fix(pilot): drop pydantic EmailStr — email-validator dep missing → backend startup crash #337
No reviewers
Labels
No labels
admin
analytics
auth
automation
bug
business
chore
ci
compliance
data
data-moat
docs
duplicate
dx
enhancement
Fable 5 ревью
feedback/max
generative
GG-форсайт
needs-discussion
needs-human
observability
pause-bots
performance
priority/p0
priority/p1
priority/p2
priority/p3
scope/backend
scope/db
scope/devops
scope/frontend
scope/qa
scrapers
security
site-finder
stage/1
stage/2
status/blocked
status/done
status/needs-analysis
status/needs-fix
status/qa
status/ready
status/review
status/wip
tech-debt
tradein
ux
week ревью 1
wontfix
вторичка
ИРД
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: lekss361/gendesign#337
Loading…
Add table
Reference in a new issue
No description provided.
Delete branch "fix/pilot-email-validator-hotfix"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
🔴 Hotfix — backend down on prod
Deploy после merge PR #330 (SF-B3 pilot) завис:
Container backend-1 unhealthy → dependency failed to start→ livehttps://gendsgn.ru/health→ HTTP 502.Root cause
backend/app/api/v1/pilot.py:14импортируетEmailStrиз pydantic:Pydantic v2 требует package
email-validatorдляEmailStr. Он не добавлен в pyproject.toml. При import pilot.py →PydanticImportError: \email-validator` is not installed` → uvicorn не стартует → docker-compose health-check fail.Trade-In (TI-1 PR #316) тоже использовал pydantic schemas, но без
EmailStr, поэтому до сегодня всё работало.Fix
Drop
EmailStr→ plainstrс минимальным regex pattern^[^@\s]+@[^@\s]+\.[^@\s]+$.Полная email validation может быть на frontend/CRM side.
Alternative (NOT taken)
Add
email-validator>=2.0topyproject.toml. Worse — больше runtime weight для marginal value (frontend всё равно validate'ит).Test plan
curl https://gendsgn.ru/health→ 200curl -X POST .../pilot/request {"name":"X","email":"a@b.c"}→ 200"not-an-email"→ 422Deep Code Review — verdict: APPROVE (hotfix)
Status: APPROVE — prod-down hotfix, merging immediately.
Diff sanity
backend/app/api/v1/pilot.py(+5/-2). No surprise edits.EmailStrimport + replacesemail: EmailStr | Nonewithstr | None + Field(max_length=200, pattern=r"^[^@\s]+@[^@\s]+\.[^@\s]+$").Other
EmailStrleakage checkEmailStracrossbackend/app/**→ only match is the new comment line inpilot.py:28. No other endpoint imports it. Backend will start after this merge.email-validator|email_validator→ no other usage. No dep stub needed.Regex sanity
^[^@\s]+@[^@\s]+\.[^@\s]+$:a@b.c,user.name+tag@sub.domain.co.uk(greedy[^@\s]+consumessub.domain.cothen.thenuk).not-an-email(no@),a@b(no dot after@),a @b.c(space),a@@b.c(matches[^@\s]not@).[^@\s]+is anchored by a literal (@,.,$), no nested quantifier overlap. Safe for untrusted input.max_length=200caps DoS surface.EmailStracceptsuser@localhost(no TLD); regex rejects it. Acceptable for lead form (real users have TLDs).Blast radius
email-validator>=2.0topyproject.toml).Pre-merge gates
mergeable=true,draft=false,state=open✅31e686e4matches review target ✅0567ad21✅Merging via
squash. Post-deploy verify:curl https://gendsgn.ru/health→ 200,POST /api/v1/pilot/requestwith valid + invalid email.