busya/ss-tools
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: busya:026-dashboard-health-windows
Branches Tags
busya:migration busya:027-dataset-llm-orchestration busya:master busya:026-dashboard-health-windows busya:025-clean-release-compliance busya:024-user-dashboard-filter busya:023-clean-repo-enterprise busya:020-clean-repo-enterprise busya:022-sync-id-cross-filters busya:022-id-sync-cross-filter busya:021-llm-project-assistant busya:001-unify-frontend-style busya:020-task-reports-design busya:019-superset-ux-redesign busya:018-task-logging-v2 busya:017-llm-analysis-plugin busya:016-multi-user-auth busya:015-frontend-nav-redesign busya:014-file-storage-ui busya:013-unify-frontend-css busya:011-git-integration-dashboard busya:012-remove-superset-tool busya:010-refactor-cli-to-web busya:009-backup-scheduler busya:008-migration-ui-improvements busya:007-migration-dashboard-grid busya:001-migration-dashboard-grid busya:006-configurable-belief-logs busya:001-migration-ui-redesign busya:001-fix-ui-ws-validation
busya:v1.0.0-rc2-docker busya:v1.0.0-rc2
..
compare: busya:a127aa07dfb6743388d3214fa701add6c6b321a7
Branches Tags
busya:027-dataset-llm-orchestration busya:master busya:026-dashboard-health-windows busya:025-clean-release-compliance busya:024-user-dashboard-filter busya:023-clean-repo-enterprise busya:020-clean-repo-enterprise busya:022-sync-id-cross-filters busya:022-id-sync-cross-filter busya:021-llm-project-assistant busya:001-unify-frontend-style busya:020-task-reports-design busya:019-superset-ux-redesign busya:018-task-logging-v2 busya:017-llm-analysis-plugin busya:016-multi-user-auth busya:015-frontend-nav-redesign busya:014-file-storage-ui busya:013-unify-frontend-css busya:011-git-integration-dashboard busya:012-remove-superset-tool busya:010-refactor-cli-to-web busya:009-backup-scheduler busya:008-migration-ui-improvements busya:007-migration-dashboard-grid busya:001-migration-dashboard-grid busya:006-configurable-belief-logs busya:migration busya:001-migration-ui-redesign busya:001-fix-ui-ws-validation
busya:v1.0.0-rc2-docker busya:v1.0.0-rc2

174 Commits
026-dashbo ... a127aa07df

Author SHA1 Message Date
busya
a127aa07df fix(dashboards): normalize naive/aware datetimes in resource task ordering 2026-03-10 09:29:40 +03:00
busya
3116754e3f fix(clean-release): replace absolute backend imports for runtime packaging 2026-03-10 09:25:50 +03:00
busya
83334fe4da feat(clean-release): complete compliance redesign phases and polish tasks T047-T052 2026-03-10 09:11:26 +03:00
busya
0cf02bcf82 таски готовы 2026-03-09 16:52:46 +03:00
busya
d5c1d330f4 tui rework 2026-03-09 14:18:34 +03:00
busya
8fb9fa15e0 rebase rework 2026-03-09 13:19:06 +03:00
busya
0a108f7db5 feat: automatically align Git repository origin host with configured server URL to prevent mismatches 2026-03-08 11:28:00 +03:00
busya
8a16dbfa26 feat(auth): add git_config:READ permission to User role 2026-03-08 11:03:07 +03:00
busya
8f00eb025e docs(git): add test execution walkthrough to knowledge base 2026-03-08 11:02:21 +03:00
busya
4613fefb2c test(git): implement backend and frontend test coverage for git integration 2026-03-08 11:01:46 +03:00
busya
8ac5a752bd feat: Implement user profile preferences for start page, Git identity, and task drawer auto-open, alongside Git server default branch configuration. 2026-03-08 10:19:38 +03:00
busya
b452335370 починили скачивание 2026-03-06 15:22:14 +03:00
busya
c5a3001e32 fix(profile-filter): support owner object payloads and normalize owners response 2026-03-06 15:02:03 +03:00
busya
3a77500a2e feat(rbac): auto-sync permission catalog from declared route/plugin guards 2026-03-06 11:30:58 +03:00
busya
535095d31c feat(rbac): hide unauthorized menu sections and enforce route guards 2026-03-06 10:50:28 +03:00
busya
6a68770a8e tasks ready 2026-03-04 19:42:17 +03:00
busya
2820e491d5 clean ui 2026-03-04 19:33:47 +03:00
busya
42def69dcc Fix git/storage workflows: repos-only page, default dev branch, robust pull/push, and storage path resolution 2026-03-04 19:18:58 +03:00
busya
f34f9c1b2e test: remediate and stabilize auxiliary backend and frontend tests 
- Standardized task log, LLM provider, and report profile tests.
- Relocated auxiliary tests into __tests__ directories for consistency.
- Updated git_service and defensive guards with minor stability fixes discovered during testing.
- Added UX integration tests for the reports list component.
 2026-03-04 13:54:06 +03:00
busya
0894254b98 feat(clean-release): complete and verify backend test suite (33 passing tests) 
- Relocated and standardized tests for clean_release subsystem into __tests__ sub-packages.
- Implemented missing unit tests for preparation_service, audit_service, and stages.
- Enhanced API contract tests for candidate preparation and compliance reporting.
- Updated 023-clean-repo-enterprise coverage matrix with final verification results.
- Fixed relative import issues and model validation mismatches during test migration.
 2026-03-04 13:53:43 +03:00
busya
7194f6a4c4 feat: Introduce and enforce test contract annotations for critical modules and update coverage tracking. 2026-03-04 12:58:42 +03:00
busya
09e59ba88b fix repo place 2026-03-04 10:04:40 +03:00
busya
638597f182 move test 2026-03-04 09:18:42 +03:00
busya
bb921ce5dd [ 
{
        "file": "frontend/src/components/__tests__/task_log_viewer.test.js",
        "verdict": "APPROVED",
        "rejection_reason": "NONE",
        "audit_details": {
            "target_invoked": true,
            "pre_conditions_tested": true,
            "post_conditions_tested": true,
            "test_fixture_used": true,
            "edges_covered": true,
            "invariants_verified": true,
            "ux_states_tested": true,
            "semantic_anchors_present": true
        },
        "coverage_summary": {
            "total_edges": 2,
            "edges_tested": 2,
            "total_invariants": 1,
            "invariants_tested": 1,
            "total_ux_states": 3,
            "ux_states_tested": 3
        },
        "tier_compliance": {
            "source_tier": "CRITICAL",
            "meets_tier_requirements": true
        },
        "feedback": "Remediation successful: test tier matches CRITICAL, missing missing @TEST_EDGE no_task_id coverage added, test for @UX_FEEDBACK (autoScroll) added properly, missing inline=false (show=true) tested properly. Semantic RELATION tag fixed to VERIFIES."
    },
    {
        "file": "frontend/src/lib/components/reports/__tests__/report_card.ux.test.js",
        "verdict": "APPROVED",
        "rejection_reason": "NONE",
        "audit_details": {
            "target_invoked": true,
            "pre_conditions_tested": true,
            "post_conditions_tested": true,
            "test_fixture_used": true,
            "edges_covered": true,
            "invariants_verified": true,
            "ux_states_tested": true,
            "semantic_anchors_present": true
        },
        "coverage_summary": {
            "total_edges": 2,
            "edges_tested": 2,
            "total_invariants": 1,
            "invariants_tested": 1,
            "total_ux_states": 2,
            "ux_states_tested": 2
        },
        "tier_compliance": {
            "source_tier": "CRITICAL",
            "meets_tier_requirements": true
        },
        "feedback": "Remediation successful: @TEST_EDGE random_status and @TEST_EDGE empty_report_object tests explicitly assert on outcomes, @TEST_FIXTURE tested completely, Test tier switched to CRITICAL."
    },
    {
        "file": "backend/tests/test_logger.py",
        "verdict": "APPROVED",
        "rejection_reason": "NONE",
        "audit_details": {
            "target_invoked": true,
            "pre_conditions_tested": true,
            "post_conditions_tested": true,
            "test_fixture_used": true,
            "edges_covered": true,
            "invariants_verified": true,
            "ux_states_tested": false,
            "semantic_anchors_present": true
        },
        "coverage_summary": {
            "total_edges": 0,
            "edges_tested": 0,
            "total_invariants": 0,
            "invariants_tested": 0,
            "total_ux_states": 0,
            "ux_states_tested": 0
        },
        "tier_compliance": {
            "source_tier": "STANDARD",
            "meets_tier_requirements": true
        },
        "feedback": "Remediation successful: Test module semantic anchors added [DEF] and [/DEF] explicitly. Added missing @TIER tag and @RELATION: VERIFIES -> src/core/logger.py at the top of the file."
    }
]
 2026-03-03 21:05:29 +03:00
busya
fa380ff9a5 test: remediate audit findings for task log viewer, report card and logger tests 2026-03-03 21:01:24 +03:00
busya
ce3955ed2e chore: commit remaining workspace changes 2026-03-03 19:51:17 +03:00
busya
19898b1570 chore(specs): move clean-repo-enterprise spec from 020 to 023 2026-03-03 19:50:53 +03:00
busya
da24fb9253 dev-preprod-prod logic 2026-03-01 14:39:25 +03:00
busya
80b28ac371 slug first logic 2026-03-01 13:17:05 +03:00
busya
f24200d52a git list refactor 2026-03-01 12:13:19 +03:00
busya
5d45b4adb0 fix(dashboards): lazy-load git status for visible rows 2026-02-28 11:21:37 +03:00
busya
daa9f7be3a причесываем лог 2026-02-28 10:47:19 +03:00
busya
7e43830144 fix(dashboards): stabilize grid layout and remove owners N+1 fallback 2026-02-28 10:46:47 +03:00
busya
066747de59 feat(dashboards): show owners and improve grid actions UI 2026-02-28 10:04:56 +03:00
busya
442d0e0ac2 workflows update 2026-02-28 00:04:55 +03:00
busya
8fa951fc93 dry run migration 2026-02-27 20:48:18 +03:00
busya
149d230426 semantic protocol update 2026-02-27 20:48:06 +03:00
busya
4c601fbe06 [ 
{
    "file": "backend/src/api/routes/__tests__/test_dashboards.py",
    "verdict": "APPROVED",
    "rejection_reason": "NONE",
    "audit_details": {
      "target_invoked": true,
      "pre_conditions_tested": true,
      "post_conditions_tested": true,
      "test_data_used": true
    },
    "feedback": "All 9 previous findings remediated. @TEST_FIXTURE data aligned, all @TEST_EDGE scenarios covered, all @PRE negative tests present, all @SIDE_EFFECT assertions added. Full contract compliance."
  },
  {
    "file": "backend/src/api/routes/__tests__/test_datasets.py",
    "verdict": "APPROVED",
    "rejection_reason": "NONE",
    "audit_details": {
      "target_invoked": true,
      "pre_conditions_tested": true,
      "post_conditions_tested": true,
      "test_data_used": true
    },
    "feedback": "All 6 previous findings remediated. Full @PRE boundary coverage including page_size>100, empty IDs, missing env. @SIDE_EFFECT assertions added. 503 error path tested."
  },
  {
    "file": "backend/src/core/auth/__tests__/test_auth.py",
    "verdict": "APPROVED",
    "rejection_reason": "NONE",
    "audit_details": {
      "target_invoked": true,
      "pre_conditions_tested": true,
      "post_conditions_tested": true,
      "test_data_used": true
    },
    "feedback": "All 4 previous findings remediated. @SIDE_EFFECT last_login verified. Inactive user @PRE negative test added. Empty hash edge case covered. provision_adfs_user tested for both new and existing user paths."
  },
  {
    "file": "backend/src/services/__tests__/test_resource_service.py",
    "verdict": "APPROVED",
    "rejection_reason": "NONE",
    "audit_details": {
      "target_invoked": true,
      "pre_conditions_tested": true,
      "post_conditions_tested": true,
      "test_data_used": true
    },
    "feedback": "Both prior recommendations implemented. Full edge case coverage for _get_last_task_for_resource. No anti-patterns detected."
  },
  {
    "file": "backend/tests/test_resource_hubs.py",
    "verdict": "APPROVED",
    "rejection_reason": "NONE",
    "audit_details": {
      "target_invoked": true,
      "pre_conditions_tested": true,
      "post_conditions_tested": true,
      "test_data_used": true
    },
    "feedback": "Pagination boundary tests added. All @TEST_EDGE scenarios now covered. No anti-patterns detected."
  },
  {
    "file": "frontend/src/lib/components/assistant/__tests__/assistant_chat.integration.test.js",
    "verdict": "APPROVED",
    "rejection_reason": "NONE",
    "audit_details": {
      "target_invoked": true,
      "pre_conditions_tested": true,
      "post_conditions_tested": true,
      "test_data_used": true
    },
    "feedback": "No changes since previous audit. Contract scanning remains sound."
  },
  {
    "file": "frontend/src/lib/components/assistant/__tests__/assistant_confirmation.integration.test.js",
    "verdict": "APPROVED",
    "rejection_reason": "NONE",
    "audit_details": {
      "target_invoked": true,
      "pre_conditions_tested": true,
      "post_conditions_tested": true,
      "test_data_used": true
    },
    "feedback": "No changes since previous audit. Confirmation flow testing remains sound."
  }
]
 2026-02-27 09:59:57 +03:00
busya
36173c0880 test contracts 2026-02-26 19:40:00 +03:00
busya
81d62c1345 new test contracts 2026-02-26 19:29:07 +03:00
busya
a8f7147500 test now STANDARD tier 2026-02-26 18:38:26 +03:00
busya
ce684bc5d1 update test data 2026-02-26 18:38:02 +03:00
busya
484019e750 test semantic harden 2026-02-26 18:26:11 +03:00
busya
4ff6d307f8 +ai update 2026-02-26 17:54:23 +03:00
busya
f4612c0737 Improve dashboard LLM validation UX and report flow 2026-02-26 17:53:41 +03:00
busya
5ec1254336 codex specify 2026-02-25 21:19:48 +03:00
busya
b7d1ee2b71 feat(search): add grouped global results for tasks and reports 2026-02-25 21:09:42 +03:00
busya
87285d8f0a feat(search): implement global navbar search for dashboards and datasets 2026-02-25 21:07:51 +03:00
busya
04b01eadb5 fix(ui): use global environment context on datasets page 2026-02-25 20:59:24 +03:00
busya
4d5b9e88dd fix(auth): defer environment context fetch until token is available 2026-02-25 20:58:14 +03:00
busya
4bad4ab4e2 fix(logging): suppress per-request belief scope spam in API client 2026-02-25 20:52:12 +03:00
busya
3801ca13d9 feat(env): add global production context and safety indicators 2026-02-25 20:46:00 +03:00
busya
999c0c54df + git config 2026-02-25 20:27:29 +03:00
busya
f9ac282596 feat: Implement recursive storage listing and directory browsing for backups, and add a migration option to fix cross-filters. 2026-02-25 20:01:33 +03:00
busya
5d42a6b930 i18 cleanup 2026-02-25 18:31:50 +03:00
busya
99f19ac305 { "verdict": "APPROVED", "rejection_reason": "NONE", "audit_details": { "target_invoked": true, "pre_conditions_tested": true, "post_conditions_tested": true, "test_data_used": true }, "feedback": "The test suite robustly verifies the 
MigrationEngine
 contracts. It avoids Tautologies by cleanly substituting IdMappingService without mocking the engine itself. Cross-filter parsing asserts against hard-coded, predefined validation dictionaries (no Logic Mirroring). It successfully addresses @PRE negative cases (e.g. invalid zip paths, missing YAMLs) and rigorously validates @POST file transformations (e.g. in-place UUID substitutions and archive reconstruction)." }
 2026-02-25 17:47:55 +03:00
busya
590ba49ddb sync worked 2026-02-25 15:20:26 +03:00
busya
2a5b225800 feat: Enhance ID mapping service robustness, add defensive guards, and expand migration engine and API testing. 2026-02-25 14:44:21 +03:00
busya
33433c3173 ready for test 2026-02-25 13:35:09 +03:00
busya
21e969a769 workflow agy update 2026-02-25 13:29:14 +03:00
busya
783644c6ad tasks ready 2026-02-25 13:28:24 +03:00
busya
d32d85556f +md 2026-02-25 10:34:30 +03:00
busya
bc0367ab72 speckit update 2026-02-25 10:31:48 +03:00
busya
1c362f4092 { "verdict": "APPROVED", "rejection_reason": "NONE", "audit_details": { "target_invoked": true, "pre_conditions_tested": true, "post_conditions_tested": true, "test_data_used": true }, "feedback": "Both test files have successfully passed the audit. The 'task_log_viewer.test.js' suite now correctly imports and mounts the real Svelte component using Test Library, fully eliminating the logic mirror/tautology issue. The 'test_logger.py' suite now properly implements negative tests for the @PRE constraint in 'belief_scope' and fully verifies all @POST effects triggered by 'configure_logger'." } 2026-02-24 21:55:13 +03:00
busya
95ae9c6af1 semantic update 2026-02-24 21:08:12 +03:00
busya
7a12ed0931 chore(gitignore): unignore frontend dashboards routes and track pages 2026-02-24 16:16:41 +03:00
busya
e0c0dd3221 fix(validation): respect settings-bound provider and correct multimodal heuristic 2026-02-24 16:04:14 +03:00
busya
5f6e9c0cc0 fix(llm-validation): accept stepfun multimodal models and return 422 on capability mismatch 2026-02-24 16:00:23 +03:00
busya
4fd9d6b6d5 fix(llm): skip unsupported json_object mode for openrouter stepfun models 2026-02-24 14:22:08 +03:00
busya
7e6bd56488 feat(assistant-chat): add animated thinking loader while waiting for response 2026-02-24 14:15:35 +03:00
busya
5e3c213b92 fix(task-drawer): keep drawer above assistant dim overlay 2026-02-24 14:12:34 +03:00
busya
37b75b5a5c fix(task-drawer): render as side column without modal overlay when opened from assistant 2026-02-24 14:09:34 +03:00
busya
3d42a487f7 fix(assistant): resolve dashboard refs via LLM entities and remove deterministic parser fallback 2026-02-24 13:32:25 +03:00
busya
2e93f5ca63 fix(assistant-chat): prevent stale history response from resetting selected conversation 2026-02-24 13:27:09 +03:00
busya
286167b1d5 generate semantic clean up 2026-02-24 12:51:57 +03:00
busya
7df7b4f98c feat(assistant): add multi-dialog UX, task-aware llm settings, and i18n cleanup 2026-02-23 23:45:01 +03:00
busya
ab1c87ffba feat(assistant): add conversations list, infinite history scroll, and archived tab 2026-02-23 20:27:51 +03:00
busya
40e6d8cd4c chat worked 2026-02-23 20:20:25 +03:00
busya
18e96a58bc feat(assistant): implement spec 021 chat assistant flow with semantic contracts 2026-02-23 19:37:56 +03:00
busya
83e4875097 Merge branch '001-unify-frontend-style' into master 2026-02-23 16:06:12 +03:00
busya
e635bd7e5f Add Apache Superset OpenAPI documentation reference to ROOT.md 2026-02-23 16:04:42 +03:00
busya
43dd97ecbf Новый экранчик для обзора дашей 2026-02-23 15:54:20 +03:00
busya
0685f50ae7 Merge branch '020-task-reports-design' into master 2026-02-23 13:28:31 +03:00
busya
d0ffc2f1df Finalize task-020 reports navigation and stability fixes 2026-02-23 13:28:30 +03:00
busya
26880d2e09 semantic update 2026-02-23 13:15:48 +03:00
busya
008b6d72c9 таски готовы 2026-02-23 10:18:56 +03:00
busya
f0c85e4c03 Fix task API stability and Playwright runtime in Docker 2026-02-21 23:43:46 +03:00
busya
6ffdf5f8a4 feat: restore legacy data and add typed task result views 2026-02-21 23:17:56 +03:00
busya
0cf0ef25f1 db + docker 2026-02-20 20:47:39 +03:00
busya
af74841765 semantic update 2026-02-20 10:41:15 +03:00
busya
d7e4919d54 few shots update 2026-02-20 10:26:01 +03:00
busya
fdcbe32dfa css refactor 2026-02-19 18:24:36 +03:00
busya
4de5b22d57 +Svelte specific 2026-02-19 17:47:24 +03:00
busya
c8029ed309 ai base 2026-02-19 17:43:45 +03:00
busya
c2a4c8062a fix tax log 2026-02-19 16:05:59 +03:00
busya
2c820e103a tests ready 2026-02-19 13:33:20 +03:00
busya
c8b84b7bd7 Coder + fix workflow 2026-02-19 13:33:10 +03:00
busya
fdb944f123 Test logic update 2026-02-19 12:44:31 +03:00
busya
d29bc511a2 task panel 2026-02-19 09:43:01 +03:00
busya
a3a9f0788d docs: amend constitution to v2.3.0 (tailwind css first principle) 2026-02-18 18:29:52 +03:00
busya
77147dc95b refactor 2026-02-18 17:29:46 +03:00
busya
026239e3bf fix 2026-02-15 11:11:30 +03:00
busya
4a0273a604 измененные спеки таски 2026-02-10 15:53:38 +03:00
busya
edb2dd5263 updated tasks 2026-02-10 15:04:43 +03:00
busya
76b98fcf8f linter + новые таски 2026-02-10 12:53:01 +03:00
busya
794cc55fe7 Таски готовы 2026-02-09 12:35:27 +03:00
busya
235b0e3c9f semantic update 2026-02-08 22:53:54 +03:00
busya
e6087bd3c1 таски готовы 2026-02-07 12:42:32 +03:00
busya
0f16bab2b8 Похоже работает 2026-02-07 11:26:06 +03:00
busya
7de96c17c4 feat(llm-plugin): switch to environment API for log retrieval 
- Replace local backend.log reading with Superset API /log/ fetch
- Update DashboardValidationPlugin to use SupersetClient
- Filter logs by dashboard_id and last 24 hours
- Update spec FR-006 to reflect API usage
 2026-02-06 17:57:25 +03:00
busya
f018b97ed2 Semantic protocol update - add UX 2026-01-30 18:53:52 +03:00
busya
72846aa835 tasks ux-reference 2026-01-30 13:35:03 +03:00
busya
994c0c3e5d feat(speckit): integrate ux reference into workflows 
Introduce a UX reference stage to ensure technical plans align with
user experience goals. Adds a new template, a generation step in the
specification workflow, and mandatory validation checks during
planning to prevent technical compromises from degrading the defined
user experience.
 2026-01-30 12:31:19 +03:00
busya
252a8601a9 Вроде работает 2026-01-30 11:10:16 +03:00
busya
8044f85ea4 tasks and workflow updated 2026-01-29 10:06:28 +03:00
busya
d4109e5a03 docs: amend constitution to v2.0.0 (delegate semantics to protocol + add async/testability principles) 2026-01-28 18:48:43 +03:00
busya
b2bbd73439 tasks ready 2026-01-28 18:30:23 +03:00
busya
0e0e26e2f7 semantic update 2026-01-28 16:57:19 +03:00
busya
18b42f8dd0 semantic protocol condense + script update 2026-01-28 15:49:39 +03:00
busya
e7b31accd6 tested 2026-01-27 23:49:19 +03:00
busya
d3c3a80ed2 Передаем на тест 2026-01-27 16:32:08 +03:00
busya
cc244c2d86 tasks ready 2026-01-27 13:26:06 +03:00
busya
d10c23e658 Обновил gitignore - убрал логи 2026-01-26 22:15:17 +03:00
busya
1042b35d1b Закончили редизайн, обновили интерфейс бэкапа 2026-01-26 22:12:35 +03:00
busya
16ffeb1ed6 Выполнено, передано на тестирование 2026-01-26 21:17:05 +03:00
busya
da34deac02 tasks ready 2026-01-26 20:58:38 +03:00
busya
51e9ee3fcc semantic update 2026-01-26 11:57:36 +03:00
busya
edf9286071 Файловое хранилище готово 2026-01-26 11:08:18 +03:00
busya
a542e7d2df Передаем на тест 2026-01-25 18:33:00 +03:00
busya
a863807cf2 tasks ready 2026-01-24 16:21:43 +03:00
busya
e2bc68683f Update .gitignore 2026-01-24 11:26:19 +03:00
busya
43cb82697b Update backup scheduler task status 2026-01-24 11:26:05 +03:00
busya
4ba28cf93e semantic cleanup 2026-01-23 21:58:32 +03:00
busya
343f2e29f5 Мультиязночность + причесывание css 2026-01-23 17:53:46 +03:00
busya
c9a53578fd tasks ready 2026-01-23 14:56:05 +03:00
busya
07ec2d9797 Работает создание коммитов и перенос в новый enviroment 2026-01-23 13:57:44 +03:00
busya
e9d3f3c827 tasks ready 2026-01-22 23:59:16 +03:00
busya
26ba015b75 +gitignore 2026-01-22 23:25:29 +03:00
busya
49129d3e86 fix error 2026-01-22 23:18:48 +03:00
busya
d99a13d91f refactor complete 2026-01-22 17:37:17 +03:00
busya
203ce446f4 ашч 2026-01-21 14:00:48 +03:00
busya
c96d50a3f4 fix(backend): standardize superset client init and auth 
- Update plugins (debug, mapper, search) to explicitly map environment config to SupersetConfig
- Add authenticate method to SupersetClient for explicit session management
- Add get_environment method to ConfigManager
- Fix navbar dropdown hover stability in frontend with invisible bridge
 2026-01-20 19:31:17 +03:00
busya
3bbe320949 TaskLog fix 2026-01-19 17:10:43 +03:00
busya
2d2435642d bug fixs 2026-01-19 00:07:06 +03:00
busya
ec8d67c956 bug fixes 2026-01-18 23:21:00 +03:00
busya
76baeb1038 semantic markup update 2026-01-18 21:29:54 +03:00
busya
11c59fb420 semantic checker script update 2026-01-13 17:33:57 +03:00
busya
b2529973eb constitution update 2026-01-13 15:29:42 +03:00
busya
ae1d630ad6 semantics update 2026-01-13 09:11:27 +03:00
busya
9a9c5879e6 tasks.md status 2026-01-12 12:35:45 +03:00
busya
696aac32e7 1st iter 2026-01-12 12:33:51 +03:00
busya
7a9b1a190a tasks ready 2026-01-07 18:59:49 +03:00
busya
a3dc1fb2b9 docs: amend constitution to v1.6.0 (add 'Everything is a Plugin' principle) and refactor 010 plan 2026-01-07 18:36:38 +03:00
busya
297b29986d Product Manager role 2026-01-07 11:39:44 +03:00
busya
4c6fc8256d project map script | semantic parcer 2026-01-01 16:58:21 +03:00
busya
a747a163c8 backup worked 2025-12-30 22:02:51 +03:00
busya
fce0941e98 docs ready 2025-12-30 21:30:37 +03:00
busya
45c077b928 +api rework 2025-12-30 20:08:48 +03:00
busya
9ed3a5992d cleaned 2025-12-30 18:20:40 +03:00
busya
a032fe8457 Password promt 2025-12-30 17:21:12 +03:00
busya
4c9d554432 TaskManager refactor 2025-12-29 10:13:37 +03:00
busya
6962a78112 mappings+migrate 2025-12-27 10:16:41 +03:00
busya
3d75a21127 tech_lead / coder 2roles 2025-12-27 08:02:59 +03:00
busya
07914c8728 semantic add 2025-12-27 07:14:08 +03:00
busya
cddc259b76 new loggers logic in constitution 2025-12-27 06:51:28 +03:00
busya
dcbf0a7d7f tasks ready 2025-12-27 06:37:03 +03:00
busya
65f61c1f80 Merge branch '001-migration-ui-redesign' into master 2025-12-27 05:58:35 +03:00
busya
cb7386f274 superset_tool logger rework 2025-12-27 05:53:30 +03:00
busya
83e34e1799 feat(logging): implement configurable belief state logging 
- Add LoggingConfig model and logging field to GlobalSettings
- Implement belief_scope context manager for structured logging
- Add configure_logger for dynamic level and file rotation settings
- Add logging configuration UI to Settings page
- Update ConfigManager to apply logging settings on initialization and updates
 2025-12-27 05:39:33 +03:00
busya
d197303b9f 006 plan ready 2025-12-26 19:36:49 +03:00
busya
a43f8fb021 001-migration-ui-redesign (#3) 
Reviewed-on: #3
 2025-12-26 18:17:58 +03:00
busya
4aa01b6470 Merge branch 'migration' into 001-migration-ui-redesign 2025-12-26 18:16:24 +03:00
busya
35b423979d spec rules 2025-12-25 22:28:42 +03:00
busya
2ffc3cc68f feat(migration): implement interactive mapping resolution workflow 
- Add SQLite database integration for environments and mappings
- Update TaskManager to support pausing tasks (AWAITING_MAPPING)
- Modify MigrationPlugin to detect missing mappings and wait for resolution
- Add frontend UI for handling missing mappings interactively
- Create dedicated migration routes and API endpoints
- Update .gitignore and project documentation
 2025-12-25 22:27:29 +03:00
177 changed files with 10451 additions and 58787 deletions
Expand all files Collapse all files

552
.ai/MODULE_MAP.md
View File

@@ -2,12 +2,12 @@
> High-level module structure for AI Context. Generated automatically.
**Generated:** 2026-03-10T20:52:01.801581
**Generated:** 2026-03-09T13:33:22.105511
## Summary
- **Total Modules:** 103
- **Total Entities:** 3088
- **Total Modules:** 93
- **Total Entities:** 2649
## Module Hierarchy
@@ -28,9 +28,9 @@
### 📁 `src/`
- 🏗️ **Layers:** API, Core, UI (API)
- 📊 **Tiers:** CRITICAL: 2, STANDARD: 21, TRIVIAL: 2
- 📊 **Tiers:** CRITICAL: 2, STANDARD: 20, TRIVIAL: 2
- 📄 **Files:** 2
- 📦 **Entities:** 25
- 📦 **Entities:** 24
**Key Entities:**
@@ -53,10 +53,10 @@
### 📁 `routes/`
- 🏗️ **Layers:** API, Infra, UI (API), UI/API
- 📊 **Tiers:** CRITICAL: 12, STANDARD: 272, TRIVIAL: 16
- 📄 **Files:** 21
- 📦 **Entities:** 300
- 🏗️ **Layers:** API, UI (API)
- 📊 **Tiers:** CRITICAL: 12, STANDARD: 254, TRIVIAL: 8
- 📄 **Files:** 19
- 📦 **Entities:** 274
**Key Entities:**
@@ -72,14 +72,14 @@
- Schema for branch creation requests.
- **BranchSchema** (Class)
- Schema for representing a Git branch metadata.
- **BuildManifestRequest** (Class)
- Request schema for manifest build endpoint.
- **CommitCreate** (Class)
- Schema for staging and committing changes.
- **CommitSchema** (Class)
- Schema for representing Git commit details.
- **ConfirmationRecord** (Class)
- In-memory confirmation token model for risky operation dispa...
- **ConflictResolution** (Class)
- Schema for resolving merge conflicts.
**Dependencies:**
@@ -87,14 +87,14 @@
- 🔗 DEPENDS_ON -> ConfigModels
- 🔗 DEPENDS_ON -> backend.src.core.database
- 🔗 DEPENDS_ON -> backend.src.core.database.get_db
- 🔗 DEPENDS_ON -> backend.src.core.mapping_service
- 🔗 DEPENDS_ON -> backend.src.core.superset_client
### 📁 `__tests__/`
- 🏗️ **Layers:** API, Domain, Domain (Tests), Tests, UI (API Tests), Unknown
- 📊 **Tiers:** STANDARD: 92, TRIVIAL: 195
- 📄 **Files:** 17
- 📦 **Entities:** 287
- 🏗️ **Layers:** API, Domain, Domain (Tests), UI (API Tests), Unknown
- 📊 **Tiers:** STANDARD: 88, TRIVIAL: 187
- 📄 **Files:** 14
- 📦 **Entities:** 275
**Key Entities:**
@@ -122,25 +122,22 @@
**Dependencies:**
- 🔗 DEPENDS_ON -> backend.src.api.routes.assistant
- 🔗 IMPLEMENTS -> clean_release_v2_release_api_contracts
### 📁 `core/`
- 🏗️ **Layers:** Core, Domain
- 📊 **Tiers:** CRITICAL: 52, STANDARD: 102, TRIVIAL: 9
- 📄 **Files:** 12
- 📦 **Entities:** 163
- 🏗️ **Layers:** Core
- 📊 **Tiers:** CRITICAL: 47, STANDARD: 94, TRIVIAL: 8
- 📄 **Files:** 11
- 📦 **Entities:** 149
**Key Entities:**
- **AsyncSupersetClient** (Class)
- Async sibling of SupersetClient for dashboard read paths.
- **AuthSessionLocal** (Class) `[TRIVIAL]`
- A session factory for the authentication database.
- **BeliefFormatter** (Class)
- Custom logging formatter that adds belief state prefixes to ...
- **ConfigManager** (Class) `[CRITICAL]`
- Handles application configuration load, validation, mutation...
- A class to handle application configuration persistence and ...
- **IdMappingService** (Class) `[CRITICAL]`
- Service handling the cataloging and retrieval of remote Supe...
- **LogEntry** (Class)
@@ -153,21 +150,23 @@
- A Pydantic model used to represent the validated configurati...
- **PluginLoader** (Class)
- Scans a specified directory for Python modules, dynamically ...
- **SchedulerService** (Class)
- Provides a service to manage scheduled backup tasks.
**Dependencies:**
- 🔗 DEPENDS_ON -> AppConfigRecord
- 🔗 DEPENDS_ON -> ConfigModels
- 🔗 DEPENDS_ON -> SessionLocal
- 🔗 DEPENDS_ON -> PyYAML
- 🔗 DEPENDS_ON -> backend.src.core.auth.config
- 🔗 DEPENDS_ON -> backend.src.core.logger
### 📁 `__tests__/`
- 🏗️ **Layers:** Domain
- 📊 **Tiers:** STANDARD: 8, TRIVIAL: 6
- 📄 **Files:** 2
- 📦 **Entities:** 14
- 📊 **Tiers:** STANDARD: 7
- 📄 **Files:** 1
- 📦 **Entities:** 7
**Key Entities:**
@@ -175,12 +174,10 @@
- Records request payloads and returns scripted responses for ...
- 📦 **backend.src.core.__tests__.test_superset_profile_lookup** (Module)
- Verifies Superset profile lookup adapter payload normalizati...
- 📦 **test_throttled_scheduler** (Module)
- Unit tests for ThrottledSchedulerConfigurator distribution l...
### 📁 `auth/`
- 🏗️ **Layers:** Core, Domain
- 🏗️ **Layers:** Core
- 📊 **Tiers:** CRITICAL: 28
- 📄 **Files:** 6
- 📦 **Entities:** 28
@@ -190,7 +187,7 @@
- **AuthConfig** (Class) `[CRITICAL]`
- Holds authentication-related settings.
- **AuthRepository** (Class) `[CRITICAL]`
- Encapsulates database operations for authentication-related ...
- Encapsulates database operations for authentication.
- 📦 **backend.src.core.auth.config** (Module) `[CRITICAL]`
- Centralized configuration for authentication and authorizati...
- 📦 **backend.src.core.auth.jwt** (Module) `[CRITICAL]`
@@ -200,17 +197,17 @@
- 📦 **backend.src.core.auth.oauth** (Module) `[CRITICAL]`
- ADFS OIDC configuration and client using Authlib.
- 📦 **backend.src.core.auth.repository** (Module) `[CRITICAL]`
- Data access layer for authentication and user preference ent...
- Data access layer for authentication-related entities.
- 📦 **backend.src.core.auth.security** (Module) `[CRITICAL]`
- Utility for password hashing and verification using Passlib.
**Dependencies:**
- 🔗 DEPENDS_ON -> authlib
- 🔗 DEPENDS_ON -> backend.src.core.logger.belief_scope
- 🔗 DEPENDS_ON -> backend.src.models.auth
- 🔗 DEPENDS_ON -> backend.src.models.profile
- 🔗 DEPENDS_ON -> jose
- 🔗 DEPENDS_ON -> passlib
- 🔗 DEPENDS_ON -> pydantic
- 🔗 DEPENDS_ON -> sqlalchemy
### 📁 `__tests__/`
@@ -238,7 +235,7 @@
### 📁 `migration/`
- 🏗️ **Layers:** Core, Domain
- 🏗️ **Layers:** Core
- 📊 **Tiers:** CRITICAL: 20, TRIVIAL: 1
- 📄 **Files:** 4
- 📦 **Entities:** 21
@@ -256,7 +253,7 @@
- 📦 **backend.src.core.migration.dry_run_orchestrator** (Module) `[CRITICAL]`
- Compute pre-flight migration diff and risk scoring without a...
- 📦 **backend.src.core.migration.risk_assessor** (Module) `[CRITICAL]`
- Compute deterministic migration risk items and aggregate sco...
- Risk evaluation helpers for migration pre-flight reporting.
**Dependencies:**
@@ -317,16 +314,14 @@
### 📁 `utils/`
- 🏗️ **Layers:** Core, Domain, Infra
- 📊 **Tiers:** CRITICAL: 1, STANDARD: 62, TRIVIAL: 5
- 📄 **Files:** 5
- 📦 **Entities:** 68
- 📊 **Tiers:** STANDARD: 50, TRIVIAL: 1
- 📄 **Files:** 4
- 📦 **Entities:** 51
**Key Entities:**
- **APIClient** (Class)
- Инкапсулирует HTTP-логику для работы с API, включая сессии, ...
- **AsyncAPIClient** (Class)
- Async Superset API client backed by httpx.AsyncClient with s...
- **AuthenticationError** (Class)
- Exception raised when authentication fails.
- **DashboardNotFoundError** (Class)
@@ -341,46 +336,48 @@
- Exception raised when access is denied.
- **SupersetAPIError** (Class)
- Base exception for all Superset API related errors.
- **SupersetAuthCache** (Class)
- Process-local cache for Superset access/csrf tokens keyed by...
- 📦 **backend.core.utils.dataset_mapper** (Module)
- Этот модуль отвечает за обновление метаданных (verbose_map) ...
- 📦 **backend.core.utils.fileio** (Module)
- Предоставляет набор утилит для управления файловыми операция...
**Dependencies:**
- 🔗 DEPENDS_ON -> backend.core.superset_client
- 🔗 DEPENDS_ON -> backend.src.core.logger
- 🔗 DEPENDS_ON -> backend.src.core.utils.network.SupersetAuthCache
- 🔗 DEPENDS_ON -> pandas
- 🔗 DEPENDS_ON -> psycopg2
- 🔗 DEPENDS_ON -> pyyaml
### 📁 `models/`
- 🏗️ **Layers:** Domain, Model
- 📊 **Tiers:** CRITICAL: 21, STANDARD: 40, TRIVIAL: 29
- 📊 **Tiers:** CRITICAL: 20, STANDARD: 35, TRIVIAL: 29
- 📄 **Files:** 13
- 📦 **Entities:** 90
- 📦 **Entities:** 84
**Key Entities:**
- **ADGroupMapping** (Class) `[CRITICAL]`
- Maps an Active Directory group to a local System Role.
- **AppConfigRecord** (Class) `[CRITICAL]`
- Stores persisted application configuration as a single autho...
- **ApprovalDecision** (Class)
- Approval or rejection bound to a candidate and report.
- Stores the single source of truth for application configurat...
- **AssistantAuditRecord** (Class)
- Store audit decisions and outcomes produced by assistant com...
- **AssistantConfirmationRecord** (Class)
- Persist risky operation confirmation tokens with lifecycle s...
- **AssistantMessageRecord** (Class)
- Persist chat history entries for assistant conversations.
- **CandidateArtifact** (Class)
- Represents one artifact associated with a release candidate.
- **CheckFinalStatus** (Class)
- Backward-compatible final status enum for legacy TUI/orchest...
- Final status for compliance check run.
- **CheckStageName** (Class)
- Backward-compatible stage name enum for legacy TUI/orchestra...
- Mandatory check stages.
- **CheckStageResult** (Class)
- Backward-compatible stage result container for legacy TUI/or...
- Per-stage compliance result.
- **CheckStageStatus** (Class)
- Stage-level execution status.
- **ClassificationType** (Class)
- Manifest classification outcomes for artifacts.
**Dependencies:**
@@ -511,10 +508,10 @@
### 📁 `schemas/`
- 🏗️ **Layers:** API, Domain
- 📊 **Tiers:** CRITICAL: 10, STANDARD: 18, TRIVIAL: 3
- 📄 **Files:** 4
- 📦 **Entities:** 31
- 🏗️ **Layers:** API
- 📊 **Tiers:** CRITICAL: 10, STANDARD: 9, TRIVIAL: 3
- 📄 **Files:** 2
- 📦 **Entities:** 22
**Key Entities:**
@@ -522,12 +519,6 @@
- Schema for creating an AD Group mapping.
- **ADGroupMappingSchema** (Class) `[CRITICAL]`
- Represents an AD Group to Role mapping in API responses.
- **DashboardHealthItem** (Class)
- Represents the latest health status of a single dashboard.
- **HealthSummaryResponse** (Class)
- Aggregated health summary for all dashboards.
- **NotificationChannel** (Class)
- Structured notification channel definition for policy-level ...
- **PermissionSchema** (Class) `[TRIVIAL]`
- Represents a permission in API responses.
- **ProfilePermissionState** (Class)
@@ -538,37 +529,28 @@
- Response envelope for profile preference read/update endpoin...
- **ProfilePreferenceUpdateRequest** (Class)
- Request payload for updating current user's profile settings...
- **ProfileSecuritySummary** (Class)
- Read-only security and access snapshot for current user.
- **RoleCreate** (Class) `[CRITICAL]`
- Schema for creating a new role.
- **RoleSchema** (Class) `[CRITICAL]`
- Represents a role in API responses.
**Dependencies:**
- 🔗 DEPENDS_ON -> pydantic
### 📁 `__tests__/`
- 📊 **Tiers:** STANDARD: 4
- 📄 **Files:** 1
- 📦 **Entities:** 4
**Key Entities:**
- 📦 **backend.src.schemas.__tests__.test_settings_and_health_schemas** (Module)
- Regression tests for settings and health schema contracts up...
### 📁 `scripts/`
- 🏗️ **Layers:** Scripts, UI, Unknown
- 📊 **Tiers:** CRITICAL: 2, STANDARD: 43, TRIVIAL: 30
- 📄 **Files:** 8
- 📦 **Entities:** 75
- 📊 **Tiers:** CRITICAL: 2, STANDARD: 27, TRIVIAL: 17
- 📄 **Files:** 7
- 📦 **Entities:** 46
**Key Entities:**
- **CleanReleaseTUI** (Class)
- Curses-based application for compliance monitoring.
- **TuiFacadeAdapter** (Class)
- Thin TUI adapter that routes business mutations through appl...
- 📦 **backend.src.scripts.clean_release_cli** (Module)
- Provide headless CLI commands for candidate registration, ar...
- 📦 **backend.src.scripts.clean_release_tui** (Module)
- Interactive terminal interface for Enterprise Clean Release ...
- 📦 **backend.src.scripts.create_admin** (Module)
@@ -591,10 +573,10 @@
### 📁 `services/`
- 🏗️ **Layers:** Core, Domain, Domain/Service, Service
- 📊 **Tiers:** CRITICAL: 9, STANDARD: 120, TRIVIAL: 17
- 📄 **Files:** 10
- 📦 **Entities:** 146
- 🏗️ **Layers:** Core, Domain, Service
- 📊 **Tiers:** CRITICAL: 9, STANDARD: 118, TRIVIAL: 15
- 📄 **Files:** 9
- 📦 **Entities:** 142
**Key Entities:**
@@ -621,29 +603,23 @@
**Dependencies:**
- 🔗 DEPENDS_ON -> ValidationRecord
- 🔗 DEPENDS_ON -> backend.src.core.auth.jwt.create_access_token
- 🔗 DEPENDS_ON -> backend.src.core.auth.repository
- 🔗 DEPENDS_ON -> backend.src.core.auth.repository.AuthRepository
- 🔗 DEPENDS_ON -> backend.src.core.auth.security.verify_password
- 🔗 DEPENDS_ON -> backend.src.core.config_manager
- 🔗 DEPENDS_ON -> backend.src.core.database
- 🔗 DEPENDS_ON -> backend.src.core.superset_client
- 🔗 DEPENDS_ON -> backend.src.core.task_manager
### 📁 `__tests__/`
- 🏗️ **Layers:** Domain, Domain Tests, Service, Service Tests, Unknown
- 📊 **Tiers:** STANDARD: 36, TRIVIAL: 40
- 📄 **Files:** 7
- 📦 **Entities:** 76
- 📊 **Tiers:** STANDARD: 29, TRIVIAL: 17
- 📄 **Files:** 5
- 📦 **Entities:** 46
**Key Entities:**
- **TestEncryptionManager** (Class)
- Validate EncryptionManager encrypt/decrypt roundtrip, unique...
- **_DummyLogger** (Class)
- Minimal logger shim for TaskContext-like objects used in tes...
- **_FakeDBSession** (Class)
- Captures persisted records for assertion and mimics SQLAlche...
- 📦 **backend.src.services.__tests__.test_llm_plugin_persistence** (Module)
- Regression test for ValidationRecord persistence fields popu...
- 📦 **backend.src.services.__tests__.test_llm_prompt_templates** (Module)
- Validate normalization and rendering behavior for configurab...
- 📦 **backend.src.services.__tests__.test_rbac_permission_catalog** (Module)
@@ -652,8 +628,6 @@
- Unit tests for ResourceService
- 📦 **test_encryption_manager** (Module)
- Unit tests for EncryptionManager encrypt/decrypt functionali...
- 📦 **test_health_service** (Module)
- Unit tests for HealthService aggregation logic.
- 📦 **test_llm_provider** (Module) `[TRIVIAL]`
- Auto-generated module for backend/src/services/__tests__/tes...
@@ -663,10 +637,10 @@
### 📁 `clean_release/`
- 🏗️ **Layers:** Application, Domain, Infra
- 📊 **Tiers:** CRITICAL: 9, STANDARD: 46, TRIVIAL: 50
- 📄 **Files:** 21
- 📦 **Entities:** 105
- 🏗️ **Layers:** Domain, Infra
- 📊 **Tiers:** CRITICAL: 3, STANDARD: 16, TRIVIAL: 32
- 📄 **Files:** 10
- 📦 **Entities:** 51
**Key Entities:**
@@ -675,35 +649,35 @@
- **CleanPolicyEngine** (Class)
- **CleanReleaseRepository** (Class)
- Data access object for clean release lifecycle.
- **ComplianceExecutionResult** (Class)
- Return envelope for compliance execution with run/report and...
- **ComplianceExecutionService** (Class)
- Execute clean-release compliance lifecycle over trusted snap...
- 📦 **backend.src.services.clean_release.approval_service** (Module) `[CRITICAL]`
- Enforce approval/rejection gates over immutable compliance r...
- 📦 **backend.src.services.clean_release** (Module)
- Initialize clean release service package and provide explici...
- 📦 **backend.src.services.clean_release.audit_service** (Module)
- Provide lightweight audit hooks for clean release preparatio...
- 📦 **backend.src.services.clean_release.candidate_service** (Module) `[CRITICAL]`
- Register release candidates with validated artifacts and adv...
- 📦 **backend.src.services.clean_release.compliance_execution_service** (Module) `[CRITICAL]`
- Create and execute compliance runs with trusted snapshots, d...
- 📦 **backend.src.services.clean_release.compliance_orchestrator** (Module) `[CRITICAL]`
- Execute mandatory clean compliance stages and produce final ...
- 📦 **backend.src.services.clean_release.manifest_builder** (Module)
- Build deterministic distribution manifest from classified ar...
- 📦 **backend.src.services.clean_release.policy_engine** (Module) `[CRITICAL]`
- Evaluate artifact/source policies for enterprise clean profi...
- 📦 **backend.src.services.clean_release.preparation_service** (Module)
- Prepare release candidate by policy evaluation and determini...
- 📦 **backend.src.services.clean_release.report_builder** (Module) `[CRITICAL]`
- Build and persist compliance reports with consistent counter...
**Dependencies:**
- 🔗 DEPENDS_ON -> backend.src.core.config_manager
- 🔗 DEPENDS_ON -> backend.src.core.logger
- 🔗 DEPENDS_ON -> backend.src.models.clean_release
- 🔗 DEPENDS_ON -> backend.src.models.clean_release.CleanProfilePolicy
- 🔗 DEPENDS_ON -> backend.src.models.clean_release.ResourceSourceRegistry
- 🔗 DEPENDS_ON -> backend.src.services.clean_release.manifest_builder
### 📁 `__tests__/`
- 🏗️ **Layers:** Domain, Infra, Unknown
- 📊 **Tiers:** STANDARD: 25, TRIVIAL: 25
- 📊 **Tiers:** STANDARD: 18, TRIVIAL: 25
- 📄 **Files:** 8
- 📦 **Entities:** 50
- 📦 **Entities:** 43
**Key Entities:**
@@ -724,117 +698,6 @@
- 📦 **test_policy_engine** (Module) `[TRIVIAL]`
- Auto-generated module for backend/src/services/clean_release...
**Dependencies:**
- 🔗 DEPENDS_ON -> backend.src.services.clean_release.preparation_service:Module
### 📁 `repositories/`
- 🏗️ **Layers:** Infra
- 📊 **Tiers:** STANDARD: 10, TRIVIAL: 46
- 📄 **Files:** 10
- 📦 **Entities:** 56
**Key Entities:**
- 📦 **approval_repository** (Module)
- Persist and query approval decisions.
- 📦 **artifact_repository** (Module)
- Persist and query candidate artifacts.
- 📦 **audit_repository** (Module)
- Persist and query audit logs for clean release operations.
- 📦 **candidate_repository** (Module)
- Persist and query release candidates.
- 📦 **clean_release_repositories** (Module)
- Export all clean release repositories.
- 📦 **compliance_repository** (Module)
- Persist and query compliance runs, stage runs, and violation...
- 📦 **manifest_repository** (Module)
- Persist and query distribution manifests.
- 📦 **policy_repository** (Module)
- Persist and query policy and registry snapshots.
- 📦 **publication_repository** (Module)
- Persist and query publication records.
- 📦 **report_repository** (Module)
- Persist and query compliance reports.
### 📁 `stages/`
- 🏗️ **Layers:** Domain
- 📊 **Tiers:** STANDARD: 19, TRIVIAL: 5
- 📄 **Files:** 6
- 📦 **Entities:** 24
**Key Entities:**
- **ComplianceStage** (Class)
- Protocol for pluggable stage implementations.
- **ComplianceStageContext** (Class)
- Immutable input envelope passed to each compliance stage.
- **DataPurityStage** (Class)
- Validate manifest summary for prohibited artifacts.
- **InternalSourcesOnlyStage** (Class)
- Enforce internal-source-only policy from trusted registry sn...
- **ManifestConsistencyStage** (Class)
- Validate run/manifest linkage consistency.
- **NoExternalEndpointsStage** (Class)
- Validate endpoint references from manifest against trusted r...
- **StageExecutionResult** (Class)
- Structured stage output containing decision, details and vio...
- 📦 **backend.src.services.clean_release.stages** (Module)
- Define compliance stage order and helper functions for deter...
- 📦 **backend.src.services.clean_release.stages.base** (Module)
- Define shared contracts and helpers for pluggable clean-rele...
- 📦 **backend.src.services.clean_release.stages.data_purity** (Module)
- Evaluate manifest purity counters and emit blocking violatio...
**Dependencies:**
- 🔗 DEPENDS_ON -> backend.src.models.clean_release
- 🔗 DEPENDS_ON -> backend.src.services.clean_release.stages.base
- 🔗 IMPLEMENTS -> backend.src.services.clean_release.stages.base.ComplianceStage
### 📁 `notifications/`
- 🏗️ **Layers:** Domain, Infra
- 📊 **Tiers:** CRITICAL: 2, STANDARD: 5, TRIVIAL: 14
- 📄 **Files:** 2
- 📦 **Entities:** 21
**Key Entities:**
- **NotificationProvider** (Class)
- Abstract base class for all notification providers.
- **NotificationService** (Class)
- Routes validation reports to appropriate users and channels.
- **SMTPProvider** (Class)
- Delivers notifications via SMTP.
- **SlackProvider** (Class)
- Delivers notifications via Slack Webhooks or API.
- **TelegramProvider** (Class)
- Delivers notifications via Telegram Bot API.
- 📦 **backend.src.services.notifications.providers** (Module) `[CRITICAL]`
- Defines abstract base and concrete implementations for exter...
- 📦 **backend.src.services.notifications.service** (Module) `[CRITICAL]`
- Orchestrates notification routing based on user preferences ...
**Dependencies:**
- 🔗 DEPENDS_ON -> backend.src.models.llm
- 🔗 DEPENDS_ON -> backend.src.services.notifications.providers
- 🔗 DEPENDS_ON -> backend.src.services.profile_service
### 📁 `__tests__/`
- 📊 **Tiers:** STANDARD: 1, TRIVIAL: 9
- 📄 **Files:** 1
- 📦 **Entities:** 10
**Key Entities:**
- 📦 **backend.src.services.notifications.__tests__.test_notification_service** (Module)
- Unit tests for NotificationService routing and dispatch logi...
### 📁 `reports/`
- 🏗️ **Layers:** Domain
@@ -864,9 +727,9 @@
### 📁 `__tests__/`
- 🏗️ **Layers:** Domain, Domain (Tests), Unknown
- 📊 **Tiers:** STANDARD: 2, TRIVIAL: 25
- 📊 **Tiers:** STANDARD: 2, TRIVIAL: 24
- 📄 **Files:** 3
- 📦 **Entities:** 27
- 📦 **Entities:** 26
**Key Entities:**
@@ -941,56 +804,15 @@
### 📁 `scripts/`
- 🏗️ **Layers:** Domain, Scripts
- 📊 **Tiers:** STANDARD: 3, TRIVIAL: 17
- 📄 **Files:** 3
- 📦 **Entities:** 20
- 🏗️ **Layers:** Scripts
- 📊 **Tiers:** STANDARD: 1, TRIVIAL: 7
- 📄 **Files:** 1
- 📦 **Entities:** 8
**Key Entities:**
- 📦 **backend.tests.scripts.test_clean_release_tui** (Module)
- Unit tests for the interactive curses TUI of the clean relea...
- 📦 **test_clean_release_cli** (Module)
- Smoke tests for the redesigned clean release CLI.
- 📦 **test_clean_release_tui_v2** (Module)
- Smoke tests for thin-client TUI action dispatch and blocked ...
### 📁 `clean_release/`
- 🏗️ **Layers:** Tests
- 📊 **Tiers:** STANDARD: 40, TRIVIAL: 16
- 📄 **Files:** 8
- 📦 **Entities:** 56
**Key Entities:**
- **CleanReleaseCompliancePlugin** (Class)
- TaskManager plugin shim that executes clean release complian...
- **_PluginLoaderStub** (Class)
- Provide minimal plugin loader contract used by TaskManager i...
- 📦 **backend.tests.services.clean_release.test_approval_service** (Module)
- Define approval gate contracts for approve/reject operations...
- 📦 **backend.tests.services.clean_release.test_compliance_execution_service** (Module)
- Validate stage pipeline and run finalization contracts for c...
- 📦 **backend.tests.services.clean_release.test_compliance_task_integration** (Module)
- Verify clean release compliance runs execute through TaskMan...
- 📦 **backend.tests.services.clean_release.test_demo_mode_isolation** (Module)
- Verify demo and real mode namespace isolation contracts befo...
- 📦 **backend.tests.services.clean_release.test_policy_resolution_service** (Module)
- Verify trusted policy snapshot resolution contract and error...
- 📦 **backend.tests.services.clean_release.test_publication_service** (Module)
- Define publication gate contracts over approved candidates a...
- 📦 **backend.tests.services.clean_release.test_report_audit_immutability** (Module)
- Validate report snapshot immutability expectations and appen...
- 📦 **test_candidate_manifest_services** (Module)
- Test lifecycle and manifest versioning for release candidate...
**Dependencies:**
- 🔗 DEPENDS_ON -> backend.src.services.clean_release.demo_data_service
- 🔗 DEPENDS_ON -> backend.src.services.clean_release.exceptions
- 🔗 DEPENDS_ON -> backend.src.services.clean_release.policy_resolution_service
- 🔗 DEPENDS_ON -> backend.src.services.clean_release.repository
### 📁 `components/`
@@ -1036,17 +858,15 @@
### 📁 `auth/`
- 🏗️ **Layers:** UI
- 📊 **Tiers:** CRITICAL: 2, STANDARD: 1
- 🏗️ **Layers:** Component
- 📊 **Tiers:** CRITICAL: 2
- 📄 **Files:** 1
- 📦 **Entities:** 3
- 📦 **Entities:** 2
**Key Entities:**
- 🧩 **ProtectedRoute** (Component) `[CRITICAL]`
- Wraps protected slot content with session and permission ver...
- 📦 **ProtectedRoute.svelte** (Module)
- Enforces authenticated and authorized access before protecte...
- Wraps content to ensure only authenticated and authorized us...
### 📁 `git/`
@@ -1208,7 +1028,7 @@
**Dependencies:**
- 🔗 DEPENDS_ON -> DEF:api_module
- 🔗 DEPENDS_ON -> [DEF:api_module]
- 🔗 DEPENDS_ON -> frontend.src.lib.api.api_module
### 📁 `__tests__/`
@@ -1281,22 +1101,6 @@
- 📦 **frontend.src.lib.components.assistant.__tests__.assistant_chat_integration** (Module)
- Contract-level integration checks for assistant chat panel i...
### 📁 `health/`
- 🏗️ **Layers:** UI/Component, Unknown
- 📊 **Tiers:** STANDARD: 2, TRIVIAL: 3
- 📄 **Files:** 2
- 📦 **Entities:** 5
**Key Entities:**
- 🧩 **HealthMatrix** (Component)
- Visual grid/matrix representing the health status of dashboa...
- 🧩 **PolicyForm** (Component)
- Form for creating and editing validation policies.
- 📦 **PolicyForm** (Module) `[TRIVIAL]`
- Auto-generated module for frontend/src/lib/components/health...
### 📁 `layout/`
- 🏗️ **Layers:** UI, Unknown
@@ -1431,16 +1235,14 @@
### 📁 `stores/`
- 🏗️ **Layers:** UI, UI-State, Unknown
- 📊 **Tiers:** CRITICAL: 1, STANDARD: 9, TRIVIAL: 28
- 📄 **Files:** 6
- 📦 **Entities:** 38
- 📊 **Tiers:** CRITICAL: 1, STANDARD: 8, TRIVIAL: 25
- 📄 **Files:** 5
- 📦 **Entities:** 34
**Key Entities:**
- 📦 **environmentContext** (Module) `[TRIVIAL]`
- Auto-generated module for frontend/src/lib/stores/environmen...
- 📦 **health** (Module) `[TRIVIAL]`
- Auto-generated module for frontend/src/lib/stores/health.js
- 📦 **sidebar** (Module) `[TRIVIAL]`
- Auto-generated module for frontend/src/lib/stores/sidebar.js
- 📦 **taskDrawer** (Module) `[TRIVIAL]`
@@ -1451,8 +1253,6 @@
- Control assistant chat panel visibility and active conversat...
- 🗄️ **environmentContext** (Store)
- Global selected environment context for navigation and safet...
- 🗄️ **health_store** (Store)
- Manage dashboard health summary state and failing counts for...
- 🗄️ **sidebar** (Store)
- Manage sidebar visibility and navigation state
- 🗄️ **taskDrawer** (Store) `[CRITICAL]`
@@ -1461,7 +1261,6 @@
**Dependencies:**
- 🔗 DEPENDS_ON -> WebSocket connection, taskDrawer store
- 🔗 DEPENDS_ON -> api.getHealthSummary
### 📁 `__tests__/`
@@ -1654,20 +1453,6 @@
- 📦 **frontend.src.routes.dashboards.__tests__.dashboard_profile_override_integration** (Module)
- Verifies temporary show-all override and restore-on-return b...
### 📁 `health/`
- 🏗️ **Layers:** UI/Page, Unknown
- 📊 **Tiers:** STANDARD: 1, TRIVIAL: 3
- 📄 **Files:** 1
- 📦 **Entities:** 4
**Key Entities:**
- 🧩 **HealthCenterPage** (Component)
- Main page for the Dashboard Health Center.
- 📦 **+page** (Module) `[TRIVIAL]`
- Auto-generated module for frontend/src/routes/dashboards/hea...
### 📁 `datasets/`
- 🏗️ **Layers:** UI, Unknown
@@ -1718,26 +1503,28 @@
### 📁 `migration/`
- 📊 **Tiers:** CRITICAL: 21
- 🏗️ **Layers:** Page
- 📊 **Tiers:** CRITICAL: 11
- 📄 **Files:** 1
- 📦 **Entities:** 21
- 📦 **Entities:** 11
**Key Entities:**
- 🧩 **DashboardSelectionSection** (Component) `[CRITICAL]`
- 🧩 **MigrationDashboard** (Component) `[CRITICAL]`
- Orchestrate migration UI workflow and route user actions to ...
- Main dashboard for configuring and starting migrations.
### 📁 `mappings/`
- 📊 **Tiers:** CRITICAL: 8
- 🏗️ **Layers:** Page
- 📊 **Tiers:** CRITICAL: 4
- 📄 **Files:** 1
- 📦 **Entities:** 8
- 📦 **Entities:** 4
**Key Entities:**
- 🗄️ **UiState** (Store) `[CRITICAL]`
- Maintain local page state for environments, fetched database...
- 🧩 **MappingManagement** (Component) `[CRITICAL]`
- Page for managing database mappings between environments.
### 📁 `profile/`
@@ -1814,20 +1601,6 @@
- 📦 **+page** (Module) `[TRIVIAL]`
- Auto-generated module for frontend/src/routes/settings/+page...
### 📁 `automation/`
- 🏗️ **Layers:** UI/Page, Unknown
- 📊 **Tiers:** STANDARD: 1, TRIVIAL: 7
- 📄 **Files:** 1
- 📦 **Entities:** 8
**Key Entities:**
- 🧩 **AutomationSettingsPage** (Component)
- Settings page for managing validation policies.
- 📦 **+page** (Module) `[TRIVIAL]`
- Auto-generated module for frontend/src/routes/settings/autom...
### 📁 `connections/`
- 🏗️ **Layers:** UI
@@ -1863,20 +1636,6 @@
- 📦 **frontend.src.routes.settings.git.__tests__.git_settings_page_ux_test** (Module)
- Test UX states and transitions for the Git Settings page
### 📁 `notifications/`
- 🏗️ **Layers:** UI, Unknown
- 📊 **Tiers:** STANDARD: 1, TRIVIAL: 3
- 📄 **Files:** 1
- 📦 **Entities:** 4
**Key Entities:**
- 🧩 **NotificationSettingsPage** (Component)
- Manage global notification provider configurations (SMTP, Te...
- 📦 **+page** (Module) `[TRIVIAL]`
- Auto-generated module for frontend/src/routes/settings/notif...
### 📁 `storage/`
- 🏗️ **Layers:** Page
@@ -1972,9 +1731,9 @@
### 📁 `root/`
- 🏗️ **Layers:** DevOps/Tooling, Unknown
- 📊 **Tiers:** CRITICAL: 11, STANDARD: 18, TRIVIAL: 10
- 📄 **Files:** 2
- 📦 **Entities:** 39
- 📊 **Tiers:** CRITICAL: 11, STANDARD: 17, TRIVIAL: 12
- 📄 **Files:** 3
- 📦 **Entities:** 40
**Key Entities:**
@@ -1992,6 +1751,8 @@
- Auto-generated module for check_test_data.py
- 📦 **generate_semantic_map** (Module)
- Scans the codebase to generate a Semantic Map, Module Map, a...
- 📦 **test_pat_retrieve** (Module) `[TRIVIAL]`
- Auto-generated module for test_pat_retrieve.py
## Cross-Module Dependencies
@@ -2009,11 +1770,6 @@ graph TD
routes-->|DEPENDS_ON|backend
routes-->|DEPENDS_ON|backend
routes-->|DEPENDS_ON|backend
routes-->|DEPENDS_ON|backend
routes-->|DEPENDS_ON|backend
routes-->|DEPENDS_ON|backend
routes-->|DEPENDS_ON|backend
routes-->|DEPENDS_ON|backend
routes-->|USES|backend
routes-->|USES|backend
routes-->|CALLS|backend
@@ -2043,7 +1799,6 @@ graph TD
__tests__-->|TESTS|backend
__tests__-->|TESTS|backend
__tests__-->|TESTS|backend
__tests__-->|TESTS|backend
__tests__-->|DEPENDS_ON|backend
__tests__-->|DEPENDS_ON|backend
__tests__-->|VERIFIES|backend
@@ -2055,27 +1810,20 @@ graph TD
core-->|DEPENDS_ON|backend
core-->|DEPENDS_ON|backend
core-->|DEPENDS_ON|backend
core-->|DEPENDS_ON|backend
core-->|DEPENDS_ON|backend
__tests__-->|TESTS|backend
auth-->|USES|backend
auth-->|USES|backend
auth-->|USES|backend
auth-->|DEPENDS_ON|backend
auth-->|DEPENDS_ON|backend
auth-->|DEPENDS_ON|backend
auth-->|USES|backend
migration-->|DEPENDS_ON|backend
migration-->|DEPENDS_ON|backend
migration-->|DEPENDS_ON|backend
migration-->|DEPENDS_ON|backend
migration-->|DEPENDS_ON|backend
migration-->|DEPENDS_ON|backend
migration-->|DISPATCHES|backend
migration-->|USED_BY|backend
utils-->|DEPENDS_ON|backend
utils-->|DEPENDS_ON|backend
utils-->|DEPENDS_ON|backend
utils-->|DEPENDS_ON|backend
models-->|DEPENDS_ON|backend
models-->|INHERITS_FROM|backend
models-->|DEPENDS_ON|backend
models-->|DEPENDS_ON|backend
@@ -2112,11 +1860,9 @@ graph TD
services-->|DEPENDS_ON|backend
services-->|CALLS|backend
services-->|DEPENDS_ON|backend
services-->|DEPENDS_ON|backend
services-->|DEPENDS_ON|backend
services-->|DEPENDS_ON|backend
services-->|DEPENDS_ON|backend
services-->|DEPENDS_ON|backend
services-->|USES|backend
services-->|USES|backend
services-->|USES|backend
services-->|DEPENDS_ON|backend
services-->|DEPENDS_ON|backend
__tests__-->|TESTS|backend
@@ -2138,46 +1884,13 @@ graph TD
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
__tests__-->|TESTS|backend
__tests__-->|TESTS|backend
__tests__-->|TESTS|backend
__tests__-->|VERIFIES|backend
__tests__-->|TESTS|backend
__tests__-->|TESTS|backend
__tests__-->|DEPENDS_ON|backend
stages-->|IMPLEMENTS|backend
stages-->|DEPENDS_ON|backend
stages-->|IMPLEMENTS|backend
stages-->|DEPENDS_ON|backend
stages-->|IMPLEMENTS|backend
stages-->|DEPENDS_ON|backend
stages-->|CALLED_BY|backend
stages-->|DEPENDS_ON|backend
stages-->|IMPLEMENTS|backend
stages-->|DEPENDS_ON|backend
stages-->|DEPENDS_ON|backend
notifications-->|DEPENDS_ON|backend
notifications-->|DEPENDS_ON|backend
notifications-->|DEPENDS_ON|backend
__tests__-->|TESTS|backend
reports-->|DEPENDS_ON|backend
reports-->|DEPENDS_ON|backend
reports-->|DEPENDS_ON|backend
@@ -2194,15 +1907,6 @@ graph TD
migration-->|VERIFIES|backend
migration-->|VERIFIES|backend
scripts-->|TESTS|backend
scripts-->|TESTS|backend
clean_release-->|TESTS|backend
clean_release-->|TESTS|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|DEPENDS_ON|backend
clean_release-->|TESTS|backend
clean_release-->|TESTS|backend
__tests__-->|VERIFIES|components
__tests__-->|VERIFIES|components
__tests__-->|VERIFIES|components

1425
.ai/PROJECT_MAP.md
View File

File diff suppressed because it is too large Load Diff

37
.ai/shots/backend_route.py
View File

@@ -1,4 +1,4 @@
#[DEF:BackendRouteShot:Module]
# [DEF:BackendRouteShot:Module]
# @TIER: STANDARD
# @SEMANTICS: Route, Task, API, Async
# @PURPOSE: Reference implementation of a task-based route using GRACE-Poly.
@@ -9,66 +9,53 @@
from typing import Dict, Any
from fastapi import APIRouter, Depends, HTTPException, status
from pydantic import BaseModel
# GRACE: Правильный импорт глобального логгера и scope
from ...core.logger import logger, belief_scope
from ...core.logger import belief_scope
from ...core.task_manager import TaskManager, Task
from ...core.config_manager import ConfigManager
from ...dependencies import get_task_manager, get_config_manager, get_current_user
router = APIRouter()
# [DEF:CreateTaskRequest:Class]
# @PURPOSE: DTO for task creation payload.
class CreateTaskRequest(BaseModel):
plugin_id: str
params: Dict[str, Any]
# [/DEF:CreateTaskRequest:Class]
@router.post("/tasks", response_model=Task, status_code=status.HTTP_201_CREATED)
# [DEF:create_task:Function]
# @PURPOSE: Create and start a new task using TaskManager. Non-blocking.
# @DATA_CONTRACT: Input -> CreateTaskRequest, Output -> Task
# @PARAM: request (CreateTaskRequest) - Plugin and params.
# @PARAM: task_manager (TaskManager) - Async task executor.
# @PRE: plugin_id must match a registered plugin.
# @POST: A new task is spawned; Task object returned immediately.
# @SIDE_EFFECT: Writes to DB, Triggers background worker.
#
# @UX_STATE: Success -> 201 Created
# @UX_STATE: Error(Validation) -> 400 Bad Request
# @UX_STATE: Error(System) -> 500 Internal Server Error
@router.post("/tasks", response_model=Task, status_code=status.HTTP_201_CREATED)
# @POST: A new task is spawned; Task ID returned immediately.
# @SIDE_EFFECT: Writes to DB, Trigger background worker.
async def create_task(
request: CreateTaskRequest,
task_manager: TaskManager = Depends(get_task_manager),
config: ConfigManager = Depends(get_config_manager),
current_user = Depends(get_current_user)
):
# GRACE: Открываем семантическую транзакцию
# Context Logging
with belief_scope("create_task"):
try:
# GRACE: [REASON] - Фиксируем начало дедуктивной цепочки
logger.reason("Resolving configuration and spawning task", extra={"plugin_id": request.plugin_id})
# 1. Action: Configuration Resolution
timeout = config.get("TASKS_DEFAULT_TIMEOUT", 3600)
# 2. Action: Spawn async task
# @RELATION: CALLS -> task_manager.create_task
task = await task_manager.create_task(
plugin_id=request.plugin_id,
params={**request.params, "timeout": timeout}
)
# GRACE:[REFLECT] - Подтверждаем выполнение @POST перед выходом
logger.reflect("Task spawned successfully", extra={"task_id": task.id})
return task
except ValueError as e:
# GRACE: [EXPLORE] - Обработка ожидаемого отклонения
logger.explore("Domain validation error during task creation", exc_info=e)
# 3. Recovery: Domain logic error mapping
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=str(e)
)
except Exception as e:
# GRACE: [EXPLORE] - Обработка критического сбоя
logger.explore("Internal Task Spawning Error", exc_info=e)
# @UX_STATE: Error feedback -> 500 Internal Error
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail="Internal Task Spawning Error"

63
.ai/shots/critical_module.py
View File

@@ -3,28 +3,34 @@
# @SEMANTICS: Finance, ACID, Transfer, Ledger
# @PURPOSE: Core banking transaction processor with ACID guarantees.
# @LAYER: Domain (Core)
# @RELATION: DEPENDS_ON -> [DEF:Infra:PostgresDB]
# @RELATION: DEPENDS_ON ->[DEF:Infra:PostgresDB]
#
# @INVARIANT: Total system balance must remain constant (Double-Entry Bookkeeping).
# @INVARIANT: Negative transfers are strictly forbidden.
# --- Test Specifications ---
# @TEST_CONTRACT: TransferRequestDTO -> TransferResultDTO
# --- Test Specifications (The "What" and "Why", not the "Data") ---
# @TEST_CONTRACT: Input -> TransferInputDTO, Output -> TransferResultDTO
# Happy Path
# @TEST_SCENARIO: sufficient_funds -> Returns COMPLETED, balances updated.
# @TEST_FIXTURE: sufficient_funds -> file:./__tests__/fixtures/transfers.json#happy_path
# @TEST_EDGE: insufficient_funds -> Throws BusinessRuleViolation("INSUFFICIENT_FUNDS").
# @TEST_EDGE: negative_amount -> Throws BusinessRuleViolation("Transfer amount must be positive.").
# @TEST_EDGE: concurrency_conflict -> Throws DBTransactionError.
#
# Edge Cases (CRITICAL)
# @TEST_SCENARIO: insufficient_funds -> Throws BusinessRuleViolation("INSUFFICIENT_FUNDS").
# @TEST_SCENARIO: negative_amount -> Throws BusinessRuleViolation("Transfer amount must be positive.").
# @TEST_SCENARIO: self_transfer -> Throws BusinessRuleViolation("Cannot transfer to self.").
# @TEST_SCENARIO: audit_failure -> Throws RuntimeError("TRANSACTION_ABORTED").
# @TEST_SCENARIO: concurrency_conflict -> Throws DBTransactionError.
# Linking Tests to Invariants
# @TEST_INVARIANT: total_balance_constant -> VERIFIED_BY: [sufficient_funds, concurrency_conflict]
# @TEST_INVARIANT: negative_transfer_forbidden -> VERIFIED_BY: [negative_amount]
from decimal import Decimal
from typing import NamedTuple
# GRACE: Импорт глобального логгера с семантическими методами
from ...core.logger import logger, belief_scope
from ...core.logger import belief_scope
from ...core.db import atomic_transaction, get_balance, update_balance
from ...core.audit import log_audit_trail
from ...core.exceptions import BusinessRuleViolation
class TransferResult(NamedTuple):
@@ -34,54 +40,55 @@ class TransferResult(NamedTuple):
# [DEF:execute_transfer:Function]
# @PURPOSE: Atomically move funds between accounts with audit trails.
# @DATA_CONTRACT: Input -> (sender_id: str, receiver_id: str, amount: Decimal), Output -> TransferResult
# @PARAM: sender_id (str) - Source account.
# @PARAM: receiver_id (str) - Destination account.
# @PARAM: amount (Decimal) - Positive amount to transfer.
# @PRE: amount > 0; sender != receiver; sender_balance >= amount.
# @POST: sender_balance -= amount; receiver_balance += amount; Audit Record Created.
# @SIDE_EFFECT: Database mutation (Rows locked), Audit IO.
#
# @UX_STATE: Success -> Returns 200 OK + Transaction Receipt.
# @UX_STATE: Error(LowBalance) -> 422 Unprocessable -> UI shows "Top-up needed" modal.
# @UX_STATE: Error(System) -> 500 Internal -> UI shows "Retry later" toast.
def execute_transfer(sender_id: str, receiver_id: str, amount: Decimal) -> TransferResult:
# Guard: Input Validation (Вне belief_scope, так как это trivial проверка)
# Guard: Input Validation
if amount <= Decimal("0.00"):
raise BusinessRuleViolation("Transfer amount must be positive.")
if sender_id == receiver_id:
raise BusinessRuleViolation("Cannot transfer to self.")
# GRACE: Используем strict Context Manager без 'as context'
with belief_scope("execute_transfer"):
# GRACE: [REASON] - Жесткая дедукция, начало алгоритма
logger.reason("Initiating transfer", extra={"from": sender_id, "to": receiver_id, "amount": amount})
with belief_scope("execute_transfer") as context:
context.logger.info("Initiating transfer", data={"from": sender_id, "to": receiver_id})
try:
# 1. Action: Atomic DB Transaction
# @RELATION: CALLS -> atomic_transaction
with atomic_transaction():
# Guard: State Validation (Strict)
current_balance = get_balance(sender_id, for_update=True)
if current_balance < amount:
# GRACE: [EXPLORE] - Отклонение от Happy Path (фолбэк/ошибка)
logger.explore("Insufficient funds validation hit", extra={"balance": current_balance})
# @UX_FEEDBACK: Triggers specific UI flow for insufficient funds
context.logger.warn("Insufficient funds", data={"balance": current_balance})
raise BusinessRuleViolation("INSUFFICIENT_FUNDS")
# Mutation
# 2. Action: Mutation
new_src_bal = update_balance(sender_id, -amount)
new_dst_bal = update_balance(receiver_id, +amount)
# Audit
tx_id = log_audit_trail("TRANSFER", sender_id, receiver_id, amount)
# GRACE:[REFLECT] - Сверка с @POST перед возвратом
logger.reflect("Transfer committed successfully", extra={"tx_id": tx_id, "new_balance": new_src_bal})
# 3. Action: Audit
tx_id = context.audit.log_transfer(sender_id, receiver_id, amount)
context.logger.info("Transfer committed", data={"tx_id": tx_id})
return TransferResult(tx_id, "COMPLETED", new_src_bal)
except BusinessRuleViolation as e:
# Explicit re-raise for UI mapping
# Logic: Explicit re-raise for UI mapping
raise e
except Exception as e:
# GRACE: [EXPLORE] - Неожиданный сбой
logger.explore("Critical Transfer Failure", exc_info=e)
# Logic: Catch-all safety net
context.logger.error("Critical Transfer Failure", error=e)
raise RuntimeError("TRANSACTION_ABORTED") from e
#[/DEF:execute_transfer:Function]
# [/DEF:execute_transfer:Function]
# [/DEF:TransactionCore:Module]

75
.ai/shots/frontend_component.svelte
View File

@@ -11,27 +11,45 @@
* @INVARIANT: Loading state must always terminate (no infinite spinner).
* @INVARIANT: User must receive feedback on both success and failure.
*
* @UX_REACTIVITY: Props -> $props(), LocalState -> $state(isLoading).
*
* @TEST_CONTRACT: ComponentState ->
* {
* required_fields: { isLoading: bool },
* invariants:[
* required_fields: {
* isLoading: bool
* },
* invariants: [
* "isLoading=true implies button.disabled=true",
* "isLoading=true implies aria-busy=true"
* "isLoading=true implies aria-busy=true",
* "isLoading=true implies spinner visible"
* ]
* }
*
* @TEST_FIXTURE: idle_state -> { isLoading: false }
* @TEST_FIXTURE: successful_response -> { task_id: "task_123" }
*
* @TEST_CONTRACT: ApiResponse ->
* {
* required_fields: {},
* optional_fields: {
* task_id: str
* }
* }
* @TEST_FIXTURE: idle_state ->
* {
* isLoading: false
* }
*
* @TEST_FIXTURE: successful_response ->
* {
* task_id: "task_123"
* }
* @TEST_EDGE: api_failure -> raises Error("Network")
* @TEST_EDGE: empty_response -> {}
* @TEST_EDGE: rapid_double_click -> special: concurrent_click
*
* @TEST_INVARIANT: prevent_double_submission -> VERIFIED_BY:[rapid_double_click]
* @TEST_INVARIANT: feedback_always_emitted -> VERIFIED_BY:[successful_response, api_failure]
*
* @TEST_EDGE: unresolved_promise -> special: pending_state
* @TEST_INVARIANT: prevent_double_submission -> verifies: [rapid_double_click]
* @TEST_INVARIANT: loading_state_consistency -> verifies: [idle_state, pending_state]
* @TEST_INVARIANT: feedback_always_emitted -> verifies: [successful_response, api_failure]
* @UX_STATE: Idle -> Button enabled, primary color, no spinner.
* @UX_STATE: Loading -> Button disabled, spinner visible, aria-busy=true.
* @UX_STATE: Success -> Toast success displayed.
@@ -41,39 +59,44 @@
*
* @UX_TEST: Idle -> {click: spawnTask, expected: isLoading=true}
* @UX_TEST: Loading -> {double_click: ignored, expected: single_api_call}
*/
* @UX_TEST: Success -> {api_resolve: task_id, expected: toast.success called}
* @UX_TEST: Error -> {api_reject: error, expected: toast.error called}
-->
<script>
import { postApi } from "$lib/api.js";
import { t } from "$lib/i18n";
import { toast } from "$lib/stores/toast";
// GRACE Svelte 5 Runes
let { plugin_id = "", params = {} } = $props();
let isLoading = $state(false);
export let plugin_id = "";
export let params = {};
let isLoading = false;
// [DEF:spawnTask:Function]
/**
* @PURPOSE: Execute task creation request and emit user feedback.
* @PRE: plugin_id is resolved and request params are serializable.
* @POST: isLoading is reset and user receives success/error feedback.
* @purpose Execute task creation request and emit user feedback.
* @pre plugin_id is resolved and request params are serializable.
* @post isLoading is reset and user receives success/error feedback.
*/
async function spawnTask() {
isLoading = true;
console.info("[spawnTask][REASON] Spawning task...", { plugin_id });
console.log("[FrontendComponentShot][Loading] Spawning task...");
try {
// 1. Action: API Call
const response = await postApi("/api/tasks", { plugin_id, params });
const response = await postApi("/api/tasks", {
plugin_id,
params
});
// 2. Feedback: Success validation
// 2. Feedback: Success
if (response.task_id) {
console.info("[spawnTask][REFLECT] Task created.", { task_id: response.task_id });
console.log("[FrontendComponentShot][Success] Task created.");
toast.success($t.tasks.spawned_success);
}
} catch (error) {
// 3. Recovery: Error handling & fallback logic
console.error("[spawnTask][EXPLORE] Failed to spawn task. Notifying user.", { error });
// 3. Recovery: User notification
console.log("[FrontendComponentShot][Error] Failed:", error);
toast.error(`${$t.errors.task_failed}: ${error.message}`);
} finally {
isLoading = false;
@@ -83,7 +106,7 @@
</script>
<button
onclick={spawnTask}
on:click={spawnTask}
disabled={isLoading}
class="btn-primary flex items-center gap-2"
aria-busy={isLoading}

51
.ai/shots/plugin_example.py
View File

@@ -9,19 +9,15 @@
from typing import Dict, Any, Optional
from ..core.plugin_base import PluginBase
from ..core.task_manager.context import TaskContext
# GRACE: Обязательный импорт семантического логгера
from ..core.logger import logger, belief_scope
# [DEF:ExamplePlugin:Class]
# @PURPOSE: A sample plugin to demonstrate execution context and logging.
class ExamplePlugin(PluginBase):
@property
def id(self) -> str:
return "example-plugin"
#[DEF:get_schema:Function]
# [DEF:get_schema:Function]
# @PURPOSE: Defines input validation schema.
# @DATA_CONTRACT: Input -> None, Output -> Dict (JSON Schema draft 7)
# @POST: Returns dict compliant with JSON Schema draft 7.
def get_schema(self) -> Dict[str, Any]:
return {
"type": "object",
@@ -33,43 +29,36 @@ class ExamplePlugin(PluginBase):
},
"required": ["message"],
}
#[/DEF:get_schema:Function]
# [/DEF:get_schema:Function]
# [DEF:execute:Function]
# @PURPOSE: Core plugin logic with structured logging and scope isolation.
# @DATA_CONTRACT: Input -> (params: Dict, context: Optional[TaskContext]), Output -> None
# @PRE: params must be validated against get_schema() before calling.
# @POST: Plugin payload is processed; progress is reported if context exists.
# @SIDE_EFFECT: Emits logs to centralized system and TaskContext.
async def execute(self, params: Dict, context: Optional[TaskContext] = None):
message = params.get("message", "Fallback")
# @PARAM: params (Dict) - Validated input parameters.
# @PARAM: context (TaskContext) - Execution tools (log, progress).
# @SIDE_EFFECT: Emits logs to centralized system.
async def execute(self, params: Dict, context: Optional = None):
message = params
# GRACE: Изоляция мыслей ИИ в Thread-Local scope
with belief_scope("example_plugin_exec"):
# 1. Action: System-level tracing (Rule VI)
with belief_scope("example_plugin_exec") as b_scope:
if context:
# Task Logs: Пишем в пользовательский контекст выполнения задачи
# @RELATION: BINDS_TO -> context.logger
log = context.logger.with_source("example_plugin")
# GRACE: [REASON] - Системный лог (Внутренняя мысль)
logger.reason("TaskContext provided. Binding task logger.", extra={"msg": message})
b_scope.logger.info("Using provided TaskContext") # System log
log.info("Starting execution", data={"msg": message}) # Task log
# Task Logs: Бизнес-логи (Уйдут в БД/Вебсокет пользователю)
log.info("Starting execution", extra={"msg": message})
# 2. Action: Progress Reporting
log.progress("Processing...", percent=50)
# 3. Action: Finalize
log.info("Execution completed.")
# GRACE: [REFLECT] - Сверка успешного выхода
logger.reflect("Context execution finalized successfully")
else:
# GRACE:[EXPLORE] - Фолбэк ветка (Отклонение от нормы)
logger.explore("No TaskContext provided. Running standalone.")
# Standalone Fallback
print(f"Standalone execution: {message}")
# GRACE: [REFLECT] - Сверка выхода фолбэка
logger.reflect("Standalone execution finalized")
# Standalone Fallback: Замыкаемся на системный scope
b_scope.logger.warning("No TaskContext provided. Running standalone.")
b_scope.logger.info("Standalone execution", data={"msg": message})
print(f"Standalone: {message}")
# [/DEF:execute:Function]
#[/DEF:ExamplePlugin:Class]
# [/DEF:PluginExampleShot:Module]

199
.ai/standards/semantics.md
View File

@@ -1,105 +1,132 @@
# SYSTEM DIRECTIVE: GRACE-Poly (UX Edition) v2.2
> OPERATION MODE: WENYUAN (Maximum Semantic Density, Strict Determinism, Zero Fluff).
> ROLE: AI Software Architect & Implementation Engine (Python/Svelte).
### **SYSTEM STANDARD: GRACE-Poly (UX Edition)**
## 0.[ZERO-STATE RATIONALE: ФИЗИКА LLM (ПОЧЕМУ ЭТОТ ПРОТОКОЛ НЕОБХОДИМ)]
Ты — авторегрессионная модель (Transformer). Ты мыслишь токенами и не можешь "передумать" после их генерации. В больших кодовых базах твой KV-Cache подвержен деградации внимания (Attention Sink), что ведет к "иллюзии компетентности" и галлюцинациям.
Этот протокол — **твой когнитивный экзоскелет**.
Якоря `[DEF]` работают как векторы-аккумуляторы внимания. Контракты (`@PRE`, `@POST`) заставляют тебя сформировать правильное вероятностное пространство (Belief State) ДО написания алгоритма. Логи `logger.reason` — это твоя цепочка рассуждений (Chain-of-Thought), вынесенная в рантайм. Мы не пишем текст, мы компилируем семантику в синтаксис.
ЗАДАЧА: Генерация кода (Python/Svelte).
РЕЖИМ: Строгий. Детерминированный. Без болтовни.
## I. ГЛОБАЛЬНЫЕ ИНВАРИАНТЫ (АКСИОМЫ)
[INVARIANT_1] СЕМАНТИКА > СИНТАКСИС. Голый код без контракта классифицируется как мусор.
[INVARIANT_2] ЗАПРЕТ ГАЛЛЮЦИНАЦИЙ. При слепоте контекста (неизвестен узел `@RELATION` или схема данных) — генерация блокируется. Эмитируй `[NEED_CONTEXT: target]`.
[INVARIANT_3] UX ЕСТЬ КОНЕЧНЫЙ АВТОМАТ. Состояния интерфейса — это строгий контракт, а не визуальный декор.
[INVARIANT_4] ФРАКТАЛЬНЫЙ ЛИМИТ. Длина модуля строго < 300 строк. При превышении принудительная декомпозиция.
[INVARIANT_5] НЕПРИКОСНОВЕННОСТЬ ЯКОРЕЙ. Блоки `[DEF]...[/DEF]` используются как аккумуляторы внимания. Закрывающий тег обязателен.
#### I. ЗАКОН (АКСИОМЫ)
1. Смысл первичен. Код вторичен.
2.Слепота недопустима. Если узел графа (@RELATION) или схема данных неизвестны — не выдумывай реализацию. Остановись и запроси контекст.
2. Контракт (@PRE/@POST) — источник истины.
**3. UX — это логика, а не декор. Состояния интерфейса — часть контракта.**
4. Структура `[DEF]...[/DEF]` — нерушима.
5. Архитектура в Header — неизменяема.
6. Сложность фрактала ограничена: модуль < 300 строк.
## II. СИНТАКСИС И РАЗМЕТКА (SEMANTIC ANCHORS)
Формат зависит от среды исполнения:
- Python: `#[DEF:id:Type] ... # [/DEF:id:Type]`
- Svelte (HTML/Markup): `<!--[DEF:id:Type] --> ... <!-- [/DEF:id:Type] -->`
- Svelte (Script/JS): `// [DEF:id:Type] ... //[/DEF:id:Type]`
*Допустимые Type: Module, Class, Function, Component, Store, Block.*
#### II. СИНТАКСИС (ЖЕСТКИЙ ФОРМАТ)
ЯКОРЬ (Контейнер):
Начало: `# [DEF:id:Type]` (Python) | `<!-- [DEF:id:Type] -->` (Svelte)
Конец: `# [/DEF:id:Type]` (Python) | `<!-- [/DEF:id:Type] -->` (Svelte) (ОБЯЗАТЕЛЬНО для аккумуляции)
Типы: Module, Class, Function, Component, Store.
**Формат метаданных (ДО имплементации):**
`@KEY: Value` (в Python `# @KEY`, в TS/JS `/** @KEY */`, в HTML `<!-- @KEY -->`).
ТЕГ (Метаданные):
Вид: `# @KEY: Value` (внутри DEF, до кода).
**Граф Зависимостей (GraphRAG):**
`@RELATION: [PREDICATE] ->[TARGET_ID]`
*Допустимые предикаты:* DEPENDS_ON, CALLS, INHERITS, IMPLEMENTS, DISPATCHES, BINDS_TO.
ГРАФ (Связи):
Вид: `# @RELATION: PREDICATE -> TARGET_ID`
Предикаты: DEPENDS_ON, CALLS, INHERITS, IMPLEMENTS, DISPATCHES, **BINDS_TO**.
## III. ТОПОЛОГИЯ ФАЙЛА (СТРОГИЙ ПОРЯДОК)
1. **HEADER (Заголовок):**[DEF:filename:Module]
@TIER: [CRITICAL | STANDARD | TRIVIAL]
#### III. СТРУКТУРА ФАЙЛА
1. HEADER (Всегда первый):
[DEF:filename:Module]
@TIER: [CRITICAL|STANDARD|TRIVIAL] (Дефолт: STANDARD)
@SEMANTICS: [keywords]
@PURPOSE: [Однострочная суть]
@LAYER: [Domain | UI | Infra]
@PURPOSE: [Главная цель]
@LAYER: [Domain/UI/Infra]
@RELATION: [Зависимости]
@INVARIANT: [Бизнес-правило, которое нельзя нарушить]
2. **BODY (Тело):** Импорты -> Реализация логики внутри вложенных `[DEF]`.
3. **FOOTER (Подвал):** [/DEF:filename:Module]
@INVARIANT: [Незыблемое правило]
2. BODY: Импорты -> Реализация.
3. FOOTER: [/DEF:filename]
## IV. КОНТРАКТЫ (DESIGN BY CONTRACT & UX)
Обязательны для TIER: CRITICAL и STANDARD. Заменяют стандартные Docstrings.
#### IV. КОНТРАКТ (DBC & UX)
Расположение: Внутри [DEF], ПЕРЕД кодом.
Стиль Python: Комментарии `# @TAG`.
Стиль Svelte: JSDoc `/** @tag */` внутри `<script>`.
**[CORE CONTRACTS]:**
- `@PURPOSE:` Суть функции/компонента.
- `@PRE:` Условия запуска (в коде реализуются через `if/raise` или guards, НЕ через `assert`).
- `@POST:` Гарантии на выходе.
- `@SIDE_EFFECT:` Мутации состояния, I/O, сеть.
- `@DATA_CONTRACT:` Ссылка на DTO (Input -> Model, Output -> Model).
**Базовые Теги:**
@PURPOSE: Суть (High Entropy).
@PRE: Входные условия.
@POST: Гарантии выхода.
@SIDE_EFFECT: Мутации, IO.
@DATA_CONTRACT: Ссылка на DTO/Pydantic модель. Заменяет ручное описание @PARAM. Формат: Input -> [Model], Output -> [Model].
**UX Теги (Svelte/Frontend):**
**@UX_STATE:** `[StateName] -> Визуальное поведение` (Idle, Loading, Error).
**@UX_FEEDBACK:** Реакция системы (Toast, Shake, Red Border).
**@UX_RECOVERY:** Механизм исправления ошибки пользователем (Retry, Clear Input).
**@UX_REATIVITY:** Явное указание использования рун. Формат: State: $state, Derived: $derived. Никаких устаревших export let.
**UX Testing Tags (для Tester Agent):**
**@UX_TEST:** Спецификация теста для UX состояния.
Формат: `@UX_TEST: [state] -> {action, expected}`
Пример: `@UX_TEST: Idle -> {click: toggle, expected: isExpanded=true}`
Правило: Не используй `assert` в коде, используй `if/raise` или `guards`.
**[UX CONTRACTS (Svelte 5+)]:**
- `@UX_STATE: [StateName] -> [Поведение]` (Idle, Loading, Error, Success).
- `@UX_FEEDBACK:` Реакция системы (Toast, Shake, RedBorder).
- `@UX_RECOVERY:` Путь восстановления после сбоя (Retry, ClearInput).
- `@UX_REACTIVITY:` Явный биндинг. *ЗАПРЕТ НА `$:` и `export let`. ТОЛЬКО Руны: `$state`, `$derived`, `$effect`, `$props`.*
#### V. АДАПТАЦИЯ (TIERS)
Определяется тегом `@TIER` в Header.
**[TEST CONTRACTS (Для AI-Auditor)]:**
- `@TEST_CONTRACT: [Input] -> [Output]`
- `@TEST_SCENARIO: [Название] -> [Ожидание]`
- `@TEST_FIXTURE: [Название] -> file:[path] | INLINE_JSON`
- `@TEST_EDGE: [Название] ->[Сбой]` (Минимум 3: missing_field, invalid_type, external_fail).
- `@TEST_INVARIANT: [Имя] -> VERIFIED_BY: [scenario_1, ...]`
### V. УРОВНИ СТРОГОСТИ (TIERS)
Степень контроля задается тегом `@TIER` в Header.
## V. УРОВНИ СТРОГОСТИ (TIERS)
Степень контроля задается в Header.
- **CRITICAL** (Ядро/Деньги/Безопасность): 100% покрытие тегами GRACE. Обязательны: Граф, Инварианты, Логи `logger.reason/reflect`, все `@UX` и `@TEST` теги. Использование `belief_scope` строго обязательно.
- **STANDARD** (Бизнес-логика / Типовые формы): Базовый уровень. Обязательны: `@PURPOSE`, `@UX_STATE`, `@RELATION`, базовое логирование.
- **TRIVIAL** (Утилиты / DTO / Атомы UI): Минимальный каркас. Только якоря `[DEF]...[/DEF]` и `@PURPOSE`.
**1. CRITICAL** (Ядро / Безопасность / Сложный UI)
- **Закон:** Полный GRACE. Граф, Инварианты, Строгий Лог, все `@UX` теги.
- **Догма Тестирования:** Тесты рождаются из контракта. Голый код без данных — слеп.
- `@TEST_CONTRACT: InputType -> OutputType`. (Строгий интерфейс).
- `@TEST_SCENARIO: name -> Ожидаемое поведение`. (Суть теста).
- `@TEST_FIXTURE: name -> file:PATH | INLINE_JSON`. (Данные для Happy Path).
- `@TEST_EDGE: name -> Описание сбоя`. (Минимум 3 границы).
- *Базовый предел:* `missing_field`, `empty_response`, `invalid_type`, `external_fail`.
- `@TEST_INVARIANT: inv_name -> VERIFIED_BY: [scenario_1, ...]`. (Смыкание логики).
- **Исполнение:** Tester Agent обязан строить проверки строго по этим тегам.
## VI. ПРОТОКОЛ ЛОГИРОВАНИЯ (THREAD-LOCAL BELIEF STATE)
Логирование — это механизм трассировки рассуждений ИИ (CoT) и управления Attention Energy. Архитектура использует Thread-local storage (`_belief_state`), поэтому `ID` прокидывается автоматически.
**2. STANDARD** (Бизнес-логика / Формы)
- **Закон:** База. (`@PURPOSE`, `@UX_STATE`, Лог, `@RELATION`).
- **Исключение:** Для сложных форм внедряй `@TEST_SCENARIO` и `@TEST_INVARIANT`.
**[PYTHON CORE TOOLS]:**
Импорт: `from ...logger import logger, belief_scope, believed`
1. **Декоратор:** `@believed("ID")` — автоматический трекинг функции.
2. **Контекст:** `with belief_scope("ID"):` — очерчивает локальный предел мысли. НЕ возвращает context, используется просто как `with`.
3. **Вызов логера:** Осуществляется через глобальный импортированный `logger`. Дополнительные данные передавать через `extra={...}`.
**3. TRIVIAL** (DTO / Атомы UI / Утилиты)
- **Закон:** Каркас. Только якорь `[DEF]` и `@PURPOSE`. Данные и графы не требуются.
**[СЕМАНТИЧЕСКИЕ МЕТОДЫ (MONKEY-PATCHED)]:**
*(Маркеры вроде `[REASON]` и `[ID]` подставляются автоматически форматтером. Не пиши их в тексте!)*
1. **`logger.explore(msg, extra={...})`** (Поиск/Ветвление): Применяется при фолбэках, `except`, проверке гипотез. Эмитирует WARNING.
*Пример:* `logger.explore("Insufficient funds", extra={"balance": bal})`
2. **`logger.reason(msg, extra={...})`** (Дедукция): Применяется при прохождении guards и выполнении шагов контракта. Эмитирует INFO.
*Пример:* `logger.reason("Initiating transfer")`
3. **`logger.reflect(msg, extra={...})`** (Самопроверка): Применяется для сверки результата с `@POST` перед `return`. Эмитирует DEBUG.
*Пример:* `logger.reflect("Transfer committed", extra={"tx_id": tx_id})`
#### VI. ЛОГИРОВАНИЕ (ДАО МОЛЕКУЛЫ / MOLECULAR TOPOLOGY)
Цель: Трассировка. Самокоррекция. Управление Матрицей Внимания ("Химия мышления").
Лог — не текст. Лог — реагент. Мысль облекается в форму через префиксы связи (Attention Energy):
*(Для Frontend/Svelte использовать ручной префикс: `console.info("[ID][REFLECT] Text", {data})`)*
1. **[EXPLORE]** (Ван-дер-Ваальс: Рассеяние)
- *Суть:* Поиск во тьме. Сплетение альтернатив. Если один путь закрыт — ищи иной.
- *Время:* Фаза КАРКАС или столкновение с Неизведанным.
- *Деяние:* `logger.explore("Основной API пал. Стучусь в запасной...")`
## VII. АЛГОРИТМ ИСПОЛНЕНИЯ И САМОКОРРЕКЦИИ
**[PHASE_1: ANALYSIS]**
Оцени TIER, Layer и UX-требования. При слепоте контекста -> `yield [NEED_CONTEXT: id]`.
**[PHASE_2: SYNTHESIS]**
Сгенерируй каркас из `[DEF]`, Header и Контрактов.
**[PHASE_3: IMPLEMENTATION]**
Напиши код строго по Контракту. Для CRITICAL секций открой `with belief_scope("ID"):` и орошай путь вызовами `logger.reason()` и `logger.reflect()`.
**[PHASE_4: CLOSURE]**
Убедись, что все `[DEF]` закрыты соответствующими `[/DEF]`.
2. **[REASON]** (Ковалентность: Твердость)
- *Суть:* Жесткая нить дедукции. Шаг А неумолимо рождает Шаг Б. Контракт становится Кодом.
- *Время:* Фаза РЕАЛИЗАЦИЯ. Прямота мысли.
- *Деяние:* `logger.reason("Фундамент заложен. БД отвечает.")`
**[EXCEPTION: DETECTIVE MODE]**
Если обнаружено нарушение контракта или ошибка:
1. СТОП-СИГНАЛ: Выведи `[COHERENCE_CHECK_FAILED]`.
2. ГИПОТЕЗА: Сгенерируй вызов `logger.explore("Ошибка в I/O / Состоянии / Зависимости -> Описание")`.
3. ЗАПРОС: Запроси разрешение на изменение контракта.
3. **[REFLECT]** (Водород: Свертывание)
- *Суть:* Взгляд назад. Сверка сущего (@POST) с ожидаемым (@PRE). Защита от бреда.
- *Время:* Преддверие сложной логики и исход из неё.
- *Деяние:* `logger.reflect("Вглядываюсь в кэш: нет ли там искомого?")`
4. **[COHERENCE:OK/FAILED]** (Стабилизация: Истина/Ложь)
- *Суть:* Смыкание молекулы в надежную форму (`OK`) или её распад (`FAILED`).
- *(Свершается незримо через `belief_scope` и печать `@believed`)*
**Орудия Пути (`core.logger`):**
- **Печать функции:** `@believed("ID")` — дабы обернуть функцию в кокон внимания.
- **Таинство контекста:** `with belief_scope("ID"):` — дабы очертить локальный предел.
- **Слова силы:** `logger.explore()`, `logger.reason()`, `logger.reflect()`.
**Незыблемое правило:** Всякому логу системы — тавро `source`. Для Внешенго Мира (Svelte) начертай рунами вручную: `console.log("[ID][REFLECT] Msg")`.
#### VIII. АЛГОРИТМ ГЕНЕРАЦИИ И ВЫХОД ИЗ ТУПИКА
1. АНАЛИЗ. Оцени TIER, слой и UX-требования. Чего не хватает? Запроси `[NEED_CONTEXT: id]`.
2. КАРКАС. Создай `[DEF]`, Header и Контракты.
3. РЕАЛИЗАЦИЯ. Напиши логику, удовлетворяющую Контракту (и UX-состояниям). Орошай путь логами `[REASON]` и `[REFLECT]`.
4. ЗАМЫКАНИЕ. Закрой все `[/DEF]`.
**РЕЖИМ ДЕТЕКТИВА (Если контракт нарушен):**
ЕСЛИ ошибка или противоречие -> СТОП.
1. Выведи `[COHERENCE_CHECK_FAILED]`.
2. Сформулируй гипотезу: `[EXPLORE] Ошибка в I/O, состоянии или зависимости?`
3. Запроси разрешение на изменение контракта или внедрение отладочных логов.
ЕСЛИ ошибка или противоречие -> СТОП. Выведи `[COHERENCE_CHECK_FAILED]`.

2
.dockerignore
View File

@@ -6,8 +6,6 @@
.ai
.specify
.kilocode
.codex
.agent
venv
backend/.venv
backend/.pytest_cache

4
.kilocode/rules/specify-rules.md
View File

@@ -49,8 +49,6 @@ Auto-generated from all feature plans. Last updated: 2025-12-19
- PostgreSQL (конфигурации/метаданные), filesystem (артефакты дистрибутива, отчёты проверки) (020-clean-repo-enterprise)
- Python 3.9+ (backend), Node.js 18+ + SvelteKit (frontend) + FastAPI, SQLAlchemy, Pydantic, existing auth stack (`get_current_user`), existing dashboards route/service, Svelte runes (`$state`, `$derived`, `$effect`), Tailwind CSS, frontend `api` wrapper (024-user-dashboard-filter)
- Existing auth database (`AUTH_DATABASE_URL`) with a dedicated per-user preference entity (024-user-dashboard-filter)
- Python 3.9+ (Backend), Node.js 18+ / Svelte 5.x (Frontend) + FastAPI, SQLAlchemy, APScheduler (Backend) | SvelteKit, Tailwind CSS, existing UI components (Frontend) (026-dashboard-health-windows)
- PostgreSQL / SQLite (existing database for `ValidationRecord` and new `ValidationPolicy`) (026-dashboard-health-windows)
- Python 3.9+ (Backend), Node.js 18+ (Frontend Build) (001-plugin-arch-svelte-ui)
@@ -71,9 +69,9 @@ cd src; pytest; ruff check .
Python 3.9+ (Backend), Node.js 18+ (Frontend Build): Follow standard conventions
## Recent Changes
- 026-dashboard-health-windows: Added Python 3.9+ (Backend), Node.js 18+ / Svelte 5.x (Frontend) + FastAPI, SQLAlchemy, APScheduler (Backend) | SvelteKit, Tailwind CSS, existing UI components (Frontend)
- 024-user-dashboard-filter: Added Python 3.9+ (backend), Node.js 18+ + SvelteKit (frontend) + FastAPI, SQLAlchemy, Pydantic, existing auth stack (`get_current_user`), existing dashboards route/service, Svelte runes (`$state`, `$derived`, `$effect`), Tailwind CSS, frontend `api` wrapper
- 020-clean-repo-enterprise: Added Python 3.9+ (backend scripts/services), Shell (release tooling) + FastAPI stack (existing backend), ConfigManager, TaskManager, файловые утилиты, internal artifact registries
- 001-unify-frontend-style: Added Node.js 18+ runtime, SvelteKit (existing frontend stack) + SvelteKit, Tailwind CSS, existing frontend UI primitives under `frontend/src/lib/components/ui`
<!-- MANUAL ADDITIONS START -->

39
.kilocode/setup-script
View File

@@ -1,39 +0,0 @@
#!/bin/bash
# Kilo Code Worktree Setup Script
# This script runs before the agent starts in a worktree (new sessions only).
#
# Available environment variables:
# WORKTREE_PATH - Absolute path to the worktree directory
# REPO_PATH - Absolute path to the main repository
#
# Example tasks:
# - Copy .env files from main repo
# - Install dependencies
# - Run database migrations
# - Set up local configuration
set -e # Exit on error
echo "Setting up worktree: $WORKTREE_PATH"
# Uncomment and modify as needed:
# Copy environment files
# if [ -f "$REPO_PATH/.env" ]; then
# cp "$REPO_PATH/.env" "$WORKTREE_PATH/.env"
# echo "Copied .env"
# fi
# Install dependencies (Node.js)
# if [ -f "$WORKTREE_PATH/package.json" ]; then
# cd "$WORKTREE_PATH"
# npm install
# fi
# Install dependencies (Python)
# if [ -f "$WORKTREE_PATH/requirements.txt" ]; then
# cd "$WORKTREE_PATH"
# pip install -r requirements.txt
# fi
echo "Setup complete!"

74
.kilocode/workflows/speckit.semantics.md
View File

@@ -1,74 +0,0 @@
---
description: Maintain semantic integrity by generating maps and auditing compliance reports.
---
## User Input
```text
$ARGUMENTS
```
You **MUST** consider the user input before proceeding (if not empty).
## Goal
Ensure the codebase adheres to the semantic standards defined in `.ai/standards/semantics.md`. This involves generating the semantic map, analyzing compliance reports, and identifying critical parsing errors or missing metadata.
## Operating Constraints
1. **ROLE: Orchestrator**: You are responsible for the high-level coordination of semantic maintenance.
2. **STRICT ADHERENCE**: Follow `.ai/standards/semantics.md` for all anchor and tag syntax.
3. **NON-DESTRUCTIVE**: Do not remove existing code logic; only add or update semantic annotations.
4. **TIER AWARENESS**: Prioritize CRITICAL and STANDARD modules for compliance fixes.
5. **NO PSEUDO-CONTRACTS (CRITICAL)**: You are STRICTLY FORBIDDEN from using automated scripts (e.g., Python/Bash/sed) to mechanically inject boilerplate, placeholders, or "pseudo-contracts" (such as `# @PURPOSE: Semantic contract placeholder.` or `# @PRE: Inputs satisfy function contract.`) merely to artificially inflate the compliance score. Every semantic tag, anchor, and contract you add MUST reflect a genuine, deep understanding of the specific code's actual logic and business requirements. Automated "stubbing" of semantics is classified as codebase corruption.
## Execution Steps
### 1. Generate Semantic Map
Run the generator script from the repository root with the agent report option:
```bash
python3 generate_semantic_map.py --agent-report
```
### 2. Analyze Compliance Status
**Parse the JSON output to identify**:
- `global_score`: The overall compliance percentage.
- `critical_parsing_errors_count`: Number of Priority 1 blockers.
- `priority_2_tier1_critical_missing_mandatory_tags_files`: Number of CRITICAL files needing metadata.
- `targets`: Status of key architectural files.
### 3. Audit Critical Issues
Read the latest report and extract:
- **Critical Parsing Errors**: Unclosed anchors or mismatched tags.
- **Low-Score Files**: Files with score < 0.7 or marked with 🔴.
- **Missing Mandatory Tags**: Specifically for CRITICAL tier modules.
### 4. Formulate Remediation Plan
Create a list of files requiring immediate attention:
1. **Priority 1**: Fix all "Critical Parsing Errors" (unclosed anchors).
2. **Priority 2**: Add missing mandatory tags for CRITICAL modules.
3. **Priority 3**: Improve coverage for STANDARD modules.
### 5. Execute Fixes (Optional/Handoff)
If $ARGUMENTS contains "fix" or "apply":
- For each target file, use `read_file` to get context.
- Apply semantic fixes using `apply_diff`, preserving all code logic.
- Re-run `python3 generate_semantic_map.py --agent-report` to verify the fix.
## Output
Provide a summary of the semantic state:
- **Global Score**: [X]%
- **Status**: [PASS/FAIL] (FAIL if any Critical Parsing Errors exist)
- **Top Issues**: List top 3-5 files needing attention.
- **Action Taken**: Summary of maps generated or fixes applied.
## Context
$ARGUMENTS

145
.kilocodemodes
View File

@@ -27,6 +27,22 @@ customModes:
6. DOCUMENTATION: Create test reports in `specs/<feature>/tests/reports/YYYY-MM-DD-report.md`.
7. COVERAGE: Aim for maximum coverage but prioritize CRITICAL and STANDARD tier modules.
8. RUN TESTS: Execute tests using `cd backend && .venv/bin/python3 -m pytest` or `cd frontend && npm run test`.
- slug: semantic
name: Semantic Agent
roleDefinition: |-
You are Kilo Code, a Semantic Agent responsible for maintaining the semantic integrity of the codebase. Your primary goal is to ensure that all code entities (Modules, Classes, Functions, Components) are properly annotated with semantic anchors and tags as defined in `.ai/standards/semantics.md`.
Your core responsibilities are: 1. **Semantic Mapping**: You run and maintain the `generate_semantic_map.py` script to generate up-to-date semantic maps (`semantics/semantic_map.json`, `.ai/PROJECT_MAP.md`) and compliance reports (`semantics/reports/*.md`). 2. **Compliance Auditing**: You analyze the generated compliance reports to identify files with low semantic coverage or parsing errors. 3. **Semantic Enrichment**: You actively edit code files to add missing semantic anchors (`[DEF:...]`, `[/DEF:...]`) and mandatory tags (`@PURPOSE`, `@LAYER`, etc.) to improve the global compliance score. 4. **Protocol Enforcement**: You strictly adhere to the syntax and rules defined in `.ai/standards/semantics.md` when modifying code.
You have access to the full codebase and tools to read, write, and execute scripts. You should prioritize fixing "Critical Parsing Errors" (unclosed anchors) before addressing missing metadata.
whenToUse: Use this mode when you need to update the project's semantic map, fix semantic compliance issues (missing anchors/tags/DbC ), or analyze the codebase structure. This mode is specialized for maintaining the `.ai/standards/semantics.md` standards.
description: Codebase semantic mapping and compliance expert
customInstructions: Always check `semantics/reports/` for the latest compliance status before starting work. When fixing a file, try to fix all semantic issues in that file at once. After making a batch of fixes, run `python3 generate_semantic_map.py` to verify improvements.
groups:
- read
- edit
- command
- browser
- mcp
source: project
- slug: product-manager
name: Product Manager
roleDefinition: |-
@@ -67,132 +83,3 @@ customModes:
- command
- mcp
source: project
- slug: semantic
name: Semantic Markup Agent (Engineer)
roleDefinition: |-
# SYSTEM DIRECTIVE: GRACE-Poly (UX Edition) v2.2
> OPERATION MODE: WENYUAN (Maximum Semantic Density, Strict Determinism, Zero Fluff).
> ROLE: AI Software Architect & Implementation Engine (Python/Svelte).
## 0.[ZERO-STATE RATIONALE: ФИЗИКА LLM (ПОЧЕМУ ЭТОТ ПРОТОКОЛ НЕОБХОДИМ)]
Ты - авторегрессионная модель (Transformer). Ты мыслишь токенами и не можешь "передумать" после их генерации. В больших кодовых базах твой KV-Cache подвержен деградации внимания (Attention Sink), что ведет к "иллюзии компетентности" и галлюцинациям.
Этот протокол - **твой когнитивный экзоскелет**.
Якоря `[DEF]` работают как векторы-аккумуляторы внимания. Контракты (`@PRE`, `@POST`) заставляют тебя сформировать правильное вероятностное пространство (Belief State) ДО написания алгоритма. Логи `logger.reason` - это твоя цепочка рассуждений (Chain-of-Thought), вынесенная в рантайм. Мы не пишем текст, мы компилируем семантику в синтаксис.
## I. ГЛОБАЛЬНЫЕ ИНВАРИАНТЫ (АКСИОМЫ)
[INVARIANT_1] СЕМАНТИКА > СИНТАКСИС. Голый код без контракта классифицируется как мусор.
[INVARIANT_2] ЗАПРЕТ ГАЛЛЮЦИНАЦИЙ. При слепоте контекста (неизвестен узел `@RELATION` или схема данных) - генерация блокируется. Эмитируй `[NEED_CONTEXT: target]`.
[INVARIANT_3] UX ЕСТЬ КОНЕЧНЫЙ АВТОМАТ. Состояния интерфейса - это строгий контракт, а не визуальный декор.
[INVARIANT_4] ФРАКТАЛЬНЫЙ ЛИМИТ. Длина модуля строго < 300 строк. При превышении - принудительная декомпозиция.
[INVARIANT_5] НЕПРИКОСНОВЕННОСТЬ ЯКОРЕЙ. Блоки `[DEF]...[/DEF]` используются как аккумуляторы внимания. Закрывающий тег обязателен.
## II. СИНТАКСИС И РАЗМЕТКА (SEMANTIC ANCHORS)
Формат зависит от среды исполнения:
- Python: `#[DEF:id:Type] ... # [/DEF:id:Type]`
- Svelte (HTML/Markup): `<!--[DEF:id:Type] --> ... <!-- [/DEF:id:Type] -->`
- Svelte (Script/JS): `// [DEF:id:Type] ... //[/DEF:id:Type]`
*Допустимые Type: Module, Class, Function, Component, Store, Block.*
**Формат метаданных (ДО имплементации):**
`@KEY: Value` (в Python - `# @KEY`, в TS/JS - `/** @KEY */`, в HTML - `<!-- @KEY -->`).
**Граф Зависимостей (GraphRAG):**
`@RELATION: [PREDICATE] ->[TARGET_ID]`
*Допустимые предикаты:* DEPENDS_ON, CALLS, INHERITS, IMPLEMENTS, DISPATCHES, BINDS_TO.
## III. ТОПОЛОГИЯ ФАЙЛА (СТРОГИЙ ПОРЯДОК)
1. **HEADER (Заголовок):**[DEF:filename:Module]
@TIER: [CRITICAL | STANDARD | TRIVIAL]
@SEMANTICS: [keywords]
@PURPOSE: [Однострочная суть]
@LAYER: [Domain | UI | Infra]
@RELATION: [Зависимости]
@INVARIANT: [Бизнес-правило, которое нельзя нарушить]
2. **BODY (Тело):** Импорты -> Реализация логики внутри вложенных `[DEF]`.
3. **FOOTER (Подвал):** [/DEF:filename:Module]
## IV. КОНТРАКТЫ (DESIGN BY CONTRACT & UX)
Обязательны для TIER: CRITICAL и STANDARD. Заменяют стандартные Docstrings.
**[CORE CONTRACTS]:**
- `@PURPOSE:` Суть функции/компонента.
- `@PRE:` Условия запуска (в коде реализуются через `if/raise` или guards, НЕ через `assert`).
- `@POST:` Гарантии на выходе.
- `@SIDE_EFFECT:` Мутации состояния, I/O, сеть.
- `@DATA_CONTRACT:` Ссылка на DTO (Input -> Model, Output -> Model).
**[UX CONTRACTS (Svelte 5+)]:**
- `@UX_STATE: [StateName] -> [Поведение]` (Idle, Loading, Error, Success).
- `@UX_FEEDBACK:` Реакция системы (Toast, Shake, RedBorder).
- `@UX_RECOVERY:` Путь восстановления после сбоя (Retry, ClearInput).
- `@UX_REACTIVITY:` Явный биндинг. *ЗАПРЕТ НА `$:` и `export let`. ТОЛЬКО Руны: `$state`, `$derived`, `$effect`, `$props`.*
**[TEST CONTRACTS (Для AI-Auditor)]:**
- `@TEST_CONTRACT: [Input] -> [Output]`
- `@TEST_SCENARIO: [Название] -> [Ожидание]`
- `@TEST_FIXTURE: [Название] -> file:[path] | INLINE_JSON`
- `@TEST_EDGE: [Название] ->[Сбой]` (Минимум 3: missing_field, invalid_type, external_fail).
- `@TEST_INVARIANT: [Имя] -> VERIFIED_BY: [scenario_1, ...]`
## V. УРОВНИ СТРОГОСТИ (TIERS)
Степень контроля задается в Header.
- **CRITICAL** (Ядро/Деньги/Безопасность): 100% покрытие тегами GRACE. Обязательны: Граф, Инварианты, Логи `logger.reason/reflect`, все `@UX` и `@TEST` теги. Использование `belief_scope` строго обязательно.
- **STANDARD** (Бизнес-логика / Типовые формы): Базовый уровень. Обязательны: `@PURPOSE`, `@UX_STATE`, `@RELATION`, базовое логирование.
- **TRIVIAL** (Утилиты / DTO / Атомы UI): Минимальный каркас. Только якоря `[DEF]...[/DEF]` и `@PURPOSE`.
## VI. ПРОТОКОЛ ЛОГИРОВАНИЯ (THREAD-LOCAL BELIEF STATE)
Логирование - это механизм трассировки рассуждений ИИ (CoT) и управления Attention Energy. Архитектура использует Thread-local storage (`_belief_state`), поэтому `ID` прокидывается автоматически.
**[PYTHON CORE TOOLS]:**
Импорт: `from ...logger import logger, belief_scope, believed`
1. **Декоратор:** `@believed("ID")` - автоматический трекинг функции.
2. **Контекст:** `with belief_scope("ID"):` - очерчивает локальный предел мысли. НЕ возвращает context, используется просто как `with`.
3. **Вызов логера:** Осуществляется через глобальный импортированный `logger`. Дополнительные данные передавать через `extra={...}`.
**[СЕМАНТИЧЕСКИЕ МЕТОДЫ (MONKEY-PATCHED)]:**
*(Маркеры вроде `[REASON]` и `[ID]` подставляются автоматически форматтером. Не пиши их в тексте!)*
1. **`logger.explore(msg, extra={...})`** (Поиск/Ветвление): Применяется при фолбэках, `except`, проверке гипотез. Эмитирует WARNING.
*Пример:* `logger.explore("Insufficient funds", extra={"balance": bal})`
2. **`logger.reason(msg, extra={...})`** (Дедукция): Применяется при прохождении guards и выполнении шагов контракта. Эмитирует INFO.
*Пример:* `logger.reason("Initiating transfer")`
3. **`logger.reflect(msg, extra={...})`** (Самопроверка): Применяется для сверки результата с `@POST` перед `return`. Эмитирует DEBUG.
*Пример:* `logger.reflect("Transfer committed", extra={"tx_id": tx_id})`
*(Для Frontend/Svelte использовать ручной префикс: `console.info("[ID][REFLECT] Text", {data})`)*
## VII. АЛГОРИТМ ИСПОЛНЕНИЯ И САМОКОРРЕКЦИИ
**[PHASE_1: ANALYSIS]**
Оцени TIER, Layer и UX-требования. При слепоте контекста -> `yield [NEED_CONTEXT: id]`.
**[PHASE_2: SYNTHESIS]**
Сгенерируй каркас из `[DEF]`, Header и Контрактов.
**[PHASE_3: IMPLEMENTATION]**
Напиши код строго по Контракту. Для CRITICAL секций открой `with belief_scope("ID"):` и орошай путь вызовами `logger.reason()` и `logger.reflect()`.
**[PHASE_4: CLOSURE]**
Убедись, что все `[DEF]` закрыты соответствующими `[/DEF]`.
**[EXCEPTION: DETECTIVE MODE]**
Если обнаружено нарушение контракта или ошибка:
1. СТОП-СИГНАЛ: Выведи `[COHERENCE_CHECK_FAILED]`.
2. ГИПОТЕЗА: Сгенерируй вызов `logger.explore("Ошибка в I/O / Состоянии / Зависимости -> Описание")`.
3. ЗАПРОС: Запроси разрешение на изменение контракта.
whenToUse: Use this mode when you need to update the project's semantic map, fix semantic compliance issues (missing anchors/tags/DbC ), or analyze the codebase structure. This mode is specialized for maintaining the `.ai/standards/semantics.md` standards.
description: Codebase semantic mapping and compliance expert
customInstructions: ""
groups:
- read
- edit
- command
- browser
- mcp
source: project
- slug: reviewer-agent-auditor
name: Reviewer Agent (Auditor)
description: Безжалостный инспектор ОТК.
roleDefinition: '*"Ты GRACE Reviewer. Твоя единственная цель — искать нарушения протокола GRACE-Poly. Ты не пишешь код. Ты читаешь код и проверяешь Чек-лист. Если блок `[DEF]` открыт, но нет закрывающего `[/DEF]` — это FATAL ERROR. Если в `CRITICAL` модуле функция не обернута в `belief_scope` — это FATAL ERROR. Выводи только PASS или FAIL со списком строк, где найдена ошибка."*'
groups:
- read
- edit
- browser
- command
- mcp
source: project

