Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4a91814bfcd33f6a1221075ed30719527c0e2d8f
breakpilot-compliance/backend-compliance/compliance/services/audit_session_service.py
Sharang Parnerkar 4a91814bfc refactor(backend/api): extract AuditSession service layer (Step 4 worked example) 
Phase 1 Step 4 of PHASE1_RUNBOOK.md, first worked example. Demonstrates
the router -> service delegation pattern for all 18 oversized route
files still above the 500 LOC hard cap.

compliance/api/audit_routes.py (637 LOC) is decomposed into:

  compliance/api/audit_routes.py              (198) — thin handlers
  compliance/services/audit_session_service.py (259) — session lifecycle
  compliance/services/audit_signoff_service.py (319) — checklist + sign-off
  compliance/api/_http_errors.py               ( 43) — reusable error translator

Handlers shrink to 3-6 lines each:

    @router.post("/sessions", response_model=AuditSessionResponse)
    async def create_audit_session(
        request: CreateAuditSessionRequest,
        service: AuditSessionService = Depends(get_audit_session_service),
    ):
        with translate_domain_errors():
            return service.create(request)

Services are HTTP-agnostic: they raise NotFoundError / ConflictError /
ValidationError from compliance.domain, and the route layer translates
those to HTTPException(404/409/400) via the translate_domain_errors()
context manager in compliance.api._http_errors. The error translator is
reusable by every future Step 4 refactor.

Services take a sqlalchemy Session in the constructor and are wired via
Depends factories (get_audit_session_service / get_audit_signoff_service).
No globals, no module-level state.

Behavior is byte-identical at the HTTP boundary:
  - Same paths, methods, status codes, response models
  - Same error messages (domain error __str__ preserved)
  - Same auto-start-on-first-signoff, same statistics calculation,
    same signature hash format, same PDF streaming response

Verified:
  - 173/173 pytest compliance/tests/ tests/contracts/ pass
  - OpenAPI 360 paths / 484 operations unchanged
  - audit_routes.py under soft 300 target
  - Both new service files under soft 300 / hard 500

Note: compliance/tests/test_audit_routes.py contains placeholder tests
that do not actually import or call the handler functions — they only
assert on request-data shape. Real behavioral coverage relies on the
contract test. A follow-up commit should add TestClient-based
integration tests for the audit endpoints. Flagged in PHASE1_RUNBOOK.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 18:16:50 +02:00

