mdb-engine 0.1.6__py3-none-any.whl → 0.4.12__py3-none-any.whl

mdb_engine/database/scoped_wrapper.py

@@ -26,27 +26,60 @@ a familiar (Motor-like) developer experience with automatic index optimization.
 
 import asyncio
 import logging
+import re
 import time
-from typing import (Any, ClassVar, Coroutine, Dict, List, Mapping, Optional,
-                    Tuple, Union)
-
-from motor.motor_asyncio import (AsyncIOMotorCollection, AsyncIOMotorCursor,
-                                 AsyncIOMotorDatabase)
+from collections.abc import Coroutine, Mapping
+from typing import (
+    TYPE_CHECKING,
+    Any,
+    ClassVar,
+    Optional,
+)
+
+if TYPE_CHECKING:
+    from ..core.app_secrets import AppSecretsManager
+
+from motor.motor_asyncio import (
+    AsyncIOMotorCollection,
+    AsyncIOMotorCursor,
+    AsyncIOMotorDatabase,
+)
 from pymongo import ASCENDING, DESCENDING, TEXT
-from pymongo.errors import (AutoReconnect, CollectionInvalid,
-                            ConnectionFailure, InvalidOperation,
-                            OperationFailure, ServerSelectionTimeoutError)
+from pymongo.errors import (
+    AutoReconnect,
+    CollectionInvalid,
+    ConnectionFailure,
+    InvalidOperation,
+    OperationFailure,
+    PyMongoError,
+    ServerSelectionTimeoutError,
+)
 from pymongo.operations import SearchIndexModel
-from pymongo.results import (DeleteResult, InsertManyResult, InsertOneResult,
-                             UpdateResult)
+from pymongo.results import (
+    DeleteResult,
+    InsertManyResult,
+    InsertOneResult,
+    UpdateResult,
+)
 
 # Import constants
-from ..constants import (AUTO_INDEX_HINT_THRESHOLD, DEFAULT_DROP_TIMEOUT,
-                         DEFAULT_POLL_INTERVAL, DEFAULT_SEARCH_TIMEOUT,
-                         MAX_INDEX_FIELDS)
+from ..constants import (
+    AUTO_INDEX_HINT_THRESHOLD,
+    DEFAULT_DROP_TIMEOUT,
+    DEFAULT_POLL_INTERVAL,
+    DEFAULT_SEARCH_TIMEOUT,
+    MAX_COLLECTION_NAME_LENGTH,
+    MAX_INDEX_FIELDS,
+    MIN_COLLECTION_NAME_LENGTH,
+    RESERVED_COLLECTION_NAMES,
+    RESERVED_COLLECTION_PREFIXES,
+)
 from ..exceptions import MongoDBEngineError
+
 # Import observability
 from ..observability import record_operation
+from .query_validator import QueryValidator
+from .resource_limiter import ResourceLimiter
 
 # --- FIX: Configure logger *before* first use ---
 logger = logging.getLogger(__name__)
@@ -60,9 +93,7 @@ GEO2DSPHERE = "2dsphere"
 
 
 # --- HELPER FUNCTION FOR MANAGED TASK CREATION ---
-def _create_managed_task(
-    coro: Coroutine[Any, Any, Any], task_name: Optional[str] = None
-) -> None:
+def _create_managed_task(coro: Coroutine[Any, Any, Any], task_name: str | None = None) -> None:
     """
     Creates a background task using asyncio.create_task().
 
@@ -86,6 +117,149 @@ def _create_managed_task(
 # --- END HELPER FUNCTION ---
 
 
+# ##########################################################################
+# SECURITY VALIDATION FUNCTIONS
+# ##########################################################################
+
+# Collection name pattern: alphanumeric, underscore, dot, hyphen
+# Must start with alphanumeric or underscore
+# MongoDB allows: [a-zA-Z0-9_.-] but cannot start with number or special char
+COLLECTION_NAME_PATTERN: re.Pattern = re.compile(r"^[a-zA-Z_][a-zA-Z0-9_.-]*$")
+"""Regex pattern for valid MongoDB collection names."""
+
+
+def _validate_collection_name(name: str, allow_prefixed: bool = False) -> None:
+    """
+    Validate collection name for security.
+
+    Validates that collection names:
+    - Meet MongoDB naming requirements
+    - Are not reserved system names
+    - Do not use reserved prefixes
+    - Are within length limits
+
+    Args:
+        name: Collection name to validate
+        allow_prefixed: If True, allows prefixed names (e.g., "app_collection")
+            for cross-app access validation
+
+    Raises:
+        ValueError: If collection name is invalid, reserved, or uses reserved prefix
+    """
+    if not name:
+        raise ValueError("Collection name cannot be empty")
+
+    # Check length
+    if len(name) < MIN_COLLECTION_NAME_LENGTH:
+        raise ValueError(
+            f"Collection name too short (minimum {MIN_COLLECTION_NAME_LENGTH} character): {name}"
+        )
+    if len(name) > MAX_COLLECTION_NAME_LENGTH:
+        raise ValueError(
+            f"Collection name too long (maximum {MAX_COLLECTION_NAME_LENGTH} characters): {name}"
+        )
+
+    # Check pattern (MongoDB naming rules)
+    if not COLLECTION_NAME_PATTERN.match(name):
+        raise ValueError(
+            f"Invalid collection name format: '{name}'. "
+            "Collection names must start with a letter or underscore and "
+            "contain only alphanumeric characters, underscores, dots, or hyphens."
+        )
+
+    # MongoDB doesn't allow collection names to end with a dot
+    if name.endswith("."):
+        raise ValueError(
+            f"Invalid collection name format: '{name}'. " "Collection names cannot end with a dot."
+        )
+
+    # Check for path traversal attempts
+    if ".." in name or "/" in name or "\\" in name:
+        raise ValueError(
+            f"Invalid collection name format: '{name}'. "
+            f"Collection names must start with a letter or underscore and contain "
+            f"only alphanumeric characters, underscores, dots, or hyphens."
+        )
+
+    # Check reserved names (exact match)
+    if name in RESERVED_COLLECTION_NAMES:
+        logger.warning(f"Security: Attempted access to reserved collection name: {name}")
+        raise ValueError(
+            f"Collection name '{name}' is reserved and cannot be accessed through scoped database."
+        )
+
+    # Check reserved prefixes
+    name_lower = name.lower()
+    for prefix in RESERVED_COLLECTION_PREFIXES:
+        if name_lower.startswith(prefix):
+            logger.warning(
+                f"Security: Attempted access to collection with reserved prefix '{prefix}': {name}"
+            )
+            raise ValueError(
+                f"Collection name '{name}' uses reserved prefix '{prefix}' and cannot be accessed."
+            )
+
+
+def _extract_app_slug_from_prefixed_name(prefixed_name: str) -> str | None:
+    """
+    Extract app slug from a prefixed collection name.
+
+    Args:
+        prefixed_name: Collection name that may be prefixed (e.g., "app_slug_collection")
+
+    Returns:
+        App slug if name is prefixed, None otherwise
+    """
+    if "_" not in prefixed_name:
+        return None
+
+    # Split on first underscore
+    parts = prefixed_name.split("_", 1)
+    if len(parts) != 2:
+        return None
+
+    app_slug = parts[0]
+    # Basic validation - app slug should be non-empty
+    if app_slug:
+        return app_slug
+    return None
+
+
+class _SecureCollectionProxy:
+    """
+    Proxy wrapper that blocks access to dangerous attributes on collections.
+
+    Prevents access to database/client attributes that could be used to bypass scoping.
+    """
+
+    __slots__ = ("_collection",)
+
+    def __init__(self, collection: AsyncIOMotorCollection):
+        self._collection = collection
+
+    def __getattr__(self, name: str) -> Any:
+        """Block access to database/client attributes."""
+        if name in ("database", "client", "db"):
+            logger.warning(
+                f"Security: Attempted access to '{name}' attribute on collection. "
+                "This is blocked to prevent bypassing scoping."
+            )
+            raise AttributeError(
+                f"Access to '{name}' is blocked for security. "
+                "Use collection.index_manager for index operations. "
+                "All data access must go through scoped collections."
+            )
+        return getattr(self._collection, name)
+
+    def __setattr__(self, name: str, value: Any) -> None:
+        """Allow setting _collection, delegate other attributes to underlying collection."""
+        if name == "_collection":
+            super().__setattr__(name, value)
+        else:
+            # Delegate to underlying collection for other attributes
+            setattr(self._collection, name, value)
+
+
 # ##########################################################################
 # ASYNCHRONOUS ATLAS INDEX MANAGER
 # ##########################################################################
@@ -115,10 +289,11 @@ class AsyncAtlasIndexManager:
         Initializes the manager with a direct reference to a
         motor.motor_asyncio.AsyncIOMotorCollection.
         """
+        # Unwrap _SecureCollectionProxy if present to get the real collection
+        if isinstance(real_collection, _SecureCollectionProxy):
+            real_collection = real_collection._collection
         if not isinstance(real_collection, AsyncIOMotorCollection):
-            raise TypeError(
-                f"Expected AsyncIOMotorCollection, got {type(real_collection)}"
-            )
+            raise TypeError(f"Expected AsyncIOMotorCollection, got {type(real_collection)}")
         self._collection = real_collection
 
