svc-infra 0.1.600__py3-none-any.whl → 0.1.664__py3-none-any.whl

svc_infra/docs/tenancy.md

@@ -0,0 +1,35 @@
+# Tenancy model and integration
+
+This framework uses a soft-tenant isolation model by default: tenant_id is a column on tenant-scoped tables, and all queries are filtered by this value. Consumers can later adopt schema-per-tenant or DB-per-tenant strategies; the API surfaces remain compatible.
+
+## How tenant is resolved
+- `resolve_tenant_id(request)` looks up tenant id in this order:
+  1) Global override hook (set via `add_tenancy(app, resolver=...)`)
+  2) Auth identity (user.tenant_id or api_key.tenant_id) when auth is enabled
+  3) `X-Tenant-Id` request header
+  4) `request.state.tenant_id`
+
+Use `TenantId` dependency to require it in routes, and `OptionalTenantId` to access it if present.
+
+## Enforcement in data layer
+- Wrap services with `TenantSqlService` to automatically:
+  - Apply `WHERE model.tenant_id == <tenant>` on list/get/update/delete/search/count.
+  - Inject `tenant_id` upon create when the model has the tenant field.
+
+## Tenant-aware CRUD router
+- When defining a `SqlResource`, set `tenant_field="tenant_id"` to mount a tenant-aware CRUD router. All endpoints will require `TenantId` and enforce scoping.
+
+## Per-tenant rate limits / quotas
+- Global middleware and per-route dependency support tenant-aware policies:
+  - `scope_by_tenant=True` puts requests in independent buckets per tenant.
+  - `limit_resolver(request, tenant_id)` lets you return dynamic limits (e.g., plan-based quotas).
+
+## Export a tenant’s data (SQL)
+- CLI command: `sql export-tenant`
+  - Example:
+    - `python -m svc_infra.cli sql export-tenant items --tenant-id t1 --output out.json`
+  - Flags:
+    - `--tenant-id` (required), `--tenant-field` (default `tenant_id`), `--limit` (optional), `--database-url` (or set `SQL_URL`).
+
+## Migration to other isolation strategies
+- Schema-per-tenant or DB-per-tenant can be layered by adapting the session factory or repository to select the schema/DB based on `tenant_id`. Your application code that relies on `TenantId` and tenant-aware services/routers remains the same.

