altcodepro-polydb-python 2.3.11__tar.gz → 2.3.13__tar.gz

{altcodepro_polydb_python-2.3.11/src/altcodepro_polydb_python.egg-info → altcodepro_polydb_python-2.3.13}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: altcodepro-polydb-python
-Version: 2.3.11
+Version: 2.3.13
 Summary: Production-ready multi-cloud database abstraction layer with connection pooling, retry logic, and thread safety
 Author: AltCodePro
 Project-URL: Homepage, https://github.com/altcodepro/polydb-python

{altcodepro_polydb_python-2.3.11 → altcodepro_polydb_python-2.3.13}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "altcodepro-polydb-python"
-version = "2.3.11"
+version = "2.3.13"
 description = "Production-ready multi-cloud database abstraction layer with connection pooling, retry logic, and thread safety"
 readme = { file = "README.md", content-type = "text/markdown" }
 requires-python = ">=3.11"

{altcodepro_polydb_python-2.3.11 → altcodepro_polydb_python-2.3.13/src/altcodepro_polydb_python.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: altcodepro-polydb-python
-Version: 2.3.11
+Version: 2.3.13
 Summary: Production-ready multi-cloud database abstraction layer with connection pooling, retry logic, and thread safety
 Author: AltCodePro
 Project-URL: Homepage, https://github.com/altcodepro/polydb-python

{altcodepro_polydb_python-2.3.11 → altcodepro_polydb_python-2.3.13}/src/polydb/adapters/AzureTableStorageAdapter.py

@@ -116,11 +116,17 @@ class AzureTableStorageAdapter(NoSQLKVAdapter):
         if v is None:
             return None
 
+        # Treat empty containers as absent — let the row omit the property.
+        if isinstance(v, (list, tuple, dict)) and len(v) == 0:
+            return None
+
         if isinstance(v, bytes):
             return _BYTES_PREFIX + base64.b64encode(v).decode("ascii")
 
-        if isinstance(v, (dict, list)):
-            return _JSON_PREFIX + json.dumps(v, default=json_safe)
+        if isinstance(v, (dict, list, tuple)):
+            return _JSON_PREFIX + json.dumps(
+                list(v) if isinstance(v, tuple) else v, default=json_safe
+            )
 
         if isinstance(v, UUID):
             return str(v)

{altcodepro_polydb_python-2.3.11 → altcodepro_polydb_python-2.3.13}/src/polydb/adapters/PostgreSQLAdapter.py

@@ -8,8 +8,6 @@ import hashlib
 from contextlib import contextmanager
 import json
 from datetime import datetime, date
-
-
 from ..errors import DatabaseError, ConnectionError
 from ..retry import retry
 from ..utils import validate_table_name, validate_column_name
@@ -102,34 +100,46 @@ class PostgreSQLAdapter:
 
     def _serialize_value(self, v: Any) -> Any:
         """
-        Make all outgoing values safe for psycopg2.
+        Make outgoing values safe for psycopg2 across mixed column types.
 
         Rules:
-        - dict -> Json()
-        - list -> leave as list (so TEXT[] works)
-        - datetime/date -> pass as native (psycopg2 handles it)
-        - Decimal -> convert to float
-        - everything else -> pass as-is
+        None / empty list / empty dict   -> None  (becomes NULL on any column)
+        list of primitives (str/int/...) -> native list (psycopg2 maps to TEXT[]/INT[])
+        list containing dicts            -> Json(list)  (for JSONB columns)
+        dict                             -> Json(dict)
+        datetime/date                    -> native
+        Decimal                          -> float
+        everything else                  -> as-is
         """
+        # NULL-ify empties so they're valid for TEXT[], JSONB, and plain columns alike.
         from psycopg2.extras import Json
 
         if v is None:
             return None
+        if isinstance(v, (list, tuple)) and len(v) == 0:
+            return None
+        if isinstance(v, dict) and len(v) == 0:
+            return None
 
-        # Dict -> JSON/JSONB
+        # Dict -> JSONB
         if isinstance(v, dict):
             return Json(self._json_safe(v))
 
