ft(pre-commit) (#5)

* stricter manifest typing
* linting

Author: WP-LKL

.github/workflows/doc-drift.yml

@@ -15,7 +15,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.10"
+          python-version: '3.10'
 
       - name: Install Python dependencies
         run: |

.github/workflows/lint.yml

@@ -15,7 +15,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.10"
+          python-version: '3.10'
 
       - name: Install Python dependencies
         run: |
@@ -25,14 +25,17 @@ jobs:
       - name: Set up Node
         uses: actions/setup-node@v4
         with:
-          node-version: "20"
+          node-version: '20'
 
       - name: Install Node dependencies
         run: npm install
 
       - name: Lint Python (Ruff)
         run: ruff check tools
 
+      - name: Pre-commit hooks
+        run: pre-commit run --all-files
+
       - name: Validate Schema (AJV Strict)
         run: npm run lint:schema
 

.github/workflows/test.yml

@@ -15,7 +15,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.10"
+          python-version: '3.10'
 
       - name: Install dependencies
         run: |

.pre-commit-config.yaml

@@ -0,0 +1,34 @@
+---
+repos:
+  - repo: 'https://github.com/rbubley/mirrors-prettier'
+    rev: 'v3.7.4'
+    hooks:
+      - id: 'prettier'
+        types: [text]
+        additional_dependencies:
+          - 'prettier@3.5.3'
+          - 'prettier-plugin-sort-json@4.1.1'
+          - 'prettier-plugin-toml@2.0.5'
+        pass_filenames: true
+        args:
+          [
+            '--log-level=warn',
+            '--check',
+            '--config=.prettierrc.cjs',
+            '--ignore-path=.prettierignore',
+          ]
+  - repo: 'https://github.com/codespell-project/codespell'
+    rev: 'v2.4.1'
+    hooks:
+      - id: 'codespell'
+        exclude: '^(package-lock.json|src/test/openutau-ustx/bulaomeng.ustx.yaml|src/test/kustomization/labels.json|src/test/bun-lock/bun.lock.json|src/bin/.*)$'
+        args:
+          [
+            '--ignore-words-list',
+            'crate,ninjs,ans,specif,seh,specifid,deriver,isnt,tye,forin,dependees,rouge,interm,fo,wast,nome,statics,ue,aack,gost,inout,provId,handels,bu,testng,ags,edn,aks,te,decorder,provid,branche,alse,nd,mape,wil,clude,wit,flate,omlet,THIRDPARTY,NotIn,notIn,CopyIn,Requestor,requestor,re-use,ofo,abl,dout,foto,vor,wel,NAM,BRIN,everyTime,afterAll,beforeAll,ontainer',
+          ]
+  - repo: 'https://github.com/astral-sh/ruff-pre-commit'
+    rev: 'v0.9.1'
+    hooks:
+      - id: ruff
+        args: ['--fix']

.prettierrc.cjs

@@ -0,0 +1,42 @@
+/** @type {import('prettier').Config} */
+module.exports = {
+  // pre-commit.ci fails without `require.resolve()`.
+  plugins: [
+    require.resolve('prettier-plugin-sort-json'),
+    require.resolve('prettier-plugin-toml'),
+  ],
+  semi: false,
+  singleQuote: true,
+  trailingComma: 'all',
+  jsonRecursiveSort: true,
+  jsonSortOrder: JSON.stringify({
+    '/^[^\\d+]/': 'none',
+    '/^\\d+/': 'none',
+  }),
+  overrides: [
+    {
+      files: '*.jsonc',
+      options: {
+        trailingComma: 'none',
+      },
+    },
+    {
+      files: 'schema/**/*.json',
+      options: {
+        jsonRecursiveSort: true,
+        jsonSortOrder: JSON.stringify({
+          $schema: null,
+          $id: null,
+          $comment: null,
+          $ref: null,
+          '/^\\$.*/': null,
+          '/^[^\\d+]/': 'none',
+          '/^\\d+/': 'none',
+          if: null,
+          then: null,
+          else: null,
+        }),
+      },
+    },
+  ],
+}

CONTRIBUTING.md

@@ -1,6 +1,7 @@
 # KYA Manifest — Developer Notes (v0.1.0-alpha)
 
 ## Validation pipeline
+
 1. JSON Schema validation against https://w3id.org/kya/v1/schema.
 2. JSON-LD expansion using a documentLoader that maps https://w3id.org/kya/v1 to the local context file.
 3. Policy checks:
@@ -10,7 +11,9 @@
    - embedded vs referenced VC rules.
 
