| repos: | |
| # 1️⃣ Commit message enforcement (Conventional Commits) | |
| - repo: https://github.com/commitizen-tools/commitizen | |
| rev: v4.8.3 | |
| hooks: | |
| - id: commitizen | |
| language_version: "python3.12" | |
| stages: ["commit-msg"] | |
| # 2️⃣ General file hygiene & oops prevention | |
| - repo: https://github.com/pre-commit/pre-commit-hooks | |
| rev: v5.0.0 | |
| hooks: | |
| - id: trailing-whitespace # Remove trailing spaces | |
| - id: end-of-file-fixer # Ensure single newline at EOF | |
| - id: check-yaml # Validate YAML syntax | |
| - id: check-added-large-files # Prevent committing huge files | |
| - id: check-merge-conflict # Prevent unresolved merge conflicts | |
| - id: debug-statements # Detect print() & pdb.set_trace() | |
| # 3️⃣ Python linting & formatting (Ruff) | |
| - repo: https://github.com/astral-sh/ruff-pre-commit | |
| rev: v0.12.8 | |
| hooks: | |
| - id: ruff | |
| args: [--fix] # Auto-fix lint issues | |
| - id: ruff-format # Format code | |
| # 4️⃣ Static type checking | |
| - repo: https://github.com/pre-commit/mirrors-mypy | |
| rev: v1.17.1 | |
| hooks: | |
| - id: mypy | |
| # 5️⃣ Security scanning (Bandit for Python) | |
| - repo: https://github.com/PyCQA/bandit | |
| rev: 1.8.6 | |
| hooks: | |
| - id: bandit | |
| args: ["-ll"] # Run in high severity mode | |
| # 6️⃣ Secret detection (detect-secrets) | |
| - repo: https://github.com/Yelp/detect-secrets | |
| rev: v1.5.0 | |
| hooks: | |
| - id: detect-secrets | |
| args: ["--baseline", "linter/.secrets.baseline"] | |
| default_language_version: | |
| python: python3 | |
| # Top-level global settings | |
| exclude: '.*\.csv$' # | |