detectflow-matchnode/pyproject.toml at main · Ginger-Headed/detectflow-matchnode · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
[project]
name = "detectflow-matchnode"
version = "0.9.3"
description = "Real-time threat detection with Apache Flink and Sigma rules"
requires-python = ">=3.10"
authors = [
    {name = "Vladyslav Gumeniuk", email = "vladyslav.gumeniuk@socprime.com"}
]

dependencies = [
    "apache-flink==2.2.0",
    "polars>=1.0.0",
    "PyYAML>=6.0.2",
    "orjson>=3.10.18",
    "pydantic>=2.10.4",
    "pydantic-settings>=2.7.0",
    "structlog>=25.4.0",
    "confluent-kafka>=2.12.1",
    "schema-parser",
]

[project.scripts]
flink-sigma-detector = "app.main:main"

[build-system]
requires = ["hatchling"]
build-backend = "hatchling.build"

[tool.hatch.build.targets.wheel]
packages = ["app"]

[tool.uv]
managed = true              # Mark as uv-managed project
package = true              # Enable package management
default-groups = ["dev"]    # Auto-install dev dependencies
# apache-flink==2.2.0 → apache-beam<=2.61.0 → pyarrow<17.0.0
# pyarrow 16.x has known CVEs; override to a patched version
override-dependencies = [
    "pyarrow>=18.0.0",
]

[tool.uv.sources]
schema-parser = { git = "https://github.com/socprime/detectflow-parser.git", tag = "v0.2.3" }

[dependency-groups]
dev = [
    "pytest>=8.0.0",
    "ruff>=0.8.0",
    "pre-commit>=4.3.0",
    "pytest-mock>=3.15.1",
]

[tool.ruff]
line-length = 100
target-version = "py310"

# Ruff linting rules
lint.select = [
    "E",   # pycodestyle errors
    "W",   # pycodestyle warnings
    "F",   # pyflakes
    "I",   # isort
    "N",   # pep8-naming
    "UP",  # pyupgrade
    "B",   # flake8-bugbear
    "C4",  # flake8-comprehensions
]

lint.ignore = [
    "E501",  # line too long (handled by formatter)
]

# Format settings
format.quote-style = "double"
format.indent-style = "space"