svc-infra 0.1.589__py3-none-any.whl → 0.1.706__py3-none-any.whl

svc_infra/db/outbox.py

@@ -0,0 +1,108 @@
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+from datetime import datetime, timezone
+from typing import Any, Dict, Iterable, List, Optional, Protocol
+
+
+@dataclass
+class OutboxMessage:
+    id: int
+    topic: str
+    payload: Dict[str, Any]
+    created_at: datetime = field(default_factory=lambda: datetime.now(timezone.utc))
+    attempts: int = 0
+    processed_at: Optional[datetime] = None
+
+
+class OutboxStore(Protocol):
+    def enqueue(self, topic: str, payload: Dict[str, Any]) -> OutboxMessage:
+        pass
+
+    def fetch_next(
+        self, *, topics: Optional[Iterable[str]] = None
+    ) -> Optional[OutboxMessage]:
+        """Return the next undispatched, unprocessed message (FIFO per-topic), or None.
+
+        Notes:
+        - Messages with attempts > 0 are considered "dispatched" to the job queue and won't be re-enqueued.
+        - Delivery retries are handled by the job queue worker, not by re-reading the outbox.
+        """
+        pass
+
+    def mark_processed(self, msg_id: int) -> None:
+        pass
+
+    def mark_failed(self, msg_id: int) -> None:
+        pass
+
+
+class InMemoryOutboxStore:
+    """Simple in-memory outbox for tests and local runs."""
+
+    def __init__(self):
+        self._seq = 0
+        self._messages: List[OutboxMessage] = []
+
+    def enqueue(self, topic: str, payload: Dict[str, Any]) -> OutboxMessage:
+        self._seq += 1
+        msg = OutboxMessage(id=self._seq, topic=topic, payload=dict(payload))
+        self._messages.append(msg)
+        return msg
+
+    def fetch_next(
+        self, *, topics: Optional[Iterable[str]] = None
+    ) -> Optional[OutboxMessage]:
+        allowed = set(topics) if topics else None
+        for msg in self._messages:
+            if msg.processed_at is not None:
+                continue
+            # skip already dispatched messages (attempts>0)
+            if msg.attempts > 0:
+                continue
+            if allowed is not None and msg.topic not in allowed:
+                continue
+            return msg
+        return None
+
+    def mark_processed(self, msg_id: int) -> None:
+        for msg in self._messages:
+            if msg.id == msg_id:
+                msg.processed_at = datetime.now(timezone.utc)
+                return
+
+    def mark_failed(self, msg_id: int) -> None:
+        for msg in self._messages:
+            if msg.id == msg_id:
+                msg.attempts += 1
+                return
+
+
+class SqlOutboxStore:
+    """Skeleton for a SQL-backed outbox store.
+
+    Implementations should:
+    - INSERT on enqueue
+    - SELECT FOR UPDATE SKIP LOCKED (or equivalent) to fetch next
+    - UPDATE processed_at (and attempts on failure)
+    """
+
+    def __init__(self, session_factory):
+        self._session_factory = session_factory
+
+    # Placeholders to outline the API; not implemented here.
+    def enqueue(
+        self, topic: str, payload: Dict[str, Any]
+    ) -> OutboxMessage:  # pragma: no cover - skeleton
+        raise NotImplementedError
+
+    def fetch_next(
+        self, *, topics: Optional[Iterable[str]] = None
+    ) -> Optional[OutboxMessage]:  # pragma: no cover - skeleton
+        raise NotImplementedError
+
+    def mark_processed(self, msg_id: int) -> None:  # pragma: no cover - skeleton
+        raise NotImplementedError
+
+    def mark_failed(self, msg_id: int) -> None:  # pragma: no cover - skeleton
+        raise NotImplementedError

svc_infra/db/sql/apikey.py

@@ -7,18 +7,36 @@ import uuid
 from datetime import datetime, timezone
 from typing import Optional, Type
 
