Add ScienceIsNeato/slop-mop to the python hooks list#1086
Closed
ScienceIsNeato wants to merge 1 commit into
Closed
Add ScienceIsNeato/slop-mop to the python hooks list#1086ScienceIsNeato wants to merge 1 commit into
ScienceIsNeato wants to merge 1 commit into
Conversation
ScienceIsNeato
added a commit
to ScienceIsNeato/slop-mop
that referenced
this pull request
Jun 12, 2026
PR pre-commit/pre-commit.com#1086 was closed by the maintainer without comment — the hooks page is a hand-picked list of already-popular tools. The channel survives: hooks work via the repo URL; discovery shifts to our own surfaces. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ScienceIsNeato
added a commit
to ScienceIsNeato/slop-mop
that referenced
this pull request
Jun 12, 2026
…s baseline (#277) * fix: pin actions to SHAs, enable PyPI attestations, fix detect-secrets baseline (#271, #269, #253) CI hardening (#271): - All workflow `uses:` pinned to full commit SHAs with version comments (checkout v5.0.1, setup-python v6.2.0, setup-node v6.4.0, upload-artifact v4.6.2, codecov v5.5.5, codeql upload-sarif v4.36.2, pypi-publish v1.14.0 — replacing the moving release/v1 branch ref) Release provenance (#269): - publish-pypi sets attestations: true explicitly (PEP 740); Trusted Publishing prerequisites (environment: pypi, id-token: write) were already wired, so the next release carries verifiable provenance detect-secrets baseline fix (barnacle #253): - Removed the --baseline config-replay: the throwaway baseline carrying plugins_used/filters_used dropped detect-secrets' default heuristic filters (~4x finding inflation) and its results never matched the allowlist, so a valid committed baseline suppressed nothing - Scan now always runs plain (default config — same as `detect-secrets scan > .secrets.baseline`), so (path, hashed_secret) pairs line up with the committed baseline, loaded read-only as the allowlist - The baseline file itself is excluded from the walk and the report: its recorded sha1 hashes trip high-entropy detectors on every scan - Deleted _create_plugin_config_baseline/_load_tmp_baseline_report/ _parse_detect_secrets_report and their tests; added regression tests for never-replay, baseline-self-exclusion, and walk pruning - Fixed env-dependent test_run_with_detect_secrets_failure (mocked futures misaligned when bandit/semgrep not importable locally) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * style: apply black formatting to new detect-secrets tests Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: record pre-commit.com directory submission outcome PR pre-commit/pre-commit.com#1086 was closed by the maintainer without comment — the hooks page is a hand-picked list of already-popular tools. The channel survives: hooks work via the repo URL; discovery shifts to our own surfaces. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: record pre-commit GitHub topics in distribution log Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: address PR #277 review — persist-credentials, stdout-only parsing - workflows: persist-credentials: false on all 9 checkout steps across release.yml, slopmop.yml, slopmop-sarif.yml (zizmor artipacked). Safe: the only git push in any workflow authenticates via an explicit RELEASE_PR_TOKEN remote-URL rewrite, never persisted credentials - detect-secrets: parse the report from result.stdout only — stderr noise in the combined stream could corrupt parsing. And a successful scan with unparseable stdout now fails closed instead of passing open, so a corrupt report can't silently hide real secrets - tests: mocks set stdout alongside output; json-error test now asserts fail-closed; new stdout-vs-combined-output regression test Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * style: black formatting on detect-secrets test mocks Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds slop-mop — quality gates aimed at AI-assisted codebases — to the "for python projects" section.
The repo exports a
.pre-commit-hooks.yamlwith two hooks (slopmop-swabat the pre-commit stage,slopmop-scourat pre-push), released as of v2.4.0. The package is pip-installable (language: python), verified end-to-end withpre-commit try-repo, and the manifest passespre-commit validate-manifest.Happy to adjust the wording or placement if you'd prefer it elsewhere.