diff --git a/.gitea/scripts/sop-checklist.py b/.gitea/scripts/sop-checklist.py index 28573cf4a..90a185ebb 100644 --- a/.gitea/scripts/sop-checklist.py +++ b/.gitea/scripts/sop-checklist.py @@ -639,9 +639,7 @@ def load_config(path: str) -> dict[str, Any]: # yaml is an optional dep; the canonical loader is used when available, # but the SOP runs on runners that may not have PyYAML installed. The # fallback _load_config_minimal covers the same config shape without - # requiring the dep, so the ignore is safe: if yaml loads, we use it; - # otherwise we fall back silently. - import yaml # type: ignore[import-not-found] + import yaml # type: ignore[import-not-found] # optional dep; fall back silently if absent with open(path, encoding="utf-8") as f: return yaml.safe_load(f) except ImportError: diff --git a/scripts/ops/check_migration_collisions.py b/scripts/ops/check_migration_collisions.py index 302e980e7..3cb0b4b75 100755 --- a/scripts/ops/check_migration_collisions.py +++ b/scripts/ops/check_migration_collisions.py @@ -93,9 +93,7 @@ def _gitea_get(path: str, params: dict[str, str] | None = None) -> bytes | None: try: # S310 (信任boundary): this function IS the outbound HTTP client for # Gitea API calls. The call is intentional and controlled — we build - # the request ourselves and handle errors explicitly. Timeout=20s - # prevents indefinite hangs. - with urllib.request.urlopen(req, timeout=20) as resp: # noqa: S310 + with urllib.request.urlopen(req, timeout=20) as resp: # noqa: S310 # explicit timeout + error handling; bandit false positive return resp.read() except urllib.error.HTTPError as e: sys.stderr.write(f"Gitea API HTTP {e.code} on {path}: {e.reason}\n") diff --git a/scripts/wheel_smoke.py b/scripts/wheel_smoke.py index e32e4a774..86da0e673 100644 --- a/scripts/wheel_smoke.py +++ b/scripts/wheel_smoke.py @@ -27,9 +27,9 @@ def smoke_imports_and_invariants() -> None: import-rewrite mistakes (the 0.1.16 incident, where main.py loaded but main_sync was missing because the build script dropped a re-export). """ - from molecule_runtime.main import main_sync # noqa: F401 - from molecule_runtime import a2a_client, a2a_tools # noqa: F401 - from molecule_runtime.builtin_tools import memory # noqa: F401 + from molecule_runtime.main import main_sync # noqa: F401 # smoke-test re-export regression (mc#1769) + from molecule_runtime import a2a_client, a2a_tools # noqa: F401 # smoke-test re-export regression (mc#1769) + from molecule_runtime.builtin_tools import memory # noqa: F401 # smoke-test re-export regression (mc#1769) from molecule_runtime.adapters import get_adapter, BaseAdapter, AdapterConfig # cli_main + mcp_cli.main are the molecule-mcp console-script entry @@ -38,8 +38,8 @@ def smoke_imports_and_invariants() -> None: # rewrite here would break every external operator's MCP install on # the next wheel publish. Pin both names because pyproject points # at mcp_cli.main, which then imports a2a_mcp_server.cli_main. - from molecule_runtime.a2a_mcp_server import cli_main # noqa: F401 - from molecule_runtime.mcp_cli import main as mcp_cli_main # noqa: F401 + from molecule_runtime.a2a_mcp_server import cli_main # noqa: F401 # smoke-test re-export regression (mc#1769) + from molecule_runtime.mcp_cli import main as mcp_cli_main # noqa: F401 # smoke-test re-export regression (mc#1769) assert callable(cli_main), "a2a_mcp_server.cli_main must be callable" assert callable(mcp_cli_main), "mcp_cli.main must be callable" @@ -48,7 +48,7 @@ def smoke_imports_and_invariants() -> None: # imports + activates these at startup; if a wheel ships without # them, the standalone agent silently loses the wait_for_message / # inbox_peek / inbox_pop tools and reverts to outbound-only. - from molecule_runtime.inbox import ( # noqa: F401 + from molecule_runtime.inbox import ( # noqa: F401 # smoke-test re-export regression (mc#1769) InboxState, activate as inbox_activate, get_state as inbox_get_state,