Skip to content

Config convention: env only via pydantic-settings, secrets as SecretStr — os.environ banned by lint#41

Merged
fazpu merged 1 commit into
mainfrom
impl/env-via-pydantic-settings
Jul 9, 2026
Merged

Config convention: env only via pydantic-settings, secrets as SecretStr — os.environ banned by lint#41
fazpu merged 1 commit into
mainfrom
impl/env-via-pydantic-settings

Conversation

@fazpu

@fazpu fazpu commented Jul 9, 2026

Copy link
Copy Markdown
Member

What

Makes the configuration rule binding and mechanically enforced, per the author's direction:

  • requirements_v3.md §Code — all configuration enters through pydantic-settings (BaseSettings): env vars are read in exactly one place as typed, validated settings. Secrets are SecretStr/SecretBytes (can't leak into logs/reprs/tracebacks), unwrapped via .get_secret_value() only at the call site that needs them.
  • ruff TID251 banned-apios.environ, os.getenv, os.putenv are lint errors with messages pointing at the requirement. Verified: a deliberate violation fails ruff check with the custom message; the suite is green without it. An exception needs a per-line # noqa: TID251 with a reason (relax-with-receipts).

Notes: tests still use pytest's monkeypatch.setenv (not banned — it's the test API, not ad-hoc env reading). The pydantic-settings dependency itself lands with the first real Settings class (nothing to configure yet).

🤖 Generated with Claude Code

…r; os.environ banned by lint

- requirements_v3 §Code: configuration enters only through pydantic-settings
  (BaseSettings), typed and validated in one place; direct os.environ/os.getenv
  is banned; secrets are SecretStr/SecretBytes, unwrapped only at the call site
- pyproject: enforce mechanically via ruff TID251 banned-api (os.environ,
  os.getenv, os.putenv) with messages pointing at requirements §Code; verified
  the rule fires on a deliberate violation

Tests still set env via pytest monkeypatch.setenv (not banned).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

Coverage report

This PR does not seem to contain any modification to coverable code.

@fazpu fazpu merged commit ec5ce3a into main Jul 9, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant