🐍 TaipanStack

The Modern Python Foundation

Launch secure, high-performance Python applications in seconds.

Features • Quick Start • Architecture • DevSecOps • API • Contributing

✨ Why TaipanStack?

"Write less, build better."

TaipanStack is a battle-tested foundation for production-grade Python projects that combines security, performance, and developer experience into a single, cohesive toolkit.

🛡️ Security First Path traversal protection Command injection guards Input sanitizers & validators Secret detection integration SBOM + SLSA supply-chain attestation	⚡ High Performance `uvloop` async event loop `orjson` fast JSON serialization `Pydantic v2` validation Performance benchmarks with regression detection
🎯 Rust-Style Error Handling `Ok`/`Err` Result types Explicit error propagation Pattern matching support No silent failures	🔧 Developer Experience Pre-configured quality tools 100% code coverage (1006 tests) Architecture enforcement Hardened Docker template

🚀 Quick Start

Prerequisites

Python 3.11+ (supports 3.11, 3.12, 3.13, 3.14)
Poetry (install guide)

Installation

From PyPI

pip install taipanstack

From Source

# Clone the repository
git clone https://github.com/gabrielima7/TaipanStack.git
cd TaipanStack

# Install dependencies
poetry install --with dev

# Run quality checks
make all

Verify Installation

# Run tests with 100% coverage (1006 tests)
make test

# Check architecture contracts
make lint-imports

# Run security scans
make security

# Run property-based fuzzing
make property-test

# Run performance benchmarks
make benchmark

📐 Architecture

TaipanStack follows a clean, layered architecture with strict dependency rules enforced by Import Linter.

                    ┌─────────────────────────────────────┐
                    │             Application             │
                    │          (src/app/main.py)          │
                    └─────────────────┬───────────────────┘
                                      │
          ┌───────────────────────────┼───────────────────────────┐
          ▼                           ▼                           ▼
┌─────────────────┐       ┌─────────────────┐       ┌─────────────────┐
│    Security     │       │     Config      │       │     Utils       │
│ guards, saniti- │       │    models,      │       │  logging, retry │
│ zers, validators│       │   generators    │       │ metrics, fs     │
└────────┬────────┘       └────────┬────────┘       └────────┬────────┘
         │                         │                         │
         └─────────────────────────┼─────────────────────────┘
                                   ▼
                    ┌─────────────────────────────────────┐
                    │              Core                   │
                    │    Result types, base patterns      │
                    └─────────────────────────────────────┘

Project Structure

TaipanStack/
├── src/
│   ├── app/              # Application entry point
│   └── taipanstack/
│       ├── core/         # 🎯 Result types, functional patterns
│       ├── config/       # ⚙️ Configuration models & generators
│       ├── security/     # 🛡️ Guards, sanitizers, validators
│       └── utils/        # 🔧 Logging, metrics, retry, filesystem
├── tests/                # ✅ 1006 tests, 100% coverage
├── .semgrep/             # 🔍 Custom SAST rules
├── .github/              # 🔄 CI/CD + SBOM/SLSA workflows
├── Dockerfile            # 🐳 Hardened multi-stage container
└── pyproject.toml        # 📋 Modern dependency management

🔐 DevSecOps

TaipanStack integrates security and quality at every level:

Category	Tools	Purpose
SAST	Bandit, Semgrep + custom rules	Static Application Security Testing
SCA	Safety, pip-audit	Dependency vulnerability scanning
SBOM	Syft (CycloneDX)	Software Bill of Materials
SLSA	Cosign (Sigstore)	Artifact signing & attestation
Types	Mypy (strict)	Compile-time type checking
Lint	Ruff	Lightning-fast linting & formatting
Arch	Import Linter	Dependency rule enforcement
Test	Pytest, Hypothesis, mutmut	Property-based & mutation testing
Perf	pytest-benchmark	Performance regression detection
Containers	Docker (Alpine, rootless)	Hardened-by-default images

CI Pipeline

# Runs on every push/PR
✓ Test Matrix     → Python 3.11-3.14 × (Ubuntu, macOS, Windows)
✓ Linux Distros   → Ubuntu, Debian, Fedora, openSUSE, Arch, Alpine
✓ Code Quality    → Ruff check & format
✓ Type Check      → Mypy strict mode
✓ Security        → Bandit + Semgrep (custom rules)
✓ Architecture    → Import Linter contracts
✓ Benchmarks      → Performance regression (>5% = fail)
✓ SBOM + SLSA     → Supply-chain attestation on release

📚 API Highlights

Result Types (Rust-Style Error Handling)

from taipanstack.core.result import Result, Ok, Err, safe

@safe
def divide(a: int, b: int) -> float:
    return a / b

# Explicit error handling with pattern matching
match divide(10, 0):
    case Ok(value):
        print(f"Result: {value}")
    case Err(error):
        print(f"Error: {error}")

Security Guards

from taipanstack.security.guards import guard_path_traversal, guard_command_injection

# Prevent path traversal attacks
safe_path = guard_path_traversal(user_input, base_dir="/app/data")

# Prevent command injection
safe_cmd = guard_command_injection(
    ["git", "clone", repo_url],
    allowed_commands=["git"]
)

