Skip to content

refactor(config): audit API surface + deprecate ipinfo_* fields (O3)#27

Merged
rennf93 merged 1 commit into
masterfrom
refactor/api-surface-audit
Jun 23, 2026
Merged

refactor(config): audit API surface + deprecate ipinfo_* fields (O3)#27
rennf93 merged 1 commit into
masterfrom
refactor/api-surface-audit

Conversation

@rennf93

@rennf93 rennf93 commented Jun 23, 2026

Copy link
Copy Markdown
Owner

Summary

Design-partner feedback O3 — a scoped audit + targeted, non-breaking tightening of the guard-core public API surface. No field removed, no detection/middleware behavior changed.

Audit (docs/internals/api-surface-audit.md)

A full inventory of the public surface with a recommended action per item:

  • All 90 SecurityConfig fields, grouped by domain, each with a keep/deprecate/group/remove recommendation and models.py line.
  • Field counts by domain; the 13 validators + to_agent_config.
  • Both export lists (guard_core's 22 + fastapi-guard's 24) — no drift today, with the single-source-of-truth recommendation.
  • Grouping opportunities (agent/cors/detection/otel prefixes) presented as an option with backward-compat trade-offs, explicitly not applied.

Safe wiring (non-breaking)

  • ipinfo_token and ipinfo_db_path — long self-described as deprecated — now emit a runtime DeprecationWarning when explicitly set (a model_validator keyed on model_fields_set, so it fires once at construction, never on default or internal access). Both keep working; removal targeted for a future major.
  • A targeted filterwarnings entry keeps existing fixtures quiet; dedicated tests assert the warning still fires.

The export single-source-of-truth is implemented on the fastapi-guard consumer side (its O3 PR derives __all__ from guard_core.__all__).

Verification

  • check-sync: OK · ruff + ruff-format + mypy + vulture + xenon + deptry: clean · bandit: exit 0
  • Full suite: 3704 passed, 100% line + branch coverage (0 missed), zero warnings

Part of the coordinated guard-core 3.2.0 release (with O1/O2, O4, O5, O6).

Add a scoped public-API-surface audit (docs/internals/api-surface-audit.md)
inventorying all 90 SecurityConfig fields and both export lists, grouped by
domain with a keep/deprecate/group/remove recommendation and file:line each.

Wire the safe, non-breaking pieces flagged by the audit:
- ipinfo_token and ipinfo_db_path, long self-described as deprecated, now emit
  a runtime DeprecationWarning when explicitly set (model_validator keyed on
  model_fields_set, so it fires once at construction, never on default/internal
  access). Both fields keep working; removal targeted for a future major.
- Targeted filterwarnings entry keeps existing fixtures quiet; dedicated tests
  assert the warning still fires.

The export single-source-of-truth recommendation is documented here; the
fastapi-guard consumer side ships with that adapter. No field removed, no
detection/middleware behavior changed.
@github-actions github-actions Bot added documentation Docs, README, CHANGELOG, governance files area: models Touches guard_core/models.py tests Test suite changes dependencies pyproject.toml or uv.lock labels Jun 23, 2026
@rennf93
rennf93 merged commit efafc9d into master Jun 23, 2026
10 of 11 checks passed
@rennf93
rennf93 deleted the refactor/api-surface-audit branch June 23, 2026 20:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area: models Touches guard_core/models.py dependencies pyproject.toml or uv.lock documentation Docs, README, CHANGELOG, governance files tests Test suite changes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant