Stability checkpoint Python — industrial baseline Achievements vs stable-py-v0.5.0 : - ADR-0007 industrial Python practices : 13 decisions documented + applied - Type max : Final/Literal/TypeAlias (PEP 695) across all modules - Coverage 83.55% → 90.21% (127 tests, was 98) + cov-fail-under=90 gate - Hypothesis property-based tests (8) on JWT round-trip / DTO bounds / LIFO buffer - import-linter : 4 architectural contracts (config-leaf, db↔kafka indep, integration adapters, observability-leaf) - pytest-benchmark : 6 hot-path microbenchmarks (JWT 9µs, bcrypt 280ms) - Pydantic models for Todo / OllamaResponse (was dict aliases) - pip-audit CVE gate : 3 CVEs fixed (pytest 9.0.3, fastapi 0.136.1, starlette 1.0.0) - mutmut configured (CI blocked on upstream bug) - kafka_client integration tests (5) via testcontainers - renovate.json : Python flavor (FastAPI/Pydantic/SQLAlchemy/OTel groups) CI/runner : - group-level gitlab-runner (52880082) replaces 2 project-level java/ui runners - Python default_branch corrected dev → main (root cause of missing post-merge pipelines) - check-default-branch.sh + runner healthcheck cron in shared submodule - All 4 mirador1 pipelines green Validation : pipeline #70 main green (cov 90.29%, 127 tests, mypy strict ✓)