strapi-kit 0.0.6__tar.gz → 0.1.0__tar.gz

{strapi_kit-0.0.6 → strapi_kit-0.1.0}/.github/workflows/ci.yml

@@ -57,8 +57,8 @@ jobs:
           # Run type checking
           mypy src/strapi_kit/
 
-          # Run security checks
-          bandit -c pyproject.toml -r src/
+          # Run security checks (ruff S rules)
+          ruff check src/ --select S
 
   # Coverage job - run all tests in one job for simplicity
   coverage:

{strapi_kit-0.0.6 → strapi_kit-0.1.0}/.pre-commit-config.yaml

@@ -31,15 +31,6 @@ repos:
         args: [--fix, --exit-non-zero-on-fix]
         types_or: [python, pyi]
 
-  # Security checks
-  - repo: https://github.com/PyCQA/bandit
-    rev: 1.9.3
-    hooks:
-      - id: bandit
-        args: ['-c', 'pyproject.toml']
-        additional_dependencies: ['bandit[toml]']
-        exclude: ^(tests/|examples/)
-
   # Type checking
   - repo: https://github.com/pre-commit/mirrors-mypy
     rev: v1.19.1

strapi_kit-0.1.0/CHANGELOG.md

@@ -0,0 +1,220 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.1.0] - 2026-02-04
+
+### Fixed
+
+- **Race conditions in async bulk operations** ([#30](https://github.com/MehdiZare/strapi-kit/pull/30))
+  - Added `asyncio.Lock()` to protect shared state mutations in `bulk_create()`, `bulk_update()`, `bulk_delete()`
+  - Ensures thread-safe updates to `completed`, `successes`, `failures` counters
+
+- **JSONL media manifest stream consumption** ([#30](https://github.com/MehdiZare/strapi-kit/pull/30))
+  - Fixed critical bug where `read_media_manifest()` consumed entity stream
+  - Now uses separate reader for media manifest to preserve entity iteration
+
+- **V5 string relation ID support** ([#30](https://github.com/MehdiZare/strapi-kit/pull/30))
+  - Updated `_extract_ids_from_field()` to accept both `int` and `str` for v5 documentId relations
+  - Added `doc_id_to_new_id` mapping to `ImportResult` for v5 string relation resolution
+  - `_validate_relations()` now tracks both numeric IDs and documentIds
+
+- **JSONL media import metadata preservation** ([#30](https://github.com/MehdiZare/strapi-kit/pull/30))
+  - Use `MediaHandler.upload_media_file()` instead of `client.upload_file()` to preserve alt text and captions
+
+- **Strict mypy compliance** ([#30](https://github.com/MehdiZare/strapi-kit/pull/30))
+  - Changed `self._file: Any` to `IO[str] | None` in `JSONLImportReader` and `JSONLExportWriter`
+  - Added type guard for non-dict `info` payloads in `extract_info_from_schema()`
+  - Narrowed broad `except Exception` catches to `except StrapiError` in JSONL loops
+
+- **Code quality improvements** ([#30](https://github.com/MehdiZare/strapi-kit/pull/30))
+  - Created shared `extract_info_from_schema()` utility in `utils/schema.py`
+  - Added parent directory creation in `JSONLExportWriter.__enter__()`
+  - Use explicit `is not None` checks instead of truthy checks for ID lookups
+  - Replaced Unicode multiplication symbol with plain `x` in docstrings
+
+- **JSONL import path traversal protection** ([#29](https://github.com/MehdiZare/strapi-kit/pull/29))
+  - Added path traversal validation to JSONL media import matching standard import security pattern
+  - Uses `resolve()` and `is_relative_to()` to prevent directory traversal attacks
+
+- **JSONL import two-pass streaming** ([#29](https://github.com/MehdiZare/strapi-kit/pull/29))
+  - Refactored `import_from_jsonl()` to use true O(1) memory with two-pass streaming
+  - Pass 1: Create entities, store only ID mappings (old_id → new_id)
+  - Pass 2: Re-read file to resolve relations using ID mappings
+  - Memory profile reduced from O(entities) to O(entity_count x 2 ints)
+  - Fixed: ID mappings now properly copied to `ImportResult` for caller access
+
+- **Strapi v5 update endpoint consistency** ([#29](https://github.com/MehdiZare/strapi-kit/pull/29))
+  - Fixed UPDATE conflict resolution to use `document_id` instead of numeric ID for endpoint path
+  - Added `doc_id_mapping` field to `ImportResult` to track document_ids for v5 endpoints
+  - Relation updates now use `document_id` when available (v5) with fallback to numeric ID (v4)
+  - Applies to both standard import and JSONL streaming import
+
+- **Removed unused test fixtures** ([#29](https://github.com/MehdiZare/strapi-kit/pull/29))
+  - Removed unused `mock_media_response` parameter from `test_update_media_not_found` in sync and async tests
+
+- **`update_media` version detection** ([#28](https://github.com/MehdiZare/strapi-kit/issues/28))
+  - Fixed bug where `update_media()` used wrong endpoint when `api_version="auto"` and no prior API calls
+  - Now calls `get_media()` first to trigger version detection before choosing v4 vs v5 endpoint
+
+- **Media download streaming** ([#28](https://github.com/MehdiZare/strapi-kit/issues/28))
+  - Fixed `download_file()` to stream directly to disk when `save_path` is provided
+  - Previously buffered entire file in memory before writing, causing issues with large files
+
+- **Async bulk `batch_size` parameter** ([#28](https://github.com/MehdiZare/strapi-kit/issues/28))
+  - Fixed `batch_size` parameter in async `bulk_create()`, `bulk_update()`, `bulk_delete()`
+  - Now properly processes items in batches to control memory usage
+  - `batch_size` controls items per processing wave, `max_concurrency` controls parallel requests within each wave
+
+### Added
+
+- **Schema-driven relation extraction** ([#28](https://github.com/MehdiZare/strapi-kit/issues/28))
+  - `extract_relations_with_schema()` - Extract relations using content type schema for accuracy
+  - `strip_relations_with_schema()` - Remove only actual relation fields, preserving non-relation fields
+  - Recursive extraction from components and dynamic zones
+  - Extended `FieldSchema` with `component`, `components`, and `repeatable` fields
+  - Added `get_component_schema()` to schema cache for component schema lookups
+  - Exporter now uses schema-aware extraction to avoid false positives
+
+- **JSONL streaming export/import** ([#28](https://github.com/MehdiZare/strapi-kit/issues/28))
+  - `ExportFormat.JSONL` enum for selecting export format
+  - `JSONLExportWriter` - O(1) memory streaming export writer
+  - `JSONLImportReader` - O(1) memory streaming import reader
+  - `exporter.export_to_jsonl()` - Stream entities to JSONL file as they're fetched
+  - `importer.import_from_jsonl()` - Stream import from JSONL file
+  - Enables processing exports larger than available RAM
+
+- **Import options implementation** ([#28](https://github.com/MehdiZare/strapi-kit/issues/28))
+  - `validate_relations` - Pre-import validation that all relation targets exist in export data
+  - `overwrite_media` - Check for existing media by hash before uploading (skip duplicates)
+  - `batch_size` - Batch-based progress reporting during entity import
+  - Added `relations_imported` field to `ImportResult`
+
+### Changed
+
+- Removed empty leftover directories (`import_export/`, `importexport/`)
+- **Consolidated linting tools into ruff**
+  - Replaced bandit with ruff's `S` (flake8-bandit) rules for security checks
+  - Removed bandit dependency from dev requirements
+  - Updated pre-commit hooks, CI workflow, and Makefile
+
+## [0.0.6] - 2026-02-03
+
+### Fixed
+- **StrapiConfig extra env vars** ([#25](https://github.com/MehdiZare/strapi-kit/issues/25), [#26](https://github.com/MehdiZare/strapi-kit/pull/26))
+  - Added `extra="ignore"` to `StrapiConfig` and `RetryConfig` model_config
+  - Prevents `ValidationError: Extra inputs are not permitted` when unrelated `STRAPI_*` environment variables exist
+
+- **Content type v5 parsing** ([#25](https://github.com/MehdiZare/strapi-kit/issues/25), [#26](https://github.com/MehdiZare/strapi-kit/pull/26))
+  - Added `_normalize_content_type_item()` and `_normalize_content_types_list()` helpers
+  - Flattens nested `schema` structure returned by Strapi v5 Content-Type Builder API
+  - `get_content_types()`, `get_components()`, and `get_content_type_schema()` now work with both v4 and v5
+
+- **Exception handling improvements** ([#23](https://github.com/MehdiZare/strapi-kit/pull/23), [#24](https://github.com/MehdiZare/strapi-kit/pull/24))
+  - Use `StrapiError` instead of bare `Exception` in examples for precise error handling
+  - Catch `PydanticValidationError` specifically in Content-Type Builder parsing
+  - Add proper exception chaining when re-raising validation errors