-        # List:
-        # DO NOT wrap in Json() automatically.
-        # If column is JSONB, Postgres will still accept Json(list).
-        # But for TEXT[] columns we must send Python list.
-        if isinstance(v, list):
+        # List: route by element type.
+        if isinstance(v, (list, tuple)):
+            v = list(v)
+            # If ANY element is a dict, treat as JSON payload (for JSONB columns).
+            if any(isinstance(x, dict) for x in v):
+                return Json(v)
+            # If ALL elements are primitives, send as native list for TEXT[]/INT[].
+            if all(isinstance(x, (str, int, float, bool, type(None))) for x in v):
+                return v
+            # Mixed / nested -> safest is JSONB
             return Json(v)
 
         # Datetime / date
         if isinstance(v, (datetime, date)):
-            return v  # psycopg2 handles natively
+            return v
 
         # Decimal
         if isinstance(v, Decimal):

altcodepro_polydb_python-2.3.13/src/polydb/audit/AuditStorage.py

@@ -0,0 +1,164 @@
+# src/polydb/audit/AuditStorage.py
+from __future__ import annotations
+
+import threading
+from typing import Optional, Dict, Any
+
+from .models import AuditRecord
+from ..cloudDatabaseFactory import CloudDatabaseFactory
+
+
+class AuditStorage:
+    """Audit log with distributed-safe hash chaining"""
+
+    _lock = threading.Lock()
+
+    def __init__(self):
+        self.factory = CloudDatabaseFactory()
+        self.sql = self.factory.get_sql()
+        self._ensure_table()
+
+    @staticmethod
+    def _is_unique_violation(exc: Exception) -> bool:
+        s = str(exc).lower()
+        return "23505" in s or "duplicate key" in s or "unique constraint" in s
+
+    def _ensure_table(self):
+        """Create audit table if not exists"""
+        try:
+            schema = """
+            CREATE TABLE IF NOT EXISTS polydb_audit_log (
+                audit_id UUID PRIMARY KEY,
+                timestamp TIMESTAMP NOT NULL,
+                tenant_id VARCHAR(255),
+                actor_id VARCHAR(255),
+                roles TEXT[],
+                action VARCHAR(50) NOT NULL,
+                model VARCHAR(255) NOT NULL,
+                entity_id VARCHAR(255),
+                storage_type VARCHAR(20) NOT NULL,
+                provider VARCHAR(50) NOT NULL,
+                success BOOLEAN NOT NULL,
+                before JSONB,
+                after JSONB,
+                changed_fields TEXT[],
+                trace_id VARCHAR(255),
+                request_id VARCHAR(255),
+                ip_address VARCHAR(45),
+                user_agent TEXT,
+                error TEXT,
+                hash VARCHAR(64) NOT NULL,
+                previous_hash VARCHAR(64) NOT NULL DEFAULT '',
+                CONSTRAINT uq_audit_chain UNIQUE (tenant_id, previous_hash),
+                created_at TIMESTAMP DEFAULT NOW()
+            );
+            
+            CREATE INDEX IF NOT EXISTS idx_audit_tenant_timestamp 
+                ON polydb_audit_log(tenant_id, timestamp DESC);
+            CREATE INDEX IF NOT EXISTS idx_audit_model_entity 
+                ON polydb_audit_log(model, entity_id);
+            CREATE INDEX IF NOT EXISTS idx_audit_actor 
+                ON polydb_audit_log(actor_id, timestamp DESC);
+            CREATE INDEX IF NOT EXISTS idx_audit_hash_chain 
+                ON polydb_audit_log(tenant_id, timestamp DESC, previous_hash);
+            """
+
+            self.sql.execute(schema)
+        except Exception:
+            # Table may already exist
+            pass
+
+    def get_last_hash(self, tenant_id: Optional[str]) -> Optional[str]:
+        """Get most recent hash with strict ordering (distributed-safe)"""
+        with self._lock:
+            try:
+                from ..query import QueryBuilder, Operator
+
+                builder = QueryBuilder()
+
+                if tenant_id is not None:
+                    builder.where("tenant_id", Operator.EQ, tenant_id)
+
