.shields.io/badge/python-3.13-blue)](https://www.python.org/downloads/)
+[![Coverage](https://codecov.io/gh/TurboCoder13/py-lintro/branch/main/graph/badge.svg)](https://codecov.io/gh/TurboCoder13/py-lintro)
+[![License](https://img.shields.io/badge/license-MIT-green)](LICENSE)
+[![Tests](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/test-and-coverage.yml?label=tests&branch=main&logo=githubactions&logoColor=white)](https://github.com/TurboCoder13/py-lintro/actions/workflows/test-and-coverage.yml?query=branch%3Amain)
+[![CI](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/ci-lintro-analysis.yml?label=ci&branch=main&logo=githubactions&logoColor=white)](https://github.com/TurboCoder13/py-lintro/actions/workflows/ci-lintro-analysis.yml?query=branch%3Amain)
+[![Docker](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/docker-build-publish.yml?label=docker&logo=docker&branch=main)](https://github.com/TurboCoder13/py-lintro/actions/workflows/docker-build-publish.yml?query=branch%3Amain)
+[![PyPI](https://img.shields.io/pypi/v/lintro?label=pypi)](https://pypi.org/project/lintro/)
+
+[![CodeQL](https://github.com/TurboCoder13/py-lintro/actions/workflows/codeql.yml/badge.svg?branch=main)](https://github.com/TurboCoder13/py-lintro/actions/workflows/codeql.yml?query=branch%3Amain)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/turbocoder13/py-lintro/badge)](https://securityscorecards.dev/viewer/?uri=github.com/turbocoder13/py-lintro)
+
 ### Why Lintro?
 
 - **🚀 Unified Interface**: One command to run all your linting and formatting tools
@@ -89,15 +103,6 @@ Lintro is a unified command-line interface that brings together multiple code qu
 - **⚡ Fast**: Optimized execution with efficient tool management
 - **🔒 Reliable**: Comprehensive test suite with 84% coverage
 
-[![Python](https://img.shields.io/badge/python-3.13-blue)](https://www.python.org/downloads/)
-[![Coverage](assets/images/coverage-badge.svg)](docs/coverage-setup.md)
-[![License](https://img.shields.io/badge/license-MIT-green)](LICENSE)
-[![Tests](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/test-and-coverage.yml?label=tests)](https://github.com/TurboCoder13/py-lintro/actions/workflows/test-and-coverage.yml)
-[![CI](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/ci-lintro-analysis.yml?label=ci)](https://github.com/TurboCoder13/py-lintro/actions/workflows/ci-lintro-analysis.yml)
-[![Docker](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/docker-build-publish.yml?label=docker&logo=docker)](https://github.com/TurboCoder13/py-lintro/actions/workflows/docker-build-publish.yml)
-[![Code Style](https://img.shields.io/badge/code%20style-ruff-black-blue)](https://github.com/astral-sh/ruff)
-[![PyPI](https://img.shields.io/pypi/v/lintro?label=pypi)](https://pypi.org/project/lintro/)
-
 ## Features
 
 - **Unified CLI** for multiple code quality tools
@@ -109,13 +114,15 @@ Lintro is a unified command-line interface that brings together multiple code qu
 