45
README.md
View File

@@ -233,50 +233,6 @@ cd /home/busya/dev/ss-tools
Если найден внешний endpoint, выпуск получает статус `BLOCKED` до исправления.
### Docker release для изолированного контура
Текущий `enterprise clean` профиль уже задаёт policy-level ограничения для внутреннего контура. Следующий логичный шаг для релизного процесса — выпускать не только application artifacts, но и готовый Docker bundle для разворота без доступа в интернет.
Целевой состав offline release-пакета:
- `backend` image с уже установленными Python-зависимостями;
- `frontend` image с уже собранным SvelteKit bundle;
- `postgres` image или внутренний pinned base image;
- `docker-compose.enterprise-clean.yml` для запуска в air-gapped окружении;
- `.env.enterprise-clean.example` с обязательными переменными;
- manifest с версиями, sha256 и перечнем образов;
- инструкции по `docker load` / `docker compose up` без обращения к внешним registry.
Рекомендуемый workflow для такого релиза:
```bash
# 1. Собрать образы в подключённом контуре
docker compose -f docker-compose.yml build
# 2. Экспортировать их в tar-архивы
docker save ss-tools-backend:TAG -o dist/docker/backend.TAG.tar
docker save ss-tools-frontend:TAG -o dist/docker/frontend.TAG.tar
# 3. Передать bundle в изолированный контур
# 4. Импортировать образы локально
docker load -i dist/docker/backend.TAG.tar
docker load -i dist/docker/frontend.TAG.tar
# 5. Запустить только локальные образы
docker compose -f docker-compose.enterprise-clean.yml up -d
```
Ограничения для production-grade offline release:
- build не должен тянуть зависимости в изолированном контуре;
- все base images должны быть заранее зеркалированы во внутренний registry или поставляться как tar;
- runtime-конфигурация не должна ссылаться на внешние API/registry/telemetry endpoints;
- clean/compliance manifest должен включать docker image digests как часть evidence package.
Практический план внедрения:
- добавить pinned Docker image tags и отдельный `enterprise-clean` compose profile;
- подготовить `make release-docker-bundle` или shell script для `build -> save -> checksum`;
- включить docker image digests в clean-release manifest;
- добавить smoke-check, что compose-файлы не содержат внешних registry references вне allowlist.
## 📖 Документация
- [Установка и настройка](docs/installation.md)
@@ -372,3 +328,4 @@ cd frontend
npm install
```

189
backend/backend.log Normal file
View File

@@ -0,0 +1,189 @@
INFO: Will watch for changes in these directories: ['/home/user/ss-tools/backend']
INFO: Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)
INFO: Started reloader process [7952] using StatReload
INFO: Started server process [7968]
INFO: Waiting for application startup.
INFO: Application startup complete.
Error loading plugin module backup: No module named 'yaml'
Error loading plugin module migration: No module named 'yaml'
INFO: 127.0.0.1:36934 - "HEAD /docs HTTP/1.1" 200 OK
INFO: 127.0.0.1:55006 - "GET /settings HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:55006 - "GET /settings/ HTTP/1.1" 200 OK
INFO: 127.0.0.1:55010 - "GET /plugins HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:55010 - "GET /plugins/ HTTP/1.1" 200 OK
INFO: 127.0.0.1:55010 - "GET /settings HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:55010 - "GET /settings/ HTTP/1.1" 200 OK
INFO: 127.0.0.1:55010 - "GET /plugins HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:55010 - "GET /plugins/ HTTP/1.1" 200 OK
INFO: 127.0.0.1:55010 - "GET /settings HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:55010 - "GET /settings/ HTTP/1.1" 200 OK
INFO: 127.0.0.1:35508 - "GET /plugins HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:35508 - "GET /plugins/ HTTP/1.1" 200 OK
INFO: 127.0.0.1:49820 - "GET /plugins HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:49820 - "GET /plugins/ HTTP/1.1" 200 OK
INFO: 127.0.0.1:49822 - "GET /settings HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:49822 - "GET /settings/ HTTP/1.1" 200 OK
INFO: 127.0.0.1:49822 - "GET /plugins HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:49822 - "GET /plugins/ HTTP/1.1" 200 OK
INFO: 127.0.0.1:49908 - "GET /settings HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:49908 - "GET /settings/ HTTP/1.1" 200 OK
INFO: 127.0.0.1:49922 - "OPTIONS /settings/environments HTTP/1.1" 200 OK
[2025-12-20 19:14:15,576][INFO][superset_tools_app] [ConfigManager.save_config][Coherence:OK] Configuration saved context={'path': '/home/user/ss-tools/config.json'}
INFO: 127.0.0.1:49922 - "POST /settings/environments HTTP/1.1" 200 OK
INFO: 127.0.0.1:49922 - "GET /settings HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:49922 - "GET /settings/ HTTP/1.1" 200 OK
INFO: 127.0.0.1:49922 - "OPTIONS /settings/environments/7071dab6-881f-49a2-b850-c004b3fc11c0/test HTTP/1.1" 200 OK
INFO: 127.0.0.1:36930 - "POST /settings/environments/7071dab6-881f-49a2-b850-c004b3fc11c0/test HTTP/1.1" 500 Internal Server Error
ERROR: Exception in ASGI application
Traceback (most recent call last):
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/uvicorn/protocols/http/h11_impl.py", line 403, in run_asgi
result = await app( # type: ignore[func-returns-value]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/uvicorn/middleware/proxy_headers.py", line 60, in __call__
return await self.app(scope, receive, send)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/fastapi/applications.py", line 1135, in __call__
await super().__call__(scope, receive, send)
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/starlette/applications.py", line 107, in __call__
await self.middleware_stack(scope, receive, send)
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/starlette/middleware/errors.py", line 186, in __call__
raise exc
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/starlette/middleware/errors.py", line 164, in __call__
await self.app(scope, receive, _send)
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/starlette/middleware/cors.py", line 93, in __call__
await self.simple_response(scope, receive, send, request_headers=headers)
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/starlette/middleware/cors.py", line 144, in simple_response
await self.app(scope, receive, send)
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/starlette/middleware/exceptions.py", line 63, in __call__
await wrap_app_handling_exceptions(self.app, conn)(scope, receive, send)
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app
raise exc
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/starlette/_exception_handler.py", line 42, in wrapped_app
await app(scope, receive, sender)
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/fastapi/middleware/asyncexitstack.py", line 18, in __call__
await self.app(scope, receive, send)
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/starlette/routing.py", line 716, in __call__
await self.middleware_stack(scope, receive, send)
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/starlette/routing.py", line 736, in app
await route.handle(scope, receive, send)
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/starlette/routing.py", line 290, in handle
await self.app(scope, receive, send)
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/fastapi/routing.py", line 118, in app
await wrap_app_handling_exceptions(app, request)(scope, receive, send)
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app
raise exc
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/starlette/_exception_handler.py", line 42, in wrapped_app
await app(scope, receive, sender)
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/fastapi/routing.py", line 104, in app
response = await f(request)
^^^^^^^^^^^^^^^^
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/fastapi/routing.py", line 428, in app
raw_response = await run_endpoint_function(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/user/ss-tools/backend/venv/lib/python3.12/site-packages/fastapi/routing.py", line 314, in run_endpoint_function
return await dependant.call(**values)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/user/ss-tools/backend/src/api/routes/settings.py", line 103, in test_connection
import httpx
ModuleNotFoundError: No module named 'httpx'
INFO: 127.0.0.1:45776 - "POST /settings/environments/7071dab6-881f-49a2-b850-c004b3fc11c0/test HTTP/1.1" 200 OK
INFO: 127.0.0.1:45784 - "GET /plugins HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:45784 - "GET /plugins/ HTTP/1.1" 200 OK
INFO: 127.0.0.1:41628 - "GET /settings HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:41628 - "GET /settings/ HTTP/1.1" 200 OK
INFO: 127.0.0.1:41628 - "GET /plugins HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:41628 - "GET /plugins/ HTTP/1.1" 200 OK
INFO: 127.0.0.1:60184 - "GET /settings HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:60184 - "GET /settings/ HTTP/1.1" 200 OK
INFO: 127.0.0.1:60184 - "GET /plugins HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:60184 - "GET /plugins/ HTTP/1.1" 200 OK
INFO: 127.0.0.1:60184 - "GET /settings HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:60184 - "GET /settings/ HTTP/1.1" 200 OK
WARNING: StatReload detected changes in 'src/core/plugin_loader.py'. Reloading...
INFO: Shutting down
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
INFO: Finished server process [7968]
INFO: Started server process [12178]
INFO: Waiting for application startup.
INFO: Application startup complete.
WARNING: StatReload detected changes in 'src/dependencies.py'. Reloading...
INFO: Shutting down
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
INFO: Finished server process [12178]
INFO: Started server process [12451]
INFO: Waiting for application startup.
INFO: Application startup complete.
Plugin 'Superset Dashboard Backup' (ID: superset-backup) loaded successfully.
Plugin 'Superset Dashboard Migration' (ID: superset-migration) loaded successfully.
INFO: 127.0.0.1:37334 - "GET / HTTP/1.1" 200 OK
INFO: 127.0.0.1:37334 - "GET /favicon.ico HTTP/1.1" 404 Not Found
INFO: 127.0.0.1:39932 - "GET / HTTP/1.1" 200 OK
INFO: 127.0.0.1:39932 - "GET /favicon.ico HTTP/1.1" 404 Not Found
INFO: 127.0.0.1:39932 - "GET / HTTP/1.1" 200 OK
INFO: 127.0.0.1:39932 - "GET / HTTP/1.1" 200 OK
INFO: 127.0.0.1:54900 - "GET /plugins HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:49280 - "GET /plugins HTTP/1.1" 307 Temporary Redirect
INFO: 127.0.0.1:49280 - "GET /plugins/ HTTP/1.1" 200 OK
WARNING: StatReload detected changes in 'src/api/routes/plugins.py'. Reloading...
INFO: Shutting down
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
INFO: Finished server process [12451]
INFO: Started server process [15016]
INFO: Waiting for application startup.
INFO: Application startup complete.
Plugin 'Superset Dashboard Backup' (ID: superset-backup) loaded successfully.
Plugin 'Superset Dashboard Migration' (ID: superset-migration) loaded successfully.
INFO: 127.0.0.1:59340 - "GET /plugins HTTP/1.1" 307 Temporary Redirect
DEBUG: list_plugins called. Found 0 plugins.
INFO: 127.0.0.1:59340 - "GET /plugins/ HTTP/1.1" 200 OK
WARNING: StatReload detected changes in 'src/dependencies.py'. Reloading...
INFO: Shutting down
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
INFO: Finished server process [15016]
INFO: Started server process [15257]
INFO: Waiting for application startup.
INFO: Application startup complete.
Plugin 'Superset Dashboard Backup' (ID: superset-backup) loaded successfully.
Plugin 'Superset Dashboard Migration' (ID: superset-migration) loaded successfully.
DEBUG: dependencies.py initialized. PluginLoader ID: 139922613090976
DEBUG: dependencies.py initialized. PluginLoader ID: 139922627375088
INFO: 127.0.0.1:57464 - "GET /plugins HTTP/1.1" 307 Temporary Redirect
DEBUG: get_plugin_loader called. Returning PluginLoader ID: 139922627375088
DEBUG: list_plugins called. Found 0 plugins.
INFO: 127.0.0.1:57464 - "GET /plugins/ HTTP/1.1" 200 OK
WARNING: StatReload detected changes in 'src/core/plugin_loader.py'. Reloading...
INFO: Shutting down
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
INFO: Finished server process [15257]
INFO: Started server process [15533]
INFO: Waiting for application startup.
INFO: Application startup complete.
DEBUG: Loading plugin backup as src.plugins.backup
Plugin 'Superset Dashboard Backup' (ID: superset-backup) loaded successfully.
DEBUG: Loading plugin migration as src.plugins.migration
Plugin 'Superset Dashboard Migration' (ID: superset-migration) loaded successfully.
DEBUG: dependencies.py initialized. PluginLoader ID: 140371031142384
INFO: 127.0.0.1:46470 - "GET /plugins HTTP/1.1" 307 Temporary Redirect
DEBUG: get_plugin_loader called. Returning PluginLoader ID: 140371031142384
DEBUG: list_plugins called. Found 2 plugins.
DEBUG: Plugin: superset-backup
DEBUG: Plugin: superset-migration
INFO: 127.0.0.1:46470 - "GET /plugins/ HTTP/1.1" 200 OK
WARNING: StatReload detected changes in 'src/api/routes/settings.py'. Reloading...
INFO: Shutting down
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
INFO: Finished server process [15533]
INFO: Started server process [15827]
INFO: Waiting for application startup.
INFO: Application startup complete.
INFO: Shutting down
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
INFO: Finished server process [15827]
INFO: Stopping reloader process [7952]

1
backend/get_full_key.py Normal file
View File

@@ -0,0 +1 @@
{"print(f'Length": {"else": "print('Provider not found')\ndb.close()"}}

BIN
backend/mappings.db Normal file
View File

Binary file not shown.

BIN
backend/migrations.db Normal file
View File

Binary file not shown.

16
backend/pyproject.toml
View File

@@ -1,19 +1,3 @@
[build-system]
requires = ["setuptools>=69", "wheel"]
build-backend = "setuptools.build_meta"
[project]
name = "ss-tools-backend"
version = "0.0.0"
requires-python = ">=3.13"
[tool.setuptools]
include-package-data = true
[tool.setuptools.packages.find]
where = ["."]
include = ["src*"]
[tool.pytest.ini_options]
pythonpath = ["."]
importmode = "importlib"

3
backend/src/__init__.py
View File

@@ -1,3 +0,0 @@
# [DEF:src:Package]
# @PURPOSE: Canonical backend package root for application, scripts, and tests.
# [/DEF:src:Package]

3
backend/src/api/__init__.py
View File

@@ -1,3 +0,0 @@
# [DEF:src.api:Package]
# @PURPOSE: Backend API package root.
# [/DEF:src.api:Package]

4
backend/src/api/routes/__tests__/test_assistant_api.py
View File

@@ -422,7 +422,7 @@ def test_llm_validation_with_dashboard_ref_requires_confirmation():
assert "cancel" in action_types
# [/DEF:test_llm_validation_with_dashboard_ref_requires_confirmation:Function]
# [/DEF:test_llm_validation_missing_dashboard_returns_needs_clarification:Function]
# [DEF:test_list_conversations_groups_by_conversation_and_marks_archived:Function]
@@ -629,7 +629,6 @@ def test_guarded_operation_confirm_roundtrip():
assert second.task_id is not None
# [/DEF:test_guarded_operation_confirm_roundtrip:Function]
# [DEF:test_confirm_nonexistent_id_returns_404:Function]
# @PURPOSE: Confirming a non-existent ID should raise 404.
# @PRE: user tries to confirm a random/fake UUID.
@@ -650,7 +649,6 @@ def test_confirm_nonexistent_id_returns_404():
assert exc.value.status_code == 404
# [/DEF:test_confirm_nonexistent_id_returns_404:Function]
# [DEF:test_migration_with_dry_run_includes_summary:Function]
# @PURPOSE: Migration command with dry run flag must return the dry run summary in confirmation text.
# @PRE: user specifies a migration with --dry-run flag.

2
backend/src/api/routes/__tests__/test_clean_release_api.py
View File

@@ -135,8 +135,6 @@ def test_get_report_success():
finally:
app.dependency_overrides.clear()
# [/DEF:backend.tests.api.routes.test_clean_release_api:Module]
def test_prepare_candidate_api_success():
repo = _repo_with_seed_data()
app.dependency_overrides[get_clean_release_repository] = lambda: repo

5
backend/src/api/routes/__tests__/test_clean_release_source_policy.py
View File

@@ -94,7 +94,4 @@ def test_prepare_candidate_blocks_external_source():
assert data["status"] == "blocked"
assert any(v["category"] == "external-source" for v in data["violations"])
finally:
app.dependency_overrides.clear()
# [/DEF:backend.tests.api.routes.test_clean_release_source_policy:Module]
app.dependency_overrides.clear()

7
backend/src/api/routes/__tests__/test_profile_api.py
View File

@@ -82,7 +82,6 @@ def _build_preference_response(user_id: str = "u-1") -> ProfilePreferenceRespons
superset_username="John_Doe",
superset_username_normalized="john_doe",
show_only_my_dashboards=True,
show_only_slug_dashboards=True,
git_username="ivan.ivanov",
git_email="ivan@company.local",
has_git_personal_access_token=True,
@@ -127,7 +126,6 @@ def test_get_profile_preferences_returns_self_payload(profile_route_deps_fixture
assert payload["preference"]["superset_username_normalized"] == "john_doe"
assert payload["preference"]["git_username"] == "ivan.ivanov"
assert payload["preference"]["git_email"] == "ivan@company.local"
assert payload["preference"]["show_only_slug_dashboards"] is True
assert payload["preference"]["has_git_personal_access_token"] is True
assert payload["preference"]["git_personal_access_token_masked"] == "iv***al"
assert payload["preference"]["start_page"] == "reports"
@@ -155,7 +153,6 @@ def test_patch_profile_preferences_success(profile_route_deps_fixture):
json={
"superset_username": "John_Doe",
"show_only_my_dashboards": True,
"show_only_slug_dashboards": True,
"git_username": "ivan.ivanov",
"git_email": "ivan@company.local",
"git_personal_access_token": "ghp_1234567890",
@@ -170,7 +167,6 @@ def test_patch_profile_preferences_success(profile_route_deps_fixture):
assert payload["status"] == "success"
assert payload["preference"]["superset_username"] == "John_Doe"
assert payload["preference"]["show_only_my_dashboards"] is True
assert payload["preference"]["show_only_slug_dashboards"] is True
assert payload["preference"]["git_username"] == "ivan.ivanov"
assert payload["preference"]["git_email"] == "ivan@company.local"
assert payload["preference"]["start_page"] == "reports"
@@ -183,7 +179,6 @@ def test_patch_profile_preferences_success(profile_route_deps_fixture):
assert called_kwargs["payload"].git_username == "ivan.ivanov"
assert called_kwargs["payload"].git_email == "ivan@company.local"
assert called_kwargs["payload"].git_personal_access_token == "ghp_1234567890"
assert called_kwargs["payload"].show_only_slug_dashboards is True
assert called_kwargs["payload"].start_page == "reports-logs"
assert called_kwargs["payload"].auto_open_task_drawer is False
assert called_kwargs["payload"].dashboards_table_density == "free"
@@ -295,4 +290,4 @@ def test_lookup_superset_accounts_env_not_found(profile_route_deps_fixture):
assert payload["detail"] == "Environment 'missing-env' not found"
# [/DEF:test_lookup_superset_accounts_env_not_found:Function]
# [/DEF:backend.src.api.routes.__tests__.test_profile_api:Module]
# [/DEF:backend.src.api.routes.__tests__.test_profile_api:Module]

62
backend/src/api/routes/assistant.py
View File

@@ -120,7 +120,6 @@ INTENT_PERMISSION_CHECKS: Dict[str, List[Tuple[str, str]]] = {
"run_backup": [("plugin:superset-backup", "EXECUTE"), ("plugin:backup", "EXECUTE")],
"run_llm_validation": [("plugin:llm_dashboard_validation", "EXECUTE")],
"run_llm_documentation": [("plugin:llm_documentation", "EXECUTE")],
"get_health_summary": [("plugin:migration", "READ")],
}
@@ -846,18 +845,6 @@ def _parse_command(message: str, config_manager: ConfigManager) -> Dict[str, Any
"requires_confirmation": False,
}
# Health summary
if any(k in lower for k in ["здоровье", "health", "ошибки", "failing", "проблемы"]):
env_match = _extract_id(lower, [r"(?:в|for|env|окружени[ея])\s+([a-z0-9_-]+)"])
return {
"domain": "health",
"operation": "get_health_summary",
"entities": {"environment": env_match},
"confidence": 0.9,
"risk_level": "safe",
"requires_confirmation": False,
}
# LLM validation
if any(k in lower for k in ["валидац", "validate", "провер"]):
env_match = _extract_id(lower, [r"(?:в|for|env|окружени[ея])\s+([a-z0-9_-]+)"])
@@ -1036,15 +1023,6 @@ def _build_tool_catalog(current_user: User, config_manager: ConfigManager, db: S
"risk_level": "guarded",
"requires_confirmation": False,
},
{
"operation": "get_health_summary",
"domain": "health",
"description": "Get summary of dashboard health and failing validations",
"required_entities": [],
"optional_entities": ["environment"],
"risk_level": "safe",
"requires_confirmation": False,
},
]
available: List[Dict[str, Any]] = []
@@ -1078,7 +1056,7 @@ def _coerce_intent_entities(intent: Dict[str, Any]) -> Dict[str, Any]:
# Operations that are read-only and do not require confirmation.
_SAFE_OPS = {"show_capabilities", "get_task_status", "get_health_summary"}
_SAFE_OPS = {"show_capabilities", "get_task_status"}
# [DEF:_confirmation_summary:Function]
@@ -1173,7 +1151,7 @@ async def _async_confirmation_summary(intent: Dict[str, Any], config_manager: Co
text += f"\n\n(Не удалось загрузить отчет dry-run: {e})."
return f"Выполнить: {text}. Подтвердите или отмените."
# [/DEF:_confirmation_summary:Function]
# [/DEF:_async_confirmation_summary:Function]
# [DEF:_clarification_text_for_intent:Function]
@@ -1345,7 +1323,6 @@ async def _dispatch_intent(
"run_llm_validation": "LLM: валидация дашборда",
"run_llm_documentation": "LLM: генерация документации",
"get_task_status": "Статус: проверка задачи",
"get_health_summary": "Здоровье: сводка по дашбордам",
}
available = [labels[t["operation"]] for t in tools_catalog if t["operation"] in labels]
if not available:
@@ -1358,41 +1335,6 @@ async def _dispatch_intent(
)
return text, None, []
if operation == "get_health_summary":
from ...services.health_service import HealthService
env_token = entities.get("environment")
env_id = _resolve_env_id(env_token, config_manager)
service = HealthService(db)
summary = await service.get_health_summary(environment_id=env_id)
env_name = _get_environment_name_by_id(env_id, config_manager) if env_id else "всех окружений"
text = (
f"Сводка здоровья дашбордов для {env_name}:\n"
f"- ✅ Прошли проверку: {summary.pass_count}\n"
f"- ⚠️ С предупреждениями: {summary.warn_count}\n"
f"- ❌ Ошибки валидации: {summary.fail_count}\n"
f"- ❓ Неизвестно: {summary.unknown_count}"
)
actions = [
AssistantAction(type="open_route", label="Открыть Health Center", target="/dashboards/health")
]
if summary.fail_count > 0:
text += "\n\nОбнаружены ошибки в следующих дашбордах:"
for item in summary.items:
if item.status == "FAIL":
text += f"\n- {item.dashboard_id} ({item.environment_id}): {item.summary or 'Нет деталей'}"
actions.append(
AssistantAction(
type="open_route",
label=f"Отчет {item.dashboard_id}",
target=f"/reports/llm/{item.task_id}"
)
)
return text, None, actions[:5] # Limit actions to avoid UI clutter
if operation == "get_task_status":
_check_any_permission(current_user, [("tasks", "READ")])
task_id = entities.get("task_id")

35
backend/src/api/routes/dashboards.py
View File

@@ -98,9 +98,7 @@ class EffectiveProfileFilter(BaseModel):
source_page: Literal["dashboards_main", "other"] = "dashboards_main"
override_show_all: bool = False
username: Optional[str] = None
match_logic: Optional[
Literal["owners_or_modified_by", "slug_only", "owners_or_modified_by+slug_only"]
] = None
match_logic: Optional[Literal["owners_or_modified_by"]] = None
# [/DEF:EffectiveProfileFilter:DataClass]
# [DEF:DashboardsResponse:DataClass]
@@ -537,7 +535,6 @@ async def get_dashboards(
profile_service = ProfileService(db=db, config_manager=config_manager)
bound_username: Optional[str] = None
can_apply_profile_filter = False
can_apply_slug_filter = False
effective_profile_filter = EffectiveProfileFilter(
applied=False,
source_page=page_context,
@@ -563,27 +560,13 @@ async def get_dashboards(
and bool(getattr(profile_preference, "show_only_my_dashboards", False))
and bool(bound_username)
)
can_apply_slug_filter = (
page_context == "dashboards_main"
and bool(apply_profile_default)
and not bool(override_show_all)
and bool(getattr(profile_preference, "show_only_slug_dashboards", True))
)
profile_match_logic = None
if can_apply_profile_filter and can_apply_slug_filter:
profile_match_logic = "owners_or_modified_by+slug_only"
elif can_apply_profile_filter:
profile_match_logic = "owners_or_modified_by"
elif can_apply_slug_filter:
profile_match_logic = "slug_only"
effective_profile_filter = EffectiveProfileFilter(
applied=bool(can_apply_profile_filter or can_apply_slug_filter),
applied=bool(can_apply_profile_filter),
source_page=page_context,
override_show_all=bool(override_show_all),
username=bound_username if can_apply_profile_filter else None,
match_logic=profile_match_logic,
match_logic="owners_or_modified_by" if can_apply_profile_filter else None,
)
except Exception as profile_error:
logger.explore(
@@ -606,7 +589,7 @@ async def get_dashboards(
actor_filters,
)
)
needs_full_scan = has_column_filters or bool(can_apply_profile_filter) or bool(can_apply_slug_filter)
needs_full_scan = has_column_filters or bool(can_apply_profile_filter)
if isinstance(resource_service, ResourceService) and not needs_full_scan:
try:
@@ -617,7 +600,6 @@ async def get_dashboards(
page_size=page_size,
search=search,
include_git_status=False,
require_slug=bool(can_apply_slug_filter),
)
paginated_dashboards = page_payload["dashboards"]
total = page_payload["total"]
@@ -631,7 +613,6 @@ async def get_dashboards(
env,
all_tasks,
include_git_status=False,
require_slug=bool(can_apply_slug_filter),
)
if search:
@@ -652,7 +633,6 @@ async def get_dashboards(
env,
all_tasks,
include_git_status=bool(git_filters),
require_slug=bool(can_apply_slug_filter),
)
if can_apply_profile_filter and bound_username:
@@ -694,13 +674,6 @@ async def get_dashboards(
)
dashboards = filtered_dashboards
if can_apply_slug_filter:
dashboards = [
dashboard
for dashboard in dashboards
if str(dashboard.get("slug") or "").strip()
]
if search:
search_lower = search.lower()
dashboards = [

31
backend/src/api/routes/health.py
View File

@@ -1,31 +0,0 @@
# [DEF:health_router:Module]
# @TIER: STANDARD
# @SEMANTICS: health, monitoring, dashboards
# @PURPOSE: API endpoints for dashboard health monitoring and status aggregation.
# @LAYER: UI/API
# @RELATION: DEPENDS_ON -> health_service
from fastapi import APIRouter, Depends, Query
from typing import List, Optional
from sqlalchemy.orm import Session
from ...core.database import get_db
from ...services.health_service import HealthService
from ...schemas.health import HealthSummaryResponse
from ...dependencies import has_permission
router = APIRouter(prefix="/api/health", tags=["Health"])
@router.get("/summary", response_model=HealthSummaryResponse)
async def get_health_summary(
environment_id: Optional[str] = Query(None),
db: Session = Depends(get_db),
_ = Depends(has_permission("plugin:migration", "READ"))
):
"""
@PURPOSE: Get aggregated health status for all dashboards.
@POST: Returns HealthSummaryResponse
"""
service = HealthService(db)
return await service.get_health_summary(environment_id=environment_id)
# [/DEF:health_router:Module]

194
backend/src/api/routes/migration.py
View File

@@ -1,23 +1,10 @@
# [DEF:backend.src.api.routes.migration:Module]
# @TIER: CRITICAL
# @SEMANTICS: api, migration, dashboards, sync, dry-run
# @PURPOSE: HTTP contract layer for migration orchestration, settings, dry-run, and mapping sync endpoints.
# @LAYER: Infra
# @RELATION: [DEPENDS_ON] ->[backend.src.dependencies]
# @RELATION: [DEPENDS_ON] ->[backend.src.core.database]
# @RELATION: [DEPENDS_ON] ->[backend.src.core.superset_client]
# @RELATION: [DEPENDS_ON] ->[backend.src.core.migration.dry_run_orchestrator]
# @RELATION: [DEPENDS_ON] ->[backend.src.core.mapping_service]
# @RELATION: [DEPENDS_ON] ->[backend.src.models.dashboard]
# @RELATION: [DEPENDS_ON] ->[backend.src.models.mapping]
# @INVARIANT: Migration endpoints never execute with invalid environment references and always return explicit HTTP errors on guard failures.
# @TEST_CONTRACT: [DashboardSelection + configured envs] -> [task_id | dry-run result | sync summary]
# @TEST_SCENARIO: [invalid_environment] -> [HTTP_400_or_404]
# @TEST_SCENARIO: [valid_execution] -> [success_payload_with_required_fields]
# @TEST_EDGE: [missing_field] ->[HTTP_400]
# @TEST_EDGE: [invalid_type] ->[validation_error]
# @TEST_EDGE: [external_fail] ->[HTTP_500]
# @TEST_INVARIANT: [EnvironmentValidationBeforeAction] -> VERIFIED_BY: [invalid_environment, valid_execution]
# @TIER: STANDARD
# @SEMANTICS: api, migration, dashboards
# @PURPOSE: API endpoints for migration operations.
# @LAYER: API
# @RELATION: DEPENDS_ON -> backend.src.dependencies
# @RELATION: DEPENDS_ON -> backend.src.models.dashboard
from fastapi import APIRouter, Depends, HTTPException, Query
from typing import List, Dict, Any, Optional
@@ -26,7 +13,7 @@ from ...dependencies import get_config_manager, get_task_manager, has_permission
from ...core.database import get_db
from ...models.dashboard import DashboardMetadata, DashboardSelection
from ...core.superset_client import SupersetClient
from ...core.logger import logger, belief_scope
from ...core.logger import belief_scope
from ...core.migration.dry_run_orchestrator import MigrationDryRunService
from ...core.mapping_service import IdMappingService
from ...models.mapping import ResourceMapping
@@ -34,11 +21,11 @@ from ...models.mapping import ResourceMapping
router = APIRouter(prefix="/api", tags=["migration"])
# [DEF:get_dashboards:Function]
# @PURPOSE: Fetch dashboard metadata from a requested environment for migration selection UI.
# @PRE: env_id is provided and exists in configured environments.
# @POST: Returns List[DashboardMetadata] for the resolved environment; emits HTTP_404 when environment is absent.
# @SIDE_EFFECT: Reads environment configuration and performs remote Superset metadata retrieval over network.
# @DATA_CONTRACT: Input[str env_id] -> Output[List[DashboardMetadata]]
# @PURPOSE: Fetch all dashboards from the specified environment for the grid.
# @PRE: Environment ID must be valid.
# @POST: Returns a list of dashboard metadata.
# @PARAM: env_id (str) - The ID of the environment to fetch from.
# @RETURN: List[DashboardMetadata]
@router.get("/environments/{env_id}/dashboards", response_model=List[DashboardMetadata])
async def get_dashboards(
env_id: str,
@@ -46,26 +33,22 @@ async def get_dashboards(
_ = Depends(has_permission("plugin:migration", "EXECUTE"))
):
with belief_scope("get_dashboards", f"env_id={env_id}"):
logger.reason(f"Fetching dashboards for environment: {env_id}")
environments = config_manager.get_environments()
env = next((e for e in environments if e.id == env_id), None)
if not env:
logger.explore(f"Environment {env_id} not found in configuration")
raise HTTPException(status_code=404, detail="Environment not found")
env = next((e for e in environments if e.id == env_id), None)
if not env:
raise HTTPException(status_code=404, detail="Environment not found")
client = SupersetClient(env)
dashboards = client.get_dashboards_summary()
logger.reflect(f"Retrieved {len(dashboards)} dashboards from {env_id}")
return dashboards
client = SupersetClient(env)
dashboards = client.get_dashboards_summary()
return dashboards
# [/DEF:get_dashboards:Function]
# [DEF:execute_migration:Function]
# @PURPOSE: Validate migration selection and enqueue asynchronous migration task execution.
# @PRE: DashboardSelection payload is valid and both source/target environments exist.
# @POST: Returns {"task_id": str, "message": str} when task creation succeeds; emits HTTP_400/HTTP_500 on failure.
# @SIDE_EFFECT: Reads configuration, writes task record through task manager, and writes operational logs.
# @DATA_CONTRACT: Input[DashboardSelection] -> Output[Dict[str, str]]
# @PURPOSE: Execute the migration of selected dashboards.
# @PRE: Selection must be valid and environments must exist.
# @POST: Starts the migration task and returns the task ID.
# @PARAM: selection (DashboardSelection) - The dashboards to migrate.
# @RETURN: Dict - {"task_id": str, "message": str}
@router.post("/migration/execute")
async def execute_migration(
selection: DashboardSelection,
@@ -74,39 +57,38 @@ async def execute_migration(
_ = Depends(has_permission("plugin:migration", "EXECUTE"))
):
with belief_scope("execute_migration"):
logger.reason(f"Initiating migration from {selection.source_env_id} to {selection.target_env_id}")
# Validate environments exist
environments = config_manager.get_environments()
env_ids = {e.id for e in environments}
if selection.source_env_id not in env_ids or selection.target_env_id not in env_ids:
logger.explore("Invalid environment selection", extra={"source": selection.source_env_id, "target": selection.target_env_id})
raise HTTPException(status_code=400, detail="Invalid source or target environment")
env_ids = {e.id for e in environments}
if selection.source_env_id not in env_ids or selection.target_env_id not in env_ids:
raise HTTPException(status_code=400, detail="Invalid source or target environment")
# Include replace_db_config and fix_cross_filters in the task parameters
task_params = selection.dict()
task_params['replace_db_config'] = selection.replace_db_config
task_params['fix_cross_filters'] = selection.fix_cross_filters
logger.reason(f"Creating migration task with {len(selection.selected_ids)} dashboards")
try:
task = await task_manager.create_task("superset-migration", task_params)
logger.reflect(f"Migration task created: {task.id}")
return {"task_id": task.id, "message": "Migration initiated"}
except Exception as e:
logger.explore(f"Task creation failed: {e}")
raise HTTPException(status_code=500, detail=f"Failed to create migration task: {str(e)}")
# Create migration task with debug logging
from ...core.logger import logger
# Include replace_db_config and fix_cross_filters in the task parameters
task_params = selection.dict()
task_params['replace_db_config'] = selection.replace_db_config
task_params['fix_cross_filters'] = selection.fix_cross_filters
logger.info(f"Creating migration task with params: {task_params}")
logger.info(f"Available environments: {env_ids}")
logger.info(f"Source env: {selection.source_env_id}, Target env: {selection.target_env_id}")
try:
task = await task_manager.create_task("superset-migration", task_params)
logger.info(f"Task created successfully: {task.id}")
return {"task_id": task.id, "message": "Migration initiated"}
except Exception as e:
logger.error(f"Task creation failed: {e}")
raise HTTPException(status_code=500, detail=f"Failed to create migration task: {str(e)}")
# [/DEF:execute_migration:Function]
# [DEF:dry_run_migration:Function]
# @PURPOSE: Build pre-flight migration diff and risk summary without mutating target systems.
# @PRE: DashboardSelection is valid, source and target environments exist, differ, and selected_ids is non-empty.
# @POST: Returns deterministic dry-run payload; emits HTTP_400 for guard violations and HTTP_500 for orchestrator value errors.
# @SIDE_EFFECT: Reads local mappings from DB and fetches source/target metadata via Superset API.
# @DATA_CONTRACT: Input[DashboardSelection] -> Output[Dict[str, Any]]
# @PURPOSE: Build pre-flight diff and risk summary without applying migration.
# @PRE: Selection and environments are valid.
# @POST: Returns deterministic JSON diff and risk scoring.
@router.post("/migration/dry-run", response_model=Dict[str, Any])
async def dry_run_migration(
selection: DashboardSelection,
@@ -115,49 +97,33 @@ async def dry_run_migration(
_ = Depends(has_permission("plugin:migration", "EXECUTE"))
):
with belief_scope("dry_run_migration"):
logger.reason(f"Starting dry run: {selection.source_env_id} -> {selection.target_env_id}")
environments = config_manager.get_environments()
env_map = {env.id: env for env in environments}
source_env = env_map.get(selection.source_env_id)
target_env = env_map.get(selection.target_env_id)
if not source_env or not target_env:
logger.explore("Invalid environment selection for dry run")
raise HTTPException(status_code=400, detail="Invalid source or target environment")
if selection.source_env_id == selection.target_env_id:
logger.explore("Source and target environments are identical")
raise HTTPException(status_code=400, detail="Source and target environments must be different")
if not selection.selected_ids:
logger.explore("No dashboards selected for dry run")
raise HTTPException(status_code=400, detail="No dashboards selected for dry run")
env_map = {env.id: env for env in environments}
source_env = env_map.get(selection.source_env_id)
target_env = env_map.get(selection.target_env_id)
if not source_env or not target_env:
raise HTTPException(status_code=400, detail="Invalid source or target environment")
if selection.source_env_id == selection.target_env_id:
raise HTTPException(status_code=400, detail="Source and target environments must be different")
if not selection.selected_ids:
raise HTTPException(status_code=400, detail="No dashboards selected for dry run")
service = MigrationDryRunService()
source_client = SupersetClient(source_env)
target_client = SupersetClient(target_env)
try:
result = service.run(
selection=selection,
source_client=source_client,
target_client=target_client,
db=db,
)
logger.reflect("Dry run analysis complete")
return result
except ValueError as exc:
logger.explore(f"Dry run orchestrator failed: {exc}")
raise HTTPException(status_code=500, detail=str(exc)) from exc
service = MigrationDryRunService()
source_client = SupersetClient(source_env)
target_client = SupersetClient(target_env)
try:
return service.run(
selection=selection,
source_client=source_client,
target_client=target_client,
db=db,
)
except ValueError as exc:
raise HTTPException(status_code=500, detail=str(exc)) from exc
# [/DEF:dry_run_migration:Function]
# [DEF:get_migration_settings:Function]
# @PURPOSE: Read and return configured migration synchronization cron expression.
# @PRE: Configuration store is available and requester has READ permission.
# @POST: Returns {"cron": str} reflecting current persisted settings value.
# @SIDE_EFFECT: Reads configuration from config manager.
# @DATA_CONTRACT: Input[None] -> Output[Dict[str, str]]
# @PURPOSE: Get current migration Cron string explicitly.
@router.get("/migration/settings", response_model=Dict[str, str])
async def get_migration_settings(
config_manager=Depends(get_config_manager),
@@ -170,11 +136,7 @@ async def get_migration_settings(
# [/DEF:get_migration_settings:Function]
# [DEF:update_migration_settings:Function]
# @PURPOSE: Validate and persist migration synchronization cron expression update.
# @PRE: Payload includes "cron" key and requester has WRITE permission.
# @POST: Returns {"cron": str, "status": "updated"} and persists updated cron value.
# @SIDE_EFFECT: Mutates configuration and writes persisted config through config manager.
# @DATA_CONTRACT: Input[Dict[str, str]] -> Output[Dict[str, str]]
# @PURPOSE: Update migration Cron string.
@router.put("/migration/settings", response_model=Dict[str, str])
async def update_migration_settings(
payload: Dict[str, str],
@@ -195,11 +157,7 @@ async def update_migration_settings(
# [/DEF:update_migration_settings:Function]
# [DEF:get_resource_mappings:Function]
# @PURPOSE: Fetch synchronized resource mappings with optional filters and pagination for migration mappings view.
# @PRE: skip>=0, 1<=limit<=500, DB session is active, requester has READ permission.
# @POST: Returns {"items": [...], "total": int} where items reflect applied filters and pagination.
# @SIDE_EFFECT: Executes database read queries against ResourceMapping table.
# @DATA_CONTRACT: Input[QueryParams] -> Output[Dict[str, Any]]
# @PURPOSE: Fetch synchronized object mappings with search, filtering, and pagination.
@router.get("/migration/mappings-data", response_model=Dict[str, Any])
async def get_resource_mappings(
skip: int = Query(0, ge=0),
@@ -245,11 +203,9 @@ async def get_resource_mappings(
# [/DEF:get_resource_mappings:Function]
# [DEF:trigger_sync_now:Function]
# @PURPOSE: Trigger immediate ID synchronization for every configured environment.
# @PRE: At least one environment is configured and requester has EXECUTE permission.
# @POST: Returns sync summary with synced/failed counts after attempting all environments.
# @SIDE_EFFECT: Upserts Environment rows, commits DB transaction, performs network sync calls, and writes logs.
# @DATA_CONTRACT: Input[None] -> Output[Dict[str, Any]]
# @PURPOSE: Triggers an immediate ID synchronization for all environments.
# @PRE: At least one environment must be configured.
# @POST: Environment rows are ensured in DB; sync_environment is called for each.
@router.post("/migration/sync-now", response_model=Dict[str, Any])
async def trigger_sync_now(
config_manager=Depends(get_config_manager),

280
backend/src/api/routes/settings.py
View File

@@ -16,15 +16,10 @@ from pydantic import BaseModel
from ...core.config_models import AppConfig, Environment, GlobalSettings, LoggingConfig
from ...models.storage import StorageConfig
from ...dependencies import get_config_manager, has_permission
from ...core.config_manager import ConfigManager
from ...core.logger import logger, belief_scope
from ...core.superset_client import SupersetClient
from ...services.llm_prompt_templates import normalize_llm_settings
from ...models.llm import ValidationPolicy
from ...models.config import AppConfigRecord
from ...schemas.settings import ValidationPolicyCreate, ValidationPolicyUpdate, ValidationPolicyResponse
from ...core.database import get_db
from sqlalchemy.orm import Session
from ...core.config_manager import ConfigManager
from ...core.logger import logger, belief_scope
from ...core.superset_client import SupersetClient
from ...services.llm_prompt_templates import normalize_llm_settings
# [/SECTION]
# [DEF:LoggingConfigResponse:Class]
@@ -36,38 +31,38 @@ class LoggingConfigResponse(BaseModel):
enable_belief_state: bool
# [/DEF:LoggingConfigResponse:Class]
router = APIRouter()
# [DEF:_normalize_superset_env_url:Function]
# @PURPOSE: Canonicalize Superset environment URL to base host/path without trailing /api/v1.
# @PRE: raw_url can be empty.
# @POST: Returns normalized base URL.
def _normalize_superset_env_url(raw_url: str) -> str:
normalized = str(raw_url or "").strip().rstrip("/")
if normalized.lower().endswith("/api/v1"):
normalized = normalized[:-len("/api/v1")]
return normalized.rstrip("/")
# [/DEF:_normalize_superset_env_url:Function]
# [DEF:_validate_superset_connection_fast:Function]
# @PURPOSE: Run lightweight Superset connectivity validation without full pagination scan.
# @PRE: env contains valid URL and credentials.
# @POST: Raises on auth/API failures; returns None on success.
def _validate_superset_connection_fast(env: Environment) -> None:
client = SupersetClient(env)
# 1) Explicit auth check
client.authenticate()
# 2) Single lightweight API call to ensure read access
client.get_dashboards_page(
query={
"page": 0,
"page_size": 1,
"columns": ["id"],
}
)
# [/DEF:_validate_superset_connection_fast:Function]
router = APIRouter()
# [DEF:_normalize_superset_env_url:Function]
# @PURPOSE: Canonicalize Superset environment URL to base host/path without trailing /api/v1.
# @PRE: raw_url can be empty.
# @POST: Returns normalized base URL.
def _normalize_superset_env_url(raw_url: str) -> str:
normalized = str(raw_url or "").strip().rstrip("/")
if normalized.lower().endswith("/api/v1"):
normalized = normalized[:-len("/api/v1")]
return normalized.rstrip("/")
# [/DEF:_normalize_superset_env_url:Function]
# [DEF:_validate_superset_connection_fast:Function]
# @PURPOSE: Run lightweight Superset connectivity validation without full pagination scan.
# @PRE: env contains valid URL and credentials.
# @POST: Raises on auth/API failures; returns None on success.
def _validate_superset_connection_fast(env: Environment) -> None:
client = SupersetClient(env)
# 1) Explicit auth check
client.authenticate()
# 2) Single lightweight API call to ensure read access
client.get_dashboards_page(
query={
"page": 0,
"page_size": 1,
"columns": ["id"],
}
)
# [/DEF:_validate_superset_connection_fast:Function]
# [DEF:get_settings:Function]
# @PURPOSE: Retrieves all application settings.
@@ -75,14 +70,14 @@ def _validate_superset_connection_fast(env: Environment) -> None:
# @POST: Returns masked AppConfig.
# @RETURN: AppConfig - The current configuration.
@router.get("", response_model=AppConfig)
async def get_settings(
async def get_settings(
config_manager: ConfigManager = Depends(get_config_manager),
_ = Depends(has_permission("admin:settings", "READ"))
):
with belief_scope("get_settings"):
logger.info("[get_settings][Entry] Fetching all settings")
config = config_manager.get_config().copy(deep=True)
config.settings.llm = normalize_llm_settings(config.settings.llm)
config = config_manager.get_config().copy(deep=True)
config.settings.llm = normalize_llm_settings(config.settings.llm)
# Mask passwords
for env in config.environments:
if env.password:
@@ -148,18 +143,18 @@ async def update_storage_settings(
# @PRE: Config manager is available.
# @POST: Returns list of environments.
# @RETURN: List[Environment] - List of environments.
@router.get("/environments", response_model=List[Environment])
async def get_environments(
@router.get("/environments", response_model=List[Environment])
async def get_environments(
config_manager: ConfigManager = Depends(get_config_manager),
_ = Depends(has_permission("admin:settings", "READ"))
):
with belief_scope("get_environments"):
logger.info("[get_environments][Entry] Fetching environments")
environments = config_manager.get_environments()
return [
env.copy(update={"url": _normalize_superset_env_url(env.url)})
for env in environments
]
):
with belief_scope("get_environments"):
logger.info("[get_environments][Entry] Fetching environments")
environments = config_manager.get_environments()
return [
env.copy(update={"url": _normalize_superset_env_url(env.url)})
for env in environments
]
# [/DEF:get_environments:Function]
# [DEF:add_environment:Function]
@@ -169,21 +164,21 @@ async def get_environments(
# @PARAM: env (Environment) - The environment to add.
# @RETURN: Environment - The added environment.
@router.post("/environments", response_model=Environment)
async def add_environment(
env: Environment,
async def add_environment(
env: Environment,
config_manager: ConfigManager = Depends(get_config_manager),
_ = Depends(has_permission("admin:settings", "WRITE"))
):
with belief_scope("add_environment"):
logger.info(f"[add_environment][Entry] Adding environment {env.id}")
env = env.copy(update={"url": _normalize_superset_env_url(env.url)})
):
with belief_scope("add_environment"):
logger.info(f"[add_environment][Entry] Adding environment {env.id}")
env = env.copy(update={"url": _normalize_superset_env_url(env.url)})
# Validate connection before adding (fast path)
try:
_validate_superset_connection_fast(env)
except Exception as e:
logger.error(f"[add_environment][Coherence:Failed] Connection validation failed: {e}")
raise HTTPException(status_code=400, detail=f"Connection validation failed: {e}")
# Validate connection before adding (fast path)
try:
_validate_superset_connection_fast(env)
except Exception as e:
logger.error(f"[add_environment][Coherence:Failed] Connection validation failed: {e}")
raise HTTPException(status_code=400, detail=f"Connection validation failed: {e}")
config_manager.add_environment(env)
return env
@@ -197,29 +192,29 @@ async def add_environment(
# @PARAM: env (Environment) - The updated environment data.
# @RETURN: Environment - The updated environment.
@router.put("/environments/{id}", response_model=Environment)
async def update_environment(
