chore: migrate type checking to ty

Makefile

@@ -58,7 +58,7 @@ lint: $(VENV)/pyvenv.cfg
 	. $(VENV_BIN)/activate && \
 		interrogate -c pyproject.toml .
 	. $(VENV_BIN)/activate && \
-		mypy src test
+		ty check
 
 .PHONY: reformat
 reformat:

pyproject.toml

@@ -22,7 +22,7 @@ dependencies = ["cryptography>=43"]
 [project.optional-dependencies]
 doc = []
 test = ["pytest", "pytest-cov", "pretend", "coverage[toml]"]
-lint = ["ruff >= 0.7,< 0.15", "interrogate", "mypy", "types-requests"]
+lint = ["ruff >= 0.7,< 0.15", "interrogate", "ty>=0.0.14", "rfc3161-client[test]"]
 dev = ["rfc3161-client[test,lint,doc]", "maturin>=1.7,<2.0"]
 
 [project.urls]
@@ -53,23 +53,12 @@ select = ["E", "F", "I", "W", "UP", "TCH"]
 [tool.coverage.report]
 exclude_also = ["if TYPE_CHECKING:"]
 
+[tool.ty.src]
+include = ["src", "test"]
+
 [tool.interrogate]
 # don't enforce documentation coverage for testing, the virtual
 # environment, or the scripts.
 exclude = [".venv", "test", "scripts"]
 ignore-semiprivate = true
 fail-under = 100
-
-[tool.mypy]
-mypy_path = "src"
-warn_redundant_casts = true
-warn_unused_ignores = true
-warn_no_return = true
-warn_return_any = true
-warn_unreachable = true
-disallow_untyped_defs = true
-disallow_incomplete_defs = true
-disallow_untyped_decorators = false
-check_untyped_defs = true
-disallow_any_unimported = false
-ignore_missing_imports = true

src/rfc3161_client/base.py

@@ -50,23 +50,23 @@ def data(self, data: bytes) -> TimestampRequestBuilder:
     def hash_algorithm(self, hash_algorithm: _AllowedHashTypes) -> TimestampRequestBuilder:
         """Set the Hash algorithm used."""
         if not isinstance(hash_algorithm, HashAlgorithm):
-            msg = f"{hash_algorithm} is not a supported hash."  # type: ignore[unreachable]
+            msg = f"{hash_algorithm} is not a supported hash."
             raise TypeError(msg)
 
         return TimestampRequestBuilder(self._data, hash_algorithm, self._nonce, self._cert_req)
 
     def cert_request(self, *, cert_request: bool = False) -> TimestampRequestBuilder:
         """Set the cert request field."""
         if not isinstance(cert_request, bool):
-            msg = "Cert request must be a boolean."  # type: ignore[unreachable]
+            msg = "Cert request must be a boolean."
             raise TypeError(msg)
 
         return TimestampRequestBuilder(self._data, self._algorithm, self._nonce, cert_request)
 
     def nonce(self, *, nonce: bool = True) -> TimestampRequestBuilder:
         """Set the request policy field."""
         if not isinstance(nonce, bool):
-            msg = "Request policy must be a boolean."  # type: ignore[unreachable]
+            msg = "Request policy must be a boolean."
             raise TypeError(msg)
 
         return TimestampRequestBuilder(self._data, self._algorithm, nonce, self._cert_req)

test/test_verify.py

@@ -214,7 +214,7 @@ def test_verify_tsr_with_chains_without_certs(
         verifier = cast("_Verifier", verifier)
         with pytest.raises(VerificationError, match="Error while verifying"):
             verifier._verify_tsr_with_chains(
-                pretend.stub(
+                pretend.stub(  # ty: ignore[invalid-argument-type]
                     signed_data=ts_response.signed_data,
                     time_stamp_token=lambda: b"",
                     tst_info=ts_response.tst_info,
@@ -228,15 +228,15 @@ def test_verify_tsr_with_chains_without_signer(
         verifier = cast("_Verifier", verifier)
         with pytest.raises(VerificationError, match="0 signer infos"):
             verifier._verify_tsr_with_chains(
-                pretend.stub(signed_data=pretend.stub(signer_infos=[]))
+                pretend.stub(signed_data=pretend.stub(signer_infos=[]))  # ty: ignore[invalid-argument-type]
             )
 
     def test_verify_leaf_certs_no_certs(self, verifier: Verifier) -> None:
         verifier = cast("_Verifier", verifier)
         verifier._tsa_certificate = None
         response = pretend.stub(signed_data=pretend.stub(certificates=[]))
         with pytest.raises(VerificationError, match="Certificates neither"):
-            verifier._verify_leaf_certs(tsp_response=response)
+            verifier._verify_leaf_certs(tsp_response=response)  # ty: ignore[invalid-argument-type]
 
     def test_verify_leaf_certs_mismatch(
         self, verifier: Verifier, ts_response: TimeStampResponse
@@ -250,7 +250,11 @@ def test_verify_leaf_certs_update_cert(
         self, verifier: Verifier, ts_response: TimeStampResponse, monkeypatch: MonkeyPatch
     ) -> None:
         verifier = cast("_Verifier", verifier)
-        monkeypatch.setattr(rfc3161_client._rust.SignedData, "certificates", [])
+        monkeypatch.setattr(
+            rfc3161_client._rust.SignedData,  # ty: ignore[possibly-missing-attribute]
+            "certificates",
+            [],
+        )
         assert verifier._verify_leaf_certs(tsp_response=ts_response)
 
     def test_verify_leaf_certs_no_eku(
@@ -303,7 +307,7 @@ def test_verify_leaf_cert_mismatch(
         self, verifier: Verifier, ts_response: TimeStampResponse
     ) -> None:
         verifier = cast("_Verifier", verifier)
-        verifier._tsa_certificate = pretend.stub(
+        verifier._tsa_certificate = pretend.stub(  # ty: ignore[invalid-assignment]
             __ne__=lambda *args: False,
             issuer=None,
         )
@@ -334,7 +338,7 @@ def mock_load_der_x509_certificate(_cert: bytes) -> cryptography.x509.Certificat
         )
 
         with pytest.raises(VerificationError, match="No leaf certificate found in the chain."):
-            verifier._verify_leaf_certs(tsp_response=response)
+            verifier._verify_leaf_certs(tsp_response=response)  # ty: ignore[invalid-argument-type]
 
     def test_verify_leaf_name_mismatch(
         self, verifier: Verifier, ts_response: TimeStampResponse
@@ -346,7 +350,7 @@ def test_verify_leaf_name_mismatch(
 
     def test_verify_wrong_status(self, verifier: Verifier) -> None:
         with pytest.raises(VerificationError, match="GRANTED"):
-            verifier.verify(pretend.stub(status=2), b"")
+            verifier.verify(pretend.stub(status=2), b"")  # ty: ignore[invalid-argument-type]
 
     def test_verify_wrong_nonce(
         self, ts_response: TimeStampResponse, verifier: Verifier, monkeypatch: MonkeyPatch
@@ -528,7 +532,7 @@ def test_verify_succeeds_even_if_cert_is_currently_expired() -> None:
     # same timestamp fails to verify if timestamp time is mocked to be outside validity window
     with pytest.raises(VerificationError, match="certificate has expired"):
         verifier.verify_message(
-            pretend.stub(
+            pretend.stub(  # ty: ignore[invalid-argument-type]
                 signed_data=ts_response.signed_data,
                 time_stamp_token=ts_response.time_stamp_token,
                 tst_info=pretend.stub(