-from sqlalchemy import JSON, Boolean, DateTime, ForeignKey, Index, String, UniqueConstraint, text
+from sqlalchemy import (
+    JSON,
+    Boolean,
+    DateTime,
+    ForeignKey,
+    Index,
+    String,
+    UniqueConstraint,
+    text,
+)
 from sqlalchemy.ext.mutable import MutableDict, MutableList
 from sqlalchemy.orm import Mapped, declared_attr, mapped_column, relationship
 
+from svc_infra.app.env import require_secret
 from svc_infra.db.sql.base import ModelBase
 from svc_infra.db.sql.types import GUID
 
-_APIKEY_HMAC_SECRET = os.getenv("APIKEY_HASH_SECRET") or "change-me-low-entropy-dev"
+
+def _get_apikey_secret() -> str:
+    """Get APIKEY_HASH_SECRET, requiring it in production."""
+    return require_secret(
+        os.getenv("APIKEY_HASH_SECRET"),
+        "APIKEY_HASH_SECRET",
+        dev_default="dev-only-apikey-hmac-secret-not-for-production",
+    )
 
 
 def _hmac_sha256(s: str) -> str:
-    return hmac.new(_APIKEY_HMAC_SECRET.encode(), s.encode(), hashlib.sha256).hexdigest()
+    secret = _get_apikey_secret()
+    return hmac.new(secret.encode(), s.encode(), hashlib.sha256).hexdigest()
 
 
 def _now() -> datetime:
@@ -33,7 +51,9 @@ _ApiKeyModel: Optional[type] = None
 def get_apikey_model() -> type:
     """Return the bound ApiKey model (or raise if not enabled)."""
     if _ApiKeyModel is None:
-        raise RuntimeError("ApiKey model is not enabled. Call bind_apikey_model(...) first.")
+        raise RuntimeError(
+            "ApiKey model is not enabled. Call bind_apikey_model(...) first."
+        )
     return _ApiKeyModel
 
 
@@ -43,10 +63,12 @@ def bind_apikey_model(user_model: Type, *, table_name: str = "api_keys") -> type
     Call this once during app boot (e.g., inside add_auth_users when enable_api_keys=True).
     """
 
-    class ApiKey(ModelBase):  # type: ignore[misc, valid-type]
+    class ApiKey(ModelBase):
         __tablename__ = table_name
 
-        id: Mapped[uuid.UUID] = mapped_column(GUID(), primary_key=True, default=uuid.uuid4)
+        id: Mapped[uuid.UUID] = mapped_column(
+            GUID(), primary_key=True, default=uuid.uuid4
+        )
 
         @declared_attr
         def user_id(cls) -> Mapped[uuid.UUID | None]:  # noqa: N805
@@ -67,14 +89,18 @@ def bind_apikey_model(user_model: Type, *, table_name: str = "api_keys") -> type
         key_prefix: Mapped[str] = mapped_column(String(12), index=True, nullable=False)
         key_hash: Mapped[str] = mapped_column(String(64), nullable=False)  # hex sha256
 
-        scopes: Mapped[list[str]] = mapped_column(MutableList.as_mutable(JSON), default=list)
+        scopes: Mapped[list[str]] = mapped_column(
+            MutableList.as_mutable(JSON), default=list
+        )
         active: Mapped[bool] = mapped_column(Boolean, default=True, nullable=False)
         expires_at: Mapped[datetime | None] = mapped_column(DateTime(timezone=True))
         last_used_at: Mapped[datetime | None] = mapped_column(DateTime(timezone=True))
         meta: Mapped[dict] = mapped_column(MutableDict.as_mutable(JSON), default=dict)
 
         created_at = mapped_column(
-            DateTime(timezone=True), server_default=text("CURRENT_TIMESTAMP"), nullable=False
+            DateTime(timezone=True),
+            server_default=text("CURRENT_TIMESTAMP"),
+            nullable=False,
         )
         updated_at = mapped_column(
             DateTime(timezone=True),
@@ -99,7 +125,9 @@ def bind_apikey_model(user_model: Type, *, table_name: str = "api_keys") -> type
             import secrets
 
             prefix = secrets.token_urlsafe(6).replace("-", "").replace("_", "")[:8]
-            rand = base64.urlsafe_b64encode(secrets.token_bytes(24)).decode().rstrip("=")
+            rand = (
+                base64.urlsafe_b64encode(secrets.token_bytes(24)).decode().rstrip("=")
+            )
             plaintext = f"ak_{prefix}_{rand}"
             return plaintext, prefix, _hmac_sha256(plaintext)
 

svc_infra/db/sql/authref.py

@@ -22,11 +22,15 @@ def _find_auth_mapper() -> Optional[Tuple[str, TypeEngine, str]]:
                 table = mapper.local_table or getattr(cls, "__table__", None)
                 if table is None:
                     continue
-                pk_cols = list(table.primary_key.columns)
+                table_name = getattr(table, "name", None)
+                if not isinstance(table_name, str) or not table_name:
+                    continue
+                # SQLAlchemy's primary_key is iterable; don't rely on .columns typing.
+                pk_cols = list(table.primary_key)
                 if len(pk_cols) != 1:
                     continue  # require single-column PK
                 pk_col = pk_cols[0]
-                return (table.name, pk_col.type, pk_col.name)
+                return (table_name, pk_col.type, pk_col.name)
     except Exception:
         pass
     return None
@@ -58,4 +62,6 @@ def user_fk_constraint(
     Returns a table-level ForeignKeyConstraint([...], [<auth_table>.<pk>]) for the given column.
     """
     table, _pk_type, pk_name = resolve_auth_table_pk()
-    return ForeignKeyConstraint([column_name], [f"{table}.{pk_name}"], ondelete=ondelete)
+    return ForeignKeyConstraint(
+        [column_name], [f"{table}.{pk_name}"], ondelete=ondelete
+    )

svc_infra/db/sql/constants.py

@@ -4,9 +4,13 @@ import re
 from typing import Sequence
 
 # Environment variable names to look up for DB URL
+# Order matters: svc-infra canonical names first, then common PaaS names
 DEFAULT_DB_ENV_VARS: Sequence[str] = (
     "SQL_URL",
     "DB_URL",
+    "DATABASE_URL",  # Heroku, Railway (public)
+    "DATABASE_URL_PRIVATE",  # Railway (private networking)
+    "PRIVATE_SQL_URL",  # Legacy svc-infra naming
 )
 
 # Regex used to detect async drivers from URL drivername
@@ -18,16 +22,16 @@ try:
     import importlib.resources as pkg
 
     _tmpl_pkg = pkg.files("svc_infra.db.sql.templates.setup")
-    ALEMBIC_INI_TEMPLATE = _tmpl_pkg.joinpath("alembic.ini.tmpl").read_text(encoding="utf-8")
-    ALEMBIC_SCRIPT_TEMPLATE = _tmpl_pkg.joinpath("script.py.mako.tmpl").read_text(encoding="utf-8")
-except Exception:
-    # Fallbacks (should not normally happen). Provide minimal safe defaults.
-    ALEMBIC_INI_TEMPLATE = (
-        """[alembic]\nscript_location = {script_location}\nsqlalchemy.url = {sqlalchemy_url}\n"""
+    ALEMBIC_INI_TEMPLATE = _tmpl_pkg.joinpath("alembic.ini.tmpl").read_text(
+        encoding="utf-8"
     )
-    ALEMBIC_INI_TEMPLATE = (
-        """[alembic]\nscript_location = {script_location}\nsqlalchemy.url = {sqlalchemy_url}\n"""
+    ALEMBIC_SCRIPT_TEMPLATE = _tmpl_pkg.joinpath("script.py.mako.tmpl").read_text(
+        encoding="utf-8"
     )
+except Exception:
+    # Fallbacks (should not normally happen). Provide minimal safe defaults.
+    ALEMBIC_INI_TEMPLATE = """[alembic]\nscript_location = {script_location}\nsqlalchemy.url = {sqlalchemy_url}\n"""
+    ALEMBIC_INI_TEMPLATE = """[alembic]\nscript_location = {script_location}\nsqlalchemy.url = {sqlalchemy_url}\n"""
     ALEMBIC_SCRIPT_TEMPLATE = '"""${message}"""\nfrom alembic import op\nimport sqlalchemy as sa\n\nrevision = ${repr(up_revision)}\ndown_revision = ${repr(down_revision)}\nbranch_labels = ${repr(branch_labels)}\ndepends_on = ${repr(depends_on)}\n\ndef upgrade():\n    ${upgrades if upgrades else "pass"}\n\n\ndef downgrade():\n    ${downgrades if downgrades else "pass"}\n'
 __all__ = [
     "DEFAULT_DB_ENV_VARS",

svc_infra/db/sql/core.py

@@ -140,7 +140,7 @@ def revision(
         cfg,
         message=message,
         autogenerate=autogenerate,
-        head=head,
+        head=head or "head",
         branch_label=branch_label,
         version_path=version_path,
         sql=sql,
@@ -319,7 +319,7 @@ def setup_and_migrate(
     """
     resolved_url = database_url or get_database_url_from_env(required=True)
     root = prepare_env()
-    if create_db_if_missing:
+    if create_db_if_missing and resolved_url:
         ensure_database_exists(resolved_url)
 
     mig_dir = init_alembic(

svc_infra/db/sql/management.py

@@ -15,20 +15,19 @@ def _sa_columns(model: type[object]) -> list[Column]:
 def _py_type(col: Column) -> type:
     # Prefer SQLAlchemy-provided python_type when available
     if getattr(col.type, "python_type", None):
-        return col.type.python_type  # type: ignore[no-any-return]
+        return col.type.python_type
 
     from datetime import date, datetime
-    from typing import Any as _Any
     from uuid import UUID
 
     from sqlalchemy import JSON, Boolean, Date, DateTime, Integer, String, Text
 
     try:
         from sqlalchemy.dialects.postgresql import JSONB
-        from sqlalchemy.dialects.postgresql import UUID as PG_UUID  # type: ignore
+        from sqlalchemy.dialects.postgresql import UUID as PG_UUID
     except Exception:  # pragma: no cover
-        PG_UUID = None  # type: ignore
-        JSONB = None  # type: ignore
+        PG_UUID = None  # type: ignore[misc,assignment]
+        JSONB = None  # type: ignore[misc,assignment]
 
     t = col.type
     if PG_UUID is not None and isinstance(t, PG_UUID):
@@ -47,7 +46,7 @@ def _py_type(col: Column) -> type:
         return dict
     if JSONB is not None and isinstance(t, JSONB):
         return dict
-    return _Any
+    return object  # fallback type for unknown column types
 
 
 def _exclude_from_create(col: Column) -> bool:
@@ -101,9 +100,13 @@ def make_crud_schemas(
                 name=name,
                 typ=T,
                 required_for_create=bool(
-                    is_required and name not in explicit_excludes and not _exclude_from_create(col)
+                    is_required
+                    and name not in explicit_excludes
+                    and not _exclude_from_create(col)
+                ),
+                exclude_from_create=bool(
+                    name in explicit_excludes or _exclude_from_create(col)
                 ),
-                exclude_from_create=bool(name in explicit_excludes or _exclude_from_create(col)),
                 exclude_from_read=bool(name in read_ex),
                 exclude_from_update=bool(name in update_ex),
             )

svc_infra/db/sql/repository.py

@@ -1,11 +1,24 @@
 from __future__ import annotations
 
-from typing import Any, Iterable, Optional, Sequence, Set
+import inspect
+import logging
+from typing import Any, Iterable, Optional, Sequence, Set, cast
 
 from sqlalchemy import Select, String, and_, func, or_, select
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.orm import InstrumentedAttribute, class_mapper
 
+logger = logging.getLogger(__name__)
+
+
+def _escape_ilike(q: str) -> str:
+    """Escape special characters for ILIKE pattern matching.
+
+    Prevents SQL injection via wildcard characters that could match
+    unintended data (e.g., % matches any string, _ matches any char).
+    """
+    return q.replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_")
+
 
 class SqlRepository:
     """
@@ -34,8 +47,8 @@ class SqlRepository:
     def _model_columns(self) -> set[str]:
         return {c.key for c in class_mapper(self.model).columns}
 
-    def _id_column(self) -> InstrumentedAttribute:
-        return getattr(self.model, self.id_attr)
+    def _id_column(self) -> InstrumentedAttribute[Any]:
+        return cast(InstrumentedAttribute[Any], getattr(self.model, self.id_attr))
 
     def _base_select(self) -> Select:
         stmt = select(self.model)
@@ -43,8 +56,12 @@ class SqlRepository:
             # Filter out soft-deleted rows by timestamp and/or active flag
             if hasattr(self.model, self.soft_delete_field):
                 stmt = stmt.where(getattr(self.model, self.soft_delete_field).is_(None))
-            if self.soft_delete_flag_field and hasattr(self.model, self.soft_delete_flag_field):
-                stmt = stmt.where(getattr(self.model, self.soft_delete_flag_field).is_(True))
+            if self.soft_delete_flag_field and hasattr(
+                self.model, self.soft_delete_flag_field
+            ):
+                stmt = stmt.where(
+                    getattr(self.model, self.soft_delete_flag_field).is_(True)
+                )
         return stmt
 
     # basic ops
@@ -56,20 +73,37 @@ class SqlRepository:
         limit: int,
         offset: int,
         order_by: Optional[Sequence[Any]] = None,
+        where: Optional[Sequence[Any]] = None,
     ) -> Sequence[Any]:
-        stmt = self._base_select().limit(limit).offset(offset)
+        stmt = self._base_select()
+        if where:
+            stmt = stmt.where(and_(*where))
+        stmt = stmt.limit(limit).offset(offset)
         if order_by:
             stmt = stmt.order_by(*order_by)
-        rows = (await session.execute(stmt)).scalars().all()
-        return rows
-
-    async def count(self, session: AsyncSession) -> int:
-        stmt = select(func.count()).select_from(self._base_select().subquery())
-        return (await session.execute(stmt)).scalar_one()
-
-    async def get(self, session: AsyncSession, id_value: Any) -> Any | None:
+        result = (await session.execute(stmt)).scalars().all()
+        return list(result)
+
+    async def count(
+        self, session: AsyncSession, *, where: Optional[Sequence[Any]] = None
+    ) -> int:
+        base = self._base_select()
+        if where:
+            base = base.where(and_(*where))
+        stmt = select(func.count()).select_from(base.subquery())
+        return int((await session.execute(stmt)).scalar_one())
+
+    async def get(
+        self,
+        session: AsyncSession,
+        id_value: Any,
+        *,
+        where: Optional[Sequence[Any]] = None,
+    ) -> Any | None:
         # honors soft-delete if configured
         stmt = self._base_select().where(self._id_column() == id_value)
+        if where:
+            stmt = stmt.where(and_(*where))
         return (await session.execute(stmt)).scalars().first()
 
     async def create(self, session: AsyncSession, data: dict[str, Any]) -> Any:
@@ -78,12 +112,18 @@ class SqlRepository:
         obj = self.model(**filtered)
         session.add(obj)
         await session.flush()
+        await session.refresh(obj)
         return obj
 
     async def update(
-        self, session: AsyncSession, id_value: Any, data: dict[str, Any]
+        self,
+        session: AsyncSession,
+        id_value: Any,
+        data: dict[str, Any],
+        *,
+        where: Optional[Sequence[Any]] = None,
     ) -> Any | None:
-        obj = await self.get(session, id_value)
+        obj = await self.get(session, id_value, where=where)
         if not obj:
             return None
         valid = self._model_columns()
@@ -91,21 +131,40 @@ class SqlRepository:
             if k in valid and k not in self.immutable_fields:
                 setattr(obj, k, v)
         await session.flush()
+        await session.refresh(obj)
         return obj
 
-    async def delete(self, session: AsyncSession, id_value: Any) -> bool:
-        obj = await session.get(self.model, id_value)
+    async def delete(
+        self,
+        session: AsyncSession,
+        id_value: Any,
+        *,
+        where: Optional[Sequence[Any]] = None,
+    ) -> bool:
+        # Fast path: when no extra filters provided, use session.get for simplicity (matches tests)
+        if not where:
+            obj = await session.get(self.model, id_value)
+        else:
+            # Respect soft-delete and optional tenant/extra filters by selecting through base select
+            stmt = self._base_select().where(self._id_column() == id_value)
+            stmt = stmt.where(and_(*where))
+            obj = (await session.execute(stmt)).scalars().first()
         if not obj:
             return False
         if self.soft_delete:
             # Prefer timestamp, also optionally set flag to False
-            if hasattr(self.model, self.soft_delete_field):
+            # Check attributes on the instance to support test doubles without class-level fields
+            if hasattr(obj, self.soft_delete_field):
                 setattr(obj, self.soft_delete_field, func.now())
-            if self.soft_delete_flag_field and hasattr(self.model, self.soft_delete_flag_field):
+            if self.soft_delete_flag_field and hasattr(
+                obj, self.soft_delete_flag_field
+            ):
                 setattr(obj, self.soft_delete_flag_field, False)
             await session.flush()
             return True
-        await session.delete(obj)
+        delete_result = session.delete(obj)
+        if inspect.isawaitable(delete_result):
+            await delete_result
         await session.flush()
         return True
 
@@ -118,18 +177,22 @@ class SqlRepository:
         limit: int,
         offset: int,
         order_by: Optional[Sequence[Any]] = None,
+        where: Optional[Sequence[Any]] = None,
     ) -> Sequence[Any]:
-        ilike = f"%{q}%"
+        ilike = f"%{_escape_ilike(q)}%"
         conditions = []
         for f in fields:
             col = getattr(self.model, f, None)
             if col is not None:
                 try:
                     conditions.append(col.cast(String).ilike(ilike))
-                except Exception:
+                except Exception as e:
                     # skip columns that cannot be used in ilike even with cast
+                    logger.debug("Column %s cannot be cast for ILIKE search: %s", f, e)
                     continue
         stmt = self._base_select()
+        if where:
+            stmt = stmt.where(and_(*where))
         if conditions:
             stmt = stmt.where(or_(*conditions))
         stmt = stmt.limit(limit).offset(offset)
@@ -137,17 +200,27 @@ class SqlRepository:
             stmt = stmt.order_by(*order_by)
         return (await session.execute(stmt)).scalars().all()
 
-    async def count_filtered(self, session: AsyncSession, *, q: str, fields: Sequence[str]) -> int:
-        ilike = f"%{q}%"
+    async def count_filtered(
+        self,
+        session: AsyncSession,
+        *,
+        q: str,
+        fields: Sequence[str],
+        where: Optional[Sequence[Any]] = None,
+    ) -> int:
+        ilike = f"%{_escape_ilike(q)}%"
         conditions = []
         for f in fields:
             col = getattr(self.model, f, None)
             if col is not None:
                 try:
                     conditions.append(col.cast(String).ilike(ilike))
-                except Exception:
+                except Exception as e:
+                    logger.debug("Column %s cannot be cast for ILIKE search: %s", f, e)
                     continue
         stmt = self._base_select()
+        if where:
+            stmt = stmt.where(and_(*where))
         if conditions:
             stmt = stmt.where(or_(*conditions))
         # SELECT COUNT(*) FROM (<stmt>) as t

svc_infra/db/sql/resource.py

@@ -34,3 +34,8 @@ class SqlResource:
 
     # Only a type reference; no runtime dependency on FastAPI layer
     service_factory: Optional[Callable[[SqlRepository], "SqlService"]] = None
+
+    # Tenancy
+    tenant_field: Optional[str] = (
+        None  # when set, CRUD router will require TenantId and scope by field
+    )

svc_infra/db/sql/scaffold.py

@@ -9,7 +9,9 @@ from svc_infra.utils import ensure_init_py, render_template, write
 
 # ---------------- helpers ----------------
 
-_INIT_CONTENT_PAIRED = 'from . import models, schemas\n\n__all__ = ["models", "schemas"]\n'
+_INIT_CONTENT_PAIRED = (
+    'from . import models, schemas\n\n__all__ = ["models", "schemas"]\n'
+)
 _INIT_CONTENT_MINIMAL = "# package marker; add explicit exports here if desired\n"
 
 
@@ -102,7 +104,9 @@ def scaffold_core(
             },
         )
 
-        tenant_schema_field = "    tenant_id: Optional[str] = None\n" if include_tenant else ""
+        tenant_schema_field = (
+            "    tenant_id: Optional[str] = None\n" if include_tenant else ""
+        )
         schemas_txt = render_template(
             tmpl_dir="svc_infra.db.sql.templates.models_schemas.entity",
             name="schemas.py.tmpl",

svc_infra/db/sql/service.py

@@ -24,8 +24,12 @@ class SqlService:
     async def pre_update(self, data: dict[str, Any]) -> dict[str, Any]:
         return data
 
-    async def list(self, session: AsyncSession, *, limit: int, offset: int, order_by=None):
-        return await self.repo.list(session, limit=limit, offset=offset, order_by=order_by)
+    async def list(
+        self, session: AsyncSession, *, limit: int, offset: int, order_by=None
+    ):
+        return await self.repo.list(
+            session, limit=limit, offset=offset, order_by=order_by
+        )
 
     async def count(self, session: AsyncSession) -> int:
         return await self.repo.count(session)
@@ -41,9 +45,13 @@ class SqlService:
             # unique constraint or not-null -> 409/400 instead of 500
             msg = str(e.orig) if getattr(e, "orig", None) else str(e)
             if "duplicate key value" in msg or "UniqueViolation" in msg:
-                raise HTTPException(status_code=409, detail="Record already exists.") from e
+                raise HTTPException(
+                    status_code=409, detail="Record already exists."
+                ) from e
             if "not-null" in msg or "NotNullViolation" in msg:
-                raise HTTPException(status_code=400, detail="Missing required field.") from e
+                raise HTTPException(
+                    status_code=400, detail="Missing required field."
+                ) from e
             raise  # unknown, let your error middleware turn into 500
 
     async def update(self, session: AsyncSession, id_value: Any, data: dict[str, Any]):
@@ -67,7 +75,9 @@ class SqlService:
             session, q=q, fields=fields, limit=limit, offset=offset, order_by=order_by
         )
 
-    async def count_filtered(self, session: AsyncSession, *, q: str, fields: Sequence[str]) -> int:
+    async def count_filtered(
+        self, session: AsyncSession, *, q: str, fields: Sequence[str]
+    ) -> int:
         return await self.repo.count_filtered(session, q=q, fields=fields)
 
     async def exists(self, session: AsyncSession, *, where):