chore: apply ruff format to all Python files (#78)

49 files reformatted to match ruff 0.15.5 default style.
Fix UP038 lint: use X | Y instead of (X, Y) in isinstance call.
Prerequisite for enforcing format check in CI.

Author: acartag7

src/edictum_server/auth/local.py

@@ -40,9 +40,7 @@ def __init__(
 
     def _sign(self, data: str) -> str:
         """HMAC-SHA256 sign session data, return 'hmac_hex:json' string."""
-        mac = hmac.new(
-            self._secret_key.encode(), data.encode(), hashlib.sha256
-        ).hexdigest()
+        mac = hmac.new(self._secret_key.encode(), data.encode(), hashlib.sha256).hexdigest()
         return f"{mac}:{data}"
 
     def _verify_and_parse(self, raw: str) -> dict[str, object] | None:
@@ -88,7 +86,7 @@ async def authenticate(self, request: Request) -> DashboardAuthContext:
         # Enforce absolute session lifetime (7 days max)
         created_at = data.get("created_at")
         expired = (
-            isinstance(created_at, (int, float))
+            isinstance(created_at, int | float)
             and time.time() - created_at > _MAX_ABSOLUTE_LIFETIME
         )
         if expired:

src/edictum_server/routes/agent_registrations.py

@@ -1,4 +1,5 @@
 """Agent registration management endpoints (dashboard auth)."""
+
 from __future__ import annotations
 
 from typing import Any

src/edictum_server/routes/agents.py

@@ -32,9 +32,7 @@ async def agent_fleet_status(
     for conn in connections:
         status = "unknown"
         if conn.policy_version and conn.env:
-            status = await check_drift(
-                db, auth.tenant_id, conn.policy_version, conn.env
-            )
+            status = await check_drift(db, auth.tenant_id, conn.policy_version, conn.env)
 
         entries.append(
             AgentStatusEntry(

src/edictum_server/routes/ai_usage.py

@@ -33,9 +33,12 @@ async def get_usage_stats(
             func.coalesce(func.sum(AiUsageLog.output_tokens), 0).label("total_output"),
             func.sum(AiUsageLog.estimated_cost_usd).label("total_cost"),
             func.count().label("query_count"),
-            func.coalesce(func.avg(
-                AiUsageLog.output_tokens * 1000.0 / func.nullif(AiUsageLog.duration_ms, 0)
-            ), 0.0).label("avg_tps"),
+            func.coalesce(
+                func.avg(
+                    AiUsageLog.output_tokens * 1000.0 / func.nullif(AiUsageLog.duration_ms, 0)
+                ),
+                0.0,
+            ).label("avg_tps"),
         ).where(
             AiUsageLog.tenant_id == auth.tenant_id,
             AiUsageLog.created_at >= since,
@@ -51,10 +54,13 @@ async def get_usage_stats(
             func.sum(AiUsageLog.output_tokens).label("output_tokens"),
             func.sum(AiUsageLog.estimated_cost_usd).label("cost_usd"),
             func.count().label("queries"),
-        ).where(
+        )
+        .where(
             AiUsageLog.tenant_id == auth.tenant_id,
             AiUsageLog.created_at >= since,
-        ).group_by("day").order_by("day")
+        )
+        .group_by("day")
+        .order_by("day")
     )
     daily_rows = daily_q.all()
 

src/edictum_server/routes/assignment_rules.py

@@ -1,4 +1,5 @@
 """Assignment rule CRUD endpoints (dashboard auth)."""
+
 from __future__ import annotations
 
 import re
@@ -149,7 +150,9 @@ async def delete_rule(
 async def resolve_agent_bundle(
     agent_id: str,
     env: str | None = Query(
-        default=None, max_length=64, description="Filter rules by environment",
+        default=None,
+        max_length=64,
+        description="Filter rules by environment",
     ),
     auth: AuthContext = Depends(require_dashboard_auth),
     db: AsyncSession = Depends(get_db),
@@ -160,7 +163,10 @@ async def resolve_agent_bundle(
     When omitted, all tenant rules are evaluated (useful for dashboard previews).
     """
     bundle_name, source, rule_id, rule_pattern = await svc.resolve_bundle(
-        db, auth.tenant_id, agent_id, env=env,
+        db,
+        auth.tenant_id,
+        agent_id,
+        env=env,
     )
     return ResolvedAssignment(
         bundle_name=bundle_name,

src/edictum_server/routes/compositions.py

@@ -70,9 +70,11 @@ async def get_composition_endpoint(
     items = await get_composition_items(db, comp)
     return CompositionDetail(
         **_to_summary(comp, len(items)).model_dump(),
-        id=comp.id, tenant_id=comp.tenant_id,
+        id=comp.id,
+        tenant_id=comp.tenant_id,
         contracts=[CompositionItemDetail(**i) for i in items],
-        tools_config=comp.tools_config, observability=comp.observability,
+        tools_config=comp.tools_config,
+        observability=comp.observability,
     )
 
 
@@ -86,59 +88,91 @@ async def create_composition_endpoint(
     """Create a new bundle composition."""
     try:
         comp = await create_composition(
-            db, auth.tenant_id, body.name, auth.email or auth.user_id or "unknown",
-            description=body.description, defaults_mode=body.defaults_mode,
-            update_strategy=body.update_strategy, contracts=body.contracts,
-            tools_config=body.tools_config, observability=body.observability,
+            db,
+            auth.tenant_id,
+            body.name,
+            auth.email or auth.user_id or "unknown",
+            description=body.description,
+            defaults_mode=body.defaults_mode,
+            update_strategy=body.update_strategy,
+            contracts=body.contracts,
+            tools_config=body.tools_config,
+            observability=body.observability,
         )
         await db.commit()
     except ValueError as exc:
         status = 409 if "already exists" in str(exc) else 422
         raise HTTPException(status_code=status, detail=str(exc)) from exc
-    push.push_to_dashboard(auth.tenant_id, {
-        "type": "composition_changed", "composition_name": comp.name,
-    })
+    push.push_to_dashboard(
+        auth.tenant_id,
+        {
+            "type": "composition_changed",
+            "composition_name": comp.name,
+        },
+    )
     items = await get_composition_items(db, comp)
     return CompositionDetail(
-        name=comp.name, description=comp.description,
-        defaults_mode=comp.defaults_mode, update_strategy=comp.update_strategy,
-        contract_count=len(items), updated_at=comp.updated_at,
-        created_by=comp.created_by, id=comp.id, tenant_id=comp.tenant_id,
+        name=comp.name,
+        description=comp.description,
+        defaults_mode=comp.defaults_mode,
+        update_strategy=comp.update_strategy,
+        contract_count=len(items),
+        updated_at=comp.updated_at,
+        created_by=comp.created_by,
+        id=comp.id,
+        tenant_id=comp.tenant_id,
         contracts=[CompositionItemDetail(**i) for i in items],
-        tools_config=comp.tools_config, observability=comp.observability,
+        tools_config=comp.tools_config,
+        observability=comp.observability,
     )
 
 
 @router.put("/{name}", response_model=CompositionDetail)
 async def update_composition_endpoint(
-    name: str, body: CompositionUpdateRequest,
+    name: str,
+    body: CompositionUpdateRequest,
     auth: AuthContext = Depends(require_dashboard_auth),
     db: AsyncSession = Depends(get_db),
     push: PushManager = Depends(get_push_manager),
 ) -> CompositionDetail:
     """Update a composition (add/remove/reorder contracts)."""
     try:
         comp = await update_composition(
-            db, auth.tenant_id, name,
-            description=body.description, defaults_mode=body.defaults_mode,
-            update_strategy=body.update_strategy, contracts=body.contracts,
-            tools_config=body.tools_config, observability=body.observability,
+            db,
+            auth.tenant_id,
+            name,
+            description=body.description,
+            defaults_mode=body.defaults_mode,
+            update_strategy=body.update_strategy,
+            contracts=body.contracts,
+            tools_config=body.tools_config,
+            observability=body.observability,
         )
         await db.commit()
     except ValueError as exc:
         status = 404 if "not found" in str(exc).lower() else 422
         raise HTTPException(status_code=status, detail=str(exc)) from exc
-    push.push_to_dashboard(auth.tenant_id, {
-        "type": "composition_changed", "composition_name": comp.name,
-    })
+    push.push_to_dashboard(
+        auth.tenant_id,
+        {
+            "type": "composition_changed",
+            "composition_name": comp.name,
+        },
+    )
     items = await get_composition_items(db, comp)
     return CompositionDetail(
-        name=comp.name, description=comp.description,
-        defaults_mode=comp.defaults_mode, update_strategy=comp.update_strategy,
-        contract_count=len(items), updated_at=comp.updated_at,
-        created_by=comp.created_by, id=comp.id, tenant_id=comp.tenant_id,
+        name=comp.name,
+        description=comp.description,
+        defaults_mode=comp.defaults_mode,
+        update_strategy=comp.update_strategy,
+        contract_count=len(items),
+        updated_at=comp.updated_at,
+        created_by=comp.created_by,
+        id=comp.id,
+        tenant_id=comp.tenant_id,
         contracts=[CompositionItemDetail(**i) for i in items],
-        tools_config=comp.tools_config, observability=comp.observability,
+        tools_config=comp.tools_config,
+        observability=comp.observability,
     )
 
