PyPI - mdb-engine - Versions diffs - 0.2.1__py3-none-any.whl → 0.2.3__py3-none-any.whl - Mend

mdb-engine 0.2.1py3-none-any.whl → 0.2.3py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (65) hide show

mdb_engine/auth/audit.py +40 -40
mdb_engine/auth/base.py +3 -3
mdb_engine/auth/casbin_factory.py +6 -6
mdb_engine/auth/config_defaults.py +5 -5
mdb_engine/auth/config_helpers.py +12 -12
mdb_engine/auth/cookie_utils.py +9 -9
mdb_engine/auth/csrf.py +9 -8
mdb_engine/auth/decorators.py +7 -6
mdb_engine/auth/dependencies.py +22 -21
mdb_engine/auth/integration.py +9 -9
mdb_engine/auth/jwt.py +9 -9
mdb_engine/auth/middleware.py +4 -3
mdb_engine/auth/oso_factory.py +6 -6
mdb_engine/auth/provider.py +4 -4
mdb_engine/auth/rate_limiter.py +12 -11
mdb_engine/auth/restrictions.py +16 -15
mdb_engine/auth/session_manager.py +11 -13
mdb_engine/auth/shared_middleware.py +16 -15
mdb_engine/auth/shared_users.py +20 -20
mdb_engine/auth/token_lifecycle.py +10 -12
mdb_engine/auth/token_store.py +4 -5
mdb_engine/auth/users.py +51 -52
mdb_engine/auth/utils.py +29 -33
mdb_engine/cli/commands/generate.py +6 -6
mdb_engine/cli/utils.py +4 -4
mdb_engine/config.py +6 -7
mdb_engine/core/app_registration.py +12 -12
mdb_engine/core/app_secrets.py +1 -2
mdb_engine/core/connection.py +3 -4
mdb_engine/core/encryption.py +1 -2
mdb_engine/core/engine.py +43 -44
mdb_engine/core/manifest.py +59 -58
mdb_engine/core/ray_integration.py +10 -9
mdb_engine/core/seeding.py +3 -3
mdb_engine/core/service_initialization.py +10 -9
mdb_engine/core/types.py +40 -40
mdb_engine/database/abstraction.py +15 -16
mdb_engine/database/connection.py +40 -12
mdb_engine/database/query_validator.py +8 -8
mdb_engine/database/resource_limiter.py +7 -7
mdb_engine/database/scoped_wrapper.py +51 -58
mdb_engine/dependencies.py +14 -13
mdb_engine/di/container.py +12 -13
mdb_engine/di/providers.py +14 -13
mdb_engine/di/scopes.py +5 -5
mdb_engine/embeddings/dependencies.py +2 -2
mdb_engine/embeddings/service.py +31 -43
mdb_engine/exceptions.py +20 -20
mdb_engine/indexes/helpers.py +11 -11
mdb_engine/indexes/manager.py +9 -9
mdb_engine/memory/service.py +30 -30
mdb_engine/observability/health.py +10 -9
mdb_engine/observability/logging.py +10 -10
mdb_engine/observability/metrics.py +8 -7
mdb_engine/repositories/base.py +25 -25
mdb_engine/repositories/mongo.py +17 -17
mdb_engine/repositories/unit_of_work.py +6 -6
mdb_engine/routing/websockets.py +19 -18
{mdb_engine-0.2.1.dist-info → mdb_engine-0.2.3.dist-info}/METADATA +8 -8
mdb_engine-0.2.3.dist-info/RECORD +96 -0
mdb_engine-0.2.1.dist-info/RECORD +0 -96
{mdb_engine-0.2.1.dist-info → mdb_engine-0.2.3.dist-info}/WHEEL +0 -0
{mdb_engine-0.2.1.dist-info → mdb_engine-0.2.3.dist-info}/entry_points.txt +0 -0
{mdb_engine-0.2.1.dist-info → mdb_engine-0.2.3.dist-info}/licenses/LICENSE +0 -0
{mdb_engine-0.2.1.dist-info → mdb_engine-0.2.3.dist-info}/top_level.txt +0 -0

mdb_engine/auth/audit.py CHANGED Viewed

@@ -35,7 +35,7 @@ Usage:
 import logging
 from datetime import datetime, timedelta
 from enum import Enum
-from typing import Any, Dict, List, Optional
+from typing import Any
 from motor.motor_asyncio import AsyncIOMotorDatabase
 from pymongo.errors import OperationFailure
@@ -161,12 +161,12 @@ class AuthAuditLog:
         self,
         action: AuthAction,
         success: bool,
-        user_email: Optional[str] = None,
-        user_id: Optional[str] = None,
-        app_slug: Optional[str] = None,
-        ip_address: Optional[str] = None,
-        user_agent: Optional[str] = None,
-        details: Optional[Dict[str, Any]] = None,
+        user_email: str | None = None,
+        user_id: str | None = None,
+        app_slug: str | None = None,
+        ip_address: str | None = None,
+        user_agent: str | None = None,
+        details: dict[str, Any] | None = None,
     ) -> str:
         """
         Log an authentication event.
@@ -217,9 +217,9 @@ class AuthAuditLog:
     async def log_login_success(
         self,
         email: str,
-        ip_address: Optional[str] = None,
-        user_agent: Optional[str] = None,
-        app_slug: Optional[str] = None,
+        ip_address: str | None = None,
+        user_agent: str | None = None,
+        app_slug: str | None = None,
     ) -> str:
         """Convenience method to log successful login."""
         return await self.log_event(
@@ -235,9 +235,9 @@ class AuthAuditLog:
         self,
         email: str,
         reason: str = "invalid_credentials",
-        ip_address: Optional[str] = None,
-        user_agent: Optional[str] = None,
-        app_slug: Optional[str] = None,
+        ip_address: str | None = None,
+        user_agent: str | None = None,
+        app_slug: str | None = None,
     ) -> str:
         """Convenience method to log failed login."""
         return await self.log_event(
@@ -253,8 +253,8 @@ class AuthAuditLog:
     async def log_logout(
         self,
         email: str,
-        ip_address: Optional[str] = None,
-        app_slug: Optional[str] = None,
+        ip_address: str | None = None,
+        app_slug: str | None = None,
     ) -> str:
         """Convenience method to log logout."""
         return await self.log_event(
@@ -268,9 +268,9 @@ class AuthAuditLog:
     async def log_register(
         self,
         email: str,
-        ip_address: Optional[str] = None,
-        user_agent: Optional[str] = None,
-        app_slug: Optional[str] = None,
+        ip_address: str | None = None,
+        user_agent: str | None = None,
+        app_slug: str | None = None,
     ) -> str:
         """Convenience method to log new user registration."""
         return await self.log_event(
@@ -286,10 +286,10 @@ class AuthAuditLog:
         self,
         email: str,
         app_slug: str,
-        old_roles: List[str],
-        new_roles: List[str],
-        changed_by: Optional[str] = None,
-        ip_address: Optional[str] = None,
+        old_roles: list[str],
+        new_roles: list[str],
+        changed_by: str | None = None,
+        ip_address: str | None = None,
     ) -> str:
         """Log a role change event."""
         action = (
@@ -312,8 +312,8 @@ class AuthAuditLog:
         self,
         email: str,
         reason: str = "logout",
-        ip_address: Optional[str] = None,
-        app_slug: Optional[str] = None,
+        ip_address: str | None = None,
+        app_slug: str | None = None,
     ) -> str:
         """Log token revocation."""
         return await self.log_event(
@@ -329,8 +329,8 @@ class AuthAuditLog:
         self,
         ip_address: str,
         endpoint: str,
-        email: Optional[str] = None,
-        app_slug: Optional[str] = None,
+        email: str | None = None,
+        app_slug: str | None = None,
     ) -> str:
         """Log rate limit exceeded event."""
         return await self.log_event(
@@ -349,10 +349,10 @@ class AuthAuditLog:
     async def get_recent_events(
         self,
         hours: int = 24,
-        action: Optional[AuthAction] = None,
-        success: Optional[bool] = None,
+        action: AuthAction | None = None,
+        success: bool | None = None,
         limit: int = 100,
-    ) -> List[Dict[str, Any]]:
+    ) -> list[dict[str, Any]]:
         """
         Get recent audit events.
@@ -367,7 +367,7 @@ class AuthAuditLog:
         """
         since = datetime.utcnow() - timedelta(hours=hours)
-        query: Dict[str, Any] = {"timestamp": {"$gte": since}}
+        query: dict[str, Any] = {"timestamp": {"$gte": since}}
         if action:
             query["action"] = action.value if isinstance(action, AuthAction) else action
         if success is not None:
@@ -384,11 +384,11 @@ class AuthAuditLog:
     async def get_failed_logins(
         self,
-        email: Optional[str] = None,
-        ip_address: Optional[str] = None,
+        email: str | None = None,
+        ip_address: str | None = None,
         hours: int = 24,
         limit: int = 100,
-    ) -> List[Dict[str, Any]]:
+    ) -> list[dict[str, Any]]:
         """
         Get failed login attempts.
@@ -403,7 +403,7 @@ class AuthAuditLog:
         """
         since = datetime.utcnow() - timedelta(hours=hours)
-        query: Dict[str, Any] = {
+        query: dict[str, Any] = {
             "action": AuthAction.LOGIN_FAILED.value,
             "timestamp": {"$gte": since},
         }
@@ -425,7 +425,7 @@ class AuthAuditLog:
         email: str,
         hours: int = 168,  # 7 days
         limit: int = 100,
-    ) -> List[Dict[str, Any]]:
+    ) -> list[dict[str, Any]]:
         """
         Get all activity for a specific user.
@@ -462,7 +462,7 @@ class AuthAuditLog:
         ip_address: str,
         hours: int = 24,
         limit: int = 100,
-    ) -> List[Dict[str, Any]]:
+    ) -> list[dict[str, Any]]:
         """
         Get all activity from a specific IP address.
@@ -498,8 +498,8 @@ class AuthAuditLog:
     async def count_failed_logins(
         self,
-        email: Optional[str] = None,
-        ip_address: Optional[str] = None,
+        email: str | None = None,
+        ip_address: str | None = None,
         hours: int = 1,
     ) -> int:
         """
@@ -517,7 +517,7 @@ class AuthAuditLog:
         """
         since = datetime.utcnow() - timedelta(hours=hours)
-        query: Dict[str, Any] = {
+        query: dict[str, Any] = {
             "action": AuthAction.LOGIN_FAILED.value,
             "timestamp": {"$gte": since},
         }
@@ -531,7 +531,7 @@ class AuthAuditLog:
     async def get_security_summary(
         self,
         hours: int = 24,
-    ) -> Dict[str, Any]:
+    ) -> dict[str, Any]:
         """
         Get security summary statistics.

mdb_engine/auth/base.py CHANGED Viewed

@@ -11,7 +11,7 @@ from __future__ import annotations
 import abc
 import logging
-from typing import Any, Optional
+from typing import Any
 logger = logging.getLogger(__name__)
@@ -71,7 +71,7 @@ class BaseAