3tears-enforcement 0.14.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (119) hide show
  1. 3tears_enforcement-0.14.0/.gitignore +216 -0
  2. 3tears_enforcement-0.14.0/LICENSE +21 -0
  3. 3tears_enforcement-0.14.0/PKG-INFO +99 -0
  4. 3tears_enforcement-0.14.0/README.md +78 -0
  5. 3tears_enforcement-0.14.0/pyproject.toml +39 -0
  6. 3tears_enforcement-0.14.0/src/threetears/enforcement/__init__.py +5 -0
  7. 3tears_enforcement-0.14.0/src/threetears/enforcement/cache/__init__.py +52 -0
  8. 3tears_enforcement-0.14.0/src/threetears/enforcement/cache/config.py +138 -0
  9. 3tears_enforcement-0.14.0/src/threetears/enforcement/cache/runner.py +251 -0
  10. 3tears_enforcement-0.14.0/src/threetears/enforcement/cache/walkers.py +937 -0
  11. 3tears_enforcement-0.14.0/src/threetears/enforcement/codebase_conventions/__init__.py +40 -0
  12. 3tears_enforcement-0.14.0/src/threetears/enforcement/codebase_conventions/config.py +104 -0
  13. 3tears_enforcement-0.14.0/src/threetears/enforcement/codebase_conventions/runner.py +217 -0
  14. 3tears_enforcement-0.14.0/src/threetears/enforcement/codebase_conventions/walkers.py +469 -0
  15. 3tears_enforcement-0.14.0/src/threetears/enforcement/coercion_coverage/__init__.py +32 -0
  16. 3tears_enforcement-0.14.0/src/threetears/enforcement/coercion_coverage/config.py +56 -0
  17. 3tears_enforcement-0.14.0/src/threetears/enforcement/coercion_coverage/runner.py +139 -0
  18. 3tears_enforcement-0.14.0/src/threetears/enforcement/coercion_coverage/walkers.py +143 -0
  19. 3tears_enforcement-0.14.0/src/threetears/enforcement/common/__init__.py +74 -0
  20. 3tears_enforcement-0.14.0/src/threetears/enforcement/common/ast_helpers.py +249 -0
  21. 3tears_enforcement-0.14.0/src/threetears/enforcement/common/exemptions.py +217 -0
  22. 3tears_enforcement-0.14.0/src/threetears/enforcement/common/inheritance.py +169 -0
  23. 3tears_enforcement-0.14.0/src/threetears/enforcement/common/modes.py +59 -0
  24. 3tears_enforcement-0.14.0/src/threetears/enforcement/common/pyproject_discovery.py +422 -0
  25. 3tears_enforcement-0.14.0/src/threetears/enforcement/common/repo_layout.py +80 -0
  26. 3tears_enforcement-0.14.0/src/threetears/enforcement/common/reports.py +83 -0
  27. 3tears_enforcement-0.14.0/src/threetears/enforcement/common/violations.py +50 -0
  28. 3tears_enforcement-0.14.0/src/threetears/enforcement/dependency_alignment/__init__.py +35 -0
  29. 3tears_enforcement-0.14.0/src/threetears/enforcement/dependency_alignment/config.py +35 -0
  30. 3tears_enforcement-0.14.0/src/threetears/enforcement/dependency_alignment/runner.py +81 -0
  31. 3tears_enforcement-0.14.0/src/threetears/enforcement/dependency_alignment/walkers.py +407 -0
  32. 3tears_enforcement-0.14.0/src/threetears/enforcement/dict_state_detection/__init__.py +38 -0
  33. 3tears_enforcement-0.14.0/src/threetears/enforcement/dict_state_detection/config.py +176 -0
  34. 3tears_enforcement-0.14.0/src/threetears/enforcement/dict_state_detection/runner.py +154 -0
  35. 3tears_enforcement-0.14.0/src/threetears/enforcement/dict_state_detection/walkers.py +532 -0
  36. 3tears_enforcement-0.14.0/src/threetears/enforcement/fake_parity/__init__.py +29 -0
  37. 3tears_enforcement-0.14.0/src/threetears/enforcement/fake_parity/config.py +49 -0
  38. 3tears_enforcement-0.14.0/src/threetears/enforcement/fake_parity/runner.py +115 -0
  39. 3tears_enforcement-0.14.0/src/threetears/enforcement/fake_parity/walkers.py +484 -0
  40. 3tears_enforcement-0.14.0/src/threetears/enforcement/logger_coverage/__init__.py +32 -0
  41. 3tears_enforcement-0.14.0/src/threetears/enforcement/logger_coverage/config.py +92 -0
  42. 3tears_enforcement-0.14.0/src/threetears/enforcement/logger_coverage/runner.py +149 -0
  43. 3tears_enforcement-0.14.0/src/threetears/enforcement/logger_coverage/walkers.py +217 -0
  44. 3tears_enforcement-0.14.0/src/threetears/enforcement/migration_yugabyte_safety/__init__.py +34 -0
  45. 3tears_enforcement-0.14.0/src/threetears/enforcement/migration_yugabyte_safety/config.py +86 -0
  46. 3tears_enforcement-0.14.0/src/threetears/enforcement/migration_yugabyte_safety/runner.py +176 -0
  47. 3tears_enforcement-0.14.0/src/threetears/enforcement/migration_yugabyte_safety/walkers.py +114 -0
  48. 3tears_enforcement-0.14.0/src/threetears/enforcement/nats_wrapper_usage/__init__.py +35 -0
