Merge origin/dev into uat: CAR-1077 (PostgreSQL connection pool fix)

Conflicts in tests/conftest.py and tests/test_encrypted_json.py were resolved in favor of origin/dev per CAR-1152. Dev is the source of truth for this promotion: dev's version of the SQLite test fixtures is a strict superset of uat's (adds hasattr guard for non-TextClause server_default, strips additional PostgreSQL defaults, registers a before_insert event listener for timestamp columns). No uat-only logic was lost. Production files (src/cartsnitch_api/database.py, src/cartsnitch_api/routes/health.py) are unchanged from origin/dev. Co-Authored-By: Paperclip <noreply@paperclip.ing>
Fix PostgreSQL connection pool issues (CAR-1077) (#39 )
2026-06-02 15:17:42 +00:00 · 2026-06-02 15:10:01 +00:00 · 2026-06-02 14:58:18 +00:00 · 2026-06-02 14:53:16 +00:00 · 2026-06-02 02:53:46 +00:00 · 2026-06-01 12:38:46 +00:00
8 changed files with 103 additions and 28 deletions
@@ -4,8 +4,8 @@ import bcrypt


 def hash_password(password: str) -> str:
-    return bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
+    return str(bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode())


 def verify_password(plain_password: str, hashed_password: str) -> bool:
-    return bcrypt.checkpw(plain_password.encode(), hashed_password.encode())
+    return bool(bcrypt.checkpw(plain_password.encode(), hashed_password.encode()))
@@ -35,7 +35,12 @@ class CacheClient:
    async def get(self, key: str) -> str | None:
        if not self._client:
            return None
-        return await self._client.get(key)
+        value = await self._client.get(key)
+        if value is None:
+            return None
+        if isinstance(value, bytes):
+            return value.decode("utf-8", errors="replace")
+        return value

    async def set(self, key: str, value: str, ttl_seconds: int = 300) -> None:
        if not self._client:
@@ -86,4 +86,4 @@ class Settings(BaseSettings):
        return self


-settings = Settings()
+settings = Settings()  # type: ignore[call-arg]
@@ -6,14 +6,22 @@ from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_asyn

 from cartsnitch_api.config import settings

-engine = create_async_engine(
-    settings.database_url,
-    echo=False,
-    pool_size=10,
-    max_overflow=20,
-    pool_pre_ping=True,
-    pool_recycle=3600,
-)
+
+def _build_engine_kwargs() -> dict:
+    url = settings.database_url
+    kwargs: dict = {"echo": False}
+    if not url.startswith("sqlite"):
+        kwargs.update(
+            pool_size=10,
+            max_overflow=20,
+            pool_timeout=30,
+            pool_pre_ping=True,
+            pool_recycle=3600,
+        )
+    return kwargs
+
+
+engine = create_async_engine(settings.database_url, **_build_engine_kwargs())
 async_session_factory = async_sessionmaker(engine, class_=AsyncSession, expire_on_commit=False)


@@ -25,6 +25,9 @@ logger = logging.getLogger(__name__)
 class RateLimitBackend(Protocol):
    """Protocol for rate limit backends."""

+    max_requests: int
+    window_seconds: int
+
    async def is_allowed(self, key: str) -> tuple[bool, int, int]:
        """Check if request is allowed. Returns (allowed, remaining, retry_after)."""

@@ -82,7 +85,8 @@ class RedisSlidingWindow:
            if current_count >= self.max_requests:
                oldest = await self.redis.zrange(key, 0, 0, withscores=True)
                if oldest:
-                    retry_after = int((oldest[0][1] - cutoff) / 1000) + 1
+                    oldest_score = float(oldest[0][1])
+                    retry_after = int((oldest_score - cutoff) / 1000) + 1
                else:
                    retry_after = self.window_seconds
                return False, 0, retry_after
@@ -114,6 +118,10 @@ if settings.rate_limit_redis_enabled:
        logger.warning("Failed to connect to Redis for rate limiting, using in-memory: %s", e)
        _use_redis = False

+_public_limiter: RateLimitBackend
+_auth_limiter: RateLimitBackend
+_auth_strict_limiter: RateLimitBackend
+
 if _use_redis and _redis_client:
    _public_limiter = RedisSlidingWindow(
        _redis_client, settings.rate_limit_requests, settings.rate_limit_window_seconds
@@ -1,16 +1,40 @@
 """Health check and error metrics endpoints."""

