agno 2.0.11__py3-none-any.whl → 2.1.0__py3-none-any.whl

agno/os/app.py

@@ -1,7 +1,7 @@
 from contextlib import asynccontextmanager
 from functools import partial
 from os import getenv
-from typing import Any, Dict, List, Optional, Set, Union
+from typing import Any, Dict, List, Literal, Optional, Union
 from uuid import uuid4
 
 from fastapi import APIRouter, FastAPI, HTTPException
@@ -40,6 +40,8 @@ from agno.os.settings import AgnoAPISettings
 from agno.os.utils import (
     collect_mcp_tools_from_team,
     collect_mcp_tools_from_workflow,
+    find_conflicting_routes,
+    load_yaml_config,
     update_cors_middleware,
 )
 from agno.team.team import Team
@@ -49,7 +51,7 @@ from agno.workflow.workflow import Workflow
 
 
 @asynccontextmanager
-async def mcp_lifespan(app, mcp_tools):
+async def mcp_lifespan(_, mcp_tools):
     """Manage MCP connection lifecycle inside a FastAPI app"""
     # Startup logic: connect to all contextual MCP servers
     for tool in mcp_tools:
@@ -65,7 +67,8 @@ async def mcp_lifespan(app, mcp_tools):
 class AgentOS:
     def __init__(
         self,
-        os_id: Optional[str] = None,
+        id: Optional[str] = None,
+        os_id: Optional[str] = None,  # Deprecated
         name: Optional[str] = None,
         description: Optional[str] = None,
         version: Optional[str] = None,
@@ -75,16 +78,19 @@ class AgentOS:
         interfaces: Optional[List[BaseInterface]] = None,
         config: Optional[Union[str, AgentOSConfig]] = None,
         settings: Optional[AgnoAPISettings] = None,
-        fastapi_app: Optional[FastAPI] = None,
         lifespan: Optional[Any] = None,
-        enable_mcp: bool = False,
-        replace_routes: bool = True,
+        enable_mcp: bool = False,  # Deprecated
+        enable_mcp_server: bool = False,
+        fastapi_app: Optional[FastAPI] = None,  # Deprecated
+        base_app: Optional[FastAPI] = None,
+        replace_routes: Optional[bool] = None,  # Deprecated
+        on_route_conflict: Literal["preserve_agentos", "preserve_base_app", "error"] = "preserve_agentos",
         telemetry: bool = True,
     ):
         """Initialize AgentOS.
 
         Args:
-            os_id: Unique identifier for this AgentOS instance
+            id: Unique identifier for this AgentOS instance
             name: Name of the AgentOS instance
             description: Description of the AgentOS instance
             version: Version of the AgentOS instance
@@ -94,18 +100,16 @@ class AgentOS:
             interfaces: List of interfaces to include in the OS
             config: Configuration file path or AgentOSConfig instance
             settings: API settings for the OS
-            fastapi_app: Optional custom FastAPI app to use instead of creating a new one
             lifespan: Optional lifespan context manager for the FastAPI app
-            enable_mcp: Whether to enable MCP (Model Context Protocol)
-            replace_routes: If False and using a custom fastapi_app, skip AgentOS routes that
-                          conflict with existing routes, preferring the user's custom routes.
-                          If True (default), AgentOS routes will override conflicting custom routes.
+            enable_mcp_server: Whether to enable MCP (Model Context Protocol)
+            base_app: Optional base FastAPI app to use for the AgentOS. All routes and middleware will be added to this app.
+            on_route_conflict: What to do when a route conflict is detected in case a custom base_app is provided.
             telemetry: Whether to enable telemetry
         """
         if not agents and not workflows and not teams:
             raise ValueError("Either agents, teams or workflows must be provided.")
 
-        self.config = self._load_yaml_config(config) if isinstance(config, str) else config
+        self.config = load_yaml_config(config) if isinstance(config, str) else config
 
         self.agents: Optional[List[Agent]] = agents
         self.workflows: Optional[List[Workflow]] = workflows
@@ -115,27 +119,42 @@ class AgentOS:
         self.settings: AgnoAPISettings = settings or AgnoAPISettings()
 
         self._app_set = False
-        self.fastapi_app: Optional[FastAPI] = None
-        if fastapi_app:
-            self.fastapi_app = fastapi_app
+
+        if base_app:
+            self.base_app: Optional[FastAPI] = base_app
+            self._app_set = True
+            self.on_route_conflict = on_route_conflict
+        elif fastapi_app:
+            self.base_app = fastapi_app
             self._app_set = True
+            if replace_routes is not None:
+                self.on_route_conflict = "preserve_agentos" if replace_routes else "preserve_base_app"
+            else:
+                self.on_route_conflict = on_route_conflict
+        else:
+            self.base_app = None
+            self._app_set = False
+            self.on_route_conflict = on_route_conflict
 
         self.interfaces = interfaces or []
 