Retry with Exponential Backoff

from taipanstack.utils.retry import retry

@retry(max_attempts=3, on=(ConnectionError, TimeoutError))
async def fetch_data(url: str) -> dict:
    return await http_client.get(url)

Circuit Breaker

from taipanstack.utils.circuit_breaker import circuit_breaker

@circuit_breaker(failure_threshold=5, timeout=30)
def call_external_service() -> Response:
    return service.call()

🔗 Combining Result + Circuit Breaker

from taipanstack.core.result import safe, Ok, Err
from taipanstack.utils.circuit_breaker import CircuitBreaker

breaker = CircuitBreaker(failure_threshold=3, timeout=60, name="payments")

@breaker
@safe
def charge_customer(customer_id: str, amount: float) -> dict:
    return payment_gateway.charge(customer_id, amount)

# Both circuit protection AND explicit error handling
result = charge_customer("cust_123", 49.99)
match result:
    case Ok(receipt):
        print(f"Payment successful: {receipt}")
    case Err(error):
        print(f"Payment failed safely: {error}")

🔗 Combining Result + Retry with Monitoring

from taipanstack.core.result import safe, unwrap_or
from taipanstack.utils.retry import retry

@retry(
    max_attempts=3,
    on=(ConnectionError, TimeoutError),
    on_retry=lambda attempt, max_a, exc, delay: print(
        f"⚠️  Attempt {attempt}/{max_a} failed, retrying in {delay:.1f}s..."
    ),
)
@safe
def fetch_user_profile(user_id: str) -> dict:
    return api_client.get(f"/users/{user_id}")

# Retry handles transient failures, Result handles business errors
profile = unwrap_or(fetch_user_profile("usr_456"), {"name": "Unknown"})

Intelligent Caching

from taipanstack.utils.cache import cached
from taipanstack.core.result import Result

@cached(ttl=60)
async def get_user_data(user_id: int) -> Result[dict, Exception]:
    return await db.fetch(user_id) # Only Ok() results are cached

Fallbacks & Timeouts

from taipanstack.utils.resilience import fallback, timeout
from taipanstack.core.result import Result

@fallback(fallback_value={"status": "offline"}, exceptions=(TimeoutError,))
@timeout(seconds=5.0)
async def fetch_remote_status() -> Result[dict, Exception]:
    return await api.get_status()

🐳 Docker

# Build hardened image
docker build -t taipanstack:latest .

# Run (rootless, read-only)
docker run --rm --read-only taipanstack:latest

Security features: multi-stage build, Alpine base (<50MB), non-root appuser (UID 1000), healthcheck, no shell in runtime.

🛠️ Tech Stack

Runtime	Quality	DevSecOps
Pydantic v2 Orjson Uvloop Structlog Result	Ruff Mypy Bandit Pytest + Hypothesis mutmut pytest-benchmark	GitHub Actions Syft + Cosign (SBOM/SLSA) Dependabot Pre-commit Poetry Docker (Alpine, rootless)

🤝 Contributing

Contributions are welcome! Please check our Contributing Guide for details on:

🐛 Bug reports
✨ Feature requests
📝 Documentation improvements
🔧 Pull requests

📝 License

This project is open-sourced under the MIT License.

Made with ❤️ for the Python community

⬆ Back to Top

Name		Name	Last commit message	Last commit date
Latest commit History 446 Commits
.github		.github
.jules		.jules
.semgrep		.semgrep
.vscode		.vscode
docs		docs
pyapp		pyapp
src		src
tests		tests
.dockerignore		.dockerignore
.editorconfig		.editorconfig
.env.example		.env.example
.gitignore		.gitignore
.importlinter		.importlinter
.pre-commit-config.yaml		.pre-commit-config.yaml
.secrets.baseline		.secrets.baseline
CHANGELOG.md		CHANGELOG.md
CONTRIBUTING.md		CONTRIBUTING.md
Dockerfile		Dockerfile
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
SECURITY.md		SECURITY.md
mkdocs.yml		mkdocs.yml
patch.diff		patch.diff
poetry.lock		poetry.lock
pyproject.toml		pyproject.toml
taipanstack_bootstrapper.py		taipanstack_bootstrapper.py
test_coverage_check.py		test_coverage_check.py
test_fuzz_url2.py		test_fuzz_url2.py

Folders and files

Latest commit

History

Repository files navigation

🐍 TaipanStack

The Modern Python Foundation

✨ Why TaipanStack?

🛡️ Security First

⚡ High Performance

🎯 Rust-Style Error Handling

🔧 Developer Experience

🚀 Quick Start

Prerequisites

Installation

From PyPI

From Source

Verify Installation

📐 Architecture

Project Structure

🔐 DevSecOps

CI Pipeline

📚 API Highlights

Result Types (Rust-Style Error Handling)

Security Guards

Retry with Exponential Backoff

Circuit Breaker

🔗 Combining Result + Circuit Breaker

🔗 Combining Result + Retry with Monitoring

Intelligent Caching

Fallbacks & Timeouts

🐳 Docker

🛠️ Tech Stack

🤝 Contributing

📝 License

About

Topics

Resources

License

Contributing

Security policy

Uh oh!

Stars

Watchers

Forks

Releases 23

Uh oh!

Contributors

Uh oh!

Languages