sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
861 Commits 1 Branch 0 Tags
eaab47f2f82aac87cf09795654df8d92e002b61e
Commit Graph

5 Commits

Author SHA1 Message Date
Samir Boulahtit
eaab47f2f8 fix: eliminate all 1600 SEC-015 security info findings 
Add safe-pattern exceptions to the x-html check in validate_security.py
for $icon(), $store methods, and window.icons lookups. Suppress remaining
8 legitimate x-html uses (admin-authored content, app-controlled JS) with
noqa comments. Security validator now reports 0 errors, 0 warnings, 0 info.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 18:02:59 +01:00
Samir Boulahtit
1b8a40f1ff feat(validators): add noqa suppression support to security and performance validators
All checks were successful
CI / dependency-scanning (push) Successful in 27s
Details
CI / docs (push) Successful in 35s
Details
CI / ruff (push) Successful in 8s
Details
CI / pytest (push) Successful in 34m22s
Details
CI / validate (push) Successful in 19s
Details
CI / deploy (push) Successful in 2m25s
Details 
- Add centralized _is_noqa_suppressed() to BaseValidator with normalization
  (accepts both SEC001 and SEC-001 formats for ruff compatibility)
- Wire noqa support into all 21 security and 18 performance check functions
- Add ruff external config for SEC/PERF/MOD/EXC codes in pyproject.toml
- Convert all 280 Python noqa comments to dashless format (ruff-compatible)
- Add site/ to IGNORE_PATTERNS (excludes mkdocs build output)
- Suppress 152 false positive findings (test passwords, seed data, validator
  self-references, Apple Wallet SHA1, etc.)
- Security: 79 errors → 0, 60 warnings → 0
- Performance: 80 warnings → 77 (3 test script suppressions)
- Add proposal doc with noqa inventory and remaining findings recommendations

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-14 22:56:56 +01:00
Samir Boulahtit
688896d856 fix: add .dockerignore and env_file to docker-compose
Some checks failed
CI / ruff (push) Successful in 9s
Details
CI / architecture (push) Has been cancelled
Details
CI / dependency-scanning (push) Has been cancelled
Details
CI / audit (push) Has been cancelled
Details
CI / docs (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details
CI / pytest (push) Has been cancelled
Details 
Prevents .env from being baked into Docker image (was overriding
config defaults). Adds env_file directive so containers load host
.env properly.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-14 20:01:21 +01:00
Samir Boulahtit
f20266167d fix(lint): auto-fix ruff violations and tune lint rules
Some checks failed
CI / ruff (push) Failing after 7s
Details
CI / pytest (push) Failing after 1s
Details
CI / architecture (push) Failing after 9s
Details
CI / dependency-scanning (push) Successful in 27s
Details
CI / audit (push) Successful in 8s
Details
CI / docs (push) Has been skipped
Details 
- Auto-fixed 4,496 lint issues (import sorting, modern syntax, etc.)
- Added ignore rules for patterns intentional in this codebase:
  E402 (late imports), E712 (SQLAlchemy filters), B904 (raise from),
  SIM108/SIM105/SIM117 (readability preferences)
- Added per-file ignores for tests and scripts
- Excluded broken scripts/rename_terminology.py (has curly quotes)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-12 23:10:42 +01:00
Samir Boulahtit
7a9dda282d refactor(scripts): reorganize scripts/ into seed/ and validate/ subfolders 
Move 9 init/seed scripts into scripts/seed/ and 7 validation scripts
(+ validators/ subfolder) into scripts/validate/ to reduce clutter in
the root scripts/ directory. Update all references across Makefile,
CI/CD configs, pre-commit hooks, docs (~40 files), and Python imports.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-09 21:35:53 +01:00