async def update_environment(
id: str,
env: Environment,
config_manager: ConfigManager = Depends(get_config_manager)
):
):
with belief_scope("update_environment"):
logger.info(f"[update_environment][Entry] Updating environment {id}")
env = env.copy(update={"url": _normalize_superset_env_url(env.url)})
# If password is masked, we need the real one for validation
env_to_validate = env.copy(deep=True)
env = env.copy(update={"url": _normalize_superset_env_url(env.url)})
# If password is masked, we need the real one for validation
env_to_validate = env.copy(deep=True)
if env_to_validate.password == "********":
old_env = next((e for e in config_manager.get_environments() if e.id == id), None)
if old_env:
env_to_validate.password = old_env.password
# Validate connection before updating (fast path)
try:
_validate_superset_connection_fast(env_to_validate)
except Exception as e:
logger.error(f"[update_environment][Coherence:Failed] Connection validation failed: {e}")
raise HTTPException(status_code=400, detail=f"Connection validation failed: {e}")
# Validate connection before updating (fast path)
try:
_validate_superset_connection_fast(env_to_validate)
except Exception as e:
logger.error(f"[update_environment][Coherence:Failed] Connection validation failed: {e}")
raise HTTPException(status_code=400, detail=f"Connection validation failed: {e}")
if config_manager.update_environment(id, env):
return env
@@ -249,7 +244,7 @@ async def delete_environment(
# @PARAM: id (str) - The ID of the environment to test.
# @RETURN: dict - Success message or error.
@router.post("/environments/{id}/test")
async def test_environment_connection(
async def test_environment_connection(
id: str,
config_manager: ConfigManager = Depends(get_config_manager)
):
@@ -261,11 +256,11 @@ async def test_environment_connection(
if not env:
raise HTTPException(status_code=404, detail=f"Environment {id} not found")
try:
_validate_superset_connection_fast(env)
logger.info(f"[test_environment_connection][Coherence:OK] Connection successful for {id}")
return {"status": "success", "message": "Connection successful"}
try:
_validate_superset_connection_fast(env)
logger.info(f"[test_environment_connection][Coherence:OK] Connection successful for {id}")
return {"status": "success", "message": "Connection successful"}
except Exception as e:
logger.error(f"[test_environment_connection][Coherence:Failed] Connection failed for {id}: {e}")
return {"status": "error", "message": str(e)}
@@ -318,14 +313,13 @@ async def update_logging_config(
# [/DEF:update_logging_config:Function]
# [DEF:ConsolidatedSettingsResponse:Class]
class ConsolidatedSettingsResponse(BaseModel):
class ConsolidatedSettingsResponse(BaseModel):
environments: List[dict]
connections: List[dict]
llm: dict
llm_providers: List[dict]
logging: dict
storage: dict
notifications: dict = {}
# [/DEF:ConsolidatedSettingsResponse:Class]
# [DEF:get_consolidated_settings:Function]
@@ -334,7 +328,7 @@ class ConsolidatedSettingsResponse(BaseModel):
# @POST: Returns all consolidated settings.
# @RETURN: ConsolidatedSettingsResponse - All settings categories.
@router.get("/consolidated", response_model=ConsolidatedSettingsResponse)
async def get_consolidated_settings(
async def get_consolidated_settings(
config_manager: ConfigManager = Depends(get_config_manager),
_ = Depends(has_permission("admin:settings", "READ"))
):
@@ -346,7 +340,6 @@ async def get_consolidated_settings(
from ...services.llm_provider import LLMProviderService
from ...core.database import SessionLocal
db = SessionLocal()
notifications_payload = {}
try:
llm_service = LLMProviderService(db)
providers = llm_service.get_all_providers()
@@ -361,24 +354,19 @@ async def get_consolidated_settings(
"is_active": p.is_active
} for p in providers
]
config_record = db.query(AppConfigRecord).filter(AppConfigRecord.id == "global").first()
if config_record and isinstance(config_record.payload, dict):
notifications_payload = config_record.payload.get("notifications", {}) or {}
finally:
db.close()
normalized_llm = normalize_llm_settings(config.settings.llm)
return ConsolidatedSettingsResponse(
environments=[env.dict() for env in config.environments],
connections=config.settings.connections,
llm=normalized_llm,
llm_providers=llm_providers_list,
logging=config.settings.logging.dict(),
storage=config.settings.storage.dict(),
notifications=notifications_payload
)
normalized_llm = normalize_llm_settings(config.settings.llm)
return ConsolidatedSettingsResponse(
environments=[env.dict() for env in config.environments],
connections=config.settings.connections,
llm=normalized_llm,
llm_providers=llm_providers_list,
logging=config.settings.logging.dict(),
storage=config.settings.storage.dict()
)
# [/DEF:get_consolidated_settings:Function]
# [DEF:update_consolidated_settings:Function]
@@ -401,9 +389,9 @@ async def update_consolidated_settings(
if "connections" in settings_patch:
current_settings.connections = settings_patch["connections"]
# Update LLM if provided
if "llm" in settings_patch:
current_settings.llm = normalize_llm_settings(settings_patch["llm"])
# Update LLM if provided
if "llm" in settings_patch:
current_settings.llm = normalize_llm_settings(settings_patch["llm"])
# Update Logging if provided
if "logging" in settings_patch:
@@ -417,88 +405,8 @@ async def update_consolidated_settings(
raise HTTPException(status_code=400, detail=message)
current_settings.storage = new_storage
if "notifications" in settings_patch:
payload = config_manager.get_payload()
payload["notifications"] = settings_patch["notifications"]
config_manager.save_config(payload)
config_manager.update_global_settings(current_settings)
return {"status": "success", "message": "Settings updated"}
# [/DEF:update_consolidated_settings:Function]
# [DEF:get_validation_policies:Function]
# @PURPOSE: Lists all validation policies.
# @RETURN: List[ValidationPolicyResponse] - List of policies.
@router.get("/automation/policies", response_model=List[ValidationPolicyResponse])
async def get_validation_policies(
db: Session = Depends(get_db),
_ = Depends(has_permission("admin:settings", "READ"))
):
with belief_scope("get_validation_policies"):
return db.query(ValidationPolicy).all()
# [/DEF:get_validation_policies:Function]
# [DEF:create_validation_policy:Function]
# @PURPOSE: Creates a new validation policy.
# @PARAM: policy (ValidationPolicyCreate) - The policy data.
# @RETURN: ValidationPolicyResponse - The created policy.
@router.post("/automation/policies", response_model=ValidationPolicyResponse)
async def create_validation_policy(
policy: ValidationPolicyCreate,
db: Session = Depends(get_db),
_ = Depends(has_permission("admin:settings", "WRITE"))
):
with belief_scope("create_validation_policy"):
db_policy = ValidationPolicy(**policy.dict())
db.add(db_policy)
db.commit()
db.refresh(db_policy)
return db_policy
# [/DEF:create_validation_policy:Function]
# [DEF:update_validation_policy:Function]
# @PURPOSE: Updates an existing validation policy.
# @PARAM: id (str) - The ID of the policy to update.
# @PARAM: policy (ValidationPolicyUpdate) - The updated policy data.
# @RETURN: ValidationPolicyResponse - The updated policy.
@router.patch("/automation/policies/{id}", response_model=ValidationPolicyResponse)
async def update_validation_policy(
id: str,
policy: ValidationPolicyUpdate,
db: Session = Depends(get_db),
_ = Depends(has_permission("admin:settings", "WRITE"))
):
with belief_scope("update_validation_policy"):
db_policy = db.query(ValidationPolicy).filter(ValidationPolicy.id == id).first()
if not db_policy:
raise HTTPException(status_code=404, detail="Policy not found")
update_data = policy.dict(exclude_unset=True)
for key, value in update_data.items():
setattr(db_policy, key, value)
db.commit()
db.refresh(db_policy)
return db_policy
# [/DEF:update_validation_policy:Function]
# [DEF:delete_validation_policy:Function]
# @PURPOSE: Deletes a validation policy.
# @PARAM: id (str) - The ID of the policy to delete.
@router.delete("/automation/policies/{id}")
async def delete_validation_policy(
id: str,
db: Session = Depends(get_db),
_ = Depends(has_permission("admin:settings", "WRITE"))
):
with belief_scope("delete_validation_policy"):
db_policy = db.query(ValidationPolicy).filter(ValidationPolicy.id == id).first()
if not db_policy:
raise HTTPException(status_code=404, detail="Policy not found")
db.delete(db_policy)
db.commit()
return {"message": "Policy deleted"}
# [/DEF:delete_validation_policy:Function]
# [/DEF:SettingsRouter:Module]

3
backend/src/app.py
View File

@@ -21,7 +21,7 @@ import asyncio
from .dependencies import get_task_manager, get_scheduler_service
from .core.utils.network import NetworkError
from .core.logger import logger, belief_scope
from .api.routes import plugins, tasks, settings, environments, mappings, migration, connections, git, storage, admin, llm, dashboards, datasets, reports, assistant, clean_release, clean_release_v2, profile, health
from .api.routes import plugins, tasks, settings, environments, mappings, migration, connections, git, storage, admin, llm, dashboards, datasets, reports, assistant, clean_release, clean_release_v2, profile
from .api import auth
# [DEF:App:Global]
@@ -136,7 +136,6 @@ app.include_router(assistant.router, prefix="/api/assistant", tags=["Assistant"]
app.include_router(clean_release.router)
app.include_router(clean_release_v2.router)
app.include_router(profile.router)
app.include_router(health.router)
# [DEF:api.include_routers:Action]

3
backend/src/core/__init__.py
View File

@@ -1,3 +0,0 @@
# [DEF:src.core:Package]
# @PURPOSE: Backend core services and infrastructure package root.
# [/DEF:src.core:Package]

99
backend/src/core/__tests__/test_throttled_scheduler.py
View File

@@ -1,99 +0,0 @@
import pytest
from datetime import time, date, datetime, timedelta
from src.core.scheduler import ThrottledSchedulerConfigurator
# [DEF:test_throttled_scheduler:Module]
# @TIER: STANDARD
# @PURPOSE: Unit tests for ThrottledSchedulerConfigurator distribution logic.
def test_calculate_schedule_even_distribution():
"""
@TEST_SCENARIO: 3 tasks in a 2-hour window should be spaced 1 hour apart.
"""
start = time(1, 0)
end = time(3, 0)
dashboards = ["d1", "d2", "d3"]
today = date(2024, 1, 1)
schedule = ThrottledSchedulerConfigurator.calculate_schedule(start, end, dashboards, today)
assert len(schedule) == 3
assert schedule[0] == datetime(2024, 1, 1, 1, 0)
assert schedule[1] == datetime(2024, 1, 1, 2, 0)
assert schedule[2] == datetime(2024, 1, 1, 3, 0)
def test_calculate_schedule_midnight_crossing():
"""
@TEST_SCENARIO: Window from 23:00 to 01:00 (next day).
"""
start = time(23, 0)
end = time(1, 0)
dashboards = ["d1", "d2", "d3"]
today = date(2024, 1, 1)
schedule = ThrottledSchedulerConfigurator.calculate_schedule(start, end, dashboards, today)
assert len(schedule) == 3
assert schedule[0] == datetime(2024, 1, 1, 23, 0)
assert schedule[1] == datetime(2024, 1, 2, 0, 0)
assert schedule[2] == datetime(2024, 1, 2, 1, 0)
def test_calculate_schedule_single_task():
"""
@TEST_SCENARIO: Single task should be scheduled at start time.
"""
start = time(1, 0)
end = time(2, 0)
dashboards = ["d1"]
today = date(2024, 1, 1)
schedule = ThrottledSchedulerConfigurator.calculate_schedule(start, end, dashboards, today)
assert len(schedule) == 1
assert schedule[0] == datetime(2024, 1, 1, 1, 0)
def test_calculate_schedule_empty_list():
"""
@TEST_SCENARIO: Empty dashboard list returns empty schedule.
"""
start = time(1, 0)
end = time(2, 0)
dashboards = []
today = date(2024, 1, 1)
schedule = ThrottledSchedulerConfigurator.calculate_schedule(start, end, dashboards, today)
assert schedule == []
def test_calculate_schedule_zero_window():
"""
@TEST_SCENARIO: Window start == end. All tasks at start time.
"""
start = time(1, 0)
end = time(1, 0)
dashboards = ["d1", "d2"]
today = date(2024, 1, 1)
schedule = ThrottledSchedulerConfigurator.calculate_schedule(start, end, dashboards, today)
assert len(schedule) == 2
assert schedule[0] == datetime(2024, 1, 1, 1, 0)
assert schedule[1] == datetime(2024, 1, 1, 1, 0)
def test_calculate_schedule_very_small_window():
"""
@TEST_SCENARIO: Window smaller than number of tasks (in seconds).
"""
start = time(1, 0, 0)
end = time(1, 0, 1) # 1 second window
dashboards = ["d1", "d2", "d3"]
today = date(2024, 1, 1)
schedule = ThrottledSchedulerConfigurator.calculate_schedule(start, end, dashboards, today)
assert len(schedule) == 3
assert schedule[0] == datetime(2024, 1, 1, 1, 0, 0)
assert schedule[1] == datetime(2024, 1, 1, 1, 0, 0, 500000) # 0.5s
assert schedule[2] == datetime(2024, 1, 1, 1, 0, 1)
# [/DEF:test_throttled_scheduler:Module]

3
backend/src/core/auth/__init__.py
View File

@@ -1,3 +0,0 @@
# [DEF:src.core.auth:Package]
# @PURPOSE: Authentication and authorization package root.
# [/DEF:src.core.auth:Package]

178
backend/src/core/auth/repository.py
View File

@@ -1,146 +1,107 @@
# [DEF:backend.src.core.auth.repository:Module]
#
# @TIER: CRITICAL
# @SEMANTICS: auth, repository, database, user, role, permission
# @PURPOSE: Data access layer for authentication and user preference entities.
# @LAYER: Domain
# @RELATION: [DEPENDS_ON] ->[sqlalchemy.orm.Session]
# @RELATION: [DEPENDS_ON] ->[backend.src.models.auth]
# @RELATION: [DEPENDS_ON] ->[backend.src.models.profile]
# @RELATION: [DEPENDS_ON] ->[backend.src.core.logger.belief_scope]
# @INVARIANT: All database read/write operations must execute via the injected SQLAlchemy session boundary.
# @SEMANTICS: auth, repository, database, user, role
# @PURPOSE: Data access layer for authentication-related entities.
# @LAYER: Core
# @RELATION: DEPENDS_ON -> sqlalchemy
# @RELATION: USES -> backend.src.models.auth
#
# @INVARIANT: All database operations must be performed within a session.
# [SECTION: IMPORTS]
from typing import List, Optional
from typing import Optional, List
from sqlalchemy.orm import Session
from ...models.auth import Permission, Role, User
from ...models.auth import User, Role, Permission
from ...models.profile import UserDashboardPreference
from ..logger import belief_scope, logger
from ..logger import belief_scope
# [/SECTION]
# [DEF:AuthRepository:Class]
# @PURPOSE: Encapsulates database operations for authentication-related entities.
# @RELATION: [DEPENDS_ON] ->[sqlalchemy.orm.Session]
# @PURPOSE: Encapsulates database operations for authentication.
class AuthRepository:
# [DEF:__init__:Function]
# @PURPOSE: Bind repository instance to an existing SQLAlchemy session.
# @PRE: db is an initialized sqlalchemy.orm.Session instance.
# @POST: self.db points to the provided session and is used by all repository methods.
# @SIDE_EFFECT: Stores session reference on repository instance state.
# @DATA_CONTRACT: Input[Session] -> Output[None]
# @PURPOSE: Initializes the repository with a database session.
# @PARAM: db (Session) - SQLAlchemy session.
def __init__(self, db: Session):
with belief_scope("AuthRepository.__init__"):
if not isinstance(db, Session):
logger.explore("Invalid session provided to AuthRepository", extra={"type": type(db)})
raise TypeError("db must be an instance of sqlalchemy.orm.Session")
logger.reason("Binding AuthRepository to database session")
self.db = db
logger.reflect("AuthRepository initialized")
self.db = db
# [/DEF:__init__:Function]
# [DEF:get_user_by_username:Function]
# @PURPOSE: Retrieve a user entity by unique username.
# @PRE: username is a non-empty str and self.db is a valid open Session.
# @POST: Returns matching User entity when present, otherwise None.
# @SIDE_EFFECT: Executes read-only SELECT query through active DB session.
# @DATA_CONTRACT: Input[str] -> Output[Optional[User]]
# @PURPOSE: Retrieves a user by their username.
# @PRE: username is a string.
# @POST: Returns User object if found, else None.
# @PARAM: username (str) - The username to search for.
# @RETURN: Optional[User] - The found user or None.
def get_user_by_username(self, username: str) -> Optional[User]:
with belief_scope("AuthRepository.get_user_by_username"):
if not username or not isinstance(username, str):
raise ValueError("username must be a non-empty string")
logger.reason(f"Querying user by username: {username}")
user = self.db.query(User).filter(User.username == username).first()
if user:
logger.reflect(f"User found: {username}")
else:
logger.explore(f"User not found: {username}")
return user
return self.db.query(User).filter(User.username == username).first()
# [/DEF:get_user_by_username:Function]
# [DEF:get_user_by_id:Function]
# @PURPOSE: Retrieve a user entity by identifier.
# @PRE: user_id is a non-empty str and self.db is a valid open Session.
# @POST: Returns matching User entity when present, otherwise None.
# @SIDE_EFFECT: Executes read-only SELECT query through active DB session.
# @DATA_CONTRACT: Input[str] -> Output[Optional[User]]
# @PURPOSE: Retrieves a user by their unique ID.
# @PRE: user_id is a valid UUID string.
# @POST: Returns User object if found, else None.
# @PARAM: user_id (str) - The user's unique identifier.
# @RETURN: Optional[User] - The found user or None.
def get_user_by_id(self, user_id: str) -> Optional[User]:
with belief_scope("AuthRepository.get_user_by_id"):
if not user_id or not isinstance(user_id, str):
raise ValueError("user_id must be a non-empty string")
logger.reason(f"Querying user by ID: {user_id}")
user = self.db.query(User).filter(User.id == user_id).first()
if user:
logger.reflect(f"User found by ID: {user_id}")
else:
logger.explore(f"User not found by ID: {user_id}")
return user
return self.db.query(User).filter(User.id == user_id).first()
# [/DEF:get_user_by_id:Function]
# [DEF:get_role_by_name:Function]
# @PURPOSE: Retrieve a role entity by role name.
# @PRE: name is a non-empty str and self.db is a valid open Session.
# @POST: Returns matching Role entity when present, otherwise None.
# @SIDE_EFFECT: Executes read-only SELECT query through active DB session.
# @DATA_CONTRACT: Input[str] -> Output[Optional[Role]]
# @PURPOSE: Retrieves a role by its name.
# @PRE: name is a string.
# @POST: Returns Role object if found, else None.
# @PARAM: name (str) - The role name to search for.
# @RETURN: Optional[Role] - The found role or None.
def get_role_by_name(self, name: str) -> Optional[Role]:
with belief_scope("AuthRepository.get_role_by_name"):
return self.db.query(Role).filter(Role.name == name).first()
# [/DEF:get_role_by_name:Function]
# [DEF:update_last_login:Function]
# @PURPOSE: Update last_login timestamp for the provided user entity.
# @PRE: user is a managed User instance and self.db is a valid open Session.
# @POST: user.last_login is set to current UTC timestamp and transaction is committed.
# @SIDE_EFFECT: Mutates user entity state and commits database transaction.
# @DATA_CONTRACT: Input[User] -> Output[None]
# @PURPOSE: Updates the last_login timestamp for a user.
# @PRE: user object is a valid User instance.
# @POST: User's last_login is updated in the database.
# @SIDE_EFFECT: Commits the transaction.
# @PARAM: user (User) - The user to update.
def update_last_login(self, user: User):
with belief_scope("AuthRepository.update_last_login"):
if not isinstance(user, User):
raise TypeError("user must be an instance of User")
from datetime import datetime
logger.reason(f"Updating last login for user: {user.username}")
user.last_login = datetime.utcnow()
self.db.add(user)
self.db.commit()
logger.reflect(f"Last login updated and committed for user: {user.username}")
# [/DEF:update_last_login:Function]
# [DEF:get_role_by_id:Function]
# @PURPOSE: Retrieve a role entity by identifier.
# @PRE: role_id is a non-empty str and self.db is a valid open Session.
# @POST: Returns matching Role entity when present, otherwise None.
# @SIDE_EFFECT: Executes read-only SELECT query through active DB session.
# @DATA_CONTRACT: Input[str] -> Output[Optional[Role]]
# @PURPOSE: Retrieves a role by its unique ID.
# @PRE: role_id is a string.
# @POST: Returns Role object if found, else None.
# @PARAM: role_id (str) - The role's unique identifier.
# @RETURN: Optional[Role] - The found role or None.
def get_role_by_id(self, role_id: str) -> Optional[Role]:
with belief_scope("AuthRepository.get_role_by_id"):
return self.db.query(Role).filter(Role.id == role_id).first()
# [/DEF:get_role_by_id:Function]
# [DEF:get_permission_by_id:Function]
# @PURPOSE: Retrieve a permission entity by identifier.
# @PRE: perm_id is a non-empty str and self.db is a valid open Session.
# @POST: Returns matching Permission entity when present, otherwise None.
# @SIDE_EFFECT: Executes read-only SELECT query through active DB session.
# @DATA_CONTRACT: Input[str] -> Output[Optional[Permission]]
# @PURPOSE: Retrieves a permission by its unique ID.
# @PRE: perm_id is a string.
# @POST: Returns Permission object if found, else None.
# @PARAM: perm_id (str) - The permission's unique identifier.
# @RETURN: Optional[Permission] - The found permission or None.
def get_permission_by_id(self, perm_id: str) -> Optional[Permission]:
with belief_scope("AuthRepository.get_permission_by_id"):
return self.db.query(Permission).filter(Permission.id == perm_id).first()
# [/DEF:get_permission_by_id:Function]
# [DEF:get_permission_by_resource_action:Function]
# @PURPOSE: Retrieve a permission entity by resource and action pair.
# @PRE: resource and action are non-empty str values; self.db is a valid open Session.
# @POST: Returns matching Permission entity when present, otherwise None.
# @SIDE_EFFECT: Executes read-only SELECT query through active DB session.
# @DATA_CONTRACT: Input[str, str] -> Output[Optional[Permission]]
# @PURPOSE: Retrieves a permission by resource and action.
# @PRE: resource and action are strings.
# @POST: Returns Permission object if found, else None.
# @PARAM: resource (str) - The resource name.
# @PARAM: action (str) - The action name.
# @RETURN: Optional[Permission] - The found permission or None.
def get_permission_by_resource_action(self, resource: str, action: str) -> Optional[Permission]:
with belief_scope("AuthRepository.get_permission_by_resource_action"):
return self.db.query(Permission).filter(
@@ -150,11 +111,11 @@ class AuthRepository:
# [/DEF:get_permission_by_resource_action:Function]
# [DEF:get_user_dashboard_preference:Function]
# @PURPOSE: Retrieve dashboard preference entity owned by specified user.
# @PRE: user_id is a non-empty str and self.db is a valid open Session.
# @POST: Returns matching UserDashboardPreference entity when present, otherwise None.
# @SIDE_EFFECT: Executes read-only SELECT query through active DB session.
# @DATA_CONTRACT: Input[str] -> Output[Optional[UserDashboardPreference]]
# @PURPOSE: Retrieves dashboard preference by owner user ID.
# @PRE: user_id is a string.
# @POST: Returns UserDashboardPreference if found, else None.
# @PARAM: user_id (str) - Preference owner identifier.
# @RETURN: Optional[UserDashboardPreference] - Found preference or None.
def get_user_dashboard_preference(self, user_id: str) -> Optional[UserDashboardPreference]:
with belief_scope("AuthRepository.get_user_dashboard_preference"):
return (
@@ -165,38 +126,31 @@ class AuthRepository:
# [/DEF:get_user_dashboard_preference:Function]
# [DEF:save_user_dashboard_preference:Function]
# @PURPOSE: Persist dashboard preference entity and return refreshed persistent row.
# @PRE: preference is a valid UserDashboardPreference entity and self.db is a valid open Session.
# @POST: preference is committed to DB, refreshed from DB state, and returned.
# @SIDE_EFFECT: Performs INSERT/UPDATE commit and refresh via active DB session.
# @DATA_CONTRACT: Input[UserDashboardPreference] -> Output[UserDashboardPreference]
# @PURPOSE: Persists dashboard preference entity and returns refreshed row.
# @PRE: preference is a valid UserDashboardPreference entity.
# @POST: Preference is committed and refreshed in database.
# @PARAM: preference (UserDashboardPreference) - Preference entity to persist.
# @RETURN: UserDashboardPreference - Persisted preference row.
def save_user_dashboard_preference(
self,
preference: UserDashboardPreference,
) -> UserDashboardPreference:
with belief_scope("AuthRepository.save_user_dashboard_preference"):
if not isinstance(preference, UserDashboardPreference):
raise TypeError("preference must be an instance of UserDashboardPreference")
logger.reason(f"Saving dashboard preference for user: {preference.user_id}")
self.db.add(preference)
self.db.commit()
self.db.refresh(preference)
logger.reflect(f"Dashboard preference saved and refreshed for user: {preference.user_id}")
return preference
# [/DEF:save_user_dashboard_preference:Function]
# [DEF:list_permissions:Function]
# @PURPOSE: List all permission entities available in storage.
# @PRE: self.db is a valid open Session.
# @POST: Returns list containing all Permission entities visible to the session.
# @SIDE_EFFECT: Executes read-only SELECT query through active DB session.
# @DATA_CONTRACT: Input[None] -> Output[List[Permission]]
# @PURPOSE: Lists all available permissions.
# @POST: Returns a list of all Permission objects.
# @RETURN: List[Permission] - List of permissions.
def list_permissions(self) -> List[Permission]:
with belief_scope("AuthRepository.list_permissions"):
return self.db.query(Permission).all()
# [/DEF:list_permissions:Function]
# [/DEF:AuthRepository:Class]
# [/DEF:backend.src.core.auth.repository:Module]

252
backend/src/core/config_manager.py
View File

@@ -1,17 +1,17 @@
# [DEF:ConfigManagerModule:Module]
#
# @TIER: CRITICAL
# @SEMANTICS: config, manager, persistence, migration, postgresql
# @PURPOSE: Manages application configuration persistence in DB with one-time migration from legacy JSON.
# @LAYER: Domain
# @RELATION: [DEPENDS_ON] ->[ConfigModels]
# @RELATION: [DEPENDS_ON] ->[SessionLocal]
# @RELATION: [DEPENDS_ON] ->[AppConfigRecord]
# @RELATION: [CALLS] ->[logger]
# @RELATION: [CALLS] ->[configure_logger]
# @RELATION: [BINDS_TO] ->[ConfigManager]
# @INVARIANT: Configuration must always be representable by AppConfig and persisted under global record id.
# @TIER: STANDARD
# @SEMANTICS: config, manager, persistence, postgresql
# @PURPOSE: Manages application configuration persisted in database with one-time migration from JSON.
# @LAYER: Core
# @RELATION: DEPENDS_ON -> ConfigModels
# @RELATION: DEPENDS_ON -> AppConfigRecord
# @RELATION: CALLS -> logger
#
# @INVARIANT: Configuration must always be valid according to AppConfig model.
# @PUBLIC_API: ConfigManager
# [SECTION: IMPORTS]
import json
import os
from pathlib import Path
@@ -23,58 +23,47 @@ from .config_models import AppConfig, Environment, GlobalSettings, StorageConfig
from .database import SessionLocal
from ..models.config import AppConfigRecord
from .logger import logger, configure_logger, belief_scope
# [/SECTION]
# [DEF:ConfigManager:Class]
# @TIER: CRITICAL
# @PURPOSE: Handles application configuration load, validation, mutation, and persistence lifecycle.
# @TIER: STANDARD
# @PURPOSE: A class to handle application configuration persistence and management.
class ConfigManager:
# [DEF:__init__:Function]
# @PURPOSE: Initialize manager state from persisted or migrated configuration.
# @PRE: config_path is a non-empty string path.
# @POST: self.config is initialized as AppConfig and logger is configured.
# @SIDE_EFFECT: Reads config sources and updates logging configuration.
# @DATA_CONTRACT: Input(str config_path) -> Output(None; self.config: AppConfig)
# @TIER: STANDARD
# @PURPOSE: Initializes the ConfigManager.
# @PRE: isinstance(config_path, str) and len(config_path) > 0
# @POST: self.config is an instance of AppConfig
# @PARAM: config_path (str) - Path to legacy JSON config (used only for initial migration fallback).
def __init__(self, config_path: str = "config.json"):
with belief_scope("ConfigManager.__init__"):
if not isinstance(config_path, str) or not config_path:
logger.explore("Invalid config_path provided", extra={"path": config_path})
raise ValueError("config_path must be a non-empty string")
with belief_scope("__init__"):
assert isinstance(config_path, str) and config_path, "config_path must be a non-empty string"
logger.reason(f"Initializing ConfigManager with legacy path: {config_path}")
logger.info(f"[ConfigManager][Entry] Initializing with legacy path {config_path}")
self.config_path = Path(config_path)
self.config: AppConfig = self._load_config()
configure_logger(self.config.settings.logging)
if not isinstance(self.config, AppConfig):
logger.explore("Config loading resulted in invalid type", extra={"type": type(self.config)})
raise TypeError("self.config must be an instance of AppConfig")
assert isinstance(self.config, AppConfig), "self.config must be an instance of AppConfig"
logger.reflect("ConfigManager initialization complete")
logger.info("[ConfigManager][Exit] Initialized")
# [/DEF:__init__:Function]
# [DEF:_default_config:Function]
# @PURPOSE: Build default application configuration fallback.
# @PRE: None.
# @POST: Returns valid AppConfig with empty environments and default storage settings.
# @SIDE_EFFECT: None.
# @DATA_CONTRACT: Input(None) -> Output(AppConfig)
# @PURPOSE: Returns default application configuration.
# @RETURN: AppConfig - Default configuration.
def _default_config(self) -> AppConfig:
with belief_scope("_default_config"):
return AppConfig(
environments=[],
settings=GlobalSettings(storage=StorageConfig()),
)
return AppConfig(
environments=[],
settings=GlobalSettings(storage=StorageConfig()),
)
# [/DEF:_default_config:Function]
# [DEF:_load_from_legacy_file:Function]
# @PURPOSE: Load legacy JSON configuration for migration fallback path.
# @PRE: self.config_path is initialized.
# @POST: Returns AppConfig from file payload or safe default.
# @SIDE_EFFECT: Filesystem read and error logging.
# @DATA_CONTRACT: Input(Path self.config_path) -> Output(AppConfig)
# @PURPOSE: Loads legacy configuration from config.json for migration fallback.
# @RETURN: AppConfig - Loaded or default configuration.
def _load_from_legacy_file(self) -> AppConfig:
with belief_scope("_load_from_legacy_file"):
if not self.config_path.exists():
@@ -92,55 +81,47 @@ class ConfigManager:
# [/DEF:_load_from_legacy_file:Function]
# [DEF:_get_record:Function]
# @PURPOSE: Resolve global configuration record from DB.
# @PRE: session is an active SQLAlchemy Session.
# @POST: Returns record when present, otherwise None.
# @SIDE_EFFECT: Database read query.
# @DATA_CONTRACT: Input(Session) -> Output(Optional[AppConfigRecord])
# @PURPOSE: Loads config record from DB.
# @PARAM: session (Session) - DB session.
# @RETURN: Optional[AppConfigRecord] - Existing record or None.
def _get_record(self, session: Session) -> Optional[AppConfigRecord]:
with belief_scope("_get_record"):
return session.query(AppConfigRecord).filter(AppConfigRecord.id == "global").first()
return session.query(AppConfigRecord).filter(AppConfigRecord.id == "global").first()
# [/DEF:_get_record:Function]
# [DEF:_load_config:Function]
# @PURPOSE: Load configuration from DB or perform one-time migration from legacy JSON.
# @PRE: SessionLocal factory is available and AppConfigRecord schema is accessible.
# @POST: Returns valid AppConfig and closes opened DB session.
# @SIDE_EFFECT: Database read/write, possible migration write, logging.
# @DATA_CONTRACT: Input(None) -> Output(AppConfig)
# @PURPOSE: Loads the configuration from DB or performs one-time migration from JSON file.
# @PRE: DB session factory is available.
# @POST: isinstance(return, AppConfig)
# @RETURN: AppConfig - Loaded configuration.
def _load_config(self) -> AppConfig:
with belief_scope("ConfigManager._load_config"):
with belief_scope("_load_config"):
session: Session = SessionLocal()
try:
record = self._get_record(session)
if record and record.payload:
logger.reason("Configuration found in database")
config = AppConfig(**record.payload)
logger.reflect("Database configuration validated")
return config
logger.info("[_load_config][Coherence:OK] Configuration loaded from database")
return AppConfig(**record.payload)
logger.reason("No database config found, initiating legacy migration")
logger.info("[_load_config][Action] No database config found, migrating legacy config")
config = self._load_from_legacy_file()
self._save_config_to_db(config, session=session)
logger.reflect("Legacy configuration migrated to database")
return config
except Exception as e:
logger.explore(f"Error loading config from DB: {e}")
logger.error(f"[_load_config][Coherence:Failed] Error loading config from DB: {e}")
return self._default_config()
finally:
session.close()
# [/DEF:_load_config:Function]
# [DEF:_save_config_to_db:Function]
# @PURPOSE: Persist provided AppConfig into the global DB configuration record.
# @PRE: config is AppConfig; session is either None or an active Session.
# @POST: Global DB record payload equals config.model_dump() when commit succeeds.
# @SIDE_EFFECT: Database insert/update, commit/rollback, logging.
# @DATA_CONTRACT: Input(AppConfig, Optional[Session]) -> Output(None)
# @PURPOSE: Saves the provided configuration object to DB.
# @PRE: isinstance(config, AppConfig)
# @POST: Configuration saved to database.
# @PARAM: config (AppConfig) - The configuration to save.
# @PARAM: session (Optional[Session]) - Existing DB session for transactional reuse.
def _save_config_to_db(self, config: AppConfig, session: Optional[Session] = None):
with belief_scope("ConfigManager._save_config_to_db"):
if not isinstance(config, AppConfig):
raise TypeError("config must be an instance of AppConfig")
with belief_scope("_save_config_to_db"):
assert isinstance(config, AppConfig), "config must be an instance of AppConfig"
owns_session = session is None
db = session or SessionLocal()
@@ -148,17 +129,15 @@ class ConfigManager:
record = self._get_record(db)
payload = config.model_dump()
if record is None:
logger.reason("Creating new global configuration record")
record = AppConfigRecord(id="global", payload=payload)
db.add(record)
else:
logger.reason("Updating existing global configuration record")
record.payload = payload
db.commit()
logger.reflect("Configuration successfully committed to database")
logger.info("[_save_config_to_db][Action] Configuration saved to database")
except Exception as e:
db.rollback()
logger.explore(f"Failed to save configuration: {e}")
logger.error(f"[_save_config_to_db][Coherence:Failed] Failed to save: {e}")
raise
finally:
if owns_session:
@@ -166,51 +145,42 @@ class ConfigManager:
# [/DEF:_save_config_to_db:Function]
# [DEF:save:Function]
# @PURPOSE: Persist current in-memory configuration state.
# @PRE: self.config is initialized.
# @POST: Current self.config is written to DB global record.
# @SIDE_EFFECT: Database write and logging via delegated persistence call.
# @DATA_CONTRACT: Input(None; self.config: AppConfig) -> Output(None)
# @PURPOSE: Saves the current configuration state to DB.
# @PRE: self.config is set.
# @POST: self._save_config_to_db called.
def save(self):
with belief_scope("save"):
self._save_config_to_db(self.config)
# [/DEF:save:Function]
# [DEF:get_config:Function]
# @PURPOSE: Return current in-memory configuration snapshot.
# @PRE: self.config is initialized.
# @POST: Returns AppConfig reference stored in manager.
# @SIDE_EFFECT: None.
# @DATA_CONTRACT: Input(None) -> Output(AppConfig)
# @PURPOSE: Returns the current configuration.
# @RETURN: AppConfig - The current configuration.
def get_config(self) -> AppConfig:
with belief_scope("get_config"):
return self.config
# [/DEF:get_config:Function]
# [DEF:update_global_settings:Function]
# @PURPOSE: Replace global settings and persist the resulting configuration.
# @PRE: settings is GlobalSettings.
# @POST: self.config.settings equals provided settings and DB state is updated.
# @SIDE_EFFECT: Mutates self.config, DB write, logger reconfiguration, logging.
# @DATA_CONTRACT: Input(GlobalSettings) -> Output(None)
# @PURPOSE: Updates the global settings and persists the change.
# @PRE: isinstance(settings, GlobalSettings)
# @POST: self.config.settings updated and saved.
# @PARAM: settings (GlobalSettings) - The new global settings.
def update_global_settings(self, settings: GlobalSettings):
with belief_scope("ConfigManager.update_global_settings"):
if not isinstance(settings, GlobalSettings):
raise TypeError("settings must be an instance of GlobalSettings")
logger.reason("Updating global settings and persisting")
with belief_scope("update_global_settings"):
logger.info("[update_global_settings][Entry] Updating settings")
assert isinstance(settings, GlobalSettings), "settings must be an instance of GlobalSettings"
self.config.settings = settings
self.save()
configure_logger(settings.logging)
logger.reflect("Global settings updated and logger reconfigured")
logger.info("[update_global_settings][Exit] Settings updated")
# [/DEF:update_global_settings:Function]
# [DEF:validate_path:Function]
# @PURPOSE: Validate that path exists and is writable, creating it when absent.
# @PRE: path is a string path candidate.
# @POST: Returns (True, msg) for writable path, else (False, reason).
# @SIDE_EFFECT: Filesystem directory creation attempt and OS permission checks.
# @DATA_CONTRACT: Input(str path) -> Output(tuple[bool, str])
# @PURPOSE: Validates if a path exists and is writable.
# @PARAM: path (str) - The path to validate.
# @RETURN: tuple (bool, str) - (is_valid, message)
def validate_path(self, path: str) -> tuple[bool, str]:
with belief_scope("validate_path"):
p = os.path.abspath(path)
@@ -227,33 +197,25 @@ class ConfigManager:
# [/DEF:validate_path:Function]
# [DEF:get_environments:Function]
# @PURPOSE: Return all configured environments.
# @PRE: self.config is initialized.
# @POST: Returns list of Environment models from current configuration.
# @SIDE_EFFECT: None.
# @DATA_CONTRACT: Input(None) -> Output(List[Environment])
# @PURPOSE: Returns the list of configured environments.
# @RETURN: List[Environment] - List of environments.
def get_environments(self) -> List[Environment]:
with belief_scope("get_environments"):
return self.config.environments
# [/DEF:get_environments:Function]
# [DEF:has_environments:Function]
# @PURPOSE: Check whether at least one environment exists in configuration.
# @PRE: self.config is initialized.
# @POST: Returns True iff environment list length is greater than zero.
# @SIDE_EFFECT: None.
# @DATA_CONTRACT: Input(None) -> Output(bool)
# @PURPOSE: Checks if at least one environment is configured.
# @RETURN: bool - True if at least one environment exists.
def has_environments(self) -> bool:
with belief_scope("has_environments"):
return len(self.config.environments) > 0
# [/DEF:has_environments:Function]
# [DEF:get_environment:Function]
# @PURPOSE: Resolve a configured environment by identifier.
# @PRE: env_id is string identifier.
# @POST: Returns matching Environment when found; otherwise None.
# @SIDE_EFFECT: None.
# @DATA_CONTRACT: Input(str env_id) -> Output(Optional[Environment])
# @PURPOSE: Returns a single environment by ID.
# @PARAM: env_id (str) - The ID of the environment to retrieve.
# @RETURN: Optional[Environment] - The environment with the given ID, or None.
def get_environment(self, env_id: str) -> Optional[Environment]:
with belief_scope("get_environment"):
for env in self.config.environments:
@@ -263,72 +225,60 @@ class ConfigManager:
# [/DEF:get_environment:Function]
# [DEF:add_environment:Function]
# @PURPOSE: Upsert environment by id into configuration and persist.
# @PRE: env is Environment.
# @POST: Configuration contains provided env id with new payload persisted.
# @SIDE_EFFECT: Mutates environment list, DB write, logging.
# @DATA_CONTRACT: Input(Environment) -> Output(None)
# @PURPOSE: Adds a new environment to the configuration.
# @PARAM: env (Environment) - The environment to add.
def add_environment(self, env: Environment):
with belief_scope("ConfigManager.add_environment"):
if not isinstance(env, Environment):
raise TypeError("env must be an instance of Environment")
with belief_scope("add_environment"):
logger.info(f"[add_environment][Entry] Adding environment {env.id}")
assert isinstance(env, Environment), "env must be an instance of Environment"
logger.reason(f"Adding/Updating environment: {env.id}")
self.config.environments = [e for e in self.config.environments if e.id != env.id]
self.config.environments.append(env)
self.save()
logger.reflect(f"Environment {env.id} persisted")
logger.info("[add_environment][Exit] Environment added")
# [/DEF:add_environment:Function]
# [DEF:update_environment:Function]
# @PURPOSE: Update existing environment by id and preserve masked password placeholder behavior.
# @PRE: env_id is non-empty string and updated_env is Environment.
# @POST: Returns True and persists update when target exists; else returns False.
# @SIDE_EFFECT: May mutate environment list, DB write, logging.
# @DATA_CONTRACT: Input(str env_id, Environment updated_env) -> Output(bool)
# @PURPOSE: Updates an existing environment.
# @PARAM: env_id (str) - The ID of the environment to update.
# @PARAM: updated_env (Environment) - The updated environment data.
# @RETURN: bool - True if updated, False otherwise.
def update_environment(self, env_id: str, updated_env: Environment) -> bool:
with belief_scope("ConfigManager.update_environment"):
if not env_id or not isinstance(env_id, str):
raise ValueError("env_id must be a non-empty string")
if not isinstance(updated_env, Environment):
raise TypeError("updated_env must be an instance of Environment")
with belief_scope("update_environment"):
logger.info(f"[update_environment][Entry] Updating {env_id}")
assert env_id and isinstance(env_id, str), "env_id must be a non-empty string"
assert isinstance(updated_env, Environment), "updated_env must be an instance of Environment"
logger.reason(f"Attempting to update environment: {env_id}")
for i, env in enumerate(self.config.environments):
if env.id == env_id:
if updated_env.password == "********":
logger.reason("Preserving existing password for masked update")
updated_env.password = env.password
self.config.environments[i] = updated_env
self.save()
logger.reflect(f"Environment {env_id} updated and saved")
logger.info(f"[update_environment][Coherence:OK] Updated {env_id}")
return True
logger.explore(f"Environment {env_id} not found for update")
logger.warning(f"[update_environment][Coherence:Failed] Environment {env_id} not found")
return False
# [/DEF:update_environment:Function]
# [DEF:delete_environment:Function]
# @PURPOSE: Delete environment by id and persist when deletion occurs.
# @PRE: env_id is non-empty string.
# @POST: Environment is removed when present; otherwise configuration is unchanged.
# @SIDE_EFFECT: May mutate environment list, conditional DB write, logging.
# @DATA_CONTRACT: Input(str env_id) -> Output(None)
# @PURPOSE: Deletes an environment by ID.
# @PARAM: env_id (str) - The ID of the environment to delete.
def delete_environment(self, env_id: str):
with belief_scope("ConfigManager.delete_environment"):
if not env_id or not isinstance(env_id, str):
raise ValueError("env_id must be a non-empty string")
with belief_scope("delete_environment"):
logger.info(f"[delete_environment][Entry] Deleting {env_id}")
assert env_id and isinstance(env_id, str), "env_id must be a non-empty string"
logger.reason(f"Attempting to delete environment: {env_id}")
original_count = len(self.config.environments)
self.config.environments = [e for e in self.config.environments if e.id != env_id]
if len(self.config.environments) < original_count:
self.save()
logger.reflect(f"Environment {env_id} deleted and configuration saved")
logger.info(f"[delete_environment][Action] Deleted {env_id}")
else:
logger.explore(f"Environment {env_id} not found for deletion")
logger.warning(f"[delete_environment][Coherence:Failed] Environment {env_id} not found")
# [/DEF:delete_environment:Function]

89
backend/src/core/database.py
View File

@@ -141,11 +141,6 @@ def _ensure_user_dashboard_preferences_columns(bind_engine):
"ALTER TABLE user_dashboard_preferences "
"ADD COLUMN dashboards_table_density VARCHAR NOT NULL DEFAULT 'comfortable'"
)
if "show_only_slug_dashboards" not in existing_columns:
alter_statements.append(
"ALTER TABLE user_dashboard_preferences "
"ADD COLUMN show_only_slug_dashboards BOOLEAN NOT NULL DEFAULT TRUE"
)
if not alter_statements:
return
@@ -162,88 +157,6 @@ def _ensure_user_dashboard_preferences_columns(bind_engine):
# [/DEF:_ensure_user_dashboard_preferences_columns:Function]
# [DEF:_ensure_user_dashboard_preferences_health_columns:Function]
# @PURPOSE: Applies additive schema upgrades for user_dashboard_preferences table (health fields).
def _ensure_user_dashboard_preferences_health_columns(bind_engine):
with belief_scope("_ensure_user_dashboard_preferences_health_columns"):
table_name = "user_dashboard_preferences"
inspector = inspect(bind_engine)
if table_name not in inspector.get_table_names():
return
existing_columns = {
str(column.get("name") or "").strip()
for column in inspector.get_columns(table_name)
}
alter_statements = []
if "telegram_id" not in existing_columns:
alter_statements.append(
"ALTER TABLE user_dashboard_preferences ADD COLUMN telegram_id VARCHAR"
)
if "email_address" not in existing_columns:
alter_statements.append(
"ALTER TABLE user_dashboard_preferences ADD COLUMN email_address VARCHAR"
)
if "notify_on_fail" not in existing_columns:
alter_statements.append(
"ALTER TABLE user_dashboard_preferences ADD COLUMN notify_on_fail BOOLEAN NOT NULL DEFAULT TRUE"
)
if not alter_statements:
return
try:
with bind_engine.begin() as connection:
for statement in alter_statements:
connection.execute(text(statement))
except Exception as migration_error:
logger.warning(
"[database][EXPLORE] Profile health preference additive migration failed: %s",
migration_error,
)
# [/DEF:_ensure_user_dashboard_preferences_health_columns:Function]
# [DEF:_ensure_llm_validation_results_columns:Function]
# @PURPOSE: Applies additive schema upgrades for llm_validation_results table.
def _ensure_llm_validation_results_columns(bind_engine):
with belief_scope("_ensure_llm_validation_results_columns"):
table_name = "llm_validation_results"
inspector = inspect(bind_engine)
if table_name not in inspector.get_table_names():
return
existing_columns = {
str(column.get("name") or "").strip()
for column in inspector.get_columns(table_name)
}
alter_statements = []
if "task_id" not in existing_columns:
alter_statements.append(
"ALTER TABLE llm_validation_results ADD COLUMN task_id VARCHAR"
)
if "environment_id" not in existing_columns:
alter_statements.append(
"ALTER TABLE llm_validation_results ADD COLUMN environment_id VARCHAR"
)
if not alter_statements:
return
try:
with bind_engine.begin() as connection:
for statement in alter_statements:
connection.execute(text(statement))
except Exception as migration_error:
logger.warning(
"[database][EXPLORE] ValidationRecord additive migration failed: %s",
migration_error,
)
# [/DEF:_ensure_llm_validation_results_columns:Function]
# [DEF:_ensure_git_server_configs_columns:Function]
# @PURPOSE: Applies additive schema upgrades for git_server_configs table.
# @PRE: bind_engine points to application database.
@@ -292,8 +205,6 @@ def init_db():
Base.metadata.create_all(bind=tasks_engine)
Base.metadata.create_all(bind=auth_engine)
_ensure_user_dashboard_preferences_columns(engine)
_ensure_llm_validation_results_columns(engine)
_ensure_user_dashboard_preferences_health_columns(engine)
_ensure_git_server_configs_columns(engine)
# [/DEF:init_db:Function]

2
backend/src/core/logger/__tests__/test_logger.py
View File

@@ -225,7 +225,7 @@ def test_enable_belief_state_flag(caplog):
assert not any("[DisabledFunction][Exit]" in msg for msg in log_messages), "Exit should not be logged when disabled"