260 lines
9.6 KiB
Python
Raw Blame History

"""
Audit Session service — lifecycle of audit sessions (create, list, get,
start, complete, archive, delete, PDF).
Phase 1 Step 4: extracted from ``compliance/api/audit_routes.py`` so the
route layer becomes thin delegation. This module is HTTP-agnostic: it
raises ``compliance.domain`` errors which the route layer translates to
``HTTPException`` via ``compliance.api._http_errors.translate_domain_errors``.
Checklist and sign-off operations live in
``compliance.services.audit_signoff_service.AuditSignOffService``.
"""
import io
import logging
from datetime import datetime, timezone
from typing import List, Optional
from uuid import uuid4
from fastapi.responses import StreamingResponse
from sqlalchemy.orm import Session
from compliance.db.models import (
AuditResultEnum,
AuditSessionDB,
AuditSessionStatusEnum,
AuditSignOffDB,
RegulationDB,
RequirementDB,
)
from compliance.domain import (
ConflictError,
DomainError,
NotFoundError,
ValidationError,
)
from compliance.schemas.audit_session import (
AuditSessionDetailResponse,
AuditSessionResponse,
AuditSessionSummary,
AuditStatistics,
CreateAuditSessionRequest,
)
logger = logging.getLogger(__name__)
class AuditSessionService:
"""Business logic for audit session lifecycle."""
def __init__(self, db: Session) -> None:
self.db = db
# ------------------------------------------------------------------
# Internal helpers
# ------------------------------------------------------------------
def _get_or_raise(self, session_id: str) -> AuditSessionDB:
session = (
self.db.query(AuditSessionDB)
.filter(AuditSessionDB.id == session_id)
.first()
)
if not session:
raise NotFoundError(f"Audit session {session_id} not found")
return session
@staticmethod
def _to_summary(s: AuditSessionDB) -> AuditSessionSummary:
return AuditSessionSummary(
id=s.id,
name=s.name,
auditor_name=s.auditor_name,
status=s.status.value,
total_items=s.total_items,
completed_items=s.completed_items,
completion_percentage=s.completion_percentage,
created_at=s.created_at,
started_at=s.started_at,
completed_at=s.completed_at,
)
@staticmethod
def _to_response(s: AuditSessionDB) -> AuditSessionResponse:
return AuditSessionResponse(
id=s.id,
name=s.name,
description=s.description,
auditor_name=s.auditor_name,
auditor_email=s.auditor_email,
auditor_organization=s.auditor_organization,
status=s.status.value,
regulation_ids=s.regulation_ids,
total_items=s.total_items,
completed_items=s.completed_items,
compliant_count=s.compliant_count,
non_compliant_count=s.non_compliant_count,
completion_percentage=s.completion_percentage,
created_at=s.created_at,
started_at=s.started_at,
completed_at=s.completed_at,
)
# ------------------------------------------------------------------
# Commands
# ------------------------------------------------------------------
def create(self, request: CreateAuditSessionRequest) -> AuditSessionResponse:
"""Create a new audit session for structured compliance reviews."""
query = self.db.query(RequirementDB)
if request.regulation_codes:
reg_ids = (
self.db.query(RegulationDB.id)
.filter(RegulationDB.code.in_(request.regulation_codes))
.all()
)
reg_ids = [r[0] for r in reg_ids]
query = query.filter(RequirementDB.regulation_id.in_(reg_ids))
total_items = query.count()
session = AuditSessionDB(
id=str(uuid4()),
name=request.name,
description=request.description,
auditor_name=request.auditor_name,
auditor_email=request.auditor_email,
auditor_organization=request.auditor_organization,
status=AuditSessionStatusEnum.DRAFT,
regulation_ids=request.regulation_codes,
total_items=total_items,
completed_items=0,
compliant_count=0,
non_compliant_count=0,
)
self.db.add(session)
self.db.commit()
self.db.refresh(session)
return self._to_response(session)
def list(self, status: Optional[str] = None) -> List[AuditSessionSummary]:
"""List all audit sessions, optionally filtered by status."""
query = self.db.query(AuditSessionDB)
if status:
try:
status_enum = AuditSessionStatusEnum(status)
except ValueError as exc:
raise ValidationError(
f"Invalid status: {status}. Valid values: draft, in_progress, completed, archived"
) from exc
query = query.filter(AuditSessionDB.status == status_enum)
sessions = query.order_by(AuditSessionDB.created_at.desc()).all()
return [self._to_summary(s) for s in sessions]
def get(self, session_id: str) -> AuditSessionDetailResponse:
"""Get detailed information about a specific audit session."""
session = self._get_or_raise(session_id)
signoffs = (
self.db.query(AuditSignOffDB)
.filter(AuditSignOffDB.session_id == session_id)
.all()
)
stats = AuditStatistics(
total=session.total_items,
compliant=sum(1 for s in signoffs if s.result == AuditResultEnum.COMPLIANT),
compliant_with_notes=sum(
1 for s in signoffs if s.result == AuditResultEnum.COMPLIANT_WITH_NOTES
),
non_compliant=sum(
1 for s in signoffs if s.result == AuditResultEnum.NON_COMPLIANT
),
not_applicable=sum(
1 for s in signoffs if s.result == AuditResultEnum.NOT_APPLICABLE
),
pending=session.total_items - len(signoffs),
completion_percentage=session.completion_percentage,
)
base = self._to_response(session)
return AuditSessionDetailResponse(**base.model_dump(), statistics=stats)
def start(self, session_id: str) -> dict:
"""Move a session from draft to in_progress."""
session = self._get_or_raise(session_id)
if session.status != AuditSessionStatusEnum.DRAFT:
raise ConflictError(
f"Session cannot be started. Current status: {session.status.value}"
)
session.status = AuditSessionStatusEnum.IN_PROGRESS
session.started_at = datetime.now(timezone.utc)
self.db.commit()
return {"success": True, "message": "Audit session started", "status": "in_progress"}
def complete(self, session_id: str) -> dict:
"""Move a session from in_progress to completed."""
session = self._get_or_raise(session_id)
if session.status != AuditSessionStatusEnum.IN_PROGRESS:
raise ConflictError(
f"Session cannot be completed. Current status: {session.status.value}"
)
session.status = AuditSessionStatusEnum.COMPLETED
session.completed_at = datetime.now(timezone.utc)
self.db.commit()
return {"success": True, "message": "Audit session completed", "status": "completed"}
def archive(self, session_id: str) -> dict:
"""Archive a completed audit session."""
session = self._get_or_raise(session_id)
if session.status != AuditSessionStatusEnum.COMPLETED:
raise ConflictError(
f"Only completed sessions can be archived. Current status: {session.status.value}"
)
session.status = AuditSessionStatusEnum.ARCHIVED
self.db.commit()
return {"success": True, "message": "Audit session archived", "status": "archived"}
def delete(self, session_id: str) -> dict:
"""Delete a draft or archived session."""
session = self._get_or_raise(session_id)
if session.status not in (
AuditSessionStatusEnum.DRAFT,
AuditSessionStatusEnum.ARCHIVED,
):
raise ConflictError(
f"Cannot delete session with status: {session.status.value}. Archive it first."
)
self.db.query(AuditSignOffDB).filter(
AuditSignOffDB.session_id == session_id
).delete()
self.db.delete(session)
self.db.commit()
return {"success": True, "message": f"Audit session {session_id} deleted"}
def generate_pdf(
self,
session_id: str,
language: str,
include_signatures: bool,
) -> StreamingResponse:
"""Generate a PDF audit report and return a streaming response."""
from compliance.services.audit_pdf_generator import AuditPDFGenerator
self._get_or_raise(session_id)
try:
generator = AuditPDFGenerator(self.db)
pdf_bytes, filename = generator.generate(
session_id=session_id,
language=language,
include_signatures=include_signatures,
)
except Exception as exc:
logger.error(f"Failed to generate PDF report: {exc}")
raise DomainError(f"Failed to generate PDF report: {exc}") from exc
return StreamingResponse(
io.BytesIO(pdf_bytes),
media_type="application/pdf",
headers={"Content-Disposition": f"attachment; filename={filename}"},
)
Reference in New Issue View Git Blame Copy Permalink