feat: SR DCI server/client end-to-end + CEL metric composition fix

.github/workflows/security.yml

@@ -30,8 +30,12 @@ jobs:
         run: |
           GITLEAKS_VERSION="8.21.2"
           mkdir -p "$HOME/.local/bin"
-          curl -sSfL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" \
-            | tar -xz -C "$HOME/.local/bin" gitleaks
+          # Download to a file (not a pipe) with retries so a transient 5xx
+          # from the release CDN doesn't fail the whole security gate.
+          curl -sSfL --retry 5 --retry-all-errors --retry-delay 3 \
+            -o /tmp/gitleaks.tar.gz \
+            "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz"
+          tar -xz -C "$HOME/.local/bin" gitleaks < /tmp/gitleaks.tar.gz
           echo "$HOME/.local/bin" >> "$GITHUB_PATH"
 
       - name: Run Gitleaks

spp_cel_domain/models/cel_executor.py

@@ -424,7 +424,7 @@ def compile_and_preview(
                     expr,
                 )
                 exec_self = self.with_context(cel_mode="preview", cel_request_id=request_id)
-                ids = exec_self._execute_plan(model, plan, metrics_info)
+                ids = exec_self._execute_plan(model, plan, metrics_info, as_root=True)
                 # If a fast-path domain override was provided in metrics_info, use it instead of materializing ids
                 override_domain: list[Any] | None = None
                 for mi in metrics_info:
@@ -709,7 +709,13 @@ def _ensure_domain_list(self, domain: list[Any]) -> list[Any]:
         return [domain]
 
     # Execute
-    def _execute_plan(self, model: str, plan: Any, metrics_info: list[dict[str, Any]] | None = None) -> list[int]:  # noqa: C901
+    def _execute_plan(
+        self,
+        model: str,
+        plan: Any,
+        metrics_info: list[dict[str, Any]] | None = None,
+        as_root: bool = False,
+    ) -> list[int]:  # noqa: C901
         if isinstance(plan, LeafDomain):
             return self.env[plan.model].search(plan.domain).ids
         if isinstance(plan, AND):
@@ -744,7 +750,7 @@ def _execute_plan(self, model: str, plan: Any, metrics_info: list[dict[str, Any]
         if isinstance(plan, CountThrough):
             return self._exec_count(plan)
         if isinstance(plan, MetricCompare):
-            return self._exec_metric(model, plan, metrics_info)
+            return self._exec_metric(model, plan, metrics_info, as_root=as_root)
         if isinstance(plan, CoverageRequire):
             # Only support gating on MetricCompare results for now
             if not isinstance(plan.node, MetricCompare):
@@ -1071,10 +1077,16 @@ def _exec_metric(
         model: str,
         p: MetricCompare,
         metrics_info: list[dict[str, Any]] | None = None,
+        as_root: bool = False,
     ) -> list[int]:
         """Evaluate metric comparison and return matching subject IDs for current model.
 
         Uses openspp.metrics service with mode=fallback.
+
+        ``as_root`` is True only when this comparison IS the whole plan: in
+        that case the fresh-cache SQL shortcut may return no ids and stash an
+        ``override_domain`` for the caller. Composed inside and/or/not, the
+        ids must be materialized so set composition stays correct.
         """
         # Check metrics availability
         self._check_metrics_available(p.metric)
@@ -1139,13 +1151,19 @@ def _exec_metric(
                         "metric": p.metric,
                         "period_key": period_key,
                         "path": path,
-                        "override_domain": domain,
                     }
                 )
+                if as_root:
+                    mi["override_domain"] = domain
                 metrics_info.append(mi)
-            # We return [] and let compile_and_preview use override_domain to avoid
-            # materializing ids into a huge 'in' list
-            return []
+            if as_root:
+                # The comparison is the whole plan: return [] and let
+                # compile_and_preview use override_domain to avoid
+                # materializing ids into a huge 'in' list.
+                return []
+            # Composed inside and/or/not: materialize the matching ids so
+            # set composition (intersection/union) stays correct.
+            return self.env[subject_model].search(self._and_domains(base_dom, domain)).ids
         # Preview mode behavior when not fresh
         cel_mode = self.env.context.get("cel_mode")
         preview_cache_only_mode = cel_mode == "preview" and preview_cache_only

spp_cel_domain/tests/__init__.py

@@ -5,6 +5,7 @@
 from . import test_cel_caching
 from . import test_cel_exceptions
 from . import test_cel_field_aggregations
+from . import test_cel_metric_conjunction
 from . import test_cel_functions
 from . import test_cel_parser
 from . import test_cel_security

spp_cel_domain/tests/test_cel_metric_conjunction.py

@@ -0,0 +1,73 @@
+# Part of OpenSPP. See LICENSE file for full copyright and licensing details.
+"""Composing multiple metric() comparisons with and/or.
+
+The fresh-cache SQL shortcut for a single metric comparison returns no ids
+and stashes an override domain for the caller. That shortcut is only valid
+when the comparison IS the whole plan: inside a conjunction or disjunction
+the override of the first metric must not replace the composed result
+(live-found: `metricA == true and metricB == true` matched everyone that
+matched metricA alone).
+"""
+
+from odoo.tests import TransactionCase, tagged
+
+
+@tagged("post_install", "-at_install")
+class TestCelMetricConjunction(TransactionCase):
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.svc = cls.env["spp.cel.service"]
+        Partner = cls.env["res.partner"]
+        cls.a = Partner.create({"name": "Conj A", "is_registrant": True, "is_group": False})
+        cls.b = Partner.create({"name": "Conj B", "is_registrant": True, "is_group": False})
+        cls.c = Partner.create({"name": "Conj C", "is_registrant": True, "is_group": False})
+        # Complete, fresh cache for both metrics across all three subjects:
+        # m1: A=1, B=1, C=0   /   m2: A=1, B=0, C=1
+        rows = []
+        for metric, values in (
+            ("zz.conj.m1", {cls.a: 1, cls.b: 1, cls.c: 0}),
+            ("zz.conj.m2", {cls.a: 1, cls.b: 0, cls.c: 1}),
+        ):
+            for partner, value in values.items():
+                rows.append(
+                    {
+                        "variable_name": metric,
+                        "subject_model": "res.partner",
+                        "subject_id": partner.id,
+                        "period_key": "current",
+                        "value_json": {"value": value},
+                        "value_type": "number",
+                        "source_type": "external",
+                        "ttl_seconds": 3600,
+                    }
+                )
+        cls.env["spp.data.value"].upsert_values(rows)
+
+    def _match(self, expr):
+        r = self.svc.compile_expression(
+            expr,
+            profile="registry_individuals",
+            base_domain=[("id", "in", (self.a | self.b | self.c).ids)],
+            limit=0,
+            materialize_sql=True,
+        )
+        self.assertTrue(r.get("valid"), r.get("error"))
+        return self.env["res.partner"].search(r["domain"])
+
+    def test_metric_and_metric_intersects(self):
+        matched = self._match("metric('zz.conj.m1', me) >= 1 and metric('zz.conj.m2', me) >= 1")
+        self.assertEqual(matched, self.a, f"AND must intersect both metrics, got {matched.mapped('name')}")
+
+    def test_metric_or_metric_unions(self):
+        matched = self._match("metric('zz.conj.m1', me) >= 1 or metric('zz.conj.m2', me) >= 1")
+        self.assertEqual(
+            matched,
+            self.a | self.b | self.c,
+            f"OR must union both metrics, got {matched.mapped('name')}",
+        )
+
+    def test_single_metric_shortcut_still_works(self):
+        """The root-level single-metric shortcut keeps its behavior."""
+        matched = self._match("metric('zz.conj.m1', me) >= 1")
+        self.assertEqual(matched, self.a | self.b)

spp_cel_event/models/cel_event_executor.py

@@ -31,7 +31,13 @@ class CelEventExecutor(models.AbstractModel):
     # This prevents memory exhaustion from overly broad queries
     MAX_QUERY_RESULTS = 100000
 
-    def _execute_plan(self, model: str, plan: Any, metrics_info: list[dict[str, Any]] | None = None) -> list[int]:
+    def _execute_plan(
+        self,
+        model: str,
+        plan: Any,
+        metrics_info: list[dict[str, Any]] | None = None,
+        as_root: bool = False,
+    ) -> list[int]:
         """Execute query plan with event data support.
 
         Extends base executor to handle EventValueCompare, EventExists, and EventsAggregate nodes.
@@ -42,7 +48,7 @@ def _execute_plan(self, model: str, plan: Any, metrics_info: list[dict[str, Any]
             return self._exec_event_exists(model, plan)
         if isinstance(plan, EventsAggregate):
             return self._exec_event_aggregate(model, plan)
-        return super()._execute_plan(model, plan, metrics_info)
+        return super()._execute_plan(model, plan, metrics_info, as_root=as_root)
 
     # ══════════════════════════════════════════════════════════════════════════════
     # EventValueCompare Execution

spp_cel_event/tests/test_cel_event_integration.py

@@ -1258,3 +1258,20 @@ def test_compute_aggregation_dict_dispatch(self):
         self.assertEqual(executor._compute_aggregation(events, "count", None), 2)
         # Unknown agg type returns 0
         self.assertEqual(executor._compute_aggregation(events, "unknown_agg", "score"), 0)
+
+
+@tagged("post_install", "-at_install")
+class TestEventExecutorPassthrough(TransactionCase):
+    """Non-event plan nodes fall through the event executor's _execute_plan
+    override to the base implementation (with the as_root parameter intact)."""
+
+    def test_non_event_plan_falls_through_to_base(self):
+        from odoo.addons.spp_cel_domain.models.cel_queryplan import LeafDomain
+
+        partner = self.env["res.partner"].create(
+            {"name": "Passthrough Person", "is_registrant": True, "is_group": False}
+        )
+        plan = LeafDomain(model="res.partner", domain=[("id", "=", partner.id)])
+        executor = self.env["spp.cel.executor"]
+        self.assertEqual(executor._execute_plan("res.partner", plan), [partner.id])
+        self.assertEqual(executor._execute_plan("res.partner", plan, as_root=True), [partner.id])

spp_dci/schemas/__init__.py

@@ -15,7 +15,7 @@
     Place,
     AdditionalAttribute,
 )
-from .person import Person, RelatedPerson, DisabilityInfo
+from .person import HouseholdInfo, Person, ProgramEnrollment, RelatedPerson, DisabilityInfo
 from .group import Group, Member
 from .search import (
     SearchCriteria,
@@ -76,6 +76,8 @@
     "AdditionalAttribute",
     # Person
     "Person",
+    "ProgramEnrollment",
+    "HouseholdInfo",
     "RelatedPerson",
     "DisabilityInfo",
     # Group

spp_dci/schemas/person.py

@@ -26,6 +26,53 @@ class DisabilityInfo(BaseModel):
     )
 
 
+class ProgramEnrollment(BaseModel):
+    """A person's enrollment in a social protection programme.
+
+    Field names follow the SPDCI social profile (programme_name,
+    enrolment_status, ...). No internal database ids are carried.
+    """
+
+    model_config = ConfigDict(populate_by_name=True)
+
+    programme_identifier: str | None = Field(
+        None,
+        description="External programme identifier, when one exists",
+    )
+    programme_name: str = Field(
+        ...,
+        description="Human-readable programme name",
+    )
+    enrolment_status: str | None = Field(
+        None,
+        description="Enrollment status (enrolled, paused, ...)",
+    )
+    enrolment_date: date | None = Field(
+        None,
+        description="Date the person was enrolled",
+    )
+
+
+class HouseholdInfo(BaseModel):
+    """Summary of the person's household (OpenSPP extension).
+
+    Carried inside the person record so one search answers household-level
+    questions (size, headship) without a second group query.
+    """
+
+    model_config = ConfigDict(populate_by_name=True)
+
+    household_size: int | None = Field(
+        None,
+        ge=1,
+        description="Number of active members in the person's household",
+    )
+    is_household_head: bool | None = Field(
+        None,
+        description="Whether the person is the head of the household",
+    )
+
+
 class RelatedPerson(BaseModel):
     """DCI RelatedPerson schema - family relationship information."""
 
@@ -96,6 +143,14 @@ class Person(BaseModel):
         None,
         description="Date when person details were last updated",
     )
+    enrolled_programs: list[ProgramEnrollment] | None = Field(
+        None,
+        description="Active social protection programme enrollments",
+    )
+    household_info: HouseholdInfo | None = Field(
+        None,
+        description="Summary of the person's household (OpenSPP extension)",
+    )
 
 
 # Update forward references

spp_dci_client/__manifest__.py

@@ -2,7 +2,7 @@
 {
     "name": "OpenSPP DCI Client",
     "summary": "Base DCI client infrastructure with OAuth2 and data source management",
-    "version": "19.0.2.0.0",
+    "version": "19.0.2.0.1",
     "category": "OpenSPP/Integration",
     "author": "OpenSPP.org",
     "website": "https://github.com/OpenSPP/OpenSPP2",