Tech debt: customer_service.py — god file, error handling, transactions, import truncation

[Blb3D]

Code Conclave Findings

Covers: ARCHITECT-001, ARCHITECT-002, ARCHITECT-003, NAVIGATOR-002

Problem

backend/app/services/customer_service.py has accumulated significant tech debt across multiple dimensions:

• ARCHITECT-001 — God file / single-responsibility violation: The file handles CRUD, bulk import, CSV parsing, validation, preview generation, and sequence number generation all in one module. It should be decomposed into focused sub-modules (e.g., customer_import_service.py, customer_validation.py).

• ARCHITECT-002 — Inconsistent error handling: Mix of raising exceptions, returning error dicts, and silently swallowing errors. Some functions return None on failure while others raise HTTPException. No consistent pattern for callers to rely on.

• ARCHITECT-003 — Transaction management: Multiple db.commit() calls within single logical operations create non-atomic behavior. Bulk import is particularly affected — a failure partway through leaves partial data committed. Should use savepoints (db.begin_nested()) for rollback safety.

• NAVIGATOR-002 — Import preview truncation: The bulk import preview silently truncates results without informing the user. If a CSV has 500 rows but preview shows 50, the user has no indication that 450 rows were not validated. Preview and actual import also use different validation scopes (e.g., email uniqueness checks differ).

Priority

Medium — Pre-existing tech debt, not a regression. No user-facing bugs, but increases risk of future bugs and makes the code harder to maintain.

Suggested Approach

1. Extract CSV parsing/validation into customer_import_service.py
2. Standardize error handling to always raise typed exceptions (not HTTP exceptions from service layer)
3. Wrap bulk operations in savepoints
4. Add truncation indicator to preview response and align validation between preview and import

[coderabbitai]

🔗 Related PRs

#194 - refactor(ARCHITECT-002): split SalesOrderWizard.jsx (2729 → 1421 lines) [merged]
#202 - refactor(ARCHITECT-002): split AdminCustomers — extract 3 modals + constants [merged]
#213 - refactor(ARCHITECT-003): service layer extraction batch 4 [merged]
#335 - fix: prevent stack trace exposure in API error responses [merged]
#339 - fix: resolve CodeQL security scanning alerts [merged]

---

📝 Issue Planner

_{Check the box below or use the @coderabbitai plan command to generate an implementation plan and prompts that you can use with your favorite coding assistant.}

• Create Plan

---

🧪 Issue enrichment is currently in open beta.

You can configure auto-planning by selecting labels in the issue_enrichment configuration.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

💬 Have feedback or questions? Drop into our discord!

[Blb3D]

Triage (2026-03-30): Partially addressed, keeping open as tech debt.

customer_service.py is 962 lines — down from its worst but still combines CRUD, search, stats, and CSV import in one file. It's well-organized with clear section headers and uses begin_nested() for transaction safety.

Remaining tech debt: Split CSV import logic (~430 lines) into a separate customer_import_service.py. The CRUD/search core is clean enough to stay as-is.

Also tracked in MEMORY.md under "item_service.py god file" pattern — same splitting approach applies here.