3320ef94fc
Squash of branch refactor/phase0-guardrails-and-models-split — 4 commits,
81 files, 173/173 pytest green, OpenAPI contract preserved (360 paths /
484 operations).
## Phase 0 — Architecture guardrails
Three defense-in-depth layers to keep the architecture rules enforced
regardless of who opens Claude Code in this repo:
1. .claude/settings.json PreToolUse hook on Write/Edit blocks any file
that would exceed the 500-line hard cap. Auto-loads in every Claude
session in this repo.
2. scripts/githooks/pre-commit (install via scripts/install-hooks.sh)
enforces the LOC cap locally, freezes migrations/ without
[migration-approved], and protects guardrail files without
[guardrail-change].
3. .gitea/workflows/ci.yaml gains loc-budget + guardrail-integrity +
sbom-scan (syft+grype) jobs, adds mypy --strict for the new Python
packages (compliance/{services,repositories,domain,schemas}), and
tsc --noEmit for admin-compliance + developer-portal.
Per-language conventions documented in AGENTS.python.md, AGENTS.go.md,
AGENTS.typescript.md at the repo root — layering, tooling, and explicit
"what you may NOT do" lists. Root CLAUDE.md is prepended with the six
non-negotiable rules. Each of the 10 services gets a README.md.
scripts/check-loc.sh enforces soft 300 / hard 500 and surfaces the
current baseline of 205 hard + 161 soft violations so Phases 1-4 can
drain it incrementally. CI gates only CHANGED files in PRs so the
legacy baseline does not block unrelated work.
## Deprecation sweep
47 files. Pydantic V1 regex= -> pattern= (2 sites), class Config ->
ConfigDict in source_policy_router.py (schemas.py intentionally skipped;
it is the Phase 1 Step 3 split target). datetime.utcnow() ->
datetime.now(timezone.utc) everywhere including SQLAlchemy default=
callables. All DB columns already declare timezone=True, so this is a
latent-bug fix at the Python side, not a schema change.
DeprecationWarning count dropped from 158 to 35.
## Phase 1 Step 1 — Contract test harness
tests/contracts/test_openapi_baseline.py diffs the live FastAPI /openapi.json
against tests/contracts/openapi.baseline.json on every test run. Fails on
removed paths, removed status codes, or new required request body fields.
Regenerate only via tests/contracts/regenerate_baseline.py after a
consumer-updated contract change. This is the safety harness for all
subsequent refactor commits.
## Phase 1 Step 2 — models.py split (1466 -> 85 LOC shim)
compliance/db/models.py is decomposed into seven sibling aggregate modules
following the existing repo pattern (dsr_models.py, vvt_models.py, ...):
regulation_models.py (134) — Regulation, Requirement
control_models.py (279) — Control, Mapping, Evidence, Risk
ai_system_models.py (141) — AISystem, AuditExport
service_module_models.py (176) — ServiceModule, ModuleRegulation, ModuleRisk
audit_session_models.py (177) — AuditSession, AuditSignOff
isms_governance_models.py (323) — ISMSScope, Context, Policy, Objective, SoA
isms_audit_models.py (468) — Finding, CAPA, MgmtReview, InternalAudit,
AuditTrail, Readiness
models.py becomes an 85-line re-export shim in dependency order so
existing imports continue to work unchanged. Schema is byte-identical:
__tablename__, column definitions, relationship strings, back_populates,
cascade directives all preserved.
All new sibling files are under the 500-line hard cap; largest is
isms_audit_models.py at 468. No file in compliance/db/ now exceeds
the hard cap.
## Phase 1 Step 3 — infrastructure only
backend-compliance/compliance/{schemas,domain,repositories}/ packages
are created as landing zones with docstrings. compliance/domain/
exports DomainError / NotFoundError / ConflictError / ValidationError /
PermissionError — the base classes services will use to raise
domain-level errors instead of HTTPException.
PHASE1_RUNBOOK.md at backend-compliance/PHASE1_RUNBOOK.md documents
the nine-step execution plan for Phase 1: snapshot baseline,
characterization tests, split models.py (this commit), split schemas.py
(next), extract services, extract repositories, mypy --strict, coverage.
## Verification
backend-compliance/.venv-phase1: uv python install 3.12 + pip -r requirements.txt
PYTHONPATH=. pytest compliance/tests/ tests/contracts/
-> 173 passed, 0 failed, 35 warnings, OpenAPI 360/484 unchanged
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
103 lines
3.7 KiB
Python
103 lines
3.7 KiB
Python
"""OpenAPI contract test.
|
|
|
|
This test pins the public HTTP contract of backend-compliance. It loads the
|
|
FastAPI app, extracts the live OpenAPI schema, and compares it against a
|
|
checked-in baseline at ``tests/contracts/openapi.baseline.json``.
|
|
|
|
Rules:
|
|
- Adding new paths/operations/fields → OK (additive change).
|
|
- Removing a path, changing a method, changing a status code, removing or
|
|
renaming a response/request field → FAIL. Such changes require updating
|
|
every consumer (admin-compliance, developer-portal, SDKs) in the same
|
|
change, then regenerating the baseline with:
|
|
|
|
python tests/contracts/regenerate_baseline.py
|
|
|
|
and explaining the contract change in the PR description.
|
|
|
|
The baseline is missing on first run — the test prints the command to create
|
|
it and skips. This is intentional: Phase 1 step 1 generates it fresh from the
|
|
current app state before any refactoring begins.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import json
|
|
from pathlib import Path
|
|
from typing import Any
|
|
|
|
import pytest
|
|
|
|
BASELINE_PATH = Path(__file__).parent / "openapi.baseline.json"
|
|
|
|
|
|
def _load_live_schema() -> dict[str, Any]:
|
|
"""Import the FastAPI app and extract its OpenAPI schema.
|
|
|
|
Kept inside the function so that test collection does not fail if the app
|
|
has import-time side effects that aren't satisfied in the test env.
|
|
"""
|
|
from main import app # type: ignore[import-not-found]
|
|
|
|
return app.openapi()
|
|
|
|
|
|
def _collect_operations(schema: dict[str, Any]) -> dict[str, dict[str, Any]]:
|
|
"""Return a flat {f'{METHOD} {path}': operation} map for diffing."""
|
|
out: dict[str, dict[str, Any]] = {}
|
|
for path, methods in schema.get("paths", {}).items():
|
|
for method, op in methods.items():
|
|
if method.lower() in {"get", "post", "put", "patch", "delete", "options", "head"}:
|
|
out[f"{method.upper()} {path}"] = op
|
|
return out
|
|
|
|
|
|
@pytest.mark.contract
|
|
def test_openapi_no_breaking_changes() -> None:
|
|
if not BASELINE_PATH.exists():
|
|
pytest.skip(
|
|
f"Baseline missing. Run: python {Path(__file__).parent}/regenerate_baseline.py"
|
|
)
|
|
|
|
baseline = json.loads(BASELINE_PATH.read_text())
|
|
live = _load_live_schema()
|
|
|
|
baseline_ops = _collect_operations(baseline)
|
|
live_ops = _collect_operations(live)
|
|
|
|
# 1. No operation may disappear.
|
|
removed = sorted(set(baseline_ops) - set(live_ops))
|
|
assert not removed, (
|
|
f"Breaking change: {len(removed)} operation(s) removed from public API:\n "
|
|
+ "\n ".join(removed)
|
|
)
|
|
|
|
# 2. For operations that exist in both, response status codes must be a superset.
|
|
for key, baseline_op in baseline_ops.items():
|
|
live_op = live_ops[key]
|
|
baseline_codes = set((baseline_op.get("responses") or {}).keys())
|
|
live_codes = set((live_op.get("responses") or {}).keys())
|
|
missing = baseline_codes - live_codes
|
|
assert not missing, (
|
|
f"Breaking change: {key} no longer returns status code(s) {sorted(missing)}"
|
|
)
|
|
|
|
# 3. Required request-body fields may not be added (would break existing clients).
|
|
for key, baseline_op in baseline_ops.items():
|
|
live_op = live_ops[key]
|
|
base_req = _required_body_fields(baseline_op)
|
|
live_req = _required_body_fields(live_op)
|
|
new_required = live_req - base_req
|
|
assert not new_required, (
|
|
f"Breaking change: {key} added required request field(s) {sorted(new_required)}"
|
|
)
|
|
|
|
|
|
def _required_body_fields(op: dict[str, Any]) -> set[str]:
|
|
rb = op.get("requestBody") or {}
|
|
content = rb.get("content") or {}
|
|
for media in content.values():
|
|
schema = media.get("schema") or {}
|
|
return set(schema.get("required") or [])
|
|
return set()
|