Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
883ef702ace43f73cae0761632fc9ea7bedf494e
breakpilot-compliance/backend-compliance/compliance/api/audit_routes.py
Sharang Parnerkar 883ef702ac tech-debt: mypy --strict config + integration tests for audit routes 
Phase 1 Step 4 follow-up addressing the debt flagged in the worked-example
commit (4a91814).

## mypy --strict policy

Adds backend-compliance/mypy.ini declaring the strict-mode scope:

  Fully strict (enforced today):
    - compliance/domain/
    - compliance/schemas/
    - compliance/api/_http_errors.py
    - compliance/api/audit_routes.py        (refactored in Step 4)
    - compliance/services/audit_session_service.py
    - compliance/services/audit_signoff_service.py

  Loose (ignore_errors=True) with a migration path:
    - compliance/db/*                        — SQLAlchemy 1.x Column[] vs
                                               runtime T; unblocks Phase 1
                                               until a Mapped[T] migration.
    - compliance/api/<route>.py              — each route file flips to
                                               strict as its own Step 4
                                               refactor lands.
    - compliance/services/<legacy util>      — 14 utility services
                                               (llm_provider, pdf_extractor,
                                               seeder, ...) that predate the
                                               clean-arch refactor.
    - compliance/tests/                      — excluded (legacy placeholder
                                               style). The new TestClient-
                                               based integration suite is
                                               type-annotated.

The two new service files carry a scoped `# mypy: disable-error-code="arg-type,assignment"`
header for the ORM Column[T] issue — same underlying SQLAlchemy limitation,
narrowly scoped rather than wholesale ignore_errors.

Flow: `cd backend-compliance && mypy compliance/` -> clean on 119 files.
CI yaml updated to use the config instead of ad-hoc package lists.

## Bugs fixed while enabling strict

mypy --strict surfaced two latent bugs in the pre-refactor code. Both
were invisible because the old `compliance/tests/test_audit_routes.py`
is a placeholder suite that asserts on request-data shape and never
calls the handlers:

  - AuditSessionResponse.updated_at is a required field in the schema,
    but the original handler didn't pass it. Fixed in
    AuditSessionService._to_response.

  - PaginationMeta requires has_next + has_prev. The original audit
    checklist handler didn't compute them. Fixed in
    AuditSignOffService.get_checklist.

Both are behavior-preserving at the HTTP level because the old code
would have raised Pydantic ValidationError at response serialization
had the endpoint actually been exercised.

## Integration test suite

Adds backend-compliance/tests/test_audit_routes_integration.py — 26
real TestClient tests against an in-memory sqlite backend (StaticPool).
Replaces the coverage gap left by the placeholder suite.

Covers:
  - Session CRUD + lifecycle transitions (draft -> in_progress -> completed
    -> archived), including the 409 paths for illegal transitions
  - Checklist pagination, filtering, search
  - Sign-off create / update / auto-start-session / count-flipping
  - Sign-off 400 (invalid result), 404 (missing requirement), 409 (completed session)
  - Get-signoff 404 / 200 round-trip

Uses a module-scoped schema fixture + per-test DELETE-sweep so the
suite runs in ~2.3s despite the ~50-table ORM surface.

Verified:
  - 199/199 pytest (173 original + 26 new audit integration) pass
  - tests/contracts/test_openapi_baseline.py green, OpenAPI 360/484 unchanged
  - mypy compliance/ -> Success: no issues found in 119 source files