     async def _ensure_collection_exists(self) -> None:
@@ -134,9 +309,7 @@ class AsyncAtlasIndexManager:
                     f"Continuing index creation."
                 )
             else:
-                logger.exception(
-                    "Failed to ensure collection exists - CollectionInvalid error"
-                )
+                logger.exception("Failed to ensure collection exists - CollectionInvalid error")
                 raise MongoDBEngineError(
                     f"Failed to create prerequisite collection '{self._collection.name}'",
                     context={"collection_name": self._collection.name},
@@ -157,11 +330,11 @@ class AsyncAtlasIndexManager:
 
     def _check_definition_changed(
         self,
-        definition: Dict[str, Any],
-        latest_def: Dict[str, Any],
+        definition: dict[str, Any],
+        latest_def: dict[str, Any],
         index_type: str,
         name: str,
-    ) -> Tuple[bool, str]:
+    ) -> tuple[bool, str]:
         """Check if index definition has changed."""
         definition_changed = False
         change_reason = ""
@@ -184,8 +357,8 @@ class AsyncAtlasIndexManager:
 
     async def _handle_existing_index(
         self,
-        existing_index: Dict[str, Any],
-        definition: Dict[str, Any],
+        existing_index: dict[str, Any],
+        definition: dict[str, Any],
         index_type: str,
         name: str,
     ) -> bool:
@@ -208,9 +381,7 @@ class AsyncAtlasIndexManager:
             )
             return False  # Will wait below
         elif existing_index.get("queryable"):
-            logger.info(
-                f"Search index '{name}' is already queryable and definition is up-to-date."
-            )
+            logger.info(f"Search index '{name}' is already queryable and definition is up-to-date.")
             return True
         elif existing_index.get("status") == "FAILED":
             logger.error(
@@ -226,32 +397,27 @@ class AsyncAtlasIndexManager:
             return False  # Will wait below
 
     async def _create_new_search_index(
-        self, name: str, definition: Dict[str, Any], index_type: str
+        self, name: str, definition: dict[str, Any], index_type: str
     ) -> None:
         """Create a new search index."""
         try:
             logger.info(f"Creating new search index '{name}' of type '{index_type}'...")
-            search_index_model = SearchIndexModel(
-                definition=definition, name=name, type=index_type
-            )
+            search_index_model = SearchIndexModel(definition=definition, name=name, type=index_type)
             await self._collection.create_search_index(model=search_index_model)
             logger.info(f"Search index '{name}' build has been submitted.")
         except OperationFailure as e:
             if "IndexAlreadyExists" in str(e) or "DuplicateIndexName" in str(e):
-                logger.warning(
-                    f"Race condition: Index '{name}' was created by another process."
-                )
+                logger.warning(f"Race condition: Index '{name}' was created by another process.")
             else:
-                logger.error(
-                    f"OperationFailure during search index creation "
-                    f"for '{name}': {e.details}"
+                logger.exception(
+                    f"OperationFailure during search index creation " f"for '{name}': {e.details}"
                 )
-                raise e
+                raise
 
     async def create_search_index(
         self,
         name: str,
-        definition: Dict[str, Any],
+        definition: dict[str, Any],
         index_type: str = "search",
         wait_for_ready: bool = True,
         timeout: int = DEFAULT_SEARCH_TIMEOUT,
@@ -283,17 +449,13 @@ class AsyncAtlasIndexManager:
             return True
 
         except OperationFailure as e:
-            logger.exception(
-                f"OperationFailure during search index creation/check for '{name}'"
-            )
+            logger.exception(f"OperationFailure during search index creation/check for '{name}'")
             raise MongoDBEngineError(
                 f"Failed to create/check search index '{name}'",
                 context={"index_name": name, "operation": "create_search_index"},
             ) from e
         except (ConnectionFailure, ServerSelectionTimeoutError) as e:
-            logger.exception(
-                f"Connection error during search index creation/check for '{name}'"
-            )
+            logger.exception(f"Connection error during search index creation/check for '{name}'")
             raise MongoDBEngineError(
                 f"Connection failed while creating/checking search index '{name}'",
                 context={"index_name": name, "operation": "create_search_index"},
@@ -305,7 +467,7 @@ class AsyncAtlasIndexManager:
                 context={"index_name": name, "operation": "create_search_index"},
             ) from e
 
-    async def get_search_index(self, name: str) -> Optional[Dict[str, Any]]:
+    async def get_search_index(self, name: str) -> dict[str, Any] | None:
         """
         Retrieves the definition and status of a single search index by name
         using the $listSearchIndexes aggregation stage.
@@ -329,7 +491,7 @@ class AsyncAtlasIndexManager:
                 context={"index_name": name, "operation": "get_search_index"},
             ) from e
 
-    async def list_search_indexes(self) -> List[Dict[str, Any]]:
+    async def list_search_indexes(self) -> list[dict[str, Any]]:
         """Lists all Atlas Search indexes for the collection."""
         try:
             return await self._collection.list_search_indexes().to_list(None)
@@ -362,9 +524,7 @@ class AsyncAtlasIndexManager:
         except OperationFailure as e:
             # Handle race condition where index was already dropped
             if "IndexNotFound" in str(e):
-                logger.info(
-                    f"Search index '{name}' was already deleted (race condition)."
-                )
+                logger.info(f"Search index '{name}' was already deleted (race condition).")
                 return True
             logger.exception(f"OperationFailure dropping search index '{name}'")
             raise MongoDBEngineError(
@@ -387,7 +547,7 @@ class AsyncAtlasIndexManager:
     async def update_search_index(
         self,
         name: str,
-        definition: Dict[str, Any],
+        definition: dict[str, Any],
         wait_for_ready: bool = True,
         timeout: int = DEFAULT_SEARCH_TIMEOUT,
     ) -> bool:
@@ -427,19 +587,13 @@ class AsyncAtlasIndexManager:
         queryable or fails.
         """
         start_time = time.time()
-        logger.info(
-            f"Waiting up to {timeout}s for search index '{name}' to become queryable..."
-        )
+        logger.info(f"Waiting up to {timeout}s for search index '{name}' to become queryable...")
 
         while True:
             elapsed = time.time() - start_time
             if elapsed > timeout:
-                logger.error(
-                    f"Timeout: Index '{name}' did not become queryable within {timeout}s."
-                )
-                raise TimeoutError(
-                    f"Index '{name}' did not become queryable within {timeout}s."
-                )
+                logger.error(f"Timeout: Index '{name}' did not become queryable within {timeout}s.")
+                raise TimeoutError(f"Index '{name}' did not become queryable within {timeout}s.")
 
             index_info = None
             try:
@@ -471,9 +625,7 @@ class AsyncAtlasIndexManager:
                 queryable = index_info.get("queryable")
                 if queryable:
                     # Success!
-                    logger.info(
-                        f"Search index '{name}' is queryable (Status: {status})."
-                    )
+                    logger.info(f"Search index '{name}' is queryable (Status: {status}).")
                     return True
 
                 # Not ready yet, log and wait
@@ -495,14 +647,10 @@ class AsyncAtlasIndexManager:
         Private helper to poll until an index is successfully dropped.
         """
         start_time = time.time()
-        logger.info(
-            f"Waiting up to {timeout}s for search index '{name}' to be dropped..."
-        )
+        logger.info(f"Waiting up to {timeout}s for search index '{name}' to be dropped...")
         while True:
             if time.time() - start_time > timeout:
-                logger.error(
-                    f"Timeout: Index '{name}' was not dropped within {timeout}s."
-                )
+                logger.error(f"Timeout: Index '{name}' was not dropped within {timeout}s.")
                 raise TimeoutError(f"Index '{name}' was not dropped within {timeout}s.")
 
             index_info = await self.get_search_index(name)
@@ -522,7 +670,7 @@ class AsyncAtlasIndexManager:
     # consistent async API with the search index methods.
 
     async def create_index(  # noqa: C901
-        self, keys: Union[str, List[Tuple[str, Union[int, str]]]], **kwargs: Any
+        self, keys: str | list[tuple[str, int | str]], **kwargs: Any
     ) -> str:
         """
         Creates a standard (non-search) database index.
@@ -588,9 +736,7 @@ class AsyncAtlasIndexManager:
             # Wait for index to be ready (MongoDB indexes are usually immediate, but we verify)
             if wait_for_ready:
                 try:
-                    is_ready = await self._wait_for_regular_index_ready(
-                        name, timeout=30
-                    )
+                    is_ready = await self._wait_for_regular_index_ready(name, timeout=30)
                     if not is_ready:
                         logger.warning(
                             f"Regular index '{name}' may not be fully ready yet, "
@@ -606,11 +752,7 @@ class AsyncAtlasIndexManager:
             return name
         except OperationFailure as e:
             # Handle index build aborted (e.g., database being dropped during teardown)
-            if (
-                e.code == 276
-                or "IndexBuildAborted" in str(e)
-                or "dropDatabase" in str(e)
-            ):
+            if e.code == 276 or "IndexBuildAborted" in str(e) or "dropDatabase" in str(e):
                 logger.debug(
                     f"Skipping regular index creation '{index_name}': "
                     f"index build aborted (likely during database drop/teardown): {e}"
@@ -637,8 +779,8 @@ class AsyncAtlasIndexManager:
 
     async def create_text_index(
         self,
-        fields: List[str],
-        weights: Optional[Dict[str, int]] = None,
+        fields: list[str],
+        weights: dict[str, int] | None = None,
         name: str = "text_index",
         **kwargs: Any,
     ) -> str:
@@ -650,9 +792,7 @@ class AsyncAtlasIndexManager:
             kwargs["name"] = name
         return await self.create_index(keys, **kwargs)
 
-    async def create_geo_index(
-        self, field: str, name: Optional[str] = None, **kwargs: Any
-    ) -> str:
+    async def create_geo_index(self, field: str, name: str | None = None, **kwargs: Any) -> str:
         """Helper to create a standard 2dsphere index."""
         keys = [(field, GEO2DSPHERE)]
         if name:
@@ -681,15 +821,13 @@ class AsyncAtlasIndexManager:
                 context={"index_name": name, "operation": "drop_index"},
             ) from e
         except InvalidOperation as e:
-            logger.debug(
-                f"Cannot drop regular index '{name}': MongoDB client is closed"
-            )
+            logger.debug(f"Cannot drop regular index '{name}': MongoDB client is closed")
             raise MongoDBEngineError(
                 f"Cannot drop regular index '{name}': MongoDB client is closed",
                 context={"index_name": name, "operation": "drop_index"},
             ) from e
 
-    async def list_indexes(self) -> List[Dict[str, Any]]:
+    async def list_indexes(self) -> list[dict[str, Any]]:
         """Lists all standard (non-search) indexes on the collection."""
         try:
             return await self._collection.list_indexes().to_list(None)
@@ -698,12 +836,10 @@ class AsyncAtlasIndexManager:
             return []
         except InvalidOperation:
             # Client is closed (e.g., during shutdown/teardown)
-            logger.debug(
-                "Skipping list_indexes: MongoDB client is closed (likely during shutdown)"
-            )
+            logger.debug("Skipping list_indexes: MongoDB client is closed (likely during shutdown)")
             return []
 
-    async def get_index(self, name: str) -> Optional[Dict[str, Any]]:
+    async def get_index(self, name: str) -> dict[str, Any] | None:
         """Gets a single standard index by name."""
         indexes = await self.list_indexes()
         return next((index for index in indexes if index.get("name") == name), None)
@@ -774,23 +910,21 @@ class AutoIndexManager:
         "_pending_tasks",
     )
 
-    def __init__(
-        self, collection: AsyncIOMotorCollection, index_manager: AsyncAtlasIndexManager
-    ):
+    def __init__(self, collection: AsyncIOMotorCollection, index_manager: AsyncAtlasIndexManager):
         self._collection = collection
         self._index_manager = index_manager
         # Cache of index creation decisions (index_name -> bool)
-        self._creation_cache: Dict[str, bool] = {}
+        self._creation_cache: dict[str, bool] = {}
         # Async lock to prevent race conditions during index creation
         self._lock = asyncio.Lock()
         # Track query patterns to determine which indexes to create
-        self._query_counts: Dict[str, int] = {}
+        self._query_counts: dict[str, int] = {}
         # Track in-flight index creation tasks to prevent duplicates
-        self._pending_tasks: Dict[str, asyncio.Task] = {}
+        self._pending_tasks: dict[str, asyncio.Task] = {}
 
     def _extract_index_fields_from_filter(
-        self, filter: Optional[Mapping[str, Any]]
-    ) -> List[Tuple[str, int]]:
+        self, filter: Mapping[str, Any] | None
+    ) -> list[tuple[str, int]]:
         """
         Extracts potential index fields from a MongoDB query filter.
 
@@ -805,15 +939,14 @@ class AutoIndexManager:
         if not filter:
             return []
 
-        index_fields: List[Tuple[str, int]] = []
+        index_fields: list[tuple[str, int]] = []
 
         def analyze_value(value: Any, field_name: str) -> None:
             """Recursively analyze filter values to extract index candidates."""
             if isinstance(value, dict):
                 # Handle operators like $gt, $gte, $lt, $lte, $ne, $in, $exists
                 if any(
-                    op in value
-                    for op in ["$gt", "$gte", "$lt", "$lte", "$ne", "$in", "$exists"]
+                    op in value for op in ["$gt", "$gte", "$lt", "$lte", "$ne", "$in", "$exists"]
                 ):
                     # These operators benefit from indexes
                     index_fields.append((field_name, ASCENDING))
@@ -838,8 +971,8 @@ class AutoIndexManager:
         return list(set(index_fields))  # Remove duplicates
 
     def _extract_sort_fields(
-        self, sort: Optional[Union[List[Tuple[str, int]], Dict[str, int]]]
-    ) -> List[Tuple[str, int]]:
+        self, sort: list[tuple[str, int]] | dict[str, int] | None
+    ) -> list[tuple[str, int]]:
         """
         Extracts index fields from sort specification.
 
