scriptgini 1.0.6__tar.gz → 1.2.0__tar.gz

{scriptgini-1.0.6 → scriptgini-1.2.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scriptgini
-Version: 1.0.6
+Version: 1.2.0
 Summary: Agentic AI system that converts functional test cases into automation test scripts.
 Author: ScriptGini Team
 License: Proprietary
@@ -127,7 +127,28 @@ If local generation feels slow, reduce `OLLAMA_NUM_PREDICT`, keep `SKIP_REVIEW_F
 
 ---
 
-## API Reference
+## OpenAPI Specification
+
+**ScriptGini implements a production-ready OpenAPI 3.0.3 specification** that defines a complete enterprise REST API with 50+ endpoints, 60+ schemas, and comprehensive documentation.
+
+### Specification Highlights
+
+**The API specification includes 12 salient features**:
+
+1. **Multi-tenant Architecture** — Organizations, Workspaces, Teams with hierarchical RBAC
+2. **Advanced LLM Management** — Multi-provider orchestration, health monitoring, cost tracking, and model governance
+3. **Intelligent Test Data Management** — Multi-source ingestion, synthetic generation, PII masking, state locking, placeholder mapping
+4. **Asynchronous Job Management** — HTTP 202 Accepted, idempotent execution, job polling, webhooks
+5. **Comprehensive Reporting** — Structured logs, artifact storage, signed downloads, execution diagnostics
+6. **Analytics & Insights** — Dashboards, trend analysis, flakiness detection, code coverage, LLM usage
+7. **Defect Lifecycle** — Auto-detection, Jira/Azure/GitHub sync, severity tracking, traceability
+8. **Script Versioning** — Git-style history, quality metrics, refactoring, diff metadata
+9. **Webhooks** — Event-driven notifications, delivery guarantees, retry policies
+10. **Security & Authorization** — JWT + OAuth2, API keys with scopes, RBAC enforcement, rate limiting
+11. **Error Handling & Observability** — Standardized error envelope, request ID tracing, correlation IDs
+12. **Pagination & Filtering** — limit/offset/sort, comprehensive filtering, faceted search
+
+### API Reference
 
 Once running, visit:
 
@@ -136,6 +157,33 @@ Once running, visit:
 | `http://localhost:8000/docs` | Swagger UI (interactive) |
 | `http://localhost:8000/redoc` | ReDoc |
 | `http://localhost:8000/health` | Health check |
+| `http://localhost:8000/openapi.json` | Raw OpenAPI 3.0.3 specification |
+
+### Full OpenAPI Documentation
+
+- **Complete Specification**: [docs/openapi-improved-draft-2026-05-10.yaml](docs/openapi-improved-draft-2026-05-10.yaml)
+- **Feature Documentation**: [docs/OPENAPI-SPECIFICATION.md](docs/OPENAPI-SPECIFICATION.md) — Covers all 12 salient features with examples and flows
+- **API Architecture Review**: [docs/api-architecture-review-2026-05-10.md](docs/api-architecture-review-2026-05-10.md) — Analysis of current state vs. target enterprise API
+
+### API Domains (50+ Endpoints)
+
+| Domain | Endpoints | Purpose |
+|--------|-----------|---------|
+| **Authentication & IAM** | 8 | Login, token refresh, user management, API keys |
+| **Organizations & Teams** | 6 | Multi-tenancy, team management, RBAC |
+| **Workspaces & Projects** | 5 | Organizational hierarchy, configuration |
+| **Test Data Management** | 11 | Data sets, reservations, masking, synthetic generation |
+| **LLM Management** | 5 | Provider registration, model governance, cost tracking |
+| **Script Engineering** | 7 | Generation, versioning, quality, refactoring |
+| **Test Cases** | 4 | CRUD operations for test definitions |
+| **Test Orchestration** | 5 | Execution, cancellation, job management |
+| **Execution Reporting** | 4 | Reports, logs, artifacts, diagnostics |
+| **Analytics & Insights** | 5 | Dashboards, trends, flakiness, coverage, LLM costs |
+| **Defect Management** | 6 | Create, update, link, sync to Jira/Azure/GitHub |
+| **Webhooks** | 5 | Event subscriptions, delivery management |
+| **Database Admin** | 1 | Alembic migrations (admin only, 2FA required) |
+
+### Quick API Examples
 
