eitohforge 0.1.0__tar.gz

eitohforge-0.1.0/.github/workflows/ci.yml

@@ -0,0 +1,145 @@
+name: CI
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  quality:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+
+      - name: Ruff
+        run: ruff check .
+
+      - name: Mypy
+        run: mypy src
+
+      - name: Pytest (with coverage gate)
+        run: >
+          pytest
+          --strict-markers
+          --cov=eitohforge_sdk
+          --cov=eitohforge_cli
+          --cov-fail-under=82
+          --cov-report=term-missing
+
+      - name: Migration policy check
+        run: python scripts/check_migration_policy.py
+
+      - name: Packaging metadata check
+        run: python scripts/validate_packaging_metadata.py
+
+  example-smoke:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install EitohForge + example packages
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+          pip install -e "examples/example-minimal[dev]"
+          pip install -e "examples/example-enterprise[dev]"
+
+      - name: Pytest example-minimal
+        run: pytest examples/example-minimal/tests -q
+
+      - name: Pytest example-enterprise
+        run: pytest examples/example-enterprise/tests -q
+
+  package-build:
+    runs-on: ubuntu-latest
+    env:
+      SOURCE_DATE_EPOCH: "1735689600"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install build dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install build twine
+
+      - name: Build pass A
+        run: python -m build --sdist --wheel --outdir dist-pass-a
+
+      - name: Build pass B
+        run: python -m build --sdist --wheel --outdir dist-pass-b
+
+      - name: Verify reproducibility
+        run: python scripts/verify_reproducible_build.py dist-pass-a dist-pass-b
+
+      - name: Validate distribution metadata
+        run: twine check dist-pass-a/*
+
+      - name: Upload package artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: package-artifacts
+          path: dist-pass-a/*
+
+  security-compliance:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install project + security/compliance tooling (locked)
+        run: uv sync --all-extras --frozen
+
+      - name: Export requirements for audit (exclude local package)
+        run: |
+          mkdir -p compliance
+          uv export --format requirements-txt --all-extras --no-emit-project --frozen -o compliance/audit-requirements.txt
+
+      - name: Dependency vulnerability audit
+        run: uv run pip-audit --strict -r compliance/audit-requirements.txt
+
+      - name: Generate SBOM
+        run: |
+          mkdir -p compliance
+          uv run cyclonedx-py environment --output-file compliance/sbom.cdx.json --of JSON
+
+      - name: Generate dependency licenses report
+        run: uv run pip-licenses --format=json --output-file=./compliance/licenses.json
+
+      - name: Enforce dependency license policy
+        run: uv run python scripts/check_license_policy.py
+
+      - name: Upload compliance artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: compliance-artifacts
+          path: compliance/*

eitohforge-0.1.0/.github/workflows/publish-internal.yml

@@ -0,0 +1,85 @@
+name: Publish Internal Registry
+
+on:
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: "Run build and checks without uploading"
+        required: true
+        default: true
+        type: boolean
+
+permissions:
+  contents: read
+  id-token: write
+  attestations: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      SOURCE_DATE_EPOCH: "1735689600"
+      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install release tools
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[release]"
+
+      - name: Build wheel and sdist
+        run: python -m build --sdist --wheel
+
+      - name: Validate distributions
+        run: twine check dist/*
+
+      - name: Upload package artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: internal-release-artifacts
+          path: dist/*
+
+      # Skipped on private user-owned repos (GitHub does not persist attestations there).
+      - name: Generate provenance attestation
+        if: github.repository_visibility == 'public'
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-path: "dist/*"
+
+  publish:
+    runs-on: ubuntu-latest
+    needs: build
+    if: ${{ !inputs.dry_run }}
+    environment: internal-release
+    steps:
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: internal-release-artifacts
+          path: dist
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install twine
+        run: |
+          python -m pip install --upgrade pip
+          pip install twine
+
+      - name: Publish to internal package registry
+        env:
+          TWINE_USERNAME: ${{ secrets.INTERNAL_PYPI_USERNAME }}
+          TWINE_PASSWORD: ${{ secrets.INTERNAL_PYPI_PASSWORD }}
+          INTERNAL_REPOSITORY_URL: ${{ secrets.INTERNAL_PYPI_REPOSITORY_URL }}
+        run: |
+          test -n "$INTERNAL_REPOSITORY_URL"
+          twine upload --repository-url "$INTERNAL_REPOSITORY_URL" dist/*

