Skip to content

chore(QUAL-007): check the whole test tree with mypy [stacked on #105]#106

Merged
DoRmAmMu1997 merged 7 commits into
chore/qual-006-pandas-stubsfrom
chore/qual-007-mypy-tests
Jul 13, 2026
Merged

chore(QUAL-007): check the whole test tree with mypy [stacked on #105]#106
DoRmAmMu1997 merged 7 commits into
chore/qual-006-pandas-stubsfrom
chore/qual-007-mypy-tests

Conversation

@DoRmAmMu1997

Copy link
Copy Markdown
Owner

⚠️ Stacked PR — merge order matters

Base: chore/qual-006-pandas-stubs (#105). Merge #105 first. GitHub retargets this PR to main automatically when the base branch is deleted on merge. Merging this PR before #105 would land it into the feature branch — don't. Stacked at the user's request so the diff shows only QUAL-007's changes.

Ticket scope (QUAL-007 — mypy over tests/, phase 2)

Goal: finish what QUAL-004 started. The mypy files whitelist covered exactly three test modules; every other test file — including any new one — was invisible to the type checker. This PR flips the default: files now says "tests", so the whole tree is checked and new test files are typed from day one.

What full adoption surfaced: 409 mechanical errors in 45 of ~90 test modules — fake clients passed where the real client class is annotated, to_dict("records") rows, unannotated accumulators, append(...) or True recorder lambdas. Per the plan's pre-agreed fallback ("if the count balloons, keep the largest-coverage whitelist and document the remainder"):

In scope

  • pyproject.toml: files extended to "tests"; a new shrink-only ignore_errors override enumerates the 29 modules still carrying debt (~385 errors), with a comment forbidding additions — the module names are top-level (no tests. prefix) because tests/ is not a package.
  • 16 modules fixed (~24 errors), all behavior-preserving:
    • append(...) or True / append(...) or value lambdas → small named fakes with real return statements (4 sites);
    • Optional-narrowing on ORM reads (metadata_json, scalar()) via explicit assert/str()/comprehension filters;
    • the IPO import-boundary guard now isinstance-filters AST nodes up front (same runtime walk, typed lineno);
    • deliberately-invalid enum/string inputs ("UNKNOWN" coercion test, "bullish" rejection test) marked with cast + comments — the validators they exercise are untouched;
    • UI fakes' capture slots typed as pd.DataFrame so assertions may use frame methods;
    • the same np.log(Series) narrowing the production scoring component uses.
  • Net effect: mypy checks 209 files (up from 122), clean. CI's command is unchanged — the gate is config-driven.

Out of scope (deliberate)

This is ticket 9 of the 10-ticket second improvement wave (TEST-007 #98, REF-003 #99, AI-006 #100, IPO-006 #101, TEST-006 #102, PERF-002 #103, DEPLOY-004 #104, QUAL-006 #105, QUAL-007, DOC-003).

Gates (all green, local, Python 3.13)

Gate Result
mypy clean at 209 files (was 122)
pytest on the 16 touched modules 240 passed
Full suite --cov-fail-under=87 1,386 passed, 1 skipped; coverage 88.13%
pre_commit validate-config / compileall / ruff / bandit / pip_audit clean

Diff vs the #105 base: 17 files, +125/−29 — pyproject.toml (mypy config only; no dependency motion) and 16 test modules.

Review

/code-review: Approve — every fix re-ran its module's tests (240 passed); the two deliberate-invalid-input casts keep the validators' rejection paths exercised; the exclusion list was cross-checked against the actual mypy output so no clean module is accidentally ignored. /security-review: no findings (test/config-only diff; the strengthened IPO boundary-guard typing keeps that policy test enforcing the same rules).

🤖 Generated with Claude Code

Flips tests/ typing from an opt-in whitelist (QUAL-004: conftest + two
policy tests) to checked-by-default: pyproject mypy `files` now lists
"tests", so every NEW test file is type-checked automatically and the ~60
already-clean modules are locked.

Full adoption surfaced 409 mechanical errors in 45 modules (fake clients
passed where the real client class is annotated, records-dict rows,
unannotated accumulators). Per the planned fallback, this PR:

- fixes the 16 low-count modules (~24 errors): typed audit-recorder fakes
  replacing `append(...) or True` lambdas, Optional narrowing on ORM
  metadata/scalar reads, isinstance-first AST walk in the IPO boundary
  guard, deliberate-invalid enum/string inputs marked with cast (the
  validators they exercise are unchanged), DataFrame-typed capture slots
  in UI fakes, and the same np.log/Series narrowing the production
  component uses;
- enumerates the remaining 29 dirty modules in a shrink-only
  ignore_errors override (~385 errors of typed-API debt, documented for
  incremental cleanup) - the comment forbids ever ADDING to the list.

The tests/ entries are top-level module names (tests/ has no __init__.py).
CI's mypy command is unchanged (config-driven). All 240 tests in the 16
touched modules pass; full suite at baseline.

Stacked on QUAL-006 (needs pandas-stubs and edits the same pyproject
section). Merge #105 first; GitHub retargets this PR to main when the base
branch is deleted.