 ### Core Workflow
 
@@ -374,6 +422,27 @@ A CI gate is configured in `.github/workflows/quality-gate.yml` to enforce the s
 - The API has no authentication by default — add an API key middleware before exposing to a network
 - UI validation only — the agent never makes live requests to the AUT
 
+## Change Reports
+
+- Commit-range report (`dfdf693b..15328b7`): `docs/changes-dfdf693b-to-15328b7.md`
+
+---
+
+## Development Roadmap
+
+The project follows an **enterprise-grade development roadmap** with 6 sprints covering 190 story points over ~12 weeks. See [docs/todo.md](docs/todo.md) for detailed sprint breakdown with features, user stories, and tasks.
+
+### Sprint Summary
+
+| Sprint | Focus | Effort | Status |
+|--------|-------|--------|--------|
+| **Sprint 1** | IAM Core | 30-36pts | 🟡 Core delivered (auth hardening pending) |
+| **Sprint 2** | RBAC + Multi-Tenancy | 32-38pts | 🟡 Core delivered (RBAC hardening pending) |
+| **Sprint 3** | Durable Execution | 34-40pts | 🔲 Pending (Redis + Celery/Arq setup) |
+| **Sprint 4** | Security & Hardening | 30-36pts | 🔲 Pending (Container sandbox, audit logging) |
+| **Sprint 5** | Reporting & Analytics | 28-34pts | 🔲 Pending (Artifact storage, dashboards) |
+| **Sprint 6** | Advanced Features | 24-30pts | 🔲 Pending (Webhooks, defect sync, versioning) |
+
 ---
 
 ## License

{scriptgini-1.0.6 → scriptgini-1.2.0}/README.md

@@ -113,7 +113,28 @@ If local generation feels slow, reduce `OLLAMA_NUM_PREDICT`, keep `SKIP_REVIEW_F
 
 ---
 
-## API Reference
+## OpenAPI Specification
+
+**ScriptGini implements a production-ready OpenAPI 3.0.3 specification** that defines a complete enterprise REST API with 50+ endpoints, 60+ schemas, and comprehensive documentation.
+
+### Specification Highlights
+
+**The API specification includes 12 salient features**:
+
+1. **Multi-tenant Architecture** — Organizations, Workspaces, Teams with hierarchical RBAC
+2. **Advanced LLM Management** — Multi-provider orchestration, health monitoring, cost tracking, and model governance
+3. **Intelligent Test Data Management** — Multi-source ingestion, synthetic generation, PII masking, state locking, placeholder mapping
+4. **Asynchronous Job Management** — HTTP 202 Accepted, idempotent execution, job polling, webhooks
+5. **Comprehensive Reporting** — Structured logs, artifact storage, signed downloads, execution diagnostics
+6. **Analytics & Insights** — Dashboards, trend analysis, flakiness detection, code coverage, LLM usage
+7. **Defect Lifecycle** — Auto-detection, Jira/Azure/GitHub sync, severity tracking, traceability
+8. **Script Versioning** — Git-style history, quality metrics, refactoring, diff metadata
+9. **Webhooks** — Event-driven notifications, delivery guarantees, retry policies
+10. **Security & Authorization** — JWT + OAuth2, API keys with scopes, RBAC enforcement, rate limiting
+11. **Error Handling & Observability** — Standardized error envelope, request ID tracing, correlation IDs
+12. **Pagination & Filtering** — limit/offset/sort, comprehensive filtering, faceted search
+
+### API Reference
 
 Once running, visit:
 
