npm - @weirdfingers/baseboards - Versions diffs - 0.2.0 - Mend

@weirdfingers/baseboards 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (139) hide show

package/README.md +191 -0
package/dist/index.d.ts +1 -0
package/dist/index.js +887 -0
package/dist/index.js.map +1 -0
package/package.json +64 -0
package/templates/README.md +120 -0
package/templates/api/.env.example +62 -0
package/templates/api/Dockerfile +32 -0
package/templates/api/README.md +132 -0
package/templates/api/alembic/env.py +106 -0
package/templates/api/alembic/script.py.mako +28 -0
package/templates/api/alembic/versions/20250101_000000_initial_schema.py +448 -0
package/templates/api/alembic/versions/20251022_174729_remove_provider_name_from_generations.py +71 -0
package/templates/api/alembic/versions/20251023_165852_switch_to_declarative_base_and_mapping.py +411 -0
package/templates/api/alembic/versions/2025925_62735_add_seed_data_for_default_tenant.py +85 -0
package/templates/api/alembic.ini +36 -0
package/templates/api/config/generators.yaml +25 -0
package/templates/api/config/storage_config.yaml +26 -0
package/templates/api/docs/ADDING_GENERATORS.md +409 -0
package/templates/api/docs/GENERATORS_API.md +502 -0
package/templates/api/docs/MIGRATIONS.md +472 -0
package/templates/api/docs/storage_providers.md +337 -0
package/templates/api/pyproject.toml +165 -0
package/templates/api/src/boards/__init__.py +10 -0
package/templates/api/src/boards/api/app.py +171 -0
package/templates/api/src/boards/api/auth.py +75 -0
package/templates/api/src/boards/api/endpoints/__init__.py +3 -0
package/templates/api/src/boards/api/endpoints/jobs.py +76 -0
package/templates/api/src/boards/api/endpoints/setup.py +505 -0
package/templates/api/src/boards/api/endpoints/sse.py +129 -0
package/templates/api/src/boards/api/endpoints/storage.py +74 -0
package/templates/api/src/boards/api/endpoints/tenant_registration.py +296 -0
package/templates/api/src/boards/api/endpoints/webhooks.py +13 -0
package/templates/api/src/boards/auth/__init__.py +15 -0
package/templates/api/src/boards/auth/adapters/__init__.py +20 -0
package/templates/api/src/boards/auth/adapters/auth0.py +220 -0
package/templates/api/src/boards/auth/adapters/base.py +73 -0
package/templates/api/src/boards/auth/adapters/clerk.py +172 -0
package/templates/api/src/boards/auth/adapters/jwt.py +122 -0
package/templates/api/src/boards/auth/adapters/none.py +102 -0
package/templates/api/src/boards/auth/adapters/oidc.py +284 -0
package/templates/api/src/boards/auth/adapters/supabase.py +110 -0
package/templates/api/src/boards/auth/context.py +35 -0
package/templates/api/src/boards/auth/factory.py +115 -0
package/templates/api/src/boards/auth/middleware.py +221 -0
package/templates/api/src/boards/auth/provisioning.py +129 -0
package/templates/api/src/boards/auth/tenant_extraction.py +278 -0
package/templates/api/src/boards/cli.py +354 -0
package/templates/api/src/boards/config.py +116 -0
package/templates/api/src/boards/database/__init__.py +7 -0
package/templates/api/src/boards/database/cli.py +110 -0
package/templates/api/src/boards/database/connection.py +252 -0
package/templates/api/src/boards/database/models.py +19 -0
package/templates/api/src/boards/database/seed_data.py +182 -0
package/templates/api/src/boards/dbmodels/__init__.py +455 -0
package/templates/api/src/boards/generators/__init__.py +57 -0
package/templates/api/src/boards/generators/artifacts.py +53 -0
package/templates/api/src/boards/generators/base.py +140 -0
package/templates/api/src/boards/generators/implementations/__init__.py +12 -0
package/templates/api/src/boards/generators/implementations/audio/__init__.py +3 -0
package/templates/api/src/boards/generators/implementations/audio/whisper.py +66 -0
package/templates/api/src/boards/generators/implementations/image/__init__.py +3 -0
package/templates/api/src/boards/generators/implementations/image/dalle3.py +93 -0
package/templates/api/src/boards/generators/implementations/image/flux_pro.py +85 -0
package/templates/api/src/boards/generators/implementations/video/__init__.py +3 -0
package/templates/api/src/boards/generators/implementations/video/lipsync.py +70 -0
package/templates/api/src/boards/generators/loader.py +253 -0
package/templates/api/src/boards/generators/registry.py +114 -0
package/templates/api/src/boards/generators/resolution.py +515 -0
package/templates/api/src/boards/generators/testmods/class_gen.py +34 -0
package/templates/api/src/boards/generators/testmods/import_side_effect.py +35 -0
package/templates/api/src/boards/graphql/__init__.py +7 -0
package/templates/api/src/boards/graphql/access_control.py +136 -0
package/templates/api/src/boards/graphql/mutations/root.py +136 -0
package/templates/api/src/boards/graphql/queries/root.py +116 -0
package/templates/api/src/boards/graphql/resolvers/__init__.py +8 -0
package/templates/api/src/boards/graphql/resolvers/auth.py +12 -0
package/templates/api/src/boards/graphql/resolvers/board.py +1055 -0
package/templates/api/src/boards/graphql/resolvers/generation.py +889 -0
package/templates/api/src/boards/graphql/resolvers/generator.py +50 -0
package/templates/api/src/boards/graphql/resolvers/user.py +25 -0
package/templates/api/src/boards/graphql/schema.py +81 -0
package/templates/api/src/boards/graphql/types/board.py +102 -0
package/templates/api/src/boards/graphql/types/generation.py +130 -0
package/templates/api/src/boards/graphql/types/generator.py +17 -0
package/templates/api/src/boards/graphql/types/user.py +47 -0
package/templates/api/src/boards/jobs/repository.py +104 -0
package/templates/api/src/boards/logging.py +195 -0
package/templates/api/src/boards/middleware.py +339 -0
package/templates/api/src/boards/progress/__init__.py +4 -0
package/templates/api/src/boards/progress/models.py +25 -0
package/templates/api/src/boards/progress/publisher.py +64 -0
package/templates/api/src/boards/py.typed +0 -0
package/templates/api/src/boards/redis_pool.py +118 -0
package/templates/api/src/boards/storage/__init__.py +52 -0
package/templates/api/src/boards/storage/base.py +363 -0
package/templates/api/src/boards/storage/config.py +187 -0
package/templates/api/src/boards/storage/factory.py +278 -0
package/templates/api/src/boards/storage/implementations/__init__.py +27 -0
package/templates/api/src/boards/storage/implementations/gcs.py +340 -0
package/templates/api/src/boards/storage/implementations/local.py +201 -0
package/templates/api/src/boards/storage/implementations/s3.py +294 -0
package/templates/api/src/boards/storage/implementations/supabase.py +218 -0
package/templates/api/src/boards/tenant_isolation.py +446 -0
package/templates/api/src/boards/validation.py +262 -0
package/templates/api/src/boards/workers/__init__.py +1 -0
package/templates/api/src/boards/workers/actors.py +201 -0
package/templates/api/src/boards/workers/cli.py +125 -0
package/templates/api/src/boards/workers/context.py +188 -0
package/templates/api/src/boards/workers/middleware.py +58 -0
package/templates/api/src/py.typed +0 -0
package/templates/compose.dev.yaml +39 -0
package/templates/compose.yaml +109 -0
package/templates/docker/env.example +23 -0
package/templates/web/.env.example +28 -0
package/templates/web/Dockerfile +51 -0
package/templates/web/components.json +22 -0
package/templates/web/imageLoader.js +18 -0
package/templates/web/next-env.d.ts +5 -0
package/templates/web/next.config.js +36 -0
package/templates/web/package.json +37 -0
package/templates/web/postcss.config.mjs +7 -0
package/templates/web/public/favicon.ico +0 -0
package/templates/web/src/app/boards/[boardId]/page.tsx +232 -0
package/templates/web/src/app/globals.css +120 -0
package/templates/web/src/app/layout.tsx +21 -0
package/templates/web/src/app/page.tsx +35 -0
package/templates/web/src/app/providers.tsx +18 -0
package/templates/web/src/components/boards/ArtifactInputSlots.tsx +142 -0
package/templates/web/src/components/boards/ArtifactPreview.tsx +125 -0
package/templates/web/src/components/boards/GenerationGrid.tsx +45 -0
package/templates/web/src/components/boards/GenerationInput.tsx +251 -0
package/templates/web/src/components/boards/GeneratorSelector.tsx +89 -0
package/templates/web/src/components/header.tsx +30 -0
package/templates/web/src/components/ui/button.tsx +58 -0
package/templates/web/src/components/ui/card.tsx +92 -0
package/templates/web/src/components/ui/navigation-menu.tsx +168 -0
package/templates/web/src/lib/utils.ts +6 -0
package/templates/web/tsconfig.json +47 -0

package/templates/api/src/boards/tenant_isolation.py ADDED Viewed

@@ -0,0 +1,446 @@
+"""
+Tenant isolation validation and enforcement utilities.