Gates: 1,386 passed, coverage 88.13% (floor 87); mypy clean at 209 files
(up from 122); pre-commit validate, compileall, ruff, bandit, pip-audit
all clean.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

@DoRmAmMu1997 DoRmAmMu1997 left a comment

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Self-review (posted as COMMENT — the bot runs as the PR author and cannot APPROVE). Verdict: Approve.

  1. The flip is the point — before: 3 test modules whitelisted, new test files unchecked forever unless someone remembered to add them. After: checked-by-default (209 files), with the remaining debt enumerated in a shrink-only list. The override comment explicitly forbids additions, making "new untyped test module" a reviewable config change instead of silent drift.
  2. Module-name gotcha caught in-flight — the first draft used tests.test_* names, which silently matched nothing because tests/ has no __init__.py; mypy names those files as top-level modules. The committed version uses the correct bare names and the full run proves the override actually bites (409 errors → 0 reported).
  3. Behavior-preservation of the 16 fixes — all 240 tests in the touched modules pass. The two riskiest edits were checked closely: the IPO boundary guard's isinstance-first walk visits the same Import/ImportFrom nodes (non-import nodes previously produced an empty modules list, i.e. a no-op inner loop); and the role_changed metadata None-filter removes nothing at runtime because that event always writes metadata (asserted by the same suite).
  4. Deliberate-invalid inputs stay deliberatecast(IpoIssueType, "UNKNOWN") and cast(Any, "bullish") exist precisely so the coercion/rejection tests keep sending the raw values their validators must handle; comments at both sites say so.
  5. No dependency motion — the pyproject diff is mypy config only; constraints/requirements untouched on this branch (the pins live in the #105 base).
  6. Stacking discipline — base is chore/qual-006-pandas-stubs; the body's top banner spells out the merge order and GitHub's auto-retarget. This PR should merge last of the wave so test files from #98#103 get checked on main under the new default (any stragglers are fix-forward).

Gates: mypy clean at 209 files; 1,386 passed + 1 skipped, coverage 88.13% (floor 87); ruff/bandit/pip-audit/pre-commit/compileall clean. Security review: no findings (test/config-only).

Appends the "July 2026" section to docs/architecture/audit-2026-06.md so
future audits read one durable history instead of re-deriving it:

- both waves indexed: #88-#97 (other session) and #98-#107 (this wave,
  one ticket per PR);
- findings verified FALSE this round (cpr_yearly float convention,
  cpr_yearly test coverage, technical-agent injection posture = locked
  TEST-003 decision);
- wave 1's considered-and-REJECTED list recorded so those ideas are not
  re-proposed (session-state registry, indicators decorator, sectors
  iterrows, DNS-rebinding on the fixed listing URLs, run_scan split);
- the June deferral table updated item by item: Agent SDK dedup landed in
  two steps with the per-agent remainder locked by ADR; pandas-stubs
  estimate corrected (June "hundreds" -> actual 22); the parquet sidecar
  idea superseded by footer statistics with the June measure-first
  objection honored and the advisory-index review hardening noted.

Stacked on QUAL-007 (#106) -> QUAL-006 (#105); merge those first.

Gates: 1,386 passed, coverage 88.13%; ruff clean; mypy clean (209 files).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@DoRmAmMu1997

Copy link
Copy Markdown
Owner Author

Codex review plan before fixes:

No new typing strictness or product behavior is being added.

@DoRmAmMu1997 DoRmAmMu1997 left a comment

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Codex found two actionable QUAL-007 integration/policy issues before updating the branch.

Comment thread pyproject.toml
Comment thread pyproject.toml
DoRmAmMu1997 and others added 3 commits July 11, 2026 23:44
Reconcile the whole-test-tree mypy gate with the newly merged PRs, type the
affected fixtures and values without changing runtime behavior, and enforce
that QUAL-007's temporary ignore-errors baseline can only shrink.

Co-authored-by: Hemant <hemantdhamija@gmail.com>
Co-authored-by: Codex <codex@openai.com>
@DoRmAmMu1997

Copy link
Copy Markdown
Owner Author

Codex review follow-up complete for QUAL-007.

What I fixed:

Verification on the final local tree:

  • 1517 passed, 1 skipped; coverage 89.31% (floor 87%)
  • mypy: Success: no issues found in 221 source files
  • compileall, Ruff, Bandit, pinned pip-audit, pre-commit validation/hooks, and git diff --check: passed
  • Docker is not installed on this workstation; the hosted Docker image check is the authoritative container result

The formal diff-scoped security review found no reportable issues. The change is limited to typing/test-policy code and introduces no runtime behavior.

DoRmAmMu1997 and others added 2 commits July 13, 2026 08:54
Reconcile the July audit register with the reviewed final PR heads, record the
enforced QUAL-007 debt policy, and update the architecture index to describe
the durable June-July register through PR #107.

Co-authored-by: Hemant <hemantdhamija@gmail.com>
Co-authored-by: Codex <codex@openai.com>
…-july

docs(DOC-003): record the July 2026 review waves in the audit register [stacked on #106]
@DoRmAmMu1997
DoRmAmMu1997 merged commit 97f06ad into chore/qual-006-pandas-stubs Jul 13, 2026
3 checks passed
@DoRmAmMu1997
DoRmAmMu1997 deleted the chore/qual-007-mypy-tests branch July 13, 2026 04:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant