feat: align xarf-python with XARF v4 spec and JavaScript reference

.github/QUICK_START.md

@@ -29,7 +29,7 @@ Settings → Branches → Add rule
 Branch: main
 ☑ Require status checks:
   - Quality Checks / quality-checks
-  - Test Suite / test  
+  - Test Suite / test
   - CI Summary / ci-summary
 ☑ Require PR reviews: 1 approval
 ```

.github/workflows/ci.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
+        python-version: ['3.9', '3.10', '3.11', '3.12', '3.13']
 
     steps:
       - uses: actions/checkout@v4
@@ -41,39 +41,8 @@ jobs:
           fail_ci_if_error: false
 
   code-quality:
-    name: Code Quality - ${{ matrix.check.name }}
+    name: Code Quality
     runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        check:
-          - name: "Format (black)"
-            cmd: "black --check ."
-            error: false
-          - name: "Imports (isort)"
-            cmd: "isort --check-only --profile black ."
-            error: false
-          - name: "Linting (flake8)"
-            cmd: "flake8 xarf/ tests/"
-            error: false
-          - name: "Security (bandit)"
-            cmd: "bandit -r xarf/ -ll"
-            error: false
-          - name: "Types (mypy)"
-            cmd: "mypy xarf/"
-            error: false
-          - name: "Complexity (radon)"
-            cmd: "radon cc xarf/ -a -nb"
-            error: false
-          - name: "Maintainability (radon)"
-            cmd: "radon mi xarf/ -nb"
-            error: false
-          - name: "Docstrings (pydocstyle)"
-            cmd: "pydocstyle xarf/"
-            error: false
-          - name: "Dead code (vulture)"
-            cmd: "vulture xarf/ .vulture_whitelist.py --min-confidence 80"
-            error: false
 
     steps:
       - uses: actions/checkout@v4
@@ -89,6 +58,23 @@ jobs:
           python -m pip install --upgrade pip
           pip install -e ".[dev,test]"
 
-      - name: Run ${{ matrix.check.name }}
-        run: ${{ matrix.check.cmd }}
-        continue-on-error: ${{ matrix.check.error }}
+      - name: Lint (ruff)
+        run: ruff check . --output-format=github
+
+      - name: Format (ruff)
+        run: ruff format --check .
+
+      - name: Types (mypy)
+        run: mypy --strict xarf/
+
+      - name: Docstrings (pydocstyle)
+        run: pydocstyle xarf/
+
+      - name: Dead code (vulture)
+        run: vulture xarf/ .vulture_whitelist.py --min-confidence 80
+
+      - name: Complexity (radon)
+        run: radon cc xarf/ -a -nb
+
+      - name: Maintainability (radon)
+        run: radon mi xarf/ -nb

.pre-commit-config.yaml

@@ -4,42 +4,20 @@
 # Update hooks: pre-commit autoupdate
 
 repos:
-  # Code formatting - black
-  - repo: https://github.com/psf/black
-    rev: 24.10.0
+  # Ruff - Fast Python linter and formatter (replaces black, isort, flake8, bandit)
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.14.0
     hooks:
-      - id: black
-        args: [--line-length=88]
-
-  # Import sorting - isort
-  - repo: https://github.com/PyCQA/isort
-    rev: 5.13.2
-    hooks:
-      - id: isort
-        args: [--profile=black, --line-length=88]
-
-  # Linting - flake8
-  - repo: https://github.com/PyCQA/flake8
-    rev: 7.1.1
-    hooks:
-      - id: flake8
-        args: [--max-line-length=100, --extend-ignore=E203,W503,C901]
-        additional_dependencies: [flake8-docstrings]
-
-  # Security scanning - bandit
-  - repo: https://github.com/PyCQA/bandit
-    rev: 1.7.10
-    hooks:
-      - id: bandit
-        args: [-r, xarf/, -ll]
-        exclude: ^tests/
+      - id: ruff
+        args: [--fix, --exit-non-zero-on-fix]
+      - id: ruff-format
 
   # Type checking - mypy
   - repo: https://github.com/pre-commit/mirrors-mypy
     rev: v1.13.0
     hooks:
       - id: mypy
-        args: [--strict, --python-version=3.8]
+        args: [--strict, --ignore-missing-imports]
         additional_dependencies: [pydantic>=2.0.0, types-python-dateutil]
         files: ^xarf/
 
@@ -59,31 +37,13 @@ repos:
         files: ^xarf/
         exclude: ^tests/
 
-  # Code complexity - radon
-  - repo: local
-    hooks:
-      - id: radon-cc
-        name: radon complexity check
-        entry: radon
-        language: system
-        args: [cc, xarf/, -a, -nb]
-        files: ^xarf/.*\.py$
-        pass_filenames: false
-      - id: radon-mi
-        name: radon maintainability check
-        entry: radon
-        language: system
-        args: [mi, xarf/, -nb]
-        files: ^xarf/.*\.py$
-        pass_filenames: false
-
-  # YAML validation
+  # General file checks
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v5.0.0
     hooks:
       - id: check-yaml
       - id: check-json
-        exclude: ^\.vscode/.*\.json$
+        exclude: ^(\.vscode/.*\.json$|tests/shared/samples/invalid/malformed_data/)
       - id: check-toml
       - id: end-of-file-fixer
       - id: trailing-whitespace
@@ -95,13 +55,6 @@ repos:
       - id: mixed-line-ending
         args: [--fix=lf]
 
-  # Python security checks
-  - repo: https://github.com/Lucas-C/pre-commit-hooks-safety
-    rev: v1.3.3
-    hooks:
-      - id: python-safety-dependencies-check
-        files: pyproject.toml
-
 # CI/CD equivalent hooks (informational only, not blocking)
 ci:
   autofix_commit_msg: |
@@ -112,5 +65,4 @@ ci:
   autoupdate_branch: ''
   autoupdate_commit_msg: '[pre-commit.ci] pre-commit autoupdate'
   autoupdate_schedule: weekly
-  skip: [python-safety-dependencies-check]
   submodules: false

CODE_OF_CONDUCT.md

@@ -45,4 +45,3 @@ Attribution
 This Code of Conduct is adapted from the Contributor Covenant, version 2.1, available at https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
 Community Impact Guidelines were inspired by Mozilla’s code of conduct enforcement ladder.
 For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.
-

CONTRIBUTING.md

@@ -134,17 +134,17 @@ xarf/
 ```python
 def parse_report(self, json_data: Union[str, Dict[str, Any]]) -> XARFReport:
     """Parse XARF report from JSON data.
-    
+
     Args:
         json_data: JSON string or dictionary containing XARF report data
-        
+
     Returns:
         XARFReport: Parsed and validated report object
-        
+
     Raises:
         XARFParseError: If JSON parsing fails
         XARFValidationError: If validation fails in strict mode
-        
+
     Example:
         >>> parser = XARFParser()
         >>> report = parser.parse('{"xarf_version": "4.0.0", ...}')
@@ -171,30 +171,30 @@ except XARFParseError as e:
 ```python
 class TestMessagingReports:
     """Test parsing of messaging class reports."""
-    
+
     def test_valid_spam_report(self):
         """Test parsing of valid spam report."""
         report_data = {
             "xarf_version": "4.0.0",
             # ... complete valid data
         }
-        
+
         parser = XARFParser()
         report = parser.parse(report_data)
-        
+
         assert isinstance(report, MessagingReport)
         assert report.class_ == "messaging"
         assert report.type == "spam"
-    
+
     def test_missing_required_field(self):
         """Test handling of missing required fields."""
         invalid_data = {"xarf_version": "4.0.0"}  # Missing required fields
-        
+
         parser = XARFParser(strict=True)
-        
+
         with pytest.raises(XARFValidationError) as exc_info:
             parser.parse(invalid_data)
-        
+
         assert "Missing required fields" in str(exc_info.value)
 ```
 
