routemq 0.22.1__tar.gz

routemq-0.22.1/.dockerignore

@@ -0,0 +1,87 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Environments
+.env.local
+.env.*.local
+venv/
+env/
+ENV/
+env.bak/
+venv.bak/
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Project specific
+logs/
+*.log
+.git/
+.gitignore
+README.md
+docker-compose.yml
+Dockerfile
+*.md
+!README.md
+logo.png
+
+# Docker
+docker/
+.dockerignore

routemq-0.22.1/.env.docker

@@ -0,0 +1,63 @@
+# Docker Environment Configuration for RouteMQ
+# Copy this file to .env and customize for your deployment
+
+# MQTT Broker Configuration
+MQTT_BROKER=test.mosquitto.org
+MQTT_PORT=1883
+MQTT_USERNAME=
+MQTT_PASSWORD=
+MQTT_GROUP_NAME=mqtt_framework_group
+
+# MySQL Configuration
+ENABLE_MYSQL=true
+DB_HOST=mysql
+DB_PORT=3306
+DB_NAME=mqtt_framework
+DB_USER=routemq
+DB_PASS=routemq
+
+# Database Pool Configuration
+# DB_POOL_SIZE=5
+# DB_POOL_MAX_OVERFLOW=10
+# DB_POOL_TIMEOUT=30
+# DB_POOL_RECYCLE=1800
+# DB_POOL_PRE_PING=true
+# DB_POOL_USE_LIFO=false
+# DB_POOL_CLASS=default
+
+# Redis Configuration
+ENABLE_REDIS=true
+REDIS_HOST=redis
+REDIS_PORT=6379
+REDIS_DB=0
+REDIS_PASSWORD=
+
+# TSDB (ClickHouse) Configuration
+ENABLE_TSDB=false
+TSDB_HOST=clickhouse
+TSDB_PORT=8123
+TSDB_DATABASE=default
+TSDB_USER=default
+TSDB_PASSWORD=
+
+# Queue Configuration
+QUEUE_CONNECTION=redis
+
+# Metrics HTTP Configuration
+METRICS_HTTP_ENABLED=false
+# PROMETHEUS_MULTIPROC_DIR=/tmp/routemq-prom
+
+# Timezone
+TIMEZONE=Asia/Jakarta
+
+# Logging Configuration
+LOG_FORMATTER=json
+LOG_FIELD_PROFILE=otel
+LOG_LEVEL=INFO
+LOG_TO_CONSOLE=true
+LOG_STREAM=stdout
+LOG_INCLUDE_CONTEXT=true
+LOG_LIFECYCLE_EVENTS=true
+LOG_LIFECYCLE_LEVEL=INFO
+LOG_TO_FILE=false
+LOG_FORMAT=%(asctime)s - %(name)s - %(levelname)s - %(message)s