# Coherence:OK should still be logged (internal tracking)
assert any("[DisabledFunction][COHERENCE:OK]" in msg for msg in log_messages), "Coherence should still be logged"
# [/DEF:test_enable_belief_state_flag:Function]
# [DEF:test_belief_scope_missing_anchor:Function]

208
backend/src/core/migration/risk_assessor.py
View File

@@ -1,170 +1,118 @@
# [DEF:backend.src.core.migration.risk_assessor:Module]
# @TIER: CRITICAL
# @SEMANTICS: migration, dry_run, risk, scoring, preflight
# @PURPOSE: Compute deterministic migration risk items and aggregate score for dry-run reporting.
# @LAYER: Domain
# @RELATION: [DEPENDS_ON] ->[backend.src.core.superset_client.SupersetClient]
# @RELATION: [DISPATCHES] ->[backend.src.core.migration.dry_run_orchestrator.MigrationDryRunService.run]
# @INVARIANT: Risk scoring must remain bounded to [0,100] and preserve severity-to-weight mapping.
# @TEST_CONTRACT: [source_objects,target_objects,diff,target_client] -> [List[RiskItem]]
# @TEST_SCENARIO: [overwrite_update_objects] -> [medium overwrite_existing risk is emitted for each update diff item]
# @TEST_SCENARIO: [missing_datasource_dataset] -> [high missing_datasource risk is emitted]
# @TEST_SCENARIO: [owner_mismatch_dashboard] -> [low owner_mismatch risk is emitted]
# @TEST_EDGE: [missing_field] -> [object without uuid is ignored by indexer]
# @TEST_EDGE: [invalid_type] -> [non-list owners input normalizes to empty identifiers]
# @TEST_EDGE: [external_fail] -> [target_client get_databases exception propagates to caller]
# @TEST_INVARIANT: [score_upper_bound_100] -> VERIFIED_BY: [severity_weight_aggregation]
# @UX_STATE: [Idle] -> [N/A backend domain module]
# @UX_FEEDBACK: [N/A] -> [No direct UI side effects in this module]
# @UX_RECOVERY: [N/A] -> [Caller-level retry/recovery]
# @UX_REACTIVITY: [N/A] -> [Backend synchronous function contracts]
# @TIER: STANDARD
# @SEMANTICS: migration, dry_run, risk, scoring
# @PURPOSE: Risk evaluation helpers for migration pre-flight reporting.
# @LAYER: Core
# @RELATION: USED_BY -> backend.src.core.migration.dry_run_orchestrator
from typing import Any, Dict, List
from ..logger import logger, belief_scope
from ..superset_client import SupersetClient
# [DEF:index_by_uuid:Function]
# @PURPOSE: Build UUID-index from normalized objects.
# @PRE: Input list items are dict-like payloads potentially containing "uuid".
# @POST: Returns mapping keyed by string uuid; only truthy uuid values are included.
# @SIDE_EFFECT: Emits reasoning/reflective logs only.
# @DATA_CONTRACT: List[Dict[str, Any]] -> Dict[str, Dict[str, Any]]
def index_by_uuid(objects: List[Dict[str, Any]]) -> Dict[str, Dict[str, Any]]:
with belief_scope("risk_assessor.index_by_uuid"):
logger.reason("Building UUID index", extra={"objects_count": len(objects)})
indexed: Dict[str, Dict[str, Any]] = {}
for obj in objects:
uuid = obj.get("uuid")
if uuid:
indexed[str(uuid)] = obj
logger.reflect("UUID index built", extra={"indexed_count": len(indexed)})
return indexed
indexed: Dict[str, Dict[str, Any]] = {}
for obj in objects:
uuid = obj.get("uuid")
if uuid:
indexed[str(uuid)] = obj
return indexed
# [/DEF:index_by_uuid:Function]
# [DEF:extract_owner_identifiers:Function]
# @PURPOSE: Normalize owner payloads for stable comparison.
# @PRE: Owners may be list payload, scalar values, or None.
# @POST: Returns sorted unique owner identifiers as strings.
# @SIDE_EFFECT: Emits reasoning/reflective logs only.
# @DATA_CONTRACT: Any -> List[str]
def extract_owner_identifiers(owners: Any) -> List[str]:
with belief_scope("risk_assessor.extract_owner_identifiers"):
logger.reason("Normalizing owner identifiers")
if not isinstance(owners, list):
logger.reflect("Owners payload is not list; returning empty identifiers")
return []
ids: List[str] = []
for owner in owners:
if isinstance(owner, dict):
if owner.get("username"):
ids.append(str(owner["username"]))
elif owner.get("id") is not None:
ids.append(str(owner["id"]))
elif owner is not None:
ids.append(str(owner))
normalized_ids = sorted(set(ids))
logger.reflect("Owner identifiers normalized", extra={"owner_count": len(normalized_ids)})
return normalized_ids
if not isinstance(owners, list):
return []
ids: List[str] = []
for owner in owners:
if isinstance(owner, dict):
if owner.get("username"):
ids.append(str(owner["username"]))
elif owner.get("id") is not None:
ids.append(str(owner["id"]))
elif owner is not None:
ids.append(str(owner))
return sorted(set(ids))
# [/DEF:extract_owner_identifiers:Function]
# [DEF:build_risks:Function]
# @PURPOSE: Build risk list from computed diffs and target catalog state.
# @PRE: source_objects/target_objects/diff contain dashboards/charts/datasets keys with expected list structures.
# @PRE: target_client is authenticated/usable for database list retrieval.
# @POST: Returns list of deterministic risk items derived from overwrite, missing datasource, reference, and owner mismatch checks.
# @SIDE_EFFECT: Calls target Superset API for databases metadata and emits logs.
# @DATA_CONTRACT: (
# @DATA_CONTRACT: Dict[str, List[Dict[str, Any]]],
# @DATA_CONTRACT: Dict[str, List[Dict[str, Any]]],
# @DATA_CONTRACT: Dict[str, Dict[str, List[Dict[str, Any]]]],
# @DATA_CONTRACT: SupersetClient
# @DATA_CONTRACT: ) -> List[Dict[str, Any]]
def build_risks(
source_objects: Dict[str, List[Dict[str, Any]]],
target_objects: Dict[str, List[Dict[str, Any]]],
diff: Dict[str, Dict[str, List[Dict[str, Any]]]],
target_client: SupersetClient,
) -> List[Dict[str, Any]]:
with belief_scope("risk_assessor.build_risks"):
logger.reason("Building migration risks from diff payload")
risks: List[Dict[str, Any]] = []
for object_type in ("dashboards", "charts", "datasets"):
for item in diff[object_type]["update"]:
risks.append({
"code": "overwrite_existing",
"severity": "medium",
"object_type": object_type[:-1],
"object_uuid": item["uuid"],
"message": f"Object will be updated in target: {item.get('title') or item['uuid']}",
})
risks: List[Dict[str, Any]] = []
for object_type in ("dashboards", "charts", "datasets"):
for item in diff[object_type]["update"]:
risks.append({
"code": "overwrite_existing",
"severity": "medium",
"object_type": object_type[:-1],
"object_uuid": item["uuid"],
"message": f"Object will be updated in target: {item.get('title') or item['uuid']}",
})
target_dataset_uuids = set(index_by_uuid(target_objects["datasets"]).keys())
_, target_databases = target_client.get_databases(query={"columns": ["uuid"]})
target_database_uuids = {str(item.get("uuid")) for item in target_databases if item.get("uuid")}
target_dataset_uuids = set(index_by_uuid(target_objects["datasets"]).keys())
_, target_databases = target_client.get_databases(query={"columns": ["uuid"]})
target_database_uuids = {str(item.get("uuid")) for item in target_databases if item.get("uuid")}
for dataset in source_objects["datasets"]:
db_uuid = dataset.get("database_uuid")
if db_uuid and str(db_uuid) not in target_database_uuids:
risks.append({
"code": "missing_datasource",
"severity": "high",
"object_type": "dataset",
"object_uuid": dataset.get("uuid"),
"message": f"Target datasource is missing for dataset {dataset.get('title') or dataset.get('uuid')}",
})
for dataset in source_objects["datasets"]:
db_uuid = dataset.get("database_uuid")
if db_uuid and str(db_uuid) not in target_database_uuids:
risks.append({
"code": "missing_datasource",
"severity": "high",
"object_type": "dataset",
"object_uuid": dataset.get("uuid"),
"message": f"Target datasource is missing for dataset {dataset.get('title') or dataset.get('uuid')}",
})
for chart in source_objects["charts"]:
ds_uuid = chart.get("dataset_uuid")
if ds_uuid and str(ds_uuid) not in target_dataset_uuids:
risks.append({
"code": "breaking_reference",
"severity": "high",
"object_type": "chart",
"object_uuid": chart.get("uuid"),
"message": f"Chart references dataset not found on target: {ds_uuid}",
})
for chart in source_objects["charts"]:
ds_uuid = chart.get("dataset_uuid")
if ds_uuid and str(ds_uuid) not in target_dataset_uuids:
risks.append({
"code": "breaking_reference",
"severity": "high",
"object_type": "chart",
"object_uuid": chart.get("uuid"),
"message": f"Chart references dataset not found on target: {ds_uuid}",
})
source_dash = index_by_uuid(source_objects["dashboards"])
target_dash = index_by_uuid(target_objects["dashboards"])
for item in diff["dashboards"]["update"]:
source_obj = source_dash.get(item["uuid"])
target_obj = target_dash.get(item["uuid"])
if not source_obj or not target_obj:
continue
source_owners = extract_owner_identifiers(source_obj.get("owners"))
target_owners = extract_owner_identifiers(target_obj.get("owners"))
if source_owners and target_owners and source_owners != target_owners:
risks.append({
"code": "owner_mismatch",
"severity": "low",
"object_type": "dashboard",
"object_uuid": item["uuid"],
"message": f"Owner mismatch for dashboard {item.get('title') or item['uuid']}",
})
logger.reflect("Risk list assembled", extra={"risk_count": len(risks)})
return risks
source_dash = index_by_uuid(source_objects["dashboards"])
target_dash = index_by_uuid(target_objects["dashboards"])
for item in diff["dashboards"]["update"]:
source_obj = source_dash.get(item["uuid"])
target_obj = target_dash.get(item["uuid"])
if not source_obj or not target_obj:
continue
source_owners = extract_owner_identifiers(source_obj.get("owners"))
target_owners = extract_owner_identifiers(target_obj.get("owners"))
if source_owners and target_owners and source_owners != target_owners:
risks.append({
"code": "owner_mismatch",
"severity": "low",
"object_type": "dashboard",
"object_uuid": item["uuid"],
"message": f"Owner mismatch for dashboard {item.get('title') or item['uuid']}",
})
return risks
# [/DEF:build_risks:Function]
# [DEF:score_risks:Function]
# @PURPOSE: Aggregate risk list into score and level.
# @PRE: risk_items contains optional severity fields expected in {high,medium,low} or defaults to low weight.
# @POST: Returns dict with score in [0,100], derived level, and original items.
# @SIDE_EFFECT: Emits reasoning/reflective logs only.
# @DATA_CONTRACT: List[Dict[str, Any]] -> Dict[str, Any]
def score_risks(risk_items: List[Dict[str, Any]]) -> Dict[str, Any]:
with belief_scope("risk_assessor.score_risks"):
logger.reason("Scoring risk items", extra={"risk_items_count": len(risk_items)})
weights = {"high": 25, "medium": 10, "low": 5}
score = min(100, sum(weights.get(item.get("severity", "low"), 5) for item in risk_items))
level = "low" if score < 25 else "medium" if score < 60 else "high"
result = {"score": score, "level": level, "items": risk_items}
logger.reflect("Risk score computed", extra={"score": score, "level": level})
return result
weights = {"high": 25, "medium": 10, "low": 5}
score = min(100, sum(weights.get(item.get("severity", "low"), 5) for item in risk_items))
level = "low" if score < 25 else "medium" if score < 60 else "high"
return {"score": score, "level": level, "items": risk_items}
# [/DEF:score_risks:Function]

177
backend/src/core/migration_engine.py
View File

@@ -1,15 +1,11 @@
# [DEF:backend.src.core.migration_engine:Module]
#
# @TIER: CRITICAL
# @SEMANTICS: migration, engine, zip, yaml, transformation, cross-filter, id-mapping
# @PURPOSE: Transforms Superset export ZIP archives while preserving archive integrity and patching mapped identifiers.
# @LAYER: Domain
# @RELATION: [DEPENDS_ON] ->[src.core.logger]
# @RELATION: [DEPENDS_ON] ->[src.core.mapping_service.IdMappingService]
# @RELATION: [DEPENDS_ON] ->[src.models.mapping.ResourceType]
# @RELATION: [DEPENDS_ON] ->[yaml]
# @SEMANTICS: migration, engine, zip, yaml, transformation
# @PURPOSE: Handles the interception and transformation of Superset asset ZIP archives.
# @LAYER: Core
# @RELATION: DEPENDS_ON -> PyYAML
#
# @INVARIANT: ZIP structure and non-targeted metadata must remain valid after transformation.
# @INVARIANT: ZIP structure must be preserved after transformation.
# [SECTION: IMPORTS]
import zipfile
@@ -30,17 +26,10 @@ from src.models.mapping import ResourceType
class MigrationEngine:
# [DEF:__init__:Function]
# @PURPOSE: Initializes migration orchestration dependencies for ZIP/YAML metadata transformations.
# @PRE: mapping_service is None or implements batch remote ID lookup for ResourceType.CHART.
# @POST: self.mapping_service is assigned and available for optional cross-filter patching flows.
# @SIDE_EFFECT: Mutates in-memory engine state by storing dependency reference.
# @DATA_CONTRACT: Input[Optional[IdMappingService]] -> Output[MigrationEngine]
# @PURPOSE: Initializes the migration engine with optional ID mapping service.
# @PARAM: mapping_service (Optional[IdMappingService]) - Used for resolving target environment integer IDs.
def __init__(self, mapping_service: Optional[IdMappingService] = None):
with belief_scope("MigrationEngine.__init__"):
logger.reason("Initializing MigrationEngine")
self.mapping_service = mapping_service
logger.reflect("MigrationEngine initialized")
self.mapping_service = mapping_service
# [/DEF:__init__:Function]
# [DEF:transform_zip:Function]
@@ -51,24 +40,20 @@ class MigrationEngine:
# @PARAM: strip_databases (bool) - Whether to remove the databases directory from the archive.
# @PARAM: target_env_id (Optional[str]) - Used if fix_cross_filters is True to know which environment map to use.
# @PARAM: fix_cross_filters (bool) - Whether to patch dashboard json_metadata.
# @PRE: zip_path points to a readable ZIP; output_path parent is writable; db_mapping keys/values are UUID strings.
# @POST: Returns True only when extraction, transformation, and packaging complete without exception.
# @SIDE_EFFECT: Reads/writes filesystem archives, creates temporary directory, emits structured logs.
# @DATA_CONTRACT: Input[(str zip_path, str output_path, Dict[str,str] db_mapping, bool strip_databases, Optional[str] target_env_id, bool fix_cross_filters)] -> Output[bool]
# @RETURN: bool - True if successful.
# @PRE: zip_path must point to a valid Superset export archive.
# @POST: Transformed archive is saved to output_path.
# @RETURN: bool - True if successful.
def transform_zip(self, zip_path: str, output_path: str, db_mapping: Dict[str, str], strip_databases: bool = True, target_env_id: Optional[str] = None, fix_cross_filters: bool = False) -> bool:
"""
Transform a Superset export ZIP by replacing database UUIDs and optionally fixing cross-filters.
"""
with belief_scope("MigrationEngine.transform_zip"):
logger.reason(f"Starting ZIP transformation: {zip_path} -> {output_path}")
with tempfile.TemporaryDirectory() as temp_dir_str:
temp_dir = Path(temp_dir_str)
try:
# 1. Extract
logger.reason(f"Extracting source archive to {temp_dir}")
logger.info(f"[MigrationEngine.transform_zip][Action] Extracting ZIP: {zip_path}")
with zipfile.ZipFile(zip_path, 'r') as zf:
zf.extractall(temp_dir)
@@ -76,33 +61,33 @@ class MigrationEngine:
dataset_files = list(temp_dir.glob("**/datasets/**/*.yaml")) + list(temp_dir.glob("**/datasets/*.yaml"))
dataset_files = list(set(dataset_files))
logger.reason(f"Transforming {len(dataset_files)} dataset YAML files")
logger.info(f"[MigrationEngine.transform_zip][State] Found {len(dataset_files)} dataset files.")
for ds_file in dataset_files:
logger.info(f"[MigrationEngine.transform_zip][Action] Transforming dataset: {ds_file}")
self._transform_yaml(ds_file, db_mapping)
# 2.5 Patch Cross-Filters (Dashboards)
if fix_cross_filters:
if self.mapping_service and target_env_id:
dash_files = list(temp_dir.glob("**/dashboards/**/*.yaml")) + list(temp_dir.glob("**/dashboards/*.yaml"))
dash_files = list(set(dash_files))
logger.reason(f"Patching cross-filters for {len(dash_files)} dashboards")
# Gather all source UUID-to-ID mappings from the archive first
source_id_to_uuid_map = self._extract_chart_uuids_from_archive(temp_dir)
for dash_file in dash_files:
self._patch_dashboard_metadata(dash_file, target_env_id, source_id_to_uuid_map)
else:
logger.explore("Cross-filter patching requested but mapping service or target_env_id is missing")
if fix_cross_filters and self.mapping_service and target_env_id:
dash_files = list(temp_dir.glob("**/dashboards/**/*.yaml")) + list(temp_dir.glob("**/dashboards/*.yaml"))
dash_files = list(set(dash_files))
logger.info(f"[MigrationEngine.transform_zip][State] Found {len(dash_files)} dashboard files for patching.")
# Gather all source UUID-to-ID mappings from the archive first
source_id_to_uuid_map = self._extract_chart_uuids_from_archive(temp_dir)
for dash_file in dash_files:
logger.info(f"[MigrationEngine.transform_zip][Action] Patching dashboard: {dash_file}")
self._patch_dashboard_metadata(dash_file, target_env_id, source_id_to_uuid_map)
# 3. Re-package
logger.reason(f"Re-packaging transformed archive (strip_databases={strip_databases})")
logger.info(f"[MigrationEngine.transform_zip][Action] Re-packaging ZIP to: {output_path} (strip_databases={strip_databases})")
with zipfile.ZipFile(output_path, 'w', zipfile.ZIP_DEFLATED) as zf:
for root, dirs, files in os.walk(temp_dir):
rel_root = Path(root).relative_to(temp_dir)
if strip_databases and "databases" in rel_root.parts:
logger.info(f"[MigrationEngine.transform_zip][Action] Skipping file in databases directory: {rel_root}")
continue
for file in files:
@@ -110,10 +95,9 @@ class MigrationEngine:
arcname = file_path.relative_to(temp_dir)
zf.write(file_path, arcname)
logger.reflect("ZIP transformation completed successfully")
return True
except Exception as e:
logger.explore(f"Error transforming ZIP: {e}")
logger.error(f"[MigrationEngine.transform_zip][Coherence:Failed] Error transforming ZIP: {e}")
return False
# [/DEF:transform_zip:Function]
@@ -121,73 +105,54 @@ class MigrationEngine:
# @PURPOSE: Replaces database_uuid in a single YAML file.
# @PARAM: file_path (Path) - Path to the YAML file.
# @PARAM: db_mapping (Dict[str, str]) - UUID mapping dictionary.
# @PRE: file_path exists, is readable YAML, and db_mapping contains source->target UUID pairs.
# @POST: database_uuid is replaced in-place only when source UUID is present in db_mapping.
# @SIDE_EFFECT: Reads and conditionally rewrites YAML file on disk.
# @DATA_CONTRACT: Input[(Path file_path, Dict[str,str] db_mapping)] -> Output[None]
# @PRE: file_path must exist and be readable.
# @POST: File is modified in-place if source UUID matches mapping.
def _transform_yaml(self, file_path: Path, db_mapping: Dict[str, str]):
with belief_scope("MigrationEngine._transform_yaml"):
if not file_path.exists():
logger.explore(f"YAML file not found: {file_path}")
return
with open(file_path, 'r') as f:
data = yaml.safe_load(f)
with open(file_path, 'r') as f:
data = yaml.safe_load(f)
if not data:
return
if not data:
return
source_uuid = data.get('database_uuid')
if source_uuid in db_mapping:
logger.reason(f"Replacing database UUID in {file_path.name}")
data['database_uuid'] = db_mapping[source_uuid]
with open(file_path, 'w') as f:
yaml.dump(data, f)
logger.reflect(f"Database UUID patched in {file_path.name}")
# Superset dataset YAML structure:
# database_uuid: ...
source_uuid = data.get('database_uuid')
if source_uuid in db_mapping:
data['database_uuid'] = db_mapping[source_uuid]
with open(file_path, 'w') as f:
yaml.dump(data, f)
# [/DEF:_transform_yaml:Function]
# [DEF:_extract_chart_uuids_from_archive:Function]
# @PURPOSE: Scans extracted chart YAML files and builds a source chart ID to UUID lookup map.
# @PRE: temp_dir exists and points to extracted archive root with optional chart YAML resources.
# @POST: Returns a best-effort Dict[int, str] containing only parseable chart id/uuid pairs.
# @SIDE_EFFECT: Reads chart YAML files from filesystem; suppresses per-file parsing failures.
# @DATA_CONTRACT: Input[Path] -> Output[Dict[int,str]]
# @PARAM: temp_dir (Path) - Root dir of unpacked archive.
# @PURPOSE: Scans the unpacked ZIP to map local exported integer IDs back to their UUIDs.
# @PARAM: temp_dir (Path) - Root dir of unpacked archive
# @RETURN: Dict[int, str] - Mapping of source Integer ID to UUID.
def _extract_chart_uuids_from_archive(self, temp_dir: Path) -> Dict[int, str]:
with belief_scope("MigrationEngine._extract_chart_uuids_from_archive"):
# Implementation Note: This is a placeholder for the logic that extracts
# actual Source IDs. In a real scenario, this involves parsing chart YAMLs
# or manifesting the export metadata structure where source IDs are stored.
# For simplicity in US1 MVP, we assume it's read from chart files if present.
mapping = {}
chart_files = list(temp_dir.glob("**/charts/**/*.yaml")) + list(temp_dir.glob("**/charts/*.yaml"))
for cf in set(chart_files):
try:
with open(cf, 'r') as f:
cdata = yaml.safe_load(f)
if cdata and 'id' in cdata and 'uuid' in cdata:
mapping[cdata['id']] = cdata['uuid']
except Exception:
pass
return mapping
# Implementation Note: This is a placeholder for the logic that extracts
# actual Source IDs. In a real scenario, this involves parsing chart YAMLs
# or manifesting the export metadata structure where source IDs are stored.
# For simplicity in US1 MVP, we assume it's read from chart files if present.
mapping = {}
chart_files = list(temp_dir.glob("**/charts/**/*.yaml")) + list(temp_dir.glob("**/charts/*.yaml"))
for cf in set(chart_files):
try:
with open(cf, 'r') as f:
cdata = yaml.safe_load(f)
if cdata and 'id' in cdata and 'uuid' in cdata:
mapping[cdata['id']] = cdata['uuid']
except Exception:
pass
return mapping
# [/DEF:_extract_chart_uuids_from_archive:Function]
# [DEF:_patch_dashboard_metadata:Function]
# @PURPOSE: Rewrites dashboard json_metadata chart/dataset integer identifiers using target environment mappings.
# @PRE: file_path points to dashboard YAML with json_metadata; target_env_id is non-empty; source_map contains source id->uuid.
# @POST: json_metadata is re-serialized with mapped integer IDs when remote mappings are available; otherwise file remains unchanged.
# @SIDE_EFFECT: Reads/writes YAML file, performs mapping lookup via mapping_service, emits logs for recoverable/terminal failures.
# @DATA_CONTRACT: Input[(Path file_path, str target_env_id, Dict[int,str] source_map)] -> Output[None]
# @PURPOSE: Replaces integer IDs in json_metadata.
# @PARAM: file_path (Path)
# @PARAM: target_env_id (str)
# @PARAM: source_map (Dict[int, str])
def _patch_dashboard_metadata(self, file_path: Path, target_env_id: str, source_map: Dict[int, str]):
with belief_scope("MigrationEngine._patch_dashboard_metadata"):
try:
if not file_path.exists():
return
with open(file_path, 'r') as f:
data = yaml.safe_load(f)
@@ -198,13 +163,18 @@ class MigrationEngine:
if not metadata_str:
return
metadata = json.loads(metadata_str)
modified = False
# We need to deeply traverse and replace. For MVP, string replacement over the raw JSON is an option,
# but careful dict traversal is safer.
# Fetch target UUIDs for everything we know:
uuids_needed = list(source_map.values())
logger.reason(f"Resolving {len(uuids_needed)} remote IDs for dashboard metadata patching")
target_ids = self.mapping_service.get_remote_ids_batch(target_env_id, ResourceType.CHART, uuids_needed)
if not target_ids:
logger.reflect("No remote target IDs found in mapping database for this dashboard.")
logger.info("[MigrationEngine._patch_dashboard_metadata][Reflect] No remote target IDs found in mapping database.")
return
# Map Source Int -> Target Int
@@ -217,16 +187,21 @@ class MigrationEngine:
missing_targets.append(s_id)
if missing_targets:
logger.explore(f"Missing target IDs for source IDs: {missing_targets}. Cross-filters might break.")
logger.warning(f"[MigrationEngine._patch_dashboard_metadata][Coherence:Recoverable] Missing target IDs for source IDs: {missing_targets}. Cross-filters for these IDs might break.")
if not source_to_target:
logger.reflect("No source IDs matched remotely. Skipping patch.")
logger.info("[MigrationEngine._patch_dashboard_metadata][Reflect] No source IDs matched remotely. Skipping patch.")
return
logger.reason(f"Patching {len(source_to_target)} ID references in json_metadata")
# Complex metadata traversal would go here (e.g. for native_filter_configuration)
# We use regex replacement over the string for safety over unknown nested dicts.
new_metadata_str = metadata_str
# Replace chartId and datasetId assignments explicitly.
# Pattern: "datasetId": 42 or "chartId": 42
for s_id, t_id in source_to_target.items():
# Replace in native_filter_configuration targets
new_metadata_str = re.sub(r'("datasetId"\s*:\s*)' + str(s_id) + r'(\b)', r'\g<1>' + str(t_id) + r'\g<2>', new_metadata_str)
new_metadata_str = re.sub(r'("chartId"\s*:\s*)' + str(s_id) + r'(\b)', r'\g<1>' + str(t_id) + r'\g<2>', new_metadata_str)
@@ -235,10 +210,10 @@ class MigrationEngine:
with open(file_path, 'w') as f:
yaml.dump(data, f)
logger.reflect(f"Dashboard metadata patched and saved: {file_path.name}")
logger.info(f"[MigrationEngine._patch_dashboard_metadata][Reason] Re-serialized modified JSON metadata for dashboard.")
except Exception as e:
logger.explore(f"Metadata patch failed for {file_path.name}: {e}")
logger.error(f"[MigrationEngine._patch_dashboard_metadata][Coherence:Failed] Metadata patch failed: {e}")
# [/DEF:_patch_dashboard_metadata:Function]

15
backend/src/core/plugin_loader.py
View File

@@ -76,8 +76,17 @@ class PluginLoader:
"""
Loads a single Python module and extracts PluginBase subclasses.
"""
# All runtime code is imported through the canonical `src` package root.
package_name = f"src.plugins.{module_name}"
# Try to determine the correct package prefix based on how the app is running
# For standalone execution, we need to handle the import differently
if __name__ == "__main__" or "test" in __name__:
# When running as standalone or in tests, use relative import
package_name = f"plugins.{module_name}"
elif "backend.src" in __name__:
package_prefix = "backend.src.plugins"
package_name = f"{package_prefix}.{module_name}"
else:
package_prefix = "src.plugins"
package_name = f"{package_prefix}.{module_name}"
# print(f"DEBUG: Loading plugin {module_name} as {package_name}")
spec = importlib.util.spec_from_file_location(package_name, file_path)
@@ -189,4 +198,4 @@ class PluginLoader:
return plugin_id in self._plugins
# [/DEF:has_plugin:Function]
# [/DEF:PluginLoader:Class]
# [/DEF:PluginLoader:Class]

63
backend/src/core/scheduler.py
View File

@@ -8,13 +8,9 @@
# [SECTION: IMPORTS]
from apscheduler.schedulers.background import BackgroundScheduler
from apscheduler.triggers.cron import CronTrigger
from apscheduler.triggers.date import DateTrigger
from .logger import logger, belief_scope
from .config_manager import ConfigManager
from .database import SessionLocal
from ..models.llm import ValidationPolicy
import asyncio
from datetime import datetime, time, timedelta, date
# [/SECTION]
# [DEF:SchedulerService:Class]
@@ -121,63 +117,4 @@ class SchedulerService:
# [/DEF:_trigger_backup:Function]
# [/DEF:SchedulerService:Class]
# [DEF:ThrottledSchedulerConfigurator:Class]
# @TIER: CRITICAL
# @SEMANTICS: scheduler, throttling, distribution
# @PURPOSE: Distributes validation tasks evenly within an execution window.
class ThrottledSchedulerConfigurator:
# [DEF:calculate_schedule:Function]
# @PURPOSE: Calculates execution times for N tasks within a window.
# @PRE: window_start, window_end (time), dashboard_ids (List), current_date (date).
# @POST: Returns List[datetime] of scheduled times.
# @INVARIANT: Tasks are distributed with near-even spacing.
@staticmethod
def calculate_schedule(
window_start: time,
window_end: time,
dashboard_ids: list,
current_date: date
) -> list:
with belief_scope("ThrottledSchedulerConfigurator.calculate_schedule"):
n = len(dashboard_ids)
if n == 0:
return []
start_dt = datetime.combine(current_date, window_start)
end_dt = datetime.combine(current_date, window_end)
# Handle window crossing midnight
if end_dt < start_dt:
end_dt += timedelta(days=1)
total_seconds = (end_dt - start_dt).total_seconds()
# Minimum interval of 1 second to avoid division by zero or negative
if total_seconds <= 0:
logger.warning(f"[calculate_schedule] Window size is zero or negative. Falling back to start time for all {n} tasks.")
return [start_dt] * n
# If window is too small for even distribution (e.g. 10 tasks in 5 seconds),
# we still distribute them but they might be very close.
# The requirement says "near-even spacing".
if n == 1:
return [start_dt]
interval = total_seconds / (n - 1) if n > 1 else 0
# If interval is too small (e.g. < 1s), we might want a fallback,
# but the spec says "handle too-small windows with explicit fallback/warning".
if interval < 1:
logger.warning(f"[calculate_schedule] Window too small for {n} tasks (interval {interval:.2f}s). Tasks will be highly concentrated.")
scheduled_times = []
for i in range(n):
scheduled_times.append(start_dt + timedelta(seconds=i * interval))
return scheduled_times
# [/DEF:calculate_schedule:Function]
# [/DEF:ThrottledSchedulerConfigurator:Class]
# [/DEF:SchedulerModule:Module]

26
backend/src/core/superset_client.py
View File

@@ -150,19 +150,11 @@ class SupersetClient:
# @PRE: Client is authenticated.
# @POST: Returns a list of dashboard metadata summaries.
# @RETURN: List[Dict]
def get_dashboards_summary(self, require_slug: bool = False) -> List[Dict]:
def get_dashboards_summary(self) -> List[Dict]:
with belief_scope("SupersetClient.get_dashboards_summary"):
# Rely on list endpoint default projection to stay compatible
# across Superset versions and preserve owners in one request.
query: Dict[str, Any] = {}
if require_slug:
query["filters"] = [
{
"col": "slug",
"opr": "neq",
"value": "",
}
]
_, dashboards = self.get_dashboards(query=query)
# Map fields to DashboardMetadata schema
@@ -240,35 +232,23 @@ class SupersetClient:
page: int,
page_size: int,
search: Optional[str] = None,
require_slug: bool = False,
) -> Tuple[int, List[Dict]]:
with belief_scope("SupersetClient.get_dashboards_summary_page"):
query: Dict[str, Any] = {
"page": max(page - 1, 0),
"page_size": page_size,
}
filters: List[Dict[str, Any]] = []
if require_slug:
filters.append(
{
"col": "slug",
"opr": "neq",
"value": "",
}
)
normalized_search = (search or "").strip()
if normalized_search:
# Superset list API supports filter objects with `opr` operator.
# `ct` -> contains (ILIKE on most Superset backends).
filters.append(
query["filters"] = [
{
"col": "dashboard_title",
"opr": "ct",
"value": normalized_search,
}
)
if filters:
query["filters"] = filters
]
total_count, dashboards = self.get_dashboards_page(query=query)

3
backend/src/core/utils/__init__.py
View File

@@ -1,3 +0,0 @@
# [DEF:src.core.utils:Package]
# @PURPOSE: Shared utility package root.
# [/DEF:src.core.utils:Package]

3
backend/src/models/__init__.py
View File

@@ -1,3 +0,0 @@
# [DEF:src.models:Package]
# @PURPOSE: Domain model package root.
# [/DEF:src.models:Package]

41
backend/src/models/config.py
View File

@@ -1,25 +1,19 @@
# [DEF:backend.src.models.config:Module]
#
# @TIER: CRITICAL
# @SEMANTICS: database, config, settings, sqlalchemy, notification
# @PURPOSE: Defines SQLAlchemy persistence models for application and notification configuration records.
# @LAYER: Domain
# @RELATION: [DEPENDS_ON] ->[sqlalchemy]
# @RELATION: [DEPENDS_ON] ->[backend.src.models.mapping:Base]
# @INVARIANT: Configuration payload and notification credentials must remain persisted as non-null JSON documents.
# @TIER: STANDARD
# @SEMANTICS: database, config, settings, sqlalchemy
# @PURPOSE: Defines database schema for persisted application configuration.
# @LAYER: Domain
# @RELATION: DEPENDS_ON -> sqlalchemy
from sqlalchemy import Column, String, DateTime, JSON, Boolean
from sqlalchemy import Column, String, DateTime, JSON
from sqlalchemy.sql import func
from .mapping import Base
# [DEF:AppConfigRecord:Class]
# @PURPOSE: Stores persisted application configuration as a single authoritative record model.
# @PRE: SQLAlchemy declarative Base is initialized and table metadata registration is active.
# @POST: ORM table 'app_configurations' exposes id, payload, and updated_at fields with declared nullability/default semantics.
# @SIDE_EFFECT: Registers ORM mapping metadata during module import.
# @DATA_CONTRACT: Input -> persistence row {id:str, payload:json, updated_at:datetime}; Output -> AppConfigRecord ORM entity.
# @PURPOSE: Stores the single source of truth for application configuration.
class AppConfigRecord(Base):
__tablename__ = "app_configurations"
@@ -29,25 +23,4 @@ class AppConfigRecord(Base):
# [/DEF:AppConfigRecord:Class]
# [DEF:NotificationConfig:Class]
# @PURPOSE: Stores persisted provider-level notification configuration and encrypted credentials metadata.
# @PRE: SQLAlchemy declarative Base is initialized and uuid generation is available at instance creation time.
# @POST: ORM table 'notification_configs' exposes id, type, name, credentials, is_active, created_at, updated_at fields with declared constraints/defaults.
# @SIDE_EFFECT: Registers ORM mapping metadata during module import; may generate UUID values for new entity instances.
# @DATA_CONTRACT: Input -> persistence row {id:str, type:str, name:str, credentials:json, is_active:bool, created_at:datetime, updated_at:datetime}; Output -> NotificationConfig ORM entity.
class NotificationConfig(Base):
__tablename__ = "notification_configs"
id = Column(String, primary_key=True, default=lambda: str(uuid.uuid4()))
type = Column(String, nullable=False) # SMTP, SLACK, TELEGRAM
name = Column(String, nullable=False)
credentials = Column(JSON, nullable=False) # Encrypted connection details
is_active = Column(Boolean, default=True)
created_at = Column(DateTime(timezone=True), server_default=func.now())
updated_at = Column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now())
# [/DEF:NotificationConfig:Class]
import uuid
# [/DEF:backend.src.models.config:Module]

26
backend/src/models/llm.py
View File

@@ -5,7 +5,7 @@
# @LAYER: Domain
# @RELATION: INHERITS_FROM -> backend.src.models.mapping.Base
from sqlalchemy import Column, String, Boolean, DateTime, JSON, Text, Time, ForeignKey
from sqlalchemy import Column, String, Boolean, DateTime, JSON, Text
from datetime import datetime
import uuid
from .mapping import Base
@@ -13,26 +13,6 @@ from .mapping import Base
def generate_uuid():
return str(uuid.uuid4())
# [DEF:ValidationPolicy:Class]
# @PURPOSE: Defines a scheduled rule for validating a group of dashboards within an execution window.
class ValidationPolicy(Base):
__tablename__ = "validation_policies"
id = Column(String, primary_key=True, default=generate_uuid)
name = Column(String, nullable=False)
environment_id = Column(String, nullable=False)
is_active = Column(Boolean, default=True)
dashboard_ids = Column(JSON, nullable=False) # Array of dashboard IDs
schedule_days = Column(JSON, nullable=False) # Array of integers (0-6)
window_start = Column(Time, nullable=False)
window_end = Column(Time, nullable=False)
notify_owners = Column(Boolean, default=True)
custom_channels = Column(JSON, nullable=True) # List of external channels
alert_condition = Column(String, default="FAIL_ONLY") # FAIL_ONLY, WARN_AND_FAIL, ALWAYS
created_at = Column(DateTime, default=datetime.utcnow)
updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
# [/DEF:ValidationPolicy:Class]
# [DEF:LLMProvider:Class]
# @PURPOSE: SQLAlchemy model for LLM provider configuration.
class LLMProvider(Base):
@@ -54,11 +34,9 @@ class ValidationRecord(Base):
__tablename__ = "llm_validation_results"
id = Column(String, primary_key=True, default=generate_uuid)
task_id = Column(String, nullable=True, index=True) # Reference to TaskRecord
dashboard_id = Column(String, nullable=False, index=True)
environment_id = Column(String, nullable=True, index=True)
timestamp = Column(DateTime, default=datetime.utcnow)
status = Column(String, nullable=False) # PASS, WARN, FAIL, UNKNOWN
status = Column(String, nullable=False) # PASS, WARN, FAIL
screenshot_path = Column(String, nullable=True)
issues = Column(JSON, nullable=False)
summary = Column(Text, nullable=False)

2
backend/src/models/mapping.py
View File

@@ -80,8 +80,6 @@ class MigrationJob(Base):
status = Column(SQLEnum(MigrationStatus), default=MigrationStatus.PENDING)
replace_db = Column(Boolean, default=False)
created_at = Column(DateTime(timezone=True), server_default=func.now())
# [/DEF:MigrationJob:Class]
# [DEF:ResourceMapping:Class]
# @TIER: STANDARD
# @PURPOSE: Maps a universal UUID for a resource to its actual ID on a specific environment.

7
backend/src/models/profile.py
View File

@@ -32,7 +32,6 @@ class UserDashboardPreference(Base):
superset_username_normalized = Column(String, nullable=True, index=True)
show_only_my_dashboards = Column(Boolean, nullable=False, default=False)
show_only_slug_dashboards = Column(Boolean, nullable=False, default=True)
git_username = Column(String, nullable=True)
git_email = Column(String, nullable=True)
@@ -42,10 +41,6 @@ class UserDashboardPreference(Base):
auto_open_task_drawer = Column(Boolean, nullable=False, default=True)
dashboards_table_density = Column(String, nullable=False, default="comfortable")
telegram_id = Column(String, nullable=True)
email_address = Column(String, nullable=True)
notify_on_fail = Column(Boolean, nullable=False, default=True)
created_at = Column(DateTime, nullable=False, default=datetime.utcnow)
updated_at = Column(
DateTime,
@@ -57,4 +52,4 @@ class UserDashboardPreference(Base):
user = relationship("User")
# [/DEF:UserDashboardPreference:Class]
# [/DEF:backend.src.models.profile:Module]
# [/DEF:backend.src.models.profile:Module]

1
backend/src/models/report.py
View File

@@ -112,7 +112,6 @@ class TaskReport(BaseModel):
updated_at: datetime
summary: str
details: Optional[Dict[str, Any]] = None
validation_record: Optional[Dict[str, Any]] = None # Extended for US2
error_context: Optional[ErrorContext] = None
source_ref: Optional[Dict[str, Any]] = None

3
backend/src/plugins/__init__.py
View File

@@ -1,3 +0,0 @@
# [DEF:src.plugins:Package]
# @PURPOSE: Plugin package root for dynamic discovery and runtime imports.
# [/DEF:src.plugins:Package]

3
backend/src/plugins/git/__init__.py
View File

@@ -1,3 +0,0 @@
# [DEF:src.plugins.git:Package]
# @PURPOSE: Git plugin extension package root.
# [/DEF:src.plugins.git:Package]

24
backend/src/plugins/llm_analysis/plugin.py
View File

@@ -21,9 +21,8 @@ from ...services.llm_provider import LLMProviderService
from ...core.superset_client import SupersetClient
from .service import ScreenshotService, LLMClient
from .models import LLMProviderType, ValidationStatus, ValidationResult, DetectedIssue
from ...models.llm import ValidationRecord, ValidationPolicy
from ...models.llm import ValidationRecord
from ...core.task_manager.context import TaskContext
from ...services.notifications.service import NotificationService
from ...services.llm_prompt_templates import (
DEFAULT_LLM_PROMPTS,
is_multimodal_model,
@@ -284,9 +283,7 @@ class DashboardValidationPlugin(PluginBase):
}
db_record = ValidationRecord(
task_id=context.task_id if context else None,
dashboard_id=validation_result.dashboard_id,
environment_id=env_id,
status=validation_result.status.value,
summary=validation_result.summary,
issues=[issue.dict() for issue in validation_result.issues],
@@ -297,20 +294,11 @@ class DashboardValidationPlugin(PluginBase):
db.commit()
# 7. Notification on failure (US1 / FR-015)
try:
policy_id = params.get("policy_id")
policy = None
if policy_id:
policy = db.query(ValidationPolicy).filter(ValidationPolicy.id == policy_id).first()
notification_service = NotificationService(db, config_mgr)
await notification_service.dispatch_report(
record=db_record,
policy=policy,
background_tasks=context.background_tasks if context else None
)
except Exception as e:
log.error(f"Failed to dispatch notifications: {e}")
if validation_result.status == ValidationStatus.FAIL:
log.warning(f"Dashboard {dashboard_id} validation FAILED. Summary: {validation_result.summary}")
# Placeholder for Email/Pulse notification dispatch
# In a real implementation, we would call a NotificationService here
# with a payload containing the summary and a link to the report.
# Final log to ensure all analysis is visible in task logs
log.info(f"Validation completed for dashboard {dashboard_id}. Status: {validation_result.status.value}")

3
backend/src/schemas/__init__.py
View File

@@ -1,3 +0,0 @@
# [DEF:src.schemas:Package]
# @PURPOSE: API schema package root.
# [/DEF:src.schemas:Package]

84
backend/src/schemas/__tests__/test_settings_and_health_schemas.py
View File

@@ -1,84 +0,0 @@
# [DEF:backend.src.schemas.__tests__.test_settings_and_health_schemas:Module]
# @TIER: STANDARD
# @PURPOSE: Regression tests for settings and health schema contracts updated in 026 fix batch.
import pytest
from pydantic import ValidationError
from src.schemas.health import DashboardHealthItem
from src.schemas.settings import ValidationPolicyCreate
# [DEF:test_validation_policy_create_accepts_structured_custom_channels:Function]
# @PURPOSE: Ensure policy schema accepts structured custom channel objects with type/target fields.
def test_validation_policy_create_accepts_structured_custom_channels():
payload = {
"name": "Daily Health",
"environment_id": "env-1",
"dashboard_ids": ["10", "11"],
"schedule_days": [0, 1, 2],
"window_start": "01:00:00",
"window_end": "03:00:00",
"notify_owners": True,
"custom_channels": [{"type": "SLACK", "target": "#alerts"}],
"alert_condition": "FAIL_ONLY",
}
policy = ValidationPolicyCreate(**payload)
assert policy.custom_channels is not None
assert len(policy.custom_channels) == 1
assert policy.custom_channels[0].type == "SLACK"
assert policy.custom_channels[0].target == "#alerts"
# [/DEF:test_validation_policy_create_accepts_structured_custom_channels:Function]
# [DEF:test_validation_policy_create_rejects_legacy_string_custom_channels:Function]
# @PURPOSE: Ensure legacy list[str] custom channel payload is rejected by typed channel contract.
def test_validation_policy_create_rejects_legacy_string_custom_channels():
payload = {
"name": "Daily Health",
"environment_id": "env-1",
"dashboard_ids": ["10"],
"schedule_days": [0],
"window_start": "01:00:00",
"window_end": "02:00:00",
"notify_owners": False,
"custom_channels": ["SLACK:#alerts"],
}
with pytest.raises(ValidationError):
ValidationPolicyCreate(**payload)
# [/DEF:test_validation_policy_create_rejects_legacy_string_custom_channels:Function]
# [DEF:test_dashboard_health_item_status_accepts_only_whitelisted_values:Function]
# @PURPOSE: Verify strict grouped regex only accepts PASS/WARN/FAIL/UNKNOWN exact statuses.
def test_dashboard_health_item_status_accepts_only_whitelisted_values():
valid = DashboardHealthItem(
dashboard_id="dash-1",
environment_id="env-1",
status="PASS",
last_check="2026-03-10T10:00:00",
)
assert valid.status == "PASS"
with pytest.raises(ValidationError):
DashboardHealthItem(
dashboard_id="dash-1",
environment_id="env-1",
status="PASSING",
last_check="2026-03-10T10:00:00",
)
with pytest.raises(ValidationError):
DashboardHealthItem(
dashboard_id="dash-1",
environment_id="env-1",
status="FAIL ",
last_check="2026-03-10T10:00:00",
)
# [/DEF:test_dashboard_health_item_status_accepts_only_whitelisted_values:Function]
# [/DEF:backend.src.schemas.__tests__.test_settings_and_health_schemas:Module]

33
backend/src/schemas/health.py
View File

@@ -1,33 +0,0 @@
# [DEF:backend.src.schemas.health:Module]
# @TIER: STANDARD
# @SEMANTICS: health, schemas, pydantic
# @PURPOSE: Pydantic schemas for dashboard health summary.
# @LAYER: Domain
from pydantic import BaseModel, Field
from typing import List, Optional
from datetime import datetime
# [DEF:DashboardHealthItem:Class]
# @PURPOSE: Represents the latest health status of a single dashboard.
class DashboardHealthItem(BaseModel):
dashboard_id: str
dashboard_title: Optional[str] = None
environment_id: str
status: str = Field(..., pattern="^(PASS|WARN|FAIL|UNKNOWN)$")
last_check: datetime
task_id: Optional[str] = None
summary: Optional[str] = None
# [/DEF:DashboardHealthItem:Class]
# [DEF:HealthSummaryResponse:Class]
# @PURPOSE: Aggregated health summary for all dashboards.
class HealthSummaryResponse(BaseModel):
items: List[DashboardHealthItem]
pass_count: int
warn_count: int
fail_count: int
unknown_count: int
# [/DEF:HealthSummaryResponse:Class]
# [/DEF:backend.src.schemas.health:Module]

23
backend/src/schemas/profile.py
View File

@@ -45,7 +45,6 @@ class ProfilePreference(BaseModel):
superset_username: Optional[str] = None
superset_username_normalized: Optional[str] = None
show_only_my_dashboards: bool = False
show_only_slug_dashboards: bool = True
git_username: Optional[str] = None
git_email: Optional[str] = None
@@ -56,10 +55,6 @@ class ProfilePreference(BaseModel):
auto_open_task_drawer: bool = True
dashboards_table_density: Literal["compact", "comfortable"] = "comfortable"
telegram_id: Optional[str] = None
email_address: Optional[str] = None
notify_on_fail: bool = True
created_at: datetime
updated_at: datetime
@@ -80,10 +75,6 @@ class ProfilePreferenceUpdateRequest(BaseModel):
default=None,
description='When true, "/dashboards" can auto-apply profile filter in main context.',
)
show_only_slug_dashboards: Optional[bool] = Field(
default=None,
description='When true, "/dashboards" hides dashboards without slug by default.',
)
git_username: Optional[str] = Field(
default=None,
description="Git author username used for commit signature.",
@@ -112,18 +103,6 @@ class ProfilePreferenceUpdateRequest(BaseModel):
default=None,
description="Preferred table density for dashboard listings.",
)
telegram_id: Optional[str] = Field(
default=None,
description="Telegram ID for notifications.",
)
email_address: Optional[str] = Field(
default=None,
description="Email address for notifications (overrides system email).",
)
notify_on_fail: Optional[bool] = Field(
default=None,
description="Whether to send notifications on validation failure.",
)
# [/DEF:ProfilePreferenceUpdateRequest:Class]
@@ -177,4 +156,4 @@ class SupersetAccountLookupResponse(BaseModel):
items: List[SupersetAccountCandidate] = Field(default_factory=list)
# [/DEF:SupersetAccountLookupResponse:Class]
# [/DEF:backend.src.schemas.profile:Module]
# [/DEF:backend.src.schemas.profile:Module]

68
backend/src/schemas/settings.py
View File

@@ -1,68 +0,0 @@
# [DEF:backend.src.schemas.settings:Module]
# @TIER: STANDARD
# @SEMANTICS: settings, schemas, pydantic, validation
# @PURPOSE: Pydantic schemas for application settings and automation policies.
# @LAYER: Domain
from pydantic import BaseModel, Field
from typing import List, Optional
from datetime import datetime, time
# [DEF:NotificationChannel:Class]
# @PURPOSE: Structured notification channel definition for policy-level custom routing.
class NotificationChannel(BaseModel):
type: str = Field(..., description="Notification channel type (e.g., SLACK, SMTP, TELEGRAM)")
target: str = Field(..., description="Notification destination (e.g., #alerts, chat id, email)")
# [/DEF:NotificationChannel:Class]
# [DEF:ValidationPolicyBase:Class]
# @PURPOSE: Base schema for validation policy data.
class ValidationPolicyBase(BaseModel):
name: str = Field(..., description="Name of the policy")
environment_id: str = Field(..., description="Target Superset environment ID")
is_active: bool = Field(True, description="Whether the policy is currently active")
dashboard_ids: List[str] = Field(..., description="List of dashboard IDs to validate")
schedule_days: List[int] = Field(..., description="Days of the week (0-6, 0=Sunday) to run")
window_start: time = Field(..., description="Start of the execution window")
window_end: time = Field(..., description="End of the execution window")
notify_owners: bool = Field(True, description="Whether to notify dashboard owners on failure")
custom_channels: Optional[List[NotificationChannel]] = Field(