svc_infra/docs/timeouts-and-resource-limits.md

@@ -0,0 +1,147 @@
+# Timeouts & Resource Limits
+
+This guide covers request/handler timeouts, outbound HTTP client timeouts, database statement timeouts, job/webhook delivery timeouts, and graceful shutdown. It explains defaults, configuration, wiring, and recommended tuning by environment.
+
+## Why timeouts?
+
+- Protects your service from slowloris uploads and hanging requests
+- Limits blast radius of slow downstreams (HTTP, DB, webhooks)
+- Enables predictable backpressure and faster recovery during incidents
+
+## Configuration overview
+
+The library exposes simple environment variables with sensible defaults. Use floats for second values unless noted.
+
+- REQUEST_BODY_TIMEOUT_SECONDS (int)
+  - Default: prod=15, nonprod=30
+  - Purpose: Abort slow request body reads (slowloris defense)
+- REQUEST_TIMEOUT_SECONDS (int)
+  - Default: prod=30, nonprod=15
+  - Purpose: Cap overall handler execution time
+- HTTP_CLIENT_TIMEOUT_SECONDS (float)
+  - Default: 10.0
+  - Purpose: Default timeout for outbound httpx clients created via helpers
+- DB_STATEMENT_TIMEOUT_MS (int)
+  - Default: unset (disabled)
+  - Purpose: Per-transaction statement timeout (Postgres via SET LOCAL)
+- JOB_DEFAULT_TIMEOUT_SECONDS (float)
+  - Default: unset (disabled)
+  - Purpose: Caps per-job handler runtime in the in-process jobs runner
+- WEBHOOK_DELIVERY_TIMEOUT_SECONDS (float)
+  - Default: falls back to HTTP client default (10.0)
+  - Purpose: Timeout for webhook delivery HTTP calls
+- SHUTDOWN_GRACE_PERIOD_SECONDS (float)
+  - Default: prod=20.0, nonprod=5.0
+  - Purpose: Wait time for in-flight requests to drain on shutdown
+
+See ADR-0010 for design rationale: `src/svc_infra/docs/adr/0010-timeouts-and-resource-limits.md`.
+
+## Request/handler timeouts (FastAPI)
+
+Two middlewares enforce timeouts inside your ASGI app:
+
+- BodyReadTimeoutMiddleware
+  - Enforces a per-chunk timeout while reading the incoming request body.
+  - If reads stall beyond the timeout, responds with 408 application/problem+json.
+  - Module: `svc_infra.api.fastapi.middleware.timeout.BodyReadTimeoutMiddleware`
+- HandlerTimeoutMiddleware
+  - Caps overall request handler execution time using asyncio.wait_for.
+  - If exceeded, responds with 504 application/problem+json.
+  - Module: `svc_infra.api.fastapi.middleware.timeout.HandlerTimeoutMiddleware`
+
+Example wiring:
+
+```python
+from fastapi import FastAPI
+from svc_infra.api.fastapi.middleware.timeout import (
+    BodyReadTimeoutMiddleware,
+    HandlerTimeoutMiddleware,
+)
+
+app = FastAPI()
+
+# Abort slow uploads (slowloris) after 15s in prod / 30s nonprod by default
+app.add_middleware(BodyReadTimeoutMiddleware)  # or timeout_seconds=20
+
+# Cap total handler time (e.g., 30s in prod by default)
+app.add_middleware(HandlerTimeoutMiddleware)  # or timeout_seconds=25
+```
+
+HTTP semantics:
+
+- Body timeout → 408 Request Timeout (Problem+JSON) with fields: type, title, status, detail, instance, trace_id
+- Handler timeout → 504 Gateway Timeout (Problem+JSON) with fields: type, title, status, detail, instance, trace_id
+
+## Outbound HTTP client timeouts (httpx)
+
+Use the provided helpers to create httpx clients with the default timeout (driven by HTTP_CLIENT_TIMEOUT_SECONDS).
+
+- Module: `svc_infra.http.client`
+  - `get_default_timeout_seconds()` → float
+  - `make_timeout(seconds=None) -> httpx.Timeout`
+  - `new_httpx_client(timeout_seconds=None, ...) -> httpx.Client`
+  - `new_async_httpx_client(timeout_seconds=None, ...) -> httpx.AsyncClient`
+
+Error mapping:
+
+- `httpx.TimeoutException` is mapped to 504 Gateway Timeout with Problem+JSON by default when `register_error_handlers(app)` is used.
+  - Module: `svc_infra.api.fastapi.middleware.errors.handlers.register_error_handlers`
+
+## Database statement timeouts (SQLAlchemy / Postgres)
+
+If `DB_STATEMENT_TIMEOUT_MS` is set and Postgres is used, a per-transaction `SET LOCAL statement_timeout = :ms` is executed for sessions yielded by the built-in dependency.
+
+- Module: `svc_infra.api.fastapi.db.sql.session.get_session`
+- Non-Postgres dialects (e.g., SQLite) ignore this gracefully.
+
+## Jobs and webhooks
+
+- Jobs runner
+  - Env: `JOB_DEFAULT_TIMEOUT_SECONDS`
+  - Module: `svc_infra.jobs.worker.process_one` — wraps job handler with `asyncio.wait_for()` when configured.
+- Webhook delivery
+  - Env: `WEBHOOK_DELIVERY_TIMEOUT_SECONDS` (falls back to HTTP client default when unset)
+  - Module: `svc_infra.jobs.builtins.webhook_delivery.make_webhook_handler` — uses `new_async_httpx_client` with derived timeout.
+
+## Graceful shutdown
+
+Install graceful shutdown to wait for in-flight requests (up to a grace period) during application shutdown.
+
+- Module: `svc_infra.api.fastapi.middleware.graceful_shutdown.install_graceful_shutdown`
+- Env: `SHUTDOWN_GRACE_PERIOD_SECONDS` (prod=20.0, nonprod=5.0 by default)
+
+```python
+from svc_infra.api.fastapi.middleware.graceful_shutdown import install_graceful_shutdown
+
+install_graceful_shutdown(app)  # or grace_seconds=30.0
+```
+
+## Tuning recommendations
+
+- Production
+  - REQUEST_BODY_TIMEOUT_SECONDS: 10–20s (shorter for public APIs)
+  - REQUEST_TIMEOUT_SECONDS: 20–30s (align with upstream proxy/gateway timeouts)
+  - HTTP_CLIENT_TIMEOUT_SECONDS: 3–10s (favor quick failover with retries)
+  - DB_STATEMENT_TIMEOUT_MS: set per-route/transaction if queries are constrained
+  - SHUTDOWN_GRACE_PERIOD_SECONDS: 20–60s depending on peak latencies
+- Staging/Dev
+  - Relax timeouts slightly to reduce test flakiness (defaults already reflect this)
+- Gateways/Proxies
+  - Ensure upstream (e.g., NGINX, ALB) timeouts exceed app’s body timeout and are aligned with handler timeout to avoid double timeouts.
+
+## Testing and acceptance
+
+- Unit tests cover body read timeout, handler timeout, outbound timeout mapping, and a smoke check for DB statement timeout.
+- Acceptance tests:
+  - A2-04: slow handler → 504 Problem
+  - A2-05: slow body → 408 Problem or 413 (size) as applicable
+  - A2-06: outbound httpx timeout → 504 Problem
+
+## Troubleshooting
+
+- Seeing 200 instead of 408 for slow uploads under some servers?
+  - Some servers buffer the entire body before invoking the app. The BodyReadTimeoutMiddleware greedily drains with per-chunk timeouts and replays to reliably detect slowloris. Ensure HTTP/1.1 parsing with a streaming-capable server implementation (e.g., uvicorn+httptools) in acceptance tests.
+- Outbound timeouts not mapped to Problem?
+  - Ensure `register_error_handlers(app)` is installed so `httpx.TimeoutException` returns a 504 Problem.
+- Statement timeout ignored on SQLite?
+  - Expected. Non-Postgres dialects skip `SET LOCAL` safely.