+This module provides utilities to validate and enforce tenant isolation
+across the application to ensure data security in multi-tenant deployments.
+"""
+from __future__ import annotations
+from datetime import UTC
+from typing import Any
+from uuid import UUID
+from sqlalchemy import select, text
+from sqlalchemy.ext.asyncio import AsyncSession
+from .config import settings
+from .dbmodels import Boards, Generations, Users
+from .logging import get_logger
+logger = get_logger(__name__)
+class TenantIsolationError(Exception):
+    """Raised when tenant isolation validation fails."""
+    pass
+class TenantIsolationValidator:
+    """
+    Utility class for validating tenant isolation in multi-tenant environments.
+    This class provides methods to:
+    1. Validate tenant-scoped queries
+    2. Check for cross-tenant data access
+    3. Ensure proper tenant filtering
+    4. Audit tenant isolation compliance
+    """
+    def __init__(self, db: AsyncSession):
+        self.db = db
+    async def validate_user_tenant_isolation(self, user_id: UUID, tenant_id: UUID) -> bool:
+        """
+        Validate that a user belongs to the specified tenant.
+        Args:
+            user_id: UUID of the user
+            tenant_id: UUID of the tenant
+        Returns:
+            True if user belongs to tenant, False otherwise
+        Raises:
+            TenantIsolationError: If validation fails
+        """
+        try:
+            stmt = select(Users).where((Users.id == user_id) & (Users.tenant_id == tenant_id))
+            result = await self.db.execute(stmt)
+            user = result.scalar_one_or_none()
+            if not user:
+                logger.warning(
+                    "User tenant isolation violation",
+                    user_id=str(user_id),
+                    expected_tenant=str(tenant_id),
+                )
+                return False
+            return True
+        except Exception as e:
+            logger.error(
+                "User tenant isolation validation failed",
+                user_id=str(user_id),
+                tenant_id=str(tenant_id),
+                error=str(e),
+            )
+            raise TenantIsolationError(f"User tenant validation failed: {e}") from e
+    async def validate_board_tenant_isolation(self, board_id: UUID, tenant_id: UUID) -> bool:
+        """
+        Validate that a board belongs to the specified tenant.
+        Args:
+            board_id: UUID of the board
+            tenant_id: UUID of the tenant
+        Returns:
+            True if board belongs to tenant, False otherwise
+        """
+        try:
+            stmt = select(Boards).where((Boards.id == board_id) & (Boards.tenant_id == tenant_id))
+            result = await self.db.execute(stmt)
+            board = result.scalar_one_or_none()
+            if not board:
+                logger.warning(
+                    "Board tenant isolation violation",
+                    board_id=str(board_id),
+                    expected_tenant=str(tenant_id),
+                )
+                return False
+            return True
+        except Exception as e:
+            logger.error(
+                "Board tenant isolation validation failed",
+                board_id=str(board_id),
+                tenant_id=str(tenant_id),
+                error=str(e),
+            )
+            raise TenantIsolationError(f"Board tenant validation failed: {e}") from e
+    async def validate_generation_tenant_isolation(
+        self, generation_id: UUID, tenant_id: UUID
+    ) -> bool:
+        """
+        Validate that a generation belongs to the specified tenant.
+        """
+        try:
+            stmt = select(Generations).where(
+                (Generations.id == generation_id) & (Generations.tenant_id == tenant_id)
+            )
+            result = await self.db.execute(stmt)
+            generation = result.scalar_one_or_none()
+            if not generation:
+                logger.warning(
+                    "Generation tenant isolation violation",
+                    generation_id=str(generation_id),
+                    expected_tenant=str(tenant_id),
+                )
+                return False
+            return True
+        except Exception as e:
+            logger.error(
+                "Generation tenant isolation validation failed",
+                generation_id=str(generation_id),
+                tenant_id=str(tenant_id),
+                error=str(e),
+            )
+            raise TenantIsolationError(f"Generation tenant validation failed: {e}") from e
+    async def audit_tenant_isolation(self, tenant_id: UUID) -> dict[str, Any]:
+        """
+        Perform comprehensive tenant isolation audit.
