refactor: enforce strict architecture rules and add Pydantic response models

- Update architecture rules to be stricter (API-003 now blocks ALL exception
  raising in endpoints, not just HTTPException)
- Update get_current_vendor_api dependency to guarantee token_vendor_id presence
- Remove redundant _get_vendor_from_token helpers from all vendor API files
- Move vendor access validation to service layer methods
- Add Pydantic response models for media, notification, and payment endpoints
- Add get_active_vendor_by_code service method for public vendor lookup
- Add get_import_job_for_vendor service method with vendor validation
- Update validation script to detect exception raising patterns in endpoints

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

app/api/v1/vendor/settings.py

@@ -2,7 +2,8 @@
 """
 Vendor settings and configuration endpoints.
 
-Vendor Context: Uses token_vendor_id from JWT token (authenticated vendor API pattern)
+Vendor Context: Uses token_vendor_id from JWT token (authenticated vendor API pattern).
+The get_current_vendor_api dependency guarantees token_vendor_id is present.
 """
 
 import logging
@@ -12,7 +13,6 @@ from sqlalchemy.orm import Session
 
 from app.api.deps import get_current_vendor_api
 from app.core.database import get_db
-from app.exceptions import InsufficientPermissionsException, InvalidTokenException
 from app.services.vendor_service import vendor_service
 from models.database.user import User
 
@@ -26,10 +26,6 @@ def get_vendor_settings(
     db: Session = Depends(get_db),
 ):
     """Get vendor settings and configuration."""
-    # Get vendor ID from JWT token
-    if not hasattr(current_user, "token_vendor_id"):
-        raise InvalidTokenException("Token missing vendor information. Please login again.")
-
     vendor = vendor_service.get_vendor_by_id(db, current_user.token_vendor_id)
 
     return {
@@ -56,32 +52,7 @@ def update_marketplace_settings(
     db: Session = Depends(get_db),
 ):
     """Update marketplace integration settings."""
-    # Get vendor ID from JWT token
-    if not hasattr(current_user, "token_vendor_id"):
-        raise InvalidTokenException("Token missing vendor information. Please login again.")
-
-    vendor = vendor_service.get_vendor_by_id(db, current_user.token_vendor_id)
-
-    # Verify permissions
-    if not vendor_service.can_update_vendor(vendor, current_user):
-        raise InsufficientPermissionsException(
-            required_permission="vendor:settings:update"
-        )
-
-    # Update Letzshop URLs
-    if "letzshop_csv_url_fr" in marketplace_config:
-        vendor.letzshop_csv_url_fr = marketplace_config["letzshop_csv_url_fr"]
-    if "letzshop_csv_url_en" in marketplace_config:
-        vendor.letzshop_csv_url_en = marketplace_config["letzshop_csv_url_en"]
-    if "letzshop_csv_url_de" in marketplace_config:
-        vendor.letzshop_csv_url_de = marketplace_config["letzshop_csv_url_de"]
-
-    db.commit()
-    db.refresh(vendor)
-
-    return {
-        "message": "Marketplace settings updated successfully",
-        "letzshop_csv_url_fr": vendor.letzshop_csv_url_fr,
-        "letzshop_csv_url_en": vendor.letzshop_csv_url_en,
-        "letzshop_csv_url_de": vendor.letzshop_csv_url_de,
-    }
+    # Service handles permission checking and raises InsufficientPermissionsException if needed
+    return vendor_service.update_marketplace_settings(
+        db, current_user.token_vendor_id, marketplace_config, current_user
+    )