svc-infra 0.1.595__py3-none-any.whl → 0.1.706__py3-none-any.whl

svc_infra/db/sql/management.py

@@ -15,20 +15,19 @@ def _sa_columns(model: type[object]) -> list[Column]:
 def _py_type(col: Column) -> type:
     # Prefer SQLAlchemy-provided python_type when available
     if getattr(col.type, "python_type", None):
-        return col.type.python_type  # type: ignore[no-any-return]
+        return col.type.python_type
 
     from datetime import date, datetime
-    from typing import Any as _Any
     from uuid import UUID
 
     from sqlalchemy import JSON, Boolean, Date, DateTime, Integer, String, Text
 
     try:
         from sqlalchemy.dialects.postgresql import JSONB
-        from sqlalchemy.dialects.postgresql import UUID as PG_UUID  # type: ignore
+        from sqlalchemy.dialects.postgresql import UUID as PG_UUID
     except Exception:  # pragma: no cover
-        PG_UUID = None  # type: ignore
-        JSONB = None  # type: ignore
+        PG_UUID = None  # type: ignore[misc,assignment]
+        JSONB = None  # type: ignore[misc,assignment]
 
     t = col.type
     if PG_UUID is not None and isinstance(t, PG_UUID):
@@ -47,7 +46,7 @@ def _py_type(col: Column) -> type:
         return dict
     if JSONB is not None and isinstance(t, JSONB):
         return dict
-    return _Any
+    return object  # fallback type for unknown column types
 
 
 def _exclude_from_create(col: Column) -> bool:
@@ -101,9 +100,13 @@ def make_crud_schemas(
                 name=name,
                 typ=T,
                 required_for_create=bool(
-                    is_required and name not in explicit_excludes and not _exclude_from_create(col)
+                    is_required
+                    and name not in explicit_excludes
+                    and not _exclude_from_create(col)
+                ),
+                exclude_from_create=bool(
+                    name in explicit_excludes or _exclude_from_create(col)
                 ),
-                exclude_from_create=bool(name in explicit_excludes or _exclude_from_create(col)),
                 exclude_from_read=bool(name in read_ex),
                 exclude_from_update=bool(name in update_ex),
             )

svc_infra/db/sql/repository.py

@@ -1,11 +1,24 @@
 from __future__ import annotations
 
-from typing import Any, Iterable, Optional, Sequence, Set
+import inspect
+import logging
+from typing import Any, Iterable, Optional, Sequence, Set, cast
 
 from sqlalchemy import Select, String, and_, func, or_, select
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.orm import InstrumentedAttribute, class_mapper
 
+logger = logging.getLogger(__name__)
+
+
+def _escape_ilike(q: str) -> str:
+    """Escape special characters for ILIKE pattern matching.
+
+    Prevents SQL injection via wildcard characters that could match
+    unintended data (e.g., % matches any string, _ matches any char).
+    """
+    return q.replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_")
+
 
 class SqlRepository:
     """
@@ -34,8 +47,8 @@ class SqlRepository:
     def _model_columns(self) -> set[str]:
         return {c.key for c in class_mapper(self.model).columns}
 
-    def _id_column(self) -> InstrumentedAttribute:
-        return getattr(self.model, self.id_attr)
+    def _id_column(self) -> InstrumentedAttribute[Any]:
+        return cast(InstrumentedAttribute[Any], getattr(self.model, self.id_attr))
 
     def _base_select(self) -> Select:
         stmt = select(self.model)
@@ -43,8 +56,12 @@ class SqlRepository:
             # Filter out soft-deleted rows by timestamp and/or active flag
             if hasattr(self.model, self.soft_delete_field):
                 stmt = stmt.where(getattr(self.model, self.soft_delete_field).is_(None))
-            if self.soft_delete_flag_field and hasattr(self.model, self.soft_delete_flag_field):
-                stmt = stmt.where(getattr(self.model, self.soft_delete_flag_field).is_(True))
+            if self.soft_delete_flag_field and hasattr(
+                self.model, self.soft_delete_flag_field
+            ):
+                stmt = stmt.where(
+                    getattr(self.model, self.soft_delete_flag_field).is_(True)
+                )
         return stmt
 
     # basic ops
@@ -56,20 +73,37 @@ class SqlRepository:
         limit: int,
         offset: int,
         order_by: Optional[Sequence[Any]] = None,
+        where: Optional[Sequence[Any]] = None,
     ) -> Sequence[Any]:
-        stmt = self._base_select().limit(limit).offset(offset)
+        stmt = self._base_select()
+        if where:
+            stmt = stmt.where(and_(*where))
+        stmt = stmt.limit(limit).offset(offset)
         if order_by:
             stmt = stmt.order_by(*order_by)
-        rows = (await session.execute(stmt)).scalars().all()
-        return rows
-
-    async def count(self, session: AsyncSession) -> int:
-        stmt = select(func.count()).select_from(self._base_select().subquery())
-        return (await session.execute(stmt)).scalar_one()
-
-    async def get(self, session: AsyncSession, id_value: Any) -> Any | None:
+        result = (await session.execute(stmt)).scalars().all()
+        return list(result)
+
+    async def count(
+        self, session: AsyncSession, *, where: Optional[Sequence[Any]] = None
+    ) -> int:
+        base = self._base_select()
+        if where:
+            base = base.where(and_(*where))
+        stmt = select(func.count()).select_from(base.subquery())
+        return int((await session.execute(stmt)).scalar_one())
+
+    async def get(
+        self,
+        session: AsyncSession,
+        id_value: Any,
+        *,
+        where: Optional[Sequence[Any]] = None,
+    ) -> Any | None:
         # honors soft-delete if configured
         stmt = self._base_select().where(self._id_column() == id_value)
+        if where:
+            stmt = stmt.where(and_(*where))
         return (await session.execute(stmt)).scalars().first()
 
     async def create(self, session: AsyncSession, data: dict[str, Any]) -> Any:
@@ -78,12 +112,18 @@ class SqlRepository:
         obj = self.model(**filtered)
         session.add(obj)
         await session.flush()
+        await session.refresh(obj)
         return obj
 
     async def update(
-        self, session: AsyncSession, id_value: Any, data: dict[str, Any]
+        self,
+        session: AsyncSession,
+        id_value: Any,
+        data: dict[str, Any],
+        *,
+        where: Optional[Sequence[Any]] = None,
     ) -> Any | None:
-        obj = await self.get(session, id_value)
+        obj = await self.get(session, id_value, where=where)
         if not obj:
             return None
         valid = self._model_columns()
@@ -91,21 +131,40 @@ class SqlRepository:
             if k in valid and k not in self.immutable_fields:
                 setattr(obj, k, v)
         await session.flush()
+        await session.refresh(obj)
         return obj
 
-    async def delete(self, session: AsyncSession, id_value: Any) -> bool:
-        obj = await session.get(self.model, id_value)
+    async def delete(
+        self,
+        session: AsyncSession,
+        id_value: Any,
+        *,
+        where: Optional[Sequence[Any]] = None,
+    ) -> bool:
+        # Fast path: when no extra filters provided, use session.get for simplicity (matches tests)
+        if not where:
+            obj = await session.get(self.model, id_value)
+        else:
+            # Respect soft-delete and optional tenant/extra filters by selecting through base select
+            stmt = self._base_select().where(self._id_column() == id_value)
+            stmt = stmt.where(and_(*where))
+            obj = (await session.execute(stmt)).scalars().first()
         if not obj:
             return False
         if self.soft_delete:
             # Prefer timestamp, also optionally set flag to False
-            if hasattr(self.model, self.soft_delete_field):
+            # Check attributes on the instance to support test doubles without class-level fields
+            if hasattr(obj, self.soft_delete_field):
                 setattr(obj, self.soft_delete_field, func.now())
-            if self.soft_delete_flag_field and hasattr(self.model, self.soft_delete_flag_field):
+            if self.soft_delete_flag_field and hasattr(
+                obj, self.soft_delete_flag_field
+            ):
                 setattr(obj, self.soft_delete_flag_field, False)
             await session.flush()
             return True
-        session.delete(obj)
+        delete_result = session.delete(obj)
+        if inspect.isawaitable(delete_result):
+            await delete_result
         await session.flush()
         return True
 