@@ -855,7 +988,7 @@ class AutoIndexManager:
         else:
             return []
 
-    def _generate_index_name(self, fields: List[Tuple[str, int]]) -> str:
+    def _generate_index_name(self, fields: list[tuple[str, int]]) -> str:
         """Generate a human-readable index name from field list."""
         if not fields:
             return "auto_idx_empty"
@@ -868,7 +1001,7 @@ class AutoIndexManager:
         return f"auto_{'_'.join(parts)}"
 
     async def _create_index_safely(
-        self, index_name: str, all_fields: List[Tuple[str, int]]
+        self, index_name: str, all_fields: list[tuple[str, int]]
     ) -> None:
         """
         Safely create an index, handling errors gracefully.
@@ -888,9 +1021,7 @@ class AutoIndexManager:
 
             # Create the index
             keys = all_fields
-            await self._index_manager.create_index(
-                keys, name=index_name, background=True
-            )
+            await self._index_manager.create_index(keys, name=index_name, background=True)
             async with self._lock:
                 self._creation_cache[index_name] = True
             logger.info(
@@ -916,8 +1047,8 @@ class AutoIndexManager:
 
     async def ensure_index_for_query(
         self,
-        filter: Optional[Mapping[str, Any]] = None,
-        sort: Optional[Union[List[Tuple[str, int]], Dict[str, int]]] = None,
+        filter: Mapping[str, Any] | None = None,
+        sort: list[tuple[str, int]] | dict[str, int] | None = None,
         hint_threshold: int = AUTO_INDEX_HINT_THRESHOLD,
     ) -> None:
         """
@@ -986,9 +1117,7 @@ class AutoIndexManager:
 
             # Create task and track it
             # Cleanup happens in _create_index_safely's finally block
-            task = asyncio.create_task(
-                self._create_index_safely(index_name, all_fields)
-            )
+            task = asyncio.create_task(self._create_index_safely(index_name, all_fields))
             self._pending_tasks[index_name] = task
 
 
@@ -1028,22 +1157,33 @@ class ScopedCollectionWrapper:
         "_index_manager",
         "_auto_index_manager",
         "_auto_index_enabled",
+        "_query_validator",
+        "_resource_limiter",
+        "_parent_wrapper",
     )
 
     def __init__(
         self,
         real_collection: AsyncIOMotorCollection,
-        read_scopes: List[str],
+        read_scopes: list[str],
         write_scope: str,
         auto_index: bool = True,
+        query_validator: QueryValidator | None = None,
+        resource_limiter: ResourceLimiter | None = None,
+        parent_wrapper: Optional["ScopedMongoWrapper"] = None,
     ):
         self._collection = real_collection
         self._read_scopes = read_scopes
         self._write_scope = write_scope
         self._auto_index_enabled = auto_index
         # Lazily instantiated and cached
-        self._index_manager: Optional[AsyncAtlasIndexManager] = None
-        self._auto_index_manager: Optional[AutoIndexManager] = None
+        self._index_manager: AsyncAtlasIndexManager | None = None
+        self._auto_index_manager: AutoIndexManager | None = None
+        # Query security and resource limits
+        self._query_validator = query_validator or QueryValidator()
+        self._resource_limiter = resource_limiter or ResourceLimiter()
+        # Reference to parent wrapper for token verification
+        self._parent_wrapper = parent_wrapper
 
     @property
     def index_manager(self) -> AsyncAtlasIndexManager:
@@ -1060,11 +1200,13 @@ class ScopedCollectionWrapper:
             # Create and cache it.
             # Pass the *real* collection, not 'self', as indexes
             # are not scoped by app_id.
-            self._index_manager = AsyncAtlasIndexManager(self._collection)
+            # Access the real collection directly, bypassing the proxy
+            real_collection = super().__getattribute__("_collection")
+            self._index_manager = AsyncAtlasIndexManager(real_collection)
         return self._index_manager
 
     @property
-    def auto_index_manager(self) -> Optional[AutoIndexManager]:
+    def auto_index_manager(self) -> AutoIndexManager | None:
         """
         Gets the AutoIndexManager for magical automatic index creation.
 
@@ -1075,15 +1217,52 @@ class ScopedCollectionWrapper:
 
         if self._auto_index_manager is None:
             # Lazily instantiate auto-index manager
+            # Access the real collection directly, bypassing the proxy
+            real_collection = super().__getattribute__("_collection")
             self._auto_index_manager = AutoIndexManager(
-                self._collection,
+                real_collection,
                 self.index_manager,  # This will create index_manager if needed
             )
         return self._auto_index_manager
 
-    def _inject_read_filter(
-        self, filter: Optional[Mapping[str, Any]] = None
-    ) -> Dict[str, Any]:
+    def __getattribute__(self, name: str) -> Any:
+        """
+        Override to prevent access to dangerous attributes on _collection.
+
+        Blocks access to _collection.database and _collection.client to prevent
+        bypassing scoping.
+        """
+        # Allow access to our own attributes
+        if name.startswith("_") and name not in (
+            "_collection",
+            "_read_scopes",
+            "_write_scope",
+            "_index_manager",
+            "_auto_index_manager",
+            "_auto_index_enabled",
+            "_query_validator",
+            "_resource_limiter",
+        ):
+            return super().__getattribute__(name)
+
+        # If accessing _collection, wrap it to block database/client access
+        if name == "_collection":
+            collection = super().__getattribute__(name)
+            # Return a proxy that blocks dangerous attributes
+            return _SecureCollectionProxy(collection)
+
+        return super().__getattribute__(name)
+
+    def __setattr__(self, name: str, value: Any) -> None:
+        """Override to prevent modification of _collection."""
+        if name == "_collection" and hasattr(self, "_collection"):
+            raise AttributeError(
+                "Cannot modify '_collection' attribute. "
+                "Collection wrappers are immutable for security."
+            )
+        super().__setattr__(name, value)
+
+    def _inject_read_filter(self, filter: Mapping[str, Any] | None = None) -> dict[str, Any]:
         """
         Combines the user's filter with our mandatory scope filter.
 
@@ -1099,9 +1278,7 @@ class ScopedCollectionWrapper:
         # If filter exists, combine them robustly with $and
         return {"$and": [filter, scope_filter]}
 
-    async def insert_one(
-        self, document: Mapping[str, Any], *args, **kwargs
-    ) -> InsertOneResult:
+    async def insert_one(self, document: Mapping[str, Any], *args, **kwargs) -> InsertOneResult:
         """
         Injects the app_id before writing.
 
@@ -1110,12 +1287,31 @@ class ScopedCollectionWrapper:
         import time
 
         start_time = time.time()
-        collection_name = self._collection.name
+        # Get collection name safely (may not exist for new collections)
+        try:
+            collection_name = self._collection.name
+        except (AttributeError, TypeError):
+            # Fallback if name is not accessible
+            collection_name = "unknown"
 
         try:
+            # Verify token if needed (lazy verification for async contexts)
+            if self._parent_wrapper:
+                await self._parent_wrapper._verify_token_if_needed()
+
+            # Validate document size before insert
+            self._resource_limiter.validate_document_size(document)
+
             # Use dictionary spread to create a non-mutating copy
             doc_to_insert = {**document, "app_id": self._write_scope}
-            result = await self._collection.insert_one(doc_to_insert, *args, **kwargs)
+
+            # Enforce query timeout
+            kwargs = self._resource_limiter.enforce_query_timeout(kwargs)
+            # Remove maxTimeMS - insert_one doesn't accept it
+            kwargs_for_insert = {k: v for k, v in kwargs.items() if k != "maxTimeMS"}
+
+            # Use self._collection.insert_one() - proxy delegates correctly
+            result = await self._collection.insert_one(doc_to_insert, *args, **kwargs_for_insert)
             duration_ms = (time.time() - start_time) * 1000
             record_operation(
                 "database.insert_one",
@@ -1156,7 +1352,7 @@ class ScopedCollectionWrapper:
             ) from e
 
