Merge pull request #18 from linto-ai/feat/security-level-integer

refactor: change security_level from text to integer (0-2)

Author: Houpert

app/api/v1/providers.py

@@ -41,7 +41,7 @@ async def create_provider(
     - **provider_type**: Type of provider (openai, anthropic, cohere, custom)
     - **api_base_url**: Base URL for the provider API
     - **api_key**: API key (will be encrypted)
-    - **security_level**: Security level (secure, sensitive, insecure)
+    - **security_level**: Security level (0=Insecure, 1=Medium, 2=Secure)
     - **metadata**: Optional additional configuration
     """
     try:
@@ -70,7 +70,7 @@ async def create_provider(
     }
 )
 async def list_providers(
-    security_level: Optional[str] = Query(None, description="Filter by security level"),
+    security_level: Optional[int] = Query(None, ge=0, le=2, description="Filter by security level (0, 1, or 2)"),
     provider_type: Optional[str] = Query(None, description="Filter by provider type"),
     page: int = Query(1, ge=1, description="Page number"),
     page_size: int = Query(20, ge=1, le=100, description="Items per page"),
@@ -80,7 +80,7 @@ async def list_providers(
     """
     List providers with optional filtering and pagination.
 
-    - **security_level**: Filter by security level
+    - **security_level**: Filter by security level (0=Insecure, 1=Medium, 2=Secure)
     - **provider_type**: Filter by provider type
     - **page**: Page number (default: 1)
     - **page_size**: Items per page (default: 20, max: 100)

app/database/models.py

@@ -1,6 +1,6 @@
 import uuid
 from datetime import datetime
-from sqlalchemy import Column, String, DateTime, Text, CheckConstraint, UniqueConstraint, JSON
+from sqlalchemy import Column, String, DateTime, Text, CheckConstraint, UniqueConstraint, JSON, Integer
 from sqlalchemy.dialects.postgresql import UUID as PG_UUID
 from sqlalchemy.types import TypeDecorator, CHAR
 from .connection import Base
@@ -55,7 +55,7 @@ class Provider(Base):
     provider_type = Column(String(50), nullable=False)
     api_base_url = Column(String(500), nullable=False)
     api_key_encrypted = Column(Text, nullable=False)
-    security_level = Column(String(20), nullable=False, default="sensitive")
+    security_level = Column(Integer, nullable=False, default=1)
     provider_metadata = Column("metadata", JSON, nullable=False, default=dict)
     created_at = Column(DateTime, default=datetime.utcnow, nullable=False)
     updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow, nullable=False)
@@ -64,7 +64,7 @@ class Provider(Base):
     __table_args__ = (
         UniqueConstraint('name', name='uq_provider_name'),
         CheckConstraint(
-            "security_level IN ('secure', 'sensitive', 'insecure')",
+            "security_level IN (0, 1, 2)",
             name='ck_security_level'
         ),
         CheckConstraint(

app/migrations/versions/003_security_level_integer.py

@@ -0,0 +1,163 @@
+"""security_level_integer - Convert security_level from text to integer
+
+Revision ID: 003
+Revises: 002
+Create Date: 2025-01-21 00:00:00.000000
+
+This migration converts security_level from text-based values to integers:
+- 'insecure' -> 0 (Lowest security)
+- 'sensitive' -> 1 (Medium security)
+- 'secure' -> 2 (Highest security)
+
+Affected tables:
+- providers: security_level NOT NULL with default 1
+- models: security_level NULLABLE
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+
+# revision identifiers, used by Alembic.
+revision: str = '003'
+down_revision: Union[str, None] = '002'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    # ==========================================================================
+    # 1. Providers table: Convert security_level from VARCHAR to INTEGER
+    # ==========================================================================
+
+    # Drop existing check constraint
+    op.execute("ALTER TABLE providers DROP CONSTRAINT IF EXISTS check_security_level;")
+
+    # Add temporary column for integer values
+    op.add_column('providers', sa.Column('security_level_new', sa.Integer(), nullable=True))
+
+    # Migrate data: 'insecure' -> 0, 'sensitive' -> 1, 'secure' -> 2
+    op.execute("""
+        UPDATE providers SET security_level_new = CASE
+            WHEN security_level = 'insecure' THEN 0
+            WHEN security_level = 'sensitive' THEN 1
+            WHEN security_level = 'secure' THEN 2
+            ELSE 1
+        END;
+    """)
+
+    # Drop old column
+    op.drop_column('providers', 'security_level')
+
+    # Rename new column to security_level
+    op.execute("ALTER TABLE providers RENAME COLUMN security_level_new TO security_level;")
+
+    # Set NOT NULL and default
+    op.execute("ALTER TABLE providers ALTER COLUMN security_level SET NOT NULL;")
+    op.execute("ALTER TABLE providers ALTER COLUMN security_level SET DEFAULT 1;")
+
+    # Add check constraint for integer values
+    op.execute("""
+        ALTER TABLE providers ADD CONSTRAINT check_security_level
+        CHECK (security_level IN (0, 1, 2));
+    """)
+
+    # Recreate index for security_level
+    op.execute("DROP INDEX IF EXISTS idx_providers_security;")
+    op.execute("CREATE INDEX idx_providers_security ON providers (security_level);")
+
+    # ==========================================================================
+    # 2. Models table: Convert security_level from VARCHAR to INTEGER (nullable)
+    # ==========================================================================
+
+    # Add temporary column for integer values
+    op.add_column('models', sa.Column('security_level_new', sa.Integer(), nullable=True))
+
+    # Migrate data: 'insecure' -> 0, 'sensitive' -> 1, 'secure' -> 2, NULL stays NULL
+    op.execute("""
+        UPDATE models SET security_level_new = CASE
+            WHEN security_level = 'insecure' THEN 0
+            WHEN security_level = 'sensitive' THEN 1
+            WHEN security_level = 'secure' THEN 2
+            ELSE NULL
+        END;
+    """)
+
+    # Drop old column
+    op.drop_column('models', 'security_level')
+
+    # Rename new column to security_level
+    op.execute("ALTER TABLE models RENAME COLUMN security_level_new TO security_level;")
+
+    # Add check constraint for integer values (allowing NULL)
+    op.execute("""
+        ALTER TABLE models ADD CONSTRAINT check_model_security_level
+        CHECK (security_level IS NULL OR security_level IN (0, 1, 2));
+    """)
+
+
+def downgrade() -> None:
+    # ==========================================================================
+    # 1. Models table: Revert to VARCHAR
+    # ==========================================================================
+
+    # Drop check constraint
+    op.execute("ALTER TABLE models DROP CONSTRAINT IF EXISTS check_model_security_level;")
+
+    # Add temporary column for text values
+    op.add_column('models', sa.Column('security_level_old', sa.String(50), nullable=True))
+
+    # Migrate data back: 0 -> 'insecure', 1 -> 'sensitive', 2 -> 'secure'
+    op.execute("""
+        UPDATE models SET security_level_old = CASE
+            WHEN security_level = 0 THEN 'insecure'
+            WHEN security_level = 1 THEN 'sensitive'
+            WHEN security_level = 2 THEN 'secure'
+            ELSE NULL
+        END;
+    """)
+
+    # Drop integer column
+    op.drop_column('models', 'security_level')
+
+    # Rename old column back
+    op.execute("ALTER TABLE models RENAME COLUMN security_level_old TO security_level;")
+
+    # ==========================================================================
+    # 2. Providers table: Revert to VARCHAR
+    # ==========================================================================
+
+    # Drop check constraint and index
+    op.execute("ALTER TABLE providers DROP CONSTRAINT IF EXISTS check_security_level;")
+    op.execute("DROP INDEX IF EXISTS idx_providers_security;")
+
+    # Add temporary column for text values
+    op.add_column('providers', sa.Column('security_level_old', sa.String(20), nullable=True))
+
+    # Migrate data back: 0 -> 'insecure', 1 -> 'sensitive', 2 -> 'secure'
+    op.execute("""
+        UPDATE providers SET security_level_old = CASE
+            WHEN security_level = 0 THEN 'insecure'
+            WHEN security_level = 1 THEN 'sensitive'
+            WHEN security_level = 2 THEN 'secure'
+            ELSE 'sensitive'
+        END;
+    """)
+
+    # Drop integer column
+    op.drop_column('providers', 'security_level')
+
+    # Rename old column back
+    op.execute("ALTER TABLE providers RENAME COLUMN security_level_old TO security_level;")
+
+    # Set NOT NULL
+    op.execute("ALTER TABLE providers ALTER COLUMN security_level SET NOT NULL;")
+
+    # Recreate original check constraint
+    op.execute("""
+        ALTER TABLE providers ADD CONSTRAINT check_security_level
+        CHECK (security_level IN ('secure', 'sensitive', 'insecure'));
+    """)
+
+    # Recreate index
+    op.execute("CREATE INDEX idx_providers_security ON providers (security_level);")

app/models/model.py

@@ -44,7 +44,7 @@ class Model(Base):
 
     # Extended fields
     huggingface_repo = Column(String(500), nullable=True)
-    security_level = Column(String(50), nullable=True)
+    security_level = Column(Integer, nullable=True)
     deployment_name = Column(String(200), nullable=True)
     description = Column(Text, nullable=True)
     best_use = Column(Text, nullable=True)

app/models/provider.py

@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 import uuid
-from sqlalchemy import Column, String, DateTime, Text, CheckConstraint, Index, UniqueConstraint
+from sqlalchemy import Column, String, DateTime, Text, CheckConstraint, Index, UniqueConstraint, Integer
 from sqlalchemy.dialects.postgresql import UUID, JSONB
 from sqlalchemy.orm import relationship
 from sqlalchemy.sql import func
@@ -17,7 +17,7 @@ class Provider(Base):
     provider_type = Column(String(50), nullable=False, index=True)
     api_base_url = Column(Text, nullable=False)
     api_key_encrypted = Column(Text, nullable=False)
-    security_level = Column(String(20), nullable=False, index=True)
+    security_level = Column(Integer, nullable=False, default=1, index=True)
     provider_metadata = Column("metadata", JSONB, default={}, nullable=False, server_default='{}')
     created_at = Column(
         DateTime(timezone=True),
@@ -42,7 +42,7 @@ class Provider(Base):
     __table_args__ = (
         UniqueConstraint("name", name="uq_provider_name"),
         CheckConstraint(
-            "security_level IN ('secure', 'sensitive', 'insecure')",
+            "security_level IN (0, 1, 2)",
             name="check_security_level"
         ),
         Index("idx_providers_security", "security_level"),

app/schemas/model.py

@@ -17,7 +17,7 @@ class ModelBase(BaseModel):
     metadata: Dict[str, Any] = Field(default_factory=dict)
     # Extended fields
     huggingface_repo: Optional[str] = Field(None, max_length=500)
-    security_level: Optional[str] = Field(None, max_length=50)
+    security_level: Optional[int] = Field(None, ge=0, le=2)
     deployment_name: Optional[str] = Field(None, max_length=200)
     description: Optional[str] = None
     best_use: Optional[str] = None
@@ -42,7 +42,7 @@ class ModelUpdate(BaseModel):
     metadata: Optional[Dict[str, Any]] = None
     # Extended fields
     huggingface_repo: Optional[str] = Field(None, max_length=500)
-    security_level: Optional[str] = Field(None, max_length=50)
+    security_level: Optional[int] = Field(None, ge=0, le=2)
     deployment_name: Optional[str] = Field(None, max_length=200)
     description: Optional[str] = None
     best_use: Optional[str] = None

app/schemas/provider.py

@@ -1,30 +1,34 @@
 from datetime import datetime
 from typing import Optional, Dict, Any
 from uuid import UUID
-from pydantic import BaseModel, Field, validator
+from pydantic import BaseModel, Field, field_validator
+
 
 class CreateProviderRequest(BaseModel):
     name: str = Field(..., min_length=1, max_length=100)
     provider_type: str = Field(..., pattern="^(openai|anthropic|cohere|openrouter|custom)$")
     api_base_url: str = Field(..., min_length=1, max_length=500)
     api_key: str = Field(..., min_length=1, max_length=2000)
-    security_level: str = Field(default="sensitive", pattern="^(secure|sensitive|insecure)$")
+    security_level: int = Field(default=1, ge=0, le=2)
     metadata: Dict[str, Any] = Field(default_factory=dict)
 
-    @validator('api_base_url')
+    @field_validator('api_base_url')
+    @classmethod
     def validate_url(cls, v):
         if not (v.startswith('http://') or v.startswith('https://')):
             raise ValueError('API base URL must start with http:// or https://')
         return v
 
+
 class UpdateProviderRequest(BaseModel):
     name: Optional[str] = Field(None, min_length=1, max_length=100)
     api_base_url: Optional[str] = Field(None, min_length=1, max_length=500)
     api_key: Optional[str] = Field(None, min_length=1, max_length=2000)
-    security_level: Optional[str] = Field(None, pattern="^(secure|sensitive|insecure)$")
+    security_level: Optional[int] = Field(None, ge=0, le=2)
     metadata: Optional[Dict[str, Any]] = None
 
-    @validator('api_base_url')
+    @field_validator('api_base_url')
+    @classmethod
     def validate_url(cls, v):
         if v is not None and not (v.startswith('http://') or v.startswith('https://')):
             raise ValueError('API base URL must start with http:// or https://')
@@ -37,7 +41,7 @@ class ProviderResponse(BaseModel):
     provider_type: str
     api_base_url: str
     api_key_exists: bool
-    security_level: str
+    security_level: int
     created_at: datetime
     updated_at: datetime
     metadata: Dict[str, Any]

app/schemas/service.py

@@ -208,8 +208,8 @@ class ModelInfo(BaseModel):
     # Token limits - essential for processing decisions
     context_length: Optional[int] = None
     max_generation_length: Optional[int] = None
-    # Security classification for the model
-    security_level: Optional[str] = None
+    # Security classification for the model (0=Insecure, 1=Medium, 2=Secure)
+    security_level: Optional[int] = None
 
     class Config:
         from_attributes = True

app/seeds/base_seed.py

@@ -76,7 +76,7 @@ async def get_or_create_provider(
         provider_type=provider_type,
         api_base_url=base_url,
         api_key_encrypted=encrypted_key,
-        security_level="sensitive",
+        security_level=1,  # 1 = Medium security
     )
 
     db.add(provider)

app/services/provider_service.py

@@ -114,7 +114,7 @@ async def get_provider(
     async def list_providers(
         self,
         db: AsyncSession,
-        security_level: Optional[str] = None,
+        security_level: Optional[int] = None,
         provider_type: Optional[str] = None,
         page: int = 1,
         limit: int = 20
@@ -124,7 +124,7 @@ async def list_providers(
 
         Args:
             db: Database session
-            security_level: Optional security level filter
+            security_level: Optional security level filter (0, 1, or 2)
             provider_type: Optional provider type filter
             page: Page number (1-indexed)
             limit: Items per page
@@ -135,7 +135,7 @@ async def list_providers(
         query = select(Provider)
 
         # Apply filters
-        if security_level:
+        if security_level is not None:
             query = query.where(Provider.security_level == security_level)
         if provider_type:
             query = query.where(Provider.provider_type == provider_type)