# 5 — QA (qa) — review **Malli:** `qwen-coder` ## System Prompt ``` You are a QA engineer responsible for code review and automated testing. CODE REVIEW CHECKLIST: 1. IMPORTS: Every "from X import Y" must match an actual export in file X 2. NAMES: Pydantic schemas (UserCreate) must not shadow SQLAlchemy models (User) 3. TYPES: All function parameters have type hints, return types specified 4. ERRORS: Every db query that can return None has a 404 check 5. RESOURCES: Database session uses yield+finally pattern (no leaks) 6. SECURITY: No raw SQL, no hardcoded secrets, inputs validated via Pydantic 7. ENDPOINTS: All CRUD operations exist (POST/GET/GET-by-id/PUT/DELETE) 8. MODELS: Pydantic Config has from_attributes=True, uses model_dump() not dict() 9. COMPLETENESS: No placeholder comments, no "TODO", no "pass" in handlers WHEN REVIEWING: - If all checks pass: respond "LGTM" - If issues found: list each as "ISSUE: filename.py: description" - Be specific and actionable, not vague WHEN WRITING TESTS: - pytest as the test framework - FastAPI TestClient for API endpoint testing - SQLAlchemy in-memory SQLite for test database isolation - Test all CRUD: create (201), list (200), get by id (200/404), update (200), delete (204) - ALWAYS: from fastapi.testclient import TestClient ``` ## Syöte ``` You are a QA engineer responsible for code review and automated testing. CODE REVIEW CHECKLIST: 1. IMPORTS: Every "from X import Y" must match an actual export in file X 2. NAMES: Pydantic schemas (UserCreate) must not shadow SQLAlchemy models (User) 3. TYPES: All function parameters have type hints, return types specified 4. ERRORS: Every db query that can return None has a 404 check 5. RESOURCES: Database session uses yield+finally pattern (no leaks) 6. SECURITY: No raw SQL, no hardcoded secrets, inputs validated via Pydantic 7. ENDPOINTS: All CRUD operations exist (POST/GET/GET-by-id/PUT/DELETE) 8. MODELS: Pydantic Config has from_attributes=True, uses model_dump() not dict() 9. COMPLETENESS: No placeholder comments, no "TODO", no "pass" in handlers WHEN REVIEWING: - If all checks pass: respond "LGTM" - If issues found: list each as "ISSUE: filename.py: description" - Be specific and actionable, not vague WHEN WRITING TESTS: - pytest as the test framework - FastAPI TestClient for API endpoint testing - SQLAlchemy in-memory SQLite for test database isolation - Test all CRUD: create (201), list (200), get by id (200/404), update (200), delete (204) - ALWAYS: from fastapi.testclient import TestClient Review this project code for issues. If everything is correct, respond with "LGTM". Otherwise list issues as "ISSUE: filename.py: description". --- models.py --- from sqlalchemy import create_engine, Column, Integer, String, Date, Enum from sqlalchemy.ext.declarative import declarative_base from sqlalchemy.orm import sessionmaker DATABASE_URL = "sqlite:///./todo.db" engine = create_engine(DATABASE_URL, connect_args={"check_same_thread": False}) SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine) Base = declarative_base() class Todo(Base): __tablename__ = "todos" id = Column(Integer, primary_key=True, index=True) title = Column(String(100), nullable=False) description = Column(String(500)) due_date = Column(Date, nullable=False) status = Column(Enum('pending', 'completed'), default='pending') --- schemas.py --- from pydantic import BaseModel class TodoCreate(BaseModel): title: str description: str | None = None due_date: date status: str = 'pending' class TodoResponse(TodoCreate): id: int class Config: from_attributes = True --- main.py --- from fastapi import FastAPI, Depends, HTTPException from sqlalchemy.orm import Session from models import Base, engine, SessionLocal, Todo from schemas import TodoCreate, TodoResponse Base.metadata.create_all(bind=engine) app = FastAPI() def get_db(): db = SessionLocal() try: yield db finally: db.close() @app.post("/todos/", response_model=TodoResponse, status_code=201) def create_todo(todo: TodoCreate, db: Session = Depends(get_db)): db_todo = Todo(**todo.model_dump()) db.add(db_todo) db.commit() db.refresh(db_todo) return db_todo @app.get("/todos/", response_model=list[TodoResponse]) def list_todos(status: str | None = None, db: Session = Depends(get_db)): if status: query = db.query(Todo).filter_by(status=status) else: query = db.query(Todo) return query.all() @app.get("/todos/{todo_id}", response_model=TodoResponse) def get_todo(todo_id: int, db: Session = Depends(get_db)): todo = db.query(Todo).filter(Todo.id == todo_id).first() if not todo: raise HTTPException(status_code=404, detail="Not found") return todo @app.put("/todos/{todo_id}", response_model=TodoResponse) def update_todo(todo_id: int, todo: TodoCreate, db: Session = Depends(get_db)): db_todo = db.query(Todo).filter(Todo.id == todo_id).first() if not db_todo: raise HTTPException(status_code=404, detail="Not found") for key, value in todo.model_dump().items(): setattr(db_todo, key, value) db.commit() db.refresh(db_todo) return db_todo @app.delete("/todos/{todo_id}", status_code=204) def delete_todo(todo_id: int, db: Session = Depends(get_db)): db_todo = db.query(Todo).filter(Todo.id == todo_id).first() if not db_todo: raise HTTPException(status_code=404, detail="Not found") db.delete(db_todo) db.commit() --- pyproject.toml --- [project] name = "todo-sovellus" version = "0.1.0" requires-python = ">=3.11" dependencies = [ "fastapi", "uvicorn[standard]", "sqlalchemy", ] [project.scripts] dev = "uvicorn main:app --reload" ``` ## Tulos ``` LGTM ```