From 2213b60e585e7d0dbf380406165132637c18258b Mon Sep 17 00:00:00 2001
From: emmanuelgjr <emmanuelgjr@gmail.com>
Date: Sun, 12 Apr 2026 23:14:17 -0400
Subject: [PATCH] feat(dev): add pre-commit hooks for code quality and security

Add .pre-commit-config.yaml with:
- pre-commit-hooks: trailing whitespace, end-of-file, YAML check,
  large files (500KB limit), merge conflict markers, debug statements
- ruff: linting with auto-fix and formatting
- bandit: security scanning (excludes tests)

Add ruff configuration to pyproject.toml with rules for pycodestyle,
pyflakes, isort, flake8-bugbear, and pyupgrade. Add bandit config
excluding test directory. Add pre-commit and bandit to dev dependencies.

Closes #51

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .pre-commit-config.yaml | 25 +++++++++++++++++++++++++
 pyproject.toml          | 29 ++++++++++++++++++++++++++++-
 2 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 .pre-commit-config.yaml

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..4638751
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,25 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+        args: ['--maxkb=500']
+      - id: check-merge-conflict
+      - id: debug-statements
+
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.11.6
+    hooks:
+      - id: ruff
+        args: [--fix]
+      - id: ruff-format
+
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.8.3
+    hooks:
+      - id: bandit
+        args: ["-c", "pyproject.toml"]
+        additional_dependencies: ["bandit[toml]"]
diff --git a/pyproject.toml b/pyproject.toml
index 468a424..e36073b 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -44,7 +44,9 @@ dev = [
     "pytest-cov>=4.0.0",
     "pytest-mock>=3.10.0",
     "ruff",
-    "gguf>=0.6.0"
+    "gguf>=0.6.0",
+    "pre-commit>=3.0.0",
+    "bandit[toml]>=1.7.0"
 ]
 
 [project.scripts]
@@ -69,6 +71,31 @@ pythonpath = [
     "."
 ]
 
+[tool.ruff]
+target-version = "py311"
+line-length = 120
+src = ["src", "tests"]
+
+[tool.ruff.lint]
+select = [
+    "E",    # pycodestyle errors
+    "W",    # pycodestyle warnings
+    "F",    # pyflakes
+    "I",    # isort
+    "B",    # flake8-bugbear
+    "UP",   # pyupgrade
+]
+ignore = [
+    "E501",  # line too long (handled by formatter)
+]
+
+[tool.ruff.lint.isort]
+known-first-party = ["src"]
+
+[tool.bandit]
+exclude_dirs = ["tests"]
+skips = ["B101"]  # allow assert in tests
+
 [dependency-groups]
 dev = [
     "gguf>=0.6.0",