-        self.os_id = os_id
         self.name = name
+
+        self.id = id or os_id
+        if not self.id:
+            self.id = generate_id(self.name) if self.name else str(uuid4())
+
         self.version = version
         self.description = description
 
-        self.replace_routes = replace_routes
-
         self.telemetry = telemetry
 
-        self.enable_mcp = enable_mcp
+        self.enable_mcp_server = enable_mcp or enable_mcp_server
         self.lifespan = lifespan
 
         # List of all MCP tools used inside the AgentOS
         self.mcp_tools: List[Any] = []
+        self._mcp_app: Optional[Any] = None
 
         if self.agents:
             for agent in self.agents:
@@ -177,13 +196,10 @@ class AgentOS:
                 if not workflow.id:
                     workflow.id = generate_id_from_name(workflow.name)
 
-        if not self.os_id:
-            self.os_id = generate_id(self.name) if self.name else str(uuid4())
-
         if self.telemetry:
             from agno.api.os import OSLaunch, log_os_telemetry
 
-            log_os_telemetry(launch=OSLaunch(os_id=self.os_id, data=self._get_telemetry_data()))
+            log_os_telemetry(launch=OSLaunch(os_id=self.id, data=self._get_telemetry_data()))
 
     def _make_app(self, lifespan: Optional[Any] = None) -> FastAPI:
         # Adjust the FastAPI app lifespan to handle MCP connections if relevant
@@ -215,39 +231,41 @@ class AgentOS:
         )
 
     def get_app(self) -> FastAPI:
-        if not self.fastapi_app:
-            if self.enable_mcp:
+        if self.base_app:
+            fastapi_app = self.base_app
+        else:
+            if self.enable_mcp_server:
                 from contextlib import asynccontextmanager
 
                 from agno.os.mcp import get_mcp_server
 
-                self.mcp_app = get_mcp_server(self)
+                self._mcp_app = get_mcp_server(self)
 
-                final_lifespan = self.mcp_app.lifespan
+                final_lifespan = self._mcp_app.lifespan  # type: ignore
                 if self.lifespan is not None:
                     # Combine both lifespans
                     @asynccontextmanager
                     async def combined_lifespan(app: FastAPI):
                         # Run both lifespans
                         async with self.lifespan(app):  # type: ignore
-                            async with self.mcp_app.lifespan(app):  # type: ignore
+                            async with self._mcp_app.lifespan(app):  # type: ignore
                                 yield
 
                     final_lifespan = combined_lifespan  # type: ignore
 
-                self.fastapi_app = self._make_app(lifespan=final_lifespan)
+                fastapi_app = self._make_app(lifespan=final_lifespan)
             else:
-                self.fastapi_app = self._make_app(lifespan=self.lifespan)
+                fastapi_app = self._make_app(lifespan=self.lifespan)
 
-        # Add routes with conflict detection
-        self._add_router(get_base_router(self, settings=self.settings))
-        self._add_router(get_websocket_router(self, settings=self.settings))
-        self._add_router(get_health_router())
-        self._add_router(get_home_router(self))
+        # Add routes
+        self._add_router(fastapi_app, get_base_router(self, settings=self.settings))
+        self._add_router(fastapi_app, get_websocket_router(self, settings=self.settings))
+        self._add_router(fastapi_app, get_health_router())
+        self._add_router(fastapi_app, get_home_router(self))
 
         for interface in self.interfaces:
             interface_router = interface.get_router()
-            self._add_router(interface_router)
+            self._add_router(fastapi_app, interface_router)
 
         self._auto_discover_databases()
         self._auto_discover_knowledge_instances()
@@ -261,17 +279,19 @@ class AgentOS:
         ]
 
         for router in routers:
-            self._add_router(router)
+            self._add_router(fastapi_app, router)
 
         # Mount MCP if needed
-        if self.enable_mcp and self.mcp_app:
-            self.fastapi_app.mount("/", self.mcp_app)
+        if self.enable_mcp_server and self._mcp_app:
+            fastapi_app.mount("/", self._mcp_app)
+        else:
+            # Add the home router
+            self._add_router(fastapi_app, get_home_router(self))
 
