Merge pull request #32 from IBM/add-precommit-llm-cleanup

Add pre-commit hooks for smartquote and llm cleanup

Author: crivetimihai

.env.ce.example

@@ -10,7 +10,7 @@
 # Region where your Code Engine project lives (e.g. us-south, eu-de, au-syd)
 IBMCLOUD_REGION=us-south
 
-# Resource group that owns the project (often “default”)
+# Resource group that owns the project (often "default")
 IBMCLOUD_RESOURCE_GROUP=default
 
 # Code Engine project name

.github/workflows/bandit.yml

@@ -27,7 +27,7 @@ jobs:
   bandit:
     permissions:
       contents: read # required by actions/checkout
-      security-events: write # upload SARIF to “Code scanning”
+      security-events: write # upload SARIF to "Code scanning"
       actions: read # needed only for private repos
 
     runs-on: ubuntu-latest

.github/workflows/dependency-review.yml

@@ -7,7 +7,7 @@
 #   • **Fails** when a change introduces either of the following:
 #       ↳ A vulnerability of severity ≥ MODERATE
 #       ↳ A dependency under a "strong-copyleft" license incompatible
-#         with this project’s Apache-2.0 license (see deny-list below)
+#         with this project's Apache-2.0 license (see deny-list below)
 #   • Uploads a SARIF report to "Security → Dependency review"
 #   • Adds (or overwrites) a comment on the PR **only on failure**
 #
@@ -66,7 +66,7 @@ jobs:
           # ───────── License policy ─────────
           # Hard-deny strong- or service-copyleft licenses that would
           # "infect" an Apache-2.0 project.  (LGPL/MPL/EPL are *not*
-          # listed — they’re weak/file-level copyleft.  Add them here
+          # listed — they're weak/file-level copyleft.  Add them here
           # if your org chooses to forbid them outright.)
           deny-licenses: >
             GPL-1.0, GPL-2.0, GPL-3.0,

.github/workflows/docker-image.yml

@@ -34,7 +34,7 @@ on:
 permissions:
   contents: read
   packages: write # push to ghcr.io via GITHUB_TOKEN
-  security-events: write # upload SARIF to “Code scanning”
+  security-events: write # upload SARIF to "Code scanning"
   actions: read # needed by upload-sarif in private repos
   id-token: write # required for OIDC token generation
 

.github/workflows/osv-scanner.yml.inactive

@@ -7,15 +7,15 @@
 #                   and fails only if the PR introduces *new* vulns.
 #   • **scan-scheduled** ─ Runs a full scan of the default branch
 #                   on pushes & weekly cron to catch newly-published CVEs.
-#   • Uploads SARIF results to “Security → Code scanning”.
+#   • Uploads SARIF results to "Security → Code scanning".
 #
 # Action reference:
 #   • Docs:  https://google.github.io/osv-scanner/github-action/
 #   • Repo:  https://github.com/google/osv-scanner-action  (Apache-2.0)
 #
 # Tips:
 #   • Ignore a CVE by creating .osv-scanner.toml or using --ignore-vuln.
-#   • Add “--skip-git” so the scan isn’t cluttered with .git metadata.
+#   • Add "--skip-git" so the scan isn't cluttered with .git metadata.
 # ===============================================================
 
 name: OSV-Scanner

.github/workflows/python-package.yml

@@ -35,9 +35,9 @@ jobs:
           python -m pip install --upgrade pip
           python -m pip install build   # PyPA-endorsed PEP 517 builder
 
-      # 4️⃣  Invoke the Makefile ‘dist’ target (creates ./dist/*.whl & *.tar.gz)
+      # 4️⃣  Invoke the Makefile 'dist' target (creates ./dist/*.whl & *.tar.gz)
       - name: Build distributions
-        run: make dist                 # Uses the Makefile’s `dist` rule
+        run: make dist                 # Uses the Makefile's `dist` rule
 
       # 5️⃣  Upload built artifacts so they can be downloaded from the run page
       - name: Upload distributions

.gitignore

@@ -165,7 +165,7 @@ venv.bak/
 .dmypy.json
 dmypy.json
 
-# others
+# others
 .pdm-build
 .vscode
 

.pre-commit-config.yaml

@@ -30,23 +30,92 @@ repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v5.0.0
     hooks:
-    #   - id: detect-aws-credentials
-    #     name: 🔐 Detect AWS Credentials
-    #     description: Detects *your* aws credentials from the aws cli credentials file.
-    #     types: [text]
+      #   - id: detect-aws-credentials
+      #     name: 🔐 Detect AWS Credentials
+      #     description: Detects *your* aws credentials from the aws cli credentials file.
+      #     types: [text]
 