@@ -118,18 +177,22 @@ class SqlRepository:
         limit: int,
         offset: int,
         order_by: Optional[Sequence[Any]] = None,
+        where: Optional[Sequence[Any]] = None,
     ) -> Sequence[Any]:
-        ilike = f"%{q}%"
+        ilike = f"%{_escape_ilike(q)}%"
         conditions = []
         for f in fields:
             col = getattr(self.model, f, None)
             if col is not None:
                 try:
                     conditions.append(col.cast(String).ilike(ilike))
-                except Exception:
+                except Exception as e:
                     # skip columns that cannot be used in ilike even with cast
+                    logger.debug("Column %s cannot be cast for ILIKE search: %s", f, e)
                     continue
         stmt = self._base_select()
+        if where:
+            stmt = stmt.where(and_(*where))
         if conditions:
             stmt = stmt.where(or_(*conditions))
         stmt = stmt.limit(limit).offset(offset)
@@ -137,17 +200,27 @@ class SqlRepository:
             stmt = stmt.order_by(*order_by)
         return (await session.execute(stmt)).scalars().all()
 
-    async def count_filtered(self, session: AsyncSession, *, q: str, fields: Sequence[str]) -> int:
-        ilike = f"%{q}%"
+    async def count_filtered(
+        self,
+        session: AsyncSession,
+        *,
+        q: str,
+        fields: Sequence[str],
+        where: Optional[Sequence[Any]] = None,
+    ) -> int:
+        ilike = f"%{_escape_ilike(q)}%"
         conditions = []
         for f in fields:
             col = getattr(self.model, f, None)
             if col is not None:
                 try:
                     conditions.append(col.cast(String).ilike(ilike))
-                except Exception:
+                except Exception as e:
+                    logger.debug("Column %s cannot be cast for ILIKE search: %s", f, e)
                     continue
         stmt = self._base_select()
+        if where:
+            stmt = stmt.where(and_(*where))
         if conditions:
             stmt = stmt.where(or_(*conditions))
         # SELECT COUNT(*) FROM (<stmt>) as t

svc_infra/db/sql/resource.py

@@ -34,3 +34,8 @@ class SqlResource:
 
     # Only a type reference; no runtime dependency on FastAPI layer
     service_factory: Optional[Callable[[SqlRepository], "SqlService"]] = None
+
+    # Tenancy
+    tenant_field: Optional[str] = (
+        None  # when set, CRUD router will require TenantId and scope by field
+    )

svc_infra/db/sql/scaffold.py

@@ -9,7 +9,9 @@ from svc_infra.utils import ensure_init_py, render_template, write
 
 # ---------------- helpers ----------------
 
-_INIT_CONTENT_PAIRED = 'from . import models, schemas\n\n__all__ = ["models", "schemas"]\n'
+_INIT_CONTENT_PAIRED = (
+    'from . import models, schemas\n\n__all__ = ["models", "schemas"]\n'
+)
 _INIT_CONTENT_MINIMAL = "# package marker; add explicit exports here if desired\n"
 
 
@@ -102,7 +104,9 @@ def scaffold_core(
             },
         )
 