  49. 3tears_enforcement-0.14.0/src/threetears/enforcement/nats_wrapper_usage/config.py +82 -0
  50. 3tears_enforcement-0.14.0/src/threetears/enforcement/nats_wrapper_usage/runner.py +375 -0
  51. 3tears_enforcement-0.14.0/src/threetears/enforcement/nats_wrapper_usage/walkers.py +352 -0
  52. 3tears_enforcement-0.14.0/src/threetears/enforcement/no_silent_swallow/__init__.py +41 -0
  53. 3tears_enforcement-0.14.0/src/threetears/enforcement/no_silent_swallow/config.py +90 -0
  54. 3tears_enforcement-0.14.0/src/threetears/enforcement/no_silent_swallow/runner.py +142 -0
  55. 3tears_enforcement-0.14.0/src/threetears/enforcement/no_silent_swallow/walkers.py +501 -0
  56. 3tears_enforcement-0.14.0/src/threetears/enforcement/no_stdlib_logging/__init__.py +31 -0
  57. 3tears_enforcement-0.14.0/src/threetears/enforcement/no_stdlib_logging/config.py +70 -0
  58. 3tears_enforcement-0.14.0/src/threetears/enforcement/no_stdlib_logging/runner.py +147 -0
  59. 3tears_enforcement-0.14.0/src/threetears/enforcement/no_stdlib_logging/walkers.py +292 -0
  60. 3tears_enforcement-0.14.0/src/threetears/enforcement/underscore_access/__init__.py +47 -0
  61. 3tears_enforcement-0.14.0/src/threetears/enforcement/underscore_access/config.py +82 -0
  62. 3tears_enforcement-0.14.0/src/threetears/enforcement/underscore_access/runner.py +237 -0
  63. 3tears_enforcement-0.14.0/src/threetears/enforcement/underscore_access/walkers.py +681 -0
  64. 3tears_enforcement-0.14.0/tests/__init__.py +0 -0
  65. 3tears_enforcement-0.14.0/tests/cache/__init__.py +0 -0
  66. 3tears_enforcement-0.14.0/tests/cache/test_config.py +136 -0
  67. 3tears_enforcement-0.14.0/tests/cache/test_root_split.py +167 -0
  68. 3tears_enforcement-0.14.0/tests/cache/test_runner.py +201 -0
  69. 3tears_enforcement-0.14.0/tests/cache/test_walkers.py +716 -0
  70. 3tears_enforcement-0.14.0/tests/codebase_conventions/__init__.py +0 -0
  71. 3tears_enforcement-0.14.0/tests/codebase_conventions/test_config.py +132 -0
  72. 3tears_enforcement-0.14.0/tests/codebase_conventions/test_runner.py +456 -0
  73. 3tears_enforcement-0.14.0/tests/codebase_conventions/test_walkers.py +662 -0
  74. 3tears_enforcement-0.14.0/tests/coercion_coverage/__init__.py +0 -0
  75. 3tears_enforcement-0.14.0/tests/coercion_coverage/test_config.py +61 -0
  76. 3tears_enforcement-0.14.0/tests/coercion_coverage/test_runner.py +258 -0
  77. 3tears_enforcement-0.14.0/tests/coercion_coverage/test_walkers.py +308 -0
  78. 3tears_enforcement-0.14.0/tests/common/__init__.py +0 -0
  79. 3tears_enforcement-0.14.0/tests/common/test_ast_helpers.py +197 -0
  80. 3tears_enforcement-0.14.0/tests/common/test_exemptions.py +220 -0
  81. 3tears_enforcement-0.14.0/tests/common/test_inheritance.py +180 -0
  82. 3tears_enforcement-0.14.0/tests/common/test_modes.py +61 -0
  83. 3tears_enforcement-0.14.0/tests/common/test_pyproject_discovery.py +282 -0
  84. 3tears_enforcement-0.14.0/tests/common/test_repo_layout.py +82 -0
  85. 3tears_enforcement-0.14.0/tests/common/test_reports.py +135 -0
  86. 3tears_enforcement-0.14.0/tests/common/test_violations.py +60 -0
  87. 3tears_enforcement-0.14.0/tests/dependency_alignment/__init__.py +0 -0
  88. 3tears_enforcement-0.14.0/tests/dependency_alignment/test_walkers.py +253 -0
  89. 3tears_enforcement-0.14.0/tests/dict_state_detection/__init__.py +1 -0
  90. 3tears_enforcement-0.14.0/tests/dict_state_detection/test_config.py +181 -0
  91. 3tears_enforcement-0.14.0/tests/dict_state_detection/test_runner.py +382 -0
  92. 3tears_enforcement-0.14.0/tests/dict_state_detection/test_walkers.py +607 -0
  93. 3tears_enforcement-0.14.0/tests/fake_parity/__init__.py +1 -0
  94. 3tears_enforcement-0.14.0/tests/fake_parity/test_walkers.py +296 -0
  95. 3tears_enforcement-0.14.0/tests/logger_coverage/__init__.py +1 -0
  96. 3tears_enforcement-0.14.0/tests/logger_coverage/test_config.py +92 -0
  97. 3tears_enforcement-0.14.0/tests/logger_coverage/test_runner.py +268 -0
  98. 3tears_enforcement-0.14.0/tests/logger_coverage/test_walkers.py +367 -0
  99. 3tears_enforcement-0.14.0/tests/migration_yugabyte_safety/__init__.py +3 -0
  100. 3tears_enforcement-0.14.0/tests/migration_yugabyte_safety/test_config.py +104 -0
  101. 3tears_enforcement-0.14.0/tests/migration_yugabyte_safety/test_runner.py +347 -0
  102. 3tears_enforcement-0.14.0/tests/migration_yugabyte_safety/test_walkers.py +303 -0
  103. 3tears_enforcement-0.14.0/tests/nats_wrapper_usage/__init__.py +3 -0
