mdb-engine 0.2.0__py3-none-any.whl → 0.2.3__py3-none-any.whl

mdb_engine/auth/dependencies.py

@@ -9,8 +9,9 @@ This module is part of MDB_ENGINE - MongoDB Engine.
 import logging
 import os
 import uuid
+from collections.abc import Mapping
 from datetime import datetime, timedelta
-from typing import Any, Dict, Mapping, Optional, Tuple
+from typing import Any
 
 import jwt
 from fastapi import Cookie, Depends, HTTPException, Request, status
@@ -26,7 +27,7 @@ from .token_store import TokenBlacklist
 
 logger = logging.getLogger(__name__)
 
-_SECRET_KEY_CACHE: Optional[str] = None
+_SECRET_KEY_CACHE: str | None = None
 
 
 def _get_secret_key() -> str:
@@ -94,7 +95,7 @@ def _get_secret_key_value() -> str:
 SECRET_KEY = _SecretKey()
 
 
-def _validate_next_url(next_url: Optional[str]) -> str:
+def _validate_next_url(next_url: str | None) -> str:
     """
     Sanitizes a 'next' URL parameter to prevent Open Redirect vulnerabilities.
     """
@@ -127,7 +128,7 @@ async def get_authz_provider(request: Request) -> AuthorizationProvider:
     return provider
 
 
-async def get_token_blacklist(request: Request) -> Optional[TokenBlacklist]:
+async def get_token_blacklist(request: Request) -> TokenBlacklist | None:
     """
     FastAPI Dependency: Retrieves token blacklist from app.state.
 
@@ -137,7 +138,7 @@ async def get_token_blacklist(request: Request) -> Optional[TokenBlacklist]:
     return blacklist
 
 
-async def get_session_manager(request: Request) -> Optional[SessionManager]:
+async def get_session_manager(request: Request) -> SessionManager | None:
     """
     FastAPI Dependency: Retrieves session manager from app.state.
 
@@ -149,8 +150,8 @@ async def get_session_manager(request: Request) -> Optional[SessionManager]:
 
 async def get_current_user(
     request: Request,
-    token: Optional[str] = Cookie(default=None),
-) -> Optional[Dict[str, Any]]:
+    token: str | None = Cookie(default=None),
+) -> dict[str, Any] | None:
     """
     FastAPI Dependency: Decodes and validates the JWT stored in the 'token' cookie.
 
@@ -212,7 +213,7 @@ async def get_current_user(
         return None
 
 
-async def get_current_user_from_request(request: Request) -> Optional[Dict[str, Any]]:
+async def get_current_user_from_request(request: Request) -> dict[str, Any] | None:
     """
     Helper function to get current user from a Request object.
     This is useful when you need to call get_current_user outside of FastAPI dependency injection.
@@ -289,8 +290,8 @@ async def get_current_user_from_request(request: Request) -> Optional[Dict[str,
 
 async def get_refresh_token(
     request: Request,
-    refresh_token: Optional[str] = Cookie(default=None),
-) -> Optional[Dict[str, Any]]:
+    refresh_token: str | None = Cookie(default=None),
+) -> dict[str, Any] | None:
     """
     FastAPI Dependency: Validates refresh token from cookie.
 
@@ -385,9 +386,9 @@ async def get_refresh_token(
 
 
 async def require_admin(
-    user: Optional[Mapping[str, Any]] = Depends(get_current_user),
+    user: Mapping[str, Any] | None = Depends(get_current_user),
     authz: AuthorizationProvider = Depends(get_authz_provider),
-) -> Dict[str, Any]:
+) -> dict[str, Any]:
     """
     FastAPI Dependency: Enforces admin privileges via the pluggable AuthZ provider.
     """
@@ -421,9 +422,9 @@ async def require_admin(
 
 
 async def require_admin_or_developer(
-    user: Optional[Mapping[str, Any]] = Depends(get_current_user),
+    user: Mapping[str, Any] | None = Depends(get_current_user),
     authz: AuthorizationProvider = Depends(get_authz_provider),
-) -> Dict[str, Any]:
+) -> dict[str, Any]:
     """
     FastAPI Dependency: Enforces admin OR developer privileges.
     Developers can upload apps, admins can upload any app.
@@ -482,8 +483,8 @@ async def require_admin_or_developer(
 
