Skip to content

refactor(config): audit API surface + deprecate ipinfo_* fields (O3)#27

Open
rennf93 wants to merge 1 commit into
masterfrom
refactor/api-surface-audit
Open

refactor(config): audit API surface + deprecate ipinfo_* fields (O3)#27
rennf93 wants to merge 1 commit into
masterfrom
refactor/api-surface-audit

Conversation

@rennf93

@rennf93 rennf93 commented Jun 23, 2026

Copy link
Copy Markdown
Owner

Summary

Design-partner feedback O3 — a scoped audit + targeted, non-breaking tightening of the guard-core public API surface. No field removed, no detection/middleware behavior changed.

Audit (docs/internals/api-surface-audit.md)

A full inventory of the public surface with a recommended action per item:

  • All 90 SecurityConfig fields, grouped by domain, each with a keep/deprecate/group/remove recommendation and models.py line.
  • Field counts by domain; the 13 validators + to_agent_config.
  • Both export lists (guard_core's 22 + fastapi-guard's 24) — no drift today, with the single-source-of-truth recommendation.
  • Grouping opportunities (agent/cors/detection/otel prefixes) presented as an option with backward-compat trade-offs, explicitly not applied.

Safe wiring (non-breaking)

  • ipinfo_token and ipinfo_db_path — long self-described as deprecated — now emit a runtime DeprecationWarning when explicitly set (a model_validator keyed on model_fields_set, so it fires once at construction, never on default or internal access). Both keep working; removal targeted for a future major.
  • A targeted filterwarnings entry keeps existing fixtures quiet; dedicated tests assert the warning still fires.

The export single-source-of-truth is implemented on the fastapi-guard consumer side (its O3 PR derives __all__ from guard_core.__all__).

Verification

  • check-sync: OK · ruff + ruff-format + mypy + vulture + xenon + deptry: clean · bandit: exit 0
  • Full suite: 3704 passed, 100% line + branch coverage (0 missed), zero warnings

Part of the coordinated guard-core 3.2.0 release (with O1/O2, O4, O5, O6).

@rennf93
refactor(config): audit API surface + deprecate ipinfo_* fields (O3)
6aa2fc1 
Add a scoped public-API-surface audit (docs/internals/api-surface-audit.md)
inventorying all 90 SecurityConfig fields and both export lists, grouped by
domain with a keep/deprecate/group/remove recommendation and file:line each.

Wire the safe, non-breaking pieces flagged by the audit:
- ipinfo_token and ipinfo_db_path, long self-described as deprecated, now emit
  a runtime DeprecationWarning when explicitly set (model_validator keyed on
  model_fields_set, so it fires once at construction, never on default/internal
  access). Both fields keep working; removal targeted for a future major.
- Targeted filterwarnings entry keeps existing fixtures quiet; dedicated tests
  assert the warning still fires.

The export single-source-of-truth recommendation is documented here; the
fastapi-guard consumer side ships with that adapter. No field removed, no
detection/middleware behavior changed.
@github-actions github-actions Bot added documentation Docs, README, CHANGELOG, governance files area: models Touches guard_core/models.py tests Test suite changes dependencies pyproject.toml or uv.lock labels Jun 23, 2026
@rennf93 rennf93 mentioned this pull request Jun 23, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area: models Touches guard_core/models.py dependencies pyproject.toml or uv.lock documentation Docs, README, CHANGELOG, governance files tests Test suite changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rennf93