---

name: django-verification description: "Verification loop for Django projects: migrations, linting, tests with coverage, security scans, and deployment readiness checks before release or PR." origin: ECC

Django Verification Loop

Run before PRs, after major changes, and pre-deploy to ensure Django application quality and security.

When to Activate

• Before opening a pull request for a Django project
• After major model changes, migration updates, or dependency upgrades
• Pre-deployment verification for staging or production
• Running full environment → lint → test → security → deploy readiness pipeline
• Validating migration safety and test coverage

Phase 1: Environment Check

# Verify Python version
python --version  # Should match project requirements

# Check virtual environment
which python
pip list --outdated

# Verify environment variables
python -c "import os; import environ; print('DJANGO_SECRET_KEY set' if os.environ.get('DJANGO_SECRET_KEY') else 'MISSING: DJANGO_SECRET_KEY')"

If environment is misconfigured, stop and fix.

Phase 2: Code Quality & Formatting

# Type checking
mypy . --config-file pyproject.toml

# Linting with ruff
ruff check . --fix

# Formatting with black
black . --check
black .  # Auto-fix

# Import sorting
isort . --check-only
isort .  # Auto-fix

# Django-specific checks
python manage.py check --deploy

Common issues:

• Missing type hints on public functions
• PEP 8 formatting violations
• Unsorted imports
• Debug settings left in production configuration

Phase 3: Migrations

# Check for unapplied migrations
python manage.py showmigrations

# Create missing migrations
python manage.py makemigrations --check

# Dry-run migration application
python manage.py migrate --plan

# Apply migrations (test environment)
python manage.py migrate

# Check for migration conflicts
python manage.py makemigrations --merge  # Only if conflicts exist

Report:

• Number of pending migrations
• Any migration conflicts
• Model changes without migrations

Phase 4: Tests + Coverage

# Run all tests with pytest
pytest --cov=apps --cov-report=html --cov-report=term-missing --reuse-db

# Run specific app tests
pytest apps/users/tests/

# Run with markers
pytest -m "not slow"  # Skip slow tests
pytest -m integration  # Only integration tests

# Coverage report
open htmlcov/index.html

Report:

• Total tests: X passed, Y failed, Z skipped
• Overall coverage: XX%
• Per-app coverage breakdown

Coverage targets:

| Component | Target | |-----------|--------| | Models | 90%+ | | Serializers | 85%+ | | Views | 80%+ | | Services | 90%+ | | Overall | 80%+ |

Phase 5: Security Scan

# Dependency vulnerabilities
pip-audit
safety check --full-report

# Django security checks
python manage.py check --deploy

# Bandit security linter
bandit -r . -f json -o bandit-report.json

# Secret scanning (if gitleaks is installed)
gitleaks detect --source . --verbose

# Environment variable check
python -c "from django.core.exceptions import ImproperlyConfigured; from django.conf import settings; settings.DEBUG"

Report:

• Vulnerable dependencies found
• Security configuration issues
• Hardcoded secrets detected
• DEBUG mode status (should be False in production)

Phase 6: Django Management Commands

# Check for model issues
python manage.py check

# Collect static files
python manage.py collectstatic --noinput --clear

# Create superuser (if needed for tests)
echo "from apps.users.models import User; User.objects.create_superuser('admin@example.com', 'admin')" | python manage.py shell

# Database integrity
python manage.py check --database default

# Cache verification (if using Redis)
python -c "from django.core.cache import cache; cache.set('test', 'value', 10); print(cache.get('test'))"

Phase 7: Performance Checks

# Django Debug Toolbar output (check for N+1 queries)
# Run in dev mode with DEBUG=True and access a page
# Look for duplicate queries in SQL panel

# Query count analysis
django-admin debugsqlshell  # If django-debug-sqlshell installed

# Check for missing indexes
python manage.py shell << EOF
from django.db import connection
with connection.cursor() as cursor:
    cursor.execute("SELECT table_name, index_name FROM information_schema.statistics WHERE table_schema = 'public'")
    print(cursor.fetchall())
EOF

Report:

• Number of queries per page (should be < 50 for typical pages)
• Missing database indexes
• Duplicate queries detected

Phase 8: Static Assets

# Check for npm dependencies (if using npm)
npm audit
npm audit fix

# Build static files (if using webpack/vite)
npm run build

# Verify static files
ls -la staticfiles/
python manage.py findstatic css/style.css

Phase 9: Configuration Review

# Run in Python shell to verify settings
python manage.py shell << EOF
from django.conf import settings
import os

# Critical checks
checks = {
    'DEBUG is False': n