-        tenant_schema_field = "    tenant_id: Optional[str] = None\n" if include_tenant else ""
+        tenant_schema_field = (
+            "    tenant_id: Optional[str] = None\n" if include_tenant else ""
+        )
         schemas_txt = render_template(
             tmpl_dir="svc_infra.db.sql.templates.models_schemas.entity",
             name="schemas.py.tmpl",

svc_infra/db/sql/service.py

@@ -24,8 +24,12 @@ class SqlService:
     async def pre_update(self, data: dict[str, Any]) -> dict[str, Any]:
         return data
 
-    async def list(self, session: AsyncSession, *, limit: int, offset: int, order_by=None):
-        return await self.repo.list(session, limit=limit, offset=offset, order_by=order_by)
+    async def list(
+        self, session: AsyncSession, *, limit: int, offset: int, order_by=None
+    ):
+        return await self.repo.list(
+            session, limit=limit, offset=offset, order_by=order_by
+        )
 
     async def count(self, session: AsyncSession) -> int:
         return await self.repo.count(session)
@@ -41,9 +45,13 @@ class SqlService:
             # unique constraint or not-null -> 409/400 instead of 500
             msg = str(e.orig) if getattr(e, "orig", None) else str(e)
             if "duplicate key value" in msg or "UniqueViolation" in msg:
-                raise HTTPException(status_code=409, detail="Record already exists.") from e
+                raise HTTPException(
+                    status_code=409, detail="Record already exists."
+                ) from e
             if "not-null" in msg or "NotNullViolation" in msg:
-                raise HTTPException(status_code=400, detail="Missing required field.") from e
+                raise HTTPException(
+                    status_code=400, detail="Missing required field."
+                ) from e
             raise  # unknown, let your error middleware turn into 500
 
     async def update(self, session: AsyncSession, id_value: Any, data: dict[str, Any]):
@@ -67,7 +75,9 @@ class SqlService:
             session, q=q, fields=fields, limit=limit, offset=offset, order_by=order_by
         )
 
-    async def count_filtered(self, session: AsyncSession, *, q: str, fields: Sequence[str]) -> int:
+    async def count_filtered(
+        self, session: AsyncSession, *, q: str, fields: Sequence[str]
+    ) -> int:
         return await self.repo.count_filtered(session, q=q, fields=fields)
 
     async def exists(self, session: AsyncSession, *, where):

svc_infra/db/sql/templates/models_schemas/auth/models.py.tmpl

@@ -129,62 +129,13 @@ for _ix in make_unique_sql_indexes(
     # Registered with Table metadata (alembic/autogenerate will pick them up)
     pass
 