 
@@ -172,7 +206,8 @@ async def preview_endpoint(
 
 @router.post("/{name}/deploy", response_model=ComposeDeployResponse, status_code=201)
 async def deploy_endpoint(
-    name: str, body: ComposeDeployRequest,
+    name: str,
+    body: ComposeDeployRequest,
     auth: AuthContext = Depends(require_dashboard_auth),
     db: AsyncSession = Depends(get_db),
     push: PushManager = Depends(get_push_manager),
@@ -188,8 +223,13 @@ async def deploy_endpoint(
         raise HTTPException(status_code=422, detail=str(exc)) from exc
     try:
         result = await deploy_composition(
-            db, auth.tenant_id, comp, body.env,
-            auth.email or auth.user_id or "unknown", signing_secret, push,
+            db,
+            auth.tenant_id,
+            comp,
+            body.env,
+            auth.email or auth.user_id or "unknown",
+            signing_secret,
+            push,
         )
         await db.commit()
     except ValueError as exc:

src/edictum_server/routes/events.py

@@ -67,10 +67,13 @@ async def post_events(
     # Notify dashboard subscribers about new events.  Push one summary
     # message per batch rather than one per event to avoid flooding.
     if accepted > 0:
-        push.push_to_dashboard(auth.tenant_id, {
-            "type": "event_created",
-            "accepted": accepted,
-        })
+        push.push_to_dashboard(
+            auth.tenant_id,
+            {
+                "type": "event_created",
+                "accepted": accepted,
+            },
+        )
 
     return EventIngestResponse(accepted=accepted, duplicates=duplicates)
 

src/edictum_server/schemas/agent_registrations.py

@@ -1,4 +1,5 @@
 """Schemas for agent registration and assignment rule endpoints."""
+
 from __future__ import annotations
 
 import uuid
@@ -9,6 +10,7 @@
 
 # --- Agent Registration ---
 
+
 class AgentRegistrationResponse(BaseModel):
     id: uuid.UUID
     agent_id: str
@@ -37,6 +39,7 @@ class BulkAssignResponse(BaseModel):
 
 # --- Assignment Rules ---
 
+
 class AssignmentRuleCreate(BaseModel):
     priority: int = Field(..., ge=0)
     pattern: str = Field(..., min_length=1, max_length=200)
@@ -65,6 +68,7 @@ class AssignmentRuleResponse(BaseModel):
 
 class ResolvedAssignment(BaseModel):
     """Result of bundle resolution for an agent."""
+
     bundle_name: str | None
     source: str  # "explicit" | "rule" | "agent_provided" | "none"
     rule_id: uuid.UUID | None = None

src/edictum_server/schemas/compositions.py

@@ -37,9 +37,7 @@ class CompositionCreateRequest(BaseModel):
     @classmethod
     def validate_name(cls, v: str) -> str:
         if len(v) > _BUNDLE_NAME_MAX_LEN:
-            raise ValueError(
-                f"name must be at most {_BUNDLE_NAME_MAX_LEN} characters"
-            )
+            raise ValueError(f"name must be at most {_BUNDLE_NAME_MAX_LEN} characters")
         if not _BUNDLE_NAME_RE.match(v):
             raise ValueError(
                 "name must match [a-z0-9][a-z0-9._-]* "

src/edictum_server/schemas/evaluate.py

@@ -19,19 +19,28 @@ class EvaluateRequest(BaseModel):
     """Request body for contract evaluation playground."""
 
     yaml_content: str = Field(
-        ..., max_length=1_048_576, description="YAML contract bundle to evaluate against",
+        ...,
+        max_length=1_048_576,
+        description="YAML contract bundle to evaluate against",
     )
     tool_name: str = Field(
-        ..., max_length=255, description="Tool name to simulate",
+        ...,
+        max_length=255,
+        description="Tool name to simulate",
     )
     tool_args: dict[str, Any] = Field(
-        default_factory=dict, description="Tool arguments",
+        default_factory=dict,
+        description="Tool arguments",
     )
     environment: str = Field(
-        default="production", max_length=64, description="Environment context",
+        default="production",
+        max_length=64,
+        description="Environment context",
     )
     agent_id: str = Field(
-        default="test-agent", max_length=255, description="Simulated agent ID",
+        default="test-agent",
+        max_length=255,
+        description="Simulated agent ID",
     )
     principal: PrincipalInput | None = Field(
         default=None, description="Optional principal identity"