@@ -276,4 +276,4 @@ Contributors are recognized through:
 - **Long-term support** commitment
 - **Comprehensive documentation**
 
-Thank you for helping make XARF parsing reliable and efficient! 🐍
+Thank you for helping make XARF parsing reliable and efficient! 🐍

LICENSE

@@ -18,4 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+SOFTWARE.

PIPELINE_SUMMARY.md

@@ -1,7 +1,7 @@
 # XARF Python Parser - CI/CD Pipeline Implementation Summary
 
-**Created**: 2025-11-20  
-**Based on**: abusix-parsers quality standards  
+**Created**: 2025-11-20
+**Based on**: abusix-parsers quality standards
 **Status**: ✅ Complete and Ready for Use
 
 ---
@@ -105,7 +105,7 @@ Push/PR → continuous-integration.yml
 ```
 Every Monday 9 AM UTC (or manual)
   ├─ pip-audit
-  ├─ bandit  
+  ├─ bandit
   ├─ trivy
   └─ Create issue if failures
 ```
@@ -154,14 +154,14 @@ All based on abusix-parsers standards:
 
 ## Memory Key
 
-**Storage Location**: 
+**Storage Location**:
 ```
 /Users/tknecht/Projects/xarf/xarf-parser-python/docs/ci-cd-pipeline-design.md
 ```
 
 **Memory Key**: `xarf-python/workflows`
 
-**Quick Reference**: 
+**Quick Reference**:
 ```
 /Users/tknecht/Projects/xarf/xarf-parser-python/PIPELINE_SUMMARY.md
 ```
@@ -224,9 +224,9 @@ Select: ☑ Publish to Test PyPI
 
 ---
 
-**Pipeline Status**: ✅ Production Ready  
-**Documentation**: ✅ Complete  
-**Testing**: ⏳ Awaiting GitHub setup  
+**Pipeline Status**: ✅ Production Ready
+**Documentation**: ✅ Complete
+**Testing**: ⏳ Awaiting GitHub setup
 **Deployment**: ⏳ Awaiting PyPI configuration
 
 **All files are located at**: `/Users/tknecht/Projects/xarf/xarf-parser-python/`