-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathpyproject.toml
More file actions
148 lines (135 loc) · 4.14 KB
/
pyproject.toml
File metadata and controls
148 lines (135 loc) · 4.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
[build-system]
requires = ["setuptools>=68"]
build-backend = "setuptools.build_meta"
[project]
name = "rot"
version = "1.1.0"
description = "Reddit Options Trader -- real-time Reddit signal intelligence platform for options trade ideas"
readme = "README.md"
license = { text = "MIT" }
authors = [{ name = "ROT Contributors" }]
keywords = ["options", "trading", "reddit", "nlp", "signals", "finance"]
classifiers = [
"Development Status :: 5 - Production/Stable",
"Intended Audience :: Financial and Insurance Industry",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.10",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
"Topic :: Office/Business :: Financial :: Investment",
"Typing :: Typed",
]
requires-python = ">=3.10"
# ============================================================
# SECURITY-CRITICAL DEPENDENCIES — PINNED TO EXACT VERSIONS
# Do not update without reviewing changelogs and running full
# test suite. Dependabot will flag updates for review.
# Last audited: 2026-02-15 via `pip freeze`.
# ============================================================
dependencies = [
# -- Security-critical (exact pin) --
"fastapi==0.128.5",
"starlette==0.52.1",
"pydantic==2.12.5",
"pydantic-settings==2.12.0",
"aiosqlite==0.22.1",
"python-jose[cryptography]==3.5.0",
"cryptography==46.0.5",
"bcrypt==5.0.0",
"uvicorn[standard]==0.40.0",
"jinja2==3.1.6",
"httpx==0.28.1",
"mcp[cli]>=1.0",
# -- Application (loose) --
"praw==7.8.1",
"yfinance",
"feedparser>=6.0",
"openai>=1.0",
"anthropic>=0.20",
"python-multipart>=0.0.6",
"stripe==7.13.0",
"scikit-learn>=1.3",
"numpy>=1.24",
# -- Defense-in-depth (new) --
"nh3>=0.2.14",
]
[project.optional-dependencies]
dev = [
"pytest>=8.0",
"pytest-asyncio>=0.23",
"pytest-cov>=4.1",
"pytest-xdist>=3.5",
"ruff>=0.2",
"mypy>=1.8",
"bandit[toml]>=1.7",
"pip-audit>=2.7",
]
[tool.setuptools]
package-dir = {"" = "src"}
[tool.setuptools.packages.find]
where = ["src"]
[tool.setuptools.package-data]
"rot.web" = ["templates/**/*.html", "static/**/*"]
[tool.pytest.ini_options]
testpaths = ["tests"]
asyncio_mode = "auto"
addopts = [
"-q",
"--tb=short",
]
filterwarnings = [
"ignore::DeprecationWarning",
"ignore::PendingDeprecationWarning",
]
[tool.ruff]
target-version = "py310"
line-length = 100
[tool.ruff.lint]
select = ["E", "F", "W", "I", "UP", "B", "C4", "SIM"]
ignore = [
"E501", # line too long (handled by formatter)
"B008", # do not perform function calls in default arguments (FastAPI pattern)
"SIM108", # ternary operator (readability preference)
]
[tool.ruff.lint.per-file-ignores]
"tests/*" = ["B", "SIM"] # test files have different conventions
[tool.mypy]
python_version = "3.10"
ignore_missing_imports = true
warn_unused_ignores = true
warn_return_any = false
no_implicit_optional = true
strict_optional = true
# Gradually tighten: modules below are fully annotated
[[tool.mypy.overrides]]
module = [
"rot.core.*",
"rot.app.*",
"rot.backtest.*",
"rot.market.*",
"rot.credibility.*",
]
disallow_untyped_defs = true
disallow_incomplete_defs = true
# Silence pre-existing errors in modules not yet fully annotated
[[tool.mypy.overrides]]
module = [
"rot.app.server",
"rot.app.controlled_runner",
"rot.app.main",
"rot.app.loop",
]
ignore_errors = true
[tool.bandit]
exclude_dirs = ["tests", "scripts"]
skips = [
"B101", # assert used (fine in tests and internal validation)
"B104", # possible binding to all interfaces (intentional for Docker)
"B311", # random module — ROT uses it only for synthetic test data, not secrets
]
severity = "medium"
confidence = "medium"
[project.urls]
Homepage = "https://github.com/Mattbusel/Reddit-Options-Trader-ROT-"
Repository = "https://github.com/Mattbusel/Reddit-Options-Trader-ROT-"
"Bug Tracker" = "https://github.com/Mattbusel/Reddit-Options-Trader-ROT-/issues"