Phase 3: Coordinator Code Quality (Ruff, Mypy, Pip) #365

New Issue

jason.woltje · 2026-02-12T18:33:53Z

jason.woltje commented

2026-02-12 18:33:53 +00:00

Findings

Ruff Check (20 errors, 9 auto-fixable)

UP035: Import Callable from collections.abc (1)
UP042: Use StrEnum instead of str+Enum (5)
E501: Line too long (5)
F401: Unused imports (4)
UP045: Use X | None instead of Optional (1)
I001: Import block unsorted (2)
F401: Unused imports in tests (2)

Mypy (1 error)

src/main.py:144: Incompatible type for add_exception_handler

Pip Audit (2 CVEs)

pip 24.0 → CVE-2025-8869, CVE-2026-1703 (fix: upgrade to pip >= 25.3)

Bandit (1 Medium)

B104: Hardcoded 0.0.0.0 bind address (acceptable for container, document)

Acceptance Criteria

All ruff check errors fixed
Mypy passes cleanly
pip upgraded in Dockerfile
Bandit medium finding documented/addressed

## Findings ### Ruff Check (20 errors, 9 auto-fixable) - UP035: Import Callable from collections.abc (1) - UP042: Use StrEnum instead of str+Enum (5) - E501: Line too long (5) - F401: Unused imports (4) - UP045: Use X | None instead of Optional (1) - I001: Import block unsorted (2) - F401: Unused imports in tests (2) ### Mypy (1 error) - src/main.py:144: Incompatible type for add_exception_handler ### Pip Audit (2 CVEs) - pip 24.0 → CVE-2025-8869, CVE-2026-1703 (fix: upgrade to pip >= 25.3) ### Bandit (1 Medium) - B104: Hardcoded 0.0.0.0 bind address (acceptable for container, document) ## Acceptance Criteria - [ ] All ruff check errors fixed - [ ] Mypy passes cleanly - [ ] pip upgraded in Dockerfile - [ ] Bandit medium finding documented/addressed

jason.woltje added this to the M11-CIPipeline (0.0.11) milestone 2026-02-12 18:33:53 +00:00

jason.woltje closed this issue

2026-02-12 18:47:44 +00:00

jason.woltje referenced this issue from a commit

2026-02-12 18:47:51 +00:00

fix(#365): fix ruff, mypy, pip, and bandit issues in coordinator

jason.woltje referenced this issue from a commit

2026-02-12 22:06:04 +00:00

fix(#365): fix coordinator CI bandit config and pip upgrade

jason.woltje referenced this issue from a commit

2026-02-12 23:26:00 +00:00

fix(ci): fix pipeline #365 — web build-shared + orchestrator secret scan

Sign in to join this conversation.

Branches Tags

main

fix/ci-glibc-image

fix/dockerfile-npmrc

fix/matrix-native-binary

fix/kaniko-cache

fix/base-image-kaniko-v2

fix/base-image-kaniko

feat/custom-base-image

ci/pnpm-cache

fix/interceptor-tests

fix/kanban-tests

feat/wire-chat

feat/usage-widget

fix/security-hardening

fix/project-domain-v2

feat/kanban-add-task

fix/project-domain-attach

fix/logs-page-clean

fix/workspace-members

fix/ci-lint-632

fix/file-manager-tags

fix/csrf-debug-log

fix/controller-type-imports

fix/system-admin-env

fix/gateway-cors-trusted-origins

feat/project-detail-page

fix/fleet-provider-form-dto-v2

fix/ms22-audit

fix/orchestrator-widgets

fix/fleet-provider-form-dto

fix/csrf-bearer-bypass

fix/ms22-missing-authmodule-imports

fix/container-lifecycle-config-module

fix/swarm-compose-ms22-vars

chore/ms22-p1-complete

feat/ms22-p1h-settings-ui

feat/ms22-p1f-onboarding-ui

feat/ms22-p1i-chat-proxy

feat/ms22-p1k-idle-reaper

feat/ms22-p1j-docker

feat/ms22-p1e-onboarding-api

feat/ms22-p1g-settings-api

feat/ms22-p1d-container-mgr

feat/ms22-p1c-config-api

chore/ms22-prd-tracking

feat/ms22-p1a-schema

feat/ms22-p1b-crypto

chore/ms22-p1-tasks

docs/ms22-architecture

feat/ms22-openclaw-docker

feat/ms22-openclaw-gateway-module

chore/ms21-complete

chore/ms21-final-tasks-done

fix/ms21-ui-001-qa

test/ms21-ui-tests

chore/ms21-tasks-sync

chore/ms22-phase0-complete

feat/ms22-ingest-clean

feat/ms21-ui-users-members

feat/ms22-task-agent

chore/tasks-final

chore/tasks-update

feat/ms21-session-invalidation

feat/ms21-rbac-settings

feat/ms21-teams-page

feat/ms21-users-page

feat/ms19-terminal-persistence

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: mosaic/stack#365