       - id: detect-private-key
         name: 🔐 Detect Private Key
         description: Detects the presence of private keys.
         types: [text]
 
-#   - repo: https://github.com/Yelp/detect-secrets
-#     rev: v1.5.0
-#     hooks:
-#       - id: detect-secrets
-#         name: 🔐 Detect Secrets
-#         description: Detects secrets within a repository.
-#         args: ['--baseline', '.secrets.baseline']
+  #   - repo: https://github.com/Yelp/detect-secrets
+  #     rev: v1.5.0
+  #     hooks:
+  #       - id: detect-secrets
+  #         name: 🔐 Detect Secrets
+  #         description: Detects secrets within a repository.
+  #         args: ['--baseline', '.secrets.baseline']
+
+  # -----------------------------------------------------------------------------
+  # ❌ Forbid Specific AI / LLM Patterns
+  # -----------------------------------------------------------------------------
+  # This local hook checks for patterns that should not be committed.
+  # It aims to detect and prevent the inclusion of AI-generated content by
+  # identifying common artifacts associated with large language models (LLMs).
+  #
+  # Patterns checked include:
+  #   - `:contentReference`
+  #   - `[oaicite:??<digits>]` (e.g., `[oaicite:??12345]`)
+  #   - Common AI-generated phrases (e.g., "As an AI language model")
+  #   - Placeholder citations (e.g., "(Author, 2023)")
+  #   - Repetitive or generic phrases often produced by LLMs
+  # -----------------------------------------------------------------------------
+  - repo: local
+    hooks:
+      - id: forbid-specific-patterns
+        name: ❌ Forbid Specific AI / LLM Patterns
+        entry: >
+          bash -c '
+            # Succeed immediately if no files are passed
+            [ "$#" -eq 0 ] && exit 0
+
+            # Invert grep exit-code:
+            ! grep -rnE "(:contentReference|\[oaicite:\?\?\d*\]|As an AI language model|I am an AI developed by|This response was generated by|\(Author, [0-9]{4}\)|\(Source: [^)]+\)|In conclusion,|To summarize,|It is important to note that|Remember that|Keep in mind that)" \
+                --exclude-dir=.git \
+                --exclude-dir=node_modules \
+                --exclude-dir=.venv \
+                --exclude-dir=dist \
+                --exclude-dir=build \
+                --exclude-dir=__pycache__ \
+                --exclude=.pre-commit-config.yaml \
+                "$@"
+          '
+        language: system
+        pass_filenames: true
+        types: [text]
+        description: Prevents committing LLM artefacts like :contentReference, [oaicite], and common AI-generated phrases.
+
+  # -----------------------------------------------------------------------------
+  # 🔤 Unicode Text Normalization (via texthooks)
+  # -----------------------------------------------------------------------------
+  # A collection of hooks to clean up problematic Unicode characters:
+  #
+  # 📝 fix-smartquotes: Converts curly quotes (" " ' ') to standard ASCII quotes.
+  # 🔡 fix-ligatures: Replaces typographic ligatures (fi, ff) with ASCII equivalents.
+  # ␣ fix-spaces: Normalizes non-breaking and exotic spaces to regular spaces.
+  # 🚫 forbid-bidi-controls: Prevents Unicode BiDi control characters used to
+  #     obscure code logic or directionality.
+  #
+  # These prevent copy-paste artifacts, invisible formatting errors, and
+  # encoding bugs from creeping into the codebase.
+  # -----------------------------------------------------------------------------
+  - repo: https://github.com/sirosen/texthooks
+    rev: 0.6.8
+    hooks:
+      - id: fix-smartquotes
+        name: 📝 Normalize Smart Quotes
+        description: Replaces smart/curly quotes with standard ASCII quotes.
+      - id: fix-ligatures
+        name: 🔡 Normalize Ligatures
+        description: Replaces typographic ligatures with standard characters.
+      - id: fix-spaces
+        name: ␣ Normalize Unicode Spaces
+        description: Replaces non-breaking or exotic space characters with regular spaces.
+      - id: forbid-bidi-controls
+        name: 🚫 Forbid BiDi Unicode Controls
+        description: Prevents bidirectional control characters that can obscure code meaning.
 