-        # Add middleware (only if app is not set)
         if not self._app_set:
 
-            @self.fastapi_app.exception_handler(HTTPException)
-            async def http_exception_handler(request: Request, exc: HTTPException) -> JSONResponse:
+            @fastapi_app.exception_handler(HTTPException)
+            async def http_exception_handler(_, exc: HTTPException) -> JSONResponse:
                 return JSONResponse(
                     status_code=exc.status_code,
                     content={"detail": str(exc.detail)},
@@ -286,12 +306,12 @@ class AgentOS:
                         content={"detail": str(e)},
                     )
 
-            self.fastapi_app.middleware("http")(general_exception_handler)
+            fastapi_app.middleware("http")(general_exception_handler)
 
         # Update CORS middleware
-        update_cors_middleware(self.fastapi_app, self.settings.cors_origin_list)  # type: ignore
+        update_cors_middleware(fastapi_app, self.settings.cors_origin_list)  # type: ignore
 
-        return self.fastapi_app
+        return fastapi_app
 
     def get_routes(self) -> List[Any]:
         """Retrieve all routes from the FastAPI app.
@@ -303,55 +323,37 @@ class AgentOS:
 
         return app.routes
 
-    def _get_existing_route_paths(self) -> Dict[str, List[str]]:
-        """Get all existing route paths and methods from the FastAPI app.
-
-        Returns:
-            Dict[str, List[str]]: Dictionary mapping paths to list of HTTP methods
-        """
-        if not self.fastapi_app:
-            return {}
-
-        existing_paths: Dict[str, Any] = {}
-        for route in self.fastapi_app.routes:
-            if isinstance(route, APIRoute):
-                path = route.path
-                methods = list(route.methods) if route.methods else []
-                if path in existing_paths:
-                    existing_paths[path].extend(methods)
-                else:
-                    existing_paths[path] = methods
-        return existing_paths
-
-    def _add_router(self, router: APIRouter) -> None:
+    def _add_router(self, fastapi_app: FastAPI, router: APIRouter) -> None:
         """Add a router to the FastAPI app, avoiding route conflicts.
 
         Args:
             router: The APIRouter to add
         """
-        if not self.fastapi_app:
-            return
 
-        # Get existing routes
-        existing_paths = self._get_existing_route_paths()
+        conflicts = find_conflicting_routes(fastapi_app, router)
+        conflicting_routes = [conflict["route"] for conflict in conflicts]
 
-        # Check for conflicts
-        conflicts = []
-        conflicting_routes = []
+        if conflicts and self._app_set:
+            if self.on_route_conflict == "preserve_base_app":
+                # Skip conflicting AgentOS routes, prefer user's existing routes
+                for conflict in conflicts:
+                    methods_str = ", ".join(conflict["methods"])  # type: ignore
+                    logger.debug(
+                        f"Skipping conflicting AgentOS route: {methods_str} {conflict['path']} - "
+                        f"Using existing custom route instead"
+                    )
 
-        for route in router.routes:
-            if isinstance(route, APIRoute):
-                full_path = route.path
-                route_methods = list(route.methods) if route.methods else []
+                # Create a new router without the conflicting routes
+                filtered_router = APIRouter()
+                for route in router.routes:
+                    if route not in conflicting_routes:
+                        filtered_router.routes.append(route)
 
-                if full_path in existing_paths:
-                    conflicting_methods: Set[str] = set(route_methods) & set(existing_paths[full_path])
-                    if conflicting_methods:
-                        conflicts.append({"path": full_path, "methods": list(conflicting_methods), "route": route})
-                        conflicting_routes.append(route)
+                # Use the filtered router if it has any routes left
+                if filtered_router.routes:
+                    fastapi_app.include_router(filtered_router)
 
-        if conflicts and self._app_set:
-            if self.replace_routes:
+            elif self.on_route_conflict == "preserve_agentos":
                 # Log warnings but still add all routes (AgentOS routes will override)
                 for conflict in conflicts:
                     methods_str = ", ".join(conflict["methods"])  # type: ignore
@@ -361,35 +363,21 @@ class AgentOS:
                     )
 
                 # Remove conflicting routes
-                for route in self.fastapi_app.routes:
+                for route in fastapi_app.routes:
                     for conflict in conflicts:
                         if isinstance(route, APIRoute):
                             if route.path == conflict["path"] and list(route.methods) == list(conflict["methods"]):  # type: ignore
-                                self.fastapi_app.routes.pop(self.fastapi_app.routes.index(route))
+                                fastapi_app.routes.pop(fastapi_app.routes.index(route))
 
-                self.fastapi_app.include_router(router)
+                fastapi_app.include_router(router)
 
-            else:
-                # Skip conflicting AgentOS routes, prefer user's existing routes
-                for conflict in conflicts:
-                    methods_str = ", ".join(conflict["methods"])  # type: ignore
-                    logger.debug(
-                        f"Skipping conflicting AgentOS route: {methods_str} {conflict['path']} - "
-                        f"Using existing custom route instead"
-                    )
+            elif self.on_route_conflict == "error":
+                conflicting_paths = [conflict["path"] for conflict in conflicts]
+                raise ValueError(f"Route conflict detected: {conflicting_paths}")
 
-                # Create a new router without the conflicting routes
-                filtered_router = APIRouter()
-                for route in router.routes:
-                    if route not in conflicting_routes:
-                        filtered_router.routes.append(route)
-
-                # Use the filtered router if it has any routes left
-                if filtered_router.routes:
-                    self.fastapi_app.include_router(filtered_router)
         else:
             # No conflicts, add router normally
-            self.fastapi_app.include_router(router)
+            fastapi_app.include_router(router)
 
     def _get_telemetry_data(self) -> Dict[str, Any]:
         """Get the telemetry data for the OS"""
@@ -400,21 +388,6 @@ class AgentOS:
             "interfaces": [interface.type for interface in self.interfaces] if self.interfaces else None,
         }
 
-    def _load_yaml_config(self, config_file_path: str) -> AgentOSConfig:
-        """Load a YAML config file and return the configuration as an AgentOSConfig instance."""
-        from pathlib import Path
-
-        import yaml
-
-        # Validate that the path points to a YAML file
-        path = Path(config_file_path)
-        if path.suffix.lower() not in [".yaml", ".yml"]:
-            raise ValueError(f"Config file must have a .yaml or .yml extension, got: {config_file_path}")
-
-        # Load the YAML file
-        with open(config_file_path, "r") as f:
-            return AgentOSConfig.model_validate(yaml.safe_load(f))
-
     def _auto_discover_databases(self) -> None:
         """Auto-discover the databases used by all contextual agents, teams and workflows."""
         from agno.db.base import BaseDb
@@ -641,11 +614,10 @@ class AgentOS:
         from rich.align import Align
         from rich.console import Console, Group
 
-        panel_group = []
-        panel_group.append(Align.center(f"[bold cyan]{public_endpoint}[/bold cyan]"))
-        panel_group.append(
-            Align.center(f"\n\n[bold dark_orange]OS running on:[/bold dark_orange] http://{host}:{port}")
-        )
+        panel_group = [
+            Align.center(f"[bold cyan]{public_endpoint}[/bold cyan]"),
+            Align.center(f"\n\n[bold dark_orange]OS running on:[/bold dark_orange] http://{host}:{port}"),
+        ]
         if bool(self.settings.os_security_key):
             panel_group.append(Align.center("\n\n[bold chartreuse3]:lock: Security Enabled[/bold chartreuse3]"))
 

agno/os/interfaces/whatsapp/router.py

@@ -123,6 +123,7 @@ def attach_routes(router: APIRouter, agent: Optional[Agent] = None, team: Option
                 response = await agent.arun(
                     message_text,
                     user_id=phone_number,
+                    session_id=f"wa:{phone_number}",
                     images=[Image(content=await get_media_async(message_image))] if message_image else None,
                     files=[File(content=await get_media_async(message_doc))] if message_doc else None,
                     videos=[Video(content=await get_media_async(message_video))] if message_video else None,
@@ -132,6 +133,7 @@ def attach_routes(router: APIRouter, agent: Optional[Agent] = None, team: Option
                 response = await team.arun(  # type: ignore
                     message_text,
                     user_id=phone_number,
+                    session_id=f"wa:{phone_number}",
                     files=[File(content=await get_media_async(message_doc))] if message_doc else None,
                     images=[Image(content=await get_media_async(message_image))] if message_image else None,
                     videos=[Video(content=await get_media_async(message_video))] if message_video else None,