+        Args:
+            tenant_id: UUID of the tenant to audit
+        Returns:
+            Dictionary with audit results and statistics
+        """
+        logger.info("Starting tenant isolation audit", tenant_id=str(tenant_id))
+        audit_results = {
+            "tenant_id": str(tenant_id),
+            "audit_timestamp": None,
+            "isolation_violations": [],
+            "statistics": {},
+            "recommendations": [],
+        }
+        try:
+            from datetime import datetime
+            audit_results["audit_timestamp"] = datetime.now(UTC).isoformat()
+            # 1. Check for orphaned records
+            orphaned_records = await self._check_orphaned_records(tenant_id)
+            if orphaned_records:
+                audit_results["isolation_violations"].extend(orphaned_records)
+            # 2. Check cross-tenant board memberships
+            cross_tenant_memberships = await self._check_cross_tenant_memberships(tenant_id)
+            if cross_tenant_memberships:
+                audit_results["isolation_violations"].extend(cross_tenant_memberships)
+            # 3. Gather tenant statistics
+            audit_results["statistics"] = await self._gather_tenant_statistics(tenant_id)
+            # 4. Generate recommendations
+            audit_results["recommendations"] = self._generate_isolation_recommendations(
+                audit_results["isolation_violations"]
+            )
+            logger.info(
+                "Tenant isolation audit completed",
+                tenant_id=str(tenant_id),
+                violations_count=len(audit_results["isolation_violations"]),
+            )
+            return audit_results
+        except Exception as e:
+            logger.error(
+                "Tenant isolation audit failed",
+                tenant_id=str(tenant_id),
+                error=str(e),
+            )
+            raise TenantIsolationError(f"Tenant isolation audit failed: {e}") from e
+    async def _check_orphaned_records(self, tenant_id: UUID) -> list[dict[str, Any]]:
+        """Check for records that should belong to tenant but don't."""
+        violations = []
+        try:
+            # Check for users with boards in different tenants
+            stmt = text(
+                """
+                SELECT u.id as user_id, b.id as board_id, b.tenant_id as board_tenant_id
+                FROM users u
+                JOIN boards b ON u.id = b.owner_id
+                WHERE u.tenant_id = :tenant_id AND b.tenant_id != :tenant_id
+            """
+            )
+            result = await self.db.execute(stmt, {"tenant_id": tenant_id})
+            orphaned_boards = result.fetchall()
+            for row in orphaned_boards:
+                violations.append(
+                    {
+                        "type": "orphaned_board",
+                        "description": f"User {row.user_id} owns board {row.board_id} in different tenant",  # noqa: E501
+                        "user_id": str(row.user_id),
+                        "board_id": str(row.board_id),
+                        "board_tenant_id": str(row.board_tenant_id),
+                    }
+                )
+            # Check for generations with boards in different tenants
+            stmt = text(
+                """
+                SELECT g.id as generation_id,
+                    g.tenant_id,
+                    g.board_id,
+                    b.tenant_id as board_tenant_id
+                FROM generations g
+                JOIN boards b ON g.board_id = b.id
+                WHERE g.tenant_id = :tenant_id AND b.tenant_id != :tenant_id
+            """
+            )
+            result = await self.db.execute(stmt, {"tenant_id": tenant_id})
+            orphaned_generations = result.fetchall()
+            for row in orphaned_generations:
+                violations.append(
+                    {
+                        "type": "orphaned_generation",
+                        "description": f"Generation {row.generation_id} belongs to different tenant than its board",  # noqa: E501
+                        "generation_id": str(row.generation_id),
+                        "board_id": str(row.board_id),
+                        "board_tenant_id": str(row.board_tenant_id),
+                    }
+                )
+        except Exception as e:
+            logger.error("Failed to check orphaned records", error=str(e))
+        return violations
+    async def _check_cross_tenant_memberships(self, tenant_id: UUID) -> list[dict[str, Any]]:
+        """Check for cross-tenant board memberships."""
+        violations = []
+        try:
+            stmt = text(
+                """
+                SELECT bm.board_id,
+                    bm.user_id,
+                    b.tenant_id as board_tenant_id,
+                    u.tenant_id as user_tenant_id
+                FROM board_members bm
+                JOIN boards b ON bm.board_id = b.id
+                JOIN users u ON bm.user_id = u.id
+                WHERE b.tenant_id = :tenant_id AND u.tenant_id != :tenant_id
+            """
+            )
+            result = await self.db.execute(stmt, {"tenant_id": tenant_id})
+            cross_tenant_members = result.fetchall()
+            for row in cross_tenant_members:
+                violations.append(
+                    {
+                        "type": "cross_tenant_membership",
+                        "description": "User from different tenant has board membership",
+                        "board_id": str(row.board_id),
+                        "user_id": str(row.user_id),
+                        "board_tenant_id": str(row.board_tenant_id),
+                        "user_tenant_id": str(row.user_tenant_id),
+                    }
+                )
+        except Exception as e:
+            logger.error("Failed to check cross-tenant memberships", error=str(e))
+        return violations
+    async def _gather_tenant_statistics(self, tenant_id: UUID) -> dict[str, int]:
+        """Gather statistics for the tenant."""
+        stats = {}
+        try:
+            # Count users
+            stmt = select(Users).where(Users.tenant_id == tenant_id)
+            result = await self.db.execute(stmt)
+            stats["users_count"] = len(result.scalars().all())
+            # Count boards
+            stmt = select(Boards).where(Boards.tenant_id == tenant_id)
+            result = await self.db.execute(stmt)
+            stats["boards_count"] = len(result.scalars().all())
+            # Count generations
+            stmt = select(Generations).where(Generations.tenant_id == tenant_id)
+            result = await self.db.execute(stmt)
+            stats["generations_count"] = len(result.scalars().all())
+            # Count board memberships
+            stmt = text(
+                """
+                SELECT COUNT(*) as count
+                FROM board_members bm
+                JOIN boards b ON bm.board_id = b.id
+                WHERE b.tenant_id = :tenant_id
+            """
+            )
+            result = await self.db.execute(stmt, {"tenant_id": tenant_id})
+            stats["board_memberships_count"] = result.scalar()
+        except Exception as e:
+            logger.error("Failed to gather tenant statistics", error=str(e))
+        return stats
+    def _generate_isolation_recommendations(self, violations: list[dict[str, Any]]) -> list[str]:
+        """Generate recommendations based on isolation violations."""
+        recommendations = []
+        if not violations:
+            recommendations.append("Tenant isolation is properly maintained - no violations found")
+            return recommendations
+        violation_types = {v["type"] for v in violations}
+        if "orphaned_board" in violation_types:
+            recommendations.append(
+                "Fix orphaned boards by ensuring board tenant_id matches owner's tenant_id"
+            )
+        if "orphaned_generation" in violation_types:
+            recommendations.append(
+                "Fix orphaned generations by ensuring generation tenant_id matches board tenant_id"
+            )
+        if "cross_tenant_membership" in violation_types:
+            recommendations.append(
+                "Remove cross-tenant board memberships or migrate users to appropriate tenants"
+            )
+        recommendations.append("Run isolation audit regularly to detect future violations")
+        recommendations.append(
+            "Consider adding database constraints to prevent isolation violations"
+        )
+        return recommendations
+async def ensure_tenant_isolation(
+    db: AsyncSession,
+    user_id: UUID | None,
+    tenant_id: UUID,
+    resource_type: str,
+    resource_id: UUID | None = None,
+) -> None:
+    """
+    Ensure tenant isolation for a specific operation.
+    Args:
+        db: Database session
+        user_id: ID of the user performing the operation
+        tenant_id: ID of the tenant context
+        resource_type: Type of resource being accessed (user, board, generation)
+        resource_id: ID of the specific resource (if applicable)
+    Raises:
+        TenantIsolationError: If isolation validation fails
+    """
+    if not settings.multi_tenant_mode:
+        # Skip validation in single-tenant mode
+        return
+    validator = TenantIsolationValidator(db)
+    try:
+        # Validate user belongs to tenant
+        if user_id:
+            user_valid = await validator.validate_user_tenant_isolation(user_id, tenant_id)
+            if not user_valid:
+                raise TenantIsolationError(f"User {user_id} does not belong to tenant {tenant_id}")
+        # Validate resource belongs to tenant (if resource_id provided)
+        if resource_id:
+            if resource_type == "board":
+                board_valid = await validator.validate_board_tenant_isolation(
+                    resource_id, tenant_id
+                )
+                if not board_valid:
+                    raise TenantIsolationError(
+                        f"Board {resource_id} does not belong to tenant {tenant_id}"
+                    )
+            elif resource_type == "generation":
+                generation_valid = await validator.validate_generation_tenant_isolation(
+                    resource_id, tenant_id
+                )
+                if not generation_valid:
+                    raise TenantIsolationError(
+                        f"Generation {resource_id} does not belong to tenant {tenant_id}"
+                    )
+        logger.debug(
+            "Tenant isolation validated successfully",
+            user_id=str(user_id) if user_id else None,
+            tenant_id=str(tenant_id),
+            resource_type=resource_type,
+            resource_id=str(resource_id) if resource_id else None,
+        )
+    except TenantIsolationError:
+        # Re-raise isolation errors
+        raise
+    except Exception as e:
+        logger.error(
+            "Tenant isolation validation error",
+            user_id=str(user_id) if user_id else None,
+            tenant_id=str(tenant_id),
+            resource_type=resource_type,
+            error=str(e),
+        )
+        raise TenantIsolationError(f"Tenant isolation validation failed: {e}") from e

package/templates/api/src/boards/validation.py ADDED Viewed

@@ -0,0 +1,262 @@
+"""
+Configuration validation for Boards application.
+This module provides validation functions to ensure the application
+is properly configured before startup.
+"""
+from __future__ import annotations
+from typing import Any
+from .config import settings
+from .database.connection import get_async_session, test_database_connection
+from .database.seed_data import ensure_default_tenant
+from .logging import get_logger
+logger = get_logger(__name__)
+class ValidationError(Exception):
+    """Raised when application validation fails."""
+    pass
+async def validate_database_connection() -> dict[str, Any]:
+    """
+    Validate that the database is accessible and responsive.
+    This runs before other validation checks to catch connection issues early
+    with clear error messages.
+    Returns a dictionary with validation results and connection details.
+    """
+    results = {
+        "valid": True,
+        "warnings": [],
+        "errors": [],
+        "connection_info": None,
+    }
+    success, error_message = await test_database_connection()
+    if success:
+        results["connection_info"] = {
+            "status": "connected",
+            "message": "Database connection successful",
+        }
+        logger.info("Database connection validation successful")
+    else:
+        results["valid"] = False
+        results["errors"].append(error_message)
+        logger.error("Database connection validation failed", error=error_message)
+    return results
+async def validate_tenant_configuration() -> dict[str, Any]:
+    """
+    Validate tenant configuration and setup.
+    Returns a dictionary with validation results and recommendations.
+    Raises ValidationError if critical validation fails.
+    """
+    results = {
+        "valid": True,
+        "warnings": [],
+        "errors": [],
+        "tenant_info": None,
+    }
+    try:
+        async with get_async_session() as db:
+            if settings.multi_tenant_mode:
+                # Multi-tenant mode - just validate database connection
+                results["tenant_info"] = {
+                    "mode": "multi_tenant",
+                    "message": "Multi-tenant mode enabled - tenants managed dynamically",
+                }
+                logger.info("Tenant validation: Multi-tenant mode configured")
+            else:
+                # Single-tenant mode - ensure default tenant exists
+                try:
+                    tenant_id = await ensure_default_tenant(db)
+                    results["tenant_info"] = {
+                        "mode": "single_tenant",
+                        "tenant_id": str(tenant_id),
+                        "slug": settings.default_tenant_slug,
+                        "message": f"Default tenant exists: {tenant_id}",
+                    }
+                    logger.info(
+                        "Tenant validation: Default tenant verified",
+                        tenant_id=str(tenant_id),
+                        slug=settings.default_tenant_slug,
+                    )
+                except Exception as e:
+                    error_msg = f"Failed to ensure default tenant exists: {str(e)}"
+                    results["errors"].append(error_msg)
+                    results["valid"] = False
+                    logger.error("Tenant validation failed", error=str(e))
+    except Exception as e:
+        error_msg = f"Database connection failed during tenant validation: {str(e)}"
+        results["errors"].append(error_msg)
+        results["valid"] = False
+        logger.error("Database validation failed", error=str(e))
+    return results
+async def validate_auth_configuration() -> dict[str, Any]:
+    """
+    Validate authentication configuration.
+    Returns validation results and security recommendations.