     async def insert_many(
-        self, documents: List[Mapping[str, Any]], *args, **kwargs
+        self, documents: list[Mapping[str, Any]], *args, **kwargs
     ) -> InsertManyResult:
         """
         Injects the app_id into all documents before writing.
@@ -1164,12 +1360,21 @@ class ScopedCollectionWrapper:
         Safety: Uses a list comprehension to create copies of all documents,
         avoiding in-place mutation of the original list.
         """
+        # Validate all document sizes before insert
+        self._resource_limiter.validate_documents_size(documents)
+
+        # Enforce query timeout
+        kwargs = self._resource_limiter.enforce_query_timeout(kwargs)
+        # Remove maxTimeMS - insert_many doesn't accept it
+        kwargs_for_insert = {k: v for k, v in kwargs.items() if k != "maxTimeMS"}
+
         docs_to_insert = [{**doc, "app_id": self._write_scope} for doc in documents]
-        return await self._collection.insert_many(docs_to_insert, *args, **kwargs)
+        # Use self._collection.insert_many() - proxy delegates correctly
+        return await self._collection.insert_many(docs_to_insert, *args, **kwargs_for_insert)
 
     async def find_one(
-        self, filter: Optional[Mapping[str, Any]] = None, *args, **kwargs
-    ) -> Optional[Dict[str, Any]]:
+        self, filter: Mapping[str, Any] | None = None, *args, **kwargs
+    ) -> dict[str, Any] | None:
         """
         Applies the read scope to the filter.
         Automatically ensures appropriate indexes exist for the query.
@@ -1177,20 +1382,36 @@ class ScopedCollectionWrapper:
         import time
 
         start_time = time.time()
-        collection_name = self._collection.name
+        # Access real collection directly (bypass proxy) for name attribute
+        # Use object.__getattribute__ to bypass our custom __getattribute__ that wraps in proxy
+        real_collection = object.__getattribute__(self, "_collection")
+        collection_name = real_collection.name
 
         try:
+            # Verify token if needed (lazy verification for async contexts)
+            if self._parent_wrapper:
+                await self._parent_wrapper._verify_token_if_needed()
+
+            # Validate query filter for security
+            self._query_validator.validate_filter(filter)
+            self._query_validator.validate_sort(kwargs.get("sort"))
+
+            # Enforce query timeout - but remove maxTimeMS for find_one
+            # because Motor's find_one internally creates a cursor and some versions
+            # don't handle maxTimeMS correctly when passed to find_one
+            kwargs = self._resource_limiter.enforce_query_timeout(kwargs)
+            # Remove maxTimeMS to avoid cursor creation errors in find_one
+            kwargs_for_find_one = {k: v for k, v in kwargs.items() if k != "maxTimeMS"}
+
             # Magical auto-indexing: ensure indexes exist before querying
             # Note: We analyze the user's filter, not the scoped filter, since
             # app_id index is always ensured separately
             if self.auto_index_manager:
                 sort = kwargs.get("sort")
-                await self.auto_index_manager.ensure_index_for_query(
-                    filter=filter, sort=sort
-                )
+                await self.auto_index_manager.ensure_index_for_query(filter=filter, sort=sort)
 
             scoped_filter = self._inject_read_filter(filter)
-            result = await self._collection.find_one(scoped_filter, *args, **kwargs)
+            result = await self._collection.find_one(scoped_filter, *args, **kwargs_for_find_one)
             duration_ms = (time.time() - start_time) * 1000
             record_operation(
                 "database.find_one",
@@ -1200,7 +1421,7 @@ class ScopedCollectionWrapper:
                 app_slug=self._write_scope,
             )
             return result
-        except Exception:
+        except (PyMongoError, ValueError, TypeError, KeyError, AttributeError):
             duration_ms = (time.time() - start_time) * 1000
             record_operation(
                 "database.find_one",
@@ -1211,14 +1432,31 @@ class ScopedCollectionWrapper:
             )
             raise
 
-    def find(
-        self, filter: Optional[Mapping[str, Any]] = None, *args, **kwargs
-    ) -> AsyncIOMotorCursor:
+    def find(self, filter: Mapping[str, Any] | None = None, *args, **kwargs) -> AsyncIOMotorCursor:
         """
         Applies the read scope to the filter.
         Returns an async cursor, just like motor.
         Automatically ensures appropriate indexes exist for the query.
         """
+        # Validate query filter for security
+        self._query_validator.validate_filter(filter)
+        self._query_validator.validate_sort(kwargs.get("sort"))
+
+        # Enforce result limit
+        limit = kwargs.get("limit")
+        if limit is not None:
+            kwargs["limit"] = self._resource_limiter.enforce_result_limit(limit)
+
+        # Enforce batch size
+        batch_size = kwargs.get("batch_size")
+        if batch_size is not None:
+            kwargs["batch_size"] = self._resource_limiter.enforce_batch_size(batch_size)
+
+        # Enforce query timeout - but remove maxTimeMS before passing to find()
+        # because Cursor constructor doesn't accept maxTimeMS
+        kwargs = self._resource_limiter.enforce_query_timeout(kwargs)
+        kwargs_for_find = {k: v for k, v in kwargs.items() if k != "maxTimeMS"}
+
         # Magical auto-indexing: ensure indexes exist before querying
         # Note: This is fire-and-forget, doesn't block cursor creation
         if self.auto_index_manager:
@@ -1227,23 +1465,20 @@ class ScopedCollectionWrapper:
             # Create a task to ensure index (fire and forget, managed to prevent accumulation)
             async def _safe_index_task():
                 try:
-                    await self.auto_index_manager.ensure_index_for_query(
-                        filter=filter, sort=sort
-                    )
+                    await self.auto_index_manager.ensure_index_for_query(filter=filter, sort=sort)
                 except (
                     OperationFailure,
                     ConnectionFailure,
                     ServerSelectionTimeoutError,
                     InvalidOperation,
                 ) as e:
-                    logger.debug(
-                        f"Auto-index creation failed for query (non-critical): {e}"
-                    )
+                    logger.debug(f"Auto-index creation failed for query (non-critical): {e}")
+                # Let other exceptions bubble up - they are non-recoverable (Type 4)
 
             _create_managed_task(_safe_index_task(), task_name="auto_index_check")
 
         scoped_filter = self._inject_read_filter(filter)
-        return self._collection.find(scoped_filter, *args, **kwargs)
+        return self._collection.find(scoped_filter, *args, **kwargs_for_find)
 
     async def update_one(
         self, filter: Mapping[str, Any], update: Mapping[str, Any], *args, **kwargs
@@ -1252,8 +1487,16 @@ class ScopedCollectionWrapper:
         Applies the read scope to the filter.
         Note: This only scopes the *filter*, not the update operation.
         """
+        # Validate query filter for security
+        self._query_validator.validate_filter(filter)
+
+        # Enforce query timeout
+        kwargs = self._resource_limiter.enforce_query_timeout(kwargs)
+        # Remove maxTimeMS - update_one doesn't accept it
+        kwargs_for_update = {k: v for k, v in kwargs.items() if k != "maxTimeMS"}
+
         scoped_filter = self._inject_read_filter(filter)
-        return await self._collection.update_one(scoped_filter, update, *args, **kwargs)
+        return await self._collection.update_one(scoped_filter, update, *args, **kwargs_for_update)
 
     async def update_many(
         self, filter: Mapping[str, Any], update: Mapping[str, Any], *args, **kwargs
@@ -1262,48 +1505,78 @@ class ScopedCollectionWrapper:
         Applies the read scope to the filter.
         Note: This only scopes the *filter*, not the update operation.
         """
+        # Validate query filter for security
+        self._query_validator.validate_filter(filter)
+
+        # Enforce query timeout
+        kwargs = self._resource_limiter.enforce_query_timeout(kwargs)
+        # Remove maxTimeMS - update_many doesn't accept it
+        kwargs_for_update = {k: v for k, v in kwargs.items() if k != "maxTimeMS"}
+
         scoped_filter = self._inject_read_filter(filter)
-        return await self._collection.update_many(
-            scoped_filter, update, *args, **kwargs
-        )
+        return await self._collection.update_many(scoped_filter, update, *args, **kwargs_for_update)
 