 ## Supported Tools
 
-| Tool         | Language/Format | Purpose              | Auto-fix |
-| ------------ | --------------- | -------------------- | -------- |
-| **Ruff**     | Python          | Linting & Formatting | ✅       |
-| **Darglint** | Python          | Docstring Validation | -        |
-| **Prettier** | JS/TS/JSON      | Code Formatting      | ✅       |
-| **Yamllint** | YAML            | Syntax & Style       | -        |
-| **Hadolint** | Dockerfile      | Best Practices       | -        |
+| Tool                                                                                                                                                | Language            | Auto-fix |
+| --------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -------- |
+| [![Actionlint](https://img.shields.io/badge/Actionlint-GitHub%20Workflows-24292e?logo=github&logoColor=white)](https://github.com/rhysd/actionlint) | ⚙️ GitHub Workflows | -        |
+| [![Bandit](https://img.shields.io/badge/Bandit-security-yellow?logo=python&logoColor=white)](https://github.com/PyCQA/bandit)                       | 🐍 Python           | -        |
+| [![Darglint](https://img.shields.io/badge/Darglint-docstrings-3776AB?logo=python&logoColor=white)](https://github.com/terrencepreilly/darglint)     | 🐍 Python           | -        |
+| [![Hadolint](https://img.shields.io/badge/Hadolint-lint-2496ED?logo=docker&logoColor=white)](https://github.com/hadolint/hadolint)                  | 🐳 Dockerfile       | -        |
+| [![Prettier](https://img.shields.io/badge/Prettier-format-1a2b34?logo=prettier&logoColor=white)](https://prettier.io/)                              | 🟨 JS/TS · 🧾 JSON  | ✅       |
+| [![Ruff](https://img.shields.io/badge/Ruff-lint%2Bformat-000?logo=ruff&logoColor=white)](https://github.com/astral-sh/ruff)                         | 🐍 Python           | ✅       |
+| [![Yamllint](https://img.shields.io/badge/Yamllint-lint-cb171e?logo=yaml&logoColor=white)](https://github.com/adrienverge/yamllint)                 | 🧾 YAML             | -        |
 
 ## Quick Start
 
@@ -149,7 +156,7 @@ lintro format
 lintro check --output-format grid
 
 # Run specific tools only
-lintro check --tools ruff,prettier
+lintro check --tools ruff,prettier,actionlint
 
 # List all available tools
 lintro list-tools
@@ -206,8 +213,8 @@ lintro check --output-format grid --group-by code  # Group by error type
 # Exclude patterns
 lintro check --exclude "migrations,node_modules,dist"
 
-# Tool-specific options
-lintro check --tool-options "ruff:--line-length=88,prettier:--print-width=80"
+# Tool-specific options use key=value (lists with |)
+lintro check --tool-options "ruff:line_length=88,prettier:print_width=80"
 
 # Ruff fix configuration (fmt):
 # By default, fmt applies both lint fixes and formatting for Ruff.

{lintro-0.3.2 → lintro-0.4.3}/README.md

@@ -8,6 +8,17 @@ A comprehensive CLI tool that unifies various code formatting, linting, and qual
 
 Lintro is a unified command-line interface that brings together multiple code quality tools into a single, easy-to-use package. Instead of managing separate tools like Ruff, Prettier, Yamllint, and others individually, Lintro provides a consistent interface for all your code quality needs.
 
+[![Python](https://img.shields.io/badge/python-3.13-blue)](https://www.python.org/downloads/)
+[![Coverage](https://codecov.io/gh/TurboCoder13/py-lintro/branch/main/graph/badge.svg)](https://codecov.io/gh/TurboCoder13/py-lintro)
+[![License](https://img.shields.io/badge/license-MIT-green)](LICENSE)
+[![Tests](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/test-and-coverage.yml?label=tests&branch=main&logo=githubactions&logoColor=white)](https://github.com/TurboCoder13/py-lintro/actions/workflows/test-and-coverage.yml?query=branch%3Amain)
+[![CI](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/ci-lintro-analysis.yml?label=ci&branch=main&logo=githubactions&logoColor=white)](https://github.com/TurboCoder13/py-lintro/actions/workflows/ci-lintro-analysis.yml?query=branch%3Amain)
+[![Docker](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/docker-build-publish.yml?label=docker&logo=docker&branch=main)](https://github.com/TurboCoder13/py-lintro/actions/workflows/docker-build-publish.yml?query=branch%3Amain)
+[![PyPI](https://img.shields.io/pypi/v/lintro?label=pypi)](https://pypi.org/project/lintro/)
+
+[![CodeQL](https://github.com/TurboCoder13/py-lintro/actions/workflows/codeql.yml/badge.svg?branch=main)](https://github.com/TurboCoder13/py-lintro/actions/workflows/codeql.yml?query=branch%3Amain)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/turbocoder13/py-lintro/badge)](https://securityscorecards.dev/viewer/?uri=github.com/turbocoder13/py-lintro)
+
 ### Why Lintro?
 