svc_infra/docs/versioned-integrations.md

@@ -0,0 +1,146 @@
+# Using add_* Functions Under Versioned Routing
+
+## Problem
+
+By default, `add_*` functions from svc-infra and fin-infra mount routes at root level (e.g., `/banking/*`, `/_sql/*`). However, you may want all features consolidated under a single versioned API prefix (e.g., `/v0/banking`) to keep your API organized under version namespaces.
+
+## Simple Solution (Recommended)
+
+Use the `extract_router()` helper:
+
+```python
+# src/your_api/routers/v0/banking.py
+from svc_infra.api.fastapi.versioned import extract_router
+from fin_infra.banking import add_banking
+
+# Extract router and provider from add_banking()
+router, banking_provider = extract_router(
+    add_banking,
+    prefix="/banking",
+    provider="plaid",
+    cache_ttl=60,
+)
+
+# That's it! svc-infra auto-discovers 'router' and mounts at /v0/banking
+```
+
+### Result
+
+- ✅ All banking endpoints under `/v0/banking/*`
+- ✅ Banking docs included in `/v0/docs` (not separate card)
+- ✅ Full `add_banking()` functionality preserved
+- ✅ Returns provider instance for additional use
+
+## Complete Example
+
+```python
+# Directory structure
+your_api/
+  routers/
+    v0/
+      __init__.py
+      status.py
+      banking.py      # <- Integration using helper
+      payments.py     # <- Another integration
+
+# banking.py - Clean and simple
+"""Banking integration under v0 routing."""
+from svc_infra.api.fastapi.versioned import extract_router
+from fin_infra.banking import add_banking
+
+router, banking_provider = extract_router(
+    add_banking,
+    prefix="/banking",
+    provider="plaid",  # or "teller"
+    cache_ttl=60,
+)
+
+# Optional: Store provider on app state for later use
+# This happens in app.py after router discovery:
+# app.state.banking = banking_provider
+```
+
+## Works With
+
+Any svc-infra or fin-infra function that calls `app.include_router()`:
+
+```python
+# Banking integration
+from fin_infra.banking import add_banking
+router, provider = extract_router(add_banking, prefix="/banking", provider="plaid")
+
+# Market data
+from fin_infra.markets import add_market_data
+router, provider = extract_router(add_market_data, prefix="/markets")
+
+# Analytics
+from fin_infra.analytics import add_analytics
+router, provider = extract_router(add_analytics, prefix="/analytics")
+
+# Budgets
+from fin_infra.budgets import add_budgets
+router, provider = extract_router(add_budgets, prefix="/budgets")
+
+# Documents
+from fin_infra.documents import add_documents
+router, provider = extract_router(add_documents, prefix="/documents")
+
+# Any custom add_* function following the pattern
+```
+
+## When to Use
+
+**Use when:**
+- Building a monolithic versioned API where all features belong under `/v0`, `/v1`, etc.
+- You want unified documentation at `/v0/docs` showing all features together
+- You're consolidating multiple integrations under one version
+- You need version-specific behavior for third-party integrations
+
+**Don't use when:**
+- Feature should have its own root-level endpoint (e.g., public webhooks at `/webhooks`)
+- Integration is shared across multiple versions (mount at root instead)
+- You only need a subset of endpoints (define manually)
+
+## Alternative: Manual Definition
+
+For simple integrations, define routes manually:
+
+```python
+# routers/v0/banking.py
+from svc_infra.api.fastapi.dual.public import public_router
+from fin_infra.banking import easy_banking
+
+router = public_router(prefix="/banking", tags=["Banking"])
+banking = easy_banking(provider="plaid")
+
+@router.post("/link")
+async def create_link(request: CreateLinkRequest):
+    return banking.create_link_token(user_id=request.user_id)
+
+# ... define other endpoints
+```
+
+Use manual definition when:
+- Only need a subset of integration endpoints
+- Want custom validation/transforms per endpoint
+- Integration is very simple (2-3 endpoints)
+- Need version-specific behavior per endpoint
+
+## How It Works
+
+The `extract_router()` helper:
+
+1. **Creates Mock App**: Temporary FastAPI instance to capture router
+2. **Intercepts Router**: Monkey-patches `include_router()` to capture instead of mount
+3. **Calls Integration**: Runs `add_*()` function which creates all routes normally
+4. **Returns Router**: Exports captured router for svc-infra auto-discovery
+5. **Auto-Mounts**: svc-infra finds `router` in `v0.banking` and mounts at `/v0/banking`
+
+The provider/integration instance is also returned for additional use if needed.
+
+## See Also
+
+- [API Versioning](./api.md#versioning) - How svc-infra version routing works
+- [Router Auto-Discovery](./api.md#router-discovery) - How routers are found and mounted
+- [Dual Routers](./api.md#dual-routers) - Similar pattern for public/protected routers
+- `svc_infra.api.fastapi.versioned` - Source code for helper function

