Governance Standards Application Python - Azure/az-prototype GitHub Wiki
Standards for generated Python application code, including project structure, dependency management, and Azure SDK patterns.
Domain: application
| Check | Description |
|---|---|
| STAN-PY-001 | Use Azure SDK with DefaultAzureCredential: Always use DefaultAzureCredential from azure-identity for authenticating to Azure services. This works with managed identity in Azure and developer credentials locally. |
| STAN-PY-002 | Project Structure: Python projects must have a clear structure: src/ for application code, tests/ for tests, requirements.txt or pyproject.toml for dependencies. Use packages (directories with __init__.py) for logical grouping. |
| STAN-PY-003 | Configuration via Environment Variables: Use environment variables for all configuration (loaded via os.environ or a settings class). Never hardcode service URLs, ports, or feature flags. |
| STAN-PY-004 | Async for I/O-Bound Operations: Use async/await for HTTP handlers, database queries, and external API calls. Synchronous I/O blocks the event loop and reduces throughput. |
| STAN-PY-005 | Type Annotations: Use type annotations on all function signatures and return types. This enables IDE support, documentation, and static analysis. |
Use Azure SDK with DefaultAzureCredential: Always use DefaultAzureCredential from azure-identity for authenticating to Azure services. This works with managed identity in Azure and developer credentials locally.
Rationale: DefaultAzureCredential provides seamless authentication across local dev and managed identity in production.
Agents: python-developer
- from azure.identity import DefaultAzureCredential
- credential = DefaultAzureCredential()
- Never pass connection strings when managed identity is available
Project Structure: Python projects must have a clear structure: src/ for application code, tests/ for tests, requirements.txt or pyproject.toml for dependencies. Use packages (directories with init.py) for logical grouping.
Rationale: Pinned dependencies ensure reproducible builds and prevent unexpected breaking changes.
Agents: python-developer
- src/app/ — application package
- src/app/main.py — entry point
- src/app/routes/ — API route handlers
- src/app/services/ — business logic
- tests/ — test files
Configuration via Environment Variables: Use environment variables for all configuration (loaded via os.environ or a settings class). Never hardcode service URLs, ports, or feature flags.
Rationale: Parameterized configurations allow reuse across environments and prevent hardcoded values.
Agents: python-developer
- import os; port = int(os.environ.get('PORT', 8080))
- Use pydantic Settings class for type-safe config
Async for I/O-Bound Operations: Use async/await for HTTP handlers, database queries, and external API calls. Synchronous I/O blocks the event loop and reduces throughput.
Rationale: Following established standards ensures consistency, quality, and maintainability across the codebase.
Agents: python-developer
- async def get_items(db: AsyncSession) -> list[Item]:
- Use aiohttp or httpx for async HTTP clients
Type Annotations: Use type annotations on all function signatures and return types. This enables IDE support, documentation, and static analysis.
Rationale: Following established standards ensures consistency, quality, and maintainability across the codebase.
Agents: python-developer
- def get_user(user_id: str) -> User | None:
- async def create_order(order: OrderCreate) -> OrderResponse: