---
description: Governance rules for flask — quality gates, security, conventions
globs:
  - "**/*.py"
alwaysApply: true
---

# Governance — flask

> Generated from governance.md by crag. Regenerate: `crag compile --target cursor`

**Stack:** python

## Quality Gates

Run these checks in order before committing:
### Lint
- `uv run ruff check .`
- `uv run ruff format --check .`
- `uv run mypy .`

### Test
- `uv run tox run`

### Build
- `python -m build`

### Ci (inferred from workflow)
- `uv run --locked --no-default-groups --group pre-commit pre-commit run --show-diff-on-failure --color=always --all-files`
- `uv run --locked --no-default-groups --group dev tox run`
- `uv run --locked --no-default-groups --group dev tox run -e typing`
## Security

- No hardcoded secrets — grep for sk_live, AKIA, password= before commit

## Conventions

- Follow project commit conventions
- Runtimes: python