pragma-stack/backend/pyproject.toml

[build-system]
requires = ["setuptools>=61.0"]
build-backend = "setuptools.build_meta"

[tool.setuptools.packages.find]
include = ["app*"]
exclude = ["tests*", "uploads*", "docs*"]

[project]
name = "fast-next-backend"
version = "0.1.0"
description = "FastAPI backend for Fast-Next template"
readme = "README.md"
requires-python = ">=3.12"

# Core dependencies
dependencies = [
    # Core FastAPI framework and dependencies
    "fastapi>=0.115.8",
    "uvicorn>=0.34.0",
    "pydantic>=2.10.6",
    "pydantic-settings>=2.2.1",
    "python-multipart>=0.0.22",
    "fastapi-utils==0.8.0",
    # Database
    "sqlalchemy>=2.0.29",
    "alembic>=1.14.1",
    "psycopg2-binary>=2.9.9",
    "asyncpg>=0.29.0",
    "aiosqlite==0.21.0",
    # Environment configuration
    "python-dotenv>=1.0.1",
    # API utilities
    "email-validator>=2.1.0.post1",
    "ujson>=5.9.0",
    # CORS and security
    "starlette>=0.40.0",
    "starlette-csrf>=1.4.5",
    "slowapi>=0.1.9",
    # Utilities
    "httpx>=0.27.0",
    "tenacity>=8.2.3",
    "pytz>=2024.1",
    "pillow>=12.1.1",
    "apscheduler==3.11.0",
    # Security and authentication
    "PyJWT>=2.9.0",
    "bcrypt==4.2.1",
    "cryptography>=46.0.5",
    # OAuth authentication
    "authlib>=1.6.6",
    "urllib3>=2.6.3",
]

# Development dependencies
[project.optional-dependencies]
dev = [
    # Testing
    "pytest>=8.0.0",
    "pytest-asyncio>=0.23.5",
    "pytest-cov>=4.1.0",
    "pytest-xdist>=3.8.0",
    "requests>=2.32.0",
    "freezegun~=1.5.1",

    # Development tools
    "ruff>=0.8.0",  # All-in-one: linting, formatting, import sorting
    "pyright>=1.1.390",  # Type checking

    # Security auditing
    "pip-audit>=2.7.0",  # Dependency vulnerability scanning (PyPA/OSV)
    "pip-licenses>=4.0.0",  # License compliance checking
    "detect-secrets>=1.5.0",  # Hardcoded secrets detection

    # Performance benchmarking
    "pytest-benchmark>=4.0.0",  # Performance regression detection

    # Pre-commit hooks
    "pre-commit>=4.0.0",  # Git pre-commit hook framework
]

# E2E testing with real PostgreSQL (requires Docker)
e2e = [
    "testcontainers[postgres]>=4.0.0",
    "schemathesis>=3.30.0",
]

# ============================================================================
# Ruff Configuration - All-in-one linting, formatting, and import sorting
# ============================================================================
[tool.ruff]
target-version = "py312"
line-length = 88  # Black-compatible
indent-width = 4

# Exclude directories
exclude = [
    ".git",
    ".venv",
    "__pycache__",
    "*.egg-info",
    ".pytest_cache",
    ".mypy_cache",
    ".ruff_cache",
    "alembic/versions",  # Generated migration files
]

# ============================================================================
# Ruff Linting Rules
# ============================================================================
[tool.ruff.lint]
# Enable these rule sets:
# E/W   - pycodestyle errors and warnings
# F     - pyflakes (unused imports, variables, etc.)
# I     - isort (import sorting)
# N     - pep8-naming (naming conventions)
# UP    - pyupgrade (modern Python syntax)
# B     - flake8-bugbear (common bugs)
# C4    - flake8-comprehensions (list/dict comprehensions)
# PIE   - flake8-pie (misc lints)
# RUF   - Ruff-specific rules
# ASYNC - flake8-async (async best practices)
# S     - flake8-bandit (security)
# T20   - flake8-print (no print statements)
select = [
    "E",      # pycodestyle errors
    "W",      # pycodestyle warnings
    "F",      # pyflakes
    "I",      # isort
    "N",      # pep8-naming
    "UP",     # pyupgrade
    "B",      # flake8-bugbear
    "C4",     # flake8-comprehensions
    "PIE",    # flake8-pie
    "RUF",    # Ruff-specific
    "ASYNC",  # flake8-async
    "S",      # flake8-bandit (security)
    "G",      # flake8-logging-format (logging best practices)
    "T20",    # flake8-print (no print statements in production code)
]