-# ------------------------------ Model: ProviderAccount -------------------------
-
-class ProviderAccount(ModelBase):
-    """
-    Links a local user to an external identity provider account.
-
-    - (provider, provider_account_id) is unique
-    - Optionally stores tokens for later API calls (refresh_token encrypted at rest)
-    """
-    __tablename__ = "provider_accounts"
-
-    id: Mapped[uuid.UUID] = mapped_column(GUID(), primary_key=True, default=uuid.uuid4)
-
-    user_id: Mapped[uuid.UUID] = mapped_column(
-        GUID(), ForeignKey("${auth_table_name}.id", ondelete="CASCADE"), nullable=False
-    )
-    user: Mapped["${AuthEntity}"] = relationship(
-        back_populates="provider_accounts",
-        lazy="selectin",
-    )
-
-    provider: Mapped[str] = mapped_column(String(50), nullable=False)               # "google"|"github"|"linkedin"|"microsoft"|...
-    provider_account_id: Mapped[str] = mapped_column(String(255), nullable=False)   # sub/oid (OIDC) or id (github/linkedin)
-
-    # Optional token material
-    access_token: Mapped[Optional[str]] = mapped_column(Text, nullable=True)
-
-    # Store encrypted refresh_token in the same column name for DB compatibility.
-    _refresh_token: Mapped[Optional[str]] = mapped_column("refresh_token", Text, nullable=True)
-
-    @property
-    def refresh_token(self) -> Optional[str]:
-        return _decrypt(self._refresh_token)
-
-    @refresh_token.setter
-    def refresh_token(self, value: Optional[str]) -> None:
-        self._refresh_token = _encrypt(value)
-
-    expires_at: Mapped[Optional[datetime]] = mapped_column(DateTime(timezone=True), nullable=True)
-    raw_claims: Mapped[Optional[dict]] = mapped_column(MutableDict.as_mutable(JSON), nullable=True)
-
-    created_at = mapped_column(
-        DateTime(timezone=True), server_default=text("CURRENT_TIMESTAMP"), nullable=False
-    )
-    updated_at = mapped_column(
-        DateTime(timezone=True), server_default=text("CURRENT_TIMESTAMP"),
-        onupdate=text("CURRENT_TIMESTAMP"), nullable=False
-    )
-
-    __table_args__ = (
-        UniqueConstraint("provider", "provider_account_id", name="uq_provider_account"),
-        Index("ix_provider_accounts_user_id", "user_id"),
-    )
-
-    def __repr__(self) -> str:
-        return f"<ProviderAccount provider={self.provider!r} provider_account_id={self.provider_account_id!r} user_id={self.user_id}>"
+# NOTE: ProviderAccount model is imported from svc_infra.security.oauth_models
+# It's an opt-in OAuth model that links users to providers (Google, GitHub, etc.)
+# The relationship 'provider_accounts' is defined above in the ${AuthEntity} class.
+# To enable OAuth in your project:
+#   1. Set ALEMBIC_ENABLE_OAUTH=true in your .env
+#   2. Pass provider_account_model=ProviderAccount to add_auth_users()
+#   3. Import: from svc_infra.security.oauth_models import ProviderAccount
 
 # --- Auth service factory ------------------------------------------------------
 

svc_infra/db/sql/templates/setup/env_async.py.tmpl

@@ -6,13 +6,10 @@ from typing import List, Tuple
 import sys, pathlib, importlib, pkgutil, traceback
 
 from alembic import context
+from sqlalchemy import MetaData
 from sqlalchemy.engine import make_url, URL
-from sqlalchemy.ext.asyncio import create_async_engine
 
-from svc_infra.db.sql.utils import (
-    get_database_url_from_env,
-    _ensure_ssl_default_async as _ensure_ssl_default,
-)
+from svc_infra.db.sql.utils import get_database_url_from_env
 
 try:
     from svc_infra.db.sql.types import GUID as _GUID  # type: ignore
@@ -105,7 +102,6 @@ def _coerce_to_async(u: URL) -> URL:
 
 u = make_url(effective_url)
 u = _coerce_to_async(u)
-u = _ensure_ssl_default(u)
 config.set_main_option("sqlalchemy.url", u.render_as_string(hide_password=False))
 
 # feature flags
@@ -131,15 +127,16 @@ def _collect_metadata() -> list[object]:
 
     def _maybe_add(obj: object) -> None:
         md = getattr(obj, "metadata", None) or obj
-        if hasattr(md, "tables") and getattr(md, "tables"):
+        # Strict check: must be actual MetaData instance
+        if isinstance(md, MetaData) and md.tables:
             found.append(md)
 
     def _scan_module_objects(mod: object) -> None:
         try:
             for val in vars(mod).values():
-                md = getattr(val, "metadata", None) or None
-                if md is not None and hasattr(md, "tables") and getattr(md, "tables"):
-                    found.append(md)
+                # Strict check: must be actual MetaData instance
+                if isinstance(val, MetaData) and val.tables:
+                    found.append(val)
         except Exception:
             pass
 
@@ -177,8 +174,16 @@ def _collect_metadata() -> list[object]:
                 if name not in pkgs:
                     pkgs.append(name)
 