agno/os/mcp.py

@@ -54,7 +54,7 @@ def get_mcp_server(
     )  # type: ignore
     async def config() -> ConfigResponse:
         return ConfigResponse(
-            os_id=os.os_id or "AgentOS",
+            os_id=os.id or "AgentOS",
             description=os.description,
             available_models=os.config.available_models if os.config else [],
             databases=[db.id for db in os.dbs.values()],

agno/os/middleware/__init__.py

@@ -0,0 +1,7 @@
+from agno.os.middleware.jwt import (
+    JWTMiddleware,
+)
+
+__all__ = [
+    "JWTMiddleware",
+]

agno/os/middleware/jwt.py

@@ -0,0 +1,233 @@
+import fnmatch
+from enum import Enum
+from os import getenv
+from typing import List, Optional
+
+import jwt
+from fastapi import Request, Response
+from fastapi.responses import JSONResponse
+from starlette.middleware.base import BaseHTTPMiddleware
+
+from agno.utils.log import log_debug
+
+
+class TokenSource(str, Enum):
+    """Enum for JWT token source options."""
+
+    HEADER = "header"
+    COOKIE = "cookie"
+    BOTH = "both"  # Try header first, then cookie
+
+
+class JWTMiddleware(BaseHTTPMiddleware):
+    """
+    JWT Middleware for validating tokens and storing JWT claims in request state.
+
+    This middleware:
+    1. Extracts JWT token from Authorization header, cookies, or both
+    2. Decodes and validates the token
+    3. Stores JWT claims in request.state for easy access in endpoints
+
+    Token Sources:
+    - "header": Extract from Authorization header (default)
+    - "cookie": Extract from HTTP cookie
+    - "both": Try header first, then cookie as fallback
+
+    Claims are stored as:
+    - request.state.user_id: User ID from configured claim
+    - request.state.session_id: Session ID from configured claim
+    - request.state.dependencies: Dictionary of dependency claims
+    - request.state.session_state: Dictionary of session state claims
+    - request.state.authenticated: Boolean authentication status
+
+    """
+
+    def __init__(
+        self,
+        app,
+        secret_key: Optional[str] = None,
+        algorithm: str = "HS256",
+        token_source: TokenSource = TokenSource.HEADER,
+        token_header_key: str = "Authorization",
+        cookie_name: str = "access_token",
+        validate: bool = True,
+        excluded_route_paths: Optional[List[str]] = None,
+        scopes_claim: Optional[str] = None,
+        user_id_claim: str = "sub",
+        session_id_claim: str = "session_id",
+        dependencies_claims: Optional[List[str]] = None,
+        session_state_claims: Optional[List[str]] = None,
+    ):
+        """
+        Initialize the JWT middleware.
+
+        Args:
+            app: The FastAPI app instance
+            secret_key: The secret key to use for JWT validation (optional, will use JWT_SECRET_KEY environment variable if not provided)
+            algorithm: The algorithm to use for JWT validation
+            token_header_key: The key to use for the Authorization header (only used when token_source is header)
+            token_source: Where to extract the JWT token from (header, cookie, or both)
+            cookie_name: The name of the cookie containing the JWT token (only used when token_source is cookie/both)
+            validate: Whether to validate the JWT token
+            excluded_route_paths: A list of route paths to exclude from JWT validation
+            scopes_claim: The claim to use for scopes extraction
+            user_id_claim: The claim to use for user ID extraction
+            session_id_claim: The claim to use for session ID extraction
+            dependencies_claims: A list of claims to extract from the JWT token for dependencies
+            session_state_claims: A list of claims to extract from the JWT token for session state
+        """
+        super().__init__(app)
+        self.secret_key = secret_key or getenv("JWT_SECRET_KEY")
+        if not self.secret_key:
+            raise ValueError("Secret key is required")
+        self.algorithm = algorithm
+        self.token_header_key = token_header_key
+        self.token_source = token_source
+        self.cookie_name = cookie_name
+        self.validate = validate
+        self.excluded_route_paths = excluded_route_paths
+        self.scopes_claim = scopes_claim
+        self.user_id_claim = user_id_claim
+        self.session_id_claim = session_id_claim
+        self.dependencies_claims = dependencies_claims or []
+        self.session_state_claims = session_state_claims or []
+
+    def _extract_token_from_header(self, request: Request) -> Optional[str]:
+        """Extract JWT token from Authorization header."""
+        authorization = request.headers.get(self.token_header_key, "")
+        if not authorization:
+            return None
+
+        try:
+            # Remove the "Bearer " prefix (if present)
+            _, token = authorization.split(" ", 1)
+            return token
+        except ValueError:
+            return None
+
+    def _extract_token_from_cookie(self, request: Request) -> Optional[str]:
+        """Extract JWT token from cookie."""
+        return request.cookies.get(self.cookie_name)