 ## JSON-LD context ordering
+
 Use:
+
 - https://www.w3.org/2018/credentials/v1
 - https://w3id.org/security/data-integrity/v2
 - https://w3id.org/security/suites/ed25519-2020/v1
@@ -19,10 +22,12 @@ Use:
 Putting the KYA context last avoids protected-term redefinition failures in common processors.
 
 ## Fixtures
+
 - 02-minimal.json: smallest conforming manifest for debugging.
 - 01-full.json: comprehensive manifest exercising optional sections and VC embedding/referencing.
 
 ## Versioning policy
+
 Treat `schema/kya-manifest.schema.json` and `schema/context.jsonld` as normative. When adding or
 changing fields, update the schema, context, and `schema_human.md` together. The spec HTML and
 vocab are informative and may lag unless a change is breaking or user-facing.

Makefile

@@ -31,6 +31,7 @@ lint: ## Run lint/format checks
 	@for file in $(EXAMPLES); do \
 		$(PYTHON) $(LINTER) $$file; \
 	done
+	pre-commit run --all-files
 	npm run lint
 
 lint-fix: ## Auto-fix formatting issues

SECURITY.md

@@ -1,19 +1,23 @@
 # Security Policy
 
 ## Supported Versions
+
 Only the latest major version of the KYA Manifest Standard is supported for security updates.
 
-| Version | Supported          |
-| ------- | ------------------ |
-| 0.1.x   | ✅ Yes              |
-| < 0.1   | ❌ No               |
+| Version | Supported |
+| ------- | --------- |
+| 0.1.x   | ✅ Yes    |
+| < 0.1   | ❌ No     |
 
 ## Reporting a Vulnerability
+
 For now you may open a public issue on GitHub. In the future, we may set up a private disclosure process.
 
 If you discover a security flaw in the future or wish to do so privately for the KYA schema, linter, or protocol logic, please report it privately via:
+
 - **Email:** security@cph.ai
 - **PGP Key:**
+
 ```
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
@@ -28,7 +32,8 @@ gCavPDCBUexEAwEIB4h+BBgWCgAmFiEEX/sM/XNyAq4vACSzRtkRt7ZG5dsFAmly
 OldhhZKB8iQJ8mcBAKgjSk53AlbC8h5ruTvbSFhAJkipoAB93W06Ygu+QPoB
 =AkD3
 -----END PGP PUBLIC KEY BLOCK-----
-````
+```
+
 - PGP Fingerprint: `5FFB0CFD737202AE2F0024B346D911B7B646E5DB`
 
 Please include a detailed description of the vulnerability and a proof-of-concept if possible. We aim to acknowledge all reports within 48 hours.

package-lock.json

@@ -4,11 +4,13 @@
   "devDependencies": {
     "ajv": "^8.17.1",
     "ajv-formats": "^3.0.1",
-    "prettier": "3.2.5"
+    "prettier": "^3.5.3",
+    "prettier-plugin-sort-json": "^4.1.1",
+    "prettier-plugin-toml": "^2.0.5"
   },
   "scripts": {
     "lint:schema": "node tools/ajv-validate-schema.js",
-    "format": "prettier --write README.md schema/**/*.json examples/**/*.json spec/**/*.html .github/workflows/*.yml",
-    "lint": "prettier --check README.md schema/**/*.json examples/**/*.json spec/**/*.html .github/workflows/*.yml"
+    "format": "prettier --config .prettierrc.cjs --ignore-path .prettierignore --write README.md schema/**/*.json examples/**/*.json spec/**/*.html .github/workflows/*.yml",
+    "lint": "prettier --config .prettierrc.cjs --ignore-path .prettierignore --check README.md schema/**/*.json examples/**/*.json spec/**/*.html .github/workflows/*.yml"
   }
 }