 
 async def get_current_user_or_redirect(
-    request: Request, user: Optional[Mapping[str, Any]] = Depends(get_current_user)
-) -> Dict[str, Any]:
+    request: Request, user: Mapping[str, Any] | None = Depends(get_current_user)
+) -> dict[str, Any]:
     """
     FastAPI Dependency: Enforces user authentication. Redirects to login if not authenticated.
     """
@@ -534,10 +535,10 @@ def require_permission(obj: str, act: str, force_login: bool = True):
 
     async def _check_permission(
         # 2. The type hint MUST be Optional now
-        user: Optional[Dict[str, Any]] = Depends(user_dependency),
+        user: dict[str, Any] | None = Depends(user_dependency),
         # 3. Ask for the generic INTERFACE
         authz: AuthorizationProvider = Depends(get_authz_provider),
-    ) -> Optional[Dict[str, Any]]:  # 4. Return type is also Optional
+    ) -> dict[str, Any] | None:  # 4. Return type is also Optional
         """Internal dependency function performing the AuthZ check."""
 
         # 5. Check for 'anonymous' if user is None
@@ -595,9 +596,9 @@ def require_permission(obj: str, act: str, force_login: bool = True):
 
 async def refresh_access_token(
     request: Request,
-    refresh_token_payload: Dict[str, Any],
-    device_info: Optional[Dict[str, Any]] = None,
-) -> Optional[Tuple[str, str, Dict[str, Any]]]:
+    refresh_token_payload: dict[str, Any],
+    device_info: dict[str, Any] | None = None,
+) -> tuple[str, str, dict[str, Any]] | None:
     """
     Refresh an access token using a valid refresh token.
 

mdb_engine/auth/integration.py

@@ -8,7 +8,7 @@ This module is part of MDB_ENGINE - MongoDB Engine.
 
 import logging
 import os
-from typing import Any, Dict, Optional
+from typing import Any
 
 from fastapi import FastAPI
 
@@ -24,7 +24,7 @@ from .helpers import initialize_token_management
 logger = logging.getLogger(__name__)
 
 # Cache for auth configs
-_auth_config_cache: Dict[str, Dict[str, Any]] = {}
+_auth_config_cache: dict[str, dict[str, Any]] = {}
 
 
 def _has_cors_middleware(app: FastAPI) -> bool:
@@ -57,7 +57,7 @@ def _has_cors_middleware(app: FastAPI) -> bool:
         return False
 
 
-def invalidate_auth_config_cache(slug_id: Optional[str] = None) -> None:
+def invalidate_auth_config_cache(slug_id: str | None = None) -> None:
     """
     Invalidate auth config cache for a specific app or all apps.
 
@@ -72,7 +72,7 @@ def invalidate_auth_config_cache(slug_id: Optional[str] = None) -> None:
         logger.debug("Invalidated entire auth config cache")
 
 
-async def get_auth_config(slug_id: str, engine) -> Dict[str, Any]:
+async def get_auth_config(slug_id: str, engine) -> dict[str, Any]:
     """
     Retrieve authentication configuration from manifest.
 
@@ -121,7 +121,7 @@ async def get_auth_config(slug_id: str, engine) -> Dict[str, Any]:
 
 
 async def _setup_authorization_provider(
-    app: FastAPI, engine, slug_id: str, config: Dict[str, Any]
+    app: FastAPI, engine, slug_id: str, config: dict[str, Any]
 ) -> None:
     """Set up authorization provider (Casbin/OSO/custom) from manifest."""
     auth = config.get("auth", {})
@@ -181,7 +181,7 @@ async def _setup_authorization_provider(
         logger.info(f"Custom provider specified for {slug_id} - manual setup required")
 
 
-async def _setup_demo_users(app: FastAPI, engine, slug_id: str, config: Dict[str, Any]) -> list:
+async def _setup_demo_users(app: FastAPI, engine, slug_id: str, config: dict[str, Any]) -> list:
     """Set up demo users and link with OSO roles if applicable."""
     auth = config.get("auth", {})
     users_config = auth.get("users", {})
@@ -325,7 +325,7 @@ async def _setup_demo_users(app: FastAPI, engine, slug_id: str, config: Dict[str
 
 
 async def _setup_token_management(
-    app: FastAPI, engine, slug_id: str, token_management: Dict[str, Any]
+    app: FastAPI, engine, slug_id: str, token_management: dict[str, Any]
 ) -> None:
     """Initialize token management (blacklist and session manager)."""
     if token_management.get("auto_setup", True):
@@ -356,7 +356,7 @@ async def _setup_token_management(
 