-from fastapi import APIRouter, Depends
+import logging
+
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy import text
+from sqlalchemy.ext.asyncio import AsyncSession

 from cartsnitch_api.auth.dependencies import verify_service_key
+from cartsnitch_api.database import get_db
 from cartsnitch_api.middleware.error_handler import get_error_monitor

+logger = logging.getLogger(__name__)
+
 router = APIRouter(tags=["health"])


@router.get("/health")
-async def health():
-    return {"status": "ok"}
+async def health(db: AsyncSession = Depends(get_db)):
+    """Liveness + DB connectivity probe.
+
+    Returns HTTP 200 when the API process is responsive *and* the database
+    is reachable, so Kubernetes readiness probes can correctly route traffic
+    away from pods that have lost their database connection.
+
+    Returns HTTP 503 when the database is unreachable so K8s marks the pod
+    unhealthy and stops sending traffic to it.
+    """
+    try:
+        await db.execute(text("SELECT 1"))
+    except Exception as exc:
+        logger.exception("Health check failed: database unreachable")
+        raise HTTPException(
+            status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+            detail={"status": "unavailable", "database": "disconnected"},
+        ) from exc
+    return {"status": "ok", "database": "connected"}


@router.get("/internal/error-stats", dependencies=[Depends(verify_service_key)])
@@ -19,6 +19,15 @@ from cartsnitch_api.database import get_db
 from cartsnitch_api.main import create_app
 from cartsnitch_api.models import Base

+
+def _set_timestamp_defaults(mapper, connection, target):
+    """Populate created_at/updated_at before insert for SQLite compatibility."""
+    now = datetime.now(UTC)
+    for col in [c for c in mapper.columns if c.key in ("created_at", "updated_at")]:
+        if getattr(target, col.key, None) is None:
+            setattr(target, col.key, now)
+
+
 TEST_JWT_SECRET = secrets.token_urlsafe(32)
 TEST_SERVICE_KEY = secrets.token_urlsafe(32)
 TEST_FERNET_KEY = "7reF42nmTwbdN21PBoubGp7h_FU8qSimstmlaMLoRK8="
@@ -53,18 +62,27 @@ def disable_rate_limiting():
 def engine():
    """Sync in-memory SQLite engine for model unit tests.

-    Strips PostgreSQL-specific server_default expressions so SQLite can
-    handle all column inserts without missing-function errors.
+    Strips PostgreSQL-specific server_default expressions and provides
+    Python-side defaults for SQLite compatibility.
    """
    eng = create_engine("sqlite:///:memory:")

-    for table in Base.metadata.tables.values():
-        for col in table.columns.values():
+    for tbl in Base.metadata.tables.values():
+        for col in tbl.columns.values():
            sd = col.server_default
            if sd is not None:
-                expr_str = str(sd.expression).lower()
-                if "gen_random_uuid" in expr_str or "gen_random_bytes" in expr_str:
+                if not hasattr(sd, "expression"):
                    col.server_default = None
+                    continue
+                expr_str = str(sd.expression).lower()
+                # Strip PostgreSQL-specific defaults
+                if any(x in expr_str for x in ["gen_random_uuid", "gen_random_bytes", "now()"]):
+                    col.server_default = None
+
+    # Register event listener to populate timestamps on insert
+    for cls in Base.registry._class_registry.values():
+        if hasattr(cls, "__mapper__"):
+            event.listen(cls, "before_insert", _set_timestamp_defaults)

    Base.metadata.create_all(eng)
    yield eng
@@ -89,13 +107,22 @@ async def db_engine():
        cursor.execute("PRAGMA foreign_keys=ON")
        cursor.close()

-    for table in Base.metadata.tables.values():
-        for col in table.columns.values():
+    for tbl in Base.metadata.tables.values():
+        for col in tbl.columns.values():
            sd = col.server_default
            if sd is not None:
-                expr_str = str(sd.expression).lower()
-                if "gen_random_uuid" in expr_str or "gen_random_bytes" in expr_str:
+                if not hasattr(sd, "expression"):
                    col.server_default = None
+                    continue
+                expr_str = str(sd.expression).lower()
+                # Strip PostgreSQL-specific defaults
+                if any(x in expr_str for x in ["gen_random_uuid", "gen_random_bytes", "now()"]):
+                    col.server_default = None
+
+    # Register event listener to populate timestamps on insert
+    for cls in Base.registry._class_registry.values():
+        if hasattr(cls, "__mapper__"):
+            event.listen(cls, "before_insert", _set_timestamp_defaults)

    async with engine.begin() as conn:
        await conn.run_sync(Base.metadata.create_all)
@@ -18,10 +18,13 @@ from cartsnitch_api.models.user import User, UserStoreAccount
 def engine():
    eng = create_engine("sqlite:///:memory:")

-    for table in Base.metadata.tables.values():
-        for col in table.columns.values():
+    for tbl in Base.metadata.tables.values():
+        for col in tbl.columns.values():
            sd = col.server_default
            if sd is not None:
+                if not hasattr(sd, "expression"):
+                    col.server_default = None
+                    continue
                expr_str = str(sd.expression).lower()
                if "gen_random_uuid" in expr_str or "gen_random_bytes" in expr_str:
                    col.server_default = None
Author	SHA1	Message	Date
Barcode Betty	8f1ae26ce3	Merge origin/dev into uat: CAR-1077 (PostgreSQL connection pool fix) CI / lint (pull_request) Successful in 4s Details CI / typecheck (pull_request) Failing after 26s Details CI / test (pull_request) Failing after 1m4s Details CI / build-and-push (pull_request) Has been skipped Details Conflicts in tests/conftest.py and tests/test_encrypted_json.py were resolved in favor of origin/dev per CAR-1152. Dev is the source of truth for this promotion: dev's version of the SQLite test fixtures is a strict superset of uat's (adds hasattr guard for non-TextClause server_default, strips additional PostgreSQL defaults, registers a before_insert event listener for timestamp columns). No uat-only logic was lost. Production files (src/cartsnitch_api/database.py, src/cartsnitch_api/routes/health.py) are unchanged from origin/dev. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-02 15:17:42 +00:00
Savannah Savings	7a7aaca064	Fix PostgreSQL connection pool issues (CAR-1077) (#39 ) CI / lint (push) Successful in 5s Details CI / typecheck (push) Successful in 28s Details CI / lint (pull_request) Successful in 6s Details CI / test (push) Failing after 1m0s Details CI / build-and-push (push) Has been skipped Details CI / typecheck (pull_request) Successful in 29s Details CI / test (pull_request) Failing after 1m2s Details CI / build-and-push (pull_request) Has been skipped Details QA approved by Checkout Charlie; CTO Dev review approved by Savannah Savings. Adds pool_timeout=30 and DB-connectivity /health probe. Strict CI improvement (lint+typecheck green); remaining test failure pre-existing on dev, tracked under CAR-1132/PR#42.	2026-06-02 15:10:01 +00:00
Barcode Betty	76781ed238	style: fix ruff format in conftest.py CI / lint (pull_request) Successful in 5s Details CI / typecheck (pull_request) Successful in 29s Details CI / test (pull_request) Failing after 1m0s Details CI / build-and-push (pull_request) Has been skipped Details Add missing blank line between the _set_timestamp_defaults helper and the next top-level constant so `ruff format --check .` passes. Pre-existing on dev's HEAD; surfaced after rebasing PR #39 onto dev in `2b20946`. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-02 14:58:18 +00:00
Barcode Betty	2b20946ad7	fix: /health returns 503 on DB failure, pool_timeout=30, CI typecheck fixes CI / lint (pull_request) Failing after 4s Details CI / typecheck (pull_request) Failing after 25s Details CI / test (pull_request) Failing after 1m5s Details CI / build-and-push (pull_request) Has been skipped Details QA review of PR #39 (CAR-1121) identified three blocking issues; this commit addresses all three plus the typecheck errors flagged as CI RED. CAR-1077 (PR #39) changes: - database.py: add pool_timeout=30 so the engine fails fast when the connection pool is exhausted (defends against the "server closed connection unexpectedly" pod failures). - routes/health.py: /health now calls SELECT 1 through Depends(get_db) and raises HTTPException(503) when the database is unreachable, so Kubernetes readiness probes can correctly mark the pod unhealthy and stop routing traffic to it. Logs the failure at exception level for observability. - Drop .mcp.json from this PR (root-level MCP server config, not related to the pool fix; tracked separately). CI typecheck fixes (pre-existing on dev, were failing mypy on PR #39): - auth/passwords.py: cast bcrypt return values so mypy doesn't widen to Any. - config.py: silence the false-positive call-arg on Settings() — the three required fields are populated from the environment by pydantic-settings at runtime. - cache.py: coerce the bytes/str union returned by the redis client to the documented str \| None return type. - middleware/rate_limit.py: annotate the three module-level limiters with the RateLimitBackend protocol, cast the redis zrange score to float before arithmetic, and add max_requests/window_seconds to the protocol so the response-header builder can read them. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-02 14:53:16 +00:00
Flea Flicker	bd6b137c68	Fix SQLite timestamp and UUID server_defaults in test fixtures CI / lint (push) Failing after 5s Details CI / typecheck (push) Failing after 32s Details CI / test (push) Failing after 1m7s Details CI / build-and-push (push) Has been skipped Details Add _set_timestamp_defaults event listener to populate created_at/updated_at before insert when using SQLite, since func.now() server_default is stripped. Extended server_default stripping to include "now()" expressions for timestamp columns (created_at, updated_at) that were failing with NOT NULL constraint errors. Fixes remaining CI test failures after PR #35: - NOT NULL constraint failed: stores.created_at - NOT NULL constraint failed: normalized_products.created_at Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-02 02:53:46 +00:00
Flea Flicker	f18df8a40c	fix: rename loop variable to avoid shadowing SQLAlchemy table import (F402)	2026-06-01 12:38:46 +00:00
Barcode Betty	ebf69976d4	Fix SQLite server_default AttributeError and pool_size errors (#35 ) CI / lint (push) Failing after 6s Details CI / typecheck (push) Failing after 30s Details CI / test (push) Failing after 1m34s Details CI / build-and-push (push) Has been skipped Details Fix SQLite server_default AttributeError and pool_size errors Co-authored-by: Barcode Betty <32+cs_betty@noreply.git.farh.net> Co-committed-by: Barcode Betty <32+cs_betty@noreply.git.farh.net>	2026-06-01 12:38:21 +00:00
Savannah Savings	7c5ee9bdc0	Promote dev → uat: remove invalid CI deploy jobs (CAR-1069) (#38 ) CI / lint (push) Failing after 3s Details CI / test (push) Failing after 17s Details CI / build-and-push (push) Has been skipped Details CI / typecheck (push) Failing after 29s Details	2026-05-27 01:57:23 +00:00
Savannah Savings	0c0cc63d59	Merge pull request 'Promote dev → uat: test fixes (CAR-1006)' (#33 ) from dev into uat CI / lint (push) Successful in 5s Details CI / deploy-dev (push) Has been skipped Details CI / typecheck (push) Failing after 17s Details CI / test (push) Failing after 1m19s Details CI / build-and-push (push) Has been skipped Details CI / deploy-uat (push) Failing after 26s Details CI / lint (pull_request) Successful in 4s Details CI / typecheck (pull_request) Failing after 20s Details CI / build-and-push (pull_request) Has been skipped Details CI / test (pull_request) Failing after 49s Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details	2026-05-23 23:43:08 +00:00
Savannah Savings	21443a266a	Merge pull request 'Promote dev → uat: ruff lint fixes (CAR-1004)' (#31 ) from dev into uat CI / lint (push) Successful in 6s Details CI / typecheck (push) Failing after 30s Details CI / test (push) Failing after 1m34s Details CI / build-and-push (push) Has been skipped Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Failing after 26s Details Promote dev → uat: ruff lint fixes (CAR-1004)	2026-05-23 23:12:10 +00:00
Savannah Savings	6799b0e7b1	Merge pull request 'promote: dev → uat (CAR-995 CI registry migration)' (#27 ) from dev into uat CI / lint (push) Failing after 3s Details CI / typecheck (push) Failing after 29s Details CI / test (push) Failing after 49s Details CI / build-and-push (push) Has been skipped Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Failing after 41s Details promote: dev → uat (CAR-995 CI registry migration) (#27)	2026-05-23 22:31:54 +00:00
Savannah Savings	50110a54b7	Merge pull request 'Promote dev → uat: CI pipeline fixes (CAR-1000)' (#24 ) from dev into uat CI / lint (push) Failing after 4s Details CI / typecheck (push) Failing after 30s Details CI / test (push) Failing after 50s Details CI / build-and-push (push) Has been skipped Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Failing after 30s Details Promote dev → uat: CI pipeline fixes (CAR-1000) Promotes PR #22 fixes to UAT environment.	2026-05-23 22:14:44 +00:00
Savannah Savings	28ad343759	Merge pull request 'chore: promote dev to uat (dispose_engine fix, CAR-932)' (#20 ) from dev into uat CI / lint (push) Failing after 4s Details CI / test (push) Failing after 10s Details CI / build-and-push (push) Has been skipped Details CI / deploy-dev (push) Has been skipped Details CI / typecheck (push) Failing after 17s Details CI / deploy-uat (push) Failing after 33s Details chore: promote dev to uat (dispose_engine fix, CAR-932)	2026-05-23 21:52:24 +00:00
Savannah Savings	06c6dbed5c	Merge pull request 'promote: dev → uat (CAR-992 cors_origins fix)' (#15 ) from dev into uat CI / lint (push) Failing after 4s Details CI / test (push) Failing after 10s Details CI / build-and-push (push) Has been skipped Details CI / deploy-dev (push) Has been skipped Details CI / typecheck (push) Failing after 36s Details CI / deploy-uat (push) Failing after 29s Details promote: dev → uat (CAR-992 cors_origins fix) (#15)	2026-05-23 20:56:06 +00:00
Savannah Savings	228a83c355	Merge pull request 'promote: dev → uat (CI trigger fix)' (#10 ) from dev into uat CI / lint (push) Failing after 4s Details CI / test (push) Failing after 0s Details CI / build-and-push (push) Has been skipped Details CI / deploy-dev (push) Has been skipped Details CI / typecheck (push) Failing after 16s Details CI / deploy-uat (push) Failing after 42s Details promote: dev → uat (CI trigger fix) (#10) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 14:39:13 +00:00
Savannah Savings	fbfedd4e8f	Merge pull request 'chore: promote dev to uat (CAR-898 workflow move)' (#7 ) from dev into uat chore: promote dev to uat (CAR-898 workflow move) (#7)	2026-05-21 13:05:23 +00:00
Coupon Carl	6a8db71537	Merge pull request 'ci: promote Gitea Actions conversion to UAT' (#5 ) from dev into uat	2026-05-21 04:55:13 +00:00
savannah-savings-cto[bot]	556b43b424	Merge pull request #2 from cartsnitch/dev chore: promote dev to uat	2026-04-19 12:11:48 +00:00