@@ -122,6 +143,33 @@ Once running, visit:
 | `http://localhost:8000/docs` | Swagger UI (interactive) |
 | `http://localhost:8000/redoc` | ReDoc |
 | `http://localhost:8000/health` | Health check |
+| `http://localhost:8000/openapi.json` | Raw OpenAPI 3.0.3 specification |
+
+### Full OpenAPI Documentation
+
+- **Complete Specification**: [docs/openapi-improved-draft-2026-05-10.yaml](docs/openapi-improved-draft-2026-05-10.yaml)
+- **Feature Documentation**: [docs/OPENAPI-SPECIFICATION.md](docs/OPENAPI-SPECIFICATION.md) — Covers all 12 salient features with examples and flows
+- **API Architecture Review**: [docs/api-architecture-review-2026-05-10.md](docs/api-architecture-review-2026-05-10.md) — Analysis of current state vs. target enterprise API
+
+### API Domains (50+ Endpoints)
+
+| Domain | Endpoints | Purpose |
+|--------|-----------|---------|
+| **Authentication & IAM** | 8 | Login, token refresh, user management, API keys |
+| **Organizations & Teams** | 6 | Multi-tenancy, team management, RBAC |
+| **Workspaces & Projects** | 5 | Organizational hierarchy, configuration |
+| **Test Data Management** | 11 | Data sets, reservations, masking, synthetic generation |
+| **LLM Management** | 5 | Provider registration, model governance, cost tracking |
+| **Script Engineering** | 7 | Generation, versioning, quality, refactoring |
+| **Test Cases** | 4 | CRUD operations for test definitions |
+| **Test Orchestration** | 5 | Execution, cancellation, job management |
+| **Execution Reporting** | 4 | Reports, logs, artifacts, diagnostics |
+| **Analytics & Insights** | 5 | Dashboards, trends, flakiness, coverage, LLM costs |
+| **Defect Management** | 6 | Create, update, link, sync to Jira/Azure/GitHub |
+| **Webhooks** | 5 | Event subscriptions, delivery management |
+| **Database Admin** | 1 | Alembic migrations (admin only, 2FA required) |
+
+### Quick API Examples
 
 ### Core Workflow
 
@@ -360,6 +408,27 @@ A CI gate is configured in `.github/workflows/quality-gate.yml` to enforce the s
 - The API has no authentication by default — add an API key middleware before exposing to a network
 - UI validation only — the agent never makes live requests to the AUT
 
+## Change Reports
+
+- Commit-range report (`dfdf693b..15328b7`): `docs/changes-dfdf693b-to-15328b7.md`
+
+---
+
+## Development Roadmap
+
+The project follows an **enterprise-grade development roadmap** with 6 sprints covering 190 story points over ~12 weeks. See [docs/todo.md](docs/todo.md) for detailed sprint breakdown with features, user stories, and tasks.
+
+### Sprint Summary
+
+| Sprint | Focus | Effort | Status |
+|--------|-------|--------|--------|
+| **Sprint 1** | IAM Core | 30-36pts | 🟡 Core delivered (auth hardening pending) |
+| **Sprint 2** | RBAC + Multi-Tenancy | 32-38pts | 🟡 Core delivered (RBAC hardening pending) |
+| **Sprint 3** | Durable Execution | 34-40pts | 🔲 Pending (Redis + Celery/Arq setup) |
+| **Sprint 4** | Security & Hardening | 30-36pts | 🔲 Pending (Container sandbox, audit logging) |
+| **Sprint 5** | Reporting & Analytics | 28-34pts | 🔲 Pending (Artifact storage, dashboards) |
+| **Sprint 6** | Advanced Features | 24-30pts | 🔲 Pending (Webhooks, defect sync, versioning) |
+
 ---
 
 ## License

scriptgini-1.2.0/app/__init__.py

@@ -0,0 +1,3 @@
+__version__ = "1.2.0"
+__api_version__ = "v1.2.0"
+

scriptgini-1.2.0/app/cache.py

@@ -0,0 +1,199 @@
+"""
+Redis cache utilities for storing frequently accessed data.
+
+Usage:
+    from app.cache import cache
+    
+    # Store value
+    cache.set("key", "value", ttl=3600)
+    
+    # Get value
+    value = cache.get("key")
+    
+    # Delete value
+    cache.delete("key")
+    
+    # Use as decorator
+    @cache.cached(ttl=300)
+    def expensive_operation():
+        return result
+"""
+
+import json
+import redis
+from typing import Any, Optional, Callable
+from functools import wraps
+from app.config import settings
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+class RedisCache:
+    def __init__(self, redis_url: str):
+        """Initialize Redis connection."""
+        try:
+            self.redis_client = redis.from_url(redis_url, decode_responses=True)
+            # Test connection
+            self.redis_client.ping()
+            logger.info("Redis cache connected successfully")
+        except Exception as e:
+            logger.error(f"Failed to connect to Redis: {e}")
+            self.redis_client = None
+
+    def is_available(self) -> bool:
+        """Check if Redis is available."""
+        return self.redis_client is not None
+
+    def set(self, key: str, value: Any, ttl: Optional[int] = None) -> bool:
+        """
+        Store a value in cache.
+        
+        Args:
+            key: Cache key
+            value: Value to store (will be JSON serialized if not string)
+            ttl: Time to live in seconds (default: configured TTL)
+        
+        Returns:
+            True if successful, False otherwise
+        """
+        if not self.is_available():
+            return False
+
+        try:
+            ttl = ttl or settings.REDIS_CACHE_TTL_SECONDS
+            
+            if isinstance(value, str):
+                self.redis_client.setex(key, ttl, value)
+            else:
+                self.redis_client.setex(key, ttl, json.dumps(value))
+            
+            return True
+        except Exception as e:
+            logger.error(f"Error setting cache key {key}: {e}")
+            return False
+
+    def get(self, key: str, default: Any = None) -> Any:
+        """
+        Retrieve a value from cache.
+        
+        Args:
+            key: Cache key
+            default: Default value if key not found or error
+        
+        Returns:
+            Cached value or default
+        """
+        if not self.is_available():
+            return default
+
+        try:
+            value = self.redis_client.get(key)
+            if value is None:
+                return default
+            
+            # Try to parse as JSON
+            try:
+                return json.loads(value)
+            except (json.JSONDecodeError, TypeError):
+                return value
+        except Exception as e:
+            logger.error(f"Error getting cache key {key}: {e}")
+            return default
+
+    def delete(self, key: str) -> bool:
+        """
+        Delete a value from cache.
+        
+        Args:
+            key: Cache key
+        
+        Returns:
+            True if key was deleted, False otherwise
+        """
+        if not self.is_available():
+            return False
+
+        try:
+            return bool(self.redis_client.delete(key))
+        except Exception as e:
+            logger.error(f"Error deleting cache key {key}: {e}")
+            return False
+
+    def clear_pattern(self, pattern: str) -> int:
+        """
+        Delete all keys matching a pattern.
+        
+        Args:
+            pattern: Key pattern (e.g., "user:*", "script:123:*")
+        
+        Returns:
+            Number of keys deleted
+        """
+        if not self.is_available():
+            return 0
+
+        try:
+            keys = self.redis_client.keys(pattern)
+            if keys:
+                return self.redis_client.delete(*keys)
+            return 0
+        except Exception as e:
+            logger.error(f"Error clearing cache pattern {pattern}: {e}")
+            return 0
+
+    def cached(self, ttl: Optional[int] = None):
+        """
+        Decorator to cache function results.
+        
+        Usage:
+            @cache.cached(ttl=300)
+            def expensive_function(arg1, arg2):
+                return result
+        """
+        def decorator(func: Callable) -> Callable:
+            @wraps(func)
+            def wrapper(*args, **kwargs):
+                # Generate cache key from function name and arguments
+                cache_key = f"{func.__module__}:{func.__name__}:{args}:{kwargs}"
+                cache_key = cache_key.replace(" ", "")  # Remove spaces
+                
+                # Try to get from cache
+                cached_value = self.get(cache_key)
+                if cached_value is not None:
+                    logger.debug(f"Cache hit for {cache_key}")
+                    return cached_value
+                
+                # Call function and cache result
+                result = func(*args, **kwargs)
+                self.set(cache_key, result, ttl=ttl)
+                return result
+            
+            return wrapper
+        return decorator
+
+    def increment(self, key: str, amount: int = 1) -> Optional[int]:
+        """Increment a counter."""
+        if not self.is_available():
+            return None
+        
+        try:
+            return self.redis_client.incrby(key, amount)
+        except Exception as e:
+            logger.error(f"Error incrementing {key}: {e}")
+            return None
+
+    def get_ttl(self, key: str) -> Optional[int]:
+        """Get remaining TTL in seconds (-1 if no expiry, -2 if doesn't exist)."""
+        if not self.is_available():
+            return None
+        
+        try:
+            return self.redis_client.ttl(key)
+        except Exception as e:
+            logger.error(f"Error getting TTL for {key}: {e}")
+            return None
+
+
+# Initialize cache instance
+cache = RedisCache(settings.REDIS_URL)

scriptgini-1.2.0/app/celery_app.py

@@ -0,0 +1,30 @@
+from celery import Celery
+from app.config import settings
+
+# Initialize Celery app
+celery_app = Celery(
+    settings.APP_NAME,
+    broker=settings.CELERY_BROKER_URL,
+    backend=settings.CELERY_RESULT_BACKEND,
+)
+
+# Configure Celery
+celery_app.conf.update(
+    task_serializer="json",
+    accept_content=["json"],
+    result_serializer="json",
+    timezone="UTC",
+    enable_utc=True,
+    task_track_started=True,
+    task_time_limit=30 * 60,  # 30 minute hard time limit
+    task_soft_time_limit=25 * 60,  # 25 minute soft time limit
+    worker_prefetch_multiplier=4,
+    worker_max_tasks_per_child=1000,
+)
+
+
+@celery_app.task(bind=True, max_retries=settings.CELERY_MAX_RETRIES)
+def debug_task(self):
+    """Test task to verify Celery is working."""
+    print(f"Request: {self.request!r}")
+    return "Celery is working!"

{scriptgini-1.0.6 → scriptgini-1.2.0}/app/config.py

@@ -9,8 +9,24 @@ class Settings(BaseSettings):
     APP_NAME: str = "ScriptGini"
     DEBUG: bool = False
 
-    # Database
-    DATABASE_URL: str = "sqlite:///./scriptgini.db"
+    # Database (PostgreSQL)
+    # Format: postgresql://user:password@host:port/dbname
+    DATABASE_URL: str = "postgresql://scriptgini:scriptgini@localhost:5433/scriptgini_db"
+    DATABASE_ECHO: bool = False  # Set to True to log SQL queries
+
+    # Redis (Task Queue & Caching)
+    REDIS_URL: str = "redis://localhost:6379/0"
+    REDIS_CACHE_TTL_SECONDS: int = 3600  # 1 hour default cache TTL
+
+    # Celery Task Queue
+    CELERY_BROKER_URL: str = "redis://localhost:6379/1"  # Different DB for task queue
+    CELERY_RESULT_BACKEND: str = "redis://localhost:6379/2"  # Different DB for results
+    CELERY_TASK_TIMEOUT: int = 600  # 10 minutes default task timeout
+    CELERY_MAX_RETRIES: int = 3
+    JWT_SECRET_KEY: str = "your-secret-key-change-in-production"
+    JWT_ALGORITHM: str = "HS256"
+    ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
+    REFRESH_TOKEN_EXPIRE_DAYS: int = 7
 
     # Default LLM provider
     DEFAULT_LLM_PROVIDER: Literal["openai", "ollama", "openrouter", "gemini", "bedrock"] = "openai"

{scriptgini-1.0.6 → scriptgini-1.2.0}/app/database.py

@@ -1,11 +1,16 @@
-from sqlalchemy import create_engine
+from sqlalchemy import create_engine, event
 from sqlalchemy.orm import sessionmaker, DeclarativeBase
 
 from app.config import settings
 
+# PostgreSQL engine configuration
 engine = create_engine(
     settings.DATABASE_URL,
-    connect_args={"check_same_thread": False},  # required for SQLite
+    echo=settings.DATABASE_ECHO,
+    pool_size=20,
+    max_overflow=40,
+    pool_pre_ping=True,  # Verify connections before using them
+    pool_recycle=3600,  # Recycle connections after 1 hour
 )
 
 SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)

{scriptgini-1.0.6 → scriptgini-1.2.0}/app/main.py

@@ -1,4 +1,5 @@
 import logging
+from contextlib import asynccontextmanager
 from pathlib import Path
 
 from fastapi import FastAPI
@@ -6,22 +7,38 @@ from fastapi.responses import FileResponse
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.staticfiles import StaticFiles
 
+from app import __version__
 from app.config import settings
 from app.llm.provider import get_llm_diagnostics
-from app.routers import projects, test_cases, scripts, bulk_jobs, analytics, demo
+from app.routers import projects, test_cases, scripts, bulk_jobs, analytics, demo, auth, api_key, organizations
 
 logging.basicConfig(level=logging.DEBUG if settings.DEBUG else logging.INFO)
 logger = logging.getLogger(__name__)
 
 static_dir = Path(__file__).resolve().parent / "static"
 
+
+@asynccontextmanager
+async def lifespan(_: FastAPI):
+    diagnostics = get_llm_diagnostics()
+    logger.info(
+        "Runtime LLM default: provider=%s model=%s api_key_env=%s api_key_present=%s api_key=%s",
+        diagnostics["provider"],
+        diagnostics["model"],
+        diagnostics["api_key_env"],
+        diagnostics["api_key_present"],
+        diagnostics["api_key_masked"],
+    )
+    yield
+
 app = FastAPI(
     title=settings.APP_NAME,
     description=(
         "Enterprise-grade Agentic AI system that converts functional test cases "
         "into high-quality automation scripts."
     ),
-    version="1.0.6",
+    version=__version__,
+    lifespan=lifespan,
 )
 
 app.add_middleware(
@@ -38,22 +55,12 @@ app.include_router(scripts.router, prefix="/api/v1")
 app.include_router(bulk_jobs.router, prefix="/api/v1")
 app.include_router(analytics.router, prefix="/api/v1")
 app.include_router(demo.router, prefix="/api/v1")
+app.include_router(auth.router, prefix="/api/v1")
+app.include_router(api_key.router, prefix="/api/v1")
+app.include_router(organizations.router, prefix="/api/v1")
 app.mount("/static", StaticFiles(directory=static_dir), name="static")
 
 
-@app.on_event("startup")
-def log_llm_runtime_config() -> None:
-    diagnostics = get_llm_diagnostics()
-    logger.info(
-        "Runtime LLM default: provider=%s model=%s api_key_env=%s api_key_present=%s api_key=%s",
-        diagnostics["provider"],
-        diagnostics["model"],
-        diagnostics["api_key_env"],
-        diagnostics["api_key_present"],
-        diagnostics["api_key_masked"],
-    )
-
-
 @app.get("/api/v1/runtime/llm", tags=["Runtime"])
 def runtime_llm():
     default_diagnostics = get_llm_diagnostics()

scriptgini-1.2.0/app/models/api_key.py

@@ -0,0 +1,35 @@
+from datetime import datetime, timezone
+from typing import Optional, TYPE_CHECKING
+
+from sqlalchemy import String, DateTime, ForeignKey, JSON, Boolean
+from sqlalchemy.orm import Mapped, mapped_column, relationship
+
+from app.database import Base
+
+if TYPE_CHECKING:
+    from app.models.user import User
+
+
+class APIKey(Base):
+    __tablename__ = "api_keys"
+
+    id: Mapped[int] = mapped_column(primary_key=True, index=True)
+    user_id: Mapped[int] = mapped_column(ForeignKey("users.id"), nullable=False, index=True)
+    name: Mapped[str] = mapped_column(String(255), nullable=False)
+    prefix: Mapped[str] = mapped_column(String(20), nullable=False, index=True)
+    hashed_secret: Mapped[str] = mapped_column(String(255), nullable=False)
+    scopes: Mapped[list] = mapped_column(JSON, default=list, nullable=False)  # e.g., ["read", "write", "execute"]
+    is_active: Mapped[bool] = mapped_column(Boolean, default=True, nullable=False)
+    expires_at: Mapped[Optional[datetime]] = mapped_column(DateTime(timezone=True), nullable=True)
+    last_used_at: Mapped[Optional[datetime]] = mapped_column(DateTime(timezone=True), nullable=True)
+    created_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True), default=lambda: datetime.now(timezone.utc)
+    )
+    updated_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True),
+        default=lambda: datetime.now(timezone.utc),
+        onupdate=lambda: datetime.now(timezone.utc),
+    )
+
+    # Relationship
+    user: Mapped["User"] = relationship(back_populates="api_keys")

