Codebase hardening: 102 fixes across 35+ files

Deep audit identified 106 findings; 102 fixed, 4 deferred. Covers 8 areas: - Settings & deploy: env-gated DEBUG/SECRET_KEY, HTTPS headers, gunicorn, celery worker - Auth (registered_user): password write_only, request.data fixes, transaction safety, proper HTTP status codes - Workout app: IDOR protection, get_object_or_404, prefetch_related N+1 fixes, transaction.atomic - Video/scripts: path traversal sanitization, HLS trigger guard, auth on cache wipe - Models (exercise/equipment/muscle/superset): null-safe __str__, stable IDs, prefetch support - Generator views: helper for registered_user lookup, logger.exception, bulk_update, transaction wrapping - Generator core (rules/selector/generator): push-pull ratio, type affinity normalization, modality checks, side-pair exact match, word-boundary regex, equipment cache clearing - Generator services (plan_builder/analyzer/normalizer): transaction.atomic, muscle cache, bulk_update, glutes classification fix Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-27 22:29:14 -06:00
parent 63b57a83ab
commit c80c66c2e5
58 changed files with 3363 additions and 1049 deletions
--- a/generator/services/workout_generation/init.py
+++ b/generator/services/workout_generation/init.py
@@ -0,0 +1,6 @@
+"""Pure workout generation utilities.
+
+These helpers are intentionally side-effect free so they can be tested
+independently from Django models and service orchestration.
+"""
+
--- a/generator/services/workout_generation/entry_rules.py
+++ b/generator/services/workout_generation/entry_rules.py
@@ -0,0 +1,39 @@
+import math
+import random
+
+
+def pick_reps_for_exercise(exercise, wt_params: dict, tier_ranges: dict, rng=random) -> int:
+    """Pick reps from tier-specific range, then fallback to generic wt params."""
+    tier = (getattr(exercise, 'exercise_tier', None) or 'accessory').lower()
+    selected_range = tier_ranges.get(tier) or (wt_params['rep_min'], wt_params['rep_max'])
+    low, high = int(selected_range[0]), int(selected_range[1])
+    if low > high:
+        low, high = high, low
+    return rng.randint(low, high)
+
+
+def apply_rep_volume_floor(entries: list[dict], rounds: int, min_volume: int) -> None:
+    """Mutate entries in-place so reps*rounds meets the minimum volume floor."""
+    if rounds <= 0:
+        return
+    for entry in entries:
+        reps = entry.get('reps')
+        if reps and reps * rounds < min_volume:
+            entry['reps'] = max(reps, math.ceil(min_volume / rounds))
+
+
+def working_rest_seconds(rest_override, default_rest: int, minimum_rest: int = 15) -> int:
+    """Return guarded positive working rest in seconds."""
+    rest = rest_override or default_rest or 45
+    return max(minimum_rest, int(rest))
+
+
+def sort_entries_by_hr(entries: list[dict], is_early_block: bool) -> None:
+    """Sort entries by HR elevation and re-number order."""
+    entries.sort(
+        key=lambda e: getattr(e.get('exercise'), 'hr_elevation_rating', 5) or 5,
+        reverse=is_early_block,
+    )
+    for idx, entry in enumerate(entries, start=1):
+        entry['order'] = idx
+
--- a/generator/services/workout_generation/focus.py
+++ b/generator/services/workout_generation/focus.py
@@ -0,0 +1,41 @@
+from typing import Optional
+
+from generator.services.exercise_selector import extract_movement_families
+
+
+def focus_key_for_exercise(exercise) -> Optional[str]:
+    """Classify exercise into a coarse focus key used for variety checks."""
+    if exercise is None:
+        return None
+    families = sorted(extract_movement_families(getattr(exercise, 'name', '') or ''))
+    if families:
+        return families[0]
+    patterns = (getattr(exercise, 'movement_patterns', '') or '').lower()
+    for token in ('upper pull', 'upper push', 'hip hinge', 'squat', 'lunge', 'core', 'carry'):
+        if token in patterns:
+            return token
+    return None
+
+
+def has_duplicate_focus(exercises: list) -> bool:
+    """True when two exercises in one superset map to the same focus key."""
+    seen = set()
+    for ex in exercises or []:
+        key = focus_key_for_exercise(ex)
+        if not key:
+            continue
+        if key in seen:
+            return True
+        seen.add(key)
+    return False
+
+
+def focus_keys_for_exercises(exercises: list) -> set:
+    """Return non-empty focus keys for a list of exercises."""
+    keys = set()
+    for ex in exercises or []:
+        key = focus_key_for_exercise(ex)
+        if key:
+            keys.add(key)
+    return keys
+
--- a/generator/services/workout_generation/modality.py
+++ b/generator/services/workout_generation/modality.py
@@ -0,0 +1,53 @@
+import math
+import random
+from typing import Optional
+
+
+def clamp_duration_bias(duration_bias: float, duration_bias_range: Optional[tuple]) -> float:
+    """Clamp duration bias to [0,1] or workout-type specific range."""
+    if not duration_bias_range:
+        return max(0.0, min(1.0, duration_bias))
+    low, high = duration_bias_range
+    return max(float(low), min(float(high), duration_bias))
+
+
+def plan_superset_modalities(
+    *,
+    num_supersets: int,
+    duration_bias: float,
+    duration_bias_range: Optional[tuple],
+    is_strength_workout: bool,
+    rng=random,
+) -> list[bool]:
+    """Plan per-superset modality (True=duration, False=reps)."""
+    if num_supersets <= 0:
+        return []
+    if is_strength_workout:
+        return [False] * num_supersets
+
+    if duration_bias_range:
+        low, high = duration_bias_range
+        target_bias = (float(low) + float(high)) / 2.0
+        min_duration_sets = max(0, math.ceil(num_supersets * float(low)))
+        max_duration_sets = min(num_supersets, math.floor(num_supersets * float(high)))
+    else:
+        target_bias = max(0.0, min(1.0, duration_bias))
+        min_duration_sets = max(0, math.floor(num_supersets * max(0.0, target_bias - 0.15)))
+        max_duration_sets = min(num_supersets, math.ceil(num_supersets * min(1.0, target_bias + 0.15)))
+
+    duration_sets = int(round(num_supersets * target_bias))
+    duration_sets = max(min_duration_sets, min(max_duration_sets, duration_sets))
+
+    if num_supersets > 1 and duration_sets == num_supersets and max_duration_sets < num_supersets:
+        duration_sets = max_duration_sets
+    if num_supersets > 1 and duration_sets == 0 and min_duration_sets > 0:
+        duration_sets = min_duration_sets
+
+    modalities = [False] * num_supersets
+    if duration_sets > 0:
+        positions = list(range(num_supersets))
+        rng.shuffle(positions)
+        for idx in positions[:duration_sets]:
+            modalities[idx] = True
+    return modalities
+
--- a/generator/services/workout_generation/pattern_planning.py
+++ b/generator/services/workout_generation/pattern_planning.py
@@ -0,0 +1,26 @@
+def working_position_label(ss_idx: int, num_supersets: int) -> str:
+    """Return early/middle/late position label for a working superset index."""
+    if num_supersets <= 1 or ss_idx == 0:
+        return 'early'
+    if ss_idx >= num_supersets - 1:
+        return 'late'
+    return 'middle'
+
+
+def merge_pattern_preferences(position_patterns, rule_patterns):
+    """Combine positional and structure-rule pattern preferences."""
+    if rule_patterns and position_patterns:
+        overlap = [p for p in position_patterns if p in rule_patterns]
+        return overlap or rule_patterns[:3]
+    if rule_patterns:
+        return rule_patterns[:3]
+    return position_patterns
+
+
+def rotated_muscle_subset(target_muscles: list[str], ss_idx: int) -> list[str]:
+    """Rotate target muscle emphasis between supersets."""
+    if len(target_muscles) <= 1:
+        return target_muscles
+    start = ss_idx % len(target_muscles)
+    return target_muscles[start:] + target_muscles[:start]
+
--- a/generator/services/workout_generation/recovery.py
+++ b/generator/services/workout_generation/recovery.py
@@ -0,0 +1,14 @@
+def is_recovery_exercise(ex) -> bool:
+    """True for warmup/cooldown-style recovery/stretch exercises."""