+  - Fix docstring to document `ConfigurationError` instead of `ValueError`
+
+- **Singularization bug fix** ([#23](https://github.com/MehdiZare/strapi-kit/pull/23), [#24](https://github.com/MehdiZare/strapi-kit/pull/24))
+  - Fix `api_id_to_singular()` for `-zzes` endings: `quizzes` → `quiz`, `buzzes` → `buzz`
+  - Use length-based heuristic to distinguish single-z doubled vs double-z base words
+
+### Changed
+
+- **StrEnum migration** ([#26](https://github.com/MehdiZare/strapi-kit/pull/26))
+  - Refactored 6 enum classes from `(str, Enum)` to `StrEnum` (Python 3.11+)
+  - Affected: `FilterOperator`, `SortDirection`, `PublicationState`, `ConflictResolution`, `FieldType`, `RelationType`
+  - Fixes UP042 linting errors in ruff preview mode
+
+- Test coverage maintained at 86% (542 passing tests)
+- Added 14 new tests for config extra env vars and v5 content type parsing
+
+### Added
+
+- **Content-Type Builder API** ([#15](https://github.com/MehdiZare/strapi-kit/issues/15))
+  - `get_content_types(include_plugins=False)` - List all content types from Strapi
+  - `get_components()` - List all components
+  - `get_content_type_schema(uid)` - Get full schema for a content type
+  - New models: `ContentTypeListItem`, `ComponentListItem`, `CTBContentTypeSchema`, `CTBContentTypeInfo`
+  - Schema helper methods: `get_field_type()`, `is_relation_field()`, `is_component_field()`, `get_relation_target()`, `get_component_uid()`
+  - Full async support for all methods
+
+- **UID Conversion Utilities** ([#16](https://github.com/MehdiZare/strapi-kit/issues/16))
+  - `api_id_to_singular()` - Convert plural API IDs to singular form (handles irregular plurals like people→person, children→child)
+  - `uid_to_admin_url()` - Build Strapi admin panel URLs from content type UIDs
+  - `uid_to_api_id` - Alias for `uid_to_endpoint` for clarity
+  - Export of existing utilities: `extract_model_name()`, `is_api_content_type()`
+
+- **SEO Configuration Detection** ([#17](https://github.com/MehdiZare/strapi-kit/issues/17))
+  - `detect_seo_configuration()` - Detect SEO setup in content type schemas
+  - `SEOConfiguration` dataclass for structured detection results
+  - Support for component-based SEO (shared.seo, meta, metadata)
+  - Support for flat SEO fields (metaTitle, meta_description, ogTitle, etc.)
+  - Case-insensitive matching for field names and component UIDs
+
+## [0.0.5] - 2025-01-XX
+
+### Added
+
+- Retry logic with exponential backoff
+- Rate limit handling with Retry-After support
+- Bulk operations (create, update, delete)
+- Progress callbacks for long operations
+
+## [0.0.4] - 2025-01-XX
+
+### Added
+
+- Media upload/download operations
+- Streaming support for large files
+
+## [0.0.3] - 2025-01-XX
+
+### Added
+
+- Type-safe query builder
+- Response normalization for v4/v5
+
+## [0.0.2] - 2025-01-XX
+
+### Added
+
+- Export/Import functionality with automatic relation resolution
+- Schema caching for efficient content type metadata handling
+- Media file export/download support
+- Full migration examples (simple and production-ready)
+
+### Changed
+
+- Improved test coverage to 85%
+
+## [0.0.1] - 2025-01-XX
+
+### Added
+
+- Initial release
+- HTTP clients (sync and async)
+- Configuration with Pydantic and environment variable support
+- Authentication (API tokens)
+- Exception hierarchy with semantic error types
+- API version detection (v4/v5)
+- Type-safe query builder with 24 filter operators
+- Response normalization for both Strapi v4 and v5
+- Media upload/download operations
+- Dependency injection support with protocols
+- Full type hints and mypy strict mode compliance
+
+[Unreleased]: https://github.com/MehdiZare/strapi-kit/compare/v0.1.0...HEAD
+[0.1.0]: https://github.com/MehdiZare/strapi-kit/compare/v0.0.6...v0.1.0
+[0.0.6]: https://github.com/MehdiZare/strapi-kit/compare/v0.0.5...v0.0.6
+[0.0.5]: https://github.com/MehdiZare/strapi-kit/compare/v0.0.4...v0.0.5
+[0.0.4]: https://github.com/MehdiZare/strapi-kit/compare/v0.0.3...v0.0.4
+[0.0.3]: https://github.com/MehdiZare/strapi-kit/compare/v0.0.2...v0.0.3
+[0.0.2]: https://github.com/MehdiZare/strapi-kit/compare/v0.0.1...v0.0.2
+[0.0.1]: https://github.com/MehdiZare/strapi-kit/releases/tag/v0.0.1

{strapi_kit-0.0.6 → strapi_kit-0.1.0}/CLAUDE.md

@@ -530,7 +530,7 @@ make install-hooks
 # 1. Format code (ruff format)
 # 2. Fix linting issues (ruff check --fix)
 # 3. Run type checking (mypy)
-# 4. Check for security issues (bandit)
+# 4. Check for security issues (ruff S rules)
 # 5. Prevent committing secrets (detect-secrets)
 
 # Run hooks manually on all files
@@ -544,7 +544,7 @@ make update-hooks
 - ✅ Code formatting (ruff format)
 - ✅ Linting (ruff check with auto-fix)
 - ✅ Type checking (mypy strict mode on src/ only)
-- ✅ Security issues (bandit on src/ only)
+- ✅ Security issues (ruff S rules on src/ only)
 - ✅ Secrets detection (detect-secrets)
 - ✅ File consistency (trailing whitespace, EOF, YAML/TOML syntax, etc.)
 
@@ -555,7 +555,7 @@ git commit --no-verify
 
 **Important notes:**
 - Hooks only run on staged files by default (fast)
-- Type checking and bandit only scan `src/` directory (not tests or examples)
+- Type checking and security checks only scan `src/` directory (not tests or examples)
 - mkdocs.yml is excluded from YAML checks (uses custom tags)
 - Hooks are configured in `.pre-commit-config.yaml`
 - Secrets baseline is stored in `.secrets.baseline`

{strapi_kit-0.0.6 → strapi_kit-0.1.0}/Makefile

@@ -80,9 +80,9 @@ type-check: ## Run type checking with mypy
 quality: lint type-check ## Run all quality checks (lint + type-check)
 	@echo "$(GREEN)✓ All quality checks passed$(NC)"
 
-security: ## Run security checks (bandit)
+security: ## Run security checks (ruff S rules)
 	@echo "$(BLUE)Running security checks...$(NC)"
-	bandit -c pyproject.toml -r src/
+	ruff check src/ --select S
 	@echo "$(GREEN)✓ Security checks complete$(NC)"
 
 security-baseline: ## Create baseline for detect-secrets

{strapi_kit-0.0.6 → strapi_kit-0.1.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: strapi-kit
-Version: 0.0.6
+Version: 0.1.0
 Summary: A modern Python client for Strapi CMS with import/export capabilities
 Project-URL: Homepage, https://github.com/mehdizare/strapi-kit
 Project-URL: Documentation, https://mehdizare.github.io/strapi-kit/
@@ -27,7 +27,6 @@ Requires-Dist: python-dateutil>=2.9.0
 Requires-Dist: tenacity>=9.0.0
 Requires-Dist: typing-extensions>=4.15.0
 Provides-Extra: dev
-Requires-Dist: bandit[toml]>=1.9.3; extra == 'dev'
 Requires-Dist: detect-secrets>=1.5.0; extra == 'dev'
 Requires-Dist: mypy>=1.19.1; extra == 'dev'
 Requires-Dist: pre-commit>=4.5.0; extra == 'dev'
@@ -1175,7 +1174,7 @@ pre-commit autoupdate
 - ✅ Code formatting (ruff format)
 - ✅ Linting (ruff check)
 - ✅ Type checking (mypy strict mode)
-- ✅ Security issues (bandit)
+- ✅ Security issues (ruff S rules)
 - ✅ Secrets detection (detect-secrets)
 - ✅ File consistency (trailing whitespace, EOF, etc.)
 

{strapi_kit-0.0.6 → strapi_kit-0.1.0}/README.md

@@ -1129,7 +1129,7 @@ pre-commit autoupdate
 - ✅ Code formatting (ruff format)
 - ✅ Linting (ruff check)
 - ✅ Type checking (mypy strict mode)
-- ✅ Security issues (bandit)
+- ✅ Security issues (ruff S rules)
 - ✅ Secrets detection (detect-secrets)
 - ✅ File consistency (trailing whitespace, EOF, etc.)
 

{strapi_kit-0.0.6 → strapi_kit-0.1.0}/pyproject.toml

@@ -40,7 +40,6 @@ dev = [
     "mypy>=1.19.1",
     "ruff>=0.14.14",
     "pre-commit>=4.5.0",
-    "bandit[toml]>=1.9.3",
     "detect-secrets>=1.5.0",
     "safety>=2.3.0,<4.0.0",  # <3.0.0 to avoid API auth requirements in CI
 ]
@@ -94,15 +93,19 @@ select = [
     "B",   # flake8-bugbear
     "C4",  # flake8-comprehensions
     "UP",  # pyupgrade
+    "S",   # flake8-bandit (security)
 ]
 ignore = [
     "E501",  # line too long (handled by formatter)
     "UP046", # Generic type parameter syntax (Python 3.12+, not using PEP 695 yet)
+    "S101",  # assert used in tests (ignored via per-file-ignores, kept for explicitness)
 ]
 
 [tool.ruff.lint.per-file-ignores]
 "__init__.py" = ["F401"]  # Allow unused imports in __init__.py
-"_version.py" = ["E", "W", "F", "I", "B", "C4", "UP"]  # Auto-generated by hatch-vcs, skip all checks
+"_version.py" = ["E", "W", "F", "I", "B", "C4", "UP", "S"]  # Auto-generated by hatch-vcs, skip all checks
+"tests/**" = ["S"]  # Skip security checks in tests
+"examples/**" = ["S"]  # Skip security checks in examples
 
 [tool.pytest.ini_options]
 asyncio_mode = "auto"
@@ -151,7 +154,3 @@ exclude_lines = [
     "if TYPE_CHECKING:",
     "@abstractmethod",
 ]
-
-[tool.bandit]
-exclude_dirs = ["tests", ".venv", "build", "dist"]
-skips = ["B101"]  # Skip assert_used (we use asserts in tests)

{strapi_kit-0.0.6 → strapi_kit-0.1.0}/src/strapi_kit/_version.py

@@ -28,7 +28,7 @@ version_tuple: VERSION_TUPLE
 commit_id: COMMIT_ID
 __commit_id__: COMMIT_ID
 
-__version__ = version = '0.0.6'
-__version_tuple__ = version_tuple = (0, 0, 6)
+__version__ = version = '0.1.0'
+__version_tuple__ = version_tuple = (0, 1, 0)
 
 __commit_id__ = commit_id = None

{strapi_kit-0.0.6 → strapi_kit-0.1.0}/src/strapi_kit/cache/schema_cache.py

@@ -5,6 +5,7 @@ from typing import TYPE_CHECKING, Any
 
 from ..exceptions import StrapiError
 from ..models.schema import ContentTypeSchema, FieldSchema, FieldType, RelationType
+from ..utils.schema import extract_info_from_schema
 
 if TYPE_CHECKING:
     from ..client.sync_client import SyncClient
@@ -36,6 +37,7 @@ class InMemorySchemaCache:
         """
         self.client = client
         self._cache: dict[str, ContentTypeSchema] = {}
+        self._component_cache: dict[str, ContentTypeSchema] = {}
         self._fetch_count = 0
 
     def get_schema(self, content_type: str) -> ContentTypeSchema:
@@ -88,9 +90,80 @@ class InMemorySchemaCache:
     def clear_cache(self) -> None:
         """Clear all cached schemas."""
         self._cache.clear()
+        self._component_cache.clear()
         self._fetch_count = 0
         logger.debug("Schema cache cleared")
 
+    def get_component_schema(self, component_uid: str) -> ContentTypeSchema:
+        """Get component schema (cached or fetch from API).
+
+        Lazy loading: only fetches on first access.
+
+        Args:
+            component_uid: Component UID (e.g., "blog.author-bio")
+
+        Returns:
+            Component schema
+
+        Raises:
+            StrapiError: If schema fetch fails
+        """
+        # Check cache first
+        if component_uid in self._component_cache:
+            logger.debug(f"Component schema cache hit: {component_uid}")
+            return self._component_cache[component_uid]
+
+        # Cache miss - fetch from API
+        logger.debug(f"Component schema cache miss: {component_uid}")
+        schema = self._fetch_component_schema(component_uid)
+        self._component_cache[component_uid] = schema
+        self._fetch_count += 1
+        return schema
+
+    def has_component_schema(self, component_uid: str) -> bool:
+        """Check if component schema is cached.
+
+        Args:
+            component_uid: Component UID
+
+        Returns:
+            True if schema is cached, False otherwise
+        """
+        return component_uid in self._component_cache
+
+    def _fetch_component_schema(self, component_uid: str) -> ContentTypeSchema:
+        """Fetch component schema from Strapi API.
+
+        Endpoint: GET /api/content-type-builder/components/{uid}
+
+        Args:
+            component_uid: Component UID
+
+        Returns:
+            Parsed component schema
+
+        Raises:
+            StrapiError: If fetch fails
+        """
+        endpoint = f"content-type-builder/components/{component_uid}"
+
+        try:
+            response = self.client.get(endpoint)
+        except Exception as e:
+            raise StrapiError(
+                f"Failed to fetch component schema for {component_uid}",
+                details={"component_uid": component_uid, "error": str(e)},
+            ) from e
+
+        schema_data = response.get("data")
+        if not schema_data:
+            raise StrapiError(
+                f"Invalid component schema response for {component_uid}",
+                details={"response": response},
+            )
+
+        return self._parse_schema_response(component_uid, schema_data)
+
     def _fetch_schema(self, content_type: str) -> ContentTypeSchema:
         """Fetch schema from Strapi API.
 
@@ -134,8 +207,14 @@ class InMemorySchemaCache:
         Returns:
             Parsed content type schema
         """
-        info = schema_data.get("info", {})
-        attributes = schema_data.get("attributes", {})
+        # Handle v5 nested schema format (Issue #28)
+        if "schema" in schema_data and isinstance(schema_data["schema"], dict):
+            schema = schema_data["schema"]
+        else:
+            schema = schema_data
+
+        info = extract_info_from_schema(schema)
+        attributes = schema.get("attributes", {})
 
         fields: dict[str, FieldSchema] = {}
         for field_name, field_data in attributes.items():
@@ -147,7 +226,7 @@ class InMemorySchemaCache:
         return ContentTypeSchema(
             uid=uid,
             display_name=info.get("displayName", uid),
-            kind=schema_data.get("kind", "collectionType"),
+            kind=schema.get("kind", "collectionType"),
             singular_name=info.get("singularName"),
             plural_name=info.get("pluralName"),
             fields=fields,
@@ -190,6 +269,15 @@ class InMemorySchemaCache:
             schema.mapped_by = field_data.get("mappedBy")
             schema.inversed_by = field_data.get("inversedBy")
 
+        # Component-specific
+        if field_type == FieldType.COMPONENT:
+            schema.component = field_data.get("component")
+            schema.repeatable = field_data.get("repeatable", False)
+
+        # Dynamic zone-specific
+        if field_type == FieldType.DYNAMIC_ZONE:
+            schema.components = field_data.get("components", [])
+
         return schema
 
     @property