initial commit

Author: rcholic

.github/workflows/tests.yml

@@ -0,0 +1,53 @@
+name: tests
+
+on:
+  pull_request:
+  push:
+    branches: ["main"]
+  workflow_dispatch:
+
+jobs:
+  pytest:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.11", "3.12"]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install -e ".[dev]"
+
+      - name: Run tests
+        run: python -m pytest -q
+
+      - name: Run security checks
+        run: |
+          python -m bandit -q -r src/predicate_secure/
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install pre-commit
+        run: python -m pip install pre-commit
+
+      - name: Run pre-commit
+        run: pre-commit run --all-files

.gitignore

@@ -0,0 +1,57 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Virtual environments
+venv/
+env/
+ENV/
+.venv
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# Testing and tooling caches
+.pytest_cache/
+.coverage
+htmlcov/
+.tox/
+.mypy_cache/
+.ruff_cache/
+.pre-commit-cache/
+
+# Environment
+.env
+.env.local
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Runtime traces and artifacts
+traces/
+artifacts/
+tmp/
+temp/

.markdownlint.yaml

@@ -0,0 +1,5 @@
+default: false
+
+# Keep this lightweight and non-disruptive for design-heavy docs.
+# Enable only the most universal, low-noise rule.
+MD010: true

.pre-commit-config.yaml

@@ -0,0 +1,107 @@
+# Pre-commit hooks for predicate-secure repository
+
+repos:
+  # General file checks
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-json
+      - id: check-added-large-files
+        args: ["--maxkb=1000"]
+      - id: check-merge-conflict
+      - id: check-case-conflict
+      - id: detect-private-key
+      - id: debug-statements
+      - id: mixed-line-ending
+        args: ["--fix=lf"]
+
+  # Python code formatting with Black
+  - repo: https://github.com/psf/black
+    rev: 24.2.0
+    hooks:
+      - id: black
+        language_version: python3.11
+        args: ["--line-length=100"]
+        exclude: ^(venv/|\.venv/|build/|dist/)
+
+  # Import sorting with isort (compatible with Black)
+  - repo: https://github.com/pycqa/isort
+    rev: 5.13.2
+    hooks:
+      - id: isort
+        args: ["--profile=black", "--line-length=100"]
+        exclude: ^(venv/|\.venv/|build/|dist/)
+
+  # Flake8 for style guide enforcement
+  - repo: https://github.com/pycqa/flake8
+    rev: 7.0.0
+    hooks:
+      - id: flake8
+        args:
+          - "--max-line-length=100"
+          - "--extend-ignore=E203,W503,E501"  # Black compatibility
+          - "--exclude=venv,build,dist,.eggs,*.egg"
+          - "--max-complexity=15"
+        exclude: ^(venv/|\.venv/|build/|dist/)
+
+  # Type checking with mypy
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: v1.8.0
+    hooks:
+      - id: mypy
+        additional_dependencies:
+          - pydantic>=2.0
+          - types-requests
+        args:
+          - "--ignore-missing-imports"
+          - "--no-strict-optional"
+          - "--warn-unused-ignores"
+        exclude: ^(tests/|examples/|venv/|\.venv/|build/|dist/)
+
+  # Security checks
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.7
+    hooks:
+      - id: bandit
+        args: ["-c", "pyproject.toml"]
+        additional_dependencies: ["bandit[toml]"]
+        exclude: ^(tests/|venv/|\.venv/)
+
+  # Check for common Python anti-patterns
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v3.15.0
+    hooks:
+      - id: pyupgrade
+        args: ["--py311-plus"]
+        exclude: ^(venv/|\.venv/|build/|dist/)
+
+  # Markdown linting for docs-heavy workflows
+  - repo: https://github.com/DavidAnson/markdownlint-cli2
+    rev: v0.14.0
+    hooks:
+      - id: markdownlint-cli2
+        args: ["--config", ".markdownlint.yaml"]
+        files: \.md$
+
+default_language_version:
+  python: python3.11
+
+fail_fast: false
+
+exclude: |
+  (?x)^(
+      venv/.*|
+      \.venv/.*|
+      build/.*|
+      dist/.*|
+      \.eggs/.*|
+      .*\.egg-info/.*|
+      __pycache__/.*|
+      \.pytest_cache/.*|
+      \.mypy_cache/.*|
+      \.ruff_cache/.*|
+      \.pre-commit-cache/.*
+  )$

LICENSE

@@ -0,0 +1,24 @@
+# License
+
+This project is dual-licensed under your choice of either:
+
+* **MIT License** ([LICENSE-MIT](./LICENSE-MIT))
+* **Apache License 2.0** ([LICENSE-APACHE](./LICENSE-APACHE))
+
+## Choosing a License
+
+You may use this software under the terms of either license, at your option.
+
+### MIT License
+The MIT License is a permissive license that is short and to the point. It lets people do almost anything they want with your project, like making and distributing closed source versions.
+
+### Apache License 2.0
+The Apache License 2.0 is also a permissive license, similar to MIT, but it also provides an express grant of patent rights from contributors to users.
+
+## Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this project by you shall be dual-licensed as above, without any additional terms or conditions.
+
+---
+
+Copyright (c) 2026 Predicate Systems Contributors