-
Notifications
You must be signed in to change notification settings - Fork 2
Governance Standards Application Python
Standards for generated Python application code, including project structure, dependency management, and Azure SDK patterns.
Domain: application
| Check | Description |
|---|---|
| STAN-PY-001 | Use Azure SDK with DefaultAzureCredential: Always use DefaultAzureCredential from azure-identity for authenticating to Azure services. This works with managed identity in Azure and developer credentials locally. |
| STAN-PY-002 | Project Structure: Python projects must have a clear structure: src/ for application code, tests/ for tests, requirements.txt or pyproject.toml for dependencies. Use packages (directories with __init__.py) for logical grouping. |
| STAN-PY-003 | Configuration via Environment Variables: Use environment variables for all configuration (loaded via os.environ or a settings class). Never hardcode service URLs, ports, or feature flags. |
| STAN-PY-004 | Async for I/O-Bound Operations: Use async/await for HTTP handlers, database queries, and external API calls. Synchronous I/O blocks the event loop and reduces throughput. |
| STAN-PY-005 | Type Annotations: Use type annotations on all function signatures and return types. This enables IDE support, documentation, and static analysis. |
Use Azure SDK with DefaultAzureCredential: Always use DefaultAzureCredential from azure-identity for authenticating to Azure services. This works with managed identity in Azure and developer credentials locally.
Rationale: DefaultAzureCredential provides seamless authentication across local dev and managed identity in production.
Agents: python-developer
- from azure.identity import DefaultAzureCredential
- credential = DefaultAzureCredential()
- Never pass connection strings when managed identity is available
Project Structure: Python projects must have a clear structure: src/ for application code, tests/ for tests, requirements.txt or pyproject.toml for dependencies. Use packages (directories with init.py) for logical grouping.
Rationale: Pinned dependencies ensure reproducible builds and prevent unexpected breaking changes.
Agents: python-developer
- src/app/ — application package
- src/app/main.py — entry point
- src/app/routes/ — API route handlers
- src/app/services/ — business logic
- tests/ — test files
Configuration via Environment Variables: Use environment variables for all configuration (loaded via os.environ or a settings class). Never hardcode service URLs, ports, or feature flags.
Rationale: Parameterized configurations allow reuse across environments and prevent hardcoded values.
Agents: python-developer
- import os; port = int(os.environ.get('PORT', 8080))
- Use pydantic Settings class for type-safe config
Async for I/O-Bound Operations: Use async/await for HTTP handlers, database queries, and external API calls. Synchronous I/O blocks the event loop and reduces throughput.
Rationale: Following established standards ensures consistency, quality, and maintainability across the codebase.
Agents: python-developer
- async def get_items(db: AsyncSession) -> list[Item]:
- Use aiohttp or httpx for async HTTP clients
Type Annotations: Use type annotations on all function signatures and return types. This enables IDE support, documentation, and static analysis.
Rationale: Following established standards ensures consistency, quality, and maintainability across the codebase.
Agents: python-developer
- def get_user(user_id: str) -> User | None:
- async def create_order(order: OrderCreate) -> OrderResponse:
Getting Started
Stages
Interfaces
Configuration
Agent System
Features
- Backlog Generation
- Cost Analysis
- Error Analysis
- Docs & Spec Kit
- MCP Integration
- Knowledge System
- Escalation
Quality
Help
Policies — Azure
AI Services
Compute
Data Services
- Azure SQL
- Backup Vault
- Cosmos Db
- Data Factory
- Databricks
- Event Grid
- Event Hubs
- Fabric
- IoT Hub
- Mysql Flexible
- Postgresql Flexible
- Recovery Services
- Redis Cache
- Service Bus
- Stream Analytics
- Synapse Workspace
Identity
Management
Messaging
Monitoring
Networking
- Application Gateway
- Bastion
- CDN
- DDoS Protection
- DNS Zones
- Expressroute
- Firewall
- Load Balancer
- Nat Gateway
- Network Interface
- Private Endpoints
- Public Ip
- Route Tables
- Traffic Manager
- Virtual Network
- Vpn Gateway
- WAF Policy
Security
Storage
Web & App
Policies — Well-Architected
Reliability
Security
Cost Optimization
Operational Excellence
Performance Efficiency
Integration