 - **🚀 Unified Interface**: One command to run all your linting and formatting tools
@@ -18,15 +29,6 @@ Lintro is a unified command-line interface that brings together multiple code qu
 - **⚡ Fast**: Optimized execution with efficient tool management
 - **🔒 Reliable**: Comprehensive test suite with 84% coverage
 
-[![Python](https://img.shields.io/badge/python-3.13-blue)](https://www.python.org/downloads/)
-[![Coverage](assets/images/coverage-badge.svg)](docs/coverage-setup.md)
-[![License](https://img.shields.io/badge/license-MIT-green)](LICENSE)
-[![Tests](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/test-and-coverage.yml?label=tests)](https://github.com/TurboCoder13/py-lintro/actions/workflows/test-and-coverage.yml)
-[![CI](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/ci-lintro-analysis.yml?label=ci)](https://github.com/TurboCoder13/py-lintro/actions/workflows/ci-lintro-analysis.yml)
-[![Docker](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/docker-build-publish.yml?label=docker&logo=docker)](https://github.com/TurboCoder13/py-lintro/actions/workflows/docker-build-publish.yml)
-[![Code Style](https://img.shields.io/badge/code%20style-ruff-black-blue)](https://github.com/astral-sh/ruff)
-[![PyPI](https://img.shields.io/pypi/v/lintro?label=pypi)](https://pypi.org/project/lintro/)
-
 ## Features
 
 - **Unified CLI** for multiple code quality tools
@@ -38,13 +40,15 @@ Lintro is a unified command-line interface that brings together multiple code qu
 
 ## Supported Tools
 
-| Tool         | Language/Format | Purpose              | Auto-fix |
-| ------------ | --------------- | -------------------- | -------- |
-| **Ruff**     | Python          | Linting & Formatting | ✅       |
-| **Darglint** | Python          | Docstring Validation | -        |
-| **Prettier** | JS/TS/JSON      | Code Formatting      | ✅       |
-| **Yamllint** | YAML            | Syntax & Style       | -        |
-| **Hadolint** | Dockerfile      | Best Practices       | -        |
+| Tool                                                                                                                                                | Language            | Auto-fix |
+| --------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -------- |
+| [![Actionlint](https://img.shields.io/badge/Actionlint-GitHub%20Workflows-24292e?logo=github&logoColor=white)](https://github.com/rhysd/actionlint) | ⚙️ GitHub Workflows | -        |
+| [![Bandit](https://img.shields.io/badge/Bandit-security-yellow?logo=python&logoColor=white)](https://github.com/PyCQA/bandit)                       | 🐍 Python           | -        |
+| [![Darglint](https://img.shields.io/badge/Darglint-docstrings-3776AB?logo=python&logoColor=white)](https://github.com/terrencepreilly/darglint)     | 🐍 Python           | -        |
+| [![Hadolint](https://img.shields.io/badge/Hadolint-lint-2496ED?logo=docker&logoColor=white)](https://github.com/hadolint/hadolint)                  | 🐳 Dockerfile       | -        |
+| [![Prettier](https://img.shields.io/badge/Prettier-format-1a2b34?logo=prettier&logoColor=white)](https://prettier.io/)                              | 🟨 JS/TS · 🧾 JSON  | ✅       |
+| [![Ruff](https://img.shields.io/badge/Ruff-lint%2Bformat-000?logo=ruff&logoColor=white)](https://github.com/astral-sh/ruff)                         | 🐍 Python           | ✅       |
+| [![Yamllint](https://img.shields.io/badge/Yamllint-lint-cb171e?logo=yaml&logoColor=white)](https://github.com/adrienverge/yamllint)                 | 🧾 YAML             | -        |
 
 ## Quick Start
 
@@ -78,7 +82,7 @@ lintro format
 lintro check --output-format grid
 
 # Run specific tools only
-lintro check --tools ruff,prettier
+lintro check --tools ruff,prettier,actionlint
 
 # List all available tools
 lintro list-tools
@@ -135,8 +139,8 @@ lintro check --output-format grid --group-by code  # Group by error type
 # Exclude patterns
 lintro check --exclude "migrations,node_modules,dist"
 
-# Tool-specific options
-lintro check --tool-options "ruff:--line-length=88,prettier:--print-width=80"
+# Tool-specific options use key=value (lists with |)
+lintro check --tool-options "ruff:line_length=88,prettier:print_width=80"
 
