fix(types): P2 — wire _MixinBase + col() across sqlmodel_repo; suppress pydantic/SQLModel column typing false positives

- Add _MixinBase abstract class to _helpers.py: declares _session(), _deserialize_attacker(), _assert_pending(), _check_and_bump_version(), and list_running_topology_deckies() so mypy can see cross-mixin contracts - Add _require(val, msg) helper for narrowing T | None → T - Inherit _MixinBase in all 26 leaf mixin classes - Wrap SQLAlchemy column method calls (.is_(), .like(), .notin_(), .in_(), .contains()) with col() from sqlmodel — fixes attr-defined false positives caused by pydantic plugin typing class-level fields as Python value types - Wrap select(Model.field) with select(col(Model.field)) for column projections - Add pyproject.toml [[tool.mypy.overrides]] to disable arg-type in sqlmodel_repo.*: pydantic plugin resolves .where(Model.field == v) as where(bool), a false positive; call-arg still catches real argument errors - Remove 9 stale # type: ignore comments (logging, helpers, credentials) - Fix telemetry.py traced() overload no-redef + misc - Fix logs.py datetime/str operator and nullable PK comparison with col() - sqlmodel_repo/ now has 0 mypy errors
2026-05-01 00:49:18 -04:00
parent d777a1c4e0
commit 614780f144
30 changed files with 221 additions and 100 deletions
--- a/decnet/web/db/sqlmodel_repo/identities.py
+++ b/decnet/web/db/sqlmodel_repo/identities.py
@@ -11,11 +11,14 @@ from datetime import datetime, timezone
 from typing import Any, Optional

 from sqlalchemy import desc, func, select, update
+from sqlmodel import col

 from decnet.web.db.models import Attacker, AttackerIdentity


-class IdentitiesMixin:
+from decnet.web.db.sqlmodel_repo._helpers import _MixinBase
+
+class IdentitiesMixin(_MixinBase):
    """Mixin: composed onto ``SQLModelRepository``.

    ``self._deserialize_attacker`` resolves through ``AttackersMixin``
@@ -51,7 +54,7 @@ class IdentitiesMixin:
        # and a future "merged into" endpoint when we need it.
        statement = (
            select(AttackerIdentity)
-            .where(AttackerIdentity.merged_into_uuid.is_(None))
+            .where(col(AttackerIdentity.merged_into_uuid).is_(None))
            .order_by(desc(AttackerIdentity.updated_at))
            .offset(offset)
            .limit(limit)
@@ -64,7 +67,7 @@ class IdentitiesMixin:
        statement = (
            select(func.count())
            .select_from(AttackerIdentity)
-            .where(AttackerIdentity.merged_into_uuid.is_(None))
+            .where(col(AttackerIdentity.merged_into_uuid).is_(None))
        )
        async with self._session() as session:
            result = await session.execute(statement)
@@ -105,7 +108,7 @@ class IdentitiesMixin:
        # joined from logs, c2 endpoints aggregated from sessions) can
        # land here without churning every caller. ``fingerprints`` is
        # the raw JSON list — the clusterer parses for JA3 / HASSH.
-        statement = select(
+        statement = select(  # type: ignore[call-overload]
            Attacker.uuid, Attacker.asn, Attacker.identity_id, Attacker.fingerprints,
        ).order_by(Attacker.first_seen)
        if limit is not None: