feat: add comprehensive CI/CD automation and modern Python tooling

- Add pre-commit configuration with ruff (replaces black/isort/flake8), mypy, and bandit
- Add GitHub Actions workflows for CI testing and automated HF Spaces deployment
- Add pyproject.toml with modern Python packaging and centralized tool configuration
- Update requirements.txt with development dependencies including ruff and pytest plugins
- Add comprehensive ruff rule set: pycodestyle, pyflakes, bugbear, comprehensions, pyupgrade
- Configure multi-Python version testing (3.10, 3.11, 3.12) with parallel execution
- Add security scanning with bandit and Trivy vulnerability scanner
- Update README with development workflow and CI/CD pipeline documentation

Performance improvements:
- Ruff provides 10-100x faster linting compared to traditional tools
- pytest-xdist enables parallel test execution
- Single tool replaces multiple separate linters

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

.github/workflows/ci.yml

@@ -0,0 +1,112 @@
+name: CI
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [3.10.x, 3.11.x, 3.12.x]
+
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v4
+      with:
+        python-version: ${{ matrix.python-version }}
+    
+    - name: Cache pip packages
+      uses: actions/cache@v3
+      with:
+        path: ~/.cache/pip
+        key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
+        restore-keys: |
+          ${{ runner.os }}-pip-
+    
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+        pip install pytest-cov pytest-xdist
+    
+    - name: Run tests with coverage
+      run: |
+        python -m pytest tests/ -v --cov=domains --cov=ui --cov-report=xml --cov-report=html -n auto
+    
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v3
+      with:
+        file: ./coverage.xml
+        flags: unittests
+        name: codecov-umbrella
+
+  lint:
+    runs-on: ubuntu-latest
+    
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: 3.11.x
+    
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install ruff mypy bandit
+    
+    - name: Run Ruff linter
+      run: ruff check .
+    
+    - name: Run Ruff formatter
+      run: ruff format --check .
+    
+    - name: Run mypy
+      run: mypy . --ignore-missing-imports
+    
+    - name: Run bandit
+      run: bandit -r . -f json -o bandit-report.json || true
+
+  pre-commit:
+    runs-on: ubuntu-latest
+    
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: 3.11.x
+    
+    - name: Install pre-commit
+      run: pip install pre-commit
+    
+    - name: Run pre-commit
+      run: pre-commit run --all-files
+
+  security:
+    runs-on: ubuntu-latest
+    
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        scan-type: 'fs'
+        scan-ref: '.'
+        format: 'sarif'
+        output: 'trivy-results.sarif'
+    
+    - name: Upload Trivy scan results to GitHub Security tab
+      uses: github/codeql-action/upload-sarif@v2
+      if: always()
+      with:
+        sarif_file: 'trivy-results.sarif'

.github/workflows/deploy.yml

@@ -0,0 +1,25 @@
+name: Deploy to Hugging Face Spaces
+
+on:
+  push:
+    branches: [ main ]
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+        lfs: true
+    
+    - name: Push to Hugging Face Spaces
+      env:
+        HF_TOKEN: ${{ secrets.HF_TOKEN }}
+      run: |
+        git config --global user.email "action@github.com"
+        git config --global user.name "GitHub Action"
+        git remote add hf https://thompsonson:$HF_TOKEN@hf.co/spaces/thompsonson/bayesian_game
+        git push hf main --force

.pre-commit-config.yaml

@@ -0,0 +1,31 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+      - id: check-merge-conflict
+      - id: debug-statements
+
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.1.9
+    hooks:
+      - id: ruff
+        args: [--fix, --exit-non-zero-on-fix]
+      - id: ruff-format
+
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: v1.8.0
+    hooks:
+      - id: mypy
+        additional_dependencies: [types-all]
+        args: [--ignore-missing-imports]
+
+  - repo: https://github.com/pycqa/bandit
+    rev: 1.7.5
+    hooks:
+      - id: bandit
+        args: [-r, ., -f, json, -o, bandit-report.json]
+        exclude: ^tests/