+                builder.order_by("timestamp", descending=True).take(1)
+
+                results = self.sql.query_linq("polydb_audit_log", builder)
+
+                if results and len(results) > 0:
+                    return results[0].get("hash")
+
+                return None
+            except Exception:
+                return None
+
+    def persist(self, record: AuditRecord) -> None:
+        """Append to the hash chain. Concurrency-safe ACROSS PROCESSES via the
+        UNIQUE(tenant_id, previous_hash) constraint + bounded retry: if two
+        writers race on the same predecessor, the loser re-reads the new tail
+        and re-chains instead of forking. (threading.Lock alone was only
+        process-local — the old "distributed-safe" claim was false.)"""
+        from dataclasses import asdict
+        from .models import compute_audit_hash
+
+        last_err: Optional[Exception] = None
+        for _ in range(8):
+            with self._lock:
+                prev = self.get_last_hash(record.tenant_id) or ""
+                record.previous_hash = prev
+                record.hash = compute_audit_hash(asdict(record))
+                row = {
+                    "audit_id": record.audit_id,
+                    "timestamp": record.timestamp,
+                    "tenant_id": record.tenant_id,
+                    "actor_id": record.actor_id,
+                    "roles": record.roles or None,
+                    "action": record.action,
+                    "model": record.model,
+                    "entity_id": record.entity_id,
+                    "storage_type": record.storage_type,
+                    "provider": record.provider,
+                    "success": record.success,
+                    "before": record.before,
+                    "after": record.after,
+                    "changed_fields": record.changed_fields or None,
+                    "trace_id": record.trace_id,
+                    "request_id": record.request_id,
+                    "ip_address": record.ip_address,
+                    "user_agent": record.user_agent,
+                    "error": record.error,
+                    "hash": record.hash,
+                    "previous_hash": record.previous_hash,
+                }
+                try:
+                    self.sql.insert("polydb_audit_log", row)
+                    return
+                except Exception as e:
+                    if self._is_unique_violation(e):
+                        last_err = e
+                        continue
+                    raise
+        raise last_err or RuntimeError("audit persist failed after retries")
+
+    def verify_chain(self, tenant_id: Optional[str] = None) -> bool:
+        """Verify BOTH chain linkage AND per-record content integrity.
+        The old version only checked previous_hash linkage, so editing
+        before/after/action while leaving `hash` intact passed silently."""
+        from ..query import QueryBuilder, Operator
+        from .models import compute_audit_hash
+
+        builder = QueryBuilder()
+        if tenant_id is not None:
+            builder.where("tenant_id", Operator.EQ, tenant_id)
+        builder.order_by("timestamp", descending=False)
+
+        records = self.sql.query_linq("polydb_audit_log", builder)
+        if not records:
+            return True
+
+        prev = ""
+        for r in records:
+            if (r.get("previous_hash") or "") != prev:
+                return False
+            if r.get("hash") != compute_audit_hash(r):  # content tamper check
+                return False
+            prev = r.get("hash")
+        return True

{altcodepro_polydb_python-2.3.11 → altcodepro_polydb_python-2.3.13}/src/polydb/audit/models.py

@@ -1,15 +1,52 @@
 # src/polydb/audit/models.py
 
 from dataclasses import dataclass, asdict
-from datetime import datetime
 from typing import Any, Dict, List, Optional
 import uuid
 import hashlib
 import json
-
+from datetime import datetime, timezone
 from ..json_safe import json_safe
 
 
+def _iso(ts: Any) -> str:
+    return ts.isoformat() if hasattr(ts, "isoformat") else str(ts)
+
+
+def canonical_audit_payload(src: Dict[str, Any]) -> str:
+    """Deterministic JSON for the hash chain. Identical whether `src` is a
+    freshly-built record (asdict) or a row read back from Postgres, so the
+    create-time hash and the verify-time recomputed hash match.
+    Normalizes [] vs NULL and timestamp formatting; excludes `hash`."""
+    payload = {
+        "audit_id": src.get("audit_id"),
+        "timestamp": _iso(src.get("timestamp")),
+        "tenant_id": src.get("tenant_id"),
+        "actor_id": src.get("actor_id"),
+        "roles": list(src.get("roles") or []),
+        "action": src.get("action"),
+        "model": src.get("model"),
+        "entity_id": src.get("entity_id"),
+        "storage_type": src.get("storage_type"),
+        "provider": src.get("provider"),
+        "success": bool(src.get("success")),
+        "before": src.get("before"),
+        "after": src.get("after"),
+        "changed_fields": list(src.get("changed_fields") or []),
+        "trace_id": src.get("trace_id"),
+        "request_id": src.get("request_id"),
+        "ip_address": src.get("ip_address"),
+        "user_agent": src.get("user_agent"),
+        "error": src.get("error"),
+        "previous_hash": src.get("previous_hash") or "",
+    }
+    return json.dumps(payload, sort_keys=True, default=json_safe)
+
+
+def compute_audit_hash(src: Dict[str, Any]) -> str:
+    return hashlib.sha256(canonical_audit_payload(src).encode()).hexdigest()
+
+
 @dataclass
 class AuditRecord:
     audit_id: str
@@ -55,7 +92,7 @@ class AuditRecord:
         context,
         previous_hash: Optional[str] = None,
     ):
-        now = datetime.utcnow().isoformat()
+        now = datetime.now(timezone.utc).replace(tzinfo=None).isoformat()
         audit_id = str(uuid.uuid4())
 
         record = cls(
@@ -81,8 +118,6 @@ class AuditRecord:
             previous_hash=previous_hash,
         )
 
-        record.hash = hashlib.sha256(
-            json.dumps(asdict(record), sort_keys=True,default=json_safe).encode()
-        ).hexdigest()
+        record.hash = compute_audit_hash(asdict(record))
 
         return record

{altcodepro_polydb_python-2.3.11 → altcodepro_polydb_python-2.3.13}/src/polydb/query.py

@@ -4,6 +4,7 @@ from __future__ import annotations
 from dataclasses import dataclass, field
 from typing import Any, Dict, List, Optional, Union
 from enum import Enum
+from .utils import validate_column_name
 
 
 class Operator(Enum):
@@ -130,6 +131,7 @@ class QueryBuilder:
         params = []
 
         for f in self.filters:
+            validate_column_name(f.field)
 
             if f.operator == Operator.EQ:
                 clauses.append(f"{f.field} = %s")
@@ -156,14 +158,15 @@ class QueryBuilder:
                 params.append(f.value)
 
             elif f.operator == Operator.IN:
-
                 if isinstance(f.value, (list, tuple)):
-                    placeholders = ",".join(["%s"] * len(f.value))
-                    clauses.append(f"{f.field} IN ({placeholders})")
-                    params.extend(f.value)
-
+                    if not f.value:
+                        clauses.append("1=0")  # empty IN → match nothing
+                    else:
+                        placeholders = ",".join(["%s"] * len(f.value))
+                        clauses.append(f"{f.field} IN ({placeholders})")
+                        params.extend(f.value)
                 else:
-                    clauses.append(f"{f.field} LIKE %s")
+                    clauses.append(f"{f.field} = %s")  # scalar IN == equality
                     params.append(f.value)
 
             elif f.operator == Operator.NOT_IN:

{altcodepro_polydb_python-2.3.11 → altcodepro_polydb_python-2.3.13}/src/polydb/retry.py

@@ -12,42 +12,49 @@ from typing import Callable, Optional, Tuple, Type
 # Metrics hooks for enterprise monitoring
 class MetricsHooks:
     """Metrics hooks that users can override for monitoring"""
-    
+
     @staticmethod
     def on_query_start(operation: str, **kwargs):
         """Called when query starts"""
         pass
-    
+
     @staticmethod
     def on_query_end(operation: str, duration: float, success: bool, **kwargs):
         """Called when query ends"""
         pass
-    
+
     @staticmethod
     def on_error(operation: str, error: Exception, **kwargs):
         """Called when error occurs"""
         pass
 
 
-def retry(max_attempts: int = 3, delay: float = 1.0, backoff: float = 2.0, 
-        exceptions: Tuple[Type[Exception], ...] = (Exception,)):
+def retry(
+    max_attempts: int = 3,
+    delay: float = 1.0,
+    backoff: float = 2.0,
+    exceptions: Tuple[Type[Exception], ...] = (Exception,),
+):
     """
     Retry decorator with exponential backoff
-    
+
     Args:
         max_attempts: Maximum number of retry attempts
         delay: Initial delay between retries (seconds)
         backoff: Backoff multiplier
         exceptions: Tuple of exceptions to catch
     """
+    if max_attempts < 1:
+        raise ValueError("max_attempts must be >= 1")
+
     def decorator(func: Callable) -> Callable:
         @wraps(func)
         def wrapper(*args, **kwargs):
             attempt = 0
             current_delay = delay
-            
+
             logger = logging.getLogger(__name__)
-            
+
             while attempt < max_attempts:
                 start_time = time.time()
                 try:
@@ -61,16 +68,20 @@ def retry(max_attempts: int = 3, delay: float = 1.0, backoff: float = 2.0,
                     duration = time.time() - start_time
                     MetricsHooks.on_query_end(func.__name__, duration, False)
                     MetricsHooks.on_error(func.__name__, e)
-                    
+
                     if attempt >= max_attempts:
                         raise
-                    
+
                     logger.warning(
                         f"Attempt {attempt}/{max_attempts} failed for {func.__name__}: {str(e)}. "
                         f"Retrying in {current_delay}s..."
                     )
                     time.sleep(current_delay)
                     current_delay *= backoff
-            
+            raise RuntimeError(
+                f"{func.__name__} exhausted {max_attempts} attempts without returning"
+            )
+
         return wrapper
-    return decorator
+
+    return decorator

{altcodepro_polydb_python-2.3.11 → altcodepro_polydb_python-2.3.13}/src/polydb/security.py

@@ -2,6 +2,7 @@
 """
 Security features: encryption, masking, row-level security
 """
+
 from typing import Dict, Any, List, Optional, Callable, Union
 from dataclasses import dataclass
 import hashlib
@@ -50,7 +51,7 @@ class FieldEncryption:
         """Encrypt arbitrary value (serialize if non-str)"""
         if value is None:
             return ""
-        data = json.dumps(value,default=json_safe) if not isinstance(value, str) else value
+        data = json.dumps(value, default=json_safe) if not isinstance(value, str) else value
         try:
             from cryptography.hazmat.primitives.ciphers.aead import AESGCM
 
@@ -91,9 +92,11 @@ class FieldEncryption:
         except ImportError:
             raise ImportError("cryptography not installed")
         except Exception as e:
-            # On decrypt failure, return masked or original to avoid crashes
-            logger.warning(f"Decryption failed: {e}. Returning original value.")
-            return encrypted_data
+            # Fail loud. Returning ciphertext as if it were plaintext masks
+            # key-rotation errors / corruption and leaks the 'encrypted:' blob
+            # into application data.
+            logger.error("Field decryption failed: %s", e)
+            raise
 
     def encrypt_fields(self, data: Dict[str, Any], fields: List[str]) -> Dict[str, Any]:
         """Encrypt specified fields in data dict"""

altcodepro_polydb_python-2.3.11/src/polydb/audit/AuditStorage.py

@@ -1,136 +0,0 @@
-# src/polydb/audit/AuditStorage.py
-from __future__ import annotations
-
-import threading
-from typing import Optional, Dict, Any
-
-from .models import AuditRecord
-from ..cloudDatabaseFactory import CloudDatabaseFactory
-
-
-class AuditStorage:
-    """Audit log with distributed-safe hash chaining"""
-    
-    _lock = threading.Lock()
-    
-    def __init__(self):
-        self.factory = CloudDatabaseFactory()
-        self.sql = self.factory.get_sql()
-        self._ensure_table()
-    
-    def _ensure_table(self):
-        """Create audit table if not exists"""
-        try:
-            schema = """
-            CREATE TABLE IF NOT EXISTS polydb_audit_log (
-                audit_id UUID PRIMARY KEY,
-                timestamp TIMESTAMP NOT NULL,
-                tenant_id VARCHAR(255),
-                actor_id VARCHAR(255),
-                roles TEXT[],
-                action VARCHAR(50) NOT NULL,
-                model VARCHAR(255) NOT NULL,
-                entity_id VARCHAR(255),
-                storage_type VARCHAR(20) NOT NULL,
-                provider VARCHAR(50) NOT NULL,
-                success BOOLEAN NOT NULL,
-                before JSONB,
-                after JSONB,
-                changed_fields TEXT[],
-                trace_id VARCHAR(255),
-                request_id VARCHAR(255),
-                ip_address VARCHAR(45),
-                user_agent TEXT,
-                error TEXT,
-                hash VARCHAR(64) NOT NULL,
-                previous_hash VARCHAR(64),
-                created_at TIMESTAMP DEFAULT NOW()
-            );
-            
-            CREATE INDEX IF NOT EXISTS idx_audit_tenant_timestamp 
-                ON polydb_audit_log(tenant_id, timestamp DESC);
-            CREATE INDEX IF NOT EXISTS idx_audit_model_entity 
-                ON polydb_audit_log(model, entity_id);
-            CREATE INDEX IF NOT EXISTS idx_audit_actor 
-                ON polydb_audit_log(actor_id, timestamp DESC);
-            CREATE INDEX IF NOT EXISTS idx_audit_hash_chain 
-                ON polydb_audit_log(tenant_id, timestamp DESC, previous_hash);
-            """
-            
-            self.sql.execute(schema)
-        except Exception:
-            # Table may already exist
-            pass
-    
-    def get_last_hash(self, tenant_id: Optional[str]) -> Optional[str]:
-        """Get most recent hash with strict ordering (distributed-safe)"""
-        with self._lock:
-            try:
-                from ..query import QueryBuilder, Operator
-                
-                builder = QueryBuilder()
-                
-                if tenant_id is not None:
-                    builder.where('tenant_id', Operator.EQ, tenant_id)
-                
-                builder.order_by('timestamp', descending=True).take(1)
-                
-                results = self.sql.query_linq('polydb_audit_log', builder)
-                
-                if results and len(results) > 0:
-                    return results[0].get('hash')
-                
-                return None
-            except Exception:
-                return None
-    
-    def persist(self, record: AuditRecord) -> None:
-        """Persist with lock to ensure chain integrity"""
-        with self._lock:
-            self.sql.insert('polydb_audit_log', {
-                'audit_id': record.audit_id,
-                'timestamp': record.timestamp,
-                'tenant_id': record.tenant_id,
-                'actor_id': record.actor_id,
-                'roles': record.roles,
-                'action': record.action,
-                'model': record.model,
-                'entity_id': record.entity_id,
-                'storage_type': record.storage_type,
-                'provider': record.provider,
-                'success': record.success,
-                'before': record.before,
-                'after': record.after,
-                'changed_fields': record.changed_fields,
-                'trace_id': record.trace_id,
-                'request_id': record.request_id,
-                'ip_address': record.ip_address,
-                'user_agent': record.user_agent,
-                'error': record.error,
-                'hash': record.hash,
-                'previous_hash': record.previous_hash,
-            })
-    
-    def verify_chain(self, tenant_id: Optional[str] = None) -> bool:
-        """Verify hash chain integrity"""
-        from ..query import QueryBuilder, Operator
-        
-        builder = QueryBuilder()
-        
-        if tenant_id is not None:
-            builder.where('tenant_id', Operator.EQ, tenant_id)
-        
-        builder.order_by('timestamp', descending=False)
-        
-        records = self.sql.query_linq('polydb_audit_log', builder)
-        
-        if not records:
-            return True
-        
-        prev_hash = None
-        for record in records:
-            if record.get('previous_hash') != prev_hash:
-                return False
-            prev_hash = record.get('hash')
-        
-        return True