eitohforge-0.1.0/.github/workflows/publish-pypi.yml

@@ -0,0 +1,74 @@
+name: Publish PyPI (Guarded)
+
+on:
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: "Run full release checks but do not publish"
+        required: true
+        default: true
+        type: boolean
+
+permissions:
+  contents: read
+  id-token: write
+  # Only needed when "Generate provenance attestation" runs (public repos).
+  attestations: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      SOURCE_DATE_EPOCH: "1735689600"
+      # Reduces Node 20 deprecation noise until upstream actions default to Node 24.
+      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install release tools
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[release]"
+
+      - name: Build wheel and sdist
+        run: python -m build --sdist --wheel
+
+      - name: Validate package
+        run: twine check dist/*
+
+      - name: Upload package artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: pypi-release-artifacts
+          path: dist/*
+
+      # Build attestations are not available for user-owned private repositories.
+      # Re-enable when the repo is public (or organization-owned with attestations enabled).
+      - name: Generate provenance attestation
+        if: github.repository_visibility == 'public'
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-path: "dist/*"
+
+  publish:
+    runs-on: ubuntu-latest
+    needs: build
+    if: ${{ !inputs.dry_run }}
+    environment: pypi-release
+    steps:
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: pypi-release-artifacts
+          path: dist
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          packages-dir: dist

eitohforge-0.1.0/.gitignore

@@ -0,0 +1,13 @@
+__pycache__/
+*.py[cod]
+*.egg-info/
+.pytest_cache/
+.mypy_cache/
+.ruff_cache/
+.venv/
+venv/
+dist/
+build/
+.DS_Store
+.env
+.env.local

eitohforge-0.1.0/CONTRIBUTING.md

@@ -0,0 +1,33 @@
+# Contributing to EitohForge
+
+## Requirements
+
+- Python 3.12+
+- Install dev dependencies from `pyproject.toml`.
+
+## Local Workflow
+
+1. Run lint checks.
+2. Run type checks.
+3. Run tests.
+4. Update docs when behavior or APIs change.
+
+## Quality Gates
+
+- Lint must pass.
+- Type checks must pass.
+- Tests must pass.
+- Migration and config-impacting changes must include docs updates.
+- Migration policy check must pass (`python scripts/check_migration_policy.py`).
+
+## Migration Safety Rules
+
+- Destructive migrations (drop/truncate) are blocked unless explicitly approved.
+- To approve a destructive migration, include this marker in the migration file:
+  - `MIGRATION_APPROVED_DESTRUCTIVE`
+
+## Coding Rules
+
+- Keep domain logic framework-agnostic where possible.
+- Prefer typed contracts over raw dictionaries.
+- Avoid breaking public APIs without explicit versioning and release notes.

eitohforge-0.1.0/PKG-INFO

@@ -0,0 +1,72 @@
+Metadata-Version: 2.4
+Name: eitohforge
+Version: 0.1.0
+Summary: Enterprise backend SDK and CLI for FastAPI systems.
+Project-URL: Homepage, https://github.com/eitoh-brand/EitohForge
+Project-URL: Repository, https://github.com/eitoh-brand/EitohForge
+Project-URL: Issues, https://github.com/eitoh-brand/EitohForge/issues
+Author: EitohTech
+License: Proprietary
+Keywords: cli,enterprise,fastapi,scaffold,sdk
+Classifier: Environment :: Console
+Classifier: Framework :: FastAPI
+Classifier: Intended Audience :: Developers
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Typing :: Typed
+Requires-Python: >=3.12
+Requires-Dist: alembic>=1.16.0
+Requires-Dist: fastapi>=0.116.0
+Requires-Dist: jinja2>=3.1.0
+Requires-Dist: opentelemetry-api>=1.0.0
+Requires-Dist: opentelemetry-exporter-otlp>=1.0.0
+Requires-Dist: opentelemetry-sdk>=1.0.0
+Requires-Dist: prometheus-client>=0.20.0
+Requires-Dist: psycopg[binary]>=3.2.0
+Requires-Dist: pydantic-settings>=2.10.0
+Requires-Dist: pydantic>=2.11.0
+Requires-Dist: pymysql>=1.1.0
+Requires-Dist: redis>=5.0.0
+Requires-Dist: sqlalchemy>=2.0.0
+Requires-Dist: typer>=0.16.0
+Provides-Extra: dev
+Requires-Dist: build>=1.2.0; extra == 'dev'
+Requires-Dist: httpx>=0.28.0; extra == 'dev'
+Requires-Dist: mypy>=1.16.0; extra == 'dev'
+Requires-Dist: pytest-cov>=6.2.0; extra == 'dev'
+Requires-Dist: pytest>=8.3.0; extra == 'dev'
+Requires-Dist: ruff>=0.12.0; extra == 'dev'
+Requires-Dist: uvicorn>=0.32.0; extra == 'dev'
+Provides-Extra: release
+Requires-Dist: build>=1.2.0; extra == 'release'
+Requires-Dist: cyclonedx-bom>=4.0.0; extra == 'release'
+Requires-Dist: pip-audit>=2.8.0; extra == 'release'
+Requires-Dist: pip-licenses>=4.4.0; extra == 'release'
+Requires-Dist: twine>=5.1.0; extra == 'release'
+Description-Content-Type: text/markdown
+
+# EitohForge
+
+EitohForge is an enterprise-focused backend SDK and CLI framework for bootstrapping FastAPI services with strong architecture, security, and operations defaults.
+
+## Current State
+
+This repository contains an actively implemented enterprise SDK/CLI baseline through Phase 14.
+
+## Planned Command
+
+`eitohforge create project <name>`
+
+## Key Guides
+
+- `docs/guides/usage-complete.md`
+- `docs/guides/cookbook.md`
+- `docs/guides/enterprise-readiness-checklist.md`
+- `docs/releases/v0.1.0-rc.md`
+
+## Reference examples
+
+- `examples/example-minimal/` — smallest SDK-backed app (health + capabilities).
+- `examples/example-enterprise/` — middleware stack, health family, tenant, feature flags.

eitohforge-0.1.0/README.md

@@ -0,0 +1,23 @@
+# EitohForge
+
+EitohForge is an enterprise-focused backend SDK and CLI framework for bootstrapping FastAPI services with strong architecture, security, and operations defaults.
+
+## Current State
+
+This repository contains an actively implemented enterprise SDK/CLI baseline through Phase 14.
+
+## Planned Command
+
+`eitohforge create project <name>`
+
+## Key Guides
+
+- `docs/guides/usage-complete.md`
+- `docs/guides/cookbook.md`
+- `docs/guides/enterprise-readiness-checklist.md`
+- `docs/releases/v0.1.0-rc.md`
+
+## Reference examples
+
+- `examples/example-minimal/` — smallest SDK-backed app (health + capabilities).
+- `examples/example-enterprise/` — middleware stack, health family, tenant, feature flags.

eitohforge-0.1.0/docs/README.md

@@ -0,0 +1,73 @@
+# EitohForge Planning Docs
+
+This folder contains the long-term planning and implementation documentation for the EitohForge backend SDK platform.
+
+**Blueprint (repository root):** `../secure_backend_sdk_architecture.md` — full A–Z target architecture; the **Appendix — EitohForge implementation map** at the end of that file compares §1–§44 to what is implemented today.
+
+## Documents
+
+- `roadmap/master-implementation-roadmap.md`  
+  Full end-to-end phase plan (scope, milestones, acceptance criteria).
+- `roadmap/execution-board.md`  
+  Task-level execution board with IDs, estimates, dependencies, and done criteria.
+- `roadmap/architecture-coverage-matrix.md`  
+  Traceability map from all 44 architecture items to tracked tasks.
+- `roadmap/blueprint-completion-waves.md`  
+  Post-baseline plan to reach L1/L2/L3 depth vs `secure_backend_sdk_architecture.md`; links to Phase 17 tasks (`P17-*`).
+- `standards/engineering-standards.md`  
+  Coding, validation, migration, security, testing, and release standards.
+- `standards/flaky-test-policy.md`  
+  Quarantine, ownership, and remediation SLA for flaky tests.
+- `guides/phase-0-and-1-kickoff.md`  
+  Immediate implementation checklist for getting started.
+- `guides/python-packaging-and-publishing.md`  
+  Package build, release channels, and publish workflow.
+- `guides/usage-complete.md`  
+  Full usage: install, config, migrations, auth, plugins, deploy, troubleshooting.
+- `guides/onboarding-qa-simulation.md`  
+  New-hire / release QA checklist for onboarding without hand-holding.
+- `guides/enterprise-readiness-checklist.md`  
+  Production and enterprise readiness validation checklist.
+- `guides/enterprise-deployment-and-networking.md`  
+  SSL/TLS, load balancing, deployment reliability, and HA guidance.
+- `guides/tls-and-cert-rotation-runbook.md`  
+  Ingress TLS policy, cert lifecycle, and emergency rotation procedure.
+- `guides/mtls-trust-model.md`  
+  Optional internal mTLS trust domains, identity mapping, and rollout modes.
+- `guides/load-balancing-and-health-routing.md`  
+  LB architecture, readiness routing policy, and health-check baseline.
+- `guides/deployment-strategies-and-rollback-controls.md`  
+  Rolling/blue-green/canary playbooks with abort and rollback controls.
+- `guides/testing-and-example-project-strategy.md`  
+  Test completeness model and reference example project requirements.
+- `guides/repository-contracts-and-dto-boundaries.md`  
+  Clean architecture repository contract and persistence DTO reference.
+- `guides/query-spec-reference.md`  
+  `QuerySpec` filter operators, pagination modes, and optional column validation.