README.md

@@ -85,6 +85,11 @@ uv pip install -r requirements.txt
 pip install -r requirements.txt
 ```
 
+4. **Set up pre-commit hooks (optional for development):**
+```bash
+pre-commit install
+```
+
 ### Running the Game
 
 **Launch the interactive web interface:**
@@ -210,6 +215,32 @@ This implementation demonstrates:
 - `numpy`: Numerical computations for Bayesian inference
 - `matplotlib`: Belief distribution visualization
 - `pytest`: Testing framework
+- `pre-commit`: Code quality automation
+- `ruff`: Fast Python linter and formatter (replaces Black, isort, flake8)
+
+### Development Workflow
+```bash
+# Install pre-commit hooks
+pre-commit install
+
+# Run pre-commit manually
+pre-commit run --all-files
+
+# Run tests with coverage
+python -m pytest tests/ --cov=domains --cov=ui --cov-report=html
+
+# Code formatting and linting (automatic with pre-commit)
+ruff check --fix .
+ruff format .
+mypy .
+```
+
+### CI/CD Pipeline
+- **GitHub Actions**: Automated testing on Python 3.10, 3.11, 3.12
+- **Pre-commit hooks**: Code quality checks (Ruff, mypy, bandit)
+- **Test coverage**: Comprehensive coverage reporting
+- **Security scanning**: Trivy vulnerability scanner
+- **Auto-deployment**: Pushes to Hugging Face Spaces on main branch
 
 ### Design Principles
 1. **Pure Functions**: Domains contain pure, testable functions

pyproject.toml

@@ -0,0 +1,138 @@
+[build-system]
+requires = ["setuptools>=45", "wheel", "setuptools_scm[toml]>=6.2"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "bayesian-game"
+description = "Interactive Bayesian inference game with domain-driven design"
+readme = "README.md"
+license = {text = "MIT"}
+authors = [
+    {name = "Thompson", email = "thompsonson@example.com"},
+]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Education",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Scientific/Engineering :: Artificial Intelligence",
+    "Topic :: Education",
+]
+requires-python = ">=3.10"
+dependencies = [
+    "gradio>=4.0.0",
+    "numpy>=1.21.0",
+    "matplotlib>=3.5.0",
+]
+dynamic = ["version"]
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=7.0.0",
+    "pytest-cov>=4.0.0",
+    "pytest-xdist>=3.0.0",
+    "pre-commit>=3.0.0",
+    "ruff>=0.1.0",
+    "mypy>=1.0.0",
+    "bandit>=1.7.0",
+]
+
+[project.urls]
+Homepage = "https://github.com/thompsonson/bayesian_game"
+Repository = "https://github.com/thompsonson/bayesian_game"
+"Bug Tracker" = "https://github.com/thompsonson/bayesian_game/issues"
+"Hugging Face Space" = "https://huggingface.co/spaces/thompsonson/bayesian_game"
+
+[tool.setuptools_scm]
+
+[tool.ruff]
+target-version = "py310"
+line-length = 88
+select = [
+    "E",   # pycodestyle errors
+    "W",   # pycodestyle warnings
+    "F",   # pyflakes
+    "I",   # isort
+    "B",   # flake8-bugbear
+    "C4",  # flake8-comprehensions
+    "UP",  # pyupgrade
+    "ARG", # flake8-unused-arguments
+    "SIM", # flake8-simplify
+    "TCH", # flake8-type-checking
+    "PTH", # flake8-use-pathlib
+    "ERA", # eradicate
+    "PL",  # pylint
+    "RUF", # ruff-specific rules
+]
+ignore = [
+    "E501",   # line too long, handled by formatter
+    "B008",   # do not perform function calls in argument defaults
+    "C901",   # too complex
+    "PLR0913", # too many arguments
+    "PLR0915", # too many statements
+]
+
+[tool.ruff.per-file-ignores]
+"tests/**/*" = ["PLR2004", "S101", "ARG001"]
+
+[tool.ruff.format]
+quote-style = "double"
+indent-style = "space"
+skip-magic-trailing-comma = false
+line-ending = "auto"
+
+[tool.mypy]
+python_version = "3.10"
+check_untyped_defs = true
+disallow_any_generics = true
+disallow_incomplete_defs = true
+disallow_untyped_defs = true
+no_implicit_optional = true
+warn_redundant_casts = true
+warn_unused_ignores = true
+warn_return_any = true
+strict_equality = true
+
+[[tool.mypy.overrides]]
+module = [
+    "matplotlib.*",
+    "gradio.*",
+]
+ignore_missing_imports = true
+
+[tool.pytest.ini_options]
+minversion = "7.0"
+addopts = "-ra -q --strict-markers --strict-config"
+testpaths = ["tests"]
+python_files = ["test_*.py"]
+python_classes = ["Test*"]
+python_functions = ["test_*"]
+markers = [
+    "slow: marks tests as slow",
+    "integration: marks tests as integration tests",
+    "unit: marks tests as unit tests",
+]
+
+[tool.coverage.run]
+source = ["domains", "ui"]
+omit = [
+    "tests/*",
+    "app.py",
+]
+
+[tool.coverage.report]
+exclude_lines = [
+    "pragma: no cover",
+    "def __repr__",
+    "raise AssertionError",
+    "raise NotImplementedError",
+    "if __name__ == .__main__.:",
+    "if TYPE_CHECKING:",
+]
+
+[tool.bandit]
+exclude_dirs = ["tests"]
+skips = ["B101", "B601"]

requirements.txt

@@ -1,4 +1,10 @@
 gradio>=4.0.0
 numpy>=1.21.0
 matplotlib>=3.5.0
-pytest>=7.0.0
+pytest>=7.0.0
+pytest-cov>=4.0.0
+pytest-xdist>=3.0.0
+pre-commit>=3.0.0
+ruff>=0.1.0
+mypy>=1.0.0
+bandit>=1.7.0