refactor: migrate vendor APIs to token-based context and consolidate architecture

## Vendor-in-Token Architecture (Complete Migration) - Migrate all vendor API endpoints from require_vendor_context() to token_vendor_id - Update permission dependencies to extract vendor from JWT token - Add vendor exceptions: VendorAccessDeniedException, VendorOwnerOnlyException, InsufficientVendorPermissionsException - Shop endpoints retain require_vendor_context() for URL-based detection - Add AUTH-004 architecture rule enforcing vendor context patterns - Fix marketplace router missing /marketplace prefix ## Exception Pattern Fixes (API-003/API-004) - Services raise domain exceptions, endpoints let them bubble up - Add code_quality and content_page exception modules - Move business logic from endpoints to services (admin, auth, content_page) - Fix exception handling in admin, shop, and vendor endpoints ## Tailwind CSS Consolidation - Consolidate CSS to per-area files (admin, vendor, shop, platform) - Remove shared/cdn-fallback.html and shared/css/tailwind.min.css - Update all templates to use area-specific Tailwind output files - Remove Node.js config (package.json, postcss.config.js, tailwind.config.js) ## Documentation & Cleanup - Update vendor-in-token-architecture.md with completed migration status - Update architecture-rules.md with new rules - Move migration docs to docs/development/migration/ - Remove duplicate/obsolete documentation files - Merge pytest.ini settings into pyproject.toml 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-04 22:24:45 +01:00
parent 76f8a59954
commit 8a367077e1
85 changed files with 21787 additions and 134978 deletions
--- a/app/api/v1/admin/code_quality.py
+++ b/app/api/v1/admin/code_quality.py
@@ -5,12 +5,13 @@ RESTful API for architecture validation and violation management

 from datetime import datetime

-from fastapi import APIRouter, Depends, HTTPException, Query
+from fastapi import APIRouter, Depends, Query
 from pydantic import BaseModel, Field
 from sqlalchemy.orm import Session

 from app.api.deps import get_current_admin_api
 from app.core.database import get_db
+from app.exceptions import ViolationNotFoundException
 from app.services.code_quality_service import code_quality_service
 from models.database.user import User

@@ -136,25 +137,23 @@ async def trigger_scan(
    Trigger a new architecture scan

    Requires authentication. Runs the validator script and stores results.
+    Domain exceptions (ScanTimeoutException, ScanParseException) bubble up to global handler.
    """
-    try:
-        scan = code_quality_service.run_scan(
-            db, triggered_by=f"manual:{current_user.username}"
-        )
+    scan = code_quality_service.run_scan(
+        db, triggered_by=f"manual:{current_user.username}"
+    )

-        return ScanResponse(
-            id=scan.id,
-            timestamp=scan.timestamp.isoformat(),
-            total_files=scan.total_files,
-            total_violations=scan.total_violations,
-            errors=scan.errors,
-            warnings=scan.warnings,
-            duration_seconds=scan.duration_seconds,
-            triggered_by=scan.triggered_by,
-            git_commit_hash=scan.git_commit_hash,
-        )
-    except Exception as e:
-        raise HTTPException(status_code=500, detail=f"Scan failed: {str(e)}")
+    return ScanResponse(
+        id=scan.id,
+        timestamp=scan.timestamp.isoformat(),
+        total_files=scan.total_files,
+        total_violations=scan.total_violations,
+        errors=scan.errors,
+        warnings=scan.warnings,
+        duration_seconds=scan.duration_seconds,
+        triggered_by=scan.triggered_by,
+        git_commit_hash=scan.git_commit_hash,
+    )


@router.get("/scans", response_model=list[ScanResponse])
@@ -269,7 +268,7 @@ async def get_violation(
    violation = code_quality_service.get_violation_by_id(db, violation_id)

    if not violation:
-        raise HTTPException(status_code=404, detail="Violation not found")
+        raise ViolationNotFoundException(violation_id)

    # Format assignments
    assignments = [
@@ -331,29 +330,26 @@ async def assign_violation(

    Updates violation status to 'assigned'.
    """
-    try:
-        assignment = code_quality_service.assign_violation(
-            db,
-            violation_id=violation_id,
-            user_id=request.user_id,
-            assigned_by=current_user.id,
-            due_date=request.due_date,
-            priority=request.priority,
-        )
+    assignment = code_quality_service.assign_violation(
+        db,
+        violation_id=violation_id,
+        user_id=request.user_id,
+        assigned_by=current_user.id,
+        due_date=request.due_date,
+        priority=request.priority,
+    )

-        return {
-            "id": assignment.id,
-            "violation_id": assignment.violation_id,
-            "user_id": assignment.user_id,
-            "assigned_at": assignment.assigned_at.isoformat(),
-            "assigned_by": assignment.assigned_by,
-            "due_date": (
-                assignment.due_date.isoformat() if assignment.due_date else None
-            ),
-            "priority": assignment.priority,
-        }
-    except Exception as e:
-        raise HTTPException(status_code=400, detail=str(e))
+    return {
+        "id": assignment.id,
+        "violation_id": assignment.violation_id,
+        "user_id": assignment.user_id,
+        "assigned_at": assignment.assigned_at.isoformat(),
+        "assigned_by": assignment.assigned_by,
+        "due_date": (
+            assignment.due_date.isoformat() if assignment.due_date else None
+        ),
+        "priority": assignment.priority,
+    }


@router.post("/violations/{violation_id}/resolve")
@@ -367,28 +363,24 @@ async def resolve_violation(
    Mark violation as resolved

    Records resolution timestamp and user.
+    ViolationNotFoundException bubbles up if violation doesn't exist.
    """
-    try:
-        violation = code_quality_service.resolve_violation(
-            db,
-            violation_id=violation_id,
-            resolved_by=current_user.id,
-            resolution_note=request.resolution_note,
-        )
+    violation = code_quality_service.resolve_violation(
+        db,
+        violation_id=violation_id,
+        resolved_by=current_user.id,
+        resolution_note=request.resolution_note,
+    )

-        return {
-            "id": violation.id,
-            "status": violation.status,
-            "resolved_at": (
-                violation.resolved_at.isoformat() if violation.resolved_at else None
-            ),
-            "resolved_by": violation.resolved_by,
-            "resolution_note": violation.resolution_note,
-        }
-    except ValueError as e:
-        raise HTTPException(status_code=404, detail=str(e))
-    except Exception as e:
-        raise HTTPException(status_code=400, detail=str(e))
+    return {
+        "id": violation.id,
+        "status": violation.status,
+        "resolved_at": (
+            violation.resolved_at.isoformat() if violation.resolved_at else None
+        ),
+        "resolved_by": violation.resolved_by,
+        "resolution_note": violation.resolution_note,
+    }


@router.post("/violations/{violation_id}/ignore")
@@ -402,28 +394,24 @@ async def ignore_violation(
    Mark violation as ignored (won't fix)

    Records reason for ignoring.
+    ViolationNotFoundException bubbles up if violation doesn't exist.
    """
-    try:
-        violation = code_quality_service.ignore_violation(
-            db,
-            violation_id=violation_id,
-            ignored_by=current_user.id,
-            reason=request.reason,
-        )
+    violation = code_quality_service.ignore_violation(
+        db,
+        violation_id=violation_id,
+        ignored_by=current_user.id,
+        reason=request.reason,
+    )

-        return {
-            "id": violation.id,
-            "status": violation.status,
-            "resolved_at": (
-                violation.resolved_at.isoformat() if violation.resolved_at else None
-            ),
-            "resolved_by": violation.resolved_by,
-            "resolution_note": violation.resolution_note,
-        }
-    except ValueError as e:
-        raise HTTPException(status_code=404, detail=str(e))
-    except Exception as e:
-        raise HTTPException(status_code=400, detail=str(e))
+    return {
+        "id": violation.id,
+        "status": violation.status,
+        "resolved_at": (
+            violation.resolved_at.isoformat() if violation.resolved_at else None
+        ),
+        "resolved_by": violation.resolved_by,
+        "resolution_note": violation.resolution_note,
+    }


@router.post("/violations/{violation_id}/comments")
@@ -438,23 +426,20 @@ async def add_comment(

    For team collaboration and discussion.
    """
-    try:
-        comment = code_quality_service.add_comment(
-            db,
-            violation_id=violation_id,
-            user_id=current_user.id,
-            comment=request.comment,
-        )
+    comment = code_quality_service.add_comment(
+        db,
+        violation_id=violation_id,
+        user_id=current_user.id,
+        comment=request.comment,
+    )

-        return {
-            "id": comment.id,
-            "violation_id": comment.violation_id,
-            "user_id": comment.user_id,
-            "comment": comment.comment,
-            "created_at": comment.created_at.isoformat(),
-        }
-    except Exception as e:
-        raise HTTPException(status_code=400, detail=str(e))
+    return {
+        "id": comment.id,
+        "violation_id": comment.violation_id,
+        "user_id": comment.user_id,
+        "comment": comment.comment,
+        "created_at": comment.created_at.isoformat(),
+    }


@router.get("/stats", response_model=DashboardStatsResponse)