routemq-0.22.1/.env.example

@@ -0,0 +1,98 @@
+# RouteMQ Configuration Example
+
+# Basic Configuration
+MQTT_BROKER=localhost
+MQTT_PORT=1883
+MQTT_CLIENT_ID=mqtt-framework-main
+MQTT_USERNAME=
+MQTT_PASSWORD=
+MQTT_GROUP_NAME=mqtt_framework_group
+
+# Database Configuration
+ENABLE_MYSQL=true
+DB_HOST=localhost
+DB_PORT=3306
+DB_NAME=mqtt_framework
+DB_USER=root
+DB_PASS=
+
+# Database Pool Configuration
+# DB_POOL_SIZE=5
+# DB_POOL_MAX_OVERFLOW=10
+# DB_POOL_TIMEOUT=30
+# DB_POOL_RECYCLE=1800
+# DB_POOL_PRE_PING=true
+# DB_POOL_USE_LIFO=false
+# DB_POOL_CLASS=default
+
+# Redis Configuration
+ENABLE_REDIS=false
+
+# TSDB (ClickHouse) Configuration — optional, requires routemq[clickhouse]
+ENABLE_TSDB=false
+TSDB_HOST=localhost
+TSDB_PORT=8123
+TSDB_DATABASE=default
+TSDB_USER=default
+TSDB_PASSWORD=
+TSDB_BATCH_SIZE=10000
+TSDB_FLUSH_INTERVAL=1.0
+TSDB_BUFFER_MAXSIZE=50000
+TSDB_ASYNC_INSERT=true
+
+# Queue Configuration
+# Queue connection driver: 'redis' or 'database'
+# Redis queue is faster but requires ENABLE_REDIS=true
+# Database queue is persistent but requires ENABLE_MYSQL=true
+QUEUE_CONNECTION=redis
+
+# Metrics HTTP Configuration
+METRICS_HTTP_ENABLED=false
+# PROMETHEUS_MULTIPROC_DIR=/tmp/routemq-prom
+
+# Logging Configuration
+# Formatter: json (default NDJSON) or plain (legacy text logs)
+LOG_FORMATTER=json
+
+# Field profile: otel, ecs, datadog, loki, or routemq
+LOG_FIELD_PROFILE=otel
+
+# Log level: DEBUG, INFO, WARNING, ERROR, CRITICAL
+LOG_LEVEL=INFO
+
+# Console logging and stream selection
+LOG_TO_CONSOLE=true
+LOG_STREAM=stdout
+
+# Include RouteMQ observability context in log records
+LOG_INCLUDE_CONTEXT=true
+
+# Mirror RouteMQ lifecycle events to logs
+LOG_LIFECYCLE_EVENTS=true
+LOG_LIFECYCLE_LEVEL=INFO
+
+# Enable/disable file logging (true/false)
+LOG_TO_FILE=false
+
+# Log file path (relative to project root or absolute path)
+LOG_FILE=logs/app.log
+
+# Legacy plain log format pattern (used when LOG_FORMATTER=plain)
+LOG_FORMAT=%(asctime)s - %(name)s - %(levelname)s - %(message)s
+
+# Rotation type: 'size' for size-based rotation, 'time' for time-based rotation
+LOG_ROTATION_TYPE=size
+
+# Size-based rotation settings
+# Maximum file size in bytes before rotation (default: 10MB)
+LOG_MAX_BYTES=10485760
+# Number of backup files to keep
+LOG_BACKUP_COUNT=5
+
+# Time-based rotation settings (only used when LOG_ROTATION_TYPE=time)
+# When to rotate: 'midnight', 'D' (daily), 'H' (hourly), 'M' (monthly), etc.
+LOG_ROTATION_WHEN=midnight
+# Rotation interval (e.g., 1 for every day if WHEN=D)
+LOG_ROTATION_INTERVAL=1
+# Date format for backup file names
+LOG_DATE_FORMAT=%Y-%m-%d

routemq-0.22.1/.github/CODEOWNERS

@@ -0,0 +1,4 @@
+# Default code owners for RouteMQ. GitHub branch protection can require
+# review from code owners when this file is present.
+
+* @ardzz

routemq-0.22.1/.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,44 @@
+name: Bug report
+description: Report a reproducible RouteMQ bug
+title: "bug: "
+labels: [bug]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Do not report undisclosed security vulnerabilities here. Use GitHub Security Advisories or the fallback email in SECURITY.md.
+  - type: input
+    id: version
+    attributes:
+      label: RouteMQ version
+      description: Package version or commit SHA.
+      placeholder: "0.17.1"
+    validations:
+      required: true
+  - type: input
+    id: python
+    attributes:
+      label: Python version
+      placeholder: "3.12"
+    validations:
+      required: true
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Minimal reproduction
+      description: Include topic, payload shape, route definition, broker/Redis/MySQL details if relevant, and exact commands.
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected behavior
+    validations:
+      required: true
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual behavior
+      description: Include logs or traceback with secrets removed.
+    validations:
+      required: true

routemq-0.22.1/.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,26 @@
+name: Feature request
+description: Propose a RouteMQ feature or behavior change
+title: "feat: "
+labels: [enhancement]
+body:
+  - type: textarea
+    id: use-case
+    attributes:
+      label: Use case
+      description: What problem does this solve for a RouteMQ user?
+    validations:
+      required: true
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Proposed behavior or API
+      description: Include example routes, jobs, middleware, or CLI commands when helpful.
+    validations:
+      required: true
+  - type: textarea
+    id: compatibility
+    attributes:
+      label: Compatibility concerns
+      description: Note any migration, SemVer, or dependency impact.
+    validations:
+      required: false

routemq-0.22.1/.github/SECURITY-TRIAGE.md

@@ -0,0 +1,68 @@
+# Security Vulnerability Triage Process
+
+## Scope
+
+- Covers Bandit SAST findings, pip-audit dependency CVE findings, and future scanners that report
+  actionable vulnerability findings.
+- Does not cover secret-scanning findings. Secret-scanning is handled separately through GitGuardian or
+  GitHub secret-scanning.
+
+## Severity Classification
+
+| Unified | Bandit | pip-audit (CVSS) | SLA to acknowledge | SLA to resolve |
+|---|---|---|---|---|
+| Critical | n/a | 9.0-10.0 | 1 business day | 7 calendar days |
+| High | High | 7.0-8.9 | 2 business days | 14 calendar days |
+| Medium | Medium | 4.0-6.9 | 5 business days | 30 calendar days |
+| Low | Low | 0.1-3.9 | best-effort | best-effort |
+| Info | n/a (low confidence) | n/a | n/a - TP review only | n/a |
+
+## Triage Decision Tree
+
+1. New finding appears in CI output.
+2. Reviewer classifies the finding. The default reviewer is the PR author. Escalate to CODEOWNERS if
+   ownership is unclear.
+3. Use one of these outcomes:
+
+- **TP (true positive)** - real vulnerability exploitable in this codebase's usage. Open an issue, label
+  `security:tp`, attach the finding ID, and prioritize per the SLA above.
+- **FP (false positive)** - finding does not apply. Examples: dev-only dependency, unreachable code path, or
+  wrong tool inference. Suppress per the Suppression section below; document rationale in the PR or issue.
+- **Won't fix (accepted risk)** - TP but business-justified. Requires CODEOWNER sign-off; document in
+  `.github/SECURITY-EXCEPTIONS.md` created on first use; review at least quarterly.
+
+## Suppression Mechanisms
+
+### Bandit
+
+- Per-line: `# nosec B<rule-id>  # <one-line rationale>`; must include rule ID and rationale.
+- Per-file: `# nosec  # justified at top-of-file: <rationale>`.
+- Repo-wide: `pyproject.toml [tool.bandit]` `skips` or `tests` arrays. Requires PR review and CODEOWNER
+  sign-off.
+
+### pip-audit
+
+- Per-vulnerability ignore: `pyproject.toml [tool.pip-audit]`, if supported in the current version, or CLI flag
+  `--ignore-vuln <ID>`.
+- Document each ignore in a `.github/PIP_AUDIT_IGNORES.md` table with columns: ID, Package, Reason,
+  Reviewer, Expires.
+- Expire ignores no later than the next major dependency bump or 90 days, whichever comes sooner.
+
+## Ownership
+
+- First reviewer: PR author who introduced the dependency or code path.
+- Escalation: CODEOWNERS for the affected module. See `.github/CODEOWNERS`.
+- Security questions: use GitHub Security Advisories for private reports, or email the maintainer listed in
+  `SECURITY.md` when the advisory form is unavailable.
+
+## Re-Validation Cadence
+
+- Suppressions and accepted-risk entries are reviewed quarterly on the first Monday of each quarter.
+- A scheduled GitHub Action runs CI weekly to catch newly disclosed dependency and SAST findings in already-deployed dependencies.
+- Failed scheduled scans open an issue automatically in a future sprint.
+
+## Reporting
+
+- Externally reported vulnerabilities through GitHub Security Advisories, email, or similar channels follow the
+  standard GitHub coordinated-disclosure flow.
+- Public `SECURITY.md`, if present, defines disclosure expectations.

routemq-0.22.1/.github/branch-protection.yml

@@ -0,0 +1,118 @@
+# Branch Protection Policy for RouteMQ Sprint 02
+# ==============================================
+# This file documents the required branch protection settings.
+# 
+# IMPORTANT: This is a REFERENCE configuration. GitHub branch protection
+# rules must be applied via GitHub UI or API. This file is not
+# automatically enforced by GitHub.
+#
+# To apply these settings:
+# 1. Use GitHub UI: Settings > Branches > Add rule
+# 2. Or use GitHub CLI: gh api repos/{owner}/{repo}/branches/{branch}/protection
+# 3. Or use Probot Settings app (if configured)
+
+# Target branches for protection
+branches:
+  - master
+  - develop
+
+# Protection rules
+protection:
+  # Require pull request reviews before merging
+  required_pull_request_reviews:
+    # 0 = solo-dev mode; status checks still required
+    required_approving_review_count: 0
+    dismiss_stale_reviews: true
+    require_code_owner_reviews: false
+    # Require review from code owners (optional, set to true if CODEOWNERS exists)
+    require_last_push_approval: false
+
+  # Require status checks to pass before merging
+  required_status_checks:
+    # Require branches to be up to date before merging
+    strict: true
+    # Status checks that are required (must match exact job names in .github/workflows/ci.yml)
+    contexts:
+      - test
+      - lint
+      - type-check
+      - security
+      - coverage
+      - build
+    # Note: All jobs depend on 'test', so requiring all ensures full CI passes
+
+  # Require conversation resolution before merging
+  required_conversation_resolution: true
+
+  # Require signed commits (optional - enable for high-security requirements)
+  required_signatures: false
+
+  # Include administrators (apply rules to admins too)
+  enforce_admins: true
+
+  # Restrict who can push to matching branches
+  restrictions: null  # null = no restrictions beyond the rules above
+
+  # Require linear history (no merge commits)
+  required_linear_history: true
+
+  # Allow force pushes (MUST be false for protection)
+  allow_force_pushes: false
+
+  # Allow deletions
+  allow_deletions: false
+
+  # Require deployments to succeed before merging (optional)
+  required_deployments: null
+
+# Sprint 02 Additional Requirements
+# ---------------------------------
+sprint_02:
+  effective_date: "2026-05-25"
+  rationale: |
+    Branch protection ensures code quality and prevents accidental
+    changes to protected branches. Required checks enforce:
+    - All tests pass (test)
+    - Code style compliance (lint)
+    - Type safety (type-check)
+    - Security scanning (security)
+    - Coverage thresholds (coverage)
+    - Package build success (build)
+  
+  notes: |
+    - The 'test' job is the base dependency for all other CI jobs
+    - 'lint' includes both ruff lint and format checks
+    - 'security' includes Bandit SAST and pip-audit dependency scan
+    - 'coverage' generates test coverage reports
+    - 'build' verifies the package builds correctly
+    
+  exemptions: |
+    Emergency hotfixes may bypass review requirements via admin override,
+    but this should be documented and reviewed post-merge.
+
+# GitHub CLI Commands for Reference
+# ---------------------------------
+# To apply these settings via GitHub CLI, run:
+#
+# gh api repos/{owner}/{repo}/branches/master/protection \
+#   --method PUT \
+#   --input - <<EOF
+# {
+#   "required_status_checks": {
+#     "strict": true,
+#     "contexts": ["test", "lint", "type-check", "security", "coverage", "build"]
+#   },
+#   "enforce_admins": true,
+#   "required_pull_request_reviews": {
+#     "required_approving_review_count": 1,
+#     "dismiss_stale_reviews": true
+#   },
+#   "restrictions": null,
+#   "required_linear_history": true,
+#   "allow_force_pushes": false,
+#   "allow_deletions": false,
+#   "required_conversation_resolution": true
+# }
+# EOF
+#
+# Repeat for 'develop' branch.

