DEFRA defra-ai-sdlc .cursorrules file for unknown

# Defra Coder Review API

## Project Context
A Python API that uses AI Agents to asynchronously check a code base against multiple standards

## Language
- Python

## Tech Stack
- FastAPI
- Anthropic (Claude)
- MongoDB (Database)

## Project Structure
```
project_name/
├── src/                   # Main source code directory
│   ├── __init__.py
│   ├── module1.py
│   └── module2.py
├── tests/                 # Test files
│   ├── __init__.py
│   ├── test_module1.py
│   └── test_module2.py
├── docs/                  # Documentation files
│   ├── README.md
│   └── CONTRIBUTING.md
├── scripts/               # Utility scripts
│   └── script_name.py
├── .env                   # Environment variables
├── .gitignore
└── README.md
```

## Code Organization
- **Self-Documenting Code:** Use descriptive names for variables, functions, and classes. Avoid overly generic names
- **Module-Level Context Headers:** Each file/module must start with a brief description of its purpose and dependencies
- **Logical Chunk Boundaries:** Organize code into coherent segments (e.g., one function or class per chunk)
- **Metadata for Chunking:** Include metadata (e.g., @chunk, @context) in comments to help with code retrieval and grouping
- **Cross-Referencing:** Add "See also" or "Related to" comments for interdependent logic
- **Error Handling Rationale:** Provide comments explaining why exceptions are raised or caught
- **Examples and Test References:** Provide short examples or link test cases in docstrings
- **Architectural Markers:** Use markers for patterns, layers, and data flow notes to map code snippets to architecture

## Coding Standards

### Base Style
- PEP 8

### Type Checking 
- Tool: Pyright

### Linting
- Tool: Pylint

## Rules

### Indentation
- Spaces: 4
- Tabs: Not allowed

### Line Length
- Maximum: 79 characters

### Docstrings
- Required: Yes
- Style: Google

### Naming Conventions
- Variables: snake_case
- Functions: snake_case
- Classes: PascalCase
- Constants: UPPER_SNAKE_CASE

### Typing
- Type Hints: Required
- Strictness: High

### Imports
- **Order:** PEP 8 compliant
- **Unused Imports:** Remove all unused imports using tools like `pylint`
- **Import Style:**
  - Use absolute imports over relative imports
  - Group imports:
    1. Standard library imports
    2. Third-party imports
    3. Local application imports
  - Separate groups with a blank line

### Code Readability
- **Comments:** Required for non-obvious logic
- **Nested Blocks:**
  - Limit: 3 levels
  - Suggestion: Refactor when exceeding the limit
- **Function Size:**
  - Maximum Lines: 50
  - Suggestion: Split into smaller functions if exceeded
- **Class Size:**
  - Maximum Lines: 300
  - Suggestion: Refactor into smaller classes if exceeded

### Linting Strictness
- Level: High

## Testing
- Tool: pytest
- Write tests covering functionality (not implementation):
  - **API Testing:** Validate input/output
  - **UI Testing:** Test expected behaviors
  - Mock external dependencies (e.g., databases, APIs)
- Coverage Tool: pytest-cov

## Logging

### Configuration
- Core configuration in `src/logging_config.py`
- Log levels controlled via environment variables:
  - `FILE_LOG_LEVEL` and `CONSOLE_LOG_LEVEL`
  - Default: ERROR
- Use structured logging format

### Logger Usage
- Setup logger in each module:
```python
from src.logging_config import setup_logger
logger = setup_logger("module.submodule")
```
- Use appropriate log levels:
  - ERROR: Immediate attention needed
  - WARNING: Potential issues
  - INFO: Important events
  - DEBUG: Detailed debug info

## Git Usage

### Commit Message Prefixes
- `fix:` for bug fixes
- `feat:` for new features
- `perf:` for performance improvements
- `docs:` for documentation updates
- `style:` for formatting changes
- `refactor:` for code refactoring
- `test:` for adding missing tests
- `chore:` for maintenance tasks

### Commit Guidelines
- Use lowercase for messages
- Keep the summary line concise
- Reference issue numbers when applicable

## Security Guidelines

* Never hard-code secrets (use environment variables or secret manager)
* Regular dependency updates and vulnerability checks
* Input validation and sanitization
* Encryption for sensitive data (transit and rest)
`