 
 async def _setup_security_middleware(
-    app: FastAPI, slug_id: str, security_config: Dict[str, Any]
+    app: FastAPI, slug_id: str, security_config: dict[str, Any]
 ) -> None:
     """Set up security middleware (if not already added)."""
     if security_config.get("csrf_protection", True) or security_config.get("require_https", False):
@@ -392,7 +392,7 @@ async def _setup_security_middleware(
 
 
 async def _setup_cors_and_observability(
-    app: FastAPI, engine, slug_id: str, config: Dict[str, Any]
+    app: FastAPI, engine, slug_id: str, config: dict[str, Any]
 ) -> None:
     """Set up CORS and observability configs and middleware."""
     # Get manifest data first if available

mdb_engine/auth/jwt.py

@@ -10,7 +10,7 @@ This module is part of MDB_ENGINE - MongoDB Engine.
 import logging
 import uuid
 from datetime import datetime, timedelta
-from typing import Any, Dict, Optional, Tuple
+from typing import Any
 
 import jwt
 
@@ -21,7 +21,7 @@ from ..constants import CURRENT_TOKEN_VERSION
 logger = logging.getLogger(__name__)
 
 
-def decode_jwt_token(token: Any, secret_key: str) -> Dict[str, Any]:
+def decode_jwt_token(token: Any, secret_key: str) -> dict[str, Any]:
     """
     Helper function to decode JWT tokens with automatic fallback to bytes format.
 
@@ -74,7 +74,7 @@ def decode_jwt_token(token: Any, secret_key: str) -> Dict[str, Any]:
 
 
 def encode_jwt_token(
-    payload: Dict[str, Any], secret_key: str, expires_in: Optional[int] = None
+    payload: dict[str, Any], secret_key: str, expires_in: int | None = None
 ) -> str:
     """
     Encode a JWT token with enhanced claims.
@@ -123,12 +123,12 @@ def encode_jwt_token(
 
 
 def generate_token_pair(
-    user_data: Dict[str, Any],
+    user_data: dict[str, Any],
     secret_key: str,
-    device_info: Optional[Dict[str, Any]] = None,
-    access_token_ttl: Optional[int] = None,
-    refresh_token_ttl: Optional[int] = None,
-) -> Tuple[str, str, Dict[str, Any]]:
+    device_info: dict[str, Any] | None = None,
+    access_token_ttl: int | None = None,
+    refresh_token_ttl: int | None = None,
+) -> tuple[str, str, dict[str, Any]]:
     """
     Generate a pair of access and refresh tokens.
 
@@ -190,7 +190,7 @@ def generate_token_pair(
     return access_token, refresh_token, token_metadata
 
 
-def extract_token_metadata(token: str, secret_key: str) -> Optional[Dict[str, Any]]:
+def extract_token_metadata(token: str, secret_key: str) -> dict[str, Any] | None:
     """
     Extract metadata from a token without full validation.
 

mdb_engine/auth/middleware.py

@@ -15,7 +15,8 @@ Security Features:
 import logging
 import os
 import secrets
-from typing import Any, Awaitable, Callable, Dict, Optional
+from collections.abc import Awaitable, Callable
+from typing import Any
 
 from fastapi import HTTPException, Request, Response, status
 from fastapi.responses import RedirectResponse
@@ -53,7 +54,7 @@ class SecurityMiddleware(BaseHTTPMiddleware):
         require_https: bool = False,
         csrf_protection: bool = True,
         security_headers: bool = True,
-        hsts_config: Optional[Dict[str, Any]] = None,
+        hsts_config: dict[str, Any] | None = None,
     ):
         """
         Initialize security middleware.
@@ -234,7 +235,7 @@ class StaleSessionMiddleware(BaseHTTPMiddleware):
                                     "session_cookie_name", "app_session"
                                 )
                                 cookie_name = f"{session_cookie_name}_{self.slug_id}"
-                    except (AttributeError, KeyError, TypeError, Exception):
+                    except (AttributeError, KeyError, TypeError):
                         pass
 
