refactor: enforce strict architecture rules and add Pydantic response models

- Update architecture rules to be stricter (API-003 now blocks ALL exception
  raising in endpoints, not just HTTPException)
- Update get_current_vendor_api dependency to guarantee token_vendor_id presence
- Remove redundant _get_vendor_from_token helpers from all vendor API files
- Move vendor access validation to service layer methods
- Add Pydantic response models for media, notification, and payment endpoints
- Add get_active_vendor_by_code service method for public vendor lookup
- Add get_import_job_for_vendor service method with vendor validation
- Update validation script to detect exception raising patterns in endpoints

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

app/api/v1/vendor/marketplace.py

@@ -2,7 +2,8 @@
 """
 Marketplace import endpoints for vendors.
 
-Vendor Context: Uses token_vendor_id from JWT token (authenticated vendor API pattern)
+Vendor Context: Uses token_vendor_id from JWT token (authenticated vendor API pattern).
+The get_current_vendor_api dependency guarantees token_vendor_id is present.
 """
 
 import logging
@@ -12,7 +13,6 @@ from sqlalchemy.orm import Session
 
 from app.api.deps import get_current_vendor_api
 from app.core.database import get_db
-from app.exceptions import InvalidTokenException, UnauthorizedVendorAccessException
 from app.services.marketplace_import_job_service import marketplace_import_job_service
 from app.services.vendor_service import vendor_service
 from app.tasks.background_tasks import process_marketplace_import
@@ -27,13 +27,6 @@ router = APIRouter(prefix="/marketplace")
 logger = logging.getLogger(__name__)
 
 
-def _get_vendor_from_token(current_user: User, db: Session):
-    """Helper to get vendor from JWT token."""
-    if not hasattr(current_user, "token_vendor_id"):
-        raise InvalidTokenException("Token missing vendor information. Please login again.")
-    return vendor_service.get_vendor_by_id(db, current_user.token_vendor_id)
-
-
 @router.post("/import", response_model=MarketplaceImportJobResponse)
 @rate_limit(max_requests=10, window_seconds=3600)
 async def import_products_from_marketplace(
@@ -43,7 +36,7 @@ async def import_products_from_marketplace(
     db: Session = Depends(get_db),
 ):
     """Import products from marketplace CSV with background processing (Protected)."""
-    vendor = _get_vendor_from_token(current_user, db)
+    vendor = vendor_service.get_vendor_by_id(db, current_user.token_vendor_id)
 
     logger.info(
         f"Starting marketplace import: {request.marketplace} for vendor {vendor.vendor_code} "
@@ -90,13 +83,10 @@ def get_marketplace_import_status(
     db: Session = Depends(get_db),
 ):
     """Get status of marketplace import job (Protected)."""
-    vendor = _get_vendor_from_token(current_user, db)
-
-    job = marketplace_import_job_service.get_import_job_by_id(db, job_id, current_user)
-
-    # Verify job belongs to current vendor
-    if job.vendor_id != vendor.id:
-        raise UnauthorizedVendorAccessException(vendor.vendor_code, current_user.id)
+    # Service validates that job belongs to vendor and raises UnauthorizedVendorAccessException if not
+    job = marketplace_import_job_service.get_import_job_for_vendor(
+        db, job_id, current_user.token_vendor_id
+    )
 
     return marketplace_import_job_service.convert_to_response_model(job)
 
@@ -110,7 +100,7 @@ def get_marketplace_import_jobs(
     db: Session = Depends(get_db),
 ):
     """Get marketplace import jobs for current vendor (Protected)."""
-    vendor = _get_vendor_from_token(current_user, db)
+    vendor = vendor_service.get_vendor_by_id(db, current_user.token_vendor_id)
 
     jobs = marketplace_import_job_service.get_import_jobs(
         db=db,