[Flowless.AI] Code improvements

[mozinova]

🔍 Flowless.AI Analysis

This PR was automatically generated by Flowless.AI based on code analysis.

Modified Files (7)

• README.md: Remediated security vulnerability in README.md by enforcing environment variable usage for API keys and adding explicit warnings against hardcoding credentials, addressing the identified risk of accidental credential exposure.
• pyproject.toml: Resolve dependency conflict between Python version requirement and pydantic v2 compatibility
• src/paysgator/__init__.py: Refactored init.py to re-export internal resource classes (Payments, Subscriptions) defined in client.py, resolving public API inconsistency and allowing proper package-level imports instead of direct file imports.
• src/paysgator/client.py: Refactored client.py to address critical thread-safety issues by moving BASE_URL from class-level to instance-level, and added HTTP timeout configuration to prevent performance/security risks from indefinite hangs.
• src/paysgator/exceptions.py: Enhanced exception handling to include request context (endpoint, method, response body) in error classes, addressing security auditing and debugging deficiencies identified in the system analysis.
• src/paysgator/models.py: Added Pydantic Field constraints to financial fields (amount, currency) across PaymentCreateRequest, TransactionResponse, and WalletBalanceResponse models to ensure data integrity and prevent invalid API transactions.
• test_sdk.py: Remediated critical security vulnerabilities by replacing hardcoded credentials with environment variables and fixed broken import path to ensure library compatibility.

Summary

README.md:

• ⚠️ API key placeholder shown in documentation could lead to accidental exposure if copied without modification
• ⚠️ No error handling examples provided in usage code snippets
• ⚠️ No authentication best practices documented

pyproject.toml:

• ⚠️ Python 3.7 is EOL since June 2023 - consider updating to >=3.8 or higher
• ⚠️ No optional dependencies defined for different use cases
• ⚠️ Missing license file reference in classifiers

src/paysgator/init.py:

• ⚠️ Relative imports may break if package structure changes or is moved

src/paysgator/client.py:

• ⚠️ No timeout specified on HTTP requests which could cause indefinite hangs
• ⚠️ set_base_url modifies class-level attribute instead of instance variable causing thread safety issues
• ⚠️ No exception handling for network failures (requests.exceptions.RequestException)
• ⚠️ API key stored in plain text without encryption consideration

src/paysgator/exceptions.py:

• ⚠️ APIError lacks response body or headers which could be useful for debugging
• ⚠️ No request context (endpoint, method) included in exceptions
• ⚠️ Missing retryable error classification

src/paysgator/models.py:

• ⚠️ Missing validation on amount fields (should ensure positive values)
• ⚠️ Currency field lacks validation against ISO 4217 standard
• ⚠️ Unused 'Union' import from typing module

test_sdk.py:

• ⚠️ Hardcoded placeholder credentials (api_key, wallet_id) should not be committed to version control
• ⚠️ Empty phoneNumber field may cause validation errors during actual MPESA transactions
• ⚠️ No error handling or try/except blocks for API calls
• ⚠️ Sensitive values exposed in plain text

---

Generated by Flowless.AI • Task ID: be274fc0-e394-44a3-95f0-1ffe1450de73