fix: project setup, security, dependency updates, and code quality

[micropyramid-dev]

Summary

• Docker setup: Add Docker Compose configuration for local development with PostgreSQL, Redis, Celery, and frontend services
• Security fixes: Remove leaked Google API key, stop leaking exception details in API responses
• Dependency updates: Update Python and frontend dependencies to latest versions
• Code quality: Resolve all Prospector static analysis issues (416 → 0), configure django-settings-module in Prospector config
• Bug fix: Remove URL from activation email recipients list

Changes

• Add .dockerignore, .env.docker, docker/ scripts, and update Dockerfile and docker-compose.yml
• Fix setup and Docker issues preventing project from running
• Add create_default_admin management command
• Clean up imports, unused variables, and code style across all backend apps
• Update requirements.txt and frontend/package.json to latest versions
• Add .prospector.yaml with pylint/mccabe configuration

Test plan

• Verify Docker Compose setup works with docker compose up
• Confirm Prospector runs clean: cd backend && ./venv/bin/python -m prospector --without-tool pep257
• Verify backend starts and API endpoints respond correctly
• Check frontend builds and loads successfully

🤖 Generated with Claude Code

Summary by CodeRabbit

Release Notes

• Bug Fixes

  • Improved error handling with enhanced exception context in authentication flows.
  • Streamlined data validation in user creation and invoice processing.

• Refactor

  • Standardized logging practices across the backend for consistency.
  • Simplified admin user setup—automatically created during application startup.
  • Cleaned up and removed unused code dependencies.

• Chores

  • Added code quality and linting configuration.
  • Enhanced Docker documentation for admin user creation process.

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

This PR performs broad code cleanup and modernization across the backend codebase, including removing unused imports and custom migration functions, replacing them with Django built-ins, converting logging to parameterized format, updating class signatures to modern Python, and refactoring control flow in views and forms.

Changes

Cohort / File(s)	Summary
Migration cleanup: reverse_noop replacement backend/accounts/migrations/0006_add_enterprise_constraints.py, backend/contacts/migrations/0010_add_enterprise_constraints.py, backend/leads/migrations/0011_add_enterprise_constraints.py, backend/opportunity/migrations/0005_add_enterprise_constraints.py	Removes custom reverse_noop functions from four migration files and replaces them with Django's built-in migrations.RunPython.noop in data-cleanup operations, making reversals no-op instead of custom-handled.
Documentation and configuration README.md, backend/.prospector.yaml, backend/crm/settings.py, backend/crm/server_settings.py	Updates README to note automatic admin user creation, adds new Prospector linting config with strictness and Django settings, and converts media path formatting from printf-style to f-strings.
Logging parameterization backend/common/audit_log.py, backend/common/external_auth.py, backend/common/middleware/get_company.py, backend/common/middleware/rls_context.py, backend/invoices/tasks.py, backend/leads/tasks.py	Replaces f-string logging across multiple modules with parameterized logging (%s placeholders), improves exception chaining with as exc bindings, and enhances error context preservation.
Import cleanup: unused removals backend/accounts/models.py, backend/accounts/views.py, backend/cases/solution_serializers.py, backend/cases/solution_views.py, backend/cases/views.py, backend/common/duplicate_detection.py, backend/common/mixins.py, backend/common/urls.py, backend/contacts/serializer.py, backend/contacts/tests_celery_tasks.py, backend/contacts/views.py, backend/crm/urls.py, backend/invoices/serializer.py, backend/leads/serializer.py, backend/leads/swagger_params.py, backend/leads/views/lead_views.py, backend/opportunity/models.py, backend/opportunity/serializer.py, backend/tasks/celery_tasks.py, backend/tasks/models.py	Removes unused imports across twenty files including drf_spectacular utilities (OpenApiExample, OpenApiParameter), translation utilities, model references, and other unused dependencies.
Drf_spectacular import consolidation backend/common/views/auth_views.py, backend/cases/views.py, backend/contacts/views.py, backend/leads/swagger_params.py	Removes unused OpenApiExample and OpenApiParameter imports while keeping extend_schema and inline_serializer where needed; narrows import scope to reduce dependencies.
Class signature modernization backend/common/middleware/get_company.py, backend/invoices/tests.py	Updates class declarations from class ClassName(object): to class ClassName:, removing explicit object base per modern Python conventions.
View refactoring and logic simplification backend/cases/kanban_views.py, backend/leads/views/kanban_views.py, backend/tasks/views/kanban_views.py, backend/common/views/document_views.py, backend/common/views/organization_views.py, backend/common/views/team_views.py	Removes pipeline-based kanban branches in multiple views (always returns status-based), simplifies conditional paths in document and organization views, eliminates unused local variable assignments in patch methods.
View input validation enhancement backend/common/views/user_views.py	Restructures UsersListView.post to validate three serializers in parallel, aggregate validation errors into single response, and streamline save order (address, then user, then profile) while removing previous nested validation flow.
Task signature improvements backend/leads/tasks.py	Replaces mutable default arguments (lists) with None and initializes empty lists inside functions for send_email and get_rendered_html; adds explicit return None statement.
Form and serializer updates backend/leads/forms.py, backend/invoices/serializer.py, backend/invoices/models.py	Converts email validation regex to raw string, refactors CSV validation with set comprehension and unified loop logic, standardizes cross-field validation method signature and parameter names in InvoiceCreateSerializer, simplifies conditional branching in RecurringInvoice.calculate_next_date.
Common model and middleware updates backend/common/models.py, backend/common/serializer.py, backend/common/apps.py, backend/common/base.py, backend/common/views/__init__.py, backend/common/management/commands/*	Removes AbstractUser from imports, adds lint suppression comments, replaces explicit super() calls with parameterless super(), adds exception chaining in serializer ContentType lookups, adjusts command logic in seed_data and audit_org_fields.
Task and model cleanup backend/common/tasks.py, backend/invoices/pdf.py, backend/invoices/public_views.py, backend/invoices/seed.py, backend/tasks/views/task_views.py, backend/manage.py	Removes unused imports, simplifies URL construction with f-strings, adds duplicate logger initialization, changes loop variable to underscore for unused index, moves top-level imports, and improves exception binding in manage.py.
Invoice system updates backend/invoices/api_views.py	Reorganizes imports to add datetime/timedelta/transaction, removes unused serializer/model item references, adds PDF utility function imports, maintains error handling unchanged.
Test cleanup backend/common/tests_celery_tasks.py, backend/invoices/tests.py	Removes Comment import, updates user mention formatting from .format() to f-strings across multiple test modules, modernizes class declaration syntax.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~75 minutes

Possibly related PRs

• 0.2 #569: Adds reverse_noop functions in migration data-cleanup operations; this PR removes those same custom functions and replaces with migrations.RunPython.noop across identical migration files.
• revamp and upgrade to modern stack #562: Modifies backend/common/middleware/get_company.py with changes to the GetProfileAndOrg class; this PR also updates the same class with signature and exception handling improvements.
• invoices #570: Overlaps on invoices subsystem modifications including backend/invoices/serializer.py, backend/invoices/api_views.py, backend/invoices/pdf.py, backend/invoices/models.py, and backend/invoices/tasks.py.

Poem

🐰 A cleanup bounty, hop by hop,
Imports trimmed where they don't belong,
Logging sings in tune so strong,
Python's style makes codebases long! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 54.43% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main themes of the pull request: project setup fixes (Docker Compose), security improvements (removed API key, exception handling), dependency updates, and code quality enhancements (Prospector configuration).

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}