+    # Only attempt bare 'models' import if it is discoverable to avoid noisy tracebacks
     if "models" not in pkgs:
-        pkgs.append("models")
+        try:
+            spec = getattr(importlib, "util", None)
+            if spec is not None and getattr(spec, "find_spec", None) is not None:
+                if spec.find_spec("models") is not None:
+                    pkgs.append("models")
+        except Exception:
+            # Best-effort; if discovery fails, skip adding bare 'models'
+            pass
 
     def _import_and_collect(modname: str):
         try:
@@ -221,6 +226,21 @@ def _collect_metadata() -> list[object]:
     except Exception:
         _note("ModelBase import", False, traceback.format_exc())
 
+    # Core security models (AuthSession, RefreshToken, etc.)
+    try:
+        import svc_infra.security.models  # noqa: F401
+        _note("svc_infra.security.models", True, None)
+    except Exception:
+        _note("svc_infra.security.models", False, traceback.format_exc())
+
+    # OAuth models (opt-in via environment variable)
+    if os.getenv("ALEMBIC_ENABLE_OAUTH", "").lower() in {"1", "true", "yes"}:
+        try:
+            import svc_infra.security.oauth_models  # noqa: F401
+            _note("svc_infra.security.oauth_models", True, None)
+        except Exception:
+            _note("svc_infra.security.oauth_models", False, traceback.format_exc())
+
     try:
         from svc_infra.db.sql.apikey import try_autobind_apikey_model
         try_autobind_apikey_model(require_env=False)
@@ -352,7 +372,9 @@ def _do_run_migrations(connection):
 
 async def run_migrations_online() -> None:
     url = config.get_main_option("sqlalchemy.url")
-    engine = create_async_engine(url)
+    # Use build_engine to ensure proper driver-specific handling (e.g., asyncpg SSL)
+    from svc_infra.db.sql.utils import build_engine
+    engine = build_engine(url)
     async with engine.connect() as connection:
         await connection.run_sync(_do_run_migrations)
     await engine.dispose()

svc_infra/db/sql/templates/setup/env_sync.py.tmpl

@@ -6,11 +6,10 @@ from typing import List, Tuple
 import sys, pathlib, importlib, pkgutil, traceback
 
 from alembic import context
+from sqlalchemy import MetaData
 from sqlalchemy.engine import make_url, URL
 
 from svc_infra.db.sql.utils import (
-    _coerce_sync_driver,
-    _ensure_ssl_default,
     get_database_url_from_env,
     build_engine,
 )
@@ -103,7 +102,6 @@ if not effective_url:
 
 u = make_url(effective_url)
 u = _coerce_sync_driver(u)
-u = _ensure_ssl_default(u)
 config.set_main_option("sqlalchemy.url", u.render_as_string(hide_password=False))
 
 
@@ -142,14 +140,16 @@ def _collect_metadata() -> list[object]:
 
     def _maybe_add(obj: object) -> None:
         md = getattr(obj, "metadata", None) or obj
-        if hasattr(md, "tables") and getattr(md, "tables"):
+        # Strict check: must be actual MetaData instance
+        if isinstance(md, MetaData) and md.tables:
             found.append(md)
 
     def _scan_module_objects(mod: object) -> None:
         try:
             for val in vars(mod).values():
                 md = getattr(val, "metadata", None) or None
-                if md is not None and hasattr(md, "tables") and getattr(md, "tables"):
+                # Only add if it's a SQLAlchemy MetaData object (has tables dict, not a callable/generator)
+                if md is not None and hasattr(md, "tables") and isinstance(getattr(md, "tables", None), dict):
                     found.append(md)
         except Exception:
             pass
@@ -191,9 +191,16 @@ def _collect_metadata() -> list[object]:
                 if name not in pkgs:
                     pkgs.append(name)
 
-    # Always also try a bare 'models'
+    # Only attempt a bare 'models' import if discoverable to avoid noisy tracebacks
     if "models" not in pkgs:
-        pkgs.append("models")
+        try:
+            spec = getattr(importlib, "util", None)
+            if spec is not None and getattr(spec, "find_spec", None) is not None:
+                if spec.find_spec("models") is not None:
+                    pkgs.append("models")
+        except Exception:
+            # If discovery fails, skip adding bare 'models'
+            pass
 
     def _import_and_collect(modname: str):
         try:
@@ -239,6 +246,21 @@ def _collect_metadata() -> list[object]:
     except Exception:
         _note("ModelBase import", False, traceback.format_exc())
 
+    # Core security models (AuthSession, RefreshToken, etc.)
+    try:
+        import svc_infra.security.models  # noqa: F401
+        _note("svc_infra.security.models", True, None)
+    except Exception:
+        _note("svc_infra.security.models", False, traceback.format_exc())
+
+    # OAuth models (opt-in via environment variable)
+    if os.getenv("ALEMBIC_ENABLE_OAUTH", "").lower() in {"1", "true", "yes"}:
+        try:
+            import svc_infra.security.oauth_models  # noqa: F401
+            _note("svc_infra.security.oauth_models", True, None)
+        except Exception:
+            _note("svc_infra.security.oauth_models", False, traceback.format_exc())
+
     # Optional: autobind API key model
     try:
         from svc_infra.db.sql.apikey import try_autobind_apikey_model

svc_infra/db/sql/tenant.py

@@ -0,0 +1,88 @@
+from __future__ import annotations
+
+from typing import Any, Sequence
+
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from .service import SqlService
+
+
+class TenantSqlService(SqlService):
+    """
+    SQL service wrapper that automatically scopes operations to a tenant.
+
+    - Adds a where filter (model.tenant_field == tenant_id) for list/get/update/delete/search/count.
+    - On create, if the model has the tenant field and it's not set in data, injects tenant_id.
+    """
+
+    def __init__(self, repo, *, tenant_id: str, tenant_field: str = "tenant_id"):
+        super().__init__(repo)
+        self.tenant_id = tenant_id
+        self.tenant_field = tenant_field
+
+    def _where(self) -> Sequence[Any]:
+        model = self.repo.model
+        col = getattr(model, self.tenant_field, None)
+        if col is None:
+            return []
+        return [col == self.tenant_id]
+
+    async def list(
+        self, session: AsyncSession, *, limit: int, offset: int, order_by=None
+    ):
+        return await self.repo.list(
+            session, limit=limit, offset=offset, order_by=order_by, where=self._where()
+        )
+
+    async def count(self, session: AsyncSession) -> int:
+        return await self.repo.count(session, where=self._where())
+
+    async def get(self, session: AsyncSession, id_value: Any):
+        return await self.repo.get(session, id_value, where=self._where())
+
+    async def create(self, session: AsyncSession, data: dict[str, Any]):
+        data = await self.pre_create(data)
+        # inject tenant_id if model supports it and value missing
+        if (
+            self.tenant_field in self.repo._model_columns()
+            and self.tenant_field not in data
+        ):
+            data[self.tenant_field] = self.tenant_id
+        return await self.repo.create(session, data)
+
+    async def update(self, session: AsyncSession, id_value: Any, data: dict[str, Any]):
+        data = await self.pre_update(data)
+        return await self.repo.update(session, id_value, data, where=self._where())
+
+    async def delete(self, session: AsyncSession, id_value: Any) -> bool:
+        return await self.repo.delete(session, id_value, where=self._where())
+
+    async def search(
+        self,
+        session: AsyncSession,
+        *,
+        q: str,
+        fields: Sequence[str],
+        limit: int,
+        offset: int,
+        order_by=None,
+    ):
+        return await self.repo.search(
+            session,
+            q=q,
+            fields=fields,
+            limit=limit,
+            offset=offset,
+            order_by=order_by,
+            where=self._where(),
+        )
+
+    async def count_filtered(
+        self, session: AsyncSession, *, q: str, fields: Sequence[str]
+    ) -> int:
+        return await self.repo.count_filtered(
+            session, q=q, fields=fields, where=self._where()
+        )
+
+
+__all__ = ["TenantSqlService"]