svc_infra/docs/webhooks.md

@@ -0,0 +1,112 @@
+# Webhooks Framework
+
+This module provides primitives to publish events to external consumers via webhooks, verify inbound signatures, and handle robust retries using the shared JobQueue and Outbox patterns.
+
+> ℹ️ Webhook helper environment expectations live in [Environment Reference](environment.md).
+
+## Quickstart
+
+- Subscriptions and publishing:
+
+```python
+from svc_infra.webhooks.service import InMemoryWebhookSubscriptions, WebhookService
+from svc_infra.db.outbox import InMemoryOutboxStore
+
+subs = InMemoryWebhookSubscriptions()
+subs.add("invoice.created", "https://example.com/webhook", "sekrit")
+svc = WebhookService(outbox=InMemoryOutboxStore(), subs=subs)
+svc.publish("invoice.created", {"id": "inv_1", "version": 1})
+```
+
+- Delivery worker and headers:
+
+```python
+from svc_infra.jobs.builtins.webhook_delivery import make_webhook_handler
+from svc_infra.jobs.worker import process_one
+
+handler = make_webhook_handler(
+    outbox=..., inbox=..., get_webhook_url_for_topic=lambda t: url, get_secret_for_topic=lambda t: secret,
+)
+# process_one(queue, handler) will POST JSON with headers:
+# X-Event-Id, X-Topic, X-Attempt, X-Signature (HMAC-SHA256), X-Signature-Alg, X-Signature-Version, X-Payload-Version
+```
+
+- Verification (FastAPI):
+
+```python
+from fastapi import Depends, FastAPI
+from svc_infra.webhooks.fastapi import require_signature
+from svc_infra.webhooks.signing import sign
+
+app = FastAPI()
+app.post("/webhook")(lambda body=Depends(require_signature(lambda: ["old","new"])): {"ok": True})
+```
+
+## FastAPI wiring
+
+- Attach the router with shared in-memory stores (great for tests / local runs):
+
+```python
+from fastapi import FastAPI
+
+from svc_infra.webhooks import add_webhooks
+
+app = FastAPI()
+add_webhooks(app)
+```
+
+- Respect environment overrides for Redis-backed stores by exporting `REDIS_URL`
+  and selecting the backend via `WEBHOOKS_OUTBOX=redis` (optional
+  `WEBHOOKS_INBOX=redis` for the dedupe store).  The helper records the chosen
+  instances on `app.state` for further customisation:
+
+```python
+import os
+
+os.environ["WEBHOOKS_OUTBOX"] = "redis"
+os.environ["WEBHOOKS_INBOX"] = "redis"
+
+app = FastAPI()
+add_webhooks(app)  # creates RedisOutboxStore / RedisInboxStore when redis-py is available
+
+# Later you can inspect or extend behaviour:
+app.state.webhooks_subscriptions.add("invoice.created", "https://example.com/webhook", "sekrit")
+```
+
+- Provide explicit overrides (e.g. dependency-injected SQL stores) or reuse your
+  existing job queue / scheduler.  Passing a queue automatically registers the
+  outbox tick and delivery handler so your worker loop can process jobs:
+
+```python
+from svc_infra.jobs.easy import easy_jobs
+
+queue, scheduler = easy_jobs()
+
+add_webhooks(
+    app,
+    outbox=my_outbox_store,
+    inbox=lambda: my_inbox_store,  # factories are supported
+    queue=queue,
+    scheduler=scheduler,
+)
+
+# scheduler.add_task(...) is handled internally when both queue and scheduler are supplied
+```
+
+## Runner wiring
+
+If you prefer explicit wiring, you can still register the tick manually:
+
+```python
+from svc_infra.jobs.easy import easy_jobs
+from svc_infra.jobs.builtins.outbox_processor import make_outbox_tick
+
+queue, scheduler = easy_jobs()  # uses JOBS_DRIVER and REDIS_URL
+scheduler.add_task("outbox", 1, make_outbox_tick(outbox_store, queue))
+# Start runner: `svc-infra jobs run`
+```
+
+## Notes
+- Retries/backoff are handled by the JobQueue; delivery marks Inbox after success to prevent duplicates.
+- For production subscriptions and inbox/outbox, provide persistent implementations and override DI in your app.
+- Signature rotation supported via `verify_any` and FastAPI dependency accepting multiple secrets.

svc_infra/dx/add.py

@@ -0,0 +1,63 @@
+from __future__ import annotations
+
+from pathlib import Path
+
+
+def write_ci_workflow(
+    *,
+    target_dir: str | Path,
+    name: str = "ci.yml",
+    python_version: str = "3.12",
+) -> Path:
+    """Write a minimal CI workflow file (GitHub Actions) with tests/lint/type steps."""
+    p = Path(target_dir) / ".github" / "workflows" / name
+    p.parent.mkdir(parents=True, exist_ok=True)
+    content = f"""
+name: CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '{python_version}'
+      - name: Install Poetry
+        run: pipx install poetry
+      - name: Install deps
+        run: poetry install
+      - name: Lint
+        run: poetry run flake8 --select=E,F
+      - name: Typecheck
+        run: poetry run mypy src
+      - name: Tests
+        run: poetry run pytest -q -W error
+"""
+    p.write_text(content.strip() + "\n")
+    return p
+
+
+def write_openapi_lint_config(*, target_dir: str | Path, name: str = ".redocly.yaml") -> Path:
+    """Write a minimal OpenAPI lint config placeholder (Redocly)."""
+    p = Path(target_dir) / name
+    content = """
+apis:
+  main:
+    root: openapi.json
+
+rules:
+  operation-operationId: warn
+  no-unused-components: warn
+  security-defined: off
+"""
+    p.write_text(content.strip() + "\n")
+    return p
+
+
+__all__ = ["write_ci_workflow", "write_openapi_lint_config"]

svc_infra/dx/changelog.py

@@ -0,0 +1,74 @@
+from __future__ import annotations
+
+from dataclasses import dataclass
+from datetime import date as _date
+from typing import Sequence
+
+
+@dataclass(frozen=True)
+class Commit:
+    sha: str
+    subject: str
+
+
+_SECTION_ORDER = [
+    ("feat", "Features"),
+    ("fix", "Bug Fixes"),
+    ("perf", "Performance"),
+    ("refactor", "Refactors"),
+]
+
+
+def _classify(subject: str) -> tuple[str, str]:
+    """Return (type, title) where title is display name of the section."""
+    lower = subject.strip().lower()
+    for t, title in _SECTION_ORDER:
+        if lower.startswith(t + ":") or lower.startswith(t + "("):
+            return (t, title)
+    return ("other", "Other")
+
+
+def _format_item(commit: Commit) -> str:
+    subj = commit.subject.strip()
+    # Strip leading type(scope): if present
+    i = subj.find(": ")
+    if i != -1 and i < 20:  # conventional commit prefix
+        pretty = subj[i + 2 :].strip()
+    else:
+        pretty = subj
+    return f"- {pretty} ({commit.sha})"
+
+
+def generate_release_section(
+    *,
+    version: str,
+    commits: Sequence[Commit],
+    release_date: str | None = None,
+) -> str:
+    """Generate a markdown release section from commits.
+
+    Group by type: feat, fix, perf, refactor; everything else under Other.
+    """
+    if release_date is None:
+        release_date = _date.today().isoformat()
+
+    buckets: dict[str, list[str]] = {k: [] for k, _ in _SECTION_ORDER}
+    buckets["other"] = []
+
+    for c in commits:
+        typ, _ = _classify(c.subject)
+        buckets.setdefault(typ, []).append(_format_item(c))
+
+    lines: list[str] = [f"## v{version} - {release_date}", ""]
+    for key, title in _SECTION_ORDER + [("other", "Other")]:
+        items = buckets.get(key) or []
+        if not items:
+            continue
+        lines.append(f"### {title}")
+        lines.extend(items)
+        lines.append("")
+
+    return "\n".join(lines).rstrip() + "\n"
+
+
+__all__ = ["Commit", "generate_release_section"]

svc_infra/dx/checks.py

@@ -0,0 +1,67 @@
+from __future__ import annotations
+
+from pathlib import Path
+
+
+def _load_json(path: str | Path) -> dict:
+    import json
+
+    p = Path(path)
+    return json.loads(p.read_text())
+
+
+def check_openapi_problem_schema(
+    schema: dict | None = None, *, path: str | Path | None = None
+) -> None:
+    """Validate OpenAPI has a Problem schema with required fields and formats.
+
+    Raises ValueError with a descriptive message on failure.
+    """
+
+    if schema is None:
+        if path is None:
+            raise ValueError("either schema or path must be provided")
+        schema = _load_json(path)
+
+    comps = (schema or {}).get("components") or {}
+    prob = (comps.get("schemas") or {}).get("Problem")
+    if not isinstance(prob, dict):
+        raise ValueError("Problem schema missing under components.schemas.Problem")
+
+    props = prob.get("properties") or {}
+    # Required keys presence
+    for key in ("type", "title", "status", "detail", "instance", "code"):
+        if key not in props:
+            raise ValueError(f"Problem.{key} missing in properties")
+
+    # instance must be uri-reference per our convention
+    inst = props.get("instance") or {}
+    if inst.get("format") != "uri-reference":
+        raise ValueError("Problem.instance must have format 'uri-reference'")
+
+
+def check_migrations_up_to_date(*, project_root: str | Path = ".") -> None:
+    """Best-effort migrations check: passes if alembic env present and head is reachable.
+
+    This is a lightweight stub that can be extended per-project. For now, it checks
+    that an Alembic env exists when 'alembic.ini' is present; it does not execute DB calls.
+    """
+
+    root = Path(project_root)
+    # If alembic.ini is absent, there's nothing to check here
+    if not (root / "alembic.ini").exists():
+        return
+    # Ensure versions/ dir exists under migrations path if configured, default to 'migrations'
+    mig_dir = root / "migrations"
+    if not mig_dir.exists():
+        # tolerate alternative layout via env; keep stub permissive
+        return
+    versions = mig_dir / "versions"
+    if not versions.exists():
+        raise ValueError("Alembic migrations directory missing versions/ subfolder")
+
+
+__all__ = [
+    "check_openapi_problem_schema",
+    "check_migrations_up_to_date",
+]

svc_infra/http/__init__.py

@@ -0,0 +1,13 @@
+from .client import (
+    get_default_timeout_seconds,
+    make_timeout,
+    new_async_httpx_client,
+    new_httpx_client,
+)
+
+__all__ = [
+    "get_default_timeout_seconds",
+    "new_httpx_client",
+    "new_async_httpx_client",
+    "make_timeout",
+]