strict-module 0.5.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- strict_module-0.5.0/.github/workflows/ci.yml +25 -0
- strict_module-0.5.0/.github/workflows/no-ai-attribution.yml +73 -0
- strict_module-0.5.0/.github/workflows/publish.yml +35 -0
- strict_module-0.5.0/.github/workflows/ruff.yml +29 -0
- strict_module-0.5.0/.github/workflows/strict-module.yml +30 -0
- strict_module-0.5.0/.gitignore +44 -0
- strict_module-0.5.0/CHANGELOG.md +160 -0
- strict_module-0.5.0/CODE_OF_CONDUCT.md +34 -0
- strict_module-0.5.0/CONTRIBUTING.md +30 -0
- strict_module-0.5.0/LICENSE +201 -0
- strict_module-0.5.0/PKG-INFO +740 -0
- strict_module-0.5.0/README.md +710 -0
- strict_module-0.5.0/SECURITY.md +18 -0
- strict_module-0.5.0/VERIFICATION.txt +96 -0
- strict_module-0.5.0/example/dto-strict-workflow.yml +20 -0
- strict_module-0.5.0/pyproject.toml +81 -0
- strict_module-0.5.0/strict_module/__init__.py +7 -0
- strict_module-0.5.0/strict_module/checkers.py +806 -0
- strict_module-0.5.0/strict_module/cli.py +152 -0
- strict_module-0.5.0/strict_module/config/__init__.py +6 -0
- strict_module-0.5.0/strict_module/config/_config.py +97 -0
- strict_module-0.5.0/strict_module/config/_version.py +3 -0
- strict_module-0.5.0/strict_module/linter.py +212 -0
- strict_module-0.5.0/strict_module/loc_cap.py +228 -0
- strict_module-0.5.0/strict_module/py.typed +0 -0
- strict_module-0.5.0/strict_module/rules.py +362 -0
- strict_module-0.5.0/tests/fixtures/bad/r001_bad_param.py +13 -0
- strict_module-0.5.0/tests/fixtures/bad/r001_bad_return.py +13 -0
- strict_module-0.5.0/tests/fixtures/bad/r002_bad_inline.py +22 -0
- strict_module-0.5.0/tests/fixtures/bad/r002_bad_non_serializer.py +32 -0
- strict_module-0.5.0/tests/fixtures/bad/r003_bad_dataclass.py +26 -0
- strict_module-0.5.0/tests/fixtures/bad/r004_bad_facade.py +16 -0
- strict_module-0.5.0/tests/fixtures/bad/r005_bad_validator.py +18 -0
- strict_module-0.5.0/tests/fixtures/bad/test_r007_bad_fixtures.py +14 -0
- strict_module-0.5.0/tests/fixtures/bad/test_r008_bad_bare_test_functions.py +17 -0
- strict_module-0.5.0/tests/fixtures/good/r001_good_basic.py +29 -0
- strict_module-0.5.0/tests/fixtures/good/r002_good_dict.py +27 -0
- strict_module-0.5.0/tests/fixtures/good/r002_good_serializer.py +37 -0
- strict_module-0.5.0/tests/fixtures/good/r002_multiple_dataclass_serializers.py +54 -0
- strict_module-0.5.0/tests/fixtures/good/r003_good_dataclass.py +20 -0
- strict_module-0.5.0/tests/fixtures/good/r004_good_facade.py +19 -0
- strict_module-0.5.0/tests/fixtures/good/r005_good_validator.py +36 -0
- strict_module-0.5.0/tests/fixtures/good/test_r008_good_test_class.py +22 -0
- strict_module-0.5.0/tests/test_baseline_ratchet.py +154 -0
- strict_module-0.5.0/tests/test_cli.py +94 -0
- strict_module-0.5.0/tests/test_compat_fallback.py +98 -0
- strict_module-0.5.0/tests/test_config_loading.py +46 -0
- strict_module-0.5.0/tests/test_github_format.py +68 -0
- strict_module-0.5.0/tests/test_loc_cap.py +289 -0
- strict_module-0.5.0/tests/test_loc_cap_test_exemption.py +77 -0
- strict_module-0.5.0/tests/test_noqa.py +132 -0
- strict_module-0.5.0/tests/test_noqa_r002.py +253 -0
- strict_module-0.5.0/tests/test_r001_dict_str_any.py +46 -0
- strict_module-0.5.0/tests/test_r001_strict_collections.py +108 -0
- strict_module-0.5.0/tests/test_r002_annotated_constants.py +158 -0
- strict_module-0.5.0/tests/test_r002_configurable_threshold.py +133 -0
- strict_module-0.5.0/tests/test_r002_inline_dict.py +37 -0
- strict_module-0.5.0/tests/test_r002_justification.py +98 -0
- strict_module-0.5.0/tests/test_r002_multiple_dataclass_regression.py +65 -0
- strict_module-0.5.0/tests/test_r002_serializer_exemption.py +50 -0
- strict_module-0.5.0/tests/test_r003_canonical.py +94 -0
- strict_module-0.5.0/tests/test_r003_dataclass_trio.py +38 -0
- strict_module-0.5.0/tests/test_r003_strict_relaxed.py +173 -0
- strict_module-0.5.0/tests/test_r004_auto_detect.py +134 -0
- strict_module-0.5.0/tests/test_r004_module_facade.py +38 -0
- strict_module-0.5.0/tests/test_r005_validator_pattern.py +37 -0
- strict_module-0.5.0/tests/test_r006_any.py +107 -0
- strict_module-0.5.0/tests/test_r007_fixtures.py +56 -0
- strict_module-0.5.0/tests/test_r008_test_functions.py +42 -0
- strict_module-0.5.0/tests/test_service_test_exemption.py +113 -0
- strict_module-0.5.0/uv.lock +295 -0
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
name: CI
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
pull_request:
|
|
5
|
+
push:
|
|
6
|
+
branches: [main]
|
|
7
|
+
|
|
8
|
+
jobs:
|
|
9
|
+
test:
|
|
10
|
+
runs-on: ubuntu-latest
|
|
11
|
+
strategy:
|
|
12
|
+
matrix:
|
|
13
|
+
python-version: ["3.11", "3.12"]
|
|
14
|
+
steps:
|
|
15
|
+
- uses: actions/checkout@v4
|
|
16
|
+
- uses: actions/setup-python@v5
|
|
17
|
+
with:
|
|
18
|
+
python-version: ${{ matrix.python-version }}
|
|
19
|
+
- name: Install
|
|
20
|
+
run: pip install -e .[dev]
|
|
21
|
+
- name: Test
|
|
22
|
+
run: pytest tests/ -v
|
|
23
|
+
- name: Dogfood lint
|
|
24
|
+
run: strict-module strict_module/ --format github
|
|
25
|
+
continue-on-error: true
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
name: Attribution Gate
|
|
2
|
+
|
|
3
|
+
# Server-side enforcement: rejects pushes/PRs whose commit messages contain
|
|
4
|
+
# Claude/Anthropic attribution. Catches GitHub squash-merge propagation that
|
|
5
|
+
# bypasses local commit-msg, pre-push, and PreToolUse hooks.
|
|
6
|
+
#
|
|
7
|
+
# Per-repo copy of the canonical attribution gate.
|
|
8
|
+
|
|
9
|
+
on:
|
|
10
|
+
push:
|
|
11
|
+
pull_request:
|
|
12
|
+
|
|
13
|
+
permissions:
|
|
14
|
+
contents: read
|
|
15
|
+
pull-requests: read
|
|
16
|
+
|
|
17
|
+
jobs:
|
|
18
|
+
scan:
|
|
19
|
+
name: Scan commit messages for attribution
|
|
20
|
+
runs-on: ubuntu-latest
|
|
21
|
+
steps:
|
|
22
|
+
- name: Checkout (full history)
|
|
23
|
+
uses: actions/checkout@v4
|
|
24
|
+
with:
|
|
25
|
+
fetch-depth: 0
|
|
26
|
+
|
|
27
|
+
- name: Determine commit range
|
|
28
|
+
id: range
|
|
29
|
+
env:
|
|
30
|
+
EVENT_NAME: ${{ github.event_name }}
|
|
31
|
+
PR_BASE: ${{ github.event.pull_request.base.sha }}
|
|
32
|
+
PR_HEAD: ${{ github.event.pull_request.head.sha }}
|
|
33
|
+
PUSH_BEFORE: ${{ github.event.before }}
|
|
34
|
+
PUSH_AFTER: ${{ github.event.after }}
|
|
35
|
+
run: |
|
|
36
|
+
set -euo pipefail
|
|
37
|
+
if [ "$EVENT_NAME" = "pull_request" ]; then
|
|
38
|
+
BASE="$PR_BASE"
|
|
39
|
+
HEAD="$PR_HEAD"
|
|
40
|
+
else
|
|
41
|
+
BASE="$PUSH_BEFORE"
|
|
42
|
+
HEAD="$PUSH_AFTER"
|
|
43
|
+
if [ "$BASE" = "0000000000000000000000000000000000000000" ] || [ -z "$BASE" ]; then
|
|
44
|
+
git fetch origin main:refs/remotes/origin/main 2>/dev/null || true
|
|
45
|
+
BASE=$(git merge-base origin/main "$HEAD" 2>/dev/null || git rev-list --max-parents=0 "$HEAD" | tail -1)
|
|
46
|
+
fi
|
|
47
|
+
fi
|
|
48
|
+
echo "base=$BASE" >> "$GITHUB_OUTPUT"
|
|
49
|
+
echo "head=$HEAD" >> "$GITHUB_OUTPUT"
|
|
50
|
+
|
|
51
|
+
- name: Scan for Claude/Anthropic attribution
|
|
52
|
+
env:
|
|
53
|
+
BASE: ${{ steps.range.outputs.base }}
|
|
54
|
+
HEAD: ${{ steps.range.outputs.head }}
|
|
55
|
+
PATTERN: 'co-authored-by.*(claude|anthropic)|generated with claude|@claude|noreply@anthropic|🤖'
|
|
56
|
+
run: |
|
|
57
|
+
set -uo pipefail
|
|
58
|
+
OFFENDING=""
|
|
59
|
+
for sha in $(git rev-list "$BASE..$HEAD"); do
|
|
60
|
+
MSG=$(git log -1 --pretty=format:"%B" "$sha")
|
|
61
|
+
if echo "$MSG" | grep -qiE "$PATTERN"; then
|
|
62
|
+
AUTHOR=$(git log -1 --pretty=format:"%an" "$sha")
|
|
63
|
+
SUBJECT=$(git log -1 --pretty=format:"%s" "$sha")
|
|
64
|
+
OFFENDING="${OFFENDING} ${sha:0:8} | author=${AUTHOR} | ${SUBJECT}"$'\n'
|
|
65
|
+
fi
|
|
66
|
+
done
|
|
67
|
+
if [ -n "$OFFENDING" ]; then
|
|
68
|
+
echo "::error::Claude/Anthropic attribution detected in commit messages"
|
|
69
|
+
echo "Offending commits in range $BASE..$HEAD:"
|
|
70
|
+
printf '%s' "$OFFENDING"
|
|
71
|
+
exit 1
|
|
72
|
+
fi
|
|
73
|
+
echo "OK: no attribution detected in $BASE..$HEAD"
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
name: Publish to PyPI
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
release:
|
|
5
|
+
types: [published]
|
|
6
|
+
|
|
7
|
+
jobs:
|
|
8
|
+
publish:
|
|
9
|
+
name: Build + publish
|
|
10
|
+
runs-on: ubuntu-latest
|
|
11
|
+
environment: pypi # second-layer GitHub deployment-environment gate
|
|
12
|
+
permissions:
|
|
13
|
+
id-token: write # OIDC trusted publisher
|
|
14
|
+
contents: read
|
|
15
|
+
|
|
16
|
+
steps:
|
|
17
|
+
- name: Checkout
|
|
18
|
+
uses: actions/checkout@v4
|
|
19
|
+
|
|
20
|
+
- name: Set up Python
|
|
21
|
+
uses: actions/setup-python@v5
|
|
22
|
+
with:
|
|
23
|
+
python-version: '3.12'
|
|
24
|
+
|
|
25
|
+
- name: Install build deps
|
|
26
|
+
run: python -m pip install --upgrade build
|
|
27
|
+
|
|
28
|
+
- name: Build sdist + wheel
|
|
29
|
+
run: python -m build
|
|
30
|
+
|
|
31
|
+
- name: Verify artifacts
|
|
32
|
+
run: python -m pip install --upgrade twine && python -m twine check dist/*
|
|
33
|
+
|
|
34
|
+
- name: Publish to PyPI
|
|
35
|
+
uses: pypa/gh-action-pypi-publish@release/v1
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
name: Ruff
|
|
2
|
+
|
|
3
|
+
# Ruff lint + format check. Pinned to 0.15.14 to match local version.
|
|
4
|
+
# Format drift was previously undetected; this gate prevents future drift.
|
|
5
|
+
|
|
6
|
+
on:
|
|
7
|
+
pull_request:
|
|
8
|
+
push:
|
|
9
|
+
branches: [main]
|
|
10
|
+
|
|
11
|
+
concurrency:
|
|
12
|
+
group: ${{ github.workflow }}-${{ github.ref }}
|
|
13
|
+
cancel-in-progress: true
|
|
14
|
+
|
|
15
|
+
permissions:
|
|
16
|
+
contents: read
|
|
17
|
+
|
|
18
|
+
jobs:
|
|
19
|
+
ruff:
|
|
20
|
+
runs-on: ubuntu-latest
|
|
21
|
+
steps:
|
|
22
|
+
- uses: actions/checkout@v4
|
|
23
|
+
- uses: astral-sh/setup-uv@v4
|
|
24
|
+
with:
|
|
25
|
+
enable-cache: true
|
|
26
|
+
- name: Ruff lint
|
|
27
|
+
run: uvx ruff@0.15.14 check strict_module/
|
|
28
|
+
- name: Ruff format check
|
|
29
|
+
run: uvx ruff@0.15.14 format --check strict_module/
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
name: strict-module
|
|
2
|
+
|
|
3
|
+
# DTO-discipline lint (frozen+slots, facade-ban, R001-R006). Per-repo copy of
|
|
4
|
+
# the canonical gate; runs on the strict-module package itself (self-lint).
|
|
5
|
+
# Lint step: source directory only.
|
|
6
|
+
|
|
7
|
+
on:
|
|
8
|
+
pull_request:
|
|
9
|
+
push:
|
|
10
|
+
branches: [main]
|
|
11
|
+
|
|
12
|
+
concurrency:
|
|
13
|
+
group: ${{ github.workflow }}-${{ github.ref }}
|
|
14
|
+
cancel-in-progress: true
|
|
15
|
+
|
|
16
|
+
permissions:
|
|
17
|
+
contents: read
|
|
18
|
+
|
|
19
|
+
jobs:
|
|
20
|
+
lint:
|
|
21
|
+
runs-on: ubuntu-latest
|
|
22
|
+
steps:
|
|
23
|
+
- uses: actions/checkout@v4
|
|
24
|
+
- uses: astral-sh/setup-uv@v4
|
|
25
|
+
with:
|
|
26
|
+
enable-cache: true
|
|
27
|
+
- name: Install Python 3.12
|
|
28
|
+
run: uv python install 3.12
|
|
29
|
+
- name: Run strict-module
|
|
30
|
+
run: uv run --python 3.12 python -m strict_module.cli strict_module/ --format github
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
__pycache__/
|
|
2
|
+
*.py[cod]
|
|
3
|
+
*$py.class
|
|
4
|
+
*.so
|
|
5
|
+
.Python
|
|
6
|
+
build/
|
|
7
|
+
develop-eggs/
|
|
8
|
+
dist/
|
|
9
|
+
downloads/
|
|
10
|
+
eggs/
|
|
11
|
+
.eggs/
|
|
12
|
+
lib/
|
|
13
|
+
lib64/
|
|
14
|
+
parts/
|
|
15
|
+
sdist/
|
|
16
|
+
var/
|
|
17
|
+
wheels/
|
|
18
|
+
pip-wheel-metadata/
|
|
19
|
+
share/python-wheels/
|
|
20
|
+
*.egg-info/
|
|
21
|
+
.installed.cfg
|
|
22
|
+
*.egg
|
|
23
|
+
MANIFEST
|
|
24
|
+
.pytest_cache/
|
|
25
|
+
.coverage
|
|
26
|
+
.coverage.*
|
|
27
|
+
.cache
|
|
28
|
+
nosetests.xml
|
|
29
|
+
coverage.xml
|
|
30
|
+
*.cover
|
|
31
|
+
*.py,cover
|
|
32
|
+
.hypothesis/
|
|
33
|
+
.venv
|
|
34
|
+
env/
|
|
35
|
+
venv/
|
|
36
|
+
ENV/
|
|
37
|
+
env.bak/
|
|
38
|
+
venv.bak/
|
|
39
|
+
.idea/
|
|
40
|
+
.vscode/
|
|
41
|
+
*.swp
|
|
42
|
+
*.swo
|
|
43
|
+
*~
|
|
44
|
+
.DS_Store
|
|
@@ -0,0 +1,160 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
All notable changes to this project will be documented in this file.
|
|
4
|
+
|
|
5
|
+
## [Unreleased]
|
|
6
|
+
|
|
7
|
+
### Added
|
|
8
|
+
|
|
9
|
+
### Changed
|
|
10
|
+
|
|
11
|
+
### Fixed
|
|
12
|
+
|
|
13
|
+
## [0.5.0] - 2026-07-06
|
|
14
|
+
|
|
15
|
+
### Changed
|
|
16
|
+
|
|
17
|
+
- **Package renamed from `dto-strict` to `strict-module`** - Renamed to follow category-first naming conventions (strict- prefix). GitHub repository renamed to `github.com/jekhator/strict-module`. PyPI package name updated to `strict-module`.
|
|
18
|
+
- **Flattened package layout** - Source code moved from `src/dto_strict/` to `strict_module/` at repository root, adopting the suite's standard flat-namespace layout.
|
|
19
|
+
- **Version single-sourced in `strict_module/config/_version.py`** - Eliminates version drift between package metadata and source. Hatch now dynamically reads version from this file.
|
|
20
|
+
|
|
21
|
+
### Added
|
|
22
|
+
|
|
23
|
+
- **Backward-compatible config fallbacks** - Configuration loading now checks `[tool.strict-module]` first, then falls back to `[tool.dto-strict]` for compatibility with existing codebases. Both are supported; new code should use `[tool.strict-module]`.
|
|
24
|
+
- **Backward-compatible baseline fallbacks** - Baseline file loading checks `.strict-module-baseline.json` first, then falls back to `.dto-strict-baseline.json`.
|
|
25
|
+
- **Entry point alias** - The `dto-strict` CLI command remains available as a backward-compatibility alias, pointing to the same implementation as the new `strict-module` command.
|
|
26
|
+
- **Comprehensive compatibility tests** - New test suite (`test_compat_fallback.py`) covers config and baseline file fallback scenarios.
|
|
27
|
+
|
|
28
|
+
### Deprecated
|
|
29
|
+
|
|
30
|
+
- `[tool.dto-strict]` configuration section - use `[tool.strict-module]` instead. Old section still works but will be removed in v1.0.
|
|
31
|
+
- `dto-strict` CLI command name - use `strict-module` instead. Old name still works but will be removed in v1.0.
|
|
32
|
+
- `.dto-strict-baseline.json` filename - use `.strict-module-baseline.json` instead. Old filename still works but will be removed in v1.0.
|
|
33
|
+
|
|
34
|
+
## [0.4.1] - 2026-06-11
|
|
35
|
+
|
|
36
|
+
### Fixed
|
|
37
|
+
|
|
38
|
+
- **R002 no longer false-positives on dict literals returned from to_* serializer methods** - Dict literals returned from methods whose name starts with `to_` in a `@dataclass`-decorated class are now correctly exempted. The returned dict is the dataclass's serialized output, not an unconverted business shape. Non-dataclass classes and non-`to_*` methods remain flagged as before. Example: `class UserDTO` with `def to_dict(self) -> dict: return {"id": self.id, "name": self.name, "email": self.email}` now passes (no R002 violation).
|
|
39
|
+
|
|
40
|
+
- **`dto-strict loc-cap` now exempts test files from the line-of-code cap** - Test files are automatically excluded from LOC enforcement, mirroring the v0.4.0 lint exemption set. A file is a test file if its basename is `conftest.py`, matches `test_*.py`, or is under a `tests/` directory. This prevents test fixtures and test helpers from inflating LOC metrics. Baseline files remain unaffected; improvements in test files are still reflected in ratchet calculations.
|
|
41
|
+
|
|
42
|
+
### Changed
|
|
43
|
+
|
|
44
|
+
- `is_test_file()` utility now checks for `/tests/` directory path segments in addition to basename patterns. This enables `loc-cap` to properly exempt test files found anywhere under a `tests/` directory structure.
|
|
45
|
+
|
|
46
|
+
## [0.4.0] - 2026-06-07
|
|
47
|
+
|
|
48
|
+
### Added
|
|
49
|
+
|
|
50
|
+
- **Test file exemption from DTO rules (R001, R004, R006)** - Service-layer rules (R001, R004, R006) now automatically exempt test files from linting. A file is considered a test file if its basename is `conftest.py`, matches `test_*.py`, or contains a `/tests/` path segment. This prevents false positives in test fixtures and test helpers that may use `Dict[str, Any]`, module-level functions, or `typing.Any` for legitimate testing purposes.
|
|
51
|
+
|
|
52
|
+
- **R007 - Pytest fixtures must be in conftest.py** - New rule that flags `@pytest.fixture` decorators defined in test files other than `conftest.py`. Fixtures are test infrastructure and belong in the module-level fixtures file (conftest.py), not scattered across test modules. Rule applies only to test files (basename `conftest.py`, `test_*.py`, or under `/tests/`).
|
|
53
|
+
|
|
54
|
+
- **R008 - Bare module-level test functions** - New rule that flags test functions (matching `def test_*`) defined at module level in test files. Test functions must be organized into `Test<Concern>` classes for clarity and pytest discovery. Rule applies only to test files.
|
|
55
|
+
|
|
56
|
+
### Changed
|
|
57
|
+
|
|
58
|
+
- `is_service_path()` and `is_dto_path()` now check `is_test_file()` before pattern matching, ensuring test files never match service or DTO paths regardless of naming.
|
|
59
|
+
|
|
60
|
+
### Improved
|
|
61
|
+
|
|
62
|
+
- Configuration section for pytest discipline rules now documented in README (new "Pytest Discipline" section).
|
|
63
|
+
|
|
64
|
+
## [0.3.0] - 2026-06-04
|
|
65
|
+
|
|
66
|
+
### Added
|
|
67
|
+
|
|
68
|
+
- **`dto-strict loc-cap` subcommand - per-file LOC-cap ratchet enforcer** - New CLI subcommand for enforcing line-of-code limits on Python files with configurable hard/soft caps and baseline-driven ratcheting. Ported from the per-repo `check_loc_cap.py` pattern into dto-strict's unified command surface.
|
|
69
|
+
- **Hard cap** (default: 694 LOC) - fails the check if any file exceeds this limit (NEW offenders fail immediately; baselined files that grew also fail).
|
|
70
|
+
- **Soft target** (default: 500 LOC) - warnings for files exceeding soft target but under hard cap (suggest decomposition).
|
|
71
|
+
- **Ratchet baseline** (via `--baseline .loc-cap-baseline.txt` or config `[tool.dto-strict.loc-cap].baseline_file`) - baselined files cannot exceed their recorded LOC; improvements are allowed.
|
|
72
|
+
- **Generate baseline** (via `--generate-baseline`) - outputs baseline in `path:loc` format (sorted by LOC descending) for capture into version control.
|
|
73
|
+
- CLI flags: `--hard-cap`, `--soft-target`, `--baseline`, `--generate-baseline`, `--config` (pyproject.toml path).
|
|
74
|
+
- Pyproject config section: `[tool.dto-strict.loc-cap]` with keys `hard_cap`, `soft_target`, `baseline_file` (CLI flags take precedence).
|
|
75
|
+
- Exclusion patterns: `migrations`, `management/commands` (hardcoded, Django-scoped).
|
|
76
|
+
- Exit code: 0 for pass (soft warnings allowed), 1 for hard violations.
|
|
77
|
+
|
|
78
|
+
### Changed
|
|
79
|
+
|
|
80
|
+
- **CLI now dispatches on subcommand**: `sys.argv[1] == "loc-cap"` routes to `handle_loc_cap()` before standard argparse. Bare `dto-strict <path>` DTO-discipline lint is unchanged (backcompat preserved).
|
|
81
|
+
- **Added tomli backport dependency** for Python 3.10 (tomllib native in 3.11+), enabling pyproject.toml parsing for loc-cap config in both Python versions.
|
|
82
|
+
|
|
83
|
+
### Improved
|
|
84
|
+
|
|
85
|
+
- Configuration now loads `[tool.dto-strict.loc-cap]` section from pyproject.toml alongside existing `[tool.dto-strict]` linter options.
|
|
86
|
+
## [0.2.2] - 2026-05-22
|
|
87
|
+
|
|
88
|
+
### Fixed
|
|
89
|
+
|
|
90
|
+
- **R002 no longer false-positives on annotated module-level / class-level constants** - Typed static data declarations like `DISPLAY_LABELS: dict[str, str] = {...}` are now correctly skipped. The explicit type annotation signals intent ("this is typed static data") distinct from R002's actual target ("inline dict literal as business shape in service code"). Now R002 skips:
|
|
91
|
+
- `ast.AnnAssign` at module scope (module-level typed constants)
|
|
92
|
+
- `ast.AnnAssign` inside class body (class-level typed constants)
|
|
93
|
+
|
|
94
|
+
Still flags:
|
|
95
|
+
- `ast.Assign` without annotation at module scope (ambiguous intent)
|
|
96
|
+
- Inline dict literals inside function bodies (original intent)
|
|
97
|
+
Regression tests added in `tests/test_r002_annotated_constants.py`.
|
|
98
|
+
|
|
99
|
+
- **Noqa suppression now correctly handles em-dashes and multi-line dicts** - v0.2.1's `has_noqa_comment` was broken for explanations using em-dashes (-) instead of hyphens (-). The function only stripped trailing hyphens (`-`), causing specs like `"dto-strict-R002 - explanation"` to remain unmatched. Now handles all dash variants: `-`, `–`, `-`. Additionally clarified that multi-line dict noqa comments must be on the opening brace line (ast node's `lineno`). Test suite `tests/test_noqa_r002.py` covers 7 scenarios: trailing-hyphen, trailing-emdash, opening-brace, no-noqa, wrong-rule, bare-noqa, and before-line (should NOT suppress).
|
|
100
|
+
|
|
101
|
+
|
|
102
|
+
## [0.2.1] - 2026-05-21
|
|
103
|
+
|
|
104
|
+
### Fixed
|
|
105
|
+
|
|
106
|
+
- **`has_noqa_comment` is now implemented** - Previously a stub returning False, suppression via `# noqa: dto-strict-RXXX` comments was silently broken. Now properly parses and recognizes:
|
|
107
|
+
- `# noqa` (suppresses all rules)
|
|
108
|
+
- `# noqa: dto-strict` (suppresses all dto-strict rules)
|
|
109
|
+
- `# noqa: dto-strict-R001` (suppresses specific rule)
|
|
110
|
+
- `# noqa: dto-strict-R001, dto-strict-R002` (suppresses multiple rules)
|
|
111
|
+
All checkers now honor suppression comments.
|
|
112
|
+
|
|
113
|
+
### Documentation
|
|
114
|
+
|
|
115
|
+
- **Clarified R003 canonical-pivot wording** - Description now explicitly states "Flag `repr=False` in dataclasses (v0.2 canonical: plain `@dataclass(frozen=True, slots=True)` without `repr=False`)", making the v0.2 shift from v0.1 explicit.
|
|
116
|
+
- **Added "PHI / Sensitive Data Handling (Pattern 1)" section** - Explains the intentional move from blanket `repr=False` to explicit `__repr__` overrides on sensitive DTOs. Includes healthcare/HIPAA context and example code for masking PII fields.
|
|
117
|
+
- **Added "Suppressing Violations" section** - Documents the now-functional `# noqa: dto-strict-RXXX` syntax with practical examples.
|
|
118
|
+
- **Mentioned healthcare/HIPAA use case in "Why dto-strict?"** - Added context on why DTO discipline is critical in regulated healthcare systems managing patient records and compliance documents.
|
|
119
|
+
|
|
120
|
+
## [0.2.0] - 2026-05-13
|
|
121
|
+
|
|
122
|
+
### Added
|
|
123
|
+
|
|
124
|
+
- **Issue #1 - R004 auto-detect class-method-wrapping pattern**: R004 now auto-detects when module-level functions delegate to class methods, reducing false positives. Functions that exclusively wrap class methods (e.g., `return _service.method(...)` or `return ClassName.method(...)`) no longer require exception tags. Exception tags still work as override.
|
|
125
|
+
|
|
126
|
+
- **Issue #2 - R002 configurable min_dict_keys threshold**: R002 now supports a configurable `min_dict_keys` setting (default: 3). This allows teams to enforce stricter or looser inline dict literal thresholds. Configure in `pyproject.toml`:
|
|
127
|
+
```toml
|
|
128
|
+
[tool.dto-strict]
|
|
129
|
+
min_dict_keys = 2 # Flag dicts with 2+ keys instead of 3+
|
|
130
|
+
```
|
|
131
|
+
|
|
132
|
+
- **Issue #3 - R003 strict/relaxed modes for frozen+slots+repr=False trio**: R003 now supports `r003_strict_repr` mode (default: true in canonical mode).
|
|
133
|
+
- **Strict mode** (default): `repr=False` is flagged as anti-canonical. Canonical pattern is `@dataclass(frozen=True, slots=True)` WITHOUT `repr=False`.
|
|
134
|
+
- **Relaxed mode**: Only checks for `frozen=True, slots=True`; ignores `repr=False` (useful for gradual migrations). Configure:
|
|
135
|
+
```toml
|
|
136
|
+
[tool.dto-strict]
|
|
137
|
+
r003_strict_repr = false # Enable relaxed mode
|
|
138
|
+
```
|
|
139
|
+
|
|
140
|
+
- **Issue #4 - Baseline ratchet-from-baseline mode**: New `--generate-baseline` and `--baseline` CLI flags enable "technical debt ratcheting":
|
|
141
|
+
- `dto-strict apps/ --generate-baseline > .dto-strict-baseline.json` - Capture current violations as accepted debt.
|
|
142
|
+
- `dto-strict apps/ --baseline .dto-strict-baseline.json` - Subsequent runs accept baseline violations; new violations trigger failure (exit 1).
|
|
143
|
+
- Baseline entries are hashed by file + line + rule_id for stability against message wording changes.
|
|
144
|
+
|
|
145
|
+
### Changed
|
|
146
|
+
|
|
147
|
+
- R003 canonical mode now defaults to `r003_strict_repr=true`, treating `repr=False` as anti-canonical and flagging it for removal.
|
|
148
|
+
- CLI argument `path` now optional when using `--generate-baseline` (path is required for normal linting).
|
|
149
|
+
|
|
150
|
+
### Improved
|
|
151
|
+
|
|
152
|
+
- Configuration loading now supports `min_dict_keys` and `r003_strict_repr` options in `[tool.dto-strict]` section of `pyproject.toml`.
|
|
153
|
+
|
|
154
|
+
### Bug Fixes
|
|
155
|
+
|
|
156
|
+
- None in v0.2.0.
|
|
157
|
+
|
|
158
|
+
## [0.1.0] - Earlier Versions
|
|
159
|
+
|
|
160
|
+
See git history for prior releases.
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
# Code of Conduct
|
|
2
|
+
|
|
3
|
+
## Our Commitment
|
|
4
|
+
|
|
5
|
+
We are committed to providing a welcoming and inclusive environment for all contributors. We pledge to make participation in this community a harassment-free experience regardless of age, body size, disability, ethnicity, gender identity, experience level, nationality, personal appearance, race, religion, sexual identity, or sexual orientation.
|
|
6
|
+
|
|
7
|
+
## Our Standards
|
|
8
|
+
|
|
9
|
+
Examples of behavior that contribute to creating a positive environment include:
|
|
10
|
+
|
|
11
|
+
- Using welcoming and inclusive language
|
|
12
|
+
- Being respectful of differing opinions, viewpoints, and experiences
|
|
13
|
+
- Gracefully accepting constructive criticism
|
|
14
|
+
- Focusing on what is best for the community
|
|
15
|
+
- Showing empathy towards other community members
|
|
16
|
+
|
|
17
|
+
Examples of unacceptable behavior include:
|
|
18
|
+
|
|
19
|
+
- Harassment or discrimination of any kind
|
|
20
|
+
- Offensive comments related to protected characteristics
|
|
21
|
+
- Trolling, insulting comments, or personal attacks
|
|
22
|
+
- Public or private harassment
|
|
23
|
+
- Publishing others' private information without consent
|
|
24
|
+
- Other conduct which could reasonably be considered inappropriate in a professional setting
|
|
25
|
+
|
|
26
|
+
## Enforcement
|
|
27
|
+
|
|
28
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the maintainers. All complaints will be reviewed and investigated.
|
|
29
|
+
|
|
30
|
+
The project maintainers are obligated to maintain confidentiality with regard to the reporter of an incident.
|
|
31
|
+
|
|
32
|
+
## Attribution
|
|
33
|
+
|
|
34
|
+
This Code of Conduct is adapted from the Contributor Covenant, available at [https://www.contributor-covenant.org](https://www.contributor-covenant.org).
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
# Contributing
|
|
2
|
+
|
|
3
|
+
Issues and pull requests welcome. Please include fixtures (good and bad examples) for new rules.
|
|
4
|
+
|
|
5
|
+
When submitting a fix or feature:
|
|
6
|
+
|
|
7
|
+
1. Ensure all tests pass: `python3.12 -m pytest tests/ -q`
|
|
8
|
+
2. Format code: `ruff format src/ tests/`
|
|
9
|
+
3. Lint code: `ruff check src/ tests/` and `dto-strict src/`
|
|
10
|
+
4. Update CHANGELOG.md with your changes under an [Unreleased] section
|
|
11
|
+
|
|
12
|
+
## Development Setup
|
|
13
|
+
|
|
14
|
+
```bash
|
|
15
|
+
git clone https://github.com/jekhator/dto-strict.git
|
|
16
|
+
cd dto-strict
|
|
17
|
+
python3.12 -m venv .venv
|
|
18
|
+
source .venv/bin/activate
|
|
19
|
+
pip install -e ".[dev]"
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
## Running Tests
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
python3.12 -m pytest tests/ -v
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
## License
|
|
29
|
+
|
|
30
|
+
All contributions are licensed under the Apache License 2.0. See LICENSE for details.
|
|
@@ -0,0 +1,201 @@
|
|
|
1
|
+
Apache License
|
|
2
|
+
Version 2.0, January 2004
|
|
3
|
+
http://www.apache.org/licenses/
|
|
4
|
+
|
|
5
|
+
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
|
6
|
+
|
|
7
|
+
1. Definitions.
|
|
8
|
+
|
|
9
|
+
"License" shall mean the terms and conditions for use, reproduction,
|
|
10
|
+
and distribution as defined by Sections 1 through 9 of this document.