                 # Final fallback to default naming convention

mdb_engine/auth/oso_factory.py

@@ -11,7 +11,7 @@ from __future__ import annotations
 
 import logging
 import os
-from typing import TYPE_CHECKING, Any, Optional
+from typing import TYPE_CHECKING, Any
 
 if TYPE_CHECKING:
     from .provider import OsoAdapter
@@ -20,8 +20,8 @@ logger = logging.getLogger(__name__)
 
 
 async def create_oso_cloud_client(
-    api_key: Optional[str] = None,
-    url: Optional[str] = None,
+    api_key: str | None = None,
+    url: str | None = None,
     max_retries: int = 3,
     retry_delay: float = 2.0,
 ) -> Any:
@@ -114,8 +114,8 @@ async def create_oso_cloud_client(
 
 async def setup_initial_oso_facts(
     authz_provider: OsoAdapter,
-    initial_roles: Optional[list[dict[str, Any]]] = None,
-    initial_policies: Optional[list[dict[str, Any]]] = None,
+    initial_roles: list[dict[str, Any]] | None = None,
+    initial_policies: list[dict[str, Any]] | None = None,
 ) -> None:
     """
     Set up initial roles and policies in OSO Cloud.
@@ -149,7 +149,7 @@ async def setup_initial_oso_facts(
 
 async def initialize_oso_from_manifest(
     engine, app_slug: str, auth_config: dict[str, Any]
-) -> Optional[OsoAdapter]:
+) -> OsoAdapter | None:
     """
     Initialize OSO Cloud provider from manifest configuration.
 

mdb_engine/auth/provider.py

@@ -11,7 +11,7 @@ from __future__ import annotations  # MUST be first import for string type hints
 import asyncio
 import logging
 import time
-from typing import TYPE_CHECKING, Any, Optional, Protocol
+from typing import TYPE_CHECKING, Any, Protocol
 
 from ..constants import AUTHZ_CACHE_TTL, MAX_CACHE_SIZE
 
@@ -38,7 +38,7 @@ class AuthorizationProvider(Protocol):
         subject: str,
         resource: str,
         action: str,
-        user_object: Optional[dict[str, Any]] = None,
+        user_object: dict[str, Any] | None = None,
     ) -> bool:
         """
         Checks if a subject is allowed to perform an action on a resource.
@@ -91,7 +91,7 @@ class CasbinAdapter(BaseAuthorizationProvider):
         subject: str,
         resource: str,
         action: str,
-        user_object: Optional[dict[str, Any]] = None,
+        user_object: dict[str, Any] | None = None,
     ) -> bool:
         """
         Check authorization using Casbin's enforce method.
@@ -321,7 +321,7 @@ class OsoAdapter(BaseAuthorizationProvider):
         subject: str,
         resource: str,
         action: str,
-        user_object: Optional[dict[str, Any]] = None,
+        user_object: dict[str, Any] | None = None,
     ) -> bool:
         """
         Check authorization using OSO's authorize method.

mdb_engine/auth/rate_limiter.py

@@ -33,10 +33,11 @@ Usage:
 import logging
 import time
 from collections import defaultdict
+from collections.abc import Callable
 from dataclasses import dataclass
 from datetime import datetime, timedelta
 from functools import wraps
-from typing import Any, Callable, Dict, List, Optional, Tuple
+from typing import Any
 
 from pymongo.errors import OperationFailure
 from starlette.middleware.base import BaseHTTPMiddleware
@@ -53,7 +54,7 @@ class RateLimit:
     max_attempts: int = 5
     window_seconds: int = 300  # 5 minutes
 
-    def to_dict(self) -> Dict[str, int]:
+    def to_dict(self) -> dict[str, int]:
         return {
             "max_attempts": self.max_attempts,
             "window_seconds": self.window_seconds,
@@ -61,7 +62,7 @@ class RateLimit:
 
 
 # Default rate limits for auth endpoints
-DEFAULT_AUTH_RATE_LIMITS: Dict[str, RateLimit] = {
+DEFAULT_AUTH_RATE_LIMITS: dict[str, RateLimit] = {
     "/login": RateLimit(max_attempts=5, window_seconds=300),
     "/register": RateLimit(max_attempts=3, window_seconds=3600),
     "/logout": RateLimit(max_attempts=10, window_seconds=60),
@@ -78,7 +79,7 @@ class InMemoryRateLimitStore:
 
     def __init__(self):
         # Structure: {identifier: [(timestamp, count), ...]}
-        self._storage: Dict[str, List[Tuple[float, int]]] = defaultdict(list)
+        self._storage: dict[str, list[tuple[float, int]]] = defaultdict(list)
 
     async def record_attempt(
         self,
@@ -282,8 +283,8 @@ class AuthRateLimitMiddleware(BaseHTTPMiddleware):
     def __init__(
         self,
         app: Callable,
-        limits: Optional[Dict[str, RateLimit]] = None,
-        store: Optional[InMemoryRateLimitStore] = None,
+        limits: dict[str, RateLimit] | None = None,
+        store: InMemoryRateLimitStore | None = None,
         include_email_in_key: bool = True,
     ):
         """
@@ -377,7 +378,7 @@ class AuthRateLimitMiddleware(BaseHTTPMiddleware):
 
         return "unknown"
 