 # Ruff fix configuration (fmt):
 # By default, fmt applies both lint fixes and formatting for Ruff.

{lintro-0.3.2 → lintro-0.4.3}/assets/images/coverage-badge.svg

@@ -15,7 +15,7 @@
     <g fill="#fff" text-anchor="middle" font-family="DejaVu Sans,Verdana,Geneva,sans-serif" font-size="110">
         <text x="325" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="530">coverage</text>
         <text x="325" y="140" transform="scale(.1)" textLength="530">coverage</text>
-        <text x="800" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="260">80.3%</text>
-        <text x="800" y="140" transform="scale(.1)" textLength="260">80.3%</text>
+        <text x="800" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="260">82.0%</text>
+        <text x="800" y="140" transform="scale(.1)" textLength="260">82.0%</text>
     </g>
 </svg>

{lintro-0.3.2 → lintro-0.4.3}/docs/README.md

@@ -105,13 +105,15 @@ lintro format
 
 ## 🛠️ Supported Tools
 
-| Tool         | Language/Format | Purpose              | Documentation                                           |
-| ------------ | --------------- | -------------------- | ------------------------------------------------------- |
-| **Ruff**     | Python          | Linting & Formatting | [Config Guide](configuration.md#ruff-configuration)     |
-| **Darglint** | Python          | Docstring Validation | [Analysis](tool-analysis/darglint-analysis.md)          |
-| **Prettier** | JS/TS/JSON/CSS  | Code Formatting      | [Analysis](tool-analysis/prettier-analysis.md)          |
-| **Yamllint** | YAML            | Syntax & Style       | [Config Guide](configuration.md#yamllint-configuration) |
-| **Hadolint** | Dockerfile      | Best Practices       | [Config Guide](configuration.md#hadolint-configuration) |
+| Tool           | Language/Format  | Purpose              | Documentation                                           |
+| -------------- | ---------------- | -------------------- | ------------------------------------------------------- |
+| **Ruff**       | Python           | Linting & Formatting | [Config Guide](configuration.md#ruff-configuration)     |
+| **Darglint**   | Python           | Docstring Validation | [Analysis](tool-analysis/darglint-analysis.md)          |
+| **Bandit**     | Python           | Security Linting     | [Analysis](tool-analysis/bandit-analysis.md)            |
+| **Prettier**   | JS/TS/JSON/CSS   | Code Formatting      | [Analysis](tool-analysis/prettier-analysis.md)          |
+| **Yamllint**   | YAML             | Syntax & Style       | [Config Guide](configuration.md#yamllint-configuration) |
+| **Actionlint** | GitHub Workflows | Workflow Linting     | [Analysis](tool-analysis/actionlint-analysis.md)        |
+| **Hadolint**   | Dockerfile       | Best Practices       | [Config Guide](configuration.md#hadolint-configuration) |
 
 ## 📋 Command Reference
 

{lintro-0.3.2 → lintro-0.4.3}/docs/configuration.md

@@ -27,8 +27,11 @@ lintro check path/to/files                   # Check specific paths
 #### Tool-Specific Options
 
 ```bash
-# Tool-specific options
-lintro check --tool-options "ruff:--line-length=88,prettier:--print-width=80"
+# Tool-specific options (key=value; lists use |)
+lintro check --tool-options "ruff:line_length=88,prettier:print_width=80"
+
+# Example with lists and booleans
+lintro check --tool-options "ruff:select=E|F|W,ruff:preview=True"
 
 # Exclude patterns
 lintro check --exclude "*.pyc,venv,node_modules"
@@ -132,6 +135,46 @@ select = E,W,F,I,N,D
 exclude = .git,__pycache__,.venv
 ```
 
+#### Bandit Configuration
+
+**File:** `pyproject.toml`
+
+```toml
+[tool.bandit]
+exclude_dirs = ["tests", "venv", ".git"]
+tests = ["B101,B102,B103"]  # Specific test IDs to run
+skips = ["B101"]            # Test IDs to skip
+confidence = "MEDIUM"       # Minimum confidence level
+severity = "LOW"           # Minimum severity level
+
+[tool.bandit.assert_used]
+exclude = ["test_*.py"]     # Files to exclude from assert_used test
+```
+
+**File:** `.bandit`
+
+```ini
+[bandit]
+exclude = tests,venv,.git
+tests = B101,B102,B103
+skips = B101
+confidence = MEDIUM
+severity = LOW
+
+[[tool.bandit.assert_used]]
+exclude = test_*.py
+```
+
+**Available Options:**
+
+- `tests`: Comma-separated list of test IDs to run
+- `skips`: Comma-separated list of test IDs to skip
+- `exclude`: Comma-separated list of paths to exclude
+- `exclude_dirs`: List of directories to exclude (pyproject.toml only)
+- `severity`: Minimum severity level (`LOW`, `MEDIUM`, `HIGH`)
+- `confidence`: Minimum confidence level (`LOW`, `MEDIUM`, `HIGH`)
+- `baseline`: Path to baseline report for comparison
+
 #### Darglint Configuration
 
 **File:** `.darglint`
@@ -326,6 +369,25 @@ RUN apt-get update && apt-get install -y \
     python3-pip
 ```
 
+#### Actionlint Configuration
+
+Actionlint validates GitHub Actions workflows. Lintro discovers workflow files
+under `/.github/workflows/` when you run `lintro check .` and invokes the
+`actionlint` binary.
+
+- Discovery: YAML files filtered to those in `/.github/workflows/`
+- Defaults: Lintro does not pass special flags; native actionlint defaults are used
+- Local install: use `scripts/utils/install-tools.sh --local` to place `actionlint` on PATH
+- Docker/CI: the Docker image installs `actionlint` during build, so CI tests run it
+
+```bash
+# Validate workflows only
+lintro check --tools actionlint
+
+# Validate workflows along with other tools
+lintro check --tools ruff,actionlint
+```
+
 ## Project-Specific Configuration
 
 ### Multi-Language Projects

{lintro-0.3.2 → lintro-0.4.3}/docs/contributing.md

@@ -81,3 +81,64 @@ Release automation:
 - Tag push publishes to PyPI (OIDC) and creates a GitHub Release with artifacts.
 
 For detailed contribution guidelines, see the project documentation or contact a maintainer.
+
+---
+
+## Tool Integration Guidelines
+
+This section describes how to add a new external tool to Lintro while keeping a
+consistent UX and maintainable implementation.
+
+### Principles
+
+- Minimal defaults: invoke the native CLI without forcing special formats.
+- Predictable discovery: put file-discovery rules into the tool implementation
+  (e.g., Actionlint filters to `/.github/workflows/`).
+- Wrapper, not replacement: rely on tool defaults and parse its standard
+  output; only add switches when strictly necessary for parsing.
+
+### Implementation Steps
+
+1. Core code
+
+- Create a tool class in `lintro/tools/implementations/` (subclass `BaseTool`).
+- Implement `check()` (and `fix()` only if the tool supports auto-fixes).
+- Add a parser module in `lintro/parsers/<tool>/` for the tool's default output.
+- Add a formatter in `lintro/formatters/tools/` with a `TableDescriptor`.
+- Register the tool in `lintro/tools/tool_enum.py`.
+- Register the table formatter in `TOOL_TABLE_FORMATTERS` within
+  `lintro/utils/tool_utils.py`.
+
+2. Tests
+
+- Put minimal violation samples in `test_samples/`.
+- Add unit tests for the parser.
+- Add integration tests that:
+  - Run the tool directly (CLI) on the sample
+  - Run the tool via Lintro and compare parity (issue counts, status)
+  - Use realistic paths (e.g., `.github/workflows/` for Actionlint)
+- Allow local skip when a system binary is missing (CI/Docker installs tools).
+
+3. Installer support
+
+- Update `scripts/utils/install-tools.sh` to install the binary.
+- Prefer upstream installers when available (uv/pip, npm, official script,
+  Homebrew). For OS/arch tarballs, encapsulate download/extract in a helper.
+- Verify checksums when possible.
+
+4. Docs checklist
+
+- Update `README.md` Supported Tools table and CLI examples.
+- Update `docs/getting-started.md` with a short usage example.
+- Update `docs/configuration.md` with discovery notes and usage tips.
+
+5. CI and Docker
+
+- The Docker image installs all supported tools; integration tests should run
+  without skipping inside Docker/CI.
+
+### Pass-through Options (optional)
+
+Expose native flags via `--tool-options tool:key=value` only after the core
+behavior is stable. Keep defaults minimal to avoid surprising users and to
+maintain parity with direct CLI behavior.

{lintro-0.3.2 → lintro-0.4.3}/docs/getting-started.md

@@ -149,6 +149,12 @@ lintro check .github/ config/ --tools yamllint
 **Tools:**
 
 - **Yamllint** - YAML syntax and style validation
+- **Actionlint** - GitHub Actions workflow validation (files under `.github/workflows/`)
+
+```bash
+# Validate GitHub workflows
+lintro check --tools actionlint
+```
 
 ### Docker Files
 
@@ -247,8 +253,8 @@ rules:
 ### Lintro-Specific Options
 
 ```bash
-# Tool timeouts
-lintro check --tool-options "ruff:--line-length=88,prettier:--print-width=80"
+# Tool options use key=value (lists with |, booleans True/False)
+lintro check --tool-options "ruff:line_length=88,prettier:print_width=80"
 
 # Exclude patterns
 lintro check --exclude "migrations,node_modules,dist"

{lintro-0.3.2 → lintro-0.4.3}/docs/github-integration.md

@@ -133,7 +133,7 @@ Edit the workflow files to match your project structure:
     uv run lintro check *.json --tools prettier --output-format grid
 ```
 
-### 3. Configure Repository Settings
+### 3. Configure Repository Settings (optional for Pages)
 
 **Enable GitHub Pages:**
 
@@ -141,18 +141,18 @@ Edit the workflow files to match your project structure:
 2. Select **Source:** "GitHub Actions"
 3. Your coverage badge will be available at: `https://TurboCoder13.github.io/py-lintro/badges/coverage.svg`
 
-## Release Automation
+## Release Automation (Single Release Train)
 
 The repository ships with fully automated semantic releases and PyPI publishing.
 
 - **Automated Release PR** (`.github/workflows/semantic-release.yml`)
   - On push to `main`, computes the next version from Conventional Commits
   - Updates `pyproject.toml` and `lintro/__init__.py`
-  - Opens a Release PR and enables auto-merge; once checks pass, it merges
+  - Opens a Release PR (no direct push to main) and enables auto-merge; once checks pass, it merges
 
 - **Auto Tag on Main** (`.github/workflows/auto-tag-on-main.yml`)
-  - After the Release PR is merged, detects the new version in `pyproject.toml`
-  - Creates and pushes a matching git tag if it does not already exist
+  - After the Release PR is merged, a guard step ensures the last commit matches `chore(release):` pattern
+  - Detects the new version in `pyproject.toml`, and creates/pushes the tag if it does not already exist
 
 - **Publish to PyPI on Tag** (`.github/workflows/publish-pypi-on-tag.yml`)
   - On tag push (e.g., `1.2.3`), verifies tag equals `pyproject.toml` version
@@ -161,6 +161,35 @@ The repository ships with fully automated semantic releases and PyPI publishing.
 
 > End-to-end: Conventional commits → Release PR (auto-merged) → Tag created → PyPI publish.
 
+### Permissions Model (least privilege)
+
+- Default each workflow to `permissions: { contents: read }`.
+- Grant elevated permissions only where required:
+  - Tag creation job: `contents: write`.
+  - PyPI publish job: `id-token: write` (for OIDC) and `contents: write` only if creating a GH Release.
+  - PR comment jobs: `pull-requests: write`.
+
+### Why we do not allow `astral-sh/setup-uv`
+
+Our Actions policy requires that all actions (including transitive actions used by
+composites) are allowlisted and pinned to a full commit SHA. The
+`astral-sh/setup-uv` action invokes `actions/setup-python@v5` internally, which
+is both not on our allowlist and referenced by tag (not a 40-char SHA). This
+causes policy enforcement to block any job that uses `setup-uv`.
+
+To comply, we replaced it with an internal composite `setup-env` that:
+
+- installs `uv` via `pip` (no nested actions),
+- provisions the requested Python version via `uv python install`, and
+- syncs dependencies, keeping our pipeline policy-compliant.
+
+Deprecated/manual flows (e.g., direct Release creation workflows) are removed to avoid parallel release paths.
+
+### Labels & guards
+