-    async def delete_one(
-        self, filter: Mapping[str, Any], *args, **kwargs
-    ) -> DeleteResult:
+    async def delete_one(self, filter: Mapping[str, Any], *args, **kwargs) -> DeleteResult:
         """Applies the read scope to the filter."""
+        # Validate query filter for security
+        self._query_validator.validate_filter(filter)
+
+        # Enforce query timeout
+        kwargs = self._resource_limiter.enforce_query_timeout(kwargs)
+        # Remove maxTimeMS - delete_one doesn't accept it
+        kwargs_for_delete = {k: v for k, v in kwargs.items() if k != "maxTimeMS"}
+
         scoped_filter = self._inject_read_filter(filter)
-        return await self._collection.delete_one(scoped_filter, *args, **kwargs)
+        return await self._collection.delete_one(scoped_filter, *args, **kwargs_for_delete)
 
-    async def delete_many(
-        self, filter: Mapping[str, Any], *args, **kwargs
-    ) -> DeleteResult:
+    async def delete_many(self, filter: Mapping[str, Any], *args, **kwargs) -> DeleteResult:
         """Applies the read scope to the filter."""
+        # Validate query filter for security
+        self._query_validator.validate_filter(filter)
+
+        # Enforce query timeout
+        kwargs = self._resource_limiter.enforce_query_timeout(kwargs)
+        # Remove maxTimeMS - delete_many doesn't accept it
+        kwargs_for_delete = {k: v for k, v in kwargs.items() if k != "maxTimeMS"}
+
         scoped_filter = self._inject_read_filter(filter)
-        return await self._collection.delete_many(scoped_filter, *args, **kwargs)
+        return await self._collection.delete_many(scoped_filter, *args, **kwargs_for_delete)
 
     async def count_documents(
-        self, filter: Optional[Mapping[str, Any]] = None, *args, **kwargs
+        self, filter: Mapping[str, Any] | None = None, *args, **kwargs
     ) -> int:
         """
         Applies the read scope to the filter for counting.
         Automatically ensures appropriate indexes exist for the query.
         """
+        # Validate query filter for security
+        self._query_validator.validate_filter(filter)
+
+        # Note: count_documents doesn't reliably support maxTimeMS in all Motor versions
+        # Remove it to avoid cursor creation errors when auto-indexing triggers list_indexes()
+        kwargs_for_count = {k: v for k, v in kwargs.items() if k != "maxTimeMS"}
+        # Don't enforce timeout for count_documents to avoid issues with cursor operations
+
         # Magical auto-indexing: ensure indexes exist before querying
         if self.auto_index_manager:
             await self.auto_index_manager.ensure_index_for_query(filter=filter)
 
         scoped_filter = self._inject_read_filter(filter)
-        return await self._collection.count_documents(scoped_filter, *args, **kwargs)
+        return await self._collection.count_documents(scoped_filter, *args, **kwargs_for_count)
 
-    def aggregate(
-        self, pipeline: List[Dict[str, Any]], *args, **kwargs
-    ) -> AsyncIOMotorCursor:
+    def aggregate(self, pipeline: list[dict[str, Any]], *args, **kwargs) -> AsyncIOMotorCursor:
         """
         Injects a scope filter into the pipeline. For normal pipelines, we prepend
         a $match stage. However, if the first stage is $vectorSearch, we embed
         the read_scope filter into its 'filter' property, because $vectorSearch must
         remain the very first stage in Atlas.
         """
+        # Validate aggregation pipeline for security
+        self._query_validator.validate_pipeline(pipeline)
+
+        # Enforce query timeout - Motor's aggregate() accepts maxTimeMS
+        kwargs = self._resource_limiter.enforce_query_timeout(kwargs)
+
         if not pipeline:
             # No stages given, just prepend our $match
             scope_match_stage = {"$match": {"app_id": {"$in": self._read_scopes}}}
@@ -1359,45 +1632,175 @@ class ScopedMongoWrapper:
 
     # Class-level cache for collections that have app_id index checked
     # Key: collection name, Value: boolean (True if index exists, False if check is pending)
-    _app_id_index_cache: ClassVar[Dict[str, bool]] = {}
+    _app_id_index_cache: ClassVar[dict[str, bool]] = {}
     # Lock to prevent race conditions when multiple requests try to create the same index
     _app_id_index_lock: ClassVar[asyncio.Lock] = asyncio.Lock()
 
-    __slots__ = ("_db", "_read_scopes", "_write_scope", "_wrapper_cache", "_auto_index")
+    __slots__ = (
+        "_db",
+        "_read_scopes",
+        "_write_scope",
+        "_wrapper_cache",
+        "_auto_index",
+        "_query_validator",
+        "_resource_limiter",
+        "_app_slug",
+        "_app_token",
+        "_app_secrets_manager",
+        "_token_verified",
+        "_token_verification_lock",
+    )
 
     def __init__(
         self,
         real_db: AsyncIOMotorDatabase,
-        read_scopes: List[str],
+        read_scopes: list[str],
         write_scope: str,
         auto_index: bool = True,
+        query_validator: QueryValidator | None = None,
+        resource_limiter: ResourceLimiter | None = None,
+        app_slug: str | None = None,
+        app_token: str | None = None,
+        app_secrets_manager: Optional["AppSecretsManager"] = None,
     ):
         self._db = real_db
         self._read_scopes = read_scopes
         self._write_scope = write_scope
         self._auto_index = auto_index
 
+        # Query security and resource limits (shared across all collections)
+        self._query_validator = query_validator or QueryValidator()
+        self._resource_limiter = resource_limiter or ResourceLimiter()
+
+        # Token verification for app authentication
+        self._app_slug = app_slug
+        self._app_token = app_token
+        self._app_secrets_manager = app_secrets_manager
+        self._token_verified = False
+        self._token_verification_lock = asyncio.Lock()
+
         # Cache for created collection wrappers.
-        self._wrapper_cache: Dict[str, ScopedCollectionWrapper] = {}
+        self._wrapper_cache: dict[str, ScopedCollectionWrapper] = {}
 
-    @property
-    def database(self) -> AsyncIOMotorDatabase:
+    async def _verify_token_if_needed(self) -> None:
         """
-        Access the underlying AsyncIOMotorDatabase (unscoped).
+        Verify app token lazily on first database operation.
 
-        This is useful for advanced operations that need direct access to the
-        real database without scoping, such as index management.
+        This method ensures token verification happens even when get_scoped_db()
+        is called from an async context where sync verification was skipped.
 
-        Returns:
-            The underlying AsyncIOMotorDatabase instance
+        Raises:
+            ValueError: If token verification fails
+        """
+        # If already verified, skip
+        if self._token_verified:
+            return
 
-        Example:
-            # Access underlying database for index management
-            real_db = db.raw.database
-            collection = real_db["my_collection"]
-            index_manager = AsyncAtlasIndexManager(collection)
+        # If no token or secrets manager, skip verification
+        if not self._app_token or not self._app_secrets_manager or not self._app_slug:
+            self._token_verified = True
+            return
+
+        # Use lock to prevent race conditions
+        async with self._token_verification_lock:
+            # Double-check after acquiring lock
+            if self._token_verified:
+                return
+
+            # Verify token
+            is_valid = await self._app_secrets_manager.verify_app_secret(
+                self._app_slug, self._app_token
+            )
+
+            if not is_valid:
+                logger.warning(f"Security: Invalid app token for '{self._app_slug}'")
+                raise ValueError("Invalid app token")
+
+            # Mark as verified
+            self._token_verified = True
+            logger.debug(f"Token verified for app '{self._app_slug}'")
+
+    def _validate_cross_app_access(self, prefixed_name: str) -> None:
+        """
+        Validate that cross-app collection access is authorized.
+
+        Args:
+            prefixed_name: Prefixed collection name (e.g., "other_app_collection")
+
+        Raises:
+            ValueError: If cross-app access is not authorized
+        """
+        # Extract app slug from prefixed name
+        target_app = _extract_app_slug_from_prefixed_name(prefixed_name)
+        if target_app is None:
+            return  # Same-app access or not a valid prefixed name
+
+        # Check if target app is in read_scopes
+        if target_app not in self._read_scopes:
+            logger.warning(
+                f"Security: Unauthorized cross-app access attempt. "
+                f"Collection: '{prefixed_name}', Target app: '{target_app}', "
+                f"Read scopes: {self._read_scopes}, Write scope: {self._write_scope}"
+            )
+            raise ValueError(
+                f"Access to collection '{prefixed_name}' not authorized. "
+                f"App '{target_app}' is not in read_scopes {self._read_scopes}. "
+                "Cross-app access must be explicitly granted via read_scopes."
+            )
+
+        # Log authorized cross-app access for audit trail
+        logger.info(
+            f"Cross-app access authorized. "
+            f"Collection: '{prefixed_name}', From app: '{self._write_scope}', "
+            f"To app: '{target_app}'"
+        )
+
+    def __getattribute__(self, name: str) -> Any:
+        """
+        Override to validate collection names before attribute access.
+        This ensures validation happens even if MagicMock creates attributes dynamically.
         """
-        return self._db
+        # Handle our own attributes first (use super() to avoid recursion)
+        if name.startswith("_") or name in ("get_collection",):
+            return super().__getattribute__(name)
+
+        # Validate collection name for security BEFORE checking if attribute exists
+        # This ensures ValueError is raised even if MagicMock would create the attribute
+        validation_error = None
+        if not name.startswith("_"):
+            try:
+                _validate_collection_name(name, allow_prefixed=False)
+            except ValueError as e:
+                # Log the warning without accessing object attributes to avoid recursion
+                # The validation error itself is what matters, not the logging details
+                try:
+                    logger.warning(
+                        f"Security: Invalid collection name attempted. "
+                        f"Name: '{name}', Error: {e}"
+                    )
+                except (AttributeError, RuntimeError):
+                    # If logging fails due to logger issues, continue -
+                    # validation error is what matters
+                    # Type 2: Recoverable - we can continue without logging
+                    pass
+                # Store the error to raise after checking attribute existence
+                # This ensures we raise ValueError even if MagicMock creates the attribute
+                validation_error = ValueError(str(e))
+
+        # Continue with normal attribute access
+        try:
+            attr = super().__getattribute__(name)
+            # If validation failed, raise ValueError now (even if attribute exists)
+            if validation_error is not None:
+                raise validation_error
+            return attr
+        except AttributeError:
+            # Attribute doesn't exist
+            # If validation failed, raise ValueError (from None: unrelated to AttributeError)
+            if validation_error is not None:
+                raise validation_error from None
+            # Delegate to __getattr__ for collection creation
+            return self.__getattr__(name)
 
     def __getattr__(self, name: str) -> ScopedCollectionWrapper:
         """
@@ -1406,6 +1809,17 @@ class ScopedMongoWrapper:
         If `name` is a collection, returns a `ScopedCollectionWrapper`.
         """
 
+        # Explicitly block access to 'database' property (removed for security)
+        if name == "database":
+            logger.warning(
+                f"Security: Attempted access to 'database' property. " f"App: {self._write_scope}"
+            )
+            raise AttributeError(
+                "'database' property has been removed for security. "
+                "Use collection.index_manager for index operations. "
+                "All data access must go through scoped collections."
+            )
+
         # Prevent proxying private/special attributes
         if name.startswith("_"):
             raise AttributeError(
@@ -1413,11 +1827,33 @@ class ScopedMongoWrapper:
                 "Access to private attributes is blocked."
             )
 
+        # Note: Validation already happened in __getattribute__, but we validate again
+        # for safety in case __getattr__ is called directly
+        try:
+            _validate_collection_name(name, allow_prefixed=False)
+        except ValueError as e:
+            logger.warning(
+                f"Security: Invalid collection name attempted. "
+                f"Name: '{name}', App: {self._write_scope}, Error: {e}"
+            )
+            raise
+
         # Construct the prefixed collection name, e.g., "data_imaging_workouts"
         # `self._write_scope` holds the slug (e.g., "data_imaging")
         # `name` holds the base name (e.g., "workouts")
         prefixed_name = f"{self._write_scope}_{name}"
 
+        # Validate prefixed name as well (for reserved names check)
+        try:
+            _validate_collection_name(prefixed_name, allow_prefixed=True)
+        except ValueError as e:
+            logger.warning(
+                f"Security: Invalid prefixed collection name. "
+                f"Base name: '{name}', Prefixed: '{prefixed_name}', "
+                f"App: {self._write_scope}, Error: {e}"
+            )
+            raise
+
         # Check cache first using the *prefixed_name*
         if prefixed_name in self._wrapper_cache:
             return self._wrapper_cache[prefixed_name]
@@ -1439,6 +1875,8 @@ class ScopedMongoWrapper:
             read_scopes=self._read_scopes,
             write_scope=self._write_scope,
             auto_index=self._auto_index,
+            query_validator=self._query_validator,
+            resource_limiter=self._resource_limiter,
         )
 
         # Magically ensure app_id index exists (it's always used in queries)
@@ -1476,17 +1914,13 @@ class ScopedMongoWrapper:
                             f"connection is closed (likely during shutdown)"
                         )
                         async with ScopedMongoWrapper._app_id_index_lock:
-                            ScopedMongoWrapper._app_id_index_cache.pop(
-                                collection_name, None
-                            )
+                            ScopedMongoWrapper._app_id_index_cache.pop(collection_name, None)
                         return
 
                     has_index = await self._ensure_app_id_index(real_collection)
                     # Update cache with result (inside lock for thread-safety)
                     async with ScopedMongoWrapper._app_id_index_lock:
-                        ScopedMongoWrapper._app_id_index_cache[collection_name] = (
-                            has_index
-                        )
+                        ScopedMongoWrapper._app_id_index_cache[collection_name] = has_index
                 except (
                     ConnectionFailure,
                     ServerSelectionTimeoutError,
@@ -1499,30 +1933,82 @@ class ScopedMongoWrapper:
                     )
                     # Remove from cache on error so we can retry later
                     async with ScopedMongoWrapper._app_id_index_lock:
-                        ScopedMongoWrapper._app_id_index_cache.pop(
-                            collection_name, None
-                        )
+                        ScopedMongoWrapper._app_id_index_cache.pop(collection_name, None)
                 except OperationFailure as e:
                     # Index creation failed for other reasons (non-critical)
                     logger.debug(f"App_id index creation failed (non-critical): {e}")
                     # Remove from cache on error so we can retry later
                     async with ScopedMongoWrapper._app_id_index_lock:
-                        ScopedMongoWrapper._app_id_index_cache.pop(
-                            collection_name, None
-                        )
+                        ScopedMongoWrapper._app_id_index_cache.pop(collection_name, None)
+                # Let other exceptions bubble up - they are non-recoverable (Type 4)
 
             # Check cache first (quick check before lock)
             if collection_name not in ScopedMongoWrapper._app_id_index_cache:
                 # Fire and forget - task will check lock internally
                 # (managed to prevent accumulation)
-                _create_managed_task(
-                    _safe_app_id_index_check(), task_name="app_id_index_check"
-                )
+                _create_managed_task(_safe_app_id_index_check(), task_name="app_id_index_check")
 
         # Store it in the cache for this instance using the *prefixed_name*
         self._wrapper_cache[prefixed_name] = wrapper
         return wrapper
 
