jesus/prvng_platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
prvng_platform/.pre-commit-config.yaml

170 lines
6.2 KiB
YAML
Raw Normal View History

chore: update docs and layout
2026-01-12 05:02:07 +00:00
# Pre-commit Framework Configuration
# Generated by dev-system/ci
# Configures git pre-commit hooks for Rust + Markdown projects
repos:
# ============================================================================
# Rust Hooks (ACTIVE)
# ============================================================================
- repo: local
hooks:
- id: rust-fmt
name: Rust formatting (cargo +nightly fmt)
entry: bash -c 'cargo +nightly fmt --all -- --check'
language: system
types: [rust]
pass_filenames: false
stages: [pre-commit]
- id: rust-clippy
name: Rust linting (cargo clippy)
entry: bash -c 'cargo clippy --all-targets -- -D warnings'
language: system
types: [rust]
pass_filenames: false
stages: [pre-commit]
# NOTE: Disabled - cargo test blocks git push. Tests should run in CI/CD.
# - id: rust-test
# name: Rust tests
# entry: bash -c 'cargo test --workspace'
# language: system
# types: [rust]
# pass_filenames: false
# stages: [pre-push]
# NOTE: Disabled - cargo deny blocks git push. Should run in CI/CD.
# - id: cargo-deny
# name: Cargo deny (licenses & advisories)
# entry: bash -c 'cargo deny check licenses advisories'
# language: system
# pass_filenames: false
# stages: [pre-push]
feat(platform): control plane — NATS JetStream + SurrealDB + SOLID enforcement New crates - platform-nats: async_nats JetStream bridge; pull/push consumers, explicit ACK, subject prefixing under provisioning.>, 6 stream definitions on startup - platform-db: SurrealDB pool (embedded RocksDB solo, Surreal<Mem> tests, WebSocket server multi-user); migrate() with DEFINE TABLE IF NOT EXISTS DDL Service integrations - orchestrator: NATS pub on task state transitions, execution_logs → SurrealDB, webhook handler (HMAC-SHA256), AuditCollector (batch INSERT, 100-event/1s flush) - control-center: solo_auth_middleware (intentional bypass, --mode solo only), NATS session events, WebSocket bridge via JetStream subscription (no polling) - vault-service: NATS lease flow; credentials over HTTPS only (lease_id in NATS); SurrealDB storage backend with MVCC retry + exponential backoff - secretumvault: complete SurrealDB backend replacing HashMap; 9 unit + 19 integration tests - extension-registry: NATS lifecycle events, vault:// credential resolver with TTL cache, cache invalidation via provisioning.workspace.*.deploy.done Clippy workspace clean cargo clippy --workspace -- -D warnings: 0 errors Patterns fixed: derivable_impls (#[default] on enum variants), excessive_nesting (let-else, boolean arithmetic in retain, extracted helpers), io_error_other, redundant_closure, iter_kv_map, manual_range_contains, pathbuf_instead_of_path
2026-02-17 23:58:14 +00:00
# ============================================================================
# SOLID Architecture Boundary Enforcement
# ============================================================================
- repo: local
hooks:
- id: solid-boundary-check
name: SOLID Architecture Boundaries
entry: bash -c '
VIOLATIONS=$(git diff --cached --name-only --diff-filter=ACM |
grep -E "\.(nu|rs)$" |
grep -v "templates/" |
grep -v "extensions/providers/" |
grep -v "orchestrator/" |
xargs grep -lE "^\^hcloud|^\^aws |^\^doctl|hcloud server" 2>/dev/null |
grep -v "^$") ;
if [ -n "$VIOLATIONS" ]; then
echo "SOLID VIOLATION: Provider API calls outside orchestrator:";
echo "$VIOLATIONS";
exit 1;
fi ;
SSH_VIOLATIONS=$(git diff --cached --name-only --diff-filter=ACM |
grep -E "\.(rs)$" |
grep -E "control-center|vault-service" |
xargs grep -lE "ssh2?::|russh::" 2>/dev/null) ;
if [ -n "$SSH_VIOLATIONS" ]; then
echo "SOLID VIOLATION: SSH code outside orchestrator:";
echo "$SSH_VIOLATIONS";