+    if ex is None:
+        return False
+    name = (getattr(ex, 'name', '') or '').lower()
+    patterns = (getattr(ex, 'movement_patterns', '') or '').lower()
+    if 'stretch' in name:
+        return True
+    blocked = (
+        'mobility - static', 'static stretch', 'yoga',
+        'cool down', 'cooldown', 'breathing', 'massage',
+    )
+    return any(token in patterns for token in blocked)
+
--- a/generator/services/workout_generation/scaling.py
+++ b/generator/services/workout_generation/scaling.py
@@ -0,0 +1,31 @@
+def apply_fitness_scaling(
+    params: dict,
+    *,
+    fitness_level: int,
+    scaling_config: dict,
+    min_reps: int,
+    min_reps_strength: int,
+    is_strength: bool = False,
+) -> dict:
+    """Scale workout params based on fitness level."""
+    out = dict(params)
+    level = fitness_level or 2
+    scaling = scaling_config.get(level, scaling_config[2])
+    rep_floor = min_reps_strength if is_strength else min_reps
+
+    out['rep_min'] = max(rep_floor, int(out['rep_min'] * scaling['rep_min_mult']))
+    out['rep_max'] = max(out['rep_min'], int(out['rep_max'] * scaling['rep_max_mult']))
+
+    rounds_min, rounds_max = out['rounds']
+    rounds_min = max(1, rounds_min + scaling['rounds_adj'])
+    rounds_max = max(rounds_min, rounds_max + scaling['rounds_adj'])
+    out['rounds'] = (rounds_min, rounds_max)
+
+    rest = out.get('rest_between_rounds', 45)
+    out['rest_between_rounds'] = max(15, rest + scaling['rest_adj'])
+
+    if level <= 1 and is_strength:
+        out['rep_min'] = max(5, out['rep_min'])
+        out['rep_max'] = max(out['rep_min'], out['rep_max'])
+    return out
+
--- a/generator/services/workout_generation/section_builders.py
+++ b/generator/services/workout_generation/section_builders.py
@@ -0,0 +1,68 @@
+import random
+from typing import Iterable, Optional
+
+
+def section_exercise_count(section: str, fitness_level: int, rng=random) -> int:
+    """Return section exercise count range by fitness level."""
+    level = fitness_level or 2
+    if section == 'warmup':
+        if level <= 1:
+            return rng.randint(5, 7)
+        if level >= 3:
+            return rng.randint(3, 5)
+        return rng.randint(4, 6)
+    if section == 'cooldown':
+        if level <= 1:
+            return rng.randint(4, 5)
+        if level >= 3:
+            return rng.randint(2, 3)
+        return rng.randint(3, 4)
+    raise ValueError(f'Unknown section: {section}')
+
+
+def rounded_duration(
+    raw_duration: int,
+    *,
+    min_duration: int,
+    duration_multiple: int,
+) -> int:
+    """Round duration to configured multiple and clamp to minimum."""
+    return max(min_duration, round(raw_duration / duration_multiple) * duration_multiple)
+
+
+def build_duration_entries(
+    exercises: Iterable,
+    *,
+    duration_min: int,
+    duration_max: int,
+    min_duration: int,
+    duration_multiple: int,
+    rng=random,
+) -> list[dict]:
+    """Build ordered duration entries from exercises."""
+    entries = []
+    for idx, ex in enumerate(exercises, start=1):
+        duration = rng.randint(duration_min, duration_max)
+        entries.append({
+            'exercise': ex,
+            'duration': rounded_duration(
+                duration,
+                min_duration=min_duration,
+                duration_multiple=duration_multiple,
+            ),
+            'order': idx,
+        })
+    return entries
+
+
+def build_section_superset(name: str, entries: list[dict]) -> Optional[dict]:
+    """Build a single-round warmup/cooldown superset payload."""
+    if not entries:
+        return None
+    return {
+        'name': name,
+        'rounds': 1,
+        'rest_between_rounds': 0,
+        'exercises': entries,
+    }
+