refactor: Modernize SDK architecture, harden security, and enable O(1) routing#130
Open
skupriienko wants to merge 26 commits into
Open
refactor: Modernize SDK architecture, harden security, and enable O(1) routing#130skupriienko wants to merge 26 commits into
skupriienko wants to merge 26 commits into
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
…ntain permissions' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…v3-python into refine-client
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
…rpolation
This modernization transitions the SDK from a dynamic __getattr__
resolution mechanism to an immutable, O(1) Registry-First architecture,
improving cold-boot performance and establishing strict API boundaries.
Security (CWE-22):
- Mitigated Path Traversal vulnerabilities in Endpoint._build_url.
Dynamic URI template variables (e.g., {id}, {action_id}) are now
strictly sanitized via urllib.parse.quote(safe=) prior to regex
interpolation.
Architecture & DX:
- Added mailjet_rest/routes.py containing an immutable MappingProxyType
registry defining exact API versions and paths for all resources.
- Introduced TemplateContentBuilder with fail-fast Boundary Parsing
to enforce schema correctness before network execution.
- Removed legacy _DYNAMIC_ENDPOINTS tuple, completely decoupling
the Client from hardcoded resource lists.
Testing:
- Deployed a data-driven, parameterized test suite covering 50+
registry combinations, proving 100% parity with legacy routing logic
and explicit separation between Content API (v1) and Email API (v3).
- feat(routing): implement O(1) registry-based routing with safe URI interpolation - feat(security): mitigate CWE-22 (Path Traversal) via centralized segment sanitization - feat(builders): add TemplateContentBuilder for structured Content API payloads - fix(linting): resolve all docstring and import grouping lint errors - refactor: centralize types and constants in types.py to reduce boot-time overhead - test: expand test suite with parameterization for registry parity and security
skupriienko
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Links:
Jira
Actions:
Core SDK & Routing Architecture:
ROUTE_MAPregistry, eliminating dynamic__getattr__overhead and enabling efficient, static endpoint resolution..stream()generators by ensuring empty data blocks trigger termination.Security & Developer Experience (DX):
Endpoint._build_urlwith centralizedsanitize_segmentto neutralize directory traversal attempts in dynamic URI parameters.with Client(...) as client:to mitigate CWE-772 (Missing Resource Release).Config.validate_config_url.Atheris(libFuzzer) to expose edge-case parsing exceptions.Unit & Integration Tests:
pytest-benchmarkand cold-boot profiling to ensure SDK startup latency remains within strictly defined thresholds (<0.1s).CI/CD, Linting & Repository Management:
D10x,DOC201, andPLC0415errors, enforcing strict Google-style documentation and import placement.pip-auditinto a standalone strict job.Documentation & Samples:
CHANGELOG.mdwith 1.7.0 updates, updatedPERFORMANCE.mdwith new benchmarks, and bumped version to1.7.0.