Merge pull request #47 from rootcodelabs/RAG-17

Added pyright CI checks for Python type checking

Author: Thirunayan22

.github/workflows/pyright-type-check.yml

@@ -0,0 +1,30 @@
+name: Pyright Type Check
+
+on:
+  pull_request:
+    branches: ["*"]
+  push:
+    branches: ["*"]
+
+jobs:
+  pyright:
+    name: Pyright Type Check
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version-file: '.python-version'
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v6
+
+      - name: Install dependencies (locked)
+        run: uv sync --frozen
+
+      - name: Run Pyright
+        run: uv run pyright

.github/workflows/pytest-testcases-check.yml

@@ -0,0 +1,28 @@
+name: Pytest Testcases Check
+
+on:
+  pull_request:
+    branches: ["*"]        # run on PRs to any branch
+  push:
+    branches: [main, dev, testing, wip]   # optional; expand to ["*"] if you want all pushes
+
+jobs:
+  pytest-testcases:
+    name: Pytest Testcases Check
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version-file: '.python-version'
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v6
+
+      # Format check only — fails if files are not formatted
+      - name: Run test cases using Pytest
+        run: uv run pytest tests

.github/workflows/ruff-format-check.yml

@@ -0,0 +1,28 @@
+name: Ruff Format Check
+
+on:
+  pull_request:
+    branches: ["*"]        # run on PRs to any branch
+  push:
+    branches: ["*"]   # optional; expand to ["*"] if you want all pushes
+
+jobs:
+  ruff-format:
+    name: Ruff Format Check
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version-file: '.python-version'
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v6
+
+      # Format check only — fails if files are not formatted
+      - name: Ruff format check
+        run: uvx ruff format --check .

.github/workflows/ruff-lint-check.yml

@@ -0,0 +1,28 @@
+name: Ruff Lint Check
+
+on:
+  pull_request:
+    branches: ["*"]         # run on PRs to any branch
+  push:
+    branches: ["*"]   # optional; broaden to ["*"] if desired
+
+jobs:
+  ruff:
+    name: Ruff Lint & Format Check
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version-file: '.python-version'
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v6
+
+      # Lint: exits non-zero on violations -> job fails
+      - name: Ruff lint
+        run: uvx ruff check --output-format=github .

.github/workflows/uv-env-check.yml

@@ -0,0 +1,29 @@
+name: UV Environment Check
+
+on:
+  pull_request:
+    branches: ["*"]
+  push:
+    branches: ["*"]
+
+jobs:
+  checks:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup uv (with cache)
+        uses: astral-sh/setup-uv@v6
+        with:
+          version: "0.8.15"
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version-file: '.python-version'
+
+      # The authoritative guard: MUST match uv.lock and Python markers
+      - name: Sync (frozen)
+        run: uv sync --frozen

.python-version

@@ -0,0 +1 @@
+3.12.10

CONTRIBUTING.md

@@ -0,0 +1,143 @@
+# Contributor Guidelines
+
+Welcome! This guide helps you set up the project locally for development and contributions. It also explains the coding standards used in the project along with the CI checks
+
+## Local Setup
+
+This project uses **uv** for Python packaging and virtual environments. Python is pinned to **3.12.10** in `pyproject.toml`.
+
+
+### Step 1: Clone the Repository
+Clone the repository and navigate to the project directory.
+
+```bash
+cd RAG-Module
+```
+
+### Step 2: Install uv
+If uv is not already installed, install it via the official installer.
+
+```bash
+curl -LsSf https://astral.sh/uv/install.sh | sh
+# Restart your terminal or run: source ~/.zshrc
+```
+
+### Step 3: Install the Required Python Version
+Use uv to install and manage Python 3.12.10.
+
+```bash
+uv python install 3.12.10
+```
+
+### Step 4: Recreate the Virtual Environment
+From the project root (where `pyproject.toml` and `uv.lock` are located), recreate the environment from the lockfile.
+
+```bash
+# Create .venv and install dependencies strictly from uv.lock
+uv sync --frozen
+```
+
+**Notes:**
+- `uv sync` creates a local `.venv/` directory by default and installs dependencies from `uv.lock`.
+- If `--frozen` fails due to a stale lockfile, run `uv sync -p 3.12.10` (without `--frozen`) to resolve and update.
+
+### Step 5: Activate the Environment (Optional)
+Activate the virtual environment to use it directly.
+
+```bash
+source .venv/bin/activate
+python -V  # Should output: Python 3.12.10
+```
+
+### Step 6: Run the Application
+
+When running the FastAPI APIs locally always run with
+
+```bash
+uv run python app.py
+```
+
+instead of 
+
+```bash
+python3 app.py
+```
+
+This will make sure that regardless of whether you have activated the .venv environment or not uv will use the right versions when setting up the
+
+
+For more help, check the [uv documentation](https://docs.astral.sh/uv/)
+
+## CI Checks
+
+### Environment Check
+
+- Located in `.github/workflows/uv-env-check.yml`
+
+- This GitHub actions check runs to check whether there are any conflicts between the lockfile and pyproject.toml. If it fails, then there has been some dependency update to the pyproject.toml without updating the lockfile
+
+### Type check for Python 
+
+## Installing New Dependencies to the Project (Python)
+
+If you need to add a new Python dependency, **do not run `pip install` directly**.
+
+We use `uv` to manage environments and lockfiles so that installs are reproducible in local development, CI, and containers.
+
+### Follow This Process:
+
+#### 1. Add the Dependency
+Use `uv add` instead of `pip install`. This ensures both `pyproject.toml` and `uv.lock` are updated together.
+
+```bash
+uv add "package-name>=x.y,<x.(y+1)"
+```
+
+- Use a bounded version range (`>=` + `<`) to avoid uncontrolled upgrades.
+
+
+#### 2. Re-sync Your Environment
+After adding, re-sync to refresh your local `.venv`:
+
+```bash
+uv sync --reinstall
+```
+
+#### 3. Run Checks Locally
+Make sure type checks, linter, and tests pass:
+
+```bash
+uv run pyright
+uv run ruff check .
+uv run pytest
+```
+
+#### 4. Commit Both Files
+Always commit both `pyproject.toml` and `uv.lock`. If only one is updated, CI will fail (`uv sync --frozen` check).
+
+```bash
+git add pyproject.toml uv.lock
+git commit -m "added package-name dependency"
+```
+
+#### 5. Open a PR
+CI will validate that the lockfile and environment are consistent. If you forgot to update the lockfile, the PR will fail with a clear error.
+
+---
+
+### Important Notes
+
+- **Never edit `uv.lock` manually.** It is controlled by `uv`.
+- **Never use `uv pip install` for permanent deps** — it only changes your local venv. Use `uv add` instead.
+- If you remove a dependency, run:
+
+```bash
+uv remove package-name
+uv sync --reinstall
+git add pyproject.toml uv.lock
+git commit -m "removed package-name"
+```
+
+## Coding Standards
+
+## PR evaluation criteria

README.md

@@ -1 +1,26 @@
-# RAG-Module
+# BYK-RAG (Retrieval-Augmented Generation Module)
+
+The **BYK-RAG Module** is part of the Burokratt ecosystem, designed to provide **retrieval-augmented generation (RAG)** capabilities for Estonian government digital services. It ensures reliable, multilingual, and compliant AI-powered responses by integrating with multiple LLM providers, syncing with knowledge bases, and exposing flexible configuration and monitoring features for administrators.
+
+---
+
+## Features
+
+- **Configurable LLM Providers**  
+  - Support for AWS Bedrock, Azure AI, Google Cloud, OpenAI, Anthropic, and self-hosted open-source LLMs.  
+  - Admins can create "connections" and switch providers/models without downtime.  
+  - Models searchable via dropdown with cache-enabled indicators.
+
+- **Knowledge Base Integration**  
+  - Continuous sync with central knowledge base (CKB).  
+  - Last sync timestamp displayed in UI.  
+  - LLMs restricted to answering only from CKB content.  
+  - “I don’t know” payload returned when confidence is low.  
+
+- **Citations & Transparency**  
+  - All responses are accompanied with **clear citations**.  
+
+- **Analytics & Monitoring**  
+  - External **Langfuse dashboard** for API usage, inference trends, cost analysis, and performance logs.  
+  - Agencies can configure cost alerts and view alerts via LLM Alerts UI.  
+  - Logs integrated with **Grafana Loki**.  

pyproject.toml

@@ -0,0 +1,49 @@
+[project]
+name = "rag-module"
+version = "0.1.0"
+description = "Add your description here"
+readme = "README.md"
+requires-python = "==3.12.10"
+dependencies = [
+    "pyright>=1.1.404",
+    "pytest>=8.4.1",
+]
+
+[tool.pyright]
+# --- Environment & discovery ---
+pythonVersion = "3.12.10"          # Target Python semantics (pattern matching, typing features, stdlib types).
+venvPath = "."                   # Where virtual envs live relative to repo root.
+venv = ".venv"                   # The specific env name uv manages (uv sync creates .venv).
+
+# --- What to analyze ---
+include = ["src", "tests"]       # Top-level packages & tests to check.
+exclude = [
+  "**/.venv", "**/__pycache__", "build", "dist", ".git",
+  ".ruff_cache", ".mypy_cache"
+]
+
+# --- Global strictness ---
+typeCheckingMode = "strict"      # Enforce full strict mode repo-wide (see notes below).
+useLibraryCodeForTypes = true    # If a lib lacks stubs, inspect its code to infer types where possible.
+
+# Make the most common "loose" mistakes fail fast in strict mode.
+# You can tune these individually if you need a temporary carve-out.
+reportMissingTypeStubs = "error"           # Untyped third-party libs must have type info (stubs or inline).
+reportUnknownVariableType = "error"        # Vars with unknown/implicit Any are not allowed.
+reportUnknownMemberType = "error"          # Members on unknowns are not allowed.
+reportUnknownArgumentType = "error"        # Call arguments can't be unknown.
+reportUnknownLambdaType = "error"          # Lambda params must be typed in strict contexts.
+reportImplicitOptional = "error"           # T | None must be explicit; no silent Optional.
+reportMissingTypeArgument = "error"        # Generic types must specify their parameters.
+reportIncompatibleVariableOverride = "error"   # Subclass fields must type-refine correctly.
+reportInvalidTypeVarUse = "error"          # Catch misuse of TypeVar/variance.
+reportUntypedFunctionDecorator = "error"   # Decorators must be typed (prevents Any leakage).
+reportUnusedVariable = "error"           # Ditto; promote to "error" if you want hard hygiene.
+reportUnusedImport = "warning"             # Hygiene: warn, but don’t fail builds.
+
+
+# Tests often deserialize lots of data and patch frameworks; keep them strict,
+# but relax "missing stubs" so untyped test-only libs don’t block you.
+[[tool.pyright.overrides]]
+module = "tests/**"
+reportMissingTypeStubs = "warning"

src/main.py

@@ -0,0 +1,7 @@
+def main():
+    ""
+    print("Hello from rag-module!")
+
+
+if __name__ == "__main__":
+    main()