scriptgini-1.2.0/app/models/membership.py

@@ -0,0 +1,54 @@
+import enum
+from datetime import datetime, timezone
+
+from sqlalchemy import DateTime, Boolean, ForeignKey, Enum as SAEnum, UniqueConstraint
+from sqlalchemy.orm import Mapped, mapped_column
+
+from app.database import Base
+
+
+class Role(str, enum.Enum):
+    owner = "owner"
+    admin = "admin"
+    member = "member"
+    viewer = "viewer"
+
+
+class OrganizationMembership(Base):
+    __tablename__ = "organization_memberships"
+    __table_args__ = (UniqueConstraint("organization_id", "user_id", name="uq_org_membership_org_user"),)
+
+    id: Mapped[int] = mapped_column(primary_key=True, index=True)
+    organization_id: Mapped[int] = mapped_column(ForeignKey("organizations.id"), nullable=False, index=True)
+    user_id: Mapped[int] = mapped_column(ForeignKey("users.id"), nullable=False, index=True)
+    role: Mapped[Role] = mapped_column(SAEnum(Role), nullable=False, default=Role.member)
+    is_active: Mapped[bool] = mapped_column(Boolean, nullable=False, default=True)
+    created_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True), default=lambda: datetime.now(timezone.utc)
+    )
+    updated_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True),
+        default=lambda: datetime.now(timezone.utc),
+        onupdate=lambda: datetime.now(timezone.utc),
+    )
+
+
+
+class ProjectMembership(Base):
+    __tablename__ = "project_memberships"
+    __table_args__ = (UniqueConstraint("project_id", "user_id", name="uq_project_membership_project_user"),)
+
+    id: Mapped[int] = mapped_column(primary_key=True, index=True)
+    project_id: Mapped[int] = mapped_column(ForeignKey("projects.id"), nullable=False, index=True)
+    user_id: Mapped[int] = mapped_column(ForeignKey("users.id"), nullable=False, index=True)
+    role: Mapped[Role] = mapped_column(SAEnum(Role), nullable=False, default=Role.member)
+    is_active: Mapped[bool] = mapped_column(Boolean, nullable=False, default=True)
+    created_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True), default=lambda: datetime.now(timezone.utc)
+    )
+    updated_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True),
+        default=lambda: datetime.now(timezone.utc),
+        onupdate=lambda: datetime.now(timezone.utc),
+    )
+

scriptgini-1.2.0/app/models/organization.py

@@ -0,0 +1,24 @@
+from datetime import datetime, timezone
+
+from sqlalchemy import String, Text, DateTime, ForeignKey
+from sqlalchemy.orm import Mapped, mapped_column
+
+from app.database import Base
+
+
+class Organization(Base):
+    __tablename__ = "organizations"
+
+    id: Mapped[int] = mapped_column(primary_key=True, index=True)
+    name: Mapped[str] = mapped_column(String(255), nullable=False, unique=True, index=True)
+    description: Mapped[str | None] = mapped_column(Text, nullable=True)
+    created_by_user_id: Mapped[int] = mapped_column(ForeignKey("users.id"), nullable=False, index=True)
+    created_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True), default=lambda: datetime.now(timezone.utc)
+    )
+    updated_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True),
+        default=lambda: datetime.now(timezone.utc),
+        onupdate=lambda: datetime.now(timezone.utc),
+    )
+

{scriptgini-1.0.6 → scriptgini-1.2.0}/app/models/project.py

@@ -1,7 +1,7 @@
 import enum
 from datetime import datetime, timezone
 
-from sqlalchemy import String, Text, DateTime, Enum as SAEnum
+from sqlalchemy import String, Text, DateTime, Enum as SAEnum, ForeignKey
 from sqlalchemy.orm import Mapped, mapped_column
 
 from app.database import Base
@@ -26,6 +26,7 @@ class Project(Base):
     __tablename__ = "projects"
 
     id: Mapped[int] = mapped_column(primary_key=True, index=True)
+    organization_id: Mapped[int | None] = mapped_column(ForeignKey("organizations.id"), nullable=True, index=True)
     name: Mapped[str] = mapped_column(String(255), nullable=False)
     description: Mapped[str | None] = mapped_column(Text, nullable=True)
     aut_base_url: Mapped[str] = mapped_column(String(2048), nullable=False)
@@ -44,3 +45,4 @@ class Project(Base):
         default=lambda: datetime.now(timezone.utc),
         onupdate=lambda: datetime.now(timezone.utc),
     )
+