Tracked as ENG-25 in ENGINEERING_AUDIT.md.
Severity: Moderate
Problem
ruff's complexity checks are silenced in-line via # noqa at 69 sites across the codebase (C901, PLR0912, PLR0915, PLR0913). The presence of so many is a code-smell canary: these are exactly the functions most likely to grow SEC-NN-style bugs (they are complex enough that no single reader can hold them in their head). SEC-21 sub-items 1-9 all live inside functions that carry these suppressions.
Fix direction
Treat each noqa: C901 as a refactor candidate. Pick the worst offender per release cycle and split it. Track progress in a checklist.
Acceptance
- Document a target (e.g. "halve the suppression count by v2.0").
- Each release lowers the count.
- New code does not add
noqa: C901 without a comment explaining why a refactor is deferred.
Notes
This is a long-running effort, not a single PR. A good way to chunk it is: one suppression removed per code-review cycle in the relevant module.
Tracked as ENG-25 in
ENGINEERING_AUDIT.md.Severity: Moderate
Problem
ruff's complexity checks are silenced in-line via
# noqaat 69 sites across the codebase (C901,PLR0912,PLR0915,PLR0913). The presence of so many is a code-smell canary: these are exactly the functions most likely to grow SEC-NN-style bugs (they are complex enough that no single reader can hold them in their head). SEC-21 sub-items 1-9 all live inside functions that carry these suppressions.Fix direction
Treat each
noqa: C901as a refactor candidate. Pick the worst offender per release cycle and split it. Track progress in a checklist.Acceptance
noqa: C901without a comment explaining why a refactor is deferred.Notes
This is a long-running effort, not a single PR. A good way to chunk it is: one suppression removed per code-review cycle in the relevant module.