| name | MLOps Validation |
| description | Guide to implement rigorous validation layers including static analysis, automated testing, structured logging, and security scanning. |
MLOps Validation
Goal
To ensure software quality, reliability, and security through automated validation layers. This skill enforces Strict Typing (ty), Unified Linting (ruff), Comprehensive Testing (pytest), and Structured Logging (loguru).
Prerequisites
- Language: Python
- Manager:
uv
- Context: Ensuring code quality before merge/deploy.
Instructions
1. Static Analysis (Typing & Linting)
Catch errors before they run.
- Typing:
- Tool:
ty.
- Rule: No
Any (unless absolutely necessary). Fully typed function signatures.
- DataFrames: Use
pandera schemas to validate DataFrame structures/types.
- Classes: Use
pydantic for data modeling and runtime validation.
- Linting & Formatting:
- Tool:
ruff (replaces black, isort, pylint, flake8).
- Rule: Zero tolerance for linter errors. Use
noqa sparingly and with justification.
- Config: Centralize in
pyproject.toml.
2. Testing Strategy
Verify behavior and prevent regressions.
-
Tool: pytest.
-
Structure: Mirror src/ in tests/.
src/pkg/mod.py -> tests/test_mod.py
-
Fixtures: Use tests/conftest.py for shared setup (mock data, temp paths).
-
Coverage: Aim for high coverage (>80%) on core business logic. Use pytest-cov.
-
Pattern: Use Given-When-Then in comments.
def test_pipeline_execution(input_data):
3. Structured Logging
Enable observability and debugging.
- Tool:
loguru (replacing stdlib logging).
- Format: Use structured logging (JSON) in production for queryability.
- Levels:
DEBUG: Low-level tracing (payloads, internal state).
INFO: Key business events (Job started, Model saved).
ERROR: Actionable failures (with stack traces).
- Context: Include context (Job ID, Model Version) in logs.
4. Security
Protect the supply chain and runtime.
- Dependencies: Use
GitHub Dependabot to patch vulnerable packages.
- Code Scanning: Run
bandit to detect hardcoded secrets or unsafe patterns (e.g., eval, yaml.load).
- Secrets: NEVER log secrets. Sanitize outputs.
Self-Correction Checklist