  104. 3tears_enforcement-0.14.0/tests/nats_wrapper_usage/test_config.py +80 -0
  105. 3tears_enforcement-0.14.0/tests/nats_wrapper_usage/test_runner.py +430 -0
  106. 3tears_enforcement-0.14.0/tests/nats_wrapper_usage/test_walkers.py +366 -0
  107. 3tears_enforcement-0.14.0/tests/no_silent_swallow/__init__.py +1 -0
  108. 3tears_enforcement-0.14.0/tests/no_silent_swallow/test_config.py +89 -0
  109. 3tears_enforcement-0.14.0/tests/no_silent_swallow/test_runner.py +279 -0
  110. 3tears_enforcement-0.14.0/tests/no_silent_swallow/test_walkers.py +569 -0
  111. 3tears_enforcement-0.14.0/tests/no_stdlib_logging/__init__.py +1 -0
  112. 3tears_enforcement-0.14.0/tests/no_stdlib_logging/test_config.py +75 -0
  113. 3tears_enforcement-0.14.0/tests/no_stdlib_logging/test_runner.py +264 -0
  114. 3tears_enforcement-0.14.0/tests/no_stdlib_logging/test_walkers.py +450 -0
  115. 3tears_enforcement-0.14.0/tests/underscore_access/__init__.py +0 -0
  116. 3tears_enforcement-0.14.0/tests/underscore_access/test_config.py +102 -0
  117. 3tears_enforcement-0.14.0/tests/underscore_access/test_root_split.py +188 -0
  118. 3tears_enforcement-0.14.0/tests/underscore_access/test_runner.py +302 -0
  119. 3tears_enforcement-0.14.0/tests/underscore_access/test_walkers.py +461 -0
@@ -0,0 +1,216 @@
1
+ # Byte-compiled / optimized / DLL files
2
+ __pycache__/
3
+ *.py[codz]
4
+ *$py.class
5
+
6
+ # C extensions
7
+ *.so
8
+
9
+ # Distribution / packaging
10
+ .Python
11
+ build/
12
+ develop-eggs/
13
+ dist/
14
+ downloads/
15
+ eggs/
16
+ .eggs/
17
+ lib/
18
+ lib64/
19
+ parts/
20
+ sdist/
21
+ var/
22
+ wheels/
23
+ share/python-wheels/
24
+ *.egg-info/
25
+ .installed.cfg
26
+ *.egg
27
+ MANIFEST
28
+
29
+ # PyInstaller
30
+ # Usually these files are written by a python script from a template
31
+ # before PyInstaller builds the exe, so as to inject date/other infos into it.
32
+ *.manifest
33
+ *.spec
34
+
35
+ # Installer logs
36
+ pip-log.txt
37
+ pip-delete-this-directory.txt
38
+
39
+ # Unit test / coverage reports
40
+ htmlcov/
41
+ .tox/
42
+ .nox/
43
+ .coverage
44
+ .coverage.*
45
+ .cache
46
+ nosetests.xml
47
+ coverage.xml
48
+ *.cover
49
+ *.py.cover
50
+ .hypothesis/
51
+ .pytest_cache/
52
+ cover/
53
+
54
+ # Translations
55
+ *.mo
56
+ *.pot
57
+
58
+ # Django stuff:
59
+ *.log
60
+ local_settings.py
61
+ db.sqlite3
62
+ db.sqlite3-journal
63
+
64
+ # Flask stuff:
65
+ instance/
66
+ .webassets-cache
67
+
68
+ # Scrapy stuff:
69
+ .scrapy
70
+
71
+ # Sphinx documentation
72
+ docs/_build/
73
+
74
+ # PyBuilder
75
+ .pybuilder/
76
+ target/
77
+
78
+ # Jupyter Notebook
79
+ .ipynb_checkpoints
80
+
81
+ # IPython
82
+ profile_default/
83
+ ipython_config.py
84
+
85
+ # pyenv
86
+ # For a library or package, you might want to ignore these files since the code is
87
+ # intended to run in multiple environments; otherwise, check them in:
88
+ # .python-version
89
+
90
+ # pipenv
91
+ # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
92
+ # However, in case of collaboration, if having platform-specific dependencies or dependencies
93
+ # having no cross-platform support, pipenv may install dependencies that don't work, or not
94
+ # install all needed dependencies.
95
+ #Pipfile.lock
96
+
97
+ # UV
98
+ # Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
99
+ # This is especially recommended for binary packages to ensure reproducibility, and is more
100
+ # commonly ignored for libraries.
101
+ #uv.lock
102
+
103
+ # poetry
104
+ # Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
105
+ # This is especially recommended for binary packages to ensure reproducibility, and is more
106
+ # commonly ignored for libraries.
107
+ # https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
108
+ #poetry.lock
109
+ #poetry.toml
110
+
111
+ # pdm
112
+ # Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
113
+ # pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
114
+ # https://pdm-project.org/en/latest/usage/project/#working-with-version-control
115
+ #pdm.lock
116
+ #pdm.toml
117
+ .pdm-python
118
+ .pdm-build/
119
+
120
+ # pixi
121
+ # Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
122
+ #pixi.lock
123
+ # Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
124
+ # in the .venv directory. It is recommended not to include this directory in version control.
