refactor: enforce strict architecture rules and add Pydantic response models

- Update architecture rules to be stricter (API-003 now blocks ALL exception
  raising in endpoints, not just HTTPException)
- Update get_current_vendor_api dependency to guarantee token_vendor_id presence
- Remove redundant _get_vendor_from_token helpers from all vendor API files
- Move vendor access validation to service layer methods
- Add Pydantic response models for media, notification, and payment endpoints
- Add get_active_vendor_by_code service method for public vendor lookup
- Add get_import_job_for_vendor service method with vendor validation
- Update validation script to detect exception raising patterns in endpoints

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

app/api/v1/vendor/inventory.py

@@ -2,7 +2,8 @@
 """
 Vendor inventory management endpoints.
 
-Vendor Context: Uses token_vendor_id from JWT token (authenticated vendor API pattern)
+Vendor Context: Uses token_vendor_id from JWT token (authenticated vendor API pattern).
+The get_current_vendor_api dependency guarantees token_vendor_id is present.
 """
 import logging
 
@@ -11,7 +12,6 @@ from sqlalchemy.orm import Session
 
 from app.api.deps import get_current_vendor_api
 from app.core.database import get_db
-from app.exceptions import InvalidTokenException
 from app.services.inventory_service import inventory_service
 from models.database.user import User
 from models.schema.inventory import (
@@ -28,13 +28,6 @@ router = APIRouter()
 logger = logging.getLogger(__name__)
 
 
-def _get_vendor_id_from_token(current_user: User) -> int:
-    """Helper to get vendor_id from JWT token."""
-    if not hasattr(current_user, "token_vendor_id"):
-        raise InvalidTokenException("Token missing vendor information. Please login again.")
-    return current_user.token_vendor_id
-
-
 @router.post("/inventory/set", response_model=InventoryResponse)
 def set_inventory(
     inventory: InventoryCreate,
@@ -42,8 +35,7 @@ def set_inventory(
     db: Session = Depends(get_db),
 ):
     """Set exact inventory quantity (replaces existing)."""
-    vendor_id = _get_vendor_id_from_token(current_user)
-    return inventory_service.set_inventory(db, vendor_id, inventory)
+    return inventory_service.set_inventory(db, current_user.token_vendor_id, inventory)
 
 
 @router.post("/inventory/adjust", response_model=InventoryResponse)
@@ -53,8 +45,7 @@ def adjust_inventory(
     db: Session = Depends(get_db),
 ):
     """Adjust inventory (positive to add, negative to remove)."""
-    vendor_id = _get_vendor_id_from_token(current_user)
-    return inventory_service.adjust_inventory(db, vendor_id, adjustment)
+    return inventory_service.adjust_inventory(db, current_user.token_vendor_id, adjustment)
 
 
 @router.post("/inventory/reserve", response_model=InventoryResponse)
@@ -64,8 +55,7 @@ def reserve_inventory(
     db: Session = Depends(get_db),
 ):
     """Reserve inventory for an order."""
-    vendor_id = _get_vendor_id_from_token(current_user)
-    return inventory_service.reserve_inventory(db, vendor_id, reservation)
+    return inventory_service.reserve_inventory(db, current_user.token_vendor_id, reservation)
 
 
 @router.post("/inventory/release", response_model=InventoryResponse)
@@ -75,8 +65,7 @@ def release_reservation(
     db: Session = Depends(get_db),
 ):
     """Release reserved inventory (cancel order)."""
-    vendor_id = _get_vendor_id_from_token(current_user)
-    return inventory_service.release_reservation(db, vendor_id, reservation)
+    return inventory_service.release_reservation(db, current_user.token_vendor_id, reservation)
 
 
 @router.post("/inventory/fulfill", response_model=InventoryResponse)
@@ -86,8 +75,7 @@ def fulfill_reservation(
     db: Session = Depends(get_db),
 ):
     """Fulfill reservation (complete order, remove from stock)."""
-    vendor_id = _get_vendor_id_from_token(current_user)
-    return inventory_service.fulfill_reservation(db, vendor_id, reservation)
+    return inventory_service.fulfill_reservation(db, current_user.token_vendor_id, reservation)
 
 
 @router.get("/inventory/product/{product_id}", response_model=ProductInventorySummary)
@@ -97,8 +85,7 @@ def get_product_inventory(
     db: Session = Depends(get_db),
 ):
     """Get inventory summary for a product."""
-    vendor_id = _get_vendor_id_from_token(current_user)
-    return inventory_service.get_product_inventory(db, vendor_id, product_id)
+    return inventory_service.get_product_inventory(db, current_user.token_vendor_id, product_id)
 
 
 @router.get("/inventory", response_model=InventoryListResponse)
@@ -111,9 +98,8 @@ def get_vendor_inventory(
     db: Session = Depends(get_db),
 ):
     """Get all inventory for vendor."""
-    vendor_id = _get_vendor_id_from_token(current_user)
     inventories = inventory_service.get_vendor_inventory(
-        db, vendor_id, skip, limit, location, low_stock
+        db, current_user.token_vendor_id, skip, limit, location, low_stock
     )
 
     # Get total count
@@ -132,9 +118,8 @@ def update_inventory(
     db: Session = Depends(get_db),
 ):
     """Update inventory entry."""
-    vendor_id = _get_vendor_id_from_token(current_user)
     return inventory_service.update_inventory(
-        db, vendor_id, inventory_id, inventory_update
+        db, current_user.token_vendor_id, inventory_id, inventory_update
     )
 
 
@@ -145,6 +130,5 @@ def delete_inventory(
     db: Session = Depends(get_db),
 ):
     """Delete inventory entry."""
-    vendor_id = _get_vendor_id_from_token(current_user)
-    inventory_service.delete_inventory(db, vendor_id, inventory_id)
+    inventory_service.delete_inventory(db, current_user.token_vendor_id, inventory_id)
     return {"message": "Inventory deleted successfully"}