Skip to content

TaipanStack Architecture

TaipanStack is built on the philosophy of maximum safety by default, combined with blazing-fast asynchronous programming. The internal architecture enforces a strict layered dependency map, statically verified on every commit.

Layered Dependency Model

The architecture enforces unidirectional data flow. Upper layers may import from lower layers; lower layers may never import upward.

graph TD
    A["๐Ÿข Application Layer<br/>(your business logic)"]
    B["๐Ÿ›ก๏ธ Security Layer<br/>guards ยท sanitizers ยท validators ยท decorators"]
    C["โš™๏ธ Config Layer<br/>models ยท generators ยท version_config"]
    D["๐Ÿ”ง Utils Layer<br/>retry ยท circuit_breaker ยท metrics ยท logging ยท filesystem"]
    E["๐ŸŽฏ Core Layer<br/>result ยท compat ยท optimizations"]

    A --> B
    A --> C
    A --> D
    B --> E
    C --> E
    D --> E

    style A fill:#4A148C,color:#fff
    style B fill:#880E4F,color:#fff
    style C fill:#1A237E,color:#fff
    style D fill:#004D40,color:#fff
    style E fill:#BF360C,color:#fff

Dependency Contracts (Import Linter)

These contracts are enforced statically in CI via Import Linter. Any violation fails the build immediately.

Contract Rule
core is independent taipanstack.core cannot import from security, utils, or config
security is independent taipanstack.security cannot import from utils or config
utils is independent taipanstack.utils cannot import from security or config
config only uses core taipanstack.config cannot import from security or utils

Project Structure

TaipanStack/
โ”œโ”€โ”€ src/
โ”‚   โ””โ”€โ”€ taipanstack/
โ”‚       โ”œโ”€โ”€ __init__.py       # Public API surface
โ”‚       โ”œโ”€โ”€ core/             # ๐ŸŽฏ Result types, compat, optimizations
โ”‚       โ”‚   โ”œโ”€โ”€ result.py     #    Ok / Err / safe / unwrap_or
โ”‚       โ”‚   โ”œโ”€โ”€ compat.py     #    Python version feature flags
โ”‚       โ”‚   โ””โ”€โ”€ optimizations.py # uvloop / orjson bootstrap
โ”‚       โ”œโ”€โ”€ config/           # โš™๏ธ Configuration models & generators
โ”‚       โ”‚   โ”œโ”€โ”€ models.py     #    StackConfig (Pydantic v2)
โ”‚       โ”‚   โ”œโ”€โ”€ generators.py #    Project scaffolding templates
โ”‚       โ”‚   โ””โ”€โ”€ version_config.py # Version-aware recommendations
โ”‚       โ”œโ”€โ”€ security/         # ๐Ÿ›ก๏ธ Guards, sanitizers, validators
โ”‚       โ”‚   โ”œโ”€โ”€ guards.py     #    Path traversal, command injection, env guards
โ”‚       โ”‚   โ”œโ”€โ”€ sanitizers.py #    XSS, filename, SQL, env value sanitization
โ”‚       โ”‚   โ”œโ”€โ”€ validators.py #    Email, URL, project name, Python version
โ”‚       โ”‚   โ””โ”€โ”€ decorators.py #    @safe_path, @safe_env wrappers
โ”‚       โ””โ”€โ”€ utils/            # ๐Ÿ”ง Resilience & observability utilities
โ”‚           โ”œโ”€โ”€ circuit_breaker.py # Circuit breaker with on_state_change callback
โ”‚           โ”œโ”€โ”€ retry.py           # Exponential backoff with on_retry callback
โ”‚           โ”œโ”€โ”€ metrics.py         # @timed, @counted decorators
โ”‚           โ”œโ”€โ”€ logging.py         # Structured logging (structlog)
โ”‚           โ”œโ”€โ”€ filesystem.py      # Safe file operations
โ”‚           โ””โ”€โ”€ subprocess.py      # Sandboxed subprocess execution
โ”œโ”€โ”€ tests/                    # โœ… 1006 tests, 100% coverage
โ”‚   โ”œโ”€โ”€ test_benchmarks.py    # pytest-benchmark performance suite
โ”‚   โ”œโ”€โ”€ test_property_sanitizers.py # Hypothesis fuzzing
โ”‚   โ””โ”€โ”€ test_v031_features.py # v0.3.1 specific new behaviors
โ”œโ”€โ”€ docs/                     # ๐Ÿ“– MkDocs Material documentation
โ”œโ”€โ”€ .semgrep/                 # ๐Ÿ” Custom SAST rules
โ”œโ”€โ”€ .github/                  # ๐Ÿ”„ CI/CD + SBOM/SLSA + Docs workflows
โ”œโ”€โ”€ Dockerfile                # ๐Ÿณ Hardened multi-stage container
โ””โ”€โ”€ pyproject.toml            # ๐Ÿ“‹ Modern dependency management (Poetry)

Concurrency Model

When production dependencies are installed (uvloop group), TaipanStack bootstraps uvloop as the asyncio event loop, providing a 2โ€“4ร— throughput improvement over the standard asyncio loop on Linux/macOS.

from taipanstack.core.optimizations import apply_optimizations

apply_optimizations()  # Auto-installs uvloop + orjson if available

Python version detection is performed at import time via taipanstack.core.compat:

from taipanstack import PY313, get_features

if PY313:
    print(get_features())  # Reports 3.13-specific optimizations

Error Handling Philosophy

Exceptions represent unrecoverable panics. For standard, expected failures (network errors, validation failures, missing data), TaipanStack uses the Result monad:

Rule: Never raise to communicate a business failure

# โŒ DO NOT: leaks exception semantics into caller
def find_user(user_id: str) -> User:
    raise UserNotFoundError(...)

# โœ… DO: encode failure in the return type
def find_user(user_id: str) -> Result[User, UserNotFoundError]:
    return Err(UserNotFoundError(user_id))

Benefits enforced by Mypy strict:

  • You cannot forget to handle an Err โ€” the type checker forces it
  • Pattern matching (match/case) gives exhaustive, safe unpacking
  • The @safe decorator wraps any raising function into a Result automatically

Security Strategy

TaipanStack's security layer is fail-closed by design:

Principle Implementation
No silent failures Malformed input raises SecurityError or TypeError immediately
Boundary validation All external data validated at entry via pydantic + guards
Runtime type guards Every public security function validates input types at v0.3.1+
AST scanning Bandit + Semgrep (custom rules) runs on every CI push
Supply chain SBOM (CycloneDX via Syft) + SLSA attestation (Cosign/Sigstore) on every release