125
+ .pixi
126
+
127
+ # PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
128
+ __pypackages__/
129
+
130
+ # Celery stuff
131
+ celerybeat-schedule
132
+ celerybeat.pid
133
+
134
+ # SageMath parsed files
135
+ *.sage.py
136
+
137
+ # Environments
138
+ .env
139
+ .envrc
140
+ .venv
141
+ env/
142
+ venv/
143
+ ENV/
144
+ env.bak/
145
+ venv.bak/
146
+
147
+ # Spyder project settings
148
+ .spyderproject
149
+ .spyproject
150
+
151
+ # Rope project settings
152
+ .ropeproject
153
+
154
+ # mkdocs documentation
155
+ /site
156
+
157
+ # mypy
158
+ .mypy_cache/
159
+ .dmypy.json
160
+ dmypy.json
161
+
162
+ # Pyre type checker
163
+ .pyre/
164
+
165
+ # pytype static type analyzer
166
+ .pytype/
167
+
168
+ # Cython debug symbols
169
+ cython_debug/
170
+
171
+ # PyCharm
172
+ # JetBrains specific template is maintained in a separate JetBrains.gitignore that can
173
+ # be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
174
+ # and can be added to the global gitignore or merged into this file. For a more nuclear
175
+ # option (not recommended) you can uncomment the following to ignore the entire idea folder.
176
+ #.idea/
177
+
178
+ # Abstra
179
+ # Abstra is an AI-powered process automation framework.
180
+ # Ignore directories containing user credentials, local state, and settings.
181
+ # Learn more at https://abstra.io/docs
182
+ .abstra/
183
+
184
+ # Visual Studio Code
185
+ # Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
186
+ # that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
187
+ # and can be added to the global gitignore or merged into this file. However, if you prefer,
188
+ # you could uncomment the following to ignore the entire vscode folder
189
+ # .vscode/
190
+
191
+ # Ruff stuff:
192
+ .ruff_cache/
193
+
194
+ # PyPI configuration file
195
+ .pypirc
196
+
197
+ # Cursor
198
+ # Cursor is an AI-powered code editor. `.cursorignore` specifies files/directories to
199
+ # exclude from AI features like autocomplete and code analysis. Recommended for sensitive data
200
+ # refer to https://docs.cursor.com/context/ignore-files
201
+ .cursorignore
202
+ .cursorindexingignore
203
+
204
+ # Marimo
205
+ marimo/_static/
206
+ marimo/_lsp/
207
+ __marimo__/
208
+
209
+ # Claude Code local state
210
+ .claude/
211
+
212
+ # prawduct session evidence (local governance artifacts, never shipped)
213
+ .prawduct/
214
+
215
+ # macOS folder metadata
216
+ .DS_Store
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Mark Pace
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,99 @@
1
+ Metadata-Version: 2.4
2
+ Name: 3tears-enforcement
3
+ Version: 0.14.0
4
+ Summary: Static-analysis enforcement scanners for the 3tears ecosystem (cache primitive contract, underscore-access discipline, codebase conventions, etc.)
5
+ Project-URL: Repository, https://github.com/pacepace/3tears
6
+ Author: pace
7
+ License-Expression: MIT
8
+ License-File: LICENSE
9
+ Classifier: Development Status :: 3 - Alpha
10
+ Classifier: Intended Audience :: Developers
11
+ Classifier: Programming Language :: Python :: 3
12
+ Classifier: Programming Language :: Python :: 3.14
13
+ Classifier: Topic :: Software Development :: Quality Assurance
14
+ Classifier: Topic :: Software Development :: Testing
15
+ Classifier: Typing :: Typed
16
+ Requires-Python: >=3.14
17
+ Requires-Dist: 3tears>=0.5.0
18
+ Provides-Extra: test
19
+ Requires-Dist: pytest>=8.0; extra == 'test'
20
+ Description-Content-Type: text/markdown
21
+
22
+ # 3tears-enforcement
23
+
24
+ Shared static-analysis enforcement scanners for the 3tears ecosystem.
25
+
26
+ ## What this package does
27
+
28
+ Each module under `threetears.enforcement.<domain>` ships an AST-based scanner that enforces a single architectural invariant across a Python source tree. Consumer repos import the scanner, inject their per-repo configuration (allowlists, exemption files, src roots), and run it from a thin pytest test class.
29
+
30
+ This replaces a previous pattern in which the same enforcement test files were vendored verbatim across multiple repos with manual sync requirements. The shared package eliminates duplication and drift while keeping per-repo configuration where it belongs.
