svc-infra 0.1.601__py3-none-any.whl → 0.1.603__py3-none-any.whl

svc_infra/api/fastapi/db/sql/crud_router.py

@@ -46,6 +46,18 @@ def make_crud_router_plus_sql(
         redirect_slashes=False,
     )
 
+    def _coerce_id(v: Any) -> Any:
+        """Best-effort coercion of path ids: cast digit-only strings to int.
+
+        Keeps original type otherwise to avoid breaking non-integer IDs.
+        """
+        if isinstance(v, str) and v.isdigit():
+            try:
+                return int(v)
+            except Exception:
+                return v
+        return v
+
     def _parse_ordering_to_fields(order_spec: Optional[str]) -> list[str]:
         if not order_spec:
             return []
@@ -87,9 +99,7 @@ def make_crud_router_plus_sql(
         else:
             items = await service.list(session, limit=lp.limit, offset=lp.offset, order_by=order_by)
             total = await service.count(session)
-        return Page[read_schema].from_items(
-            total=total, items=items, limit=lp.limit, offset=lp.offset
-        )
+        return Page[Any].from_items(total=total, items=items, limit=lp.limit, offset=lp.offset)
 
     # -------- GET by id --------
     @router.get(
@@ -98,7 +108,7 @@ def make_crud_router_plus_sql(
         description=f"Get item of type {model.__name__}",
     )
     async def get_item(item_id: Any, session: SqlSessionDep):  # type: ignore[name-defined]
-        row = await service.get(session, item_id)
+        row = await service.get(session, _coerce_id(item_id))
         if not row:
             raise HTTPException(404, "Not found")
         return row
@@ -139,7 +149,7 @@ def make_crud_router_plus_sql(
             data = payload
         else:
             raise HTTPException(422, "invalid_payload")
-        row = await service.update(session, item_id, data)
+        row = await service.update(session, _coerce_id(item_id), data)
         if not row:
             raise HTTPException(404, "Not found")
         return row
@@ -149,7 +159,7 @@ def make_crud_router_plus_sql(
         "/{item_id}", status_code=204, description=f"Delete item of type {model.__name__}"
     )
     async def delete_item(item_id: Any, session: SqlSessionDep):  # type: ignore[name-defined]
-        ok = await service.delete(session, item_id)
+        ok = await service.delete(session, _coerce_id(item_id))
         if not ok:
             raise HTTPException(404, "Not found")
         return
@@ -180,6 +190,25 @@ def make_tenant_crud_router_plus_sql(
         redirect_slashes=False,
     )
 
+    # Evaluate the base service once to preserve in-memory state across requests in tests/local.
+    # Consumers may pass either an instance or a zero-arg factory function.
+    try:
+        _base_instance = service_factory() if callable(service_factory) else service_factory  # type: ignore[misc]
+    except TypeError:
+        # If the callable requires args, assume it's already an instance
+        _base_instance = service_factory  # type: ignore[assignment]
+
+    def _coerce_id(v: Any) -> Any:
+        """Best-effort coercion of path ids: cast digit-only strings to int.
+        Keeps original type otherwise.
+        """
+        if isinstance(v, str) and v.isdigit():
+            try:
+                return int(v)
+            except Exception:
+                return v
+        return v
+
     def _parse_ordering_to_fields(order_spec: Optional[str]) -> list[str]:
         if not order_spec:
             return []
@@ -194,17 +223,8 @@ def make_tenant_crud_router_plus_sql(
 
     # create per-request service with tenant scoping
     async def _svc(session: SqlSessionDep, tenant_id: TenantId):  # type: ignore[name-defined]
-        base = service_factory  # consumer-provided factory or instance
-        svc = base  # assume already a SqlService by default
-        if callable(base):
-            svc = base  # the consumer likely closed over repo
-            # if callable returns a service, call it now
-            try:
-                svc = base()  # type: ignore[misc]
-            except TypeError:
-                svc = base  # already instance
-        if not isinstance(svc, TenantSqlService):
-            svc = TenantSqlService(getattr(svc, "repo", svc), tenant_id=tenant_id, tenant_field=tenant_field)  # type: ignore[arg-type]
+        repo_or_service = getattr(_base_instance, "repo", _base_instance)
+        svc: Any = TenantSqlService(repo_or_service, tenant_id=tenant_id, tenant_field=tenant_field)  # type: ignore[arg-type]
         return svc  # type: ignore[return-value]
 
     @router.get("", response_model=cast(Any, Page[Any]))
@@ -232,14 +252,12 @@ def make_tenant_crud_router_plus_sql(
         else:
             items = await svc.list(session, limit=lp.limit, offset=lp.offset, order_by=order_by)
             total = await svc.count(session)
-        return Page[read_schema].from_items(
-            total=total, items=items, limit=lp.limit, offset=lp.offset
-        )
+        return Page[Any].from_items(total=total, items=items, limit=lp.limit, offset=lp.offset)
 
     @router.get("/{item_id}", response_model=cast(Any, Any))
     async def get_item(item_id: Any, session: SqlSessionDep, tenant_id: TenantId):  # type: ignore[name-defined]
         svc = await _svc(session, tenant_id)
-        row = await svc.get(session, item_id)
+        row = await svc.get(session, _coerce_id(item_id))
         if not row:
             raise HTTPException(404, "Not found")
         return row
@@ -273,7 +291,7 @@ def make_tenant_crud_router_plus_sql(
             data = payload
         else:
             raise HTTPException(422, "invalid_payload")
-        row = await svc.update(session, item_id, data)
+        row = await svc.update(session, _coerce_id(item_id), data)
         if not row:
             raise HTTPException(404, "Not found")
         return row
@@ -281,7 +299,7 @@ def make_tenant_crud_router_plus_sql(
     @router.delete("/{item_id}", status_code=204)
     async def delete_item(item_id: Any, session: SqlSessionDep, tenant_id: TenantId):  # type: ignore[name-defined]
         svc = await _svc(session, tenant_id)
-        ok = await svc.delete(session, item_id)
+        ok = await svc.delete(session, _coerce_id(item_id))
         if not ok:
             raise HTTPException(404, "Not found")
         return

svc_infra/api/fastapi/docs/add.py

@@ -0,0 +1,82 @@
+from __future__ import annotations
+
+import json
+from pathlib import Path
+from typing import Optional
+
+from fastapi import FastAPI
+from fastapi.openapi.docs import get_redoc_html, get_swagger_ui_html
+from fastapi.responses import HTMLResponse, JSONResponse
+
+
+def add_docs(
+    app: FastAPI,
+    *,
+    redoc_url: str = "/redoc",
+    swagger_url: str = "/docs",
+    openapi_url: str = "/openapi.json",
+    export_openapi_to: Optional[str] = None,
+) -> None:
+    """Enable docs endpoints and optionally export OpenAPI schema to disk on startup.
+
+    We mount docs and OpenAPI routes explicitly so this works even when configured post-init.
+    """
+
+    # OpenAPI JSON route
+    async def openapi_handler() -> JSONResponse:  # noqa: ANN201
+        return JSONResponse(app.openapi())
+
+    app.add_api_route(openapi_url, openapi_handler, methods=["GET"], include_in_schema=False)
+
+    # Swagger UI route
+    async def swagger_ui() -> HTMLResponse:  # noqa: ANN201
+        return get_swagger_ui_html(openapi_url=openapi_url, title="API Docs")
+
+    app.add_api_route(swagger_url, swagger_ui, methods=["GET"], include_in_schema=False)
+
+    # Redoc route
+    async def redoc_ui() -> HTMLResponse:  # noqa: ANN201
+        return get_redoc_html(openapi_url=openapi_url, title="API ReDoc")
+
+    app.add_api_route(redoc_url, redoc_ui, methods=["GET"], include_in_schema=False)
+
+    # Optional export to disk on startup
+    if export_openapi_to:
+        export_path = Path(export_openapi_to)
+
+        async def _export_docs() -> None:
+            # Startup export
+            spec = app.openapi()
+            export_path.parent.mkdir(parents=True, exist_ok=True)
+            export_path.write_text(json.dumps(spec, indent=2))
+
+        app.add_event_handler("startup", _export_docs)
+
+
+def add_sdk_generation_stub(
+    app: FastAPI,
+    *,
+    on_generate: Optional[callable] = None,
+    openapi_path: str = "/openapi.json",
+) -> None:
+    """Hook to add an SDK generation stub.
+
+    Provide `on_generate()` to run generation (e.g., openapi-generator). This is a stub only; we
+    don't ship a hard dependency. If `on_generate` is provided, we expose `/_docs/generate-sdk`.
+    """
+    from svc_infra.api.fastapi.dual.public import public_router
+
+    if not on_generate:
+        return
+
+    router = public_router(prefix="/_docs", include_in_schema=False)
+
+    @router.post("/generate-sdk")
+    async def _generate() -> dict:  # noqa: ANN201
+        on_generate()
+        return {"status": "ok"}
+
+    app.include_router(router)
+
+
+__all__ = ["add_docs", "add_sdk_generation_stub"]