routemq-0.22.1/.github/dependabot.yml

@@ -0,0 +1,24 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "Asia/Jakarta"
+    open-pull-requests-limit: 5
+    commit-message:
+      prefix: "ci"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "github-actions"
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    commit-message:
+      prefix: "build"
+      include: "scope"

routemq-0.22.1/.github/release-drafter.yml

@@ -0,0 +1,78 @@
+name-template: 'v$RESOLVED_VERSION'
+tag-template: 'v$RESOLVED_VERSION'
+version-resolver:
+  major:
+    labels:
+      - 'major'
+  minor:
+    labels:
+      - 'minor'
+  patch:
+    labels:
+      - 'patch'
+  default: patch
+categories:
+  - title: '⚠️ Breaking changes'
+    labels:
+      - 'breaking change'
+  - title: '🚀 Features'
+    labels:
+      - 'feature'
+  - title: '🐛 Bug Fixes'
+    labels:
+      - 'bug'
+  - title: '📃 Documents'
+    labels:
+      - 'docs'
+  - title: '🧩 Dependency Updates'
+    labels:
+      - 'deps'
+      - 'dependencies'
+      - 'bump'
+      - 'chore'
+    collapse-after: 5
+  - title: '🔬 Others'
+    labels:
+      - 'style'
+      - 'refactor'
+      - 'test'
+      - 'ci'
+    collapse-after: 5
+autolabeler:
+  - label: 'breaking change'
+    title:
+      - '/!:/i'
+  - label: 'feature'
+    title:
+      - '/feat:/i'
+  - label: 'bug'
+    title:
+      - '/fix:/i'
+  - label: 'style'
+    title:
+      - '/style:/i'
+  - label: 'refactor'
+    title:
+      - '/refactor:/i'
+  - label: 'test'
+    title:
+      - '/test:/i'
+  - label: 'chore'
+    title:
+      - '/chore:/i'
+  - label: 'docs'
+    title:
+      - '/docs:/i'
+  - label: 'ci'
+    title:
+      - '/ci:/i'
+  - label: 'dependencies'
+    title:
+      - '/deps:/i'
+      - '/dependencies:/i'
+      - '/bump:/i'
+commitish: master
+change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
+change-title-escapes: '\<_*&'
+template: |
+  $CHANGES

routemq-0.22.1/.github/release-token-rotation.md

@@ -0,0 +1,42 @@
+# RELEASE_TOKEN Rotation Procedure
+
+## Purpose
+`RELEASE_TOKEN` is a fine-grained GitHub PAT used by `.github/workflows/release.yml` 
+specifically for the `gh pr create`/`gh pr merge` step. This is necessary because 
+GitHub deliberately suppresses CI triggering on PRs created by `GITHUB_TOKEN`.
+
+## Current Token (do not commit value here)
+- Owner: ardzz (personal account)
+- Created: 2026-05-27 (approx)
+- Expires: 2026-08-25 (90 days from creation)
+- Repository access: Only ardzz/RouteMQ
+- Permissions:
+  - Contents: Read and write
+  - Pull requests: Read and write
+  - Workflows: Read and write
+
+## Rotation Schedule
+- **Calendar reminder:** 7 days before expiration
+- **Hard deadline:** Day of expiration
+- **GitHub auto-emails the owner** ~7 days before; do not ignore
+
+## Rotation Steps
+1. Open https://github.com/settings/personal-access-tokens/new
+2. Generate new fine-grained PAT with identical scopes (see above)
+3. Open https://github.com/ardzz/RouteMQ/settings/secrets/actions
+4. Click `RELEASE_TOKEN` → Update → paste new value → Update secret
+5. Go back to https://github.com/settings/personal-access-tokens
+6. Find the previous token → Revoke
+7. Verify by triggering a small `fix:` commit and confirming the bump PR has CI checks
+
+## Security Reminders
+- **NEVER paste this token into chat, screenshots, commits, or external tools.**
+- GitGuardian (CI check) will catch accidental commit-time exposure.
+- If you suspect leakage: revoke immediately, generate new, update secret.
+- This token grants write access to RouteMQ only (fine-grained), but a compromise 
+  could push commits, create PRs, and modify workflows. Treat as production credential.
+
+## Why PAT and Not GitHub App
+PAT was chosen for setup simplicity (Sprint 18). A GitHub App would be more secure 
+(short-lived tokens, no user dependency). Migration to App is a future micro-sprint 
+(`SPRINT-18b` candidate) when warranted.