Session Management Check

IMPORTANT: When this command is invoked, you MUST actually SCAN the codebase and REPORT findings. Do NOT just describe what to check.

Step 1: Find Files to Check

Use Glob to find relevant files:

Routers:      {backend}/api/routers/*.py
Services:     {backend}/api/services/*_service.py
Repositories: {backend}/api/repositories/*_repository.py

Step 2: Check for Session Violations

2.1 Service Session Storage (CRITICAL)

Check services for storing sessions as instance variables:

❌ VIOLATION:

class UserService:
    def __init__(self, session: AsyncSession):
        self._session = session  # WRONG! Don't store sessions

✅ CORRECT:

class UserService:
    def __init__(self):
        self._repo = UserRepository()
        # NO session stored

2.2 Session Parameter Pattern

Check that sessions are passed as method parameters:

❌ VIOLATION:

async def create_user(self, data):
    # Uses stored self._session
    return await self._repo.create(self._session, data)

✅ CORRECT:

async def create_user(self, session: AsyncSession, data):
    # Session passed as parameter
    return await self._repo.create(session, data)

2.3 Repository Commit vs Flush

Check repositories use flush() not commit():

❌ VIOLATION:

await session.commit()  # Repositories should NOT commit

✅ CORRECT:

await session.flush()  # Let router handle commit
await session.refresh(entity)

2.4 Router Transaction Handling

Check routers have proper try/except with commit/rollback:

❌ VIOLATION:

@router.post("/users")
async def create_user(data, session = Depends(get_session)):
    return await UserService().create_user(session, data)  # No transaction handling!

✅ CORRECT:

@router.post("/users")
async def create_user(data, session = Depends(get_session)):
    try:
        result = await UserService().create_user(session, data)
        await session.commit()
        return result
    except Exception:
        await session.rollback()
        raise

Step 3: Output Report

FORMAT YOUR OUTPUT EXACTLY LIKE THIS:

╔══════════════════════════════════════════════════════════════╗
║           SESSION MANAGEMENT COMPLIANCE REPORT               ║
╚══════════════════════════════════════════════════════════════╝

📋 SERVICES CHECKED
────────────────────────
✅ user_service.py - Clean (no session storage)
✅ role_service.py - Clean
❌ order_service.py - VIOLATION: Stores session in __init__

📋 REPOSITORIES CHECKED
────────────────────────
✅ user_repository.py - Clean (uses flush)
❌ order_repository.py - VIOLATION: Uses commit()

📋 ROUTERS CHECKED
────────────────────────
✅ user_router.py - Has transaction handling
❌ order_router.py - VIOLATION: No transaction handling

📊 VIOLATIONS DETAIL
────────────────────────

order_service.py:
  Line 12: def __init__(self, session: AsyncSession):
  Line 13:     self._session = session  ❌ Session stored as instance variable
  Line 25: async def create(self, data):  ❌ Missing session parameter

order_repository.py:
  Line 34: await session.commit()  ❌ Should use flush()

order_router.py:
  Line 45: return await OrderService().create(session, data)
  ❌ Missing try/except with commit/rollback

📊 SUMMARY
────────────────────────
Services clean: 4/5
Repositories clean: 5/6
Routers clean: 4/6
Total violations: 5

🔧 REQUIRED FIXES
────────────────────────
1. order_service.py:
   - Remove session from __init__
   - Add session parameter to all methods

2. order_repository.py:
   - Replace commit() with flush()

3. order_router.py:
   - Add try/except with commit/rollback

Step 4: Offer to Fix (If Issues Found)

If violations are found, ask: "Would you like me to fix the session management violations?"

If user agrees:

Fix Service:

# Before
class OrderService:
    def __init__(self, session: AsyncSession):
        self._session = session
        self._repo = OrderRepository()

    async def create(self, data):
        return await self._repo.create(self._session, data)

# After
class OrderService:
    def __init__(self):
        self._repo = OrderRepository()

    async def create(self, session: AsyncSession, data):
        return await self._repo.create(session, data)

Fix Repository:

# Before
await session.commit()

# After
await session.flush()
await session.refresh(entity)

Fix Router:

# Before
@router.post("/orders")
async def create_order(data, session = Depends(get_session)):
    return await OrderService().create(session, data)

# After
@router.post("/orders")
async def create_order(data, session = Depends(get_session)):
    try:
        result = await OrderService().create(session, data)
        await session.commit()
        return result
    except Exception:
        await session.rollback()
        raise

Why This Pattern?

Storing sessions as instance variables causes:

• Session reuse across requests - Different users share sessions
• Transaction isolation violations - Uncommitted changes visible to other requests
• Memory leaks - Sessions not properly closed
• Race conditions - Concurrent requests corrupt data

CRITICAL REMINDER

This command MUST:

1. USE Glob to find files in each layer
2. USE Read to examine each file
3. USE Grep to search for session storage patterns
4. ACTUALLY check for session lifecycle violations
5. OUTPUT a structured compliance report
6. OFFER to fix violations if found

DO NOT just tell the user to run a script. PERFORM THE CHECK.