   # -----------------------------------------------------------------------------
   # 🧹 Formatting Hooks (MODIFIES FILES)
@@ -73,7 +142,7 @@ repos:
 
       - id: fix-encoding-pragma
         name: 🧹 Fix Python Encoding Pragma
-        description: 'Adds # -*- coding: utf-8 -*- to the top of python files.'
+        description: "Adds # -*- coding: utf-8 -*- to the top of python files."
         types: [python]
 
       - id: mixed-line-ending
@@ -91,12 +160,12 @@ repos:
         name: 🧹 File Contents Sorter
         description: Sorts the lines in specified files (defaults to alphabetical).
         language: python
-        files: '^$'
+        files: "^$"
 
       - id: sort-simple-yaml
         name: 🧹 Sort Simple YAML Files
         description: Sorts simple YAML files which consist only of top-level keys.
-        files: '^$'
+        files: "^$"
 
   # Optional: Uncomment to enable Prettier formatting
   # - repo: https://github.com/pre-commit/mirrors-prettier
@@ -158,7 +227,7 @@ repos:
         name: ✅ Forbid Submodules
         description: Forbids any submodules in the repository.
         language: fail
-        entry: 'submodules are not allowed in this repository:'
+        entry: "submodules are not allowed in this repository:"
         types: [directory]
 
       - id: check-vcs-permalinks
@@ -199,14 +268,14 @@ repos:
       - id: yamllint
         name: ✅ YAMLlint - YAML Linter
         description: A linter for YAML files.
-        args: [ -c, .yamllint ]
+        args: [-c, .yamllint]
 
-#   - repo: https://github.com/igorshubovych/markdownlint-cli
-#     rev: v0.45.0
-#     hooks:
-#       - id: markdownlint
-#         name: ✅ Markdownlint - Markdown Linter
-#         description: A tool to check markdown files and flag style issues.
+  #   - repo: https://github.com/igorshubovych/markdownlint-cli
+  #     rev: v0.45.0
+  #     hooks:
+  #       - id: markdownlint
+  #         name: ✅ Markdownlint - Markdown Linter
+  #         description: A tool to check markdown files and flag style issues.
 
   # -----------------------------------------------------------------------------
   # 🐍 Python Code Quality Hooks (LINTING ONLY)
@@ -246,7 +315,7 @@ repos:
         description: Verifies test files in tests/ directories start with `test_`.
         language: python
         files: (^|/)tests/.+\.py$
-        args: [--pytest-test-first]    # `test_.*\.py`
+        args: [--pytest-test-first] # `test_.*\.py`
 
   # - repo: https://github.com/pycqa/flake8
   #   rev: 7.2.0

.pylintrc

@@ -619,8 +619,8 @@ signature-mutators=
 
 [VARIABLES]
 
-# List of additional names supposed to be defined in builtins. Remember that
-# you should avoid defining new builtins when possible.
+# List of additional names supposed to be defined in builtins.
+# You should avoid defining new builtins when possible.
 additional-builtins=
 
 # Tells whether unused global variables should be treated as a violation.

README.md

@@ -13,7 +13,7 @@ MCP Gateway builds on the MCP spec by sitting **in front of** MCP Server or REST
 
 * **Act as a true gateway**, centralizing tool, resource and prompt registries while preserving the official MCP 2025-03-26 protocol
 * **Federate** multiple MCP servers into one unified endpoint—auto-discover peers (mDNS or explicit), health-check them, and merge their capabilities
-* **Virtualize** non-MCP services as “virtual servers” so you can register any REST API or function endpoint and expose it under MCP semantics
+* **Virtualize** non-MCP services as "virtual servers" so you can register any REST API or function endpoint and expose it under MCP semantics
 * **Adapt** arbitrary REST/HTTP APIs into MCP tools with JSON-Schema input validation, retry/rate-limit policies and transparent JSON-RPC invocation
 * **Simplify** deployments with a full admin UI, rich transports, pre-built DX pipelines and production-grade observability
 
@@ -960,7 +960,7 @@ make lint            # Run lint tools
 ## API Documentation
 
 * **Swagger UI** → [http://localhost:4444/docs](http://localhost:4444/docs)
-* **ReDoc**    → [http://localhost:4444/redoc](http://localhost:4444/redoc)
+* **ReDoc**    → [http://localhost:4444/redoc](http://localhost:4444/redoc)
 * **Admin Panel** → [http://localhost:4444/admin](http://localhost:4444/admin)
 
 ---