Background
The fido2 library (python-fido2 v2.0) doesn't provide complete type annotations for all its classes. Specifically, HmacSecretExtension in fido2.ctap2.extensions is untyped.
Currently we use # type: ignore[no-untyped-call] in two places in src/kdbxtool/security/fido2.py (lines 175 and 339).
Proposed Solution
Add a minimal stub file:
# stubs/fido2/ctap2/extensions.pyi
from fido2.ctap2.base import Ctap2Extension
class HmacSecretExtension(Ctap2Extension):
def __init__(self, allow_hmac_secret: bool = True) -> None: ...Tradeoffs
Pros:
- Cleaner code without type: ignore comments
- mypy can verify usage of the extension object
Cons:
- Maintenance burden if fido2 API changes
- Stubs can drift from actual library behavior
- Risk of false confidence if stubs are wrong
Decision Factors
- Only 2 call sites currently affected
- HmacSecretExtension constructor is simple and unlikely to change
- Could also contribute stubs upstream to python-fido2
References
src/kdbxtool/security/fido2.py:175src/kdbxtool/security/fido2.py:339
Background
The
fido2library (python-fido2 v2.0) doesn't provide complete type annotations for all its classes. Specifically,HmacSecretExtensioninfido2.ctap2.extensionsis untyped.Currently we use
# type: ignore[no-untyped-call]in two places insrc/kdbxtool/security/fido2.py(lines 175 and 339).Proposed Solution
Add a minimal stub file:
Tradeoffs
Pros:
Cons:
Decision Factors
References
src/kdbxtool/security/fido2.py:175src/kdbxtool/security/fido2.py:339