supertable 2.0.2__tar.gz → 2.0.3__tar.gz

supertable-2.0.3/LICENSE

@@ -0,0 +1,103 @@
+# Functional Source License, Version 1.1, ALv2 Future License
+
+## Abbreviation
+
+FSL-1.1-ALv2
+
+## Notice
+
+Copyright 2024-2026 Kladna Soft Kft.
+
+## Terms and Conditions
+
+### Licensor ("We")
+
+The party offering the Software under these Terms and Conditions.
+
+### The Software
+
+The "Software" is each version of the software that we make available under
+these Terms and Conditions, as indicated by our inclusion of these Terms and
+Conditions with the Software.
+
+### License Grant
+
+Subject to your compliance with this License Grant and the Patents,
+Redistribution and Trademark clauses below, we hereby grant you the right to
+use, copy, modify, create derivative works, publicly perform, publicly display
+and redistribute the Software for any Permitted Purpose identified below.
+
+### Permitted Purpose
+
+A Permitted Purpose is any purpose other than a Competing Use. A Competing Use
+means making the Software available to others in a commercial product or
+service that:
+
+1. substitutes for the Software;
+2. substitutes for any other product or service we offer using the Software
+   that exists as of the date we make the Software available; or
+3. offers the same or substantially similar functionality as the Software.
+
+Permitted Purposes specifically include using the Software:
+
+1. for your internal use and access;
+2. for non-commercial education;
+3. for non-commercial research; and
+4. in connection with professional services that you provide to a licensee
+   using the Software in accordance with these Terms and Conditions.
+
+### Patents
+
+To the extent your use for a Permitted Purpose would necessarily infringe our
+patents, the license grant above includes a license under our patents. If you
+make a claim against any party that the Software infringes or contributes to
+the infringement of any patent, then your patent license to the Software ends
+immediately.
+
+### Redistribution
+
+The Terms and Conditions apply to all copies, modifications and derivatives of
+the Software.
+
+If you redistribute any copies, modifications or derivatives of the Software,
+you must include a copy of or a link to these Terms and Conditions and not
+remove any copyright notices provided in or with the Software.
+
+### Disclaimer
+
+THE SOFTWARE IS PROVIDED "AS IS" AND WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR
+PURPOSE, MERCHANTABILITY, TITLE OR NON-INFRINGEMENT.
+
+IN NO EVENT WILL WE HAVE ANY LIABILITY TO YOU ARISING OUT OF OR RELATED TO THE
+SOFTWARE, INCLUDING INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES,
+EVEN IF WE HAVE BEEN INFORMED OF THEIR POSSIBILITY IN ADVANCE.
+
+### Trademarks
+
+Except for displaying the License Details and identifying us as the origin of
+the Software, you have no right under these Terms and Conditions to use our
+trademarks, trade names, service marks or product names.
+
+## Grant of Future License
+
+We hereby irrevocably grant you an additional license to use the Software under
+the Apache License, Version 2.0 that is effective on the second anniversary of
+the date we make the Software available.
+
+On or after that date, you may use the Software under the Apache License,
+Version 2.0, in which case the following will apply:
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+this file except in compliance with the License.
+
+You may obtain a copy of the License at:
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed
+under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and limitations
+under the License.

{supertable-2.0.2 → supertable-2.0.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: supertable
-Version: 2.0.2
+Version: 2.0.3
 Summary: SuperTable — versioned data lake library for SQL analytics on Parquet + Redis.
 Author: Levente Kupas
 Author-email: Levente Kupas <lkupas@kladnasoft.com>
@@ -44,7 +44,7 @@ Dynamic: requires-python
 # SuperTable
 
 ![Python](https://img.shields.io/badge/python-3.10%2B-blue)
-![License: STPUL](https://img.shields.io/badge/license-STPUL-blue)
+![License](https://img.shields.io/badge/license-FSL--1.1--ALv2-orange)
 ![Version](https://img.shields.io/badge/version-2.0.0-brightgreen)
 
 **SuperTable — versioned data lake library for SQL analytics.**
@@ -214,6 +214,28 @@ See [docs/00_index.md](docs/00_index.md) for the full table of contents.
 
 ## License
 
-Super Table Public Use License (STPUL) v1.0 — see [LICENSE](LICENSE).
+SuperTable is licensed under the **Functional Source License, Version 1.1,
+ALv2 Future License** (`FSL-1.1-ALv2`).
 
-Copyright © Kladna Soft Kft. All rights reserved.
+You may use, copy, modify, create derivative works, publicly perform, publicly
+display, and redistribute the software for any permitted purpose other than a
+**Competing Use**.
+
+A **Competing Use** means making the software available to others in a
+commercial product or service that:
+
+1. substitutes for SuperTable;
+2. substitutes for another product or service offered by Kladna Soft Kft. using
+   SuperTable; or
+3. offers the same or substantially similar functionality as SuperTable.
+
+Permitted purposes include internal use, non-commercial education,
+non-commercial research, and professional services provided to a licensee using
+the software in accordance with the license.
+
+Each version of the software becomes available under the **Apache License 2.0**
+on the second anniversary of the date that version is made available.
+
+See [LICENSE](LICENSE) for the full license terms.
+
+Copyright © 2024-2026 Kladna Soft Kft.

{supertable-2.0.2 → supertable-2.0.3}/README.md

@@ -1,7 +1,7 @@
 # SuperTable
 
 ![Python](https://img.shields.io/badge/python-3.10%2B-blue)
-![License: STPUL](https://img.shields.io/badge/license-STPUL-blue)
+![License](https://img.shields.io/badge/license-FSL--1.1--ALv2-orange)
 ![Version](https://img.shields.io/badge/version-2.0.0-brightgreen)
 
 **SuperTable — versioned data lake library for SQL analytics.**
@@ -171,6 +171,28 @@ See [docs/00_index.md](docs/00_index.md) for the full table of contents.
 
 ## License
 
-Super Table Public Use License (STPUL) v1.0 — see [LICENSE](LICENSE).
+SuperTable is licensed under the **Functional Source License, Version 1.1,
+ALv2 Future License** (`FSL-1.1-ALv2`).
 
-Copyright © Kladna Soft Kft. All rights reserved.
+You may use, copy, modify, create derivative works, publicly perform, publicly
+display, and redistribute the software for any permitted purpose other than a
+**Competing Use**.
+
+A **Competing Use** means making the software available to others in a
+commercial product or service that:
+
+1. substitutes for SuperTable;
+2. substitutes for another product or service offered by Kladna Soft Kft. using
+   SuperTable; or
+3. offers the same or substantially similar functionality as SuperTable.
+
+Permitted purposes include internal use, non-commercial education,
+non-commercial research, and professional services provided to a licensee using
+the software in accordance with the license.
+
+Each version of the software becomes available under the **Apache License 2.0**
+on the second anniversary of the date that version is made available.
+
+See [LICENSE](LICENSE) for the full license terms.
+
+Copyright © 2024-2026 Kladna Soft Kft.

{supertable-2.0.2 → supertable-2.0.3}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "supertable"
-version = "2.0.2"
+version = "2.0.3"
 description = "SuperTable — versioned data lake library for SQL analytics on Parquet + Redis."
 readme = "README.md"
 requires-python = ">=3.10"

{supertable-2.0.2 → supertable-2.0.3}/setup.py

@@ -19,7 +19,7 @@ long_description = readme.read_text(encoding="utf-8") if readme.exists() else ""
 
 setup(
     name="supertable",
-    version="2.0.2",
+    version="2.0.3",
     description="SuperTable — versioned data lake library for SQL analytics on Parquet + Redis.",
     long_description=long_description,
     long_description_content_type="text/markdown",

{supertable-2.0.2 → supertable-2.0.3}/supertable/__init__.py

@@ -25,7 +25,7 @@ See the ``supertable.demo`` package for runnable end-to-end demos and the
 project documentation for the full API surface.
 """
 
-__version__ = "2.0.2"
+__version__ = "2.0.3"
 
 # Re-export the core public surface so users can do ``from supertable import …``
 # instead of remembering submodule paths.

supertable-2.0.3/supertable/audit/admin.py

@@ -0,0 +1,206 @@
+# route: supertable.audit.admin
+"""
+Per-organization runtime audit configuration.
+
+The Compliance tab in the WebUI (/ui/audit) calls this module via the API
+to read and update per-org audit toggles WITHOUT restarting the process.
+
+Persistence
+-----------
+Stored in Redis as a HASH at:
+
+    supertable:{org}:audit:config
+
+Fields
+------
+    enabled         "true" | "false"   master on/off switch (default: env)
+    log_queries     "true" | "false"   record DATA_ACCESS query events
+    log_reads       "true" | "false"   record DATA_ACCESS read events
+    hash_chain      "true" | "false"   tamper-evident hash chaining
+    siem_enabled    "true" | "false"   external SIEM consumer groups
+    updated_ms      str(int)           last update timestamp
+    updated_by      str                actor (username) who toggled
+
+Audit-of-the-audit
+------------------
+Every change to this config emits a CONFIG_CHANGE audit event so that
+turning audit OFF is itself recorded — DORA Art. 6 / SOC 2 CC8.1.
+
+Compliance: DORA Art. 6 (information security), SOC 2 CC8.1 (change mgmt).
+"""
+from __future__ import annotations
+
+import logging
+import time
+from typing import Any, Dict, Optional
+
+from supertable import redis_keys as RK
+
+logger = logging.getLogger(__name__)
+
+
+# ---------------------------------------------------------------------------
+# Field schema
+# ---------------------------------------------------------------------------
+
+# Boolean fields and their env-var defaults (resolved lazily so settings is
+# only imported when actually needed; avoids import-time side effects).
+_BOOL_FIELDS = (
+    "enabled",
+    "log_queries",
+    "log_reads",
+    "hash_chain",
+    "siem_enabled",
+)
+
+_ENV_DEFAULTS = {
+    "enabled":      "SUPERTABLE_AUDIT_ENABLED",
+    "log_queries":  "SUPERTABLE_AUDIT_LOG_QUERIES",
+    "log_reads":    "SUPERTABLE_AUDIT_LOG_READS",
+    "hash_chain":   "SUPERTABLE_AUDIT_HASH_CHAIN",
+    "siem_enabled": "SUPERTABLE_AUDIT_SIEM_ENABLED",
+}
+
+
+def _env_default(field: str) -> bool:
+    """Read the env-var default for *field*."""
+    from supertable.config.settings import settings as _cfg
+    attr = _ENV_DEFAULTS.get(field)
+    if not attr:
+        return False
+    return bool(getattr(_cfg, attr, False))
+
+
+def _coerce_bool(v: Any) -> Optional[bool]:
+    if isinstance(v, bool):
+        return v
+    if v is None:
+        return None
+    s = str(v).strip().lower()
+    if s in ("1", "true", "yes", "y", "on"):
+        return True
+    if s in ("0", "false", "no", "n", "off"):
+        return False
+    return None
+
+
+def _redis():
+    """Lazy Redis handle.  Centralizes the import for testability."""
+    from supertable.redis_catalog import RedisCatalog
+    return RedisCatalog().r
+
+
+# ---------------------------------------------------------------------------
+# Read
+# ---------------------------------------------------------------------------
+
+def get_audit_config(org: str) -> Dict[str, Any]:
+    """Return the effective audit config for *org*.
+
+    Merges Redis overrides over env-var defaults.  Always returns every
+    boolean field with a concrete True/False value plus updated_ms /
+    updated_by (or empty defaults).
+    """
+    out: Dict[str, Any] = {field: _env_default(field) for field in _BOOL_FIELDS}
+    out["updated_ms"] = 0
+    out["updated_by"] = ""
+
+    if not org:
+        return out
+
+    try:
+        raw = _redis().hgetall(RK.audit_config(org)) or {}
+    except Exception as e:  # pragma: no cover — non-fatal
+        logger.warning("[audit-admin] get_audit_config redis error: %s", e)
+        return out
+
+    for field in _BOOL_FIELDS:
+        if field in raw:
+            v = _coerce_bool(raw[field])
+            if v is not None:
+                out[field] = v
+    if "updated_ms" in raw:
+        try:
+            out["updated_ms"] = int(raw["updated_ms"])
+        except (TypeError, ValueError):
+            pass
+    if "updated_by" in raw:
+        out["updated_by"] = str(raw["updated_by"])
+
+    return out
+
+
+def is_audit_enabled(org: str) -> bool:
+    """Convenience helper used by the audit logger."""
+    return bool(get_audit_config(org).get("enabled", False))
+
+
+# ---------------------------------------------------------------------------
+# Write
+# ---------------------------------------------------------------------------
+
+def set_audit_config(
+    org: str,
+    *,
+    enabled: Optional[bool] = None,
+    log_queries: Optional[bool] = None,
+    log_reads: Optional[bool] = None,
+    hash_chain: Optional[bool] = None,
+    siem_enabled: Optional[bool] = None,
+    updated_by: str = "",
+) -> Dict[str, Any]:
+    """Update per-org audit config.  Only fields that are not None are written.
+
+    Returns the new effective config (post-merge).
+    """
+    if not org:
+        raise ValueError("organization is required")
+
+    incoming: Dict[str, Any] = {
+        "enabled": enabled,
+        "log_queries": log_queries,
+        "log_reads": log_reads,
+        "hash_chain": hash_chain,
+        "siem_enabled": siem_enabled,
+    }
+    mapping: Dict[str, str] = {}
+    for field, val in incoming.items():
+        if val is None:
+            continue
+        mapping[field] = "true" if bool(val) else "false"
+
+    now_ms = int(time.time() * 1000)
+    mapping["updated_ms"] = str(now_ms)
+    if updated_by:
+        mapping["updated_by"] = str(updated_by)
+
+    try:
+        _redis().hset(RK.audit_config(org), mapping=mapping)
+    except Exception as e:
+        logger.error("[audit-admin] set_audit_config redis error: %s", e)
+        raise
+
+    new_cfg = get_audit_config(org)
+
+    # Emit a CONFIG_CHANGE audit event for the change itself.
+    # Use a try/except so a misconfigured audit subsystem cannot block the
+    # config write that just succeeded.
+    try:
+        from supertable.audit import emit, EventCategory, Actions, Severity, make_detail
+        # Build a detail string showing only the fields that were touched.
+        touched = {k: v for k, v in incoming.items() if v is not None}
+        emit(
+            category=EventCategory.CONFIG_CHANGE,
+            action=getattr(Actions, "CONFIG_UPDATE", "config.update"),
+            organization=org,
+            actor_username=updated_by or "",
+            actor_id="",
+            resource_type="audit_config",
+            resource_id="audit:config",
+            detail=make_detail(**{k: ("true" if bool(v) else "false") for k, v in touched.items()}),
+            severity=Severity.WARNING,
+        )
+    except Exception as e:  # pragma: no cover — non-fatal
+        logger.debug("[audit-admin] config-change audit emit failed: %s", e)
+
+    return new_cfg

{supertable-2.0.2 → supertable-2.0.3}/supertable/audit/logger.py

@@ -35,17 +35,19 @@ logger = logging.getLogger(__name__)
 
 @dataclass
 class AuditConfig:
-    enabled: bool = True
+    # Default to OFF.  Real values come from env (from_settings) and are
+    # overridden per-organization via the Redis-backed admin layer.
+    enabled: bool = False
     batch_size: int = 1000
     flush_interval_sec: int = 60
     redis_stream_ttl_hours: int = 24
     redis_stream_maxlen: int = 100_000
-    hash_chain: bool = True
-    log_queries: bool = True
-    log_reads: bool = True
+    hash_chain: bool = False
+    log_queries: bool = False
+    log_reads: bool = False
     alert_webhook: str = ""
     fernet_key: str = ""
-    siem_enabled: bool = True
+    siem_enabled: bool = False
     siem_max_consumers: int = 10
 
     @classmethod
@@ -53,22 +55,38 @@ class AuditConfig:
         try:
             from supertable.config.settings import settings as _cfg
             return cls(
-                enabled=getattr(_cfg, "SUPERTABLE_AUDIT_ENABLED", True),
+                enabled=getattr(_cfg, "SUPERTABLE_AUDIT_ENABLED", False),
                 batch_size=getattr(_cfg, "SUPERTABLE_AUDIT_BATCH_SIZE", 1000),
                 flush_interval_sec=getattr(_cfg, "SUPERTABLE_AUDIT_FLUSH_INTERVAL_SEC", 60),
                 redis_stream_ttl_hours=getattr(_cfg, "SUPERTABLE_AUDIT_REDIS_STREAM_TTL_HOURS", 24),
                 redis_stream_maxlen=getattr(_cfg, "SUPERTABLE_AUDIT_REDIS_STREAM_MAXLEN", 100_000),
-                hash_chain=getattr(_cfg, "SUPERTABLE_AUDIT_HASH_CHAIN", True),
-                log_queries=getattr(_cfg, "SUPERTABLE_AUDIT_LOG_QUERIES", True),
-                log_reads=getattr(_cfg, "SUPERTABLE_AUDIT_LOG_READS", True),
+                hash_chain=getattr(_cfg, "SUPERTABLE_AUDIT_HASH_CHAIN", False),
+                log_queries=getattr(_cfg, "SUPERTABLE_AUDIT_LOG_QUERIES", False),
+                log_reads=getattr(_cfg, "SUPERTABLE_AUDIT_LOG_READS", False),
                 alert_webhook=getattr(_cfg, "SUPERTABLE_AUDIT_ALERT_WEBHOOK", ""),
                 fernet_key=getattr(_cfg, "SUPERTABLE_AUDIT_FERNET_KEY", ""),
-                siem_enabled=getattr(_cfg, "SUPERTABLE_AUDIT_SIEM_ENABLED", True),
+                siem_enabled=getattr(_cfg, "SUPERTABLE_AUDIT_SIEM_ENABLED", False),
                 siem_max_consumers=getattr(_cfg, "SUPERTABLE_AUDIT_SIEM_MAX_CONSUMERS", 10),
             )
         except Exception:
             return cls()
 
+    def with_overrides(self, overrides: Dict[str, Any]) -> "AuditConfig":
+        """Return a copy with select fields replaced from a dict (e.g., from
+        the Redis-backed audit:config HASH).  Unknown keys are ignored."""
+        from dataclasses import replace
+        kw: Dict[str, Any] = {}
+        for k in (
+            "enabled",
+            "hash_chain",
+            "log_queries",
+            "log_reads",
+            "siem_enabled",
+        ):
+            if k in overrides and overrides[k] is not None:
+                kw[k] = bool(overrides[k])
+        return replace(self, **kw) if kw else self
+
 
 # ---------------------------------------------------------------------------
 # NullAuditLogger (no-op when auditing is disabled)
@@ -386,32 +404,77 @@ class AuditLogger:
 # Singleton cache (one logger per organization)
 # ---------------------------------------------------------------------------
 
-_LOGGERS: Dict[str, AuditLogger] = {}
+_LOGGERS: Dict[str, "AuditLogger | NullAuditLogger"] = {}
 _LOGGERS_LOCK = threading.Lock()
-_CONFIG: Optional[AuditConfig] = None
 
+# Per-org config cache: org → (config, expires_at_seconds).
+# Resolved against env defaults + Redis override (supertable:{org}:audit:config).
+_ORG_CFG_CACHE: Dict[str, "tuple[AuditConfig, float]"] = {}
+_ORG_CFG_TTL_S: float = 30.0  # toggle takes effect within this many seconds
+
+
+def _resolve_config_for(organization: str) -> AuditConfig:
+    """Resolve the effective AuditConfig for *organization*.
+
+    Merges the Redis override at ``supertable:{org}:audit:config`` over the
+    env-var defaults.  Cached for _ORG_CFG_TTL_S seconds.
+    """
+    now = time.time()
+    cached = _ORG_CFG_CACHE.get(organization)
+    if cached is not None and cached[1] > now:
+        return cached[0]
 
-def _get_config() -> AuditConfig:
-    global _CONFIG
-    if _CONFIG is None:
-        _CONFIG = AuditConfig.from_settings()
-    return _CONFIG
+    base = AuditConfig.from_settings()
+    try:
+        from supertable.audit.admin import get_audit_config as _get_redis_cfg
+        overrides = _get_redis_cfg(organization)
+    except Exception:
+        overrides = {}
+
+    cfg = base.with_overrides(overrides) if overrides else base
+    _ORG_CFG_CACHE[organization] = (cfg, now + _ORG_CFG_TTL_S)
+    return cfg
+
+
+def invalidate_audit_config_cache(organization: Optional[str] = None) -> None:
+    """Drop the cached config for *organization* (or all orgs).  Called by the
+    admin endpoint after a toggle so the change takes effect immediately."""
+    if organization is None:
+        _ORG_CFG_CACHE.clear()
+    else:
+        _ORG_CFG_CACHE.pop(organization, None)
 
 
 def get_audit_logger(organization: str) -> "AuditLogger | NullAuditLogger":
     """Return a cached AuditLogger for the organization.
 
-    Thread-safe. Returns NullAuditLogger if auditing is disabled.
+    Thread-safe.  When auditing is disabled (env default OFF, or per-org
+    override set to ``enabled=false``), returns a NullAuditLogger.  When the
+    toggle is flipped from ON→OFF, the previously-running real logger is
+    stopped and replaced with a NullAuditLogger on the next call.
     """
-    config = _get_config()
-    if not config.enabled:
-        return NullAuditLogger()
+    config = _resolve_config_for(organization)
 
     with _LOGGERS_LOCK:
         existing = _LOGGERS.get(organization)
-        if existing is not None:
+
+        if not config.enabled:
+            # If we previously had a real logger, drain & stop it.
+            if existing is not None and not isinstance(existing, NullAuditLogger):
+                try:
+                    existing.stop()
+                except Exception as e:
+                    logger.warning("[audit] graceful stop failed for %s: %s", organization, e)
+                _LOGGERS[organization] = NullAuditLogger()
+            elif existing is None:
+                _LOGGERS[organization] = NullAuditLogger()
+            return _LOGGERS[organization]
+
+        # Audit is enabled.  Reuse a real logger if we have one.
+        if existing is not None and not isinstance(existing, NullAuditLogger):
             return existing
 
+        # Either no logger or the cached one was a Null — create a real one.
         audit_logger = AuditLogger(organization, config)
         _LOGGERS[organization] = audit_logger
         return audit_logger

{supertable-2.0.2 → supertable-2.0.3}/supertable/audit/writer_redis.py

@@ -21,21 +21,15 @@ import logging
 import time
 from typing import Any, Dict, List, Optional, Tuple
 
+from supertable import redis_keys as RK
+
 logger = logging.getLogger(__name__)
 
 
 # ---------------------------------------------------------------------------
-# Key helpers
+# Key helpers — delegate to supertable.redis_keys for namespace consistency
 # ---------------------------------------------------------------------------
 
-def _stream_key(org: str) -> str:
-    return f"supertable:{org}:audit:stream"
-
-
-def _chain_head_key(org: str, instance_id: str) -> str:
-    return f"supertable:{org}:audit:chain_head:{instance_id}"
-
-
 ARCHIVAL_GROUP = "__archival__"
 
 
@@ -55,8 +49,8 @@ class RedisAuditWriter:
         self._org = org
         self._instance_id = instance_id
         self._maxlen = maxlen
-        self._stream = _stream_key(org)
-        self._chain_key = _chain_head_key(org, instance_id)
+        self._stream = RK.audit_stream(org)
+        self._chain_key = RK.audit_chain_head(org, instance_id)
         self._ensure_stream()
 
     def _ensure_stream(self) -> None:

{supertable-2.0.2 → supertable-2.0.3}/supertable/config/settings.py

@@ -260,7 +260,10 @@ class Settings:
     SUPERTABLE_SUPER_META_CACHE_TTL_S: Optional[float] = None  # SUPERTABLE_SUPER_META_CACHE_TTL_S
 
     # ── Audit ────────────────────────────────────────────────────────
-    SUPERTABLE_AUDIT_ENABLED: bool = True                    # SUPERTABLE_AUDIT_ENABLED
+    # Audit is OFF by default.  Enable per-organization in the WebUI
+    # /ui/audit → Compliance tab (persisted at supertable:{org}:audit:config),
+    # or globally via the SUPERTABLE_AUDIT_ENABLED env var.
+    SUPERTABLE_AUDIT_ENABLED: bool = False                   # SUPERTABLE_AUDIT_ENABLED
     SUPERTABLE_AUDIT_RETENTION_DAYS: int = 2555              # SUPERTABLE_AUDIT_RETENTION_DAYS (~7 years)
     SUPERTABLE_AUDIT_BATCH_SIZE: int = 1000                  # SUPERTABLE_AUDIT_BATCH_SIZE
     SUPERTABLE_AUDIT_FLUSH_INTERVAL_SEC: int = 60            # SUPERTABLE_AUDIT_FLUSH_INTERVAL_SEC
@@ -508,7 +511,7 @@ def _build_settings() -> Settings:
         SUPERTABLE_SUPER_META_CACHE_TTL_S=meta_ttl,
 
         # ── Audit ────────────────────────────────────────────────────
-        SUPERTABLE_AUDIT_ENABLED=_env_bool("SUPERTABLE_AUDIT_ENABLED", True),
+        SUPERTABLE_AUDIT_ENABLED=_env_bool("SUPERTABLE_AUDIT_ENABLED", False),
         SUPERTABLE_AUDIT_RETENTION_DAYS=_env_int("SUPERTABLE_AUDIT_RETENTION_DAYS", 2555),
         SUPERTABLE_AUDIT_BATCH_SIZE=_env_int("SUPERTABLE_AUDIT_BATCH_SIZE", 1000),
         SUPERTABLE_AUDIT_FLUSH_INTERVAL_SEC=_env_int("SUPERTABLE_AUDIT_FLUSH_INTERVAL_SEC", 60),

{supertable-2.0.2 → supertable-2.0.3}/supertable/data_writer.py

@@ -13,6 +13,7 @@ from polars import DataFrame
 from supertable.config.defaults import logger
 from supertable.monitoring_writer import MonitoringWriter  # async monitoring
 from supertable.super_table import SuperTable
+from supertable import redis_keys as RK
 from supertable.simple_table import SimpleTable
 from supertable.utils.timer import Timer
 from supertable.processing import (
@@ -455,8 +456,8 @@ class DataWriter:
                     else:
                         schema_json = "{}"
                     _org, _sup = self.super_table.organization, self.super_table.super_name
-                    self.catalog.r.set(f"supertable:{_org}:{_sup}:schema:{simple_name}", schema_json)
-                    self.catalog.r.sadd(f"supertable:{_org}:{_sup}:table_names", simple_name)
+                    self.catalog.r.set(RK.schema(_org, _sup, simple_name), schema_json)
+                    self.catalog.r.sadd(RK.table_names(_org, _sup), simple_name)
                 except Exception as e:
                     logger.debug(f"[data-writer] schema/table_names Redis write failed: {e}")