clean ui
This commit is contained in:
@@ -178,6 +178,90 @@ module CleanReleaseRouter:
|
||||
|
||||
---
|
||||
|
||||
# [DEF:backend.src.services.clean_release.config_loader:Module]
|
||||
# @TIER: CRITICAL
|
||||
# @SEMANTICS: clean-release, config, yaml, policy-source, declarative
|
||||
# @PURPOSE: Load and validate .clean-release.yaml from repository root, providing typed config to all pipeline stages.
|
||||
# @LAYER: Infrastructure
|
||||
# @RELATION: CONSUMED_BY -> backend.src.services.clean_release.policy_engine
|
||||
# @RELATION: CONSUMED_BY -> backend.src.services.clean_release.compliance_orchestrator
|
||||
# @INVARIANT: Config load must fail fast on invalid/missing required fields for enterprise-clean profile.
|
||||
# @TEST_CONTRACT: YamlFilePath -> CleanReleaseConfig
|
||||
# @TEST_FIXTURE: valid_enterprise_config -> {"profile":"enterprise-clean","scan_mode":"repo","prohibited_categories":["test-data"],"allowed_sources":["*.corp.local"]}
|
||||
# @TEST_EDGE: missing_yaml -> repo without .clean-release.yaml must raise ConfigNotFoundError
|
||||
# @TEST_EDGE: missing_allowed_sources -> enterprise-clean without allowed_sources must fail validation
|
||||
# @TEST_EDGE: invalid_scan_mode -> scan_mode="unknown" must raise ValueError
|
||||
# @TEST_INVARIANT: config_validation_integrity -> VERIFIED_BY: [valid_enterprise_config, missing_allowed_sources]
|
||||
class CleanReleaseConfigLoader:
|
||||
# @PURPOSE: Discover and load .clean-release.yaml from target path.
|
||||
# @PRE: Path to repository root or explicit config path provided.
|
||||
# @POST: Returns validated CleanReleaseConfig or raises ConfigError.
|
||||
def load_config(self): ...
|
||||
|
||||
# @PURPOSE: Validate config schema and business rules.
|
||||
# @PRE: Raw YAML parsed.
|
||||
# @POST: Returns typed config with all required fields populated.
|
||||
def validate_config(self): ...
|
||||
# [/DEF:backend.src.services.clean_release.config_loader:Module]
|
||||
|
||||
---
|
||||
|
||||
# [DEF:backend.src.services.clean_release.filesystem_scanner:Module]
|
||||
# @TIER: CRITICAL
|
||||
# @SEMANTICS: clean-release, scanner, filesystem, artifacts, url-detection
|
||||
# @PURPOSE: Scan filesystem (repo/build/docker) for prohibited artifacts and external URLs in text files.
|
||||
# @LAYER: Domain
|
||||
# @RELATION: DEPENDS_ON -> backend.src.services.clean_release.config_loader
|
||||
# @RELATION: CONSUMED_BY -> backend.src.services.clean_release.compliance_orchestrator
|
||||
# @INVARIANT: Scanner must respect ignore_paths and never modify scanned files.
|
||||
# @TEST_CONTRACT: ScanTarget + CleanReleaseConfig -> ScanResult
|
||||
# @TEST_FIXTURE: repo_with_test_data -> {"path":"test/data.csv","category":"test-data","classification":"excluded-prohibited"}
|
||||
# @TEST_EDGE: binary_file_skip -> binary files must be skipped during URL extraction
|
||||
# @TEST_EDGE: symlink_loop -> circular symlinks must not cause infinite recursion
|
||||
# @TEST_EDGE: ignore_path_respected -> files in ignore_paths must never appear in results
|
||||
# @TEST_INVARIANT: scan_completeness -> VERIFIED_BY: [repo_with_test_data, ignore_path_respected]
|
||||
class FilesystemScanner:
|
||||
# @PURPOSE: Scan target for prohibited artifacts using prohibited_paths and prohibited_categories.
|
||||
# @PRE: Config loaded with prohibited rules.
|
||||
# @POST: Returns list of classified artifacts with violations.
|
||||
def scan_artifacts(self): ...
|
||||
|
||||
# @PURPOSE: Extract URLs/hosts from all text files and match against allowed_sources.
|
||||
# @PRE: Config loaded with allowed_sources patterns.
|
||||
# @POST: Returns list of external endpoint violations.
|
||||
def scan_endpoints(self): ...
|
||||
# [/DEF:backend.src.services.clean_release.filesystem_scanner:Module]
|
||||
|
||||
---
|
||||
|
||||
# [DEF:backend.src.services.clean_release.db_cleanup_executor:Module]
|
||||
# @TIER: CRITICAL
|
||||
# @SEMANTICS: clean-release, database, cleanup, test-data, enterprise
|
||||
# @PURPOSE: Execute database cleanup rules from .clean-release.yaml to remove test users and demo data.
|
||||
# @LAYER: Domain
|
||||
# @RELATION: DEPENDS_ON -> backend.src.services.clean_release.config_loader
|
||||
# @RELATION: CONSUMED_BY -> backend.src.services.clean_release.compliance_orchestrator
|
||||
# @INVARIANT: Preserve-listed records must never be deleted regardless of condition match.
|
||||
# @TEST_CONTRACT: DatabaseCleanupConfig -> CleanupResult
|
||||
# @TEST_FIXTURE: cleanup_test_users -> {"table":"ab_user","condition":"username IN ('test_user')","preserve":["admin"]}
|
||||
# @TEST_EDGE: preserve_overrides_condition -> preserved record matching condition must survive cleanup
|
||||
# @TEST_EDGE: empty_tables_list -> enabled=true with empty tables must raise ConfigError
|
||||
# @TEST_EDGE: dry_run_mode -> dry run must report planned deletions without executing them
|
||||
# @TEST_INVARIANT: preserve_integrity -> VERIFIED_BY: [cleanup_test_users, preserve_overrides_condition]
|
||||
class DatabaseCleanupExecutor:
|
||||
# @PURPOSE: Execute cleanup rules in dry-run mode first, then optionally apply.
|
||||
# @PRE: Database connection and cleanup config available.
|
||||
# @POST: Returns cleanup report with deleted/preserved counts per table.
|
||||
def execute_cleanup(self): ...
|
||||
|
||||
# @PURPOSE: Verify that preserve rules are respected post-cleanup.
|
||||
# @PRE: Cleanup executed.
|
||||
# @POST: Returns validation result confirming preserved records exist.
|
||||
def verify_preserves(self): ...
|
||||
# [/DEF:backend.src.services.clean_release.db_cleanup_executor:Module]
|
||||
|
||||
---
|
||||
|
||||
## Contract Trace (Key User Scenario)
|
||||
|
||||
Сценарий: оператор запускает TUI-проверку и получает BLOCKED из-за внешнего источника.
|
||||
|
||||
Reference in New Issue
Block a user