-    async def _extract_email(self, request: Request) -> Optional[str]:
+    async def _extract_email(self, request: Request) -> str | None:
         """Try to extract email from request body."""
         try:
             # Only try to read body for JSON requests
@@ -410,8 +411,8 @@ class AuthRateLimitMiddleware(BaseHTTPMiddleware):
 
 
 def create_rate_limit_middleware(
-    manifest_auth: Dict[str, Any],
-    store: Optional[InMemoryRateLimitStore] = None,
+    manifest_auth: dict[str, Any],
+    store: InMemoryRateLimitStore | None = None,
 ) -> type:
     """
     Factory function to create rate limit middleware from manifest config.
@@ -435,7 +436,7 @@ def create_rate_limit_middleware(
     """
     rate_limits_config = manifest_auth.get("rate_limits", {})
 
-    limits: Dict[str, RateLimit] = {}
+    limits: dict[str, RateLimit] = {}
     for path, config in rate_limits_config.items():
         limits[path] = RateLimit(
             max_attempts=config.get("max_attempts", 5),
@@ -456,7 +457,7 @@ def create_rate_limit_middleware(
 def rate_limit(
     max_attempts: int = 5,
     window_seconds: int = 300,
-    key_func: Optional[Callable[[Request], str]] = None,
+    key_func: Callable[[Request], str] | None = None,
 ):
     """
     Decorator for rate limiting individual endpoints.

mdb_engine/auth/restrictions.py

@@ -16,7 +16,8 @@ This module is part of MDB_ENGINE - MongoDB Engine.
 """
 
 import logging
-from typing import Any, Awaitable, Callable, Dict, Optional
+from collections.abc import Awaitable, Callable
+from typing import Any
 
 from fastapi import HTTPException, Request, status
 
@@ -27,7 +28,7 @@ from .users import get_app_user
 logger = logging.getLogger(__name__)
 
 
-def is_demo_user(user: Optional[Dict[str, Any]] = None, email: Optional[str] = None) -> bool:
+def is_demo_user(user: dict[str, Any] | None = None, email: str | None = None) -> bool:
     """
     Check if a user is a demo user.
 
@@ -55,7 +56,7 @@ def is_demo_user(user: Optional[Dict[str, Any]] = None, email: Optional[str] = N
     return False
 
 
-async def _get_platform_user(request: Request) -> Optional[Dict[str, Any]]:
+async def _get_platform_user(request: Request) -> dict[str, Any] | None:
     """Try to get user from platform authentication."""
     try:
         platform_user = await get_current_user_from_request(request)
@@ -70,9 +71,9 @@ async def _get_platform_user(request: Request) -> Optional[Dict[str, Any]]:
 async def _get_sub_auth_user(
     request: Request,
     slug_id: str,
-    get_app_config_func: Callable[[Request, str, Dict], Awaitable[Dict]],
+    get_app_config_func: Callable[[Request, str, dict], Awaitable[dict]],
     get_app_db_func: Callable[[Request], Awaitable[Any]],
-) -> Optional[Dict[str, Any]]:
+) -> dict[str, Any] | None:
     """Try to get user from sub-authentication."""
     try:
         db = await get_app_db_func(request)
@@ -104,9 +105,9 @@ async def _get_sub_auth_user(
 async def _get_authenticated_user(
     request: Request,
     slug_id: str,
-    get_app_config_func: Optional[Callable[[Request, str, Dict], Awaitable[Dict]]],
-    get_app_db_func: Optional[Callable[[Request], Awaitable[Any]]],
-) -> Optional[Dict[str, Any]]:
+    get_app_config_func: Callable[[Request, str, dict], Awaitable[dict]] | None,
+    get_app_db_func: Callable[[Request], Awaitable[Any]] | None,
+) -> dict[str, Any] | None:
     """Get authenticated user from platform or sub-auth."""
     # Try platform auth first
     user = await _get_platform_user(request)
@@ -132,8 +133,8 @@ def _validate_slug_id(request: Request) -> str:
 
 
 def _validate_dependencies(
-    get_app_config_func: Optional[Callable[[Request, str, Dict], Awaitable[Dict]]],
-    get_app_db_func: Optional[Callable[[Request], Awaitable[Any]]],
+    get_app_config_func: Callable[[Request, str, dict], Awaitable[dict]] | None,
+    get_app_db_func: Callable[[Request], Awaitable[Any]] | None,
 ) -> None:
     """Validate that required dependencies are provided."""
     if not get_app_db_func:
@@ -152,9 +153,9 @@ def _validate_dependencies(
 