# Ignore specific rules
ignore = [
    "E501",   # Line too long (handled by formatter)
    "S101",   # Use of assert (pytest uses asserts)
    "S104",   # Possible binding to all interfaces (FastAPI needs 0.0.0.0)
    "S105",   # Possible hardcoded password (false positives in field names)
    "S106",   # Possible hardcoded password (false positives in field names)
    "S603",   # subprocess without shell=True (safe usage)
    "S607",   # Starting a process with a partial path (safe usage)
    "B008",   # FastAPI Depends() in function defaults (required by framework)
    "B904",   # Exception chaining (overly strict for FastAPI error handlers)
]

# Allow autofix for all enabled rules
fixable = ["ALL"]
unfixable = []

# Per-file ignores for special cases
[tool.ruff.lint.per-file-ignores]
"app/alembic/env.py" = ["E402", "F403", "F405"]  # Alembic requires specific import order
"app/alembic/versions/*.py" = ["E402"]  # Migration files have specific structure
"tests/**/*.py" = ["S101", "N806", "B017", "N817", "ASYNC251", "RUF043", "T20"]  # pytest: asserts, CamelCase fixtures, blind exceptions, async test helpers, and print for debugging are intentional
"app/models/__init__.py" = ["F401"]  # __init__ files re-export modules
"app/models/base.py" = ["F401"]  # Re-exports Base for use by other models
"app/utils/test_utils.py" = ["N806"]  # SQLAlchemy session factories use CamelCase convention
"app/main.py" = ["N806"]  # Constants use UPPER_CASE convention
"app/init_db.py" = ["T20"]  # CLI script uses print for user-facing output
"migrate.py" = ["T20"]  # CLI script uses print for user-facing output

# ============================================================================
# Ruff Import Sorting (isort replacement)
# ============================================================================
[tool.ruff.lint.isort]
known-first-party = ["app", "tests"]
section-order = [
    "future",
    "standard-library",
    "third-party",
    "first-party",
    "local-folder",
]
combine-as-imports = true
force-wrap-aliases = true
split-on-trailing-comma = true

# ============================================================================
# Ruff Formatting (Black replacement)
# ============================================================================
[tool.ruff.format]
quote-style = "double"
indent-style = "space"
skip-magic-trailing-comma = false
line-ending = "lf"

# ============================================================================
# Pytest Configuration
# ============================================================================
[tool.pytest.ini_options]
testpaths = ["tests"]
python_files = ["test_*.py"]
python_classes = ["Test*"]
python_functions = ["test_*"]
addopts = [
    "--disable-warnings",
    "-n", "auto",  # parallel execution
    "--strict-markers",
    "--tb=short",
    "--cov=app",
    "--cov-report=term-missing",
    "--cov-report=html",
    "--ignore=tests/benchmarks",  # benchmarks are incompatible with xdist; run via 'make benchmark'
    "-p", "no:benchmark",  # disable pytest-benchmark plugin during normal runs (conflicts with xdist)
]
markers = [
    "sqlite: marks tests that should run on SQLite (mocked).",
    "postgres: marks tests that require a real PostgreSQL database.",
    "e2e: marks end-to-end tests requiring Docker containers.",
    "schemathesis: marks Schemathesis-generated API tests.",
    "benchmark: marks performance benchmark tests.",
]
asyncio_default_fixture_loop_scope = "function"

# ============================================================================
# Coverage Configuration
# ============================================================================
[tool.coverage.run]
source = ["app"]
omit = [
    "*/tests/*",
    "*/__pycache__/*",
    "*/alembic/versions/*",
    "*/.venv/*",
    "app/init_db.py",  # CLI script for database initialization
]
branch = true

[tool.coverage.report]
precision = 2
exclude_lines = [
    "pragma: no cover",
    "def __repr__",
    "raise AssertionError",
    "raise NotImplementedError",
    "if __name__ == .__main__.:",
    "if TYPE_CHECKING:",
    "@abstractmethod",
]