Audit remediation: remove artifacts, add CI/CD, tests, and tooling

- Remove committed artifacts from version control
  - quantcli.log, article_processor.log, articles.json, output.html
- Enhance .gitignore with comprehensive patterns
  - Secrets, coverage, type checking, IDE files
- Add GitHub Actions CI workflow (.github/workflows/ci.yml)
  - Lint with black and ruff
  - Type check with mypy
  - Test on Python 3.10, 3.11, 3.12
  - Security scan with pip-audit
  - Secret scanning with TruffleHog
- Add test suite foundation (tests/)
  - Pytest fixtures for mocking OpenAI client and config
  - Unit tests for processor classes (TextPreprocessor, CodeValidator, etc.)
  - Unit tests for LLMHandler
- Enhance pyproject.toml with additional tooling
  - Add pytest-cov, pytest-mock, pre-commit, pip-audit to dev deps
  - Configure ruff lint rules including security checks
  - Configure mypy with ignore patterns for third-party libs
  - Add pytest and coverage configuration

Author: claude

.github/workflows/ci.yml

@@ -0,0 +1,114 @@
+name: CI
+
+on:
+  push:
+    branches: [main, master, develop, gamma, beta, "feature/*", "claude/*"]
+  pull_request:
+    branches: [main, master, develop, gamma, beta]
+
+jobs:
+  lint:
+    name: Lint & Format
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install ruff black
+
+      - name: Check formatting with Black
+        run: black --check --diff .
+
+      - name: Lint with Ruff
+        run: ruff check .
+
+  type-check:
+    name: Type Check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+
+      - name: Run mypy
+        run: mypy quantcoder --ignore-missing-imports
+
+  test:
+    name: Test (Python ${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.10", "3.11", "3.12"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+          pip install pytest-cov pytest-mock
+          python -m spacy download en_core_web_sm
+
+      - name: Run tests
+        run: pytest tests/ -v --cov=quantcoder --cov-report=xml
+
+      - name: Upload coverage
+        uses: codecov/codecov-action@v3
+        if: matrix.python-version == '3.11'
+        with:
+          files: ./coverage.xml
+          fail_ci_if_error: false
+
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install pip-audit
+
+      - name: Run pip-audit
+        run: pip-audit --require-hashes=false || true
+
+  secret-scan:
+    name: Secret Scanning
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: TruffleHog Secret Scan
+        uses: trufflesecurity/trufflehog@main
+        with:
+          extra_args: --only-verified

.gitignore

@@ -1,9 +1,11 @@
-# Python
+# Python bytecode and cache
 __pycache__/
 *.py[cod]
 *$py.class
 *.so
 .Python
+
+# Distribution / packaging
 build/
 develop-eggs/
 dist/
@@ -20,47 +22,74 @@ wheels/
 .installed.cfg
 *.egg
 MANIFEST
+*.whl
 
 # Virtual Environment
 .venv/
 .venv-legacy/
 venv/
 ENV/
 env/
+.env/
 
-# IDE
+# IDE and editors
 .vscode/
 .idea/
 *.swp
 *.swo
 *~
+.project
+.pydevproject
+.settings/
 
-# Logs
+# Logs and output artifacts
 *.log
+logs/
 quantcli.log
 article_processor.log
 
-# QuantCoder specific
+# QuantCoder specific - user data
 downloads/
 generated_code/
 articles.json
 output.html
+output.*
 
-# Configuration (contains API keys)
+# Configuration and secrets (API keys)
 .env
+.env.*
+*.env
+.envrc
 .quantcoder/
+secrets.json
+credentials.json
 
-# OS
+# OS specific
 .DS_Store
 Thumbs.db
 
-# SpaCy models
+# SpaCy models (large binary files)
 *.bin
 
-# Testing
+# Testing and coverage
 .pytest_cache/
 .coverage
+.coverage.*
 htmlcov/
+coverage.xml
+*.cover
+.hypothesis/
+.tox/
+.nox/
 
-# Distribution
-*.whl
+# Type checking
+.mypy_cache/
+.dmypy.json
+dmypy.json
+.pytype/
+
+# Jupyter
+.ipynb_checkpoints/
+
+# Local development
+*.local

article_processor.log

@@ -42,9 +42,13 @@ dependencies = [
 [project.optional-dependencies]
 dev = [
     "pytest>=7.4.0",
+    "pytest-cov>=4.0",
+    "pytest-mock>=3.10",
     "black>=23.0.0",
     "ruff>=0.1.0",
     "mypy>=1.7.0",
+    "pre-commit>=3.0",
+    "pip-audit>=2.6",
 ]
 
 [project.scripts]
@@ -69,7 +73,63 @@ target-version = ['py310']
 line-length = 100
 target-version = "py310"
 
+[tool.ruff.lint]
+select = [
+    "E",      # pycodestyle errors
+    "W",      # pycodestyle warnings
+    "F",      # pyflakes
+    "I",      # isort
+    "B",      # flake8-bugbear
+    "C4",     # flake8-comprehensions
+    "UP",     # pyupgrade
+    "S",      # flake8-bandit (security)
+]
+ignore = [
+    "E501",   # line too long (handled by black)
+    "S101",   # use of assert (ok in tests)
+]
+
+[tool.ruff.lint.per-file-ignores]
+"tests/*" = ["S101"]
+
 [tool.mypy]
 python_version = "3.10"
 warn_return_any = true
 warn_unused_configs = true
+ignore_missing_imports = true
+show_error_codes = true
+
+[[tool.mypy.overrides]]
+module = [
+    "pdfplumber.*",
+    "spacy.*",
+    "pygments.*",
+    "InquirerPy.*",
+    "rich.*",
+    "toml.*",
+]
+ignore_missing_imports = true
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+python_files = ["test_*.py"]
+python_functions = ["test_*"]
+addopts = ["-v", "--tb=short"]
+markers = [
+    "slow: marks tests as slow",
+    "integration: marks tests as integration tests",
+]
+
+[tool.coverage.run]
+source = ["quantcoder"]
+branch = true
+omit = ["*/tests/*"]
+
+[tool.coverage.report]
+exclude_lines = [
+    "pragma: no cover",
+    "def __repr__",
+    "raise AssertionError",
+    "raise NotImplementedError",
+    "if __name__ == .__main__.:",
+]