 async def require_non_demo_user(
     request: Request,
-    get_app_config_func: Optional[Callable[[Request, str, Dict], Awaitable[Dict]]] = None,
-    get_app_db_func: Optional[Callable[[Request], Awaitable[Any]]] = None,
-) -> Dict[str, Any]:
+    get_app_config_func: Callable[[Request, str, dict], Awaitable[dict]] | None = None,
+    get_app_db_func: Callable[[Request], Awaitable[Any]] | None = None,
+) -> dict[str, Any]:
     """
     FastAPI dependency that blocks demo users from accessing an endpoint.
 
@@ -205,8 +206,8 @@ async def require_non_demo_user(
 
 async def block_demo_users(
     request: Request,
-    get_app_config_func: Optional[Callable[[Request, str, Dict], Awaitable[Dict]]] = None,
-    get_app_db_func: Optional[Callable[[Request], Awaitable[Any]]] = None,
+    get_app_config_func: Callable[[Request, str, dict], Awaitable[dict]] | None = None,
+    get_app_db_func: Callable[[Request], Awaitable[Any]] | None = None,
 ):
     """
     FastAPI dependency that blocks demo users and returns an error response.

mdb_engine/auth/session_manager.py

@@ -8,7 +8,7 @@ This module is part of MDB_ENGINE - MongoDB Engine.
 
 import logging
 from datetime import datetime, timedelta
-from typing import Any, Dict, List, Optional
+from typing import Any
 
 from bson.objectid import ObjectId
 
@@ -96,10 +96,10 @@ class SessionManager:
         user_id: str,
         device_id: str,
         refresh_jti: str,
-        device_info: Optional[Dict[str, Any]] = None,
-        ip_address: Optional[str] = None,
-        session_fingerprint: Optional[str] = None,
-    ) -> Optional[Dict[str, Any]]:
+        device_info: dict[str, Any] | None = None,
+        ip_address: str | None = None,
+        session_fingerprint: str | None = None,
+    ) -> dict[str, Any] | None:
         """
         Create a new user session.
 
@@ -173,7 +173,7 @@ class SessionManager:
             return None
 
     async def update_session_activity(
-        self, refresh_jti: str, ip_address: Optional[str] = None
+        self, refresh_jti: str, ip_address: str | None = None
     ) -> bool:
         """
         Update session last_seen timestamp (activity tracking).
@@ -207,7 +207,7 @@ class SessionManager:
             logger.error(f"Error updating session activity for {refresh_jti}: {e}", exc_info=True)
             return False
 
-    async def get_session_by_refresh_token(self, refresh_jti: str) -> Optional[Dict[str, Any]]:
+    async def get_session_by_refresh_token(self, refresh_jti: str) -> dict[str, Any] | None:
         """
         Get session by refresh token JWT ID.
 
@@ -234,7 +234,7 @@ class SessionManager:
             return None
 
     async def validate_session_fingerprint(
-        self, refresh_jti: str, current_fingerprint: str, strict: Optional[bool] = None
+        self, refresh_jti: str, current_fingerprint: str, strict: bool | None = None
     ) -> bool:
         """
         Validate session fingerprint matches stored fingerprint.
@@ -288,7 +288,7 @@ class SessionManager:
 
     async def get_user_sessions(
         self, user_id: str, active_only: bool = True
-    ) -> List[Dict[str, Any]]:
+    ) -> list[dict[str, Any]]:
         """
         Get all sessions for a user.
 
@@ -354,9 +354,7 @@ class SessionManager:
             logger.error(f"Error revoking session {session_id}: {e}", exc_info=True)
             return False
 
-    async def revoke_user_sessions(
-        self, user_id: str, exclude_device_id: Optional[str] = None
-    ) -> int:
+    async def revoke_user_sessions(self, user_id: str, exclude_device_id: str | None = None) -> int:
         """
         Revoke all sessions for a user.
 
@@ -390,7 +388,7 @@ class SessionManager:
             logger.error(f"Error revoking sessions for user {user_id}: {e}", exc_info=True)
             return 0
 
-    async def cleanup_inactive_sessions(self, user_id: Optional[str] = None) -> int:
+    async def cleanup_inactive_sessions(self, user_id: str | None = None) -> int:
         """
         Clean up inactive sessions (beyond inactivity timeout).