31
+
32
+ ## Domains
33
+
34
+ | Module | Invariant enforced |
35
+ |---|---|
36
+ | `cache` | Every stateful data surface routes through `BaseCollection`; no bespoke SQLiteBackend wrappers; no direct pool access to Collection-backed tables; every migration-defined table has a Collection class. |
37
+ | `underscore_access` | Underscore prefix is a stability contract: no cross-module private import, no cross-class protected access, modules with public names have `__all__`, no subclass shadowing of base private attributes, no `__all__` listing private names. |
38
+ | `codebase_conventions` | No bare `print()`, no stdlib `logging.getLogger` (use `threetears.observe`), `from __future__ import annotations` required, return type annotations required. |
39
+ | `coercion_coverage` | Tool subclasses override `execute`, never `run`, preserving the `normalize_kwargs → execute` input-coercion path. |
40
+ | `dict_state_detection` | No raw `dict`/`OrderedDict` persistent state in `__init__`; use `SQLiteBackend` (L1) or NATS KV for shared state. |
41
+ | `logger_coverage` | Every production module declares a module-level `log = get_logger(__name__)` unless explicitly exempt. |
42
+ | `migration_yugabyte_safety` | Migration shapes are yugabyte-safe per `threetears.core.data.migrations.enforcement`. |
43
+ | `nats_wrapper_usage` | All `nats-py` imports route through `threetears.nats.NatsClient`; no direct `import nats`. |
44
+ | `no_silent_swallow` | Exception handlers must log, re-raise, or carry `# NOSILENT: <reason>`. |
45
+ | `no_stdlib_logging` | No production module imports stdlib `logging` directly; use `threetears.observe`. |
46
+
47
+ ## How to use it
48
+
49
+ Each domain exposes a configuration dataclass and a high-level runner:
50
+
51
+ ```python
52
+ # tests/enforcement/test_cache_primitive_usage.py
53
+ from pathlib import Path
54
+ from threetears.enforcement.cache import CacheEnforcementConfig, run_cache_enforcement
55
+
56
+ _CONFIG = CacheEnforcementConfig(
57
+ repo_root=Path(__file__).parents[2],
58
+ allowed_sqlite_construction_sites=frozenset({
59
+ "packages/registry/src/threetears/registry/l1_cache.py",
60
+ }),
61
+ collection_table_allowlist={
62
+ "memories": "MemoriesCollection",
63
+ # ... per-repo
64
+ },
65
+ migration_table_allowlist=frozenset({"_schema_migrations"}),
66
+ exemptions_path=Path(__file__).parent / "_cache_exemptions.txt",
67
+ enforcement_mode_env_var="CACHE_ENFORCEMENT_MODE",
68
+ )
69
+
70
+ class TestCachePrimitiveUsage:
71
+ def test_no_bespoke_sqlite_backend_construction(self) -> None:
72
+ run_cache_enforcement(_CONFIG, walker="sqlite_construction")
73
+
74
+ def test_no_bespoke_cache_wrapper_classes(self) -> None:
75
+ run_cache_enforcement(_CONFIG, walker="wrapper_class")
76
+
77
+ def test_no_direct_pool_access_to_collection_tables(self) -> None:
78
+ run_cache_enforcement(_CONFIG, walker="pool_access")
79
+
80
+ def test_all_tables_have_collections(self) -> None:
81
+ run_cache_enforcement(_CONFIG, walker="missing_collection")
82
+ ```
83
+
84
+ Per-repo exemption files (e.g., `_cache_exemptions.txt`) stay in the consumer repo's `tests/enforcement/` directory. The package's `parse_exemptions_with_rationale` reads them at test time.
85
+
86
+ ## How to onboard a new repo
87
+
88
+ 1. Add `3tears-enforcement` as a dev dependency.
89
+ 2. For each domain you want to enforce: create a thin shell test file at `tests/enforcement/test_<domain>.py` following the pattern above. Inject your repo's allowlists/exemptions.
90
+ 3. Create per-domain exemption files at `tests/enforcement/_<domain>_exemptions.txt` if needed. Every exemption requires a preceding `# rationale: <specific reason>` line.
91
+ 4. Run `pytest tests/enforcement/` to verify the scanners work against your tree.
92
+
93
+ ## How to add a new enforcement domain
94
+
95
+ 1. Create `src/threetears/enforcement/<domain>/` with `walkers.py`, `config.py`, `runner.py`, and `__init__.py`.
96
+ 2. Use `common/` helpers (`ast_helpers`, `repo_layout`, `pyproject_discovery`, `inheritance`, `exemptions`, `modes`, `violations`, `reports`). Do not duplicate scaffolding.
97
+ 3. Walkers return `list[Violation]`. Configs are frozen dataclasses. Runners orchestrate walker → exemption-application → mode-resolution → report.
98
+ 4. Write unit tests in `tests/<domain>/`.
99
+ 5. Document the domain in this README.
@@ -0,0 +1,78 @@
1
+ # 3tears-enforcement
2
+
3
+ Shared static-analysis enforcement scanners for the 3tears ecosystem.
4
+
5
+ ## What this package does
6
+
7
+ Each module under `threetears.enforcement.<domain>` ships an AST-based scanner that enforces a single architectural invariant across a Python source tree. Consumer repos import the scanner, inject their per-repo configuration (allowlists, exemption files, src roots), and run it from a thin pytest test class.
8
+
9
+ This replaces a previous pattern in which the same enforcement test files were vendored verbatim across multiple repos with manual sync requirements. The shared package eliminates duplication and drift while keeping per-repo configuration where it belongs.
10
+
11
+ ## Domains
12
+
13
+ | Module | Invariant enforced |
14
+ |---|---|
15
+ | `cache` | Every stateful data surface routes through `BaseCollection`; no bespoke SQLiteBackend wrappers; no direct pool access to Collection-backed tables; every migration-defined table has a Collection class. |
16
+ | `underscore_access` | Underscore prefix is a stability contract: no cross-module private import, no cross-class protected access, modules with public names have `__all__`, no subclass shadowing of base private attributes, no `__all__` listing private names. |
17
+ | `codebase_conventions` | No bare `print()`, no stdlib `logging.getLogger` (use `threetears.observe`), `from __future__ import annotations` required, return type annotations required. |
18
+ | `coercion_coverage` | Tool subclasses override `execute`, never `run`, preserving the `normalize_kwargs → execute` input-coercion path. |
19
+ | `dict_state_detection` | No raw `dict`/`OrderedDict` persistent state in `__init__`; use `SQLiteBackend` (L1) or NATS KV for shared state. |
20
+ | `logger_coverage` | Every production module declares a module-level `log = get_logger(__name__)` unless explicitly exempt. |
21
+ | `migration_yugabyte_safety` | Migration shapes are yugabyte-safe per `threetears.core.data.migrations.enforcement`. |
22
+ | `nats_wrapper_usage` | All `nats-py` imports route through `threetears.nats.NatsClient`; no direct `import nats`. |
23
+ | `no_silent_swallow` | Exception handlers must log, re-raise, or carry `# NOSILENT: <reason>`. |
24
+ | `no_stdlib_logging` | No production module imports stdlib `logging` directly; use `threetears.observe`. |
25
+
26
+ ## How to use it
27
+
28
+ Each domain exposes a configuration dataclass and a high-level runner:
29
+
30
+ ```python
31
+ # tests/enforcement/test_cache_primitive_usage.py
32
+ from pathlib import Path
33
+ from threetears.enforcement.cache import CacheEnforcementConfig, run_cache_enforcement
34
+
35
+ _CONFIG = CacheEnforcementConfig(
36
+ repo_root=Path(__file__).parents[2],
37
+ allowed_sqlite_construction_sites=frozenset({
38
+ "packages/registry/src/threetears/registry/l1_cache.py",
39
+ }),
40
+ collection_table_allowlist={
41
+ "memories": "MemoriesCollection",
42
+ # ... per-repo
43
+ },
44
+ migration_table_allowlist=frozenset({"_schema_migrations"}),
45
+ exemptions_path=Path(__file__).parent / "_cache_exemptions.txt",
46
+ enforcement_mode_env_var="CACHE_ENFORCEMENT_MODE",
47
+ )
48
+
49
+ class TestCachePrimitiveUsage:
50
+ def test_no_bespoke_sqlite_backend_construction(self) -> None:
51
+ run_cache_enforcement(_CONFIG, walker="sqlite_construction")
52
+
53
+ def test_no_bespoke_cache_wrapper_classes(self) -> None:
54
+ run_cache_enforcement(_CONFIG, walker="wrapper_class")
55
+
56
+ def test_no_direct_pool_access_to_collection_tables(self) -> None:
57
+ run_cache_enforcement(_CONFIG, walker="pool_access")
58
+
59
+ def test_all_tables_have_collections(self) -> None:
60
+ run_cache_enforcement(_CONFIG, walker="missing_collection")
61
+ ```
62
+
63
+ Per-repo exemption files (e.g., `_cache_exemptions.txt`) stay in the consumer repo's `tests/enforcement/` directory. The package's `parse_exemptions_with_rationale` reads them at test time.
64
+
65
+ ## How to onboard a new repo
66
+
67
+ 1. Add `3tears-enforcement` as a dev dependency.
68
+ 2. For each domain you want to enforce: create a thin shell test file at `tests/enforcement/test_<domain>.py` following the pattern above. Inject your repo's allowlists/exemptions.
69
+ 3. Create per-domain exemption files at `tests/enforcement/_<domain>_exemptions.txt` if needed. Every exemption requires a preceding `# rationale: <specific reason>` line.
70
+ 4. Run `pytest tests/enforcement/` to verify the scanners work against your tree.
71
+
72
+ ## How to add a new enforcement domain
73
+
74
+ 1. Create `src/threetears/enforcement/<domain>/` with `walkers.py`, `config.py`, `runner.py`, and `__init__.py`.
75
+ 2. Use `common/` helpers (`ast_helpers`, `repo_layout`, `pyproject_discovery`, `inheritance`, `exemptions`, `modes`, `violations`, `reports`). Do not duplicate scaffolding.
76
+ 3. Walkers return `list[Violation]`. Configs are frozen dataclasses. Runners orchestrate walker → exemption-application → mode-resolution → report.
77
+ 4. Write unit tests in `tests/<domain>/`.
78
+ 5. Document the domain in this README.
@@ -0,0 +1,39 @@
1
+ [build-system]
2
+ requires = ["hatchling"]
3
+ build-backend = "hatchling.build"
4
+
5
+ [project]
6
+ name = "3tears-enforcement"
7
+ version = "0.14.0"
8
+ description = "Static-analysis enforcement scanners for the 3tears ecosystem (cache primitive contract, underscore-access discipline, codebase conventions, etc.)"
9
+ readme = "README.md"
10
+ requires-python = ">=3.14"
11
+ authors = [{name = "pace"}]
12
+ license = "MIT"
13
+ license-files = ["LICENSE"]
14
+ classifiers = [
15
+ "Development Status :: 3 - Alpha",
16
+ "Intended Audience :: Developers",
17
+ "Programming Language :: Python :: 3",
18
+ "Programming Language :: Python :: 3.14",
19
+ "Topic :: Software Development :: Quality Assurance",
20
+ "Topic :: Software Development :: Testing",
21
+ "Typing :: Typed",
22
+ ]
23
+ dependencies = [
24
+ "3tears>=0.5.0",
25
+ ]
26
+
27
+ [project.optional-dependencies]
28
+ test = [
29
+ "pytest>=8.0",
30
+ ]
31
+
32
+ [project.urls]
33
+ Repository = "https://github.com/pacepace/3tears"
34
+
35
+ [tool.hatch.build.targets.wheel]
36
+ packages = ["src/threetears"]
37
+
38
+ [tool.uv.sources]
39
+ 3tears = { workspace = true }
@@ -0,0 +1,5 @@
1
+ """3tears-enforcement: shared static-analysis enforcement scanners.