+- `guides/cookbook.md`  
+  Implementation recipes for tenanting, plugins, flags, hardening, and perf checks.
+- `guides/operations-runbook.md`  
+  Deploy, rollback, SLO, error budget, and incident response baseline.
+- `performance/baseline.md`  
+  Latest generated baseline benchmark report.
+- `releases/v0.1.0-rc.md`  
+  Release candidate readiness and validation checklist.
+
+## How to Use
+
+1. Review `master-implementation-roadmap.md` to confirm scope and sequence.
+2. Validate architecture completeness in `architecture-coverage-matrix.md`.
+3. Execute tasks from `execution-board.md` in dependency order.
+4. Follow `engineering-standards.md` for all PRs and generated templates.
+5. Align release expectations with `python-packaging-and-publishing.md`.
+6. Align deployment posture with `enterprise-deployment-and-networking.md`.
+7. Align test posture with `testing-and-example-project-strategy.md`.
+8. Validate launch quality with `enterprise-readiness-checklist.md`.
+9. Start implementation using `phase-0-and-1-kickoff.md`.
+
+## Update Rules
+
+- Keep task IDs stable once assigned.
+- Mark task state directly in `execution-board.md`.
+- If scope changes, update both roadmap and execution board in the same change.
+- Keep standards backward compatible unless versioned under a new section.

eitohforge-0.1.0/docs/adr/0001-orm-and-migration-strategy.md

@@ -0,0 +1,22 @@
+# ADR 0001: ORM and Migration Strategy
+
+## Status
+
+Accepted
+
+## Context
+
+EitohForge needs a production-safe, typed, migration-driven relational persistence baseline that can evolve into polyglot storage later.
+
+## Decision
+
+- Primary ORM stack: SQLAlchemy 2.x style.
+- Migration tool: Alembic.
+- Primary relational adapter for first release: Postgres.
+- Migration operations are mandatory for schema changes.
+
+## Consequences
+
+- Strong ecosystem support for enterprise usage.
+- Stable migration workflow with upgrade/downgrade controls.
+- Clear expansion path to other providers through adapter interfaces.

eitohforge-0.1.0/docs/adr/0002-typing-and-linting-strategy.md

@@ -0,0 +1,22 @@
+# ADR 0002: Typing and Linting Strategy
+
+## Status
+
+Accepted
+
+## Context
+
+The SDK is intended for enterprise-grade adoption and requires strict static guarantees and consistent code quality.
+
+## Decision
+
+- Type checker: `mypy` in strict mode.
+- Linter/formatter baseline: `ruff`.
+- All public SDK APIs must be explicitly typed.
+- CI blocks merge when lint or type checks fail.
+
+## Consequences
+
+- Higher initial development discipline.
+- Lower runtime defect rate from type mismatches.
+- More maintainable generated code for downstream teams.

eitohforge-0.1.0/docs/adr/0003-packaging-and-publish-strategy.md

@@ -0,0 +1,23 @@
+# ADR 0003: Packaging and Publish Strategy
+
+## Status
+
+Accepted
+
+## Context
+
+EitohForge must be distributed in a reproducible, enterprise-ready way with predictable installs and release controls.
+
+## Decision
+
+- Package distribution: single package `eitohforge` (SDK + CLI) for initial releases.
+- Build backend: hatchling via `pyproject.toml`.
+- Artifact formats: `wheel` and `sdist`.
+- Primary publish channel: internal package registry.
+- Optional external channel: PyPI with approval gate.
+
+## Consequences
+
+- Simplified onboarding (`pip install eitohforge`).
+- Stronger release control through internal-first distribution.
+- Future split into separate `eitohforge-sdk` and `eitohforge-cli` remains possible.