2026 update

Author: Ron-Leizrowice

.cursor/rules/python.mdc

@@ -28,31 +28,32 @@ jobs:
 
       # --- Python toolchain (uv) ---
       - name: Setup uv
-        uses: astral-sh/setup-uv@v6
+        uses: astral-sh/setup-uv@v7
         with:
           enable-cache: true
 
       - name: Sync dependencies and check uv lockfile is up to date
         run: uv sync --dev --locked
 
-      # --- Quality: lint, format, type-checking, unused deps ---
+      # --- Dependency Checks ---
+      - name: Check for unused dependencies (Deptry)
+        run: uv run --locked deptry .
+        continue-on-error: true
+
+      # --- Quality: lint, format, type-checking ---
+      - name: Pyproject formatting
+        run: uv run pyproject-fmt pyproject.toml
+
       - name: Ruff format
         run: uv run ruff format . --check --diff
 
       - name: Ruff check
         run: uv run ruff check . --diff
 
-      - name: Type checking (Pyrefly)
-        run: uv run pyrefly check .
-
       - name: Type checking (Ty)
         run: uv run ty check .
-        continue-on-error: true
-
-      - name: Unused dependencies (Deptry)
-        run: uv run deptry .
 
       # --- Tests ---
       - name: Unit tests (PyTest)
         run: |
-          uv run pytest -v --tb=short -n auto
+          uv run pytest -v --tb=short

.github/workflows/ci-checks.yml

@@ -1,4 +1,3 @@
-
 .venv
 __pycache__/
 .ruff_cache/
@@ -8,4 +7,4 @@ __pycache__/
 .cache
 .wandb
 .env
-data.csv
+.vscode

.gitignore

@@ -0,0 +1,152 @@
+repos:
+  - repo: local
+    hooks:
+      - id: pyproject-fmt
+        name: Pyproject Formatting
+        language: system
+        entry: |
+          bash -c '
+            uv run pyproject-fmt pyproject.toml
+            exit_code=$?
+            if [ $exit_code -ne 0 ]; then
+              echo -e "\n❌ ERROR: Pyproject formatting failed."
+              exit 1
+            fi
+            # Auto-stage if modified
+            if ! git diff --quiet pyproject.toml 2>/dev/null; then
+              git add pyproject.toml
+              echo "✅ Auto-staged pyproject.toml formatting changes"
+            fi
+          '
+        files: ^(pyproject\.toml)$
+        pass_filenames: false
+
+      - id: uv-lock
+        name: Dependency Locking
+        language: system
+        entry: |
+          bash -c '
+            locks=$(git ls-files --cached --others --exclude-standard | grep -E "(^|/)uv\.lock$" || true)
+            count=$(echo -n "$locks" | grep -c . || echo 0)
+            if [ "$count" -gt 1 ]; then
+              echo -e "\n❌ ERROR: Found $count uv.lock files (expected 1)."
+              echo "$locks"
+              echo -e "👉 FIX: Remove extra uv.lock files. Only the root uv.lock should exist.\n"
+              exit 1
+            fi
+            uv lock -q
+            exit_code=$?
+            if [ $exit_code -ne 0 ]; then
+              echo -e "\n❌ ERROR: uv lock failed."
+              exit 1
+            fi
+            # Auto-stage if modified
+            if ! git diff --quiet uv.lock 2>/dev/null; then
+              git add uv.lock
+              echo "✅ Auto-staged uv.lock changes"
+            fi
+          '
+        files: ^(pyproject\.toml|uv\.lock)$
+        pass_filenames: false
+
+      - id: ruff-check
+        name: Python Linting
+        language: system
+        entry: |
+          bash -c '
+            # Get list of staged Python files before running ruff
+            staged_py=$(git diff --cached --name-only --diff-filter=ACM | grep -E "\.py$" || true)
+
+            uv run ruff check --fix
+            exit_code=$?
+            if [ $exit_code -ne 0 ]; then
+              echo -e "\n❌ ERROR: Ruff found linting issues that could not be auto-fixed."
+              echo -e "👉 FIX: Run \"uv run ruff check\" to see the errors and fix them manually.\n"
+              exit 1
+            fi
+
+            # Auto-stage any modified Python files that were originally staged
+            if [ -n "$staged_py" ]; then
+              for f in $staged_py; do
+                if [ -f "$f" ] && ! git diff --quiet "$f" 2>/dev/null; then
+                  git add "$f"
+                  echo "✅ Auto-staged ruff fixes in $f"
+                fi
+              done
+            fi
+          '
+        types: [python]
+        pass_filenames: false
+
+      - id: ruff-format
+        name: Python Formatting
+        language: system
+        entry: |
+          bash -c '
+            # Get list of staged Python files before running ruff format
+            staged_py=$(git diff --cached --name-only --diff-filter=ACM | grep -E "\.py$" || true)
+
+            uv run ruff format
+            exit_code=$?
+            if [ $exit_code -ne 0 ]; then
+              echo -e "\n❌ ERROR: Ruff formatting failed."
+              exit 1
+            fi
+
+            # Auto-stage any modified Python files that were originally staged
+            if [ -n "$staged_py" ]; then
+              for f in $staged_py; do
+                if [ -f "$f" ] && ! git diff --quiet "$f" 2>/dev/null; then
+                  git add "$f"
+                  echo "✅ Auto-staged ruff format changes in $f"
+                fi
+              done
+            fi
+          '
+        types: [python]
+        pass_filenames: false
+
+      - id: ty
+        name: Static type checking
+        language: system
+        entry: |
+          bash -c '
+            uv run ty check -q
+            exit_code=$?
+            if [ $exit_code -ne 0 ]; then
+              echo -e "\n❌ ERROR: Type checking failed."
+              echo -e "👉 FIX: Run \"uv run ty check\" to see the errors and fix them.\n"
+              exit 1
+            fi
+          '
+        types: [python]
+        pass_filenames: false
+
+      - id: sync-codestyle
+        name: Sync STYLEGUIDE.md to agent rule files
+        language: system
+        entry: |
+          bash -c '
+            SRC="STYLEGUIDE.md"
+            CURSOR_DST=".cursor/rules/python.mdc"
+
+            # Read source body
+            SRC_BODY=$(cat "$SRC")
+
+            # Write Cursor file with frontmatter
+            {
+              echo "---"
+              echo "globs: \"*.py\""
+              echo "alwaysApply: false"
+              echo "---"
+              echo "$SRC_BODY"
+            } > "$CURSOR_DST"
+
+            # Auto-stage if changed
+            if ! git diff --quiet "$CURSOR_DST" 2>/dev/null; then
+              git add "$CURSOR_DST"
+              echo "✅ Auto-staged $CURSOR_DST"
+            fi
+          '
+        files: ^STYLEGUIDE\.md$
+        pass_filenames: false

.pre-commit-config.yaml

@@ -0,0 +1,169 @@
+# AGENTS.md
+
+## Documentation
+
+- `CONTRIBUTING.md`: Contains the rules for contributing to the project.
+- `STYLEGUIDE.md`: Contains the code style guide. It is mandatory for all python contributions.
+
+## `ai-data` - Common Library
+
+### Core Components
+
+`src/ai_data` is the core Python package for shared constants, paths, and models:
+
+- `cache`: disk-based response caching with `@cached_method` decorator.
+- `clients`: singleton API clients with rate limiting (WizClient, MikaClient).
+- `credentials`: singleton environment configuration classes for external services.
+- `llm_utils`: LLM client abstractions (`ModelGateway`, `LlmConfig`, model enums).
+- `paths`: shared project paths.
+- `types`: shared data models.
+- `utils`: shared async utilities (JSON, file helpers).
+
+### Paths
+
+- Use `AI_DATA_ROOT` for the project root.
+- See `paths.py` for other paths.
+
+### Types
+
+`Struct` is the base model (Pydantic) with stricter rules:
+
+- Forbids extra fields.
+- Validates defaults and assignments.
+- Strips whitespace from string fields.
+- Uses enum values for enum fields.
+- Provides a deterministic SHA256 `signature` for change detection.
+
+### Credentials
+
+`GlobalCredentials` loads from `.env`, environment variables, or device authentication.
+
+```python
+from ai_data.credentials.base import GlobalCredentials
+
+class MyConfig(GlobalCredentials):
+    api_key: str = Field(validation_alias="MY_API_KEY")
+
+MyConfig()  # loads from .env then environment
+MyConfig(sources=[".env"])  # loads from .env only
+MyConfig(sources=["environment"])  # loads from os.environ only
+MyConfig(sources=["device"])  # loads from device authentication
+MyConfig().api_key
+```
+
+**Available credentials:**
+
+- `VertexCredentials`: `VERTEX_AI_PROJECT`, `VERTEX_AI_LOCATION`, `GOOGLE_VERTEX_AI_SA` (service account JSON)
+- `WizCredentials`: Wiz API credentials
+
+`WizCredentials` env var prefix selection via `WizEnv`:
+
+- `WizEnv.WIZ`: `WIZ_*`
+- `WizEnv.WIZ_DEMO`: `WIZ_DEMO_*`
+- `WizEnv.WIZ_DEMO_ADVANCED`: `WIZ_DEMO_ADVANCED_*`
+- `WizEnv.WIZ_TEST`: `WIZ_TEST_*`
+
+### Cache
+
+Disk-based response caching using `@cached_method` decorator for async methods.
+
+```python
+from ai_data.cache import cached_method
+
+class MyClient:
+    @cached_method(namespace_arg="model", ttl="1h")
+    async def fetch(self, model: str, query: str) -> dict:
+        return await self._api_call(model, query)
+
+# Normal call (uses cache)
+result = await client.fetch("gpt4", "query")
+
+# Force refresh (skips cache read, overwrites cache)
+result = await client.fetch("gpt4", "query", use_cache=False)
+```
+
+TTL units: `s` (seconds), `m` (minutes), `h` (hours), `d` (days), `w` (weeks).
+
+### Utils
+
+`ai_data.utils` provides async file helpers:
+
+```python
+from ai_data.utils import load_json, save_json, read_file, write_file
+
+# JSON
+data = await load_json("config.json")
+await save_json("out.json", data)
+
+# Text files
+content = await read_file("file.txt")
+await write_file("file.txt", content)
+```
+
+### ModelGateway
+
+User-facing LLM client with flexible API, structured output, and caching.
+
+```python
+from ai_data import ModelGateway, ModelName
+from pydantic import BaseModel
+
+gateway = ModelGateway()
+
+# Plain text completion
+result = await gateway.completion("What is 2+2?")
+print(result.content)  # "4"
+
+# Structured output
+class Answer(BaseModel):
+    value: int
+    explanation: str
+
+result = await gateway.completion("What is 2+2?", output_type=Answer)
+print(result.content.value)  # 4
+
+# With specific model
+result = await gateway.completion("Hello", model=ModelName.HAIKU_4_5)
+
+# Batch completions
+results = await gateway.batch_completion(["Q1", "Q2"], output_type=Answer)
+```
+
+### WizClient
+
+Singleton Wiz API client with rate limiting and async support.
+
+```python
+from ai_data import WizClient
+from ai_data.clients.wiz import GqlQuery
+
+client = WizClient()
+
+# Single query with GqlQuery dataclass
+query = GqlQuery(query="query { viewer { id } }", variables={})
+result = await WizClient.gql_query(query)
+
+# Batch queries (concurrent, rate-limited)
+results = await WizClient.batch_gql_query([
+    GqlQuery(query=query1, variables=vars1),
+    GqlQuery(query=query2, variables=vars2),
+])
+
+WizClient.override(max_concurrency=2)  # Replaces the existing singleton
+WizClient.clear()  # Deletes the global singleton instance
+```
+
+### MikaClient
+
+Extends `WizClient` with Mika AI Assistant methods.
+
+```python
+from ai_data import MikaClient
+
+MikaClient()  # Creates singleton
+response = await MikaClient.query_mika("What are my critical issues?")
+results = await MikaClient.batch_query_mika([
+    "What are my critical issues?",
+    "Show me recent vulnerabilities",
+])
+```