🔨 tighten typing and test readiness

Author: Miyamura80

.github/dependabot.yml

@@ -0,0 +1,12 @@
+version: 2
+updates:
+  - package-ecosystem: "uv"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5

.github/workflows/test.yml

@@ -0,0 +1,22 @@
+name: Test
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v3
+      - name: Sync dependencies
+        run: uv sync
+      - name: Run tests
+        run: uv run pytest -n auto --durations=10 tests/

SECURITY.md

@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+Security updates apply to the latest version on the main branch.
+
+## Reporting a Vulnerability
+
+If you discover a security issue, please use one of the following:
+
+1) Open a private GitHub Security Advisory for this repository.
+2) If advisories are unavailable, open a regular issue with minimal details and request a private channel.
+
+Please include a clear description, steps to reproduce, and any known impact.

docs/privacy.md

@@ -0,0 +1,23 @@
+# Privacy and Data Handling
+
+This repository is a template and does not include production data collection by default. If you add data handling to your implementation, follow these guidelines.
+
+## Data Minimization
+
+- Collect only what you need.
+- Avoid storing sensitive data unless required.
+
+## Secrets and Credentials
+
+- Store secrets in `.env` (or a secrets manager), never in code.
+- Do not log API keys, tokens, or user identifiers.
+
+## Logging
+
+- Treat logs as sensitive.
+- Redact or hash identifiers before logging.
+
+## Third-Party Services
+
+- Document any external processors and what data they receive.
+- Ensure their retention and deletion policies match your requirements.

docs/privacy/README.md

@@ -0,0 +1,23 @@
+# Privacy and Data Handling
+
+This repository is a template and does not include production data collection by default. If you add data handling to your implementation, follow these guidelines.
+
+## Data Minimization
+
+- Collect only what you need.
+- Avoid storing sensitive data unless required.
+
+## Secrets and Credentials
+
+- Store secrets in `.env` (or a secrets manager), never in code.
+- Do not log API keys, tokens, or user identifiers.
+
+## Logging
+
+- Treat logs as sensitive.
+- Redact or hash identifiers before logging.
+
+## Third-Party Services
+
+- Document any external processors and what data they receive.
+- Ensure their retention and deletion policies match your requirements.

pyproject.toml

@@ -11,6 +11,7 @@ dependencies = [
     "python-dotenv>=1.0.1",
     "human-id>=0.2.0",
     "pytest>=8.3.3",
+    "pytest-xdist>=3.6.1",
     "termcolor>=2.4.0",
     "loguru>=0.7.3",
     "vulture>=2.14",
@@ -47,6 +48,17 @@ target-version = "py312"
 select = ["E", "F", "W", "I", "N", "UP", "B", "C4", "SIM"]
 ignore = ["E501", "UP015", "B008"]
 
+[tool.ty]
+
+[tool.ty.analysis]
+respect-type-ignore-comments = false
+
+[tool.ty.rules]
+possibly-unresolved-reference = "error"
+
+[tool.ty.terminal]
+error-on-warning = true
+
 [tool.ty.environment]
 python-version = "3.12"
 

pytest.ini

@@ -3,7 +3,7 @@ markers =
     slow: marks tests as slow
     nondeterministic: marks tests as nondeterministic
     slow_and_nondeterministic: marks tests as both slow and nondeterministic
-addopts = --cov=src --cov=common --cov=utils --cov-report=term-missing --cov-fail-under=20
+addopts = -n auto --durations=10 --cov=src --cov=common --cov=utils --cov-report=term-missing --cov-fail-under=20
 env =
     DEV_ENV = dev
     OPENAI_API_KEY=test_api_key