+- Release PRs are labeled `release-bump` to make them easy to target in policies.
+- Tagging is guarded in `auto-tag-on-main.yml` by checking the last commit title starts with `chore(release):` to ensure tags are only created after Release PR merges.
+
 ### Security & Pinning
 
 - Third-party actions are pinned to commit SHAs for reproducibility and supply-chain safety.

{lintro-0.3.2 → lintro-0.4.3}/docs/tool-analysis/README.md

@@ -38,6 +38,22 @@ This directory contains comprehensive analyses comparing Lintro's wrapper implem
 
 ### [Hadolint Analysis](./hadolint-analysis.md)
 
+### [Bandit Analysis](./bandit-analysis.md)
+
+**Python Security Linter**
+
+- ✅ **Preserved**: Recursive scanning, severity/confidence gates, config/baseline
+- ⚠️ **Defaults**: JSON output and quiet logs for stable parsing
+- 🚀 **Notes**: Robust JSON extraction; normalized reporting
+
+### [Actionlint Analysis](./actionlint-analysis.md)
+
+**GitHub Actions Workflow Linter**
+
+- ✅ **Preserved**: Default output, rule detection, workflow path targeting
+- ⚠️ **Defaults**: No flags; filtered to `/.github/workflows/`
+- 🚀 **Notes**: Normalized parsing and formatting
+
 **Dockerfile Linter for Best Practices**
 
 - ✅ **Preserved**: Dockerfile analysis, shell script linting, best practices, security scanning

lintro-0.4.3/docs/tool-analysis/actionlint-analysis.md

@@ -0,0 +1,68 @@
+# Actionlint Tool Analysis
+
+## Overview
+
+Actionlint is a linter for GitHub Actions workflow files. This analysis compares
+Lintro's wrapper with the core Actionlint tool.
+
+## Core Tool Capabilities
+
+- **Workflow linting**: Checks YAML under `.github/workflows/`
+- **ShellCheck integration**: Lints shell snippets in `run:` steps
+- **Rule configuration**: Enable/disable specific checks via config or flags
+- **Formatting**: Default text output, `-format`/`-oneline`, color toggles
+
+## Lintro Implementation Analysis
+
+### ✅ Preserved Features
+
+- ✅ Uses default Actionlint output; robust parser maps to structured issues
+- ✅ Filters input files to `/.github/workflows/` paths
+- ✅ Respects workflow discovery through file walking
+
+### ⚠️ Defaults and Notes
+
+- ⚠️ No flags by default (portable across versions and platforms)
+- ⚠️ ShellCheck behavior left to upstream defaults
+
+### 🚀 Enhancements
+
+- ✅ Normalized output (tables/JSON) via Lintro formatters
+- ✅ Unified CLI and reporting experience
+
+## Usage Comparison
+
+### Core Actionlint
+
+```bash
+actionlint .github/workflows/ci.yml
+actionlint -no-color -format oneline .github/workflows/
+```
+
+### Lintro Wrapper
+
+```python
+from lintro.tools.implementations.tool_actionlint import ActionlintTool
+
+tool = ActionlintTool()
+result = tool.check(["."])
+```
+
+## ⚠️ Limited/Missing Features
+
+- ⚠️ ShellCheck toggles (`-shellcheck`, `-no-shellcheck`) not exposed
+- ⚠️ Config path (`-config-file`) not exposed
+- ⚠️ Rule enable/disable flags not exposed
+- ⚠️ Output formatting flags (`-format`, `-oneline`, color) not exposed
+
+### 🔧 Proposed runtime pass-throughs
+
+- `--tool-options actionlint:shellcheck=False`
+- `--tool-options actionlint:config=.actionlint.yaml`
+- `--tool-options actionlint:disable=rule1|rule2`
+- `--tool-options actionlint:format=oneline,actionlint:no_color=True`
+
+## Recommendations
+
+- Keep defaults minimal; add pass-throughs where CI or local workflows need
+  parity with upstream CLI settings.