2
+
3
+ See package README for the catalog of enforcement domains and onboarding
4
+ instructions for new consumer repos.
5
+ """
@@ -0,0 +1,52 @@
1
+ """cache enforcement domain — the 3tears Collection-as-the-primitive contract.
2
+
3
+ four walkers in this domain enforce that every stateful data surface
4
+ in a 3tears-consuming repo is a :class:`BaseCollection` (transitively)
5
+ rather than a bespoke wrapper around :class:`SQLiteBackend` or a raw
6
+ ``pool.fetch`` call:
7
+
8
+ - :func:`find_sqlite_constructions` — flag every
9
+ ``SQLiteBackend(...)`` call outside the sanctioned factories.
10
+ - :func:`find_wrapper_classes` — flag classes that hold a
11
+ ``SQLiteBackend`` field AND expose cache api (``get`` / ``put`` /
12
+ ``set`` / ``delete`` / ``upsert``) AND do NOT transitively subclass
13
+ any ``base_collection_names``.
14
+ - :func:`find_direct_pool_access` — flag ``pool.fetch`` /
15
+ ``fetchrow`` / ``fetchval`` / ``execute`` calls whose SQL text
16
+ references a table mapped in ``collection_table_allowlist``.
17
+ - :func:`find_missing_collections` — flag migration-defined tables
18
+ whose mapped Collection class does not transitively subclass any
19
+ ``base_collection_names``. **uses** :func:`transitively_subclasses_any
20
+ <threetears.enforcement.common.inheritance.transitively_subclasses_any>`
21
+ so chains like ``MemoriesCollection → SchemaBackedCollection →
22
+ BaseCollection`` resolve correctly across path-dep package
23
+ boundaries (this is the originally-failing bug fix the cache lift
24
+ was created for).
25
+
26
+ per-repo configuration goes through :class:`CacheEnforcementConfig`;
27
+ :func:`run_cache_enforcement` is the pytest-friendly entry point that
28
+ orchestrates the walkers, applies the rationale-required exemption
29
+ list, emits the report, and fails in strict mode.
30
+ """
31
+
32
+ from threetears.enforcement.cache.config import (
33
+ CacheEnforcementConfig,
34
+ )
35
+ from threetears.enforcement.cache.runner import (
36
+ run_cache_enforcement,
37
+ )
38
+ from threetears.enforcement.cache.walkers import (
39
+ find_direct_pool_access,
40
+ find_missing_collections,
41
+ find_sqlite_constructions,
42
+ find_wrapper_classes,
43
+ )
44
+
45
+ __all__ = [
46
+ "CacheEnforcementConfig",
47
+ "find_direct_pool_access",
48
+ "find_missing_collections",
49
+ "find_sqlite_constructions",
50
+ "find_wrapper_classes",
51
+ "run_cache_enforcement",
52
+ ]
@@ -0,0 +1,138 @@
1
+ """configuration dataclass for cache-primitive-usage enforcement.
2
+
3
+ the cache domain enforces a single contract: every stateful data
4
+ surface in a consuming repo is a :class:`BaseCollection` (transitively)
5
+ rather than a bespoke wrapper around :class:`SQLiteBackend` or raw
6
+ ``pool`` access. four walkers cover the four ways the contract can be
7
+ broken (bespoke construction, wrapper classes, direct pool access,
8
+ migration-defined tables that lack a Collection); one config dataclass
9
+ captures every per-repo knob.
10
+
11
+ the configurable knobs let consumers manage repo-specific allowlists
12
+ without forking the walkers:
13
+
14
+ - :attr:`allowed_sqlite_construction_sites` — relative-posix paths
15
+ where bare :class:`SQLiteBackend(...)` construction is sanctioned
16
+ (named factories like ``hub/common/l1_cache.py``). ``tests/`` trees
17
+ are always permitted regardless of this set; the canonical
18
+ hardcodes that.
19
+ - :attr:`collection_table_allowlist` — table-to-Collection-class
20
+ mapping. drives both the direct-pool-access walker (which knows
21
+ which tables have a Collection) and the missing-collection walker
22
+ (which verifies the named class actually exists and transitively
23
+ reaches a Collection base).
24
+ - :attr:`migration_table_allowlist` — bookkeeping tables defined in
25
+ migrations that legitimately lack Collections
26
+ (``_schema_migrations``, LangGraph ``checkpoints``).
27
+ - :attr:`base_collection_names` — terminal class names that satisfy
28
+ "this is a Collection". default is ``{"BaseCollection"}``;
29
+ intermediate bases (``SchemaBackedCollection``, etc.) are walked
30
+ transitively via the common inheritance graph and do NOT need to
31
+ be listed here.
32
+ - :attr:`scan_roots` / :attr:`inheritance_roots` — split src-root
33
+ responsibilities. ``scan_roots`` is *where to look for violations*
34
+ (defaults to :func:`find_local_src_roots
35
+ <threetears.enforcement.common.repo_layout.find_local_src_roots>`,
36
+ the consumer's own code only — never path-deps). ``inheritance_roots``
37
+ is *where to build the cross-package class-base graph* used by
38
+ :func:`find_wrapper_classes` and :func:`find_missing_collections`'s
39
+ transitive subclass walk (defaults to :func:`discover_src_roots
40
+ <threetears.enforcement.common.pyproject_discovery.discover_src_roots>`,
41
+ which is path-dep aware so chains like ``MemoriesCollection →
42
+ SchemaBackedCollection → BaseCollection`` resolve across package
43
+ boundaries). splitting them prevents Option B path-dep walking from
44
+ dragging upstream code into the violation scan.
