Enhance cookiecutter template with stricter code quality standards #84
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Update Python requirement to 3.11+ to match CLAUDE.md standards - Replace mypy with Astral's experimental ty type checker - Add comprehensive ruff.toml with strict code quality constraints: - Cyclomatic complexity ≤ 8 - Max 5 positional args, 12 branches, 6 returns - Google-style docstrings enforced - Add data library option (polars/pandas/none) in cookiecutter.json - Create pre-commit hooks configuration for automated checks - Add CLAUDE.md template with project-specific instructions - Configure pytest to support tests beside code - Update Makefile with common commands (ty, fix, check) - Remove Python 3.9/3.10 from CI matrix These changes align the cookiecutter template with modern Python development practices and enforce stricter code quality standards. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add web_framework choice in cookiecutter.json (fastapi/none) - Include FastAPI and uvicorn dependencies when selected - Create basic FastAPI app template with health check endpoint - Add 'make serve' command to run development server - Update CLAUDE.md to express strong preference for FastAPI over Flask - Configure post-generation hook to remove _app.py if not using FastAPI This enforces the preference for modern async frameworks and explicitly discourages Flask usage in new projects. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Fix ty version to 0.0.1a16 (current alpha release) - Remove --strict flag which doesn't exist in ty - Update ty commands to explicitly check src directory - Remove strict=true from pyproject.toml ty config ty is still in early alpha, so we're using the latest available version with basic configuration. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Apply ruff formatting to fix CI failure. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Remove the data_library choice (polars/pandas/none) as it's rarely needed for Trail of Bits projects. This simplifies the template and reduces unnecessary options during project creation. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Remove FastAPI web framework option to reduce complexity - Consolidate ruff configuration from ruff.toml into pyproject.toml - Fix Makefile redundancies: keep 'fix' and 'format' as aliases - Remove duplicated ty command from lint target - Clean up CLAUDE.md to remove FastAPI references This simplifies the PR to focus on core improvements: stricter code quality standards, ty type checker, and pre-commit hooks. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
The self-test CI workflow expects 'make reformat' to exist. Add it back as an alias alongside 'fix' and 'format'. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Replace deprecated 'license-files' with proper license field syntax.
Use 'license = {text = "SPDX-ID"}' for standard licenses and
'license = {file = "LICENSE"}' for proprietary licenses.
This fixes the RUF200 parsing error in generated projects.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Change 'search_path' to 'src' in [tool.ty] configuration. The ty type checker expects 'src' as the field name, not 'search_path'. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Remove the [tool.ty] section entirely as ty is in early alpha and the configuration format is not well documented. Let ty use its default configuration which should work for standard project layouts. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Replace experimental ty (0.0.1a16) with stable pyright (1.1+) - Configure pyright with standard type checking mode - Make pre-commit pytest less aggressive: only run fast tests (-k "not slow") - Remove -q flag from pytest for better debugging visibility - Clarify CLAUDE.md framework preferences as general guidelines - Add missing newline to pre-commit config - Update all references from ty to pyright in docs and commands This makes the type checking more reliable while maintaining the same strict code quality standards. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Remove accidentally included test-pyright directory - Fix pre-commit deprecation: use stages: [pre-commit] instead of [commit] - Change pyright to strict mode for better type safety - Add pyright include paths: ["src", "test"] - Add pytest marker documentation for @pytest.mark.slow - Simplify Makefile: keep 'fix' as primary command, 'reformat' as alias All changes tested locally - lint, fix, reformat, and pre-commit hooks work correctly with strict pyright configuration. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
oldsj
approved these changes
Jul 30, 2025
oldsj
left a comment
oldsj
left a comment
There was a problem hiding this comment.
I was able to test this with uvx cookiecutter gh:trailofbits/cookiecutter-python --checkout enhance-cookiecutter-standards and tests passed with make check , looks good!
ekilmer
requested changes
Jul 30, 2025
| # and let Dependabot periodically perform this update. | ||
| "ruff ~= 0.6.2", | ||
| "mypy >= 1.0", | ||
| "pyright >= 1.1", |
Contributor
There was a problem hiding this comment.
@ESultanik You have experience with Python type checkers. Do you have a preference of mypy over pyright or any other type checker?
ekilmer
reviewed
Jul 30, 2025
ret2libc
reviewed
Jul 31, 2025
ekilmer
reviewed
Dec 5, 2025
Ninja3047
requested changes
Dec 8, 2025
Contributor
Ninja3047
left a comment
Ninja3047
left a comment
There was a problem hiding this comment.
i think for pre-commit I would strongly prefer we stick to just auto fixing formatting
running through the entire test suite would make development really annoying especially with work in progress stuff
Comment on lines
+24
to
+41
| {%- if cookiecutter.docstring_coverage %} | ||
| - id: interrogate | ||
| name: interrogate docstring coverage | ||
| entry: uv run interrogate -c pyproject.toml | ||
| language: system | ||
| types: [python] | ||
| pass_filenames: false | ||
| {%- endif %} | ||
|
|
||
| - id: pytest | ||
| name: pytest | ||
| entry: uv run pytest | ||
| language: system | ||
| types: [python] | ||
| pass_filenames: false | ||
| require_serial: true | ||
| # Only run on pre-commit, not on push | ||
| stages: [pre-commit] |
Contributor
There was a problem hiding this comment.
unclear to me if this is really best practice since python projects could potentially have a ton of tests and run slowly so running on every pre-commit will be extremely annoying
Contributor
There was a problem hiding this comment.
Maybe we should remove the pre-commit logic altogether, or gate it behind a non-default question in the template creation.
Contributor
There was a problem hiding this comment.
I think the pre-commit logic was useful for ensuring automated LLM workflows would be checked for linting errors and failing tests.
Since this is a template, I think the ideal setup should be the default. If tests take too long, that's a bit of a code smell or you need to separate your tests into unit tests and integration tests and only run the unit tests on pre-commit.
Lots of subjectivity here, but it's easier to remove stuff than know what to add.
Comment on lines
+3
to
+12
| repos: | ||
| - repo: https://github.com/astral-sh/ruff-pre-commit | ||
| # Ruff version. | ||
| rev: v0.14.8 | ||
| hooks: | ||
| # Run the linter. | ||
| - id: ruff-check | ||
| args: [--fix] | ||
| # Run the formatter. | ||
| - id: ruff-format |
Contributor
There was a problem hiding this comment.
instead of having separate steps in the pre-commit, it would be better to re-use the steps in the makefile by calling it directly to avoid having potentially divergent check logic
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR enhances the cookiecutter-python template with stricter code quality standards based on Trail of Bits' engineering practices. The changes enforce consistent, high-quality Python code across all generated projects.
Key Changes
1. Modern Python Tooling
2. Strict Code Quality Standards
Enforces quantitative code complexity limits:
3. Enhanced Developer Experience
ruff formatandruff check --fixpyrightstrict type checkingpytest(fast tests only, excluding@pytest.mark.slow)interrogatedocstring coverage (if enabled)make fix- primary formatter commandmake lint- all quality checksmake typecheck- just type checkingtest_*.pyand*_test.pyin src/4. Project Documentation
5. Configuration Improvements
stages: [commit]tostages: [pre-commit])What Changed From Initial PR
After code review and testing, we:
tywith stablepyrightTest Plan
🤖 Generated with Claude Code