|
|
11
|
+
|
|
12
|
+
"Licensor" shall mean the copyright owner or entity authorized by
|
|
13
|
+
the copyright owner that is granting the License.
|
|
14
|
+
|
|
15
|
+
"Legal Entity" shall mean the union of the acting entity and all
|
|
16
|
+
other entities that control, are controlled by, or are under common
|
|
17
|
+
control with that entity. For the purposes of this definition,
|
|
18
|
+
"control" means (i) the power, direct or indirect, to cause the
|
|
19
|
+
direction or management of such entity, whether by contract or
|
|
20
|
+
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
|
21
|
+
outstanding shares, or (iii) beneficial ownership of such entity.
|
|
22
|
+
|
|
23
|
+
"You" (or "Your") shall mean an individual or Legal Entity
|
|
24
|
+
exercising permissions granted by this License.
|
|
25
|
+
|
|
26
|
+
"Source" form shall mean the preferred form for making modifications,
|
|
27
|
+
including but not limited to software source code, documentation
|
|
28
|
+
source, and configuration files.
|
|
29
|
+
|
|
30
|
+
"Object" form shall mean any form resulting from mechanical
|
|
31
|
+
transformation of a Source form, including but not limited to
|
|
32
|
+
compiled object code, generated documentation, conversions to other
|
|
33
|
+
media types.
|
|
34
|
+
|
|
35
|
+
"Work" shall mean the work of authorship, whether in Source or
|
|
36
|
+
Object form, made available under the License, as indicated by a
|
|
37
|
+
copyright notice that is included in or attached to the work
|
|
38
|
+
(an example is provided in the Appendix below).
|
|
39
|
+
|
|
40
|
+
"Derivative Works" shall mean any work, whether in Source or Object
|
|
41
|
+
form, that is based on (or derived from) the Work for which the
|
|
42
|
+
editorial revisions, annotations, elaborations, or other modifications
|
|
43
|
+
represent, as a whole, an original work of authorship. For the purposes
|
|
44
|
+
of this License, Derivative Works shall not include works that remain
|
|
45
|
+
separable from, or merely link (or bind by name) to the interfaces of,
|
|
46
|
+
the Work and Derivative Works thereof.
|
|
47
|
+
|
|
48
|
+
"Contribution" shall mean any work of authorship, including
|
|
49
|
+
the original version of the Work and any modifications or additions
|
|
50
|
+
to that Work or Derivative Works thereof, that is intentionally
|
|
51
|
+
submitted to Licensor for inclusion in the Work by the copyright owner
|
|
52
|
+
or by an individual or Legal Entity authorized to submit on behalf of
|
|
53
|
+
the copyright owner. For the purposes of this definition, "submitted"
|
|
54
|
+
means any form of electronic, verbal, or written communication sent
|
|
55
|
+
to the Licensor or its representatives, including but not limited to
|
|
56
|
+
communication on electronic mailing lists, source code control systems,
|
|
57
|
+
and issue tracking systems that are managed by, or on behalf of, the
|
|
58
|
+
Licensor for the purpose of discussing and improving the Work, but
|
|
59
|
+
excluding communication that is conspicuously marked or otherwise
|
|
60
|
+
designated in writing by the copyright owner as "Not a Contribution."
|
|
61
|
+
|
|
62
|
+
"Contributor" shall mean Licensor and any individual or Legal Entity
|
|
63
|
+
on behalf of whom a Contribution has been received by Licensor and
|
|
64
|
+
subsequently incorporated within the Work.
|
|
65
|
+
|
|
66
|
+
2. Grant of Copyright License. Subject to the terms and conditions of
|
|
67
|
+
this License, each Contributor grants to You a perpetual,
|
|
68
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
|
69
|
+
copyright license to reproduce, prepare Derivative Works of,
|
|
70
|
+
publicly display, publicly perform, sublicense, and distribute the
|
|
71
|
+
Work and its Derivative Works in Source or Object form.
|
|
72
|
+
|
|
73
|
+
3. Grant of Patent License. Subject to the terms and conditions of
|
|
74
|
+
this License, each Contributor grants to You a perpetual,
|
|
75
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
|
76
|
+
(except as stated in this section) patent license to make, have made,
|
|
77
|
+
use, offer to sell, sell, import, and otherwise transfer the Work,
|
|
78
|
+
where such license applies only to those patent claims licensable
|
|
79
|
+
by such Contributor that are necessarily infringed by their
|
|
80
|
+
Contribution(s) alone or by combination of their Contribution(s)
|
|
81
|
+
with the Work to which such Contribution(s) was submitted. If You
|
|
82
|
+
institute patent litigation against any entity (including a
|
|
83
|
+
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
|
84
|
+
or a Contribution incorporated within the Work constitutes direct
|
|
85
|
+
or contributory patent infringement, then any patent licenses
|
|
86
|
+
granted to You under this License for that Work shall terminate
|
|
87
|
+
as of the date such litigation is filed.
|
|
88
|
+
|
|
89
|
+
4. Redistribution. You may reproduce and distribute copies of the
|
|
90
|
+
Work or Derivative Works thereof in any medium, with or without
|
|
91
|
+
modifications, and in Source or Object form, provided that You
|
|
92
|
+
meet the following conditions:
|
|
93
|
+
|
|
94
|
+
(a) You must give to any other recipients of the Work or
|
|
95
|
+
Derivative Works a copy of this License; and
|
|
96
|
+
|
|
97
|
+
(b) You must cause any modified files to carry prominent notices
|
|
98
|
+
stating that You changed the files; and
|
|
99
|
+
|
|
100
|
+
(c) You must retain, in the Source form of any Derivative Works
|
|
101
|
+
that You distribute, all copyright, trademark, and
|
|
102
|
+
attribution notices from the Source form of the Work,
|
|
103
|
+
excluding those notices that do not pertain to any part of
|
|
104
|
+
the Derivative Works; and
|
|
105
|
+
|
|
106
|
+
(d) If the Work includes a "NOTICE" text file as part of its
|
|
107
|
+
distribution, then any Derivative Works that You distribute must
|
|
108
|
+
include a readable copy of the attribution notices contained
|
|
109
|
+
within such NOTICE file, excluding those notices that do not
|
|
110
|
+
pertain to any part of the Derivative Works, in at least one
|
|
111
|
+
of the following places: within a NOTICE text file distributed
|
|
112
|
+
as part of the Derivative Works; within the Source form or
|
|
113
|
+
documentation, if provided along with the Derivative Works; or,
|
|
114
|
+
within a display generated by the Derivative Works, if and
|
|
115
|
+
wherever such third-party notices normally appear. The contents
|
|
116
|
+
of the NOTICE file are for informational purposes only and
|
|
117
|
+
do not modify the License. You may add Your own attribution
|
|
118
|
+
notices within Derivative Works that You distribute, alongside
|
|
119
|
+
or as an addendum to the NOTICE text from the Work, provided
|
|
120
|
+
that such additional attribution notices cannot be construed
|
|
121
|
+
as modifying the License.
|
|
122
|
+
|
|
123
|
+
You may add Your own copyright statement to Your modifications and
|
|
124
|
+
may provide additional or different license terms and conditions
|
|
125
|
+
for use, reproduction, or distribution of Your modifications, or
|
|
126
|
+
for any such Derivative Works as a whole, provided Your use,
|
|
127
|
+
reproduction, and distribution of the Work otherwise complies with
|
|
128
|
+
the conditions stated in this License.
|
|
129
|
+
|
|
130
|
+
5. Submission of Contributions. Unless You explicitly state otherwise,
|
|
131
|
+
any Contribution intentionally submitted for inclusion in the Work
|
|
132
|
+
by You to the Licensor shall be under the terms and conditions of
|
|
133
|
+
this License, without any additional terms or conditions.
|
|
134
|
+
Notwithstanding the above, nothing herein shall supersede or modify
|
|
135
|
+
the terms of any separate license agreement you may have executed
|
|
136
|
+
with Licensor regarding such Contributions.
|
|
137
|
+
|
|
138
|
+
6. Trademarks. This License does not grant permission to use the trade
|
|
139
|
+
names, trademarks, service marks, or product names of the Licensor,
|
|
140
|
+
except as required for reasonable and customary use in describing the
|
|
141
|
+
origin of the Work and reproducing the content of the NOTICE file.
|
|
142
|
+
|
|
143
|
+
7. Disclaimer of Warranty. Unless required by applicable law or
|
|
144
|
+
agreed to in writing, Licensor provides the Work (each
|
|
145
|
+
Contributor provides its Contributions) on an "AS IS" BASIS,
|
|
146
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
147
|
+
implied, including, without limitation, any warranties or conditions
|
|
148
|
+
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
|
149
|
+
PARTICULAR PURPOSE. You are solely responsible for determining the
|
|
150
|
+
appropriateness of using or redistributing the Work and assume any
|
|
151
|
+
risks associated with Your exercise of permissions under this License.
|
|
152
|
+
|
|
153
|
+
8. Limitation of Liability. In no event and under no legal theory,
|
|
154
|
+
whether in tort (including negligence), contract, or otherwise,
|
|
155
|
+
unless required by applicable law (such as deliberate and grossly
|
|
156
|
+
negligent acts) or agreed to in writing, shall any Contributor be
|
|
157
|
+
liable to You for damages, including any direct, indirect, special,
|
|
158
|
+
incidental, or consequential damages of any character arising as a
|
|
159
|
+
result of this License or out of the use or inability to use the
|
|
160
|
+
Work (including but not limited to damages for loss of goodwill,
|
|
161
|
+
work stoppage, computer failure or malfunction, or any and all
|
|
162
|
+
other commercial damages or losses), even if any Contributor
|
|
163
|
+
has been advised of the possibility of such damages.
|
|
164
|
+
|
|
165
|
+
9. Accepting Warranty or Additional Liability. While redistributing
|
|
166
|
+
the Work or Derivative Works thereof, You may choose to offer,
|
|
167
|
+
and charge a fee for, acceptance of support, warranty, indemnity,
|
|
168
|
+
or other liability obligations and/or rights consistent with this
|
|
169
|
+
License. However, in accepting such obligations, You may act only
|
|
170
|
+
on Your own behalf and on Your sole responsibility, not on behalf
|
|
171
|
+
of any other Contributor, and only if You agree to indemnify,
|
|
172
|
+
defend, and hold each Contributor harmless for any liability
|
|
173
|
+
incurred by, or claims asserted against, such Contributor by reason
|
|
174
|
+
of your accepting any such warranty or additional liability.
|
|
175
|
+
|
|
176
|
+
END OF TERMS AND CONDITIONS
|
|
177
|
+
|
|
178
|
+
APPENDIX: How to apply the Apache License to your work.
|
|
179
|
+
|
|
180
|
+
To apply the Apache License to your work, attach the following
|
|
181
|
+
boilerplate notice, with the fields enclosed by brackets "[]"
|
|
182
|
+
replaced with your own identifying information. (Don't include
|
|
183
|
+
the brackets!) The text should be enclosed in the appropriate
|
|
184
|
+
comment syntax for the file type. We also recommend that a
|
|
185
|
+
file or class name and description of purpose be included on the
|
|
186
|
+
same "printed page" as the copyright notice for easier
|
|
187
|
+
identification within third-party archives.
|
|
188
|
+
|
|
189
|
+
Copyright 2026 James Ekhator
|
|
190
|
+
|
|
191
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
|
192
|
+
you may not use this file except in compliance with the License.
|
|
193
|
+
You may obtain a copy of the License at
|
|
194
|
+
|
|
195
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
|
196
|
+
|
|
197
|
+
Unless required by applicable law or agreed to in writing, software
|
|
198
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
|
199
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
200
|
+
See the License for the specific language governing permissions and
|
|
201
|
+
limitations under the License.
|