exit 1;
fi
'
language: system
pass_filenames: false
stages: [pre-commit]
chore: fix tests
2026-01-17 04:01:34 +00:00
# ============================================================================
# Nushell Hooks (ACTIVE)
# ============================================================================
- repo: local
hooks:
- id: nushell-check
name: Nushell IDE Check (nu --ide-check)
chore: fix tests
2026-01-17 04:03:31 +00:00
entry: bash -c 'for f in $(git diff --cached --name-only | grep "\.nu$"); do nu --ide-check "$f" || exit 1; done'
chore: fix tests
2026-01-17 04:01:34 +00:00
language: system
files: \.nu$
pass_filenames: false
stages: [pre-commit]
# ============================================================================
chore: fix tests
2026-01-17 04:04:40 +00:00
# Bash Hooks (DISABLED)
chore: fix tests
2026-01-17 04:01:34 +00:00
# ============================================================================
chore: fix tests
2026-01-17 04:04:40 +00:00
# NOTE: Disabled - shellcheck-py v0.9.1.1 tag doesn't exist in upstream repo
# Re-enable when upstream releases a compatible version
# - repo: https://github.com/shellcheck-py/shellcheck-py
# rev: v0.9.1.1
# hooks:
# - id: shellcheck
# name: Bash linting (shellcheck)
# args: ['--severity=warning']
# stages: [pre-commit]
chore: fix tests
2026-01-17 04:01:34 +00:00
chore: fix docs
2026-01-14 03:20:59 +00:00
# ============================================================================
# Nickel Hooks (ACTIVE)
# ============================================================================
- repo: local
hooks:
- id: nickel-typecheck
name: Nickel type checking
entry: >-
bash -c 'export NICKEL_IMPORT_PATH="../:."; for f in $(git diff --cached --name-only --diff-filter=ACM | grep "\.ncl$"); do
echo "Checking: $f"; nickel typecheck "$f" || exit 1; done'
language: system
types: [file]
files: \.ncl$
pass_filenames: false
stages: [pre-commit]
chore: update docs and layout
2026-01-12 05:02:07 +00:00
# ============================================================================
# Markdown Hooks (ACTIVE)
# ============================================================================
- repo: local
hooks:
- id: markdownlint
name: Markdown linting (markdownlint-cli2)
entry: markdownlint-cli2
language: system
types: [markdown]
stages: [pre-commit]
chore: fix docs
2026-01-14 03:20:59 +00:00
# CRITICAL: markdownlint-cli2 MD040 only checks opening fences for language.
# It does NOT catch malformed closing fences (e.g., ```plaintext) - CommonMark violation.
# This hook is ESSENTIAL to prevent malformed closing fences from entering the repo.
# See: .markdownlint-cli2.jsonc line 22-24 for details.
- id: check-malformed-fences
name: Check malformed closing fences (CommonMark)
entry: bash -c 'nu ../scripts/check-malformed-fences.nu $(git diff --cached --name-only --diff-filter=ACM | grep "\.md$" | grep -v ".coder/" | grep -v ".claude/" | grep -v "old_config/" | tr "\n" " ")'
language: system
types: [markdown]
pass_filenames: false
stages: [pre-commit]
exclude: ^\.coder/|^\.claude/|^old_config/
chore: update docs and layout
2026-01-12 05:02:07 +00:00
# ============================================================================
# General Pre-commit Hooks
# ============================================================================
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
hooks:
- id: check-added-large-files
args: ['--maxkb=1000']
- id: check-case-conflict
- id: check-merge-conflict
- id: check-toml
- id: check-yaml
fix(docs): add language specifiers to code fences and fix formatting
2026-01-14 03:24:10 +00:00
args: ['--unsafe']
chore: update docs and layout
2026-01-12 05:02:07 +00:00
exclude: ^\.woodpecker/
- id: end-of-file-fixer
- id: trailing-whitespace
exclude: \.md$
- id: mixed-line-ending
Reference in New Issue Copy Permalink