Problem
Even with CI gates configured, contributors (human and LLM) routinely push commits that break the gates. Pre-commit catches the violation locally before the push, saving CI minutes and review cycles.
Proposed solution
Port .pre-commit-config.yaml from Teller verbatim: ruff (lint+format auto-fix), generic hooks (YAML/TOML/JSON parse, merge conflicts, large files >500 KB, whitespace, EOF, LF), gitleaks (secret scan), commitizen (commit-msg stage), and a local mypy hook running uv run --frozen mypy --strict.
Acceptance criteria
Priority rationale
Critical: secrets leaked once cannot be unleaked. Pre-commit gitleaks is the cheapest first line of defence.
Depends on
#2
Problem
Even with CI gates configured, contributors (human and LLM) routinely push commits that break the gates. Pre-commit catches the violation locally before the push, saving CI minutes and review cycles.
Proposed solution
Port
.pre-commit-config.yamlfrom Teller verbatim: ruff (lint+format auto-fix), generic hooks (YAML/TOML/JSON parse, merge conflicts, large files >500 KB, whitespace, EOF, LF), gitleaks (secret scan), commitizen (commit-msg stage), and a local mypy hook runninguv run --frozen mypy --strict.Acceptance criteria
pre-commit installwires commit-msg + pre-commit hooks.pre-commit run --all-filesexits 0 on the empty scaffold.wip:(not in the 7-prefix schema).docs/DEVELOPMENT.md(ticket docs: HARNESS, INVARIANTS, BOUNDARIES, DEVELOPMENT, EVAL_HARNESS, SECURITY, ARCHITECTURE skeletons #25) — note dependency.Priority rationale
Critical: secrets leaked once cannot be unleaked. Pre-commit gitleaks is the cheapest first line of defence.
Depends on
#2