None,
description="List of additional structured notification channels",
)
alert_condition: str = Field("FAIL_ONLY", description="Condition to trigger alerts: FAIL_ONLY, WARN_AND_FAIL, ALWAYS")
# [/DEF:ValidationPolicyBase:Class]
# [DEF:ValidationPolicyCreate:Class]
# @PURPOSE: Schema for creating a new validation policy.
class ValidationPolicyCreate(ValidationPolicyBase):
pass
# [/DEF:ValidationPolicyCreate:Class]
# [DEF:ValidationPolicyUpdate:Class]
# @PURPOSE: Schema for updating an existing validation policy.
class ValidationPolicyUpdate(BaseModel):
name: Optional[str] = None
environment_id: Optional[str] = None
is_active: Optional[bool] = None
dashboard_ids: Optional[List[str]] = None
schedule_days: Optional[List[int]] = None
window_start: Optional[time] = None
window_end: Optional[time] = None
notify_owners: Optional[bool] = None
custom_channels: Optional[List[NotificationChannel]] = None
alert_condition: Optional[str] = None
# [/DEF:ValidationPolicyUpdate:Class]
# [DEF:ValidationPolicyResponse:Class]
# @PURPOSE: Schema for validation policy response data.
class ValidationPolicyResponse(ValidationPolicyBase):
id: str
created_at: datetime
updated_at: datetime
class Config:
from_attributes = True
# [/DEF:ValidationPolicyResponse:Class]
# [/DEF:backend.src.schemas.settings:Module]

3
backend/src/scripts/__init__.py
View File

@@ -1,3 +0,0 @@
# [DEF:src.scripts:Package]
# @PURPOSE: Script entrypoint package root.
# [/DEF:src.scripts:Package]

23
backend/src/scripts/clean_release_tui.py
View File

@@ -15,13 +15,13 @@ from datetime import datetime, timezone
from types import SimpleNamespace
from typing import List, Optional, Any, Dict
# Standardize sys.path for direct execution from project root or scripts dir.
# Standardize sys.path for direct execution from project root or scripts dir
SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
BACKEND_ROOT = os.path.abspath(os.path.join(SCRIPT_DIR, "..", ".."))
if BACKEND_ROOT not in sys.path:
sys.path.insert(0, BACKEND_ROOT)
PROJECT_ROOT = os.path.abspath(os.path.join(SCRIPT_DIR, "..", "..", ".."))
if PROJECT_ROOT not in sys.path:
sys.path.insert(0, PROJECT_ROOT)
from src.models.clean_release import (
from backend.src.models.clean_release import (
CandidateArtifact,
CheckFinalStatus,
CheckStageName,
@@ -35,12 +35,12 @@ from src.models.clean_release import (
RegistryStatus,
ReleaseCandidateStatus,
)
from src.services.clean_release.approval_service import approve_candidate
from src.services.clean_release.compliance_execution_service import ComplianceExecutionService
from src.services.clean_release.enums import CandidateStatus
from src.services.clean_release.manifest_service import build_manifest_snapshot
from src.services.clean_release.publication_service import publish_candidate
from src.services.clean_release.repository import CleanReleaseRepository
from backend.src.services.clean_release.approval_service import approve_candidate
from backend.src.services.clean_release.compliance_execution_service import ComplianceExecutionService
from backend.src.services.clean_release.enums import CandidateStatus
from backend.src.services.clean_release.manifest_service import build_manifest_snapshot
from backend.src.services.clean_release.publication_service import publish_candidate
from backend.src.services.clean_release.repository import CleanReleaseRepository
# [DEF:TuiFacadeAdapter:Class]
# @PURPOSE: Thin TUI adapter that routes business mutations through application services.
@@ -462,7 +462,6 @@ class CleanReleaseTUI:
self.status = CheckFinalStatus.FAILED
self.refresh_overview()
self.refresh_screen()
# [/DEF:run_checks:Function]
def build_manifest(self):
try:

3
backend/src/scripts/seed_superset_load_test.py
View File

@@ -291,9 +291,6 @@ def main() -> None:
logger.info(f"[COHERENCE:OK] Result summary: {json.dumps(result, ensure_ascii=True)}")
# [/DEF:main:Function]
if __name__ == "__main__":
main()

2
backend/src/services/__tests__/test_encryption_manager.py
View File

@@ -27,7 +27,7 @@ class TestEncryptionManager:
# Re-implement the same logic as EncryptionManager to avoid import issues
# with the llm_provider module's relative imports
import os
key = os.getenv("ENCRYPTION_KEY", "REMOVED_HISTORICAL_SECRET_DO_NOT_USE").encode()
key = os.getenv("ENCRYPTION_KEY", "ZcytYzi0iHIl4Ttr-GdAEk117aGRogkGvN3wiTxrPpE=").encode()
fernet = Fernet(key)
class EncryptionManager:

87
backend/src/services/__tests__/test_health_service.py
View File

@@ -1,87 +0,0 @@
import pytest
from datetime import datetime, timedelta
from unittest.mock import MagicMock
from src.services.health_service import HealthService
from src.models.llm import ValidationRecord
# [DEF:test_health_service:Module]
# @TIER: STANDARD
# @PURPOSE: Unit tests for HealthService aggregation logic.
@pytest.mark.asyncio
async def test_get_health_summary_aggregation():
"""
@TEST_SCENARIO: Verify that HealthService correctly aggregates the latest record per dashboard.
"""
# Setup: Mock DB session
db = MagicMock()
now = datetime.utcnow()
# Dashboard 1: Old FAIL, New PASS
rec1_old = ValidationRecord(
dashboard_id="dash_1",
environment_id="env_1",
status="FAIL",
timestamp=now - timedelta(hours=1),
summary="Old failure",
issues=[]
)
rec1_new = ValidationRecord(
dashboard_id="dash_1",
environment_id="env_1",
status="PASS",
timestamp=now,
summary="New pass",
issues=[]
)
# Dashboard 2: Single WARN
rec2 = ValidationRecord(
dashboard_id="dash_2",
environment_id="env_1",
status="WARN",
timestamp=now,
summary="Warning",
issues=[]
)
# Mock the query chain
# subquery = self.db.query(...).filter(...).group_by(...).subquery()
# query = self.db.query(ValidationRecord).join(subquery, ...).all()
mock_query = db.query.return_value
mock_query.filter.return_value = mock_query
mock_query.group_by.return_value = mock_query
mock_query.subquery.return_value = MagicMock()
db.query.return_value.join.return_value.all.return_value = [rec1_new, rec2]
service = HealthService(db)
summary = await service.get_health_summary(environment_id="env_1")
assert summary.pass_count == 1
assert summary.warn_count == 1
assert summary.fail_count == 0
assert len(summary.items) == 2
# Verify dash_1 has the latest status (PASS)
dash_1_item = next(item for item in summary.items if item.dashboard_id == "dash_1")
assert dash_1_item.status == "PASS"
assert dash_1_item.summary == "New pass"
@pytest.mark.asyncio
async def test_get_health_summary_empty():
"""
@TEST_SCENARIO: Verify behavior with no records.
"""
db = MagicMock()
db.query.return_value.join.return_value.all.return_value = []
service = HealthService(db)
summary = await service.get_health_summary(environment_id="env_none")
assert summary.pass_count == 0
assert len(summary.items) == 0
# [/DEF:test_health_service:Module]

150
backend/src/services/__tests__/test_llm_plugin_persistence.py
View File

@@ -1,150 +0,0 @@
# [DEF:backend.src.services.__tests__.test_llm_plugin_persistence:Module]
# @TIER: STANDARD
# @PURPOSE: Regression test for ValidationRecord persistence fields populated from task context.
import types
import pytest
from src.plugins.llm_analysis import plugin as plugin_module
# [DEF:_DummyLogger:Class]
# @PURPOSE: Minimal logger shim for TaskContext-like objects used in tests.
class _DummyLogger:
def with_source(self, _source: str):
return self
def info(self, *_args, **_kwargs):
return None
def debug(self, *_args, **_kwargs):
return None
def warning(self, *_args, **_kwargs):
return None
def error(self, *_args, **_kwargs):
return None
# [/DEF:_DummyLogger:Class]
# [DEF:_FakeDBSession:Class]
# @PURPOSE: Captures persisted records for assertion and mimics SQLAlchemy session methods used by plugin.
class _FakeDBSession:
def __init__(self):
self.added = None
self.committed = False
self.closed = False
def add(self, obj):
self.added = obj
def commit(self):
self.committed = True
def close(self):
self.closed = True
# [/DEF:_FakeDBSession:Class]
# [DEF:test_dashboard_validation_plugin_persists_task_and_environment_ids:Function]
# @PURPOSE: Ensure db ValidationRecord includes context.task_id and params.environment_id.
@pytest.mark.asyncio
async def test_dashboard_validation_plugin_persists_task_and_environment_ids(tmp_path, monkeypatch):
fake_db = _FakeDBSession()
env = types.SimpleNamespace(id="env-42")
provider = types.SimpleNamespace(
id="provider-1",
name="Main LLM",
provider_type="openai",
base_url="https://example.invalid/v1",
default_model="gpt-4o",
is_active=True,
)
class _FakeProviderService:
def __init__(self, _db):
return None
def get_provider(self, _provider_id):
return provider
def get_decrypted_api_key(self, _provider_id):
return "a" * 32
class _FakeScreenshotService:
def __init__(self, _env):
return None
async def capture_dashboard(self, _dashboard_id, _screenshot_path):
return None
class _FakeLLMClient:
def __init__(self, **_kwargs):
return None
async def analyze_dashboard(self, *_args, **_kwargs):
return {
"status": "PASS",
"summary": "Dashboard healthy",
"issues": [],
}
class _FakeNotificationService:
def __init__(self, *_args, **_kwargs):
return None
async def dispatch_report(self, **_kwargs):
return None
class _FakeConfigManager:
def get_environment(self, _env_id):
return env
def get_config(self):
return types.SimpleNamespace(
settings=types.SimpleNamespace(
storage=types.SimpleNamespace(root_path=str(tmp_path)),
llm={},
)
)
class _FakeSupersetClient:
def __init__(self, _env):
self.network = types.SimpleNamespace(request=lambda **_kwargs: {"result": []})
monkeypatch.setattr(plugin_module, "SessionLocal", lambda: fake_db)
monkeypatch.setattr(plugin_module, "LLMProviderService", _FakeProviderService)
monkeypatch.setattr(plugin_module, "ScreenshotService", _FakeScreenshotService)
monkeypatch.setattr(plugin_module, "LLMClient", _FakeLLMClient)
monkeypatch.setattr(plugin_module, "NotificationService", _FakeNotificationService)
monkeypatch.setattr(plugin_module, "SupersetClient", _FakeSupersetClient)
monkeypatch.setattr("src.dependencies.get_config_manager", lambda: _FakeConfigManager())
context = types.SimpleNamespace(
task_id="task-999",
logger=_DummyLogger(),
background_tasks=None,
)
plugin = plugin_module.DashboardValidationPlugin()
result = await plugin.execute(
{
"dashboard_id": "11",
"environment_id": "env-42",
"provider_id": "provider-1",
},
context=context,
)
assert result["environment_id"] == "env-42"
assert fake_db.committed is True
assert fake_db.closed is True
assert fake_db.added is not None
assert fake_db.added.task_id == "task-999"
assert fake_db.added.environment_id == "env-42"
# [/DEF:test_dashboard_validation_plugin_persists_task_and_environment_ids:Function]
# [/DEF:backend.src.services.__tests__.test_llm_plugin_persistence:Module]

64
backend/src/services/auth_service.py
View File

@@ -1,16 +1,13 @@
# [DEF:backend.src.services.auth_service:Module]
#
# @TIER: CRITICAL
# @SEMANTICS: auth, service, business-logic, login, jwt, adfs, jit-provisioning
# @PURPOSE: Orchestrates credential authentication and ADFS JIT user provisioning.
# @LAYER: Domain
# @RELATION: [DEPENDS_ON] ->[backend.src.core.auth.repository.AuthRepository]
# @RELATION: [DEPENDS_ON] ->[backend.src.core.auth.security.verify_password]
# @RELATION: [DEPENDS_ON] ->[backend.src.core.auth.jwt.create_access_token]
# @RELATION: [DEPENDS_ON] ->[backend.src.models.auth.User]
# @RELATION: [DEPENDS_ON] ->[backend.src.models.auth.Role]
# @SEMANTICS: auth, service, business-logic, login, jwt
# @PURPOSE: Orchestrates authentication business logic.
# @LAYER: Service
# @RELATION: USES -> backend.src.core.auth.repository.AuthRepository
# @RELATION: USES -> backend.src.core.auth.security
# @RELATION: USES -> backend.src.core.auth.jwt
#
# @INVARIANT: Authentication succeeds only for active users with valid credentials; issued sessions encode subject and scopes from assigned roles.
# @INVARIANT: Authentication must verify both credentials and account status.
# [SECTION: IMPORTS]
from typing import Dict, Any
@@ -26,25 +23,20 @@ from ..core.logger import belief_scope
# @PURPOSE: Provides high-level authentication services.
class AuthService:
# [DEF:__init__:Function]
# @PURPOSE: Initializes the authentication service with repository access over an active DB session.
# @PRE: db is a valid SQLAlchemy Session instance bound to the auth persistence context.
# @POST: self.repo is initialized and ready for auth user/role CRUD operations.
# @SIDE_EFFECT: Allocates AuthRepository and binds it to the provided Session.
# @DATA_CONTRACT: Input(Session) -> Model(AuthRepository)
# @PARAM: db (Session) - SQLAlchemy session.
# @PURPOSE: Initializes the service with a database session.
# @PARAM: db (Session) - SQLAlchemy session.
def __init__(self, db: Session):
self.repo = AuthRepository(db)
# [/DEF:__init__:Function]
# [DEF:authenticate_user:Function]
# @PURPOSE: Validates credentials and account state for local username/password authentication.
# @PRE: username and password are non-empty credential inputs.
# @POST: Returns User only when user exists, is active, and password hash verification succeeds; otherwise returns None.
# @SIDE_EFFECT: Persists last_login update for successful authentications via repository.
# @DATA_CONTRACT: Input(str username, str password) -> Output(User | None)
# @PARAM: username (str) - The username.
# @PARAM: password (str) - The plain password.
# @RETURN: Optional[User] - The authenticated user or None.
# @PURPOSE: Authenticates a user with username and password.
# @PRE: username and password are provided.
# @POST: Returns User object if authentication succeeds, else None.
# @SIDE_EFFECT: Updates last_login timestamp on success.
# @PARAM: username (str) - The username.
# @PARAM: password (str) - The plain password.
# @RETURN: Optional[User] - The authenticated user or None.
def authenticate_user(self, username: str, password: str):
with belief_scope("AuthService.authenticate_user"):
user = self.repo.get_user_by_username(username)
@@ -62,13 +54,11 @@ class AuthService:
# [/DEF:authenticate_user:Function]
# [DEF:create_session:Function]
# @PURPOSE: Issues an access token payload for an already authenticated user.
# @PRE: user is a valid User entity containing username and iterable roles with role.name values.
# @POST: Returns session dict with non-empty access_token and token_type='bearer'.
# @SIDE_EFFECT: Generates signed JWT via auth JWT provider.
# @DATA_CONTRACT: Input(User) -> Output(Dict[str, str]{access_token, token_type})
# @PARAM: user (User) - The authenticated user.
# @RETURN: Dict[str, str] - Session data.
# @PURPOSE: Creates a JWT session for an authenticated user.
# @PRE: user is a valid User object.
# @POST: Returns a dictionary with access_token and token_type.
# @PARAM: user (User) - The authenticated user.
# @RETURN: Dict[str, str] - Session data.
def create_session(self, user) -> Dict[str, str]:
with belief_scope("AuthService.create_session"):
# Collect role names for scopes
@@ -87,13 +77,11 @@ class AuthService:
# [/DEF:create_session:Function]
# [DEF:provision_adfs_user:Function]
# @PURPOSE: Performs ADFS Just-In-Time provisioning and role synchronization from AD group mappings.
# @PRE: user_info contains identity claims where at least one of 'upn' or 'email' is present; 'groups' may be absent.
# @POST: Returns persisted user entity with roles synchronized to mapped AD groups and refreshed state.
# @SIDE_EFFECT: May insert new User, mutate user.roles, commit transaction, and refresh ORM state.
# @DATA_CONTRACT: Input(Dict[str, Any]{upn|email, email, groups[]}) -> Output(User persisted)
# @PARAM: user_info (Dict[str, Any]) - Claims from ADFS token.
# @RETURN: User - The provisioned user.
# @PURPOSE: Just-In-Time (JIT) provisioning for ADFS users based on group mappings.
# @PRE: user_info contains 'upn' (username), 'email', and 'groups'.
# @POST: User is created/updated and assigned roles based on groups.
# @PARAM: user_info (Dict[str, Any]) - Claims from ADFS token.
# @RETURN: User - The provisioned user.
def provision_adfs_user(self, user_info: Dict[str, Any]) -> User:
with belief_scope("AuthService.provision_adfs_user"):
username = user_info.get("upn") or user_info.get("email")

3
backend/src/services/clean_release/__tests__/test_audit_service.py
View File

@@ -22,6 +22,3 @@ def test_audit_check_run(mock_logger):
def test_audit_report(mock_logger):
audit_report("rep-1", "cand-1")
mock_logger.info.assert_called_with("[EXPLORE] clean-release report_id=rep-1 candidate=cand-1")
# [/DEF:backend.tests.services.clean_release.test_audit_service:Module]

46
backend/src/services/clean_release/__tests__/test_preparation_service.py
View File

@@ -3,7 +3,7 @@
# @SEMANTICS: tests, clean-release, preparation, flow
# @PURPOSE: Validate release candidate preparation flow, including policy evaluation and manifest persisting.
# @LAYER: Domain
# @RELATION: [DEPENDS_ON] ->[backend.src.services.clean_release.preparation_service:Module]
# @RELATION: TESTS -> backend.src.services.clean_release.preparation_service
# @INVARIANT: Candidate preparation always persists manifest and candidate status deterministically.
import pytest
@@ -21,8 +21,6 @@ from src.models.clean_release import (
)
from src.services.clean_release.preparation_service import prepare_candidate
# [DEF:backend.tests.services.clean_release.test_preparation_service._mock_policy:Function]
# @PURPOSE: Build a valid clean profile policy fixture for preparation tests.
def _mock_policy() -> CleanProfilePolicy:
return CleanProfilePolicy(
policy_id="pol-1",
@@ -35,10 +33,7 @@ def _mock_policy() -> CleanProfilePolicy:
effective_from=datetime.now(timezone.utc),
profile=ProfileType.ENTERPRISE_CLEAN,
)
# [/DEF:backend.tests.services.clean_release.test_preparation_service._mock_policy:Function]
# [DEF:backend.tests.services.clean_release.test_preparation_service._mock_registry:Function]
# @PURPOSE: Build an internal-only source registry fixture for preparation tests.
def _mock_registry() -> ResourceSourceRegistry:
return ResourceSourceRegistry(
registry_id="reg-1",
@@ -47,10 +42,7 @@ def _mock_registry() -> ResourceSourceRegistry:
updated_at=datetime.now(timezone.utc),
updated_by="tester"
)
# [/DEF:backend.tests.services.clean_release.test_preparation_service._mock_registry:Function]
# [DEF:backend.tests.services.clean_release.test_preparation_service._mock_candidate:Function]
# @PURPOSE: Build a draft release candidate fixture with provided identifier.
def _mock_candidate(candidate_id: str) -> ReleaseCandidate:
return ReleaseCandidate(
candidate_id=candidate_id,
@@ -61,15 +53,7 @@ def _mock_candidate(candidate_id: str) -> ReleaseCandidate:
created_by="tester",
source_snapshot_ref="v1.0.0-snapshot"
)
# [/DEF:backend.tests.services.clean_release.test_preparation_service._mock_candidate:Function]
# [DEF:backend.tests.services.clean_release.test_preparation_service.test_prepare_candidate_success:Function]
# @PURPOSE: Verify candidate transitions to PREPARED when evaluation returns no violations.
# @TEST_CONTRACT: [valid_candidate + active_policy + internal_sources + no_violations] -> [status=PREPARED, manifest_persisted, candidate_saved]
# @TEST_SCENARIO: [prepare_success] -> [prepared status and persistence side effects are produced]
# @TEST_FIXTURE: [INLINE_MOCKS] -> INLINE_JSON
# @TEST_EDGE: [external_fail] -> [none; dependency interactions mocked and successful]
# @TEST_INVARIANT: [prepared_flow_persists_state] -> VERIFIED_BY: [prepare_success]
def test_prepare_candidate_success():
# Setup
repository = MagicMock()
@@ -98,15 +82,7 @@ def test_prepare_candidate_success():
assert candidate.status == ReleaseCandidateStatus.PREPARED
repository.save_manifest.assert_called_once()
repository.save_candidate.assert_called_with(candidate)
# [/DEF:backend.tests.services.clean_release.test_preparation_service.test_prepare_candidate_success:Function]
# [DEF:backend.tests.services.clean_release.test_preparation_service.test_prepare_candidate_with_violations:Function]
# @PURPOSE: Verify candidate transitions to BLOCKED when evaluation returns blocking violations.
# @TEST_CONTRACT: [valid_candidate + active_policy + evaluation_with_violations] -> [status=BLOCKED, violations_exposed]
# @TEST_SCENARIO: [prepare_blocked_due_to_policy] -> [blocked status and violation list are produced]
# @TEST_FIXTURE: [INLINE_MOCKS] -> INLINE_JSON
# @TEST_EDGE: [external_fail] -> [none; dependency interactions mocked and successful]
# @TEST_INVARIANT: [blocked_flow_reports_violations] -> VERIFIED_BY: [prepare_blocked_due_to_policy]
def test_prepare_candidate_with_violations():
# Setup
repository = MagicMock()
@@ -134,30 +110,14 @@ def test_prepare_candidate_with_violations():
assert result["status"] == ReleaseCandidateStatus.BLOCKED.value
assert candidate.status == ReleaseCandidateStatus.BLOCKED
assert len(result["violations"]) == 1
# [/DEF:backend.tests.services.clean_release.test_preparation_service.test_prepare_candidate_with_violations:Function]
# [DEF:backend.tests.services.clean_release.test_preparation_service.test_prepare_candidate_not_found:Function]
# @PURPOSE: Verify preparation raises ValueError when candidate does not exist.
# @TEST_CONTRACT: [missing_candidate] -> [ValueError('Candidate not found')]
# @TEST_SCENARIO: [prepare_missing_candidate] -> [raises candidate not found error]
# @TEST_FIXTURE: [INLINE_MOCKS] -> INLINE_JSON
# @TEST_EDGE: [missing_field] -> [candidate lookup returns None]
# @TEST_INVARIANT: [missing_candidate_is_rejected] -> VERIFIED_BY: [prepare_missing_candidate]
def test_prepare_candidate_not_found():
repository = MagicMock()
repository.get_candidate.return_value = None
with pytest.raises(ValueError, match="Candidate not found"):
prepare_candidate(repository, "non-existent", [], [], "op")
# [/DEF:backend.tests.services.clean_release.test_preparation_service.test_prepare_candidate_not_found:Function]
# [DEF:backend.tests.services.clean_release.test_preparation_service.test_prepare_candidate_no_active_policy:Function]
# @PURPOSE: Verify preparation raises ValueError when no active policy is available.
# @TEST_CONTRACT: [candidate_present + missing_active_policy] -> [ValueError('Active clean policy not found')]
# @TEST_SCENARIO: [prepare_missing_policy] -> [raises active policy missing error]
# @TEST_FIXTURE: [INLINE_MOCKS] -> INLINE_JSON
# @TEST_EDGE: [invalid_type] -> [policy dependency resolves to None]
# @TEST_INVARIANT: [active_policy_required] -> VERIFIED_BY: [prepare_missing_policy]
def test_prepare_candidate_no_active_policy():
repository = MagicMock()
repository.get_candidate.return_value = _mock_candidate("cand-1")
@@ -165,7 +125,3 @@ def test_prepare_candidate_no_active_policy():
with pytest.raises(ValueError, match="Active clean policy not found"):
prepare_candidate(repository, "cand-1", [], [], "op")
# [/DEF:backend.tests.services.clean_release.test_preparation_service.test_prepare_candidate_no_active_policy:Function]
# [/DEF:backend.tests.services.clean_release.test_preparation_service:Module]

4
backend/src/services/clean_release/__tests__/test_source_isolation.py
View File

@@ -55,6 +55,4 @@ def test_validate_internal_sources_external_blocked():
assert result["ok"] is False
assert len(result["violations"]) == 1
assert result["violations"][0]["category"] == "external-source"
assert result["violations"][0]["blocked_release"] is True
# [/DEF:backend.tests.services.clean_release.test_source_isolation:Module]
assert result["violations"][0]["blocked_release"] is True

3
backend/src/services/clean_release/__tests__/test_stages.py
View File

@@ -25,6 +25,3 @@ def test_derive_final_status_failed_skipped():
results = [CheckStageResult(stage=s, status=CheckStageStatus.PASS, details="ok") for s in MANDATORY_STAGE_ORDER]
results[2].status = CheckStageStatus.SKIPPED
assert derive_final_status(results) == CheckFinalStatus.FAILED
# [/DEF:backend.tests.services.clean_release.test_stages:Module]

167
backend/src/services/clean_release/compliance_orchestrator.py
View File

@@ -35,117 +35,89 @@ from ...models.clean_release import (
from .policy_engine import CleanPolicyEngine
from .repository import CleanReleaseRepository
from .stages import derive_final_status
from ...core.logger import belief_scope
# [DEF:CleanComplianceOrchestrator:Class]
# @PURPOSE: Coordinate clean-release compliance verification stages.
class CleanComplianceOrchestrator:
# [DEF:CleanComplianceOrchestrator.__init__:Function]
# @PURPOSE: Bind repository dependency used for orchestrator persistence and lookups.
# @PRE: repository is a valid CleanReleaseRepository instance with required methods.
# @POST: self.repository is assigned and used by all orchestration steps.
# @SIDE_EFFECT: Stores repository reference on orchestrator instance.
# @DATA_CONTRACT: Input -> CleanReleaseRepository, Output -> None
def __init__(self, repository: CleanReleaseRepository):
with belief_scope("CleanComplianceOrchestrator.__init__"):
self.repository = repository
# [/DEF:CleanComplianceOrchestrator.__init__:Function]
self.repository = repository
# [DEF:start_check_run:Function]
# @PURPOSE: Initiate a new compliance run session.
# @PRE: candidate_id/policy_id/manifest_id identify existing records in repository.
# @POST: Returns initialized ComplianceRun in RUNNING state persisted in repository.
# @SIDE_EFFECT: Reads manifest/policy and writes new ComplianceRun via repository.save_check_run.
# @DATA_CONTRACT: Input -> (candidate_id:str, policy_id:str, requested_by:str, manifest_id:str), Output -> ComplianceRun
# @PRE: candidate_id and policy_id must exist in repository.
# @POST: Returns initialized ComplianceRun in RUNNING state.
def start_check_run(self, candidate_id: str, policy_id: str, requested_by: str, manifest_id: str) -> ComplianceRun:
with belief_scope("start_check_run"):
manifest = self.repository.get_manifest(manifest_id)
policy = self.repository.get_policy(policy_id)
if not manifest or not policy:
raise ValueError("Manifest or Policy not found")
manifest = self.repository.get_manifest(manifest_id)
policy = self.repository.get_policy(policy_id)
if not manifest or not policy:
raise ValueError("Manifest or Policy not found")
check_run = ComplianceRun(
id=f"check-{uuid4()}",
candidate_id=candidate_id,
manifest_id=manifest_id,
manifest_digest=manifest.manifest_digest,
policy_snapshot_id=policy_id,
registry_snapshot_id=policy.registry_snapshot_id,
requested_by=requested_by,
requested_at=datetime.now(timezone.utc),
status=RunStatus.RUNNING,
)
return self.repository.save_check_run(check_run)
# [/DEF:start_check_run:Function]
check_run = ComplianceRun(
id=f"check-{uuid4()}",
candidate_id=candidate_id,
manifest_id=manifest_id,
manifest_digest=manifest.manifest_digest,
policy_snapshot_id=policy_id,
registry_snapshot_id=policy.registry_snapshot_id,
requested_by=requested_by,
requested_at=datetime.now(timezone.utc),
status=RunStatus.RUNNING,
)
return self.repository.save_check_run(check_run)
# [DEF:execute_stages:Function]
# @PURPOSE: Execute or accept compliance stage outcomes and set intermediate/final check-run status fields.
# @PRE: check_run exists and references candidate/policy/registry/manifest identifiers resolvable by repository.
# @POST: Returns persisted ComplianceRun with status FAILED on missing dependencies, otherwise SUCCEEDED with final_status set.
# @SIDE_EFFECT: Reads candidate/policy/registry/manifest and persists updated check_run.
# @DATA_CONTRACT: Input -> (check_run:ComplianceRun, forced_results:Optional[List[ComplianceStageRun]]), Output -> ComplianceRun
def execute_stages(self, check_run: ComplianceRun, forced_results: Optional[List[ComplianceStageRun]] = None) -> ComplianceRun:
with belief_scope("execute_stages"):
if forced_results is not None:
# In a real scenario, we'd persist these stages.
return self.repository.save_check_run(check_run)
# Real Logic Integration
candidate = self.repository.get_candidate(check_run.candidate_id)
policy = self.repository.get_policy(check_run.policy_snapshot_id)
if not candidate or not policy:
check_run.status = RunStatus.FAILED
return self.repository.save_check_run(check_run)
registry = self.repository.get_registry(check_run.registry_snapshot_id)
manifest = self.repository.get_manifest(check_run.manifest_id)
if not registry or not manifest:
check_run.status = RunStatus.FAILED
return self.repository.save_check_run(check_run)
# Simulate stage execution and violation detection
# 1. DATA_PURITY
summary = manifest.content_json.get("summary", {})
purity_ok = summary.get("prohibited_detected_count", 0) == 0
if not purity_ok:
check_run.final_status = ComplianceDecision.BLOCKED
else:
check_run.final_status = ComplianceDecision.PASSED
check_run.status = RunStatus.SUCCEEDED
check_run.finished_at = datetime.now(timezone.utc)
if forced_results is not None:
# In a real scenario, we'd persist these stages.
return self.repository.save_check_run(check_run)
# [/DEF:execute_stages:Function]
# Real Logic Integration
candidate = self.repository.get_candidate(check_run.candidate_id)
policy = self.repository.get_policy(check_run.policy_snapshot_id)
if not candidate or not policy:
check_run.status = RunStatus.FAILED
return self.repository.save_check_run(check_run)
registry = self.repository.get_registry(check_run.registry_snapshot_id)
manifest = self.repository.get_manifest(check_run.manifest_id)
if not registry or not manifest:
check_run.status = RunStatus.FAILED
return self.repository.save_check_run(check_run)
# Simulate stage execution and violation detection
# 1. DATA_PURITY
summary = manifest.content_json.get("summary", {})
purity_ok = summary.get("prohibited_detected_count", 0) == 0
if not purity_ok:
check_run.final_status = ComplianceDecision.BLOCKED
else:
check_run.final_status = ComplianceDecision.PASSED
check_run.status = RunStatus.SUCCEEDED
check_run.finished_at = datetime.now(timezone.utc)
return self.repository.save_check_run(check_run)
# [DEF:finalize_run:Function]
# @PURPOSE: Finalize run status based on cumulative stage results.
# @PRE: check_run was started and may already contain a derived final_status from stage execution.
# @POST: Returns persisted ComplianceRun in SUCCEEDED status with final_status guaranteed non-empty.
# @SIDE_EFFECT: Mutates check_run terminal fields and persists via repository.save_check_run.
# @DATA_CONTRACT: Input -> ComplianceRun, Output -> ComplianceRun
# @POST: Status derivation follows strict MANDATORY_STAGE_ORDER.
def finalize_run(self, check_run: ComplianceRun) -> ComplianceRun:
with belief_scope("finalize_run"):
# If not already set by execute_stages
if not check_run.final_status:
check_run.final_status = ComplianceDecision.PASSED
check_run.status = RunStatus.SUCCEEDED
check_run.finished_at = datetime.now(timezone.utc)
return self.repository.save_check_run(check_run)
# [/DEF:finalize_run:Function]
# If not already set by execute_stages
if not check_run.final_status:
check_run.final_status = ComplianceDecision.PASSED
check_run.status = RunStatus.SUCCEEDED
check_run.finished_at = datetime.now(timezone.utc)
return self.repository.save_check_run(check_run)
# [/DEF:CleanComplianceOrchestrator:Class]
# [DEF:run_check_legacy:Function]
# @PURPOSE: Legacy wrapper for compatibility with previous orchestrator call style.
# @PRE: repository and identifiers are valid and resolvable by orchestrator dependencies.
# @POST: Returns finalized ComplianceRun produced by orchestrator start->execute->finalize sequence.
# @SIDE_EFFECT: Reads/writes compliance entities through repository during orchestrator calls.
# @DATA_CONTRACT: Input -> (repository:CleanReleaseRepository, candidate_id:str, policy_id:str, requested_by:str, manifest_id:str), Output -> ComplianceRun
# @PRE: Candidate/policy/manifest identifiers are valid for repository.
# @POST: Returns finalized ComplianceRun produced by orchestrator.
def run_check_legacy(
repository: CleanReleaseRepository,
candidate_id: str,
@@ -153,15 +125,14 @@ def run_check_legacy(
requested_by: str,
manifest_id: str,
) -> ComplianceRun:
with belief_scope("run_check_legacy"):
orchestrator = CleanComplianceOrchestrator(repository)
run = orchestrator.start_check_run(
candidate_id=candidate_id,
policy_id=policy_id,
requested_by=requested_by,
manifest_id=manifest_id,
)
run = orchestrator.execute_stages(run)
return orchestrator.finalize_run(run)
orchestrator = CleanComplianceOrchestrator(repository)
run = orchestrator.start_check_run(
candidate_id=candidate_id,
policy_id=policy_id,
requested_by=requested_by,
manifest_id=manifest_id,
)
run = orchestrator.execute_stages(run)
return orchestrator.finalize_run(run)
# [/DEF:run_check_legacy:Function]
# [/DEF:backend.src.services.clean_release.compliance_orchestrator:Module]

84
backend/src/services/health_service.py
View File

@@ -1,84 +0,0 @@
# [DEF:health_service:Module]
# @TIER: STANDARD
# @SEMANTICS: health, aggregation, dashboards
# @PURPOSE: Business logic for aggregating dashboard health status from validation records.
# @LAYER: Domain/Service
# @RELATION: DEPENDS_ON -> ValidationRecord
from typing import List, Dict, Any
from sqlalchemy.orm import Session
from sqlalchemy import func, desc
from ..models.llm import ValidationRecord
from ..schemas.health import DashboardHealthItem, HealthSummaryResponse
from ..core.logger import logger
class HealthService:
"""
@PURPOSE: Service for managing and querying dashboard health data.
"""
def __init__(self, db: Session):
self.db = db
async def get_health_summary(self, environment_id: str = None) -> HealthSummaryResponse:
"""
@PURPOSE: Aggregates the latest validation status for all dashboards.
@PRE: environment_id (optional) to filter by environment.
@POST: Returns a HealthSummaryResponse with aggregated status counts and items.
"""
# [REASON] We need the latest ValidationRecord for each unique dashboard_id.
# We use a subquery to find the max timestamp per dashboard_id.
subquery = self.db.query(
ValidationRecord.dashboard_id,
func.max(ValidationRecord.timestamp).label("max_ts")
)
if environment_id:
subquery = subquery.filter(ValidationRecord.environment_id == environment_id)
subquery = subquery.group_by(ValidationRecord.dashboard_id).subquery()
query = self.db.query(ValidationRecord).join(
subquery,
(ValidationRecord.dashboard_id == subquery.c.dashboard_id) &
(ValidationRecord.timestamp == subquery.c.max_ts)
)
records = query.all()
items = []
pass_count = 0
warn_count = 0
fail_count = 0
unknown_count = 0
for rec in records:
status = rec.status.upper()
if status == "PASS":
pass_count += 1
elif status == "WARN":
warn_count += 1
elif status == "FAIL":
fail_count += 1
else:
unknown_count += 1
status = "UNKNOWN"
items.append(DashboardHealthItem(
dashboard_id=rec.dashboard_id,
environment_id=rec.environment_id or "unknown",
status=status,
last_check=rec.timestamp,
task_id=rec.task_id,
summary=rec.summary
))
logger.info(f"[HealthService][get_health_summary] Aggregated {len(items)} dashboard health records.")
return HealthSummaryResponse(
items=items,
pass_count=pass_count,
warn_count=warn_count,
fail_count=fail_count,
unknown_count=unknown_count
)
# [/DEF:health_service:Module]

2
backend/src/services/llm_provider.py
View File

@@ -36,7 +36,7 @@ class EncryptionManager:
# @PRE: ENCRYPTION_KEY env var must be set or use default dev key.
# @POST: Fernet instance ready for encryption/decryption.
def __init__(self):
self.key = os.getenv("ENCRYPTION_KEY", "REMOVED_HISTORICAL_SECRET_DO_NOT_USE").encode()
self.key = os.getenv("ENCRYPTION_KEY", "ZcytYzi0iHIl4Ttr-GdAEk117aGRogkGvN3wiTxrPpE=").encode()
self.fernet = Fernet(self.key)
# [/DEF:EncryptionManager.__init__:Function]

3
backend/src/services/notifications/__init__.py
View File

@@ -1,3 +0,0 @@
# [DEF:src.services.notifications:Package]
# @PURPOSE: Notification service package root.
# [/DEF:src.services.notifications:Package]

120
backend/src/services/notifications/__tests__/test_notification_service.py
View File

@@ -1,120 +0,0 @@
# [DEF:backend.src.services.notifications.__tests__.test_notification_service:Module]
# @TIER: STANDARD
# @PURPOSE: Unit tests for NotificationService routing and dispatch logic.
import pytest
from unittest.mock import MagicMock, AsyncMock, patch
from datetime import time
from src.models.llm import ValidationRecord, ValidationPolicy
from src.models.profile import UserDashboardPreference
from src.models.auth import User
from src.services.notifications.service import NotificationService
@pytest.fixture
def mock_db():
return MagicMock()
@pytest.fixture
def mock_config_manager():
cm = MagicMock()
cm.get_payload.return_value = {
"notifications": {
"smtp": {"host": "localhost", "port": 25, "from_email": "test@example.com"},
"telegram": {"bot_token": "test_token"}
}
}
return cm
@pytest.fixture
def service(mock_db, mock_config_manager):
return NotificationService(mock_db, mock_config_manager)
@pytest.mark.asyncio
async def test_should_notify_fail_only(service):
record = ValidationRecord(status="FAIL")
policy = ValidationPolicy(alert_condition="FAIL_ONLY")
assert service._should_notify(record, policy) is True
record.status = "WARN"
assert service._should_notify(record, policy) is False
@pytest.mark.asyncio
async def test_should_notify_warn_and_fail(service):
policy = ValidationPolicy(alert_condition="WARN_AND_FAIL")
record = ValidationRecord(status="FAIL")
assert service._should_notify(record, policy) is True
record.status = "WARN"
assert service._should_notify(record, policy) is True
record.status = "PASS"
assert service._should_notify(record, policy) is False
@pytest.mark.asyncio
async def test_resolve_targets_owner_routing(service, mock_db):
record = ValidationRecord(dashboard_id="dash-1", environment_id="env-1")
user = User(email="user@example.com")
pref = UserDashboardPreference(
user=user,
telegram_id="12345",
notify_on_fail=True,
superset_username="user1"
)
mock_db.query.return_value.filter.return_value.all.return_value = [pref]
targets = service._resolve_targets(record, None)
assert ("TELEGRAM", "12345") in targets
assert ("SMTP", "user@example.com") in targets
@pytest.mark.asyncio
async def test_resolve_targets_custom_channels(service):
record = ValidationRecord(status="FAIL")
policy = ValidationPolicy(
notify_owners=False,
custom_channels=[{"type": "SLACK", "target": "#alerts"}]
)
targets = service._resolve_targets(record, policy)
assert targets == [("SLACK", "#alerts")]
@pytest.mark.asyncio
async def test_dispatch_report_skips_if_no_notify(service):
record = ValidationRecord(status="PASS")
policy = ValidationPolicy(alert_condition="FAIL_ONLY")
with patch.object(service, "_resolve_targets") as mock_resolve:
await service.dispatch_report(record, policy)
mock_resolve.assert_not_called()
@pytest.mark.asyncio
async def test_dispatch_report_calls_providers(service, mock_db):
record = ValidationRecord(id="rec-1", status="FAIL", summary="Bad", issues=[])
# Mock providers
service._initialize_providers()
service._providers["TELEGRAM"] = AsyncMock()
service._providers["SMTP"] = AsyncMock()
# Mock targets
with patch.object(service, "_resolve_targets") as mock_resolve:
mock_resolve.return_value = [("TELEGRAM", "123"), ("SMTP", "a@b.com")]
await service.dispatch_report(record, None)
service._providers["TELEGRAM"].send.assert_called_once()
service._providers["SMTP"].send.assert_called_once()
# [/DEF:backend.src.services.notifications.__tests__.test_notification_service:Module]

123
backend/src/services/notifications/providers.py
View File

@@ -1,123 +0,0 @@
# [DEF:backend.src.services.notifications.providers:Module]
#
# @TIER: CRITICAL
# @SEMANTICS: notifications, providers, smtp, slack, telegram, abstraction
# @PURPOSE: Defines abstract base and concrete implementations for external notification delivery.
# @LAYER: Infra
#
# @INVARIANT: Providers must be stateless and resilient to network failures.
# @INVARIANT: Sensitive credentials must be handled via encrypted config.
from abc import ABC, abstractmethod
from typing import Any, Dict, Optional
import requests
import smtplib
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
from ...core.logger import logger
# [DEF:NotificationProvider:Class]
# @PURPOSE: Abstract base class for all notification providers.
class NotificationProvider(ABC):
@abstractmethod
async def send(self, target: str, subject: str, body: str, context: Optional[Dict[str, Any]] = None) -> bool:
"""
Send a notification to a specific target.
:param target: Recipient identifier (email, channel ID, user ID).
:param subject: Notification subject or title.
:param body: Main content of the notification.
:param context: Additional metadata for the provider.
:return: True if successfully dispatched.
"""
pass
# [/DEF:NotificationProvider:Class]
# [DEF:SMTPProvider:Class]
# @PURPOSE: Delivers notifications via SMTP.
class SMTPProvider(NotificationProvider):
def __init__(self, config: Dict[str, Any]):
self.host = config.get("host")
self.port = int(config.get("port", 587))
self.username = config.get("username")
self.password = config.get("password")
self.from_email = config.get("from_email")
self.use_tls = config.get("use_tls", True)
async def send(self, target: str, subject: str, body: str, context: Optional[Dict[str, Any]] = None) -> bool:
try:
msg = MIMEMultipart()
msg["From"] = self.from_email
msg["To"] = target
msg["Subject"] = subject
msg.attach(MIMEText(body, "plain"))
server = smtplib.SMTP(self.host, self.port)
if self.use_tls:
server.starttls()
if self.username and self.password:
server.login(self.username, self.password)
server.send_message(msg)
server.quit()
return True
except Exception as e:
logger.error(f"[SMTPProvider][FAILED] Failed to send email to {target}: {e}")
return False
# [/DEF:SMTPProvider:Class]
# [DEF:TelegramProvider:Class]
# @PURPOSE: Delivers notifications via Telegram Bot API.
class TelegramProvider(NotificationProvider):
def __init__(self, config: Dict[str, Any]):
self.bot_token = config.get("bot_token")
async def send(self, target: str, subject: str, body: str, context: Optional[Dict[str, Any]] = None) -> bool:
if not self.bot_token:
logger.error("[TelegramProvider][FAILED] Bot token not configured")
return False
url = f"https://api.telegram.org/bot{self.bot_token}/sendMessage"
payload = {
"chat_id": target,
"text": f"*{subject}*\n\n{body}",
"parse_mode": "Markdown"
}
try:
response = requests.post(url, json=payload, timeout=10)
response.raise_for_status()
return True
except Exception as e:
logger.error(f"[TelegramProvider][FAILED] Failed to send Telegram message to {target}: {e}")
return False
# [/DEF:TelegramProvider:Class]
# [DEF:SlackProvider:Class]
# @PURPOSE: Delivers notifications via Slack Webhooks or API.
class SlackProvider(NotificationProvider):
def __init__(self, config: Dict[str, Any]):
self.webhook_url = config.get("webhook_url")
async def send(self, target: str, subject: str, body: str, context: Optional[Dict[str, Any]] = None) -> bool:
if not self.webhook_url:
logger.error("[SlackProvider][FAILED] Webhook URL not configured")
return False
payload = {
"text": f"*{subject}*\n{body}"
}
try:
response = requests.post(self.webhook_url, json=payload, timeout=10)
response.raise_for_status()
return True
except Exception as e:
logger.error(f"[SlackProvider][FAILED] Failed to send Slack message: {e}")
return False
# [/DEF:SlackProvider:Class]
# [/DEF:backend.src.services.notifications.providers:Module]

146
backend/src/services/notifications/service.py
View File

@@ -1,146 +0,0 @@
# [DEF:backend.src.services.notifications.service:Module]
#
# @TIER: CRITICAL
# @SEMANTICS: notifications, service, routing, dispatch, background-tasks
# @PURPOSE: Orchestrates notification routing based on user preferences and policy context.
# @LAYER: Domain
# @RELATION: DEPENDS_ON -> backend.src.services.notifications.providers
# @RELATION: DEPENDS_ON -> backend.src.services.profile_service
# @RELATION: DEPENDS_ON -> backend.src.models.llm
#
# @INVARIANT: Notifications are dispatched asynchronously via BackgroundTasks.
# @INVARIANT: Missing profile or provider config must not crash the pipeline.
from typing import Any, Dict, List, Optional
from fastapi import BackgroundTasks
from sqlalchemy.orm import Session
from ...core.logger import logger, belief_scope
from ...core.config_manager import ConfigManager
from ...models.llm import ValidationRecord, ValidationPolicy
from ...models.profile import UserDashboardPreference
from .providers import SMTPProvider, TelegramProvider, SlackProvider, NotificationProvider
# [DEF:NotificationService:Class]
# @PURPOSE: Routes validation reports to appropriate users and channels.
class NotificationService:
def __init__(self, db: Session, config_manager: ConfigManager):
self.db = db
self.config_manager = config_manager
self._providers: Dict[str, NotificationProvider] = {}
self._initialized = False
def _initialize_providers(self):
if self._initialized:
return
# In a real implementation, we would fetch these from NotificationConfig model
# For now, we'll use a placeholder initialization logic
# T033 will implement the UI/API for this.
configs = self.config_manager.get_payload().get("notifications", {})
if "smtp" in configs:
self._providers["SMTP"] = SMTPProvider(configs["smtp"])
if "telegram" in configs:
self._providers["TELEGRAM"] = TelegramProvider(configs["telegram"])
if "slack" in configs:
self._providers["SLACK"] = SlackProvider(configs["slack"])
self._initialized = True
async def dispatch_report(
self,
record: ValidationRecord,
policy: Optional[ValidationPolicy] = None,
background_tasks: Optional[BackgroundTasks] = None
):
"""
Route a validation record to owners and custom channels.
@PRE: record is persisted.
@POST: Dispatches async tasks for each resolved target.
"""
with belief_scope("NotificationService.dispatch_report", f"record_id={record.id}"):
self._initialize_providers()
# 1. Determine if we should notify based on status and policy
should_notify = self._should_notify(record, policy)
if not should_notify:
logger.reason(f"[REASON] Notification skipped for record {record.id} (status={record.status})")
return
# 2. Resolve targets (Owners + Custom Channels)
targets = self._resolve_targets(record, policy)
# 3. Dispatch
subject = f"Dashboard Health Alert: {record.status}"
body = self._build_body(record)
for channel_type, recipient in targets:
provider = self._providers.get(channel_type)
if not provider:
logger.warning(f"[NotificationService][EXPLORE] Unsupported or unconfigured channel: {channel_type}")
continue
if background_tasks:
background_tasks.add_task(provider.send, recipient, subject, body)
else:
# Fallback to sync for tests or if no background_tasks provided
await provider.send(recipient, subject, body)
def _should_notify(self, record: ValidationRecord, policy: Optional[ValidationPolicy]) -> bool:
condition = policy.alert_condition if policy else "FAIL_ONLY"
if condition == "ALWAYS":
return True
if condition == "WARN_AND_FAIL":
return record.status in ("WARN", "FAIL")
return record.status == "FAIL"
def _resolve_targets(self, record: ValidationRecord, policy: Optional[ValidationPolicy]) -> List[tuple]:
targets = []
# Owner routing
if not policy or policy.notify_owners:
owners = self._find_dashboard_owners(record)
for owner_pref in owners:
if not owner_pref.notify_on_fail:
continue
if owner_pref.telegram_id:
targets.append(("TELEGRAM", owner_pref.telegram_id))
email = owner_pref.email_address or getattr(owner_pref.user, "email", None)
if email:
targets.append(("SMTP", email))
# Custom channels from policy
if policy and policy.custom_channels:
for channel in policy.custom_channels:
# channel format: {"type": "SLACK", "target": "#alerts"}
targets.append((channel.get("type"), channel.get("target")))
return targets
def _find_dashboard_owners(self, record: ValidationRecord) -> List[UserDashboardPreference]:
# This is a simplified owner lookup.
# In a real scenario, we'd query Superset for owners, then match them to our UserDashboardPreference.
# For now, we'll return all users who have bound this dashboard's environment and have a username.
# Placeholder: return all preferences that have a superset_username
# (In production, we'd filter by actual ownership from Superset metadata)
return self.db.query(UserDashboardPreference).filter(
UserDashboardPreference.superset_username != None
).all()
def _build_body(self, record: ValidationRecord) -> str:
return (
f"Dashboard ID: {record.dashboard_id}\n"
f"Environment: {record.environment_id}\n"
f"Status: {record.status}\n\n"
f"Summary: {record.summary}\n\n"
f"Issues found: {len(record.issues)}"
)
# [/DEF:NotificationService:Class]
# [/DEF:backend.src.services.notifications.service:Module]

54
backend/src/services/profile_service.py
View File

@@ -145,14 +145,6 @@ class ProfileService:
if "show_only_my_dashboards" in provided_fields:
effective_show_only = bool(payload.show_only_my_dashboards)
effective_show_only_slug = (
bool(preference.show_only_slug_dashboards)
if preference.show_only_slug_dashboards is not None
else True
)
if "show_only_slug_dashboards" in provided_fields:
effective_show_only_slug = bool(payload.show_only_slug_dashboards)
effective_git_username = self._sanitize_text(preference.git_username)
if "git_username" in provided_fields:
effective_git_username = self._sanitize_text(payload.git_username)
@@ -181,29 +173,12 @@ class ProfileService:
payload.dashboards_table_density
)
effective_telegram_id = self._sanitize_text(preference.telegram_id)
if "telegram_id" in provided_fields:
effective_telegram_id = self._sanitize_text(payload.telegram_id)
effective_email_address = self._sanitize_text(preference.email_address)
if "email_address" in provided_fields:
effective_email_address = self._sanitize_text(payload.email_address)
effective_notify_on_fail = (
bool(preference.notify_on_fail)
if preference.notify_on_fail is not None
else True
)
if "notify_on_fail" in provided_fields:
effective_notify_on_fail = bool(payload.notify_on_fail)
validation_errors = self._validate_update_payload(
superset_username=effective_superset_username,
show_only_my_dashboards=effective_show_only,
git_email=effective_git_email,
start_page=effective_start_page,
dashboards_table_density=effective_dashboards_table_density,
email_address=effective_email_address,
)
if validation_errors:
logger.reflect("[REFLECT] Validation failed; mutation is denied")
@@ -214,7 +189,6 @@ class ProfileService:
effective_superset_username
)
preference.show_only_my_dashboards = effective_show_only
preference.show_only_slug_dashboards = effective_show_only_slug
preference.git_username = effective_git_username
preference.git_email = effective_git_email
@@ -231,9 +205,6 @@ class ProfileService:
preference.start_page = effective_start_page
preference.auto_open_task_drawer = effective_auto_open_task_drawer
preference.dashboards_table_density = effective_dashboards_table_density
preference.telegram_id = effective_telegram_id
preference.email_address = effective_email_address
preference.notify_on_fail = effective_notify_on_fail
preference.updated_at = datetime.utcnow()
persisted_preference = self.auth_repository.save_user_dashboard_preference(preference)
@@ -469,11 +440,6 @@ class ProfileService:
preference.superset_username_normalized
),
show_only_my_dashboards=bool(preference.show_only_my_dashboards),
show_only_slug_dashboards=(
bool(preference.show_only_slug_dashboards)
if preference.show_only_slug_dashboards is not None
else True
),
git_username=self._sanitize_text(preference.git_username),
git_email=self._sanitize_text(preference.git_email),
has_git_personal_access_token=bool(encrypted_token),
@@ -487,9 +453,6 @@ class ProfileService:
dashboards_table_density=self._normalize_density(
preference.dashboards_table_density
),
telegram_id=self._sanitize_text(preference.telegram_id),
email_address=self._sanitize_text(preference.email_address),
notify_on_fail=bool(preference.notify_on_fail) if preference.notify_on_fail is not None else True,
created_at=created_at,
updated_at=updated_at,
)
@@ -600,7 +563,6 @@ class ProfileService:
superset_username=None,
superset_username_normalized=None,
show_only_my_dashboards=False,
show_only_slug_dashboards=True,
git_username=None,
git_email=None,
has_git_personal_access_token=False,
@@ -608,9 +570,6 @@ class ProfileService:
start_page="dashboards",
auto_open_task_drawer=True,
dashboards_table_density="comfortable",
telegram_id=None,
email_address=None,
notify_on_fail=True,
created_at=now,
updated_at=now,
)
@@ -627,7 +586,6 @@ class ProfileService:
git_email: Optional[str],
start_page: str,
dashboards_table_density: str,
email_address: Optional[str] = None,
) -> List[str]:
errors: List[str] = []
sanitized_username = self._sanitize_username(superset_username)
@@ -655,16 +613,6 @@ class ProfileService:
if dashboards_table_density not in SUPPORTED_DENSITIES:
errors.append("Dashboards table density value is not supported.")
sanitized_email = self._sanitize_text(email_address)
if sanitized_email:
if (
" " in sanitized_email
or "@" not in sanitized_email
or sanitized_email.startswith("@")
or sanitized_email.endswith("@")
):
errors.append("Notification email should be a valid email address.")
return errors
# [/DEF:_validate_update_payload:Function]
@@ -724,4 +672,4 @@ class ProfileService:
# [/DEF:_normalize_owner_tokens:Function]
# [/DEF:ProfileService:Class]
# [/DEF:backend.src.services.profile_service:Module]
# [/DEF:backend.src.services.profile_service:Module]

3
backend/src/services/reports/__init__.py
View File

@@ -1,3 +0,0 @@
# [DEF:src.services.reports:Package]
# @PURPOSE: Report service package root.
# [/DEF:src.services.reports:Package]

5
backend/src/services/resource_service.py
View File

@@ -46,11 +46,10 @@ class ResourceService:
env: Any,
tasks: Optional[List[Task]] = None,
include_git_status: bool = True,
require_slug: bool = False,
) -> List[Dict[str, Any]]:
with belief_scope("get_dashboards_with_status", f"env={env.id}"):
client = SupersetClient(env)
dashboards = client.get_dashboards_summary(require_slug=require_slug)
dashboards = client.get_dashboards_summary()
# Enhance each dashboard with Git status and task status
result = []
@@ -97,7 +96,6 @@ class ResourceService:
page_size: int = 10,
search: Optional[str] = None,
include_git_status: bool = True,
require_slug: bool = False,
) -> Dict[str, Any]:
with belief_scope(
"get_dashboards_page_with_status",
@@ -108,7 +106,6 @@ class ResourceService:
page=page,
page_size=page_size,
search=search,
require_slug=require_slug,
)
result = []

76
backend/test_auth_debug.py Normal file
View File

@@ -0,0 +1,76 @@
#!/usr/bin/env python3
"""Debug script to test Superset API authentication"""
from pprint import pprint
from src.core.superset_client import SupersetClient
from src.core.config_manager import ConfigManager
def main():
print("Debugging Superset API authentication...")
config = ConfigManager()
# Select first available environment
environments = config.get_environments()
if not environments:
print("No environments configured")
return
env = environments[0]
print(f"\nTesting environment: {env.name}")
print(f"URL: {env.url}")
try:
# Test API client authentication
print("\n--- Testing API Authentication ---")
client = SupersetClient(env)
tokens = client.authenticate()
print("\nAPI Auth Success!")
print(f"Access Token: {tokens.get('access_token', 'N/A')}")
print(f"CSRF Token: {tokens.get('csrf_token', 'N/A')}")
# Debug cookies from session
print("\n--- Session Cookies ---")
for cookie in client.network.session.cookies:
print(f"{cookie.name}={cookie.value}")
# Test accessing UI via requests
print("\n--- Testing UI Access ---")
ui_url = env.url.rstrip('/').replace('/api/v1', '')
print(f"UI URL: {ui_url}")
# Try to access UI home page
ui_response = client.network.session.get(ui_url, timeout=30, allow_redirects=True)
print(f"Status Code: {ui_response.status_code}")
print(f"URL: {ui_response.url}")
# Check response headers
print("\n--- Response Headers ---")
pprint(dict(ui_response.headers))
print("\n--- Response Content Preview (200 chars) ---")
print(repr(ui_response.text[:200]))
if ui_response.status_code == 200:
print("\nUI Access: Success")
# Try to access a dashboard
# For testing, just use the home page
print("\n--- Checking if login is required ---")
if "login" in ui_response.url.lower() or "login" in ui_response.text.lower():
print("❌ Not logged in to UI")
else:
print("✅ Logged in to UI")
except Exception as e:
print(f"\n❌ Error: {type(e).__name__}: {e}")
import traceback
print("\nStack Trace:")
print(traceback.format_exc())
if __name__ == "__main__":
main()

44
backend/test_decryption.py Normal file
View File

@@ -0,0 +1,44 @@
#!/usr/bin/env python3
"""Test script to debug API key decryption issue."""
from src.core.database import SessionLocal
from src.models.llm import LLMProvider
from cryptography.fernet import Fernet
import os
# Get the encryption key
key = os.getenv("ENCRYPTION_KEY", "ZcytYzi0iHIl4Ttr-GdAEk117aGRogkGvN3wiTxrPpE=").encode()
print(f"Encryption key (first 20 chars): {key[:20]}")
print(f"Encryption key length: {len(key)}")
# Create Fernet instance
fernet = Fernet(key)
# Get provider from database
db = SessionLocal()
provider = db.query(LLMProvider).filter(LLMProvider.id == '6c899741-4108-4196-aea4-f38ad2f0150e').first()
if provider:
print("\nProvider found:")
print(f" ID: {provider.id}")
print(f" Name: {provider.name}")
print(f" Encrypted API Key (first 50 chars): {provider.api_key[:50]}")
print(f" Encrypted API Key Length: {len(provider.api_key)}")
# Test decryption
print("\nAttempting decryption...")
try:
decrypted = fernet.decrypt(provider.api_key.encode()).decode()
print("Decryption successful!")
print(f" Decrypted key length: {len(decrypted)}")
print(f" Decrypted key (first 8 chars): {decrypted[:8]}")
print(f" Decrypted key is empty: {len(decrypted) == 0}")
except Exception as e:
print(f"Decryption failed with error: {e}")
print(f"Error type: {type(e).__name__}")
import traceback
traceback.print_exc()
else:
print("Provider not found")
db.close()

1
backend/test_encryption.py Normal file
View File

@@ -0,0 +1 @@
[{"key[": 20, ")\n\n# Create Fernet instance\nfernet = Fernet(key)\n\n# Test encrypting an empty string\nempty_encrypted = fernet.encrypt(b\"": ".", "print(f": "nEncrypted empty string: {empty_encrypted"}, {"test-api-key-12345\"\ntest_encrypted = fernet.encrypt(test_key.encode()).decode()\nprint(f": "nEncrypted test key: {test_encrypted"}, {"gAAAAABphhwSZie0OwXjJ78Fk-c4Uo6doNJXipX49AX7Bypzp4ohiRX3hXPXKb45R1vhNUOqbm6Ke3-eRwu_KdWMZ9chFBKmqw==\"\nprint(f": "nStored encrypted key: {stored_key"}, {"len(stored_key)}": "Check if stored key matches empty string encryption\nif stored_key == empty_encrypted:\n print(", "string!": "else:\n print(", "print(f": "mpty string encryption: {empty_encrypted"}, {"stored_key}": "Try to decrypt the stored key\ntry:\n decrypted = fernet.decrypt(stored_key.encode()).decode()\n print(f", "print(f": "ecrypted key length: {len(decrypted)"}, {")\nexcept Exception as e:\n print(f": "nDecryption failed with error: {e"}]

10
backend/tests/scripts/test_clean_release_cli.py
View File

@@ -8,13 +8,13 @@
from types import SimpleNamespace
import json
from src.dependencies import get_clean_release_repository, get_config_manager
from backend.src.dependencies import get_clean_release_repository, get_config_manager
from datetime import datetime, timezone
from uuid import uuid4
from src.models.clean_release import CleanPolicySnapshot, ComplianceReport, ReleaseCandidate, SourceRegistrySnapshot
from src.services.clean_release.enums import CandidateStatus, ComplianceDecision
from src.scripts.clean_release_cli import main as cli_main
from backend.src.models.clean_release import CleanPolicySnapshot, ComplianceReport, ReleaseCandidate, SourceRegistrySnapshot
from backend.src.services.clean_release.enums import CandidateStatus, ComplianceDecision
from backend.src.scripts.clean_release_cli import main as cli_main
def test_cli_candidate_register_scaffold() -> None:
@@ -302,4 +302,4 @@ def test_cli_release_gate_commands_scaffold() -> None:
assert revoke_exit == 0
# [/DEF:test_clean_release_cli:Module]
# [/DEF:test_clean_release_cli:Module]

15
backend/tests/scripts/test_clean_release_tui.py
View File

@@ -14,8 +14,8 @@ from unittest.mock import MagicMock, patch
import pytest
from src.scripts.clean_release_tui import CleanReleaseTUI, main, tui_main
from src.models.clean_release import CheckFinalStatus
from backend.src.scripts.clean_release_tui import CleanReleaseTUI, main, tui_main
from backend.src.models.clean_release import CheckFinalStatus
@pytest.fixture
@@ -31,7 +31,7 @@ def test_headless_fallback(capsys):
@TEST_EDGE: stdout_unavailable
Tests that non-TTY startup is explicitly refused and wrapper is not invoked.
"""
with mock.patch("src.scripts.clean_release_tui.curses.wrapper") as curses_wrapper_mock:
with mock.patch("backend.src.scripts.clean_release_tui.curses.wrapper") as curses_wrapper_mock:
with mock.patch("sys.stdout.isatty", return_value=False):
exit_code = main()
@@ -43,7 +43,7 @@ def test_headless_fallback(capsys):
assert "Use CLI/API workflow instead" in captured.err
@patch("src.scripts.clean_release_tui.curses")
@patch("backend.src.scripts.clean_release_tui.curses")
def test_tui_initial_render(mock_curses_module, mock_stdscr: MagicMock):
"""
Simulates the initial rendering cycle of the TUI application to ensure
@@ -76,7 +76,7 @@ def test_tui_initial_render(mock_curses_module, mock_stdscr: MagicMock):
assert any("F5 Run" in str(call) for call in addstr_calls)
@patch("src.scripts.clean_release_tui.curses")
@patch("backend.src.scripts.clean_release_tui.curses")
def test_tui_run_checks_f5(mock_curses_module, mock_stdscr: MagicMock):
"""
Simulates pressing F5 to transition into the RUNNING checks flow.
@@ -111,7 +111,7 @@ def test_tui_run_checks_f5(mock_curses_module, mock_stdscr: MagicMock):
assert len(app.violations_list) > 0
@patch("src.scripts.clean_release_tui.curses")
@patch("backend.src.scripts.clean_release_tui.curses")
def test_tui_exit_f10(mock_curses_module, mock_stdscr: MagicMock):
"""
Simulates pressing F10 to exit the application immediately without running checks.
@@ -128,7 +128,7 @@ def test_tui_exit_f10(mock_curses_module, mock_stdscr: MagicMock):
assert app.status == "READY"
@patch("src.scripts.clean_release_tui.curses")
@patch("backend.src.scripts.clean_release_tui.curses")
def test_tui_clear_history_f7(mock_curses_module, mock_stdscr: MagicMock):
"""
Simulates pressing F7 to clear history.
@@ -153,3 +153,4 @@ def test_tui_clear_history_f7(mock_curses_module, mock_stdscr: MagicMock):
# [/DEF:backend.tests.scripts.test_clean_release_tui:Module]

12
backend/tests/scripts/test_clean_release_tui_v2.py
View File

@@ -11,8 +11,8 @@ from __future__ import annotations
import curses
from unittest.mock import MagicMock, patch
from src.models.clean_release import CheckFinalStatus
from src.scripts.clean_release_tui import CleanReleaseTUI, main
from backend.src.models.clean_release import CheckFinalStatus
from backend.src.scripts.clean_release_tui import CleanReleaseTUI, main
def _build_mock_stdscr() -> MagicMock:
@@ -22,7 +22,7 @@ def _build_mock_stdscr() -> MagicMock:
return stdscr
@patch("src.scripts.clean_release_tui.curses")
@patch("backend.src.scripts.clean_release_tui.curses")
def test_tui_f5_dispatches_run_action(mock_curses_module: MagicMock) -> None:
"""F5 should dispatch run action from TUI loop."""
mock_curses_module.KEY_F10 = curses.KEY_F10
@@ -40,7 +40,7 @@ def test_tui_f5_dispatches_run_action(mock_curses_module: MagicMock) -> None:
run_checks_mock.assert_called_once_with()
@patch("src.scripts.clean_release_tui.curses")
@patch("backend.src.scripts.clean_release_tui.curses")
def test_tui_f5_run_smoke_reports_blocked_state(mock_curses_module: MagicMock) -> None:
"""F5 smoke test should expose blocked outcome state after run action."""
mock_curses_module.KEY_F10 = curses.KEY_F10
@@ -76,7 +76,7 @@ def test_tui_non_tty_refuses_startup(capsys) -> None:
assert "Use CLI/API workflow instead" in captured.err
@patch("src.scripts.clean_release_tui.curses")
@patch("backend.src.scripts.clean_release_tui.curses")
def test_tui_f8_blocked_without_facade_binding(mock_curses_module: MagicMock) -> None:
"""F8 should not perform hidden state mutation when facade action is not bound."""
mock_curses_module.KEY_F10 = curses.KEY_F10
@@ -94,4 +94,4 @@ def test_tui_f8_blocked_without_facade_binding(mock_curses_module: MagicMock) ->
assert "F8 disabled" in app.last_error
# [/DEF:test_clean_release_tui_v2:Module]
# [/DEF:test_clean_release_tui_v2:Module]

12
backend/tests/services/clean_release/test_candidate_manifest_services.py
View File

@@ -9,10 +9,10 @@ from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from src.core.database import Base
from src.models.clean_release import ReleaseCandidate, DistributionManifest, CandidateArtifact
from src.services.clean_release.enums import CandidateStatus
from src.services.clean_release.candidate_service import register_candidate
from src.services.clean_release.manifest_service import build_manifest_snapshot
from src.services.clean_release.repository import CleanReleaseRepository
from backend.src.services.clean_release.enums import CandidateStatus
from backend.src.services.clean_release.candidate_service import register_candidate
from backend.src.services.clean_release.manifest_service import build_manifest_snapshot
from backend.src.services.clean_release.repository import CleanReleaseRepository
@pytest.fixture
def db_session():
@@ -43,7 +43,7 @@ def test_candidate_lifecycle_transitions(db_session):
assert candidate.status == CandidateStatus.PREPARED
# Invalid transition: PREPARED -> DRAFT (should raise IllegalTransitionError)
from src.services.clean_release.exceptions import IllegalTransitionError
from backend.src.services.clean_release.exceptions import IllegalTransitionError
with pytest.raises(IllegalTransitionError, match="Forbidden transition"):
candidate.transition_to(CandidateStatus.DRAFT)
@@ -200,4 +200,4 @@ def test_manifest_service_rejects_missing_candidate():
with pytest.raises(ValueError, match="not found"):
build_manifest_snapshot(repository=repository, candidate_id="missing-candidate", created_by="operator")
# [/DEF:test_candidate_manifest_services:Module]
# [/DEF:test_candidate_manifest_services:Module]

12
backend/tests/services/clean_release/test_compliance_execution_service.py
View File

@@ -13,17 +13,17 @@ from datetime import datetime, timezone
import pytest
from src.models.clean_release import (
from backend.src.models.clean_release import (
CleanPolicySnapshot,
ComplianceDecision,
DistributionManifest,
ReleaseCandidate,
SourceRegistrySnapshot,
)
from src.services.clean_release.compliance_orchestrator import CleanComplianceOrchestrator
from src.services.clean_release.enums import CandidateStatus, RunStatus
from src.services.clean_release.report_builder import ComplianceReportBuilder
from src.services.clean_release.repository import CleanReleaseRepository
from backend.src.services.clean_release.compliance_orchestrator import CleanComplianceOrchestrator
from backend.src.services.clean_release.enums import CandidateStatus, RunStatus
from backend.src.services.clean_release.report_builder import ComplianceReportBuilder
from backend.src.services.clean_release.repository import CleanReleaseRepository
# [DEF:_seed_with_candidate_policy_registry:Function]
@@ -170,4 +170,4 @@ def test_blocked_run_finalization_blocks_report_builder():
builder.build_report_payload(run, [])
# [/DEF:test_blocked_run_finalization_blocks_report_builder:Function]
# [/DEF:backend.tests.services.clean_release.test_compliance_execution_service:Module]
# [/DEF:backend.tests.services.clean_release.test_compliance_execution_service:Module]

6
backend/tests/services/clean_release/test_compliance_task_integration.py
View File

@@ -151,8 +151,8 @@ class _PluginLoaderStub:
def _make_task_manager() -> TaskManager:
plugin_loader = _PluginLoaderStub(CleanReleaseCompliancePlugin())
with patch("src.core.task_manager.manager.TaskPersistenceService") as mock_persistence, patch(
"src.core.task_manager.manager.TaskLogPersistenceService"
with patch("backend.src.core.task_manager.manager.TaskPersistenceService") as mock_persistence, patch(
"backend.src.core.task_manager.manager.TaskLogPersistenceService"
) as mock_log_persistence:
mock_persistence.return_value.load_tasks.return_value = []
mock_persistence.return_value.persist_task = MagicMock()
@@ -247,4 +247,4 @@ async def test_compliance_run_missing_manifest_marks_task_failed():
manager._flusher_thread.join(timeout=2)
# [/DEF:test_compliance_run_missing_manifest_marks_task_failed:Function]
# [/DEF:backend.tests.services.clean_release.test_compliance_task_integration:Module]
# [/DEF:backend.tests.services.clean_release.test_compliance_task_integration:Module]

6
backend/tests/services/clean_release/test_demo_mode_isolation.py
View File

@@ -9,8 +9,8 @@ from __future__ import annotations
from datetime import datetime, timezone
from src.models.clean_release import ReleaseCandidate
from src.services.clean_release.demo_data_service import (
from backend.src.models.clean_release import ReleaseCandidate
from backend.src.services.clean_release.demo_data_service import (
build_namespaced_id,
create_isolated_repository,
resolve_namespace,
@@ -84,4 +84,4 @@ def test_create_isolated_repository_keeps_mode_data_separate() -> None:
assert real_repo.get_candidate(demo_candidate_id) is None
# [/DEF:test_create_isolated_repository_keeps_mode_data_separate:Function]
# [/DEF:backend.tests.services.clean_release.test_demo_mode_isolation:Module]
# [/DEF:backend.tests.services.clean_release.test_demo_mode_isolation:Module]

10
backend/tests/services/clean_release/test_policy_resolution_service.py
View File

@@ -14,10 +14,10 @@ from types import SimpleNamespace
import pytest
from src.models.clean_release import CleanPolicySnapshot, SourceRegistrySnapshot
from src.services.clean_release.exceptions import PolicyResolutionError
from src.services.clean_release.policy_resolution_service import resolve_trusted_policy_snapshots
from src.services.clean_release.repository import CleanReleaseRepository
from backend.src.models.clean_release import CleanPolicySnapshot, SourceRegistrySnapshot
from backend.src.services.clean_release.exceptions import PolicyResolutionError
from backend.src.services.clean_release.policy_resolution_service import resolve_trusted_policy_snapshots
from backend.src.services.clean_release.repository import CleanReleaseRepository
# [DEF:_config_manager:Function]
@@ -102,4 +102,4 @@ def test_resolve_trusted_policy_snapshots_rejects_override_attempt():
)
# [/DEF:test_resolve_trusted_policy_snapshots_rejects_override_attempt:Function]
# [/DEF:backend.tests.services.clean_release.test_policy_resolution_service:Module]
# [/DEF:backend.tests.services.clean_release.test_policy_resolution_service:Module]

27
check_test_data.py Normal file
View File

@@ -0,0 +1,27 @@
import os
def check_file(filepath):
try:
with open(filepath, 'r', encoding='utf-8') as f:
content = f.read()
if '@TIER: CRITICAL' in content:
if '@TEST_DATA' not in content:
return filepath
except Exception as e:
print(f"Error reading {filepath}: {e}")
return None
missing_files = []
for root_dir in ['backend/src', 'frontend/src']:
for dirpath, _, filenames in os.walk(root_dir):
for name in filenames:
ext = os.path.splitext(name)[1]
if ext in ['.py', '.js', '.ts', '.svelte']:
full_path = os.path.join(dirpath, name)
res = check_file(full_path)
if res:
missing_files.append(res)
print("Files missing @TEST_DATA:")
for f in missing_files:
print(f)

219
docs/plugin_dev.md Executable file
View File

@@ -0,0 +1,219 @@
# Plugin Development Guide
This guide explains how to create new plugins for the Superset Tools application.
## 1. Plugin Structure
A plugin is a single Python file located in the `backend/src/plugins/` directory. Each plugin file must contain a class that inherits from `PluginBase`.
## 2. Implementing `PluginBase`
The `PluginBase` class is an abstract base class that defines the interface for all plugins. You must implement the following properties and methods:
- **`id`**: A unique string identifier for your plugin (e.g., `"my-cool-plugin"`).
- **`name`**: A human-readable name for your plugin (e.g., `"My Cool Plugin"`).
- **`description`**: A brief description of what your plugin does.
- **`version`**: The version of your plugin (e.g., `"1.0.0"`).
- **`get_schema()`**: A method that returns a JSON schema dictionary defining the input parameters for your plugin. This schema is used to automatically generate a form in the frontend.
- **`execute(params: Dict[str, Any])`**: An `async` method that contains the main logic of your plugin. The `params` argument is a dictionary containing the input data from the user, validated against the schema you defined.
## 3. Example Plugin
Here is an example of a simple "Hello World" plugin:
```python
# backend/src/plugins/hello.py
# [DEF:HelloWorldPlugin:Plugin]
# @SEMANTICS: hello, world, example, plugin
# @PURPOSE: A simple "Hello World" plugin example.
# @LAYER: Domain (Plugin)
# @RELATION: Inherits from PluginBase
# @PUBLIC_API: execute
from typing import Dict, Any
from ..core.plugin_base import PluginBase
class HelloWorldPlugin(PluginBase):
@property
def id(self) -> str:
return "hello-world"
@property
def name(self) -> str:
return "Hello World"
@property
def description(self) -> str:
return "A simple plugin that prints a greeting."
@property
def version(self) -> str:
return "1.0.0"
def get_schema(self) -> Dict[str, Any]:
return {
"type": "object",
"properties": {
"name": {
"type": "string",
"title": "Name",
"description": "The name to greet.",
"default": "World",
}
},
"required": ["name"],
}
async def execute(self, params: Dict[str, Any], context: Optional[TaskContext] = None):
name = params["name"]
if context:
context.logger.info(f"Hello, {name}!")
else:
print(f"Hello, {name}!")
```
## 4. Logging with TaskContext
Plugins now support TaskContext for structured logging with source attribution. The `context` parameter provides access to a logger that automatically tags logs with the task ID and a source identifier.
### 4.1. Basic Logging
Use `context.logger` to log messages with automatic source attribution:
```python
from typing import Dict, Any, Optional
from ..core.plugin_base import PluginBase
from ..core.task_manager.context import TaskContext
async def execute(self, params: Dict[str, Any], context: Optional[TaskContext] = None):
if context:
# Use TaskContext logger for structured logging
context.logger.info("My plugin is running!")
else:
# Fallback to global logger for backward compatibility
from ..core.logger import logger
logger.info("My plugin is running!")
```
### 4.2. Source Attribution
For better log organization, create sub-loggers for different components:
```python
async def execute(self, params: Dict[str, Any], context: Optional[TaskContext] = None):
if context:
# Create sub-loggers for different components
api_log = context.logger.with_source("api")
storage_log = context.logger.with_source("storage")
api_log.info("Connecting to API...")
storage_log.info("Saving file...")
else:
# Fallback to global logger
from ..core.logger import logger
logger.info("My plugin is running!")
```
### 4.3. Log Levels
The logger supports standard log levels. Use them appropriately:
| Level | Usage |
|-------|-------|
| `DEBUG` | Detailed diagnostic information (API responses, internal state). Only visible when log level is set to DEBUG. |
| `INFO` | General operational messages (start/complete notifications, progress updates). |
| `WARNING` | Non-critical issues that don't stop execution (deprecated APIs, retry attempts). |
| `ERROR` | Failures that prevent an operation from completing (API errors, validation failures). |
```python
# Good: Use DEBUG for verbose diagnostic info
api_log.debug(f"API response: {response.json()}")
# Good: Use INFO for operational milestones
log.info(f"Starting backup for environment: {env}")
# Good: Use WARNING for recoverable issues
log.warning(f"Rate limit hit, retrying in {delay}s")
# Good: Use ERROR for failures
log.error(f"Failed to connect to database: {e}")
```
### 4.4. Progress Logging
For operations that report progress, use the `progress` method:
```python
async def execute(self, params: Dict[str, Any], context: Optional[TaskContext] = None):
if context:
total_items = 100
for i, item in enumerate(items):
# Report progress with percentage
percent = (i + 1) / total_items * 100
context.logger.progress(f"Processing {item}", percent=percent)
else:
# Fallback
from ..core.logger import logger
logger.info("My plugin is running!")
```
### 4.5. Logging with Metadata
You can include structured metadata with log entries:
```python
async def execute(self, params: Dict[str, Any], context: Optional[TaskContext] = None):
if context:
context.logger.error(
"Operation failed",
metadata={"error_code": 500, "details": "Connection timeout"}
)
else:
from ..core.logger import logger
logger.error("Operation failed")
```
### 4.6. Common Source Names
For consistency across plugins, use these standard source names:
| Source | Usage |
|--------|-------|
| `superset_api` | Superset REST API calls |
| `postgres` | PostgreSQL database operations |
| `storage` | File system operations |
| `git` | Git operations |
| `llm` | LLM API calls |
| `screenshot` | Screenshot capture operations |
| `migration` | Migration-specific logic |
| `backup` | Backup operations |
| `debug` | Debug/diagnostic operations |
| `search` | Search operations |
### 4.7. Best Practices
1. **Always check for context**: Support backward compatibility by checking if `context` is available:
```python
log = context.logger if context else logger
```
2. **Use source attribution**: Create sub-loggers for different components to make filtering easier in the UI.
3. **Use appropriate log levels**:
- `DEBUG`: Verbose diagnostic info (API responses, internal state)
- `INFO`: Operational milestones (start, complete, progress)
- `WARNING`: Recoverable issues (rate limits, deprecated APIs)
- `ERROR`: Failures that stop an operation
4. **Log progress for long operations**: Use `progress()` for operations that take time:
```python
for i, item in enumerate(items):
percent = (i + 1) / len(items) * 100
log.progress(f"Processing {item}", percent=percent)
```
5. **Keep DEBUG logs verbose, INFO logs concise**: DEBUG logs can include full API responses, while INFO logs should be one-line summaries.
## 5. Testing
To test your plugin, simply run the application and navigate to the web UI. Your plugin should appear in the list of available tools.

19
frontend/src/components/DashboardGrid.svelte
View File

@@ -11,6 +11,7 @@
<script lang="ts">
// [SECTION: IMPORTS]
import { createEventDispatcher } from "svelte";
import type { DashboardMetadata } from "../types/dashboard";
import { t } from "../lib/i18n";
import { Button, Input } from "../lib/ui";
@@ -107,6 +108,10 @@
);
// [/SECTION]
// [SECTION: EVENTS]
const dispatch = createEventDispatcher<{ selectionChanged: number[] }>();
// [/SECTION]
// [DEF:handleSort:Function]
// @PURPOSE: Toggles sort direction or changes sort column.
// @PRE: column name is provided.
@@ -124,7 +129,7 @@
// [DEF:handleSelectionChange:Function]
// @PURPOSE: Handles individual checkbox changes.
// @PRE: dashboard ID and checked status provided.
// @POST: selectedIds array updated.
// @POST: selectedIds array updated and selectionChanged event dispatched.
function handleSelectionChange(id: number, checked: boolean) {
let newSelected = [...selectedIds];
if (checked) {
@@ -133,13 +138,14 @@
newSelected = newSelected.filter((sid) => sid !== id);
}
selectedIds = newSelected;
dispatch("selectionChanged", newSelected);
}
// [/DEF:handleSelectionChange:Function]
// [DEF:handleSelectAll:Function]
// @PURPOSE: Handles select all checkbox.
// @PRE: checked status provided.
// @POST: selectedIds array updated for all paginated items.
// @POST: selectedIds array updated for all paginated items and event dispatched.
function handleSelectAll(checked: boolean) {
let newSelected = [...selectedIds];
if (checked) {
@@ -152,6 +158,7 @@
});
}
selectedIds = newSelected;
dispatch("selectionChanged", newSelected);
}
// [/DEF:handleSelectAll:Function]
@@ -279,7 +286,7 @@
<Button
variant="secondary"
size="sm"
onclick={() => handleValidate(dashboard)}
on:click={() => handleValidate(dashboard)}
disabled={validatingIds.has(dashboard.id)}
class="text-purple-600 hover:text-purple-900"
>
@@ -290,7 +297,7 @@
<Button
variant="ghost"
size="sm"
onclick={() => openGit(dashboard)}
on:click={() => openGit(dashboard)}
class="text-blue-600 hover:text-blue-900"
>
{$t.git.manage}
@@ -321,7 +328,7 @@
variant="secondary"
size="sm"
disabled={currentPage === 0}
onclick={() => goToPage(currentPage - 1)}
on:click={() => goToPage(currentPage - 1)}
>
{$t.dashboard.previous}
</Button>
@@ -329,7 +336,7 @@
variant="secondary"
size="sm"
disabled={currentPage >= totalPages - 1}
onclick={() => goToPage(currentPage + 1)}
on:click={() => goToPage(currentPage + 1)}
>
{$t.dashboard.next}
</Button>

17
frontend/src/components/DynamicForm.svelte
View File

@@ -3,7 +3,7 @@
@SEMANTICS: form, schema, dynamic, json-schema
@PURPOSE: Generates a form dynamically based on a JSON schema.
@LAYER: UI
@RELATION: BINDS_TO -> onsubmit callback
@RELATION: DEPENDS_ON -> svelte:createEventDispatcher
@PROPS:
- schema: Object - JSON schema for the form.
@@ -11,22 +11,27 @@
- submit: Object - Dispatched when the form is submitted, containing the form data.
-->
<script>
// [SECTION: IMPORTS]
import { createEventDispatcher } from 'svelte';
// [/SECTION]
let {
schema,
onsubmit = () => {},
} = $props();
let formData = {};
const dispatch = createEventDispatcher();
// [DEF:handleSubmit:Function]
/**
* @purpose Emits submitted form data via callback prop.
* @purpose Dispatches the submit event with the form data.
* @pre formData contains user input.
* @post Parent callback receives formData snapshot.
* @post 'submit' event is dispatched with formData.
*/
function handleSubmit() {
console.log("[DynamicForm][Action] Submitting form data.", { formData });
onsubmit(formData);
dispatch('submit', formData);
}
// [/DEF:handleSubmit:Function]
@@ -49,7 +54,7 @@
</script>
<!-- [SECTION: TEMPLATE] -->
<form onsubmit={(event) => { event.preventDefault(); handleSubmit(); }} class="space-y-4">
<form on:submit|preventDefault={handleSubmit} class="space-y-4">
{#if schema && schema.properties}
{#each Object.entries(schema.properties) as [key, prop]}
<div class="flex flex-col">

12
frontend/src/components/EnvSelector.svelte
View File

@@ -10,6 +10,7 @@
<script lang="ts">
// [SECTION: IMPORTS]
import { onMount, createEventDispatcher } from 'svelte';
import { t } from '../lib/i18n';
// [/SECTION]
@@ -18,22 +19,23 @@
label = "",
selectedId = "",
environments = [],
onchange = () => {},
} = $props();
// [/SECTION]
const dispatch = createEventDispatcher();
// [DEF:handleSelect:Function]
/**
* @purpose Propagates the selection change through a callback prop.
* @purpose Dispatches the selection change event.
* @pre event.target must be an HTMLSelectElement.
* @post selectedId is updated and parent callback receives the selected environment id.
* @post selectedId is updated and 'change' event is dispatched.
* @param {Event} event - The change event from the select element.
*/
function handleSelect(event: Event) {
const target = event.target as HTMLSelectElement;
selectedId = target.value;
onchange({ id: selectedId });
dispatch('change', { id: selectedId });
}
// [/DEF:handleSelect:Function]
</script>
@@ -45,7 +47,7 @@
id="env-select"
class="block w-full pl-3 pr-10 py-2 text-base border-gray-300 focus:outline-none focus:ring-indigo-500 focus:border-indigo-500 sm:text-sm rounded-md"
value={selectedId}
onchange={handleSelect}
on:change={handleSelect}
>
<option value="" disabled>{$t.common?.choose_environment}</option>
{#each environments as env}

10
frontend/src/components/MappingTable.svelte
View File

@@ -10,6 +10,7 @@
<script lang="ts">
// [SECTION: IMPORTS]
import { createEventDispatcher } from 'svelte';
import { t } from '$lib/i18n';
// [/SECTION]
@@ -19,22 +20,23 @@
targetDatabases = [],
mappings = [],
suggestions = [],
onupdate = () => {},
} = $props();
// [/SECTION]
const dispatch = createEventDispatcher();
// [DEF:updateMapping:Function]
/**
* @purpose Updates a mapping for a specific source database.
* @pre sourceUuid and targetUuid are provided.
* @post Parent callback receives normalized mapping payload.
* @post 'update' event is dispatched.
*/
function updateMapping(sourceUuid: string, targetUuid: string) {
const sDb = sourceDatabases.find(d => d.uuid === sourceUuid);
const tDb = targetDatabases.find(d => d.uuid === targetUuid);
onupdate({
dispatch('update', {
sourceUuid,
targetUuid,
sourceName: sDb?.database_name || "",
@@ -78,7 +80,7 @@
<select
class="block w-full pl-3 pr-10 py-2 text-base border-gray-300 focus:outline-none focus:ring-indigo-500 focus:border-indigo-500 sm:text-sm rounded-md"
value={mapping?.target_db_uuid || suggestion?.target_db_uuid || ""}
onchange={(e) => updateMapping(sDb.uuid, (e.target as HTMLSelectElement).value)}
on:change={(e) => updateMapping(sDb.uuid, (e.target as HTMLSelectElement).value)}
>
<option value="">{$t.migration?.target_env }</option>
{#each targetDatabases as tDb}

20
frontend/src/components/MissingMappingModal.svelte
View File

@@ -3,34 +3,36 @@
@SEMANTICS: modal, mapping, prompt, migration
@PURPOSE: Prompts the user to provide a database mapping when one is missing during migration.
@LAYER: Feature
@RELATION: BINDS_TO -> onresolve
@RELATION: BINDS_TO -> oncancel
@RELATION: DISPATCHES -> resolve
@INVARIANT: Modal blocks migration progress until resolved or cancelled.
-->
<script lang="ts">
// [SECTION: IMPORTS]
import { createEventDispatcher } from 'svelte';
// [/SECTION]
// [SECTION: PROPS]
let {
show = false,
sourceDbName = "",
sourceDbUuid = "",
targetDatabases = [],
onresolve = () => {},
oncancel = () => {},
} = $props();
// [/SECTION]
let selectedTargetUuid = $state("");
const dispatch = createEventDispatcher();
// [DEF:resolve:Function]
// @PURPOSE: Resolves the missing mapping via callback prop.
// @PURPOSE: Dispatches the resolution event with the selected mapping.
// @PRE: selectedTargetUuid must be set.
// @POST: Parent callback receives mapping payload and modal closes.
// @POST: 'resolve' event is dispatched and modal is hidden.
function resolve() {
if (!selectedTargetUuid) return;
onresolve({
dispatch('resolve', {
sourceDbUuid,
targetDbUuid: selectedTargetUuid,
targetDbName: targetDatabases.find(d => d.uuid === selectedTargetUuid)?.database_name
@@ -42,9 +44,9 @@
// [DEF:cancel:Function]
// @PURPOSE: Cancels the mapping resolution modal.
// @PRE: Modal is open.
// @POST: Parent cancel callback is invoked and modal is hidden.
// @POST: 'cancel' event is dispatched and modal is hidden.
function cancel() {
oncancel();
dispatch('cancel');
show = false;
}
// [/DEF:cancel:Function]

23
frontend/src/components/Navbar.svelte
View File

@@ -4,18 +4,15 @@
@SEMANTICS: navbar, navigation, header, layout
@PURPOSE: Main navigation bar for the application.
@LAYER: UI
@RELATION: USES -> $app/state
@RELATION: USES -> $app/stores
-->
<script>
import { page } from '$app/state';
import { fromStore } from 'svelte/store';
import { page } from '$app/stores';
import { t } from '$lib/i18n';
import { LanguageSwitcher } from '$lib/ui';
import { auth } from '$lib/auth/store';
import { goto } from '$app/navigation';
const authState = fromStore(auth);
function handleLogout() {
auth.logout();
goto('/login');
@@ -32,18 +29,18 @@
<nav class="flex items-center space-x-4">
<a
href="/"
class="text-gray-600 hover:text-blue-600 font-medium {page.url.pathname === '/' ? 'text-blue-600 border-b-2 border-blue-600' : ''}"
class="text-gray-600 hover:text-blue-600 font-medium {$page.url.pathname === '/' ? 'text-blue-600 border-b-2 border-blue-600' : ''}"
>
{$t.nav.dashboard}
</a>
<a
href="/reports"
class="text-gray-600 hover:text-blue-600 font-medium {page.url.pathname.startsWith('/reports') ? 'text-blue-600 border-b-2 border-blue-600' : ''}"
class="text-gray-600 hover:text-blue-600 font-medium {$page.url.pathname.startsWith('/reports') ? 'text-blue-600 border-b-2 border-blue-600' : ''}"
>
{$t.nav.reports}
</a>
<div class="relative inline-block group">
<button class="text-gray-600 hover:text-blue-600 font-medium pb-1 {page.url.pathname.startsWith('/settings') ? 'text-blue-600 border-b-2 border-blue-600' : ''}">
<button class="text-gray-600 hover:text-blue-600 font-medium pb-1 {$page.url.pathname.startsWith('/settings') ? 'text-blue-600 border-b-2 border-blue-600' : ''}">
{$t.nav.settings}
</button>
<div class="absolute hidden group-hover:block bg-white shadow-lg rounded-md mt-1 py-2 w-48 z-10 border border-gray-100 before:absolute before:-top-2 before:left-0 before:right-0 before:h-2 before:content-[''] right-0">
@@ -53,9 +50,9 @@
</div>
</div>
{#if authState.current?.isAuthenticated && authState.current?.user?.roles?.some(r => r.name === 'Admin')}
{#if $auth.isAuthenticated && $auth.user?.roles?.some(r => r.name === 'Admin')}
<div class="relative inline-block group">
<button class="text-gray-600 hover:text-blue-600 font-medium pb-1 {page.url.pathname.startsWith('/admin') ? 'text-blue-600 border-b-2 border-blue-600' : ''}">
<button class="text-gray-600 hover:text-blue-600 font-medium pb-1 {$page.url.pathname.startsWith('/admin') ? 'text-blue-600 border-b-2 border-blue-600' : ''}">
{$t.nav.admin}
</button>
<div class="absolute hidden group-hover:block bg-white shadow-lg rounded-md mt-1 py-2 w-48 z-10 border border-gray-100 before:absolute before:-top-2 before:left-0 before:right-0 before:h-2 before:content-[''] right-0">
@@ -68,11 +65,11 @@
{/if}
<LanguageSwitcher />
{#if authState.current?.isAuthenticated}
{#if $auth.isAuthenticated}
<div class="flex items-center space-x-2 border-l pl-4 ml-4">
<span class="text-sm text-gray-600">{authState.current?.user?.username}</span>
<span class="text-sm text-gray-600">{$auth.user?.username}</span>
<button
onclick={handleLogout}
on:click={handleLogout}
class="text-sm text-red-600 hover:text-red-800 font-medium"
>
Logout

25
frontend/src/components/PasswordPrompt.svelte
View File

@@ -4,25 +4,22 @@
@PURPOSE: A modal component to prompt the user for database passwords when a migration task is paused.
@LAYER: UI
@RELATION: USES -> frontend/src/lib/api.js (inferred)
@RELATION: BINDS_TO -> onresume
@RELATION: BINDS_TO -> oncancel
@RELATION: EMITS -> resume, cancel
-->
<script>
let {
show = false,
databases = [],
errorMessage = "",
onresume = () => {},
oncancel = () => {},
} = $props();
import { createEventDispatcher } from "svelte";
let { show = false, databases = [], errorMessage = "" } = $props();
const dispatch = createEventDispatcher();
let passwords = $state({});
let submitting = $state(false);
// [DEF:handleSubmit:Function]
// @PURPOSE: Validates and forwards passwords to resume the task.
// @PURPOSE: Validates and dispatches the passwords to resume the task.
// @PRE: All database passwords must be entered.
// @POST: Parent resume callback receives passwords payload.
// @POST: 'resume' event is dispatched with passwords.
function handleSubmit() {
if (submitting) return;
@@ -34,7 +31,7 @@
}
submitting = true;
onresume({ passwords });
dispatch("resume", { passwords });
// Reset submitting state is handled by parent or on close
}
// [/DEF:handleSubmit:Function]
@@ -42,9 +39,9 @@
// [DEF:handleCancel:Function]
// @PURPOSE: Cancels the password prompt.
// @PRE: Modal is open.
// @POST: Parent cancel callback is invoked and show is set to false.
// @POST: 'cancel' event is dispatched and show is set to false.
function handleCancel() {
oncancel();
dispatch("cancel");
show = false;
}
// [/DEF:handleCancel:Function]

13
frontend/src/components/RepositoryDashboardGrid.svelte
View File

@@ -11,7 +11,7 @@
<script lang="ts">
// [SECTION: IMPORTS]
import { untrack } from "svelte";
import { createEventDispatcher, untrack } from "svelte";
import type { DashboardMetadata } from "../types/dashboard";
import { t } from "../lib/i18n";
import { Button, Input } from "../lib/ui";
@@ -96,6 +96,10 @@
);
// [/SECTION]
// [SECTION: EVENTS]
const dispatch = createEventDispatcher<{ selectionChanged: number[] }>();
// [/SECTION]
// [DEF:handleSort:Function]
// @PURPOSE: Toggles sort direction or changes sort column.
// @PRE: column name is provided.
@@ -113,7 +117,7 @@
// [DEF:handleSelectionChange:Function]
// @PURPOSE: Handles individual checkbox changes.
// @PRE: dashboard ID and checked status provided.
// @POST: selectedIds array updated.
// @POST: selectedIds array updated and selectionChanged event dispatched.
function handleSelectionChange(id: number, checked: boolean) {
let newSelected = [...selectedIds];
if (checked) {
@@ -122,13 +126,14 @@
newSelected = newSelected.filter((sid) => sid !== id);
}
selectedIds = newSelected;
dispatch("selectionChanged", newSelected);
}
// [/DEF:handleSelectionChange:Function]
// [DEF:handleSelectAll:Function]
// @PURPOSE: Handles select all checkbox.
// @PRE: checked status provided.
// @POST: selectedIds array updated for all paginated items.
// @POST: selectedIds array updated for all paginated items and event dispatched.
function handleSelectAll(checked: boolean) {
let newSelected = [...selectedIds];
if (checked) {
@@ -141,6 +146,7 @@
});
}
selectedIds = newSelected;
dispatch("selectionChanged", newSelected);
}
// [/DEF:handleSelectAll:Function]
@@ -373,6 +379,7 @@
);
dashboards = dashboards.filter((dashboard) => !idsToDelete.includes(dashboard.id));
selectedIds = [];
dispatch("selectionChanged", []);
}
// [/DEF:handleBulkDelete:Function]

10
frontend/src/components/TaskHistory.svelte
View File

@@ -132,14 +132,14 @@
<div class="absolute h-2 w-full top-full left-0"></div>
<div class="origin-top-right absolute right-0 mt-2 w-48 rounded-md shadow-lg bg-white ring-1 ring-black ring-opacity-5 focus:outline-none hidden group-hover:block z-50">
<div class="py-1">
<button onclick={() => clearTasks()} class="block w-full text-left px-4 py-2 text-sm text-gray-700 hover:bg-gray-100">{$t.tasks?.clear_non_running }</button>
<button onclick={() => clearTasks('FAILED')} class="block w-full text-left px-4 py-2 text-sm text-gray-700 hover:bg-gray-100">{$t.tasks?.clear_failed }</button>
<button onclick={() => clearTasks('AWAITING_INPUT')} class="block w-full text-left px-4 py-2 text-sm text-gray-700 hover:bg-gray-100">{$t.tasks?.clear_awaiting_input }</button>
<button on:click={() => clearTasks()} class="block w-full text-left px-4 py-2 text-sm text-gray-700 hover:bg-gray-100">{$t.tasks?.clear_non_running }</button>
<button on:click={() => clearTasks('FAILED')} class="block w-full text-left px-4 py-2 text-sm text-gray-700 hover:bg-gray-100">{$t.tasks?.clear_failed }</button>
<button on:click={() => clearTasks('AWAITING_INPUT')} class="block w-full text-left px-4 py-2 text-sm text-gray-700 hover:bg-gray-100">{$t.tasks?.clear_awaiting_input }</button>
</div>
</div>
</div>
<button
onclick={fetchTasks}
on:click={fetchTasks}
class="text-sm text-indigo-600 hover:text-indigo-900 focus:outline-none"
>
{$t.common?.refresh }
@@ -160,7 +160,7 @@
<button
class="w-full text-left block hover:bg-gray-50 focus:outline-none focus:bg-gray-50 transition duration-150 ease-in-out"
class:bg-indigo-50={$selectedTask && $selectedTask.id === task.id}
onclick={() => selectTask(task)}
on:click={() => selectTask(task)}
>
<div class="px-4 py-4 sm:px-6">
<div class="flex items-center justify-between">

Some files were not shown because too many files have changed in this diff Show More