+
+    def _extract_token(self, request: Request) -> Optional[str]:
+        """Extract JWT token based on configured token source."""
+        if self.token_source == TokenSource.HEADER:
+            return self._extract_token_from_header(request)
+        elif self.token_source == TokenSource.COOKIE:
+            return self._extract_token_from_cookie(request)
+        elif self.token_source == TokenSource.BOTH:
+            # Try header first, then cookie
+            token = self._extract_token_from_header(request)
+            if token is None:
+                token = self._extract_token_from_cookie(request)
+            return token
+        else:
+            log_debug(f"Unknown token source: {self.token_source}")
+            return None
+
+    def _get_missing_token_error_message(self) -> str:
+        """Get appropriate error message for missing token based on token source."""
+        if self.token_source == TokenSource.HEADER:
+            return "Authorization header missing"
+        elif self.token_source == TokenSource.COOKIE:
+            return f"JWT cookie '{self.cookie_name}' missing"
+        elif self.token_source == TokenSource.BOTH:
+            return f"JWT token missing from both Authorization header and '{self.cookie_name}' cookie"
+        else:
+            return "JWT token missing"
+
+    def _is_route_excluded(self, path: str) -> bool:
+        """Check if a route path matches any of the excluded patterns."""
+        if not self.excluded_route_paths:
+            return False
+
+        for excluded_path in self.excluded_route_paths:
+            # Support both exact matches and wildcard patterns
+            if fnmatch.fnmatch(path, excluded_path):
+                return True
+
+        return False
+
+    async def dispatch(self, request: Request, call_next) -> Response:
+        if self._is_route_excluded(request.url.path):
+            return await call_next(request)
+
+        # Extract JWT token from configured source (header, cookie, or both)
+        token = self._extract_token(request)
+
+        if not token:
+            if self.validate:
+                error_msg = self._get_missing_token_error_message()
+                return JSONResponse(status_code=401, content={"detail": error_msg})
+            return await call_next(request)
+
+        # Decode JWT token
+        try:
+            payload = jwt.decode(token, self.secret_key, algorithms=[self.algorithm])  # type: ignore
+
+            # Extract scopes claims
+            scopes = []
+            if self.scopes_claim in payload:
+                extracted_scopes = payload[self.scopes_claim]
+                if isinstance(extracted_scopes, str):
+                    scopes = extracted_scopes.split(" ")
+                else:
+                    scopes = extracted_scopes
+            if scopes:
+                request.state.scopes = scopes
+
+            # Extract user information
+            if self.user_id_claim in payload:
+                user_id = payload[self.user_id_claim]
+                request.state.user_id = user_id
+            if self.session_id_claim in payload:
+                session_id = payload[self.session_id_claim]
+                request.state.session_id = session_id
+            else:
+                session_id = None
+
+            # Extract dependency claims
+            dependencies = {}
+            for claim in self.dependencies_claims:
+                if claim in payload:
+                    dependencies[claim] = payload[claim]
+
+            if dependencies:
+                request.state.dependencies = dependencies
+
+            # Extract session state claims
+            session_state = {}
+            for claim in self.session_state_claims:
+                if claim in payload:
+                    session_state[claim] = payload[claim]
+
+            if session_state:
+                request.state.session_state = session_state
+
+            request.state.token = token
+            request.state.authenticated = True
+
+            log_debug(f"JWT decoded successfully for user: {user_id}")
+            if dependencies:
+                log_debug(f"Extracted dependencies: {dependencies}")
+            if session_state:
+                log_debug(f"Extracted session state: {session_state}")
+
+        except jwt.ExpiredSignatureError:
+            if self.validate:
+                return JSONResponse(status_code=401, content={"detail": "Token has expired"})
+            request.state.authenticated = False
+            request.state.token = token
+
+        except jwt.InvalidTokenError as e:
+            if self.validate:
+                return JSONResponse(status_code=401, content={"detail": f"Invalid token: {str(e)}"})
+            request.state.authenticated = False
+            request.state.token = token
+        except Exception as e:
+            if self.validate:
+                return JSONResponse(status_code=401, content={"detail": f"Error decoding token: {str(e)}"})
+            request.state.authenticated = False
+            request.state.token = token
+
+        return await call_next(request)