+    """
+    results = {
+        "valid": True,
+        "warnings": [],
+        "errors": [],
+        "auth_info": {
+            "provider": settings.auth_provider,
+            "multi_tenant_mode": settings.multi_tenant_mode,
+        },
+    }
+    # Validate auth provider configuration
+    if settings.auth_provider == "none":
+        if settings.environment.lower() in ("production", "prod"):
+            warning = "No-auth mode detected in production environment - this is a security risk!"
+            results["warnings"].append(warning)
+            logger.warning(warning)
+        else:
+            logger.info("Auth validation: No-auth mode enabled for development")
+    elif settings.auth_provider == "jwt":
+        if not settings.jwt_secret:
+            error = "JWT authentication enabled but JWT_SECRET not configured"
+            results["errors"].append(error)
+            results["valid"] = False
+            logger.error(error)
+        else:
+            logger.info("Auth validation: JWT authentication configured")
+    else:
+        logger.info(f"Auth validation: Using {settings.auth_provider} provider")
+    return results
+async def validate_startup_configuration() -> dict[str, Any]:
+    """
+    Comprehensive startup validation.
+    This function should be called during application startup to ensure
+    all critical configuration is valid.
+    """
+    logger.info("Starting application configuration validation")
+    # Test database connection first - this catches common issues early
+    db_results = await validate_database_connection()
+    # Only proceed with other validations if database is accessible
+    if db_results["valid"]:
+        tenant_results = await validate_tenant_configuration()
+        auth_results = await validate_auth_configuration()
+    else:
+        # Skip tenant/auth validation if database is not accessible
+        logger.warning("Skipping tenant and auth validation due to database connection failure")
+        tenant_results = {
+            "valid": False,
+            "warnings": [],
+            "errors": ["Skipped due to database connection failure"],
+            "tenant_info": None,
+        }
+        auth_results = await validate_auth_configuration()  # Auth can validate without DB
+    # Combine results
+    combined_results = {
+        "overall_valid": db_results["valid"] and tenant_results["valid"] and auth_results["valid"],
+        "database": db_results,
+        "tenant": tenant_results,
+        "auth": auth_results,
+        "environment": {
+            "auth_provider": settings.auth_provider,
+            "multi_tenant_mode": settings.multi_tenant_mode,
+            "environment": settings.environment,
+            "debug": settings.debug,
+        },
+    }
+    # Log summary
+    if combined_results["overall_valid"]:
+        logger.info("Application configuration validation completed successfully")
+    else:
+        all_errors = (
+            db_results.get("errors", [])
+            + tenant_results.get("errors", [])
+            + auth_results.get("errors", [])
+        )
+        logger.error(
+            "Application configuration validation failed",
+            errors=all_errors,
+        )
+    # Log warnings
+    all_warnings = (
+        db_results.get("warnings", [])
+        + tenant_results.get("warnings", [])
+        + auth_results.get("warnings", [])
+    )
+    if all_warnings:
+        logger.warning(
+            "Configuration warnings detected",
+            warnings=all_warnings,
+        )
+    return combined_results
+def get_startup_recommendations(validation_results: dict[str, Any]) -> list[str]:
+    """
+    Generate startup recommendations based on validation results.
+    """
+    recommendations = []
+    # Database recommendations
+    if not validation_results.get("database", {}).get("valid", False):
+        recommendations.append(
+            "Database connection failed - check that PostgreSQL is running and accessible"
+        )
+        return recommendations  # Return early if database is not accessible
+    # Tenant recommendations
+    tenant_info = validation_results["tenant"].get("tenant_info")
+    if tenant_info and tenant_info["mode"] == "single_tenant":
+        recommendations.append(f"Single-tenant mode active with tenant: {tenant_info['tenant_id']}")
+    # Auth recommendations
+    auth_info = validation_results["auth"]["auth_info"]
+    if auth_info["provider"] == "none" and settings.environment.lower() not in (
+        "development",
+        "dev",
+    ):
+        recommendations.append(
+            "Consider configuring a proper authentication provider for non-development environments"
+        )
+    # Error recommendations
+    if not validation_results["overall_valid"]:
+        recommendations.append("Fix configuration errors before deploying to production")
+    # Success recommendations
+    if validation_results["overall_valid"] and not recommendations:
+        if auth_info["multi_tenant_mode"]:
+            recommendations.append("Multi-tenant configuration is ready for operation")
+        else:
+            recommendations.append("Single-tenant configuration is ready for operation")
+    return recommendations