fix(#365): fix ruff, mypy, pip, and bandit issues in coordinator

- Fix 20 ruff errors: UP035 (Callable import), UP042 (StrEnum), E501 (line length), F401 (unused imports), UP045 (Optional -> X | None), I001 (import sorting) - Fix mypy error: wrap slowapi rate limit handler with Exception-compatible signature for add_exception_handler - Pin pip >= 25.3 in Dockerfile (CVE-2025-8869, CVE-2026-1703) - Add nosec B104 to config.py (container-bound 0.0.0.0 is acceptable) - Add nosec B101 to telemetry.py (assert for type narrowing) - Create bandit.yaml to suppress B404/B607/B603 in gates/ tooling Fixes #365 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-12 12:46:25 -06:00
parent a534f70abd
commit 432dbd4d83
14 changed files with 74 additions and 26 deletions
--- a/apps/coordinator/tests/test_telemetry.py
+++ b/apps/coordinator/tests/test_telemetry.py
@@ -1,7 +1,9 @@
 """Tests for OpenTelemetry telemetry initialization."""

+from unittest.mock import MagicMock, patch
+
 import pytest
-from unittest.mock import MagicMock, patch, ANY
+
 from src.telemetry import TelemetryService, get_tracer


@@ -171,7 +173,10 @@ class TestGetTracer:
        self, mock_set_provider: MagicMock, mock_get_tracer_func: MagicMock, reset_telemetry
    ) -> None:
        """Test that get_tracer uses the correct service name."""
-        with patch.dict("os.environ", {"OTEL_SERVICE_NAME": "test-service", "OTEL_ENABLED": "true"}):
+        with patch.dict(
+            "os.environ",
+            {"OTEL_SERVICE_NAME": "test-service", "OTEL_ENABLED": "true"},
+        ):
            # Reset global state
            import src.telemetry
            src.telemetry._telemetry_service = None
--- a/apps/coordinator/tests/test_tracing_decorators.py
+++ b/apps/coordinator/tests/test_tracing_decorators.py
@@ -1,8 +1,10 @@
 """Tests for tracing decorators."""

+from unittest.mock import MagicMock, patch
+
 import pytest
-from unittest.mock import MagicMock, patch, AsyncMock
 from opentelemetry.trace import SpanKind
+
 from src.tracing_decorators import trace_agent_operation, trace_tool_execution


@@ -130,7 +132,9 @@ class TestTraceToolExecution:
            result = await test_func(param="value")

            assert result == "result-value"
-            mock_tracer.start_as_current_span.assert_called_once_with("tool.test_tool", kind=SpanKind.CLIENT)
+            mock_tracer.start_as_current_span.assert_called_once_with(
+                "tool.test_tool", kind=SpanKind.CLIENT
+            )
            mock_span.set_attribute.assert_any_call("tool.name", "test_tool")

    @pytest.mark.asyncio