+    def _find_matched_app_for_collection(self, name: str) -> str | None:
+        """
+        Check if collection name matches any app slug in read_scopes (cross-app access).
+
+        Args:
+            name: Collection name to check
+
+        Returns:
+            Matched app slug if found, None otherwise
+        """
+        if "_" not in name:
+            return None
+
+        # Check if any app slug in read_scopes matches the beginning of the name
+        for app_slug in self._read_scopes:
+            if name.startswith(f"{app_slug}_") and app_slug != self._write_scope:
+                return app_slug
+        return None
+
+    def _resolve_prefixed_collection_name(self, name: str, matched_app: str | None) -> str:
+        """
+        Resolve the prefixed collection name based on matched app or write scope.
+
+        Args:
+            name: Collection name (base or prefixed)
+            matched_app: Matched app slug if cross-app access, None otherwise
+
+        Returns:
+            Prefixed collection name
+
+        Raises:
+            ValueError: If prefixed name is invalid
+        """
+        if matched_app:
+            # This is authorized cross-app access
+            prefixed_name = name
+            # Log authorized cross-app access for audit trail
+            logger.info(
+                f"Cross-app access authorized. "
+                f"Collection: '{prefixed_name}', From app: '{self._write_scope}', "
+                f"To app: '{matched_app}'"
+            )
+        else:
+            # Regular collection name - prefix with write_scope
+            prefixed_name = f"{self._write_scope}_{name}"
+            # Validate prefixed name
+            try:
+                _validate_collection_name(prefixed_name, allow_prefixed=True)
+            except ValueError as e:
+                logger.warning(
+                    f"Security: Invalid prefixed collection name in get_collection(). "
+                    f"Base name: '{name}', Prefixed: '{prefixed_name}', "
+                    f"App: {self._write_scope}, Error: {e}"
+                )
+                raise
+        return prefixed_name
+
     def get_collection(self, name: str) -> ScopedCollectionWrapper:
         """
         Get a collection by name (Motor-like API).
@@ -1539,6 +2025,9 @@ class ScopedMongoWrapper:
         Returns:
             ScopedCollectionWrapper instance
 
+        Raises:
+            ValueError: If collection name is invalid or cross-app access is not authorized
+
         Example:
             # Same-app collection (base name)
             collection = db.get_collection("my_collection")
@@ -1546,15 +2035,21 @@ class ScopedMongoWrapper:
             # Cross-app collection (fully prefixed)
             collection = db.get_collection("click_tracker_clicks")
         """
-        # Check if name is already fully prefixed (contains underscore and is longer)
-        # We use a heuristic: if name contains underscore and doesn't start with write_scope,
-        # assume it's already fully prefixed
-        if "_" in name and not name.startswith(f"{self._write_scope}_"):
-            # Assume it's already fully prefixed (cross-app access)
-            prefixed_name = name
-        else:
-            # Standard case: prefix with write_scope
-            prefixed_name = f"{self._write_scope}_{name}"
+        # Validate collection name for security
+        try:
+            _validate_collection_name(name, allow_prefixed=True)
+        except ValueError as e:
+            logger.warning(
+                f"Security: Invalid collection name in get_collection(). "
+                f"Name: '{name}', App: {self._write_scope}, Error: {e}"
+            )
+            raise
+
+        # Check if name is already fully prefixed (cross-app access)
+        matched_app = self._find_matched_app_for_collection(name)
+
+        # Resolve prefixed name based on matched app or write scope
+        prefixed_name = self._resolve_prefixed_collection_name(name, matched_app)
 
         # Check cache first
         if prefixed_name in self._wrapper_cache:
@@ -1576,6 +2071,9 @@ class ScopedMongoWrapper:
             read_scopes=self._read_scopes,
             write_scope=self._write_scope,
             auto_index=self._auto_index,
+            query_validator=self._query_validator,
+            resource_limiter=self._resource_limiter,
+            parent_wrapper=self,
         )
 
         # Magically ensure app_id index exists (background task)
@@ -1607,16 +2105,12 @@ class ScopedMongoWrapper:
                             f"connection is closed (likely during shutdown)"
                         )
                         async with ScopedMongoWrapper._app_id_index_lock:
-                            ScopedMongoWrapper._app_id_index_cache.pop(
-                                collection_name, None
-                            )
+                            ScopedMongoWrapper._app_id_index_cache.pop(collection_name, None)
                         return
 
                     has_index = await self._ensure_app_id_index(real_collection)
                     async with ScopedMongoWrapper._app_id_index_lock:
-                        ScopedMongoWrapper._app_id_index_cache[collection_name] = (
-                            has_index
-                        )
+                        ScopedMongoWrapper._app_id_index_cache[collection_name] = has_index
                 except (
                     ConnectionFailure,
                     ServerSelectionTimeoutError,
@@ -1628,27 +2122,53 @@ class ScopedMongoWrapper:
                         f"connection error (likely during shutdown): {e}"
                     )
                     async with ScopedMongoWrapper._app_id_index_lock:
-                        ScopedMongoWrapper._app_id_index_cache.pop(
-                            collection_name, None
-                        )
+                        ScopedMongoWrapper._app_id_index_cache.pop(collection_name, None)
                 except OperationFailure as e:
                     # Index creation failed for other reasons (non-critical)
                     logger.debug(f"App_id index creation failed (non-critical): {e}")
                     async with ScopedMongoWrapper._app_id_index_lock:
-                        ScopedMongoWrapper._app_id_index_cache.pop(
-                            collection_name, None
-                        )
+                        ScopedMongoWrapper._app_id_index_cache.pop(collection_name, None)
+                # Let other exceptions bubble up - they are non-recoverable (Type 4)
 
             if collection_name not in ScopedMongoWrapper._app_id_index_cache:
                 # Use managed task creation to prevent accumulation
-                _create_managed_task(
-                    _safe_app_id_index_check(), task_name="app_id_index_check"
-                )
+                _create_managed_task(_safe_app_id_index_check(), task_name="app_id_index_check")
 
         # Store it in the cache
         self._wrapper_cache[prefixed_name] = wrapper
         return wrapper
 
+    def __getitem__(self, name: str) -> ScopedCollectionWrapper:
+        """
+        Support bracket notation for collection access (e.g., db["collection_name"]).
+
+        This allows compatibility with code that uses bracket notation instead of
+        attribute access (e.g., TokenBlacklist, SessionManager).
+
+        Args:
+            name: Collection name (base name, will be prefixed with write_scope)
+
+        Returns:
+            ScopedCollectionWrapper instance
+
+        Raises:
+            ValueError: If collection name is invalid
+
+        Example:
+            collection = db["my_collection"]  # Same as db.my_collection
+        """
+        # Validate collection name for security (get_collection will do additional validation)
+        try:
+            _validate_collection_name(name, allow_prefixed=False)
+        except ValueError as e:
+            logger.warning(
+                f"Security: Invalid collection name in __getitem__(). "
+                f"Name: '{name}', App: {self._write_scope}, Error: {e}"
+            )
+            raise
+
+        return self.get_collection(name)
+
     async def _ensure_app_id_index(self, collection: AsyncIOMotorCollection) -> bool:
         """
         Ensures app_id index exists on collection.
@@ -1680,11 +2200,7 @@ class ScopedMongoWrapper:
                     return True
                 except OperationFailure as e:
                     # Handle index build aborted (e.g., database being dropped during teardown)
-                    if (
-                        e.code == 276
-                        or "IndexBuildAborted" in str(e)
-                        or "dropDatabase" in str(e)
-                    ):
+                    if e.code == 276 or "IndexBuildAborted" in str(e) or "dropDatabase" in str(e):
                         logger.debug(
                             f"Skipping app_id index creation on {collection.name}: "
                             f"index build aborted (likely during database drop/teardown): {e}"
@@ -1694,19 +2210,13 @@ class ScopedMongoWrapper:
             return True
         except OperationFailure as e:
             # Handle index build aborted (e.g., database being dropped during teardown)
-            if (
-                e.code == 276
-                or "IndexBuildAborted" in str(e)
-                or "dropDatabase" in str(e)
-            ):
+            if e.code == 276 or "IndexBuildAborted" in str(e) or "dropDatabase" in str(e):
                 logger.debug(
                     f"Skipping app_id index creation on {collection.name}: "
                     f"index build aborted (likely during database drop/teardown): {e}"
                 )
                 return False
-            logger.debug(
-                f"OperationFailure ensuring app_id index on {collection.name}: {e}"
-            )
+            logger.debug(f"OperationFailure ensuring app_id index on {collection.name}: {e}")
             return False
         except (ConnectionFailure, ServerSelectionTimeoutError, InvalidOperation) as e:
             # Handle connection errors gracefully (e.g., during shutdown)