Set up pre-commit workflow with Ruff linting and formatting

.env.example

@@ -62,4 +62,4 @@ JUDGE_MODEL=gpt-4o
 USE_GPT_PROMPTS=true
 PROMPT_MODEL=gpt-4o
 PROMPT_TEMPERATURE=1.0
-PROMPT_MAX_TOKENS=4000
+PROMPT_MAX_TOKENS=4000

.gitignore

@@ -230,4 +230,74 @@ test_outputs/
 test_logs/
 storage/
 .cursor/
-!dockerfiles/
+!dockerfiles/
+
+# Pre-commit
+.pre-commit-cache/
+.pre-commit-repos/
+
+# Ruff
+.ruff_cache/
+ruff.lock
+
+# Bandit
+.bandit
+*.bandit
+
+# Detect-secrets
+# Note: .secrets.baseline should be committed to the repo
+# (it tracks known secrets, not actual secrets)
+
+# Pytest
+.pytest_cache/
+.tox/
+.hypothesis/
+
+# Coverage reports
+.coverage.*
+htmlcov/
+coverage.xml
+*.cover
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# IDE - Additional
+*.sublime-project
+*.sublime-workspace
+.project
+.pydevproject
+.settings/
+*.code-workspace
+
+# Docker
+docker-compose.override.yml
+.dockerignore
+
+# Local configuration
+.env.local
+.env.*.local
+local_settings.py
+
+# Redis dumps
+dump.rdb
+
+# PostgreSQL
+*.pgsql
+pgdata/
+
+# Temporary files
+*.swp
+*.swo
+*~
+*.bak
+*.backup
+
+# PID files
+*.pid
+
+# Lock files (optional - uncomment if you don't want to commit)
+# poetry.lock
+# Pipfile.lock

.pre-commit-config.yaml

@@ -0,0 +1,56 @@
+# Pre-commit hooks configuration
+# See https://pre-commit.com for more information
+# Run `pre-commit install` to install hooks into your git repository
+
+repos:
+  # Ruff: Fast Python linter and formatter
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.8.4
+    hooks:
+      # Run the linter
+      - id: ruff
+        args: [--fix, --exit-non-zero-on-fix]
+      # Run the formatter
+      - id: ruff-format
+
+  # General file checks
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: trailing-whitespace
+        exclude: ^alembic/versions/.*\.py$
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+        args: [--maxkb=1000]
+      - id: check-json
+      - id: check-toml
+      - id: check-merge-conflict
+      - id: check-case-conflict
+      - id: debug-statements
+      - id: mixed-line-ending
+      - id: requirements-txt-fixer
+      - id: fix-byte-order-marker
+
+  # Python-specific checks
+  - repo: https://github.com/PyCQA/isort
+    rev: 5.13.2
+    hooks:
+      - id: isort
+        args: ["--profile", "black", "--check-only"]
+
+  # Security checks
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.8
+    hooks:
+      - id: bandit
+        args: ["-r", ".", "-ll"]
+        exclude: ^(tests/|alembic/versions/)
+
+  # Check for secrets (disabled for now due to baseline compatibility)
+  # - repo: https://github.com/Yelp/detect-secrets
+  #   rev: v1.4.0
+  #   hooks:
+  #     - id: detect-secrets
+  #       args: ['--baseline', '.secrets.baseline']
+  #       exclude: package.json|pnpm-lock.yaml