(WIP): Refactor client

[skupriienko]

Links:

Jira

Actions:

• Core SDK & Client:

  • Refactor Client to utilize requests.Session for connection pooling, drastically improving performance for sequential requests.
  • Refactor Config into a @dataclass for cleaner configuration state management.
  • Decompose Endpoint._build_url to resolve cyclomatic complexity (C901), extracting _check_dx_guardrails and _build_csv_url into pure @staticmethods.
  • Define explicit public module interfaces using __all__ in __init__.py to prevent namespace pollution.
  • Centralize HTTP status logging within api_call using standard Python logging, replacing legacy custom logging handlers.
  • Replace obsolete ensure_ascii legacy kwargs, relying on native requests UTF-8 serialization.

• Security & Developer Experience (DX):

  • Mitigate Path Traversal (CWE-22) by strictly applying urllib.parse.quote to dynamically injected id and action_id path parameters.
  • Mitigate Cleartext Transmission (CWE-319) by validating the https scheme and requiring a valid hostname during Config initialization.
  • Prevent HTTP Header/CRLF Injection by explicitly scanning the Bearer token for newline characters before applying it to the session.
  • Add DX Guardrails to emit logger.warning events when detecting ambiguous routing (e.g., using singular /template in Content API v1 or routing Send API outside of v3/v3.1).
  • Strip out "dead code" custom HTTP exceptions (e.g., AuthorizationError, DoesNotExistError) in favor of natively returning the requests.Response object, keeping only hard network exceptions (TimeoutError, CriticalApiError).

• Unit & Integration Tests:

  • Delete the monolithic test.py and segregate tests into tests/unit/ (offline mocked tests) and tests/integration/ (live network tests).
  • Migrate legacy unittest classes to modern pytest fixtures, refactoring assertions into the AAA (Arrange, Act, Assert) pattern.
  • Implement comprehensive offline mock tests ensuring 100% coverage on internal routing, CSV endpoints, and DX guardrail branches.
  • Implement full Template lifecycle integration tests for both Email API (v3) and Content API (v1), ensuring clean teardown via try/finally.
  • Verify real multipart upload behavior for Content API images (test_live_content_api_images_lifecycle).

• CI/CD, Linting & Repository Management:

  • Overhaul .pre-commit-config.yaml to enforce strict formatting, typing, and security scanning (Ruff, Flake8, Mypy, Pyright, Bandit, Semgrep, Gitleaks).
  • Update ci.yaml and pr_validation.yml to utilize pip caching, upgrade GitHub Actions versions, and verify compiled .whl artifacts using twine check.
  • Modernize .github/workflows/publish.yml to prepare for PyPI Trusted Publishing (OIDC) and native setuptools-scm tag extraction (removed fragile bash sed scripts).
  • Update .github/dependabot.yml to group minor/patch updates and scan GitHub Actions.
  • Add explicit test-unit and test-integration targets to the Makefile.

• Documentation & Samples:

  • Update SECURITY.md to reflect exclusive support for the >= 2.0.x active branch and forbid reporting CVEs via public issues.
  • Update README.md with new Logging & Debugging guides, updated Python compatibility (3.10-3.13), and modern Content API multipart upload examples.
  • Refresh all files in samples/ to safely fetch credentials using os.environ.get() and accurately reflect the v2.0.0 API.
  • Update CHANGELOG.md documenting all breaking changes, security patches, and structural updates for the upcoming v2.0.0 release.