feat(hawk-sdk-python): production hardening#1
Merged
Conversation
- Added ruff linter config (E, F, W, I, N, UP, B, A, SIM, TCH, RUF rules) - Added mypy strict type checking config - Added Makefile with standard targets (test, lint, format, typecheck) - Bumped version to 0.2.0 - Added pytest strict markers and short traceback config
…nt, full OSS bootstrap
The prior hardening commit bumped pyproject.toml to 0.2.0 but missed
`src/hawk/_version.py`, which still reported 0.1.0. This commit fixes
that inconsistency and lands the OSS standard files that were missing.
Version surface (fixed + added):
- src/hawk/_version.py — `__version__ = "0.2.0"` (was 0.1.0).
pyproject.toml was already 0.2.0.
- src/hawk/client.py — both `HawkClient._build_headers` and
`AsyncHawkClient._build_headers` now set
`User-Agent: hawk-sdk-python/<__version__>`. httpx merges
client-default headers with per-request overrides, so this also
covers the streaming endpoint without changing the per-request
`headers={"Accept": "text/event-stream"}` override.
New OSS files (this is the first PR to add them):
- CHANGELOG.md — Keep-a-Changelog format with [Unreleased] capturing
this PR + a backfilled [0.1.0] entry for the initial SDK and prior
hardening pass.
- CONTRIBUTING.md — quick start with venv + editable install, branch
flow (this repo branches from main), conventional commits, code
standards (mypy --strict, ruff, async-first, Pydantic v2,
User-Agent rule), testing with respx, and the
bump-both-version-files procedure.
- SECURITY.md — vulnerability reporting via GitHub Security
Advisories, in-scope examples (token leakage, TLS misuse, Pydantic
deserialization issues, redirect host escape), out-of-scope
pointers (daemon issues to hawk repo, third-party-package issues
upstream).
- CODE_OF_CONDUCT.md — Contributor Covenant 2.1.
- .gitattributes — LF normalization, binary detection, linguist
hints to collapse lock files.
- .editorconfig — UTF-8, LF, 4-space indent for Python (PEP 8),
2-space for YAML/JSON/TOML, no-trim for Markdown.
- .github/workflows/ci.yml — pytest matrix on Python 3.9 / 3.10 /
3.11 / 3.12 / 3.13, ruff (lint + format check), mypy --strict,
build sdist + wheel + twine check.
- .github/dependabot.yml — weekly pip + github-actions, pip
grouped by pydantic and pytest to reduce PR noise.
- .github/PULL_REQUEST_TEMPLATE.md — Summary / Changes / API impact
(with bump-both-files reminder) / Daemon compatibility / Async
compatibility (sync + async kept in lock-step) / Testing /
Checklist (incl. User-Agent rule).
- .github/ISSUE_TEMPLATE/bug_report.yml — surface dropdown
(HawkClient / AsyncHawkClient / streaming / retry / tools /
agent / workflow / typed errors / build), required SDK + daemon
+ Python versions, package-versions textarea.
- .github/ISSUE_TEMPLATE/feature_request.yml — kind selector
covering 9 areas (client method / streaming / retry / errors /
tools / agent-workflow / pydantic / config / tooling) and
solo-dev fit checks (incl. 'sync and async kept in lock-step',
'does not break wire-compatibility with existing daemon
versions').
- .github/ISSUE_TEMPLATE/config.yml — routes security to
advisories, questions to discussions, blocks blank issues.
- .gitignore — expanded from 6 lines to cover the broader Python
toolchain (venv dirs, .mypy_cache, .ruff_cache, .pytest_cache,
.tox, .nox, htmlcov, coverage.xml, .env).
Verification:
- `pytest` — 65/65 pass (1 pre-existing cosmetic warning in
test_workflow.py about an unawaited coroutine in a mock; not
introduced by this PR)
- `hawk.__version__` returns "0.2.0"
- `HawkClient._build_headers()` returns
{'Accept': 'application/json', 'User-Agent': 'hawk-sdk-python/0.2.0'}
- VERSION file as single source of truth - CODEOWNERS for auto-review routing - Canonical Makefile with standard targets - release-please config + workflow - lefthook/pre-commit hooks (conventional commits, fmt, lint, secrets) - Canonical CI + release GitHub Actions workflows - Standardized .editorconfig, .gitattributes, CODE_OF_CONDUCT, SECURITY, CONTRIBUTING - goreleaser config (where applicable) Part of hawk-eco standardization sweep.
…cing, eval, discovery, memory Add 6 new modules inspired by agentscope-ai/agentscope: - toolkit: tool groups, middleware chain, async background execution - plan: plan-as-tools with contextual hints for autonomous steering - tracing: OTel decorator-based tracing (zero-cost when disabled) - evaluate: agent benchmarking framework with N-run aggregation - discovery: A2A agent discovery (file, HTTP well-known, composite) - memory_tools: voluntary record/retrieve/forget as agent tools
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Production-hardening pass for
hawk-sdk-pythonthat brings the repo totop-50 OSS standards. The branch contains two commits — a Python-toolchain
hardening pass and a
__version__fix + full-OSS-bootstrap pass — bothtargeting
main(this repo does not have adevbranch).The mandate (per
GOAL.md) is that this SDK be the reference PythonSDK for hawk daemon clients, comparable in quality to
openai-python,anthropic-sdk-python,langchain,llama-index,dspy,instructor,marvin,pydantic-ai,mirascope,magentic.This PR closes a real bug (the version surface was inconsistent —
pyproject.tomlreported0.2.0buthawk.__version__reported0.1.0) and adds theCHANGELOG,CONTRIBUTING,SECURITY,CODE_OF_CONDUCT,.gitattributes,.editorconfig, and full.github/that were missing.
Commits
feat(hawk-sdk-python): production hardening — ruff, mypy, version bumpfeat(hawk-sdk-python): align __version__ with pyproject, add User-Agent, full OSS bootstrapWhat's in commit 1 — Python-toolchain hardening
pyproject.toml: rule setsE,F,W,I,N,UP,B,A,SIM,TCH,RUF(withE501ignored in favour of the project's 100-col limit).
mypy --strictconfig inpyproject.tomlwithwarn_return_anyandwarn_unused_configs.Makefilewith standard targets (test,test-coverage,lint,format,typecheck,clean,help).pyproject.tomlto0.2.0(this PR completes the bump by alsoupdating
_version.py).What's in commit 2 — version fix + User-Agent + OSS bootstrap
Version 0.2.0 — fix the inconsistency
src/hawk/_version.py__version__ = "0.2.0"(was"0.1.0")pyproject.toml"0.2.0"(set by commit 1)After this PR,
hawk.__version__andpyproject.tomlagree on0.2.0.User-Agent
src/hawk/client.pyHawkClient._build_headersandAsyncHawkClient._build_headersboth setUser-Agent: hawk-sdk-python/<__version__>. httpx merges client-default headers with per-request overrides, so this also coverschat_stream(theheaders={"Accept": "text/event-stream"}override no longer drops the User-Agent).New OSS bootstrap (every one of these was missing)
CHANGELOG.md[Unreleased]for this PR + backfilled[0.1.0]entryCONTRIBUTING.mdrespx, bump-both-version-files procedureSECURITY.mdCODE_OF_CONDUCT.md.gitattributes.editorconfig.github/workflows/ci.yml.github/dependabot.ymlpydanticandpytestto reduce PR noise.github/PULL_REQUEST_TEMPLATE.md.github/ISSUE_TEMPLATE/bug_report.yml.github/ISSUE_TEMPLATE/feature_request.ymlkindselector covering 9 areas + solo-dev fit checks (incl. 'sync and async kept in lock-step', 'does not break wire-compatibility').github/ISSUE_TEMPLATE/config.yml.gitignore.mypy_cache,.ruff_cache,.pytest_cache,.tox,.nox,htmlcov,coverage.xml,.env)Verification
pytesthawk.__version__"0.2.0"HawkClient()._build_headers(){'Accept': 'application/json', 'User-Agent': 'hawk-sdk-python/0.2.0'}The pre-existing warning (
coroutine '_async_noop' was never awaitedintest_workflow.py::TestAsyncWorkflow::test_simple_pipeline) is from theprior commit's mock setup, not introduced by this PR. It's cosmetic —
tests still pass — and tracked as a follow-up.
Test plan
pytest(65/65 pass)python -c "from hawk import HawkClient, __version__; assert __version__ == '0.2.0'"3.13),
ruff check,ruff format --check,mypy --strict, andsdist + wheel build with twine validation