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 18:39:40 +02:00

200 lines
6.7 KiB
Python
Raw Blame History

"""
FastAPI routes for Audit Sessions & Sign-off functionality.
Sprint 3 Phase 3: Auditor-Verbesserungen
Endpoints:
- /audit/sessions: Manage audit sessions
- /audit/checklist: Audit checklist with sign-off
Phase 1 Step 4 refactor: handlers are thin and delegate to
``AuditSessionService`` / ``AuditSignOffService``. Domain errors raised by
the services are translated to HTTPException via
``translate_domain_errors``.
"""
import logging
from typing import Any, List, Optional
from fastapi import APIRouter, Depends, Query
from fastapi.responses import StreamingResponse
from sqlalchemy.orm import Session
from classroom_engine.database import get_db
from compliance.api._http_errors import translate_domain_errors
from compliance.schemas.audit_session import (
AuditChecklistResponse,
AuditSessionDetailResponse,
AuditSessionResponse,
AuditSessionSummary,
CreateAuditSessionRequest,
SignOffRequest,
SignOffResponse,
)
from compliance.services.audit_session_service import AuditSessionService
from compliance.services.audit_signoff_service import AuditSignOffService
logger = logging.getLogger(__name__)
router = APIRouter(prefix="/audit", tags=["compliance-audit"])
# ----------------------------------------------------------------------
# Dependency-injection factories
# ----------------------------------------------------------------------
def get_audit_session_service(db: Session = Depends(get_db)) -> AuditSessionService:
return AuditSessionService(db)
def get_audit_signoff_service(db: Session = Depends(get_db)) -> AuditSignOffService:
return AuditSignOffService(db)
# ============================================================================
# Audit Sessions
# ============================================================================
@router.post("/sessions", response_model=AuditSessionResponse)
async def create_audit_session(
request: CreateAuditSessionRequest,
service: AuditSessionService = Depends(get_audit_session_service),
) -> AuditSessionResponse:
"""Create a new audit session for structured compliance reviews."""
with translate_domain_errors():
return service.create(request)
@router.get("/sessions", response_model=List[AuditSessionSummary])
async def list_audit_sessions(
status: Optional[str] = None,
service: AuditSessionService = Depends(get_audit_session_service),
) -> List[AuditSessionSummary]:
"""List all audit sessions, optionally filtered by status."""
with translate_domain_errors():
return service.list(status)
@router.get("/sessions/{session_id}", response_model=AuditSessionDetailResponse)
async def get_audit_session(
session_id: str,
service: AuditSessionService = Depends(get_audit_session_service),
) -> AuditSessionDetailResponse:
"""Get detailed information about a specific audit session."""
with translate_domain_errors():
return service.get(session_id)
@router.put("/sessions/{session_id}/start")
async def start_audit_session(
session_id: str,
service: AuditSessionService = Depends(get_audit_session_service),
) -> dict[str, Any]:
"""Start an audit session (draft -> in_progress)."""
with translate_domain_errors():
return service.start(session_id)
@router.put("/sessions/{session_id}/complete")
async def complete_audit_session(
session_id: str,
service: AuditSessionService = Depends(get_audit_session_service),
) -> dict[str, Any]:
"""Complete an audit session (in_progress -> completed)."""
with translate_domain_errors():
return service.complete(session_id)
@router.put("/sessions/{session_id}/archive")
async def archive_audit_session(
session_id: str,
service: AuditSessionService = Depends(get_audit_session_service),
) -> dict[str, Any]:
"""Archive a completed audit session."""
with translate_domain_errors():
return service.archive(session_id)
@router.delete("/sessions/{session_id}")
async def delete_audit_session(
session_id: str,
service: AuditSessionService = Depends(get_audit_session_service),
) -> dict[str, Any]:
"""Delete a draft or archived audit session and all its sign-offs."""
with translate_domain_errors():
return service.delete(session_id)
# ============================================================================
# Audit Checklist & Sign-off
# ============================================================================
@router.get("/checklist/{session_id}", response_model=AuditChecklistResponse)
async def get_audit_checklist(
session_id: str,
page: int = Query(1, ge=1),
page_size: int = Query(50, ge=1, le=200),
status_filter: Optional[str] = None,
regulation_filter: Optional[str] = None,
search: Optional[str] = None,
service: AuditSignOffService = Depends(get_audit_signoff_service),
) -> AuditChecklistResponse:
"""Get the paginated audit checklist for a session."""
with translate_domain_errors():
return service.get_checklist(
session_id=session_id,
page=page,
page_size=page_size,
status_filter=status_filter,
regulation_filter=regulation_filter,
search=search,
)
@router.put(
"/checklist/{session_id}/items/{requirement_id}/sign-off",
response_model=SignOffResponse,
)
async def sign_off_item(
session_id: str,
requirement_id: str,
request: SignOffRequest,
service: AuditSignOffService = Depends(get_audit_signoff_service),
) -> SignOffResponse:
"""Sign off on a specific requirement in an audit session."""
with translate_domain_errors():
return service.sign_off(session_id, requirement_id, request)
@router.get(
"/checklist/{session_id}/items/{requirement_id}",
response_model=SignOffResponse,
)
async def get_sign_off(
session_id: str,
requirement_id: str,
service: AuditSignOffService = Depends(get_audit_signoff_service),
) -> SignOffResponse:
"""Get the current sign-off status for a specific requirement."""
with translate_domain_errors():
return service.get_sign_off(session_id, requirement_id)
# ============================================================================
# PDF Report Generation
# ============================================================================
@router.get("/sessions/{session_id}/report/pdf")
async def generate_audit_pdf_report(
session_id: str,
language: str = Query("de", pattern="^(de|en)$"),
include_signatures: bool = Query(True),
service: AuditSessionService = Depends(get_audit_session_service),
) -> StreamingResponse:
"""Generate a PDF report for an audit session."""
with translate_domain_errors():
return service.generate_pdf(
session_id=session_id,
language=language,
include_signatures=include_signatures,
)
Reference in New Issue View Git Blame Copy Permalink