45
+ """
46
+
47
+ from __future__ import annotations
48
+
49
+ from dataclasses import dataclass, field
50
+ from pathlib import Path
51
+
52
+ __all__ = ["CacheEnforcementConfig"]
53
+
54
+
55
+ _DEFAULT_CACHE_METHOD_NAMES: frozenset[str] = frozenset(
56
+ {
57
+ "get",
58
+ "put",
59
+ "set",
60
+ "delete",
61
+ "upsert",
62
+ }
63
+ )
64
+
65
+
66
+ _DEFAULT_BASE_COLLECTION_NAMES: frozenset[str] = frozenset({"BaseCollection"})
67
+
68
+
69
+ @dataclass(frozen=True)
70
+ class CacheEnforcementConfig:
71
+ """per-repo config for the cache-primitive-usage enforcement domain.
72
+
73
+ :ivar repo_root: absolute path to the consumer repo's root (the
74
+ directory containing its top-level ``pyproject.toml``).
75
+ :ivar scan_roots: where to LOOK for violations. when ``None``, the
76
+ runner uses :func:`find_local_src_roots
77
+ <threetears.enforcement.common.repo_layout.find_local_src_roots>`
78
+ — always scoped to the consumer's own code, never walks
79
+ path-deps. set explicitly only to override discovery in tests
80
+ or specialised harnesses.
81
+ :ivar inheritance_roots: where to BUILD the inheritance graph
82
+ (used by :func:`~threetears.enforcement.cache.walkers.find_wrapper_classes`
83
+ and :func:`~threetears.enforcement.cache.walkers.find_missing_collections`
84
+ for :func:`transitively_subclasses_any
85
+ <threetears.enforcement.common.inheritance.transitively_subclasses_any>`).
86
+ when ``None``, the runner uses :func:`discover_src_roots
87
+ <threetears.enforcement.common.pyproject_discovery.discover_src_roots>`
88
+ — path-dep aware so chains like ``MemoriesCollection →
89
+ SchemaBackedCollection → BaseCollection`` resolve correctly
90
+ across package boundaries.
91
+ :ivar exemptions_path: path to ``_cache_exemptions.txt``;
92
+ ``None`` means "no exemptions file". the file uses the shared
93
+ rationale-required ``file:line:symbol`` format parsed by
94
+ :func:`~threetears.enforcement.common.exemptions.parse_exemptions_with_rationale`.
95
+ :ivar mode_env_var: environment variable controlling strict vs
96
+ report mode. defaults to ``CACHE_ENFORCEMENT_MODE``.
97
+ :ivar allowed_sqlite_construction_sites: forward-slash relative
98
+ paths (relative to ``repo_root``) where bare
99
+ :class:`SQLiteBackend(...)` construction is sanctioned. files
100
+ under any ``tests/`` directory are always permitted regardless
101
+ of this set; the canonical hardcodes that.
102
+ :ivar collection_table_allowlist: ``{table_name:
103
+ expected_collection_class_name}`` mapping. drives both
104
+ :func:`~threetears.enforcement.cache.walkers.find_direct_pool_access`
105
+ (which tables have a Collection) and
106
+ :func:`~threetears.enforcement.cache.walkers.find_missing_collections`
107
+ (which verifies the named class transitively reaches a
108
+ Collection base).
109
+ :ivar migration_table_allowlist: tables created in migrations that
110
+ legitimately lack Collections. bookkeeping tables (e.g.
111
+ ``_schema_migrations``), LangGraph state (``checkpoints``,
112
+ ``checkpoint_writes``), and tables owned by sibling repos.
113
+ :ivar cache_method_names: public method names that, combined with
114
+ a :class:`SQLiteBackend` field, indicate a wrapper class.
115
+ kept liberal so any new bespoke wrapper hits the walker;
116
+ defaults to ``{"get", "put", "set", "delete", "upsert"}``.
117
+ :ivar base_collection_names: terminal class names that satisfy
118
+ "this is a Collection." default is just ``{"BaseCollection"}``
119
+ — transitive walking through ``SchemaBackedCollection`` and
120
+ other intermediate bases is automatic via
121
+ :func:`~threetears.enforcement.common.inheritance.transitively_subclasses_any`.
122
+ consumers do NOT need to enumerate intermediate bases here.
123
+ """
124
+
125
+ repo_root: Path
126
+ scan_roots: tuple[Path, ...] | None = None
127
+ inheritance_roots: tuple[Path, ...] | None = None
128
+ exemptions_path: Path | None = None
129
+ mode_env_var: str = "CACHE_ENFORCEMENT_MODE"
130
+ allowed_sqlite_construction_sites: frozenset[str] = frozenset()
131
+ collection_table_allowlist: dict[str, str] = field(default_factory=dict)
132
+ migration_table_allowlist: frozenset[str] = frozenset()
133
+ cache_method_names: frozenset[str] = field(
134
+ default_factory=lambda: _DEFAULT_CACHE_METHOD_NAMES,
135
+ )
136
+ base_collection_names: frozenset[str] = field(
137
+ default_factory=lambda: _DEFAULT_BASE_COLLECTION_NAMES,
138
+ )