svc_infra/api/fastapi/ops/add.py

@@ -0,0 +1,65 @@
+from __future__ import annotations
+
+import os
+from typing import Callable
+
+from fastapi import FastAPI, HTTPException, Request
+from starlette.responses import JSONResponse
+
+
+def add_probes(
+    app: FastAPI,
+    *,
+    prefix: str = "/_ops",
+    include_in_schema: bool = False,
+) -> None:
+    """Mount basic liveness/readiness/startup probes under prefix."""
+    from svc_infra.api.fastapi.dual.public import public_router
+
+    router = public_router(prefix=prefix, tags=["ops"], include_in_schema=include_in_schema)
+
+    @router.get("/live")
+    async def live() -> JSONResponse:  # noqa: D401, ANN201
+        return JSONResponse({"status": "ok"})
+
+    @router.get("/ready")
+    async def ready() -> JSONResponse:  # noqa: D401, ANN201
+        # In the future, add checks (DB ping, cache ping) via DI hooks.
+        return JSONResponse({"status": "ok"})
+
+    @router.get("/startup")
+    async def startup_probe() -> JSONResponse:  # noqa: D401, ANN201
+        return JSONResponse({"status": "ok"})
+
+    app.include_router(router)
+
+
+def add_maintenance_mode(app: FastAPI, *, env_var: str = "MAINTENANCE_MODE") -> None:
+    """Enable a simple maintenance gate controlled by an env var.
+
+    When MAINTENANCE_MODE is truthy, all non-GET requests return 503.
+    """
+
+    @app.middleware("http")
+    async def _maintenance_gate(request: Request, call_next):  # noqa: ANN001, ANN202
+        flag = str(os.getenv(env_var, "")).lower() in {"1", "true", "yes", "on"}
+        if flag and request.method not in {"GET", "HEAD", "OPTIONS"}:
+            return JSONResponse({"detail": "maintenance"}, status_code=503)
+        return await call_next(request)
+
+
+def circuit_breaker_dependency(limit: int = 100, window_seconds: int = 60) -> Callable:
+    """Return a dependency that can trip rejective errors based on external metrics.
+
+    This is a placeholder; callers can swap with a provider that tracks failures and opens the
+    breaker. Here, we read an env var to simulate an open breaker.
+    """
+
+    async def _dep(_: Request) -> None:  # noqa: D401, ANN202
+        if str(os.getenv("CIRCUIT_OPEN", "")).lower() in {"1", "true", "yes", "on"}:
+            raise HTTPException(status_code=503, detail="circuit open")
+
+    return _dep
+
+
+__all__ = ["add_probes", "add_maintenance_mode", "circuit_breaker_dependency"]

svc_infra/cli/cmds/db/sql/alembic_cmds.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
 
 import os
+from importlib import import_module
 from typing import List, Optional
 
 import typer
@@ -209,3 +210,28 @@ def register(app: typer.Typer) -> None:
     app.command("sql-stamp")(cmd_stamp)
     app.command("sql-merge-heads")(cmd_merge_heads)
     app.command("sql-setup-and-migrate")(cmd_setup_and_migrate)
+    app.command("sql-seed")(cmd_seed)
+
+
+def _import_callable(path: str):
+    mod_name, _, fn_name = path.partition(":")
+    if not mod_name or not fn_name:
+        raise typer.BadParameter("Expected format 'module.path:callable'")
+    mod = import_module(mod_name)
+    fn = getattr(mod, fn_name, None)
+    if not callable(fn):
+        raise typer.BadParameter(f"Callable '{fn_name}' not found in module '{mod_name}'")
+    return fn
+
+
+def cmd_seed(
+    target: str = typer.Argument(..., help="Seed callable path 'module:func'"),
+    database_url: Optional[str] = typer.Option(
+        None,
+        help="Database URL; overrides env for this command.",
+    ),
+):
+    """Run a user-provided seed function to load fixtures/reference data."""
+    apply_database_url(database_url)
+    fn = _import_callable(target)
+    fn()

svc_infra/data/add.py

@@ -0,0 +1,61 @@
+from __future__ import annotations
+
+import inspect
+from typing import Callable, Iterable, Optional
+
+from fastapi import FastAPI
+
+from svc_infra.cli.cmds.db.sql.alembic_cmds import cmd_setup_and_migrate
+
+
+def add_data_lifecycle(
+    app: FastAPI,
+    *,
+    auto_migrate: bool = True,
+    database_url: str | None = None,
+    discover_packages: Optional[list[str]] = None,
+    with_payments: bool | None = None,
+    on_load_fixtures: Optional[Callable[[], None]] = None,
+    retention_jobs: Optional[Iterable[Callable[[], None]]] = None,
+    erasure_job: Optional[Callable[[str], None]] = None,
+) -> None:
+    """
+    Wire data lifecycle conveniences:
+
+    - auto_migrate: run end-to-end Alembic setup-and-migrate on startup (idempotent).
+    - on_load_fixtures: optional callback to load reference/fixture data once at startup.
+    - retention_jobs: optional list of callables to register purge tasks (scheduler integration is external).
+    - erasure_job: optional callable to trigger a GDPR erasure workflow for a given principal ID.
+
+    This helper is intentionally minimal: it coordinates existing building blocks
+    and offers extension points. Jobs should be scheduled using svc_infra.jobs helpers.
+    """
+
+    async def _run_lifecycle() -> None:
+        # Startup
+        if auto_migrate:
+            cmd_setup_and_migrate(
+                database_url=database_url,
+                overwrite_scaffold=False,
+                create_db_if_missing=True,
+                create_followup_revision=True,
+                initial_message="initial schema",
+                followup_message="autogen",
+                discover_packages=discover_packages,
+                with_payments=with_payments,
+            )
+        if on_load_fixtures:
+            res = on_load_fixtures()
+            if inspect.isawaitable(res):
+                await res  # type: ignore[misc]
+
+    app.add_event_handler("startup", _run_lifecycle)
+
+    # Store optional jobs on app.state for external schedulers to discover/register.
+    if retention_jobs is not None:
+        app.state.data_retention_jobs = list(retention_jobs)
+    if erasure_job is not None:
+        app.state.data_erasure_job = erasure_job
+
+
+__all__ = ["add_data_lifecycle"]

svc_infra/data/backup.py

@@ -0,0 +1,53 @@
+from __future__ import annotations
+
+from dataclasses import dataclass
+from datetime import datetime, timezone
+from typing import Callable, Optional
+
+
+@dataclass(frozen=True)
+class BackupHealthReport:
+    ok: bool
+    last_success: Optional[datetime]
+    retention_days: Optional[int]
+    message: str = ""
+
+
+def verify_backups(
+    *, last_success: Optional[datetime] = None, retention_days: Optional[int] = None
+) -> BackupHealthReport:
+    """Return a basic backup health report.
+
+    In production, callers should plug a provider-specific checker and translate into this report.
+    """
+    if last_success is None:
+        return BackupHealthReport(
+            ok=False, last_success=None, retention_days=retention_days, message="no_backup_seen"
+        )
+    now = datetime.now(timezone.utc)
+    age_days = (now - last_success).total_seconds() / 86400.0
+    ok = retention_days is None or age_days <= max(1, retention_days)
+    return BackupHealthReport(ok=ok, last_success=last_success, retention_days=retention_days)
+
+
+__all__ = ["BackupHealthReport", "verify_backups"]
+
+
+def make_backup_verification_job(
+    checker: Callable[[], BackupHealthReport],
+    *,
+    on_report: Optional[Callable[[BackupHealthReport], None]] = None,
+):
+    """Return a callable suitable for scheduling in a job runner.
+
+    The checker should perform provider-specific checks and return a BackupHealthReport.
+    If on_report is provided, it will be invoked with the report.
+    """
+
+    def _job() -> BackupHealthReport:
+        rep = checker()
+        if on_report:
+            on_report(rep)
+        return rep
+
+    return _job

svc_infra/data/erasure.py

@@ -0,0 +1,45 @@
+from __future__ import annotations
+
+from dataclasses import dataclass
+from typing import Any, Awaitable, Callable, Iterable, Optional, Protocol
+
+
+class SqlSession(Protocol):  # minimal protocol for tests/integration
+    async def execute(self, stmt: Any) -> Any:
+        pass
+
+
+@dataclass(frozen=True)
+class ErasureStep:
+    name: str
+    run: Callable[[SqlSession, str], Awaitable[int] | int]
+
+
+@dataclass(frozen=True)
+class ErasurePlan:
+    steps: Iterable[ErasureStep]
+
+
+async def run_erasure(
+    session: SqlSession,
+    principal_id: str,
+    plan: ErasurePlan,
+    *,
+    on_audit: Optional[Callable[[str, dict[str, Any]], None]] = None,
+) -> int:
+    """Run an erasure plan and optionally emit an audit event.
+
+    Returns total affected rows across steps.
+    """
+    total = 0
+    for s in plan.steps:
+        res = s.run(session, principal_id)
+        if hasattr(res, "__await__"):
+            res = await res  # type: ignore[misc]
+        total += int(res or 0)
+    if on_audit:
+        on_audit("erasure.completed", {"principal_id": principal_id, "affected": total})
+    return total
+
+
+__all__ = ["ErasureStep", "ErasurePlan", "run_erasure"]

svc_infra/data/fixtures.py

@@ -0,0 +1,40 @@
+from __future__ import annotations
+
+import inspect
+from pathlib import Path
+from typing import Awaitable, Callable, Iterable, Optional
+
+
+async def run_fixtures(
+    loaders: Iterable[Callable[[], None | Awaitable[None]]], *, run_once_file: Optional[str] = None
+) -> None:
+    """Run a sequence of fixture loaders (sync or async).
+
+    - If run_once_file is provided and exists, does nothing.
+    - On success, creates the run_once_file sentinel (parent dirs included).
+    """
+    if run_once_file:
+        sentinel = Path(run_once_file)
+        if sentinel.exists():
+            return
+    for fn in loaders:
+        res = fn()
+        if inspect.isawaitable(res):  # type: ignore[arg-type]
+            await res  # type: ignore[misc]
+    if run_once_file:
+        sentinel.parent.mkdir(parents=True, exist_ok=True)
+        Path(run_once_file).write_text("ok")
+
+
+def make_on_load_fixtures(
+    *loaders: Callable[[], None | Awaitable[None]], run_once_file: Optional[str] = None
+) -> Callable[[], Awaitable[None]]:
+    """Return an async callable suitable for add_data_lifecycle(on_load_fixtures=...)."""
+
+    async def _runner() -> None:
+        await run_fixtures(loaders, run_once_file=run_once_file)
+
+    return _runner
+
+
+__all__ = ["run_fixtures", "make_on_load_fixtures"]

svc_infra/data/retention.py

@@ -0,0 +1,55 @@
+from __future__ import annotations
+
+from dataclasses import dataclass
+from datetime import datetime, timedelta, timezone
+from typing import Any, Iterable, Optional, Protocol, Sequence
+
+
+class SqlSession(Protocol):  # minimal protocol for tests/integration
+    async def execute(self, stmt: Any) -> Any:
+        pass
+
+
+@dataclass(frozen=True)
+class RetentionPolicy:
+    name: str
+    model: Any  # SQLAlchemy model or test double exposing columns
+    older_than_days: int
+    soft_delete_field: Optional[str] = "deleted_at"
+    extra_where: Optional[Sequence[Any]] = None
+    hard_delete: bool = False
+
+
+async def purge_policy(session: SqlSession, policy: RetentionPolicy) -> int:
+    """Execute a single retention purge according to policy.
+
+    If hard_delete is False and soft_delete_field exists on model, set timestamp; else DELETE.
+    Returns number of affected rows (best-effort; test doubles may return an int directly).
+    """
+    cutoff = datetime.now(timezone.utc) - timedelta(days=policy.older_than_days)
+    m = policy.model
+    where = list(policy.extra_where or [])
+    created_col = getattr(m, "created_at", None)
+    if created_col is not None and hasattr(created_col, "__le__"):
+        where.append(created_col <= cutoff)  # type: ignore[operator]
+
+    # Soft-delete path when available and requested
+    if not policy.hard_delete and policy.soft_delete_field and hasattr(m, policy.soft_delete_field):
+        stmt = m.update().where(*where).values({policy.soft_delete_field: cutoff})  # type: ignore[attr-defined]
+        res = await session.execute(stmt)
+        return getattr(res, "rowcount", 0)
+
+    # Hard delete fallback
+    stmt = m.delete().where(*where)  # type: ignore[attr-defined]
+    res = await session.execute(stmt)
+    return getattr(res, "rowcount", 0)
+
+
+async def run_retention_purge(session: SqlSession, policies: Iterable[RetentionPolicy]) -> int:
+    total = 0
+    for p in policies:
+        total += await purge_policy(session, p)
+    return total
+
+
+__all__ = ["RetentionPolicy", "purge_policy", "run_retention_purge"]

svc_infra/db/sql/repository.py

@@ -124,9 +124,10 @@ class SqlRepository:
             return False
         if self.soft_delete:
             # Prefer timestamp, also optionally set flag to False
-            if hasattr(self.model, self.soft_delete_field):
+            # Check attributes on the instance to support test doubles without class-level fields
+            if hasattr(obj, self.soft_delete_field):
                 setattr(obj, self.soft_delete_field, func.now())
-            if self.soft_delete_flag_field and hasattr(self.model, self.soft_delete_flag_field):
+            if self.soft_delete_flag_field and hasattr(obj, self.soft_delete_flag_field):
                 setattr(obj, self.soft_delete_flag_field, False)
             await session.flush()
             return True

svc_infra/dx/add.py

@@ -0,0 +1,63 @@
+from __future__ import annotations
+
+from pathlib import Path
+
+
+def write_ci_workflow(
+    *,
+    target_dir: str | Path,
+    name: str = "ci.yml",
+    python_version: str = "3.12",
+) -> Path:
+    """Write a minimal CI workflow file (GitHub Actions) with tests/lint/type steps."""
+    p = Path(target_dir) / ".github" / "workflows" / name
+    p.parent.mkdir(parents=True, exist_ok=True)
+    content = f"""
+name: CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '{python_version}'
+      - name: Install Poetry
+        run: pipx install poetry
+      - name: Install deps
+        run: poetry install
+      - name: Lint
+        run: poetry run flake8 --select=E,F
+      - name: Typecheck
+        run: poetry run mypy src
+      - name: Tests
+        run: poetry run pytest -q -W error
+"""
+    p.write_text(content.strip() + "\n")
+    return p
+
+
+def write_openapi_lint_config(*, target_dir: str | Path, name: str = ".redocly.yaml") -> Path:
+    """Write a minimal OpenAPI lint config placeholder (Redocly)."""
+    p = Path(target_dir) / name
+    content = """
+apis:
+  main:
+    root: openapi.json
+
+rules:
+  operation-operationId: warn
+  no-unused-components: warn
+  security-defined: off
+"""
+    p.write_text(content.strip() + "\n")
+    return p
+
+
+__all__ = ["write_ci_workflow", "write_openapi_lint_config"]

{svc_infra-0.1.601.dist-info → svc_infra-0.1.603.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: svc-infra
-Version: 0.1.601
+Version: 0.1.603
 Summary: Infrastructure for building and deploying prod-ready services
 License: MIT
 Keywords: fastapi,sqlalchemy,alembic,auth,infra,async,pydantic
@@ -93,6 +93,7 @@ svc-infra packages the shared building blocks we use to ship production FastAPI
 | Observability | Prometheus middleware, Grafana automation, OTEL hooks | [Observability guide](docs/observability.md) |
 | Webhooks | Subscription store, signing, retry worker | [Webhooks framework](docs/webhooks.md) |
 | Security | Password policy, lockout, signed cookies, headers | [Security hardening](docs/security.md) |
+| Data Lifecycle | Fixtures, retention, erasure, backups | [Data lifecycle](docs/data-lifecycle.md) |
 
 ## Minimal FastAPI bootstrap
 

{svc_infra-0.1.601.dist-info → svc_infra-0.1.603.dist-info}/RECORD

@@ -50,12 +50,13 @@ svc_infra/api/fastapi/db/nosql/mongo/health.py,sha256=OM4_Pig3IRSrBhz2yHweIhGlSB
 svc_infra/api/fastapi/db/sql/README.md,sha256=uF_k4wbNSeWR6JF_8evWkeSFidBEXMXcIiYyR6sEv48,3082
 svc_infra/api/fastapi/db/sql/__init__.py,sha256=R9P1Vy2Uqf9gFISxChMhO9tOGciIjEymVPhpXmsY3zc,255
 svc_infra/api/fastapi/db/sql/add.py,sha256=xGZnbGnP9PQtWvr5vuXA3_PXzTKldPM_cD3L0uztAvo,4768
-svc_infra/api/fastapi/db/sql/crud_router.py,sha256=t4SYCYfzLIAnCXFfR2xDmIHjAI8septLd_wUBKFF1Xg,10816
+svc_infra/api/fastapi/db/sql/crud_router.py,sha256=H7212YK4BsmuuS5E-HWKnRXzgc4RQxVSFWT6wzb4IXQ,11575
 svc_infra/api/fastapi/db/sql/health.py,sha256=ELLgQerooHHnvZRhGueSAc4QJsb3C4RojUGIu_U-hA4,792
 svc_infra/api/fastapi/db/sql/session.py,sha256=DUBqKTRJAX4fqRz9B-w9eD9SpzZ8EUS862-GsjCL3ts,1869
 svc_infra/api/fastapi/db/sql/users.py,sha256=68HGJgYVTEjKJm4-DPPC8-6nwXJoCukmgrYIIOHEUjs,5346
 svc_infra/api/fastapi/dependencies/ratelimit.py,sha256=DiOC-MJfqTtSydM6RAaeAsiXXL_6oZQoBLvRSpdWzs4,3794
 svc_infra/api/fastapi/docs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+svc_infra/api/fastapi/docs/add.py,sha256=Ytk4iqWrNqPg3-SELJ5OUNuTieltpTBmIFOPKGnHVag,2563
 svc_infra/api/fastapi/docs/landing.py,sha256=5JqJYCxQDCWy-BeDLfkv7OBlzWQKSGWUCYXQ51hojG8,4627
 svc_infra/api/fastapi/docs/scoped.py,sha256=AuN35Op-9fUvHQCLOBtRjd5eWSpB5C9EAW_7-Boxmfo,7540
 svc_infra/api/fastapi/dual/__init__.py,sha256=scHLcNFkGbgX_R21V702xnAv6GMCkQ4n7yUtNDNgliM,552
@@ -91,6 +92,7 @@ svc_infra/api/fastapi/openapi/mutators.py,sha256=KcWnJ3dsn_VdBG-x0ytddf_vwJ6u-84
 svc_infra/api/fastapi/openapi/pipeline.py,sha256=GAf-qzwmWlYbrAlPirr8w89fEO4-kFrhCoeMj-7mE44,646
 svc_infra/api/fastapi/openapi/responses.py,sha256=pBUoJd0lltBkQBJACS1Zd1wd975gbw6dYyMEqyueRuw,1093
 svc_infra/api/fastapi/openapi/security.py,sha256=U78KMwgc7FilFPLbIE2f6xrp74hq6TDFXpUMGRyK_bg,1248
+svc_infra/api/fastapi/ops/add.py,sha256=39puYLuJdZuIBkpmMiHF6N8H4D-96TRtFdYidbzqndI,2311
 svc_infra/api/fastapi/pagination.py,sha256=770RbYyzgJotMA8gcc_y5zeAiP3em7fOHKuKDDlpOkI,10867
 svc_infra/api/fastapi/paths/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 svc_infra/api/fastapi/paths/auth.py,sha256=hy9N0QFQnpv7dBOuHStui5eP9oIGHrawa0sADIVVD64,553
@@ -131,7 +133,7 @@ svc_infra/cli/cmds/db/nosql/mongo/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeR
 svc_infra/cli/cmds/db/nosql/mongo/mongo_cmds.py,sha256=83_I0-63aRyR2uRLhpG1DKavH8BJ6fwdL3qpCpksyBU,6109
 svc_infra/cli/cmds/db/nosql/mongo/mongo_scaffold_cmds.py,sha256=gsv7V3eGxyhQQm4J8IPYV9xQkdv0DoX7txcPLgbiejk,4277
 svc_infra/cli/cmds/db/sql/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-svc_infra/cli/cmds/db/sql/alembic_cmds.py,sha256=KjumtKSOZR1UxbpZUuqllpknerDLNcY-0kqqqxiOnL4,7664
+svc_infra/cli/cmds/db/sql/alembic_cmds.py,sha256=HfnLsLJMug6llfitiwUvwdrXzcjRqrn-BVyJNcQDLFA,8519
 svc_infra/cli/cmds/db/sql/sql_export_cmds.py,sha256=6MxoQO-9upoXg0cl1RHIqz96yXFVGidiBYp_ewhB0E0,2700
 svc_infra/cli/cmds/db/sql/sql_scaffold_cmds.py,sha256=eNTCqHXOxgl9H3WTbGVn9BHXYwCpjIEJsDqhEFdrYMM,4613
 svc_infra/cli/cmds/help.py,sha256=wGfZFMYaR2ZPwW2JwKDU7M3m4AtdCd8GRQ412AmEBUM,758
@@ -142,6 +144,11 @@ svc_infra/cli/cmds/obs/obs_cmds.py,sha256=fltUZu5fcnZdl0_JPJBIxIaA1Xqpw1BXE-SWBP
 svc_infra/cli/foundation/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 svc_infra/cli/foundation/runner.py,sha256=RbfjKwb3aHk1Y0MYU8xMpKRpIqRVMVr8GuL2EDZ6n38,1862
 svc_infra/cli/foundation/typer_bootstrap.py,sha256=KapgH1R-qON9FuYH1KYlVx_5sJvjmAGl25pB61XCpm4,985
+svc_infra/data/add.py,sha256=IG_1kMthOcYwpBYfZEGr90XE5Z96z2TEnl1hs5w0jAs,2222
+svc_infra/data/backup.py,sha256=LZcfw7aQGge0I0PG8P1dQWkgFHTTPKc5iXnsvf9oAUA,1619
+svc_infra/data/erasure.py,sha256=VG4XKCE9XMc63qHW7jd-mivwzeITOJe-Ru2X1-7bE_I,1155
+svc_infra/data/fixtures.py,sha256=2WKU6-HCKfA_uiwjI0cB_79F-aCbqoo3Ro05ksGbH3Y,1278
+svc_infra/data/retention.py,sha256=8K_lG4vVLl5BaLVw3S2bm2Vu88oTZOpUL9_ifGtes6I,2062
 svc_infra/db/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 svc_infra/db/crud_schema.py,sha256=-fv-Om1lHVt6lcNbie6A2kRcPex4SDByUPfks6SpmUc,2521
 svc_infra/db/inbox.py,sha256=drxLRLHaMRrCDgo_8wj12do80wDh5ssHV6LGkaM98no,1996
@@ -175,7 +182,7 @@ svc_infra/db/sql/base.py,sha256=yeOM4Xo2CtTzsfx0hN8KLFTgOPZp6BrbV7Omz_bZUMg,317
 svc_infra/db/sql/constants.py,sha256=FqtoBWqP13gW8avIWpr8E41PDW5aQ88tjGmnokCV9Lk,1656
 svc_infra/db/sql/core.py,sha256=2W7o1uyEZBDbqX1ptArP5Fa5obaVpZqHpczJCdf1NZk,10855
 svc_infra/db/sql/management.py,sha256=bVpzj8BapwcghxAwmBsTnntWf3kaNf7CYETndppaiUM,3620
-svc_infra/db/sql/repository.py,sha256=SG3cBf0BUnfds47BuOWjZJiFtrd2SmRkMINGioUhVn0,7047
+svc_infra/db/sql/repository.py,sha256=B80mqW0Hjv1HmbnnDqHDliOHKSusRFoCtHiuaBC_9M0,7131
 svc_infra/db/sql/resource.py,sha256=CfBmRvMq_1-cgYBS9uc_G4i1W5e6wk6zo4MGdKTPT9I,1194
 svc_infra/db/sql/scaffold.py,sha256=aRC572W9Jqs1nLprR_zmmgERthMlJwoUjQ_xbRh53RU,9107
 svc_infra/db/sql/service.py,sha256=Jtb89FQgXWNRrh_bPLCvNyM7Up0_rn_wx1_CGWfiqNs,2790
@@ -198,6 +205,7 @@ svc_infra/db/sql/uniq_hooks.py,sha256=6gCnO0_Y-rhB0p-VuY0mZ9m1u3haiLWI3Ns_iUTqF_
 svc_infra/db/sql/utils.py,sha256=nzuDcDhnVNehx5Y9BZLgxw8fvpfYbxTfXQsgnznVf4w,32862
 svc_infra/db/sql/versioning.py,sha256=okZu2ad5RAFXNLXJgGpcQvZ5bc6gPjRWzwiBT0rEJJw,400
 svc_infra/db/utils.py,sha256=aTD49VJSEu319kIWJ1uijUoP51co4lNJ3S0_tvuyGio,802
+svc_infra/dx/add.py,sha256=FAnLGP0BPm_q_VCEcpUwfj-b0mEse988chh9DHeS7GU,1474
 svc_infra/jobs/builtins/outbox_processor.py,sha256=VZoehNyjdaV_MmV74WMcbZR6z9E3VFMtZC-pxEwK0x0,1247
 svc_infra/jobs/builtins/webhook_delivery.py,sha256=z_cl6YKwnduGjGaB8ZoUpKhFcEAhUZqqBma8v2FO1so,2982
 svc_infra/jobs/easy.py,sha256=eix-OxWeE3vdkY3GGNoYM0GAyOxc928SpiSzMkr9k0A,977
@@ -274,7 +282,7 @@ svc_infra/webhooks/fastapi.py,sha256=BCNvGNxukf6dC2a4i-6en-PrjBGV19YvCWOot5lXWsA
 svc_infra/webhooks/router.py,sha256=6JvAVPMEth_xxHX-IsIOcyMgHX7g1H0OVxVXKLuMp9w,1596
 svc_infra/webhooks/service.py,sha256=hWgiJRXKBwKunJOx91C7EcLUkotDtD3Xp0RT6vj2IC0,1797
 svc_infra/webhooks/signing.py,sha256=NCwdZzmravUe7HVIK_uXK0qqf12FG-_MVsgPvOw6lsM,784
-svc_infra-0.1.601.dist-info/METADATA,sha256=--fXg5XHvGu56tmJ-UArjNr8FjrvQ9d-75Bwww4i3bI,7839
-svc_infra-0.1.601.dist-info/WHEEL,sha256=IYZQI976HJqqOpQU6PHkJ8fb3tMNBFjg-Cn-pwAbaFM,88
-svc_infra-0.1.601.dist-info/entry_points.txt,sha256=6x_nZOsjvn6hRZsMgZLgTasaCSKCgAjsGhACe_CiP0U,48
-svc_infra-0.1.601.dist-info/RECORD,,
+svc_infra-0.1.603.dist-info/METADATA,sha256=Y_24yijEGFoG0M5wtJE7EjMaf5BMobwLNwxJoR4ACtk,7941
+svc_infra-0.1.603.dist-info/WHEEL,sha256=IYZQI976HJqqOpQU6PHkJ8fb3tMNBFjg-Cn-pwAbaFM,88
+svc_infra-0.1.603.dist-info/entry_points.txt,sha256=6x_nZOsjvn6hRZsMgZLgTasaCSKCgAjsGhACe_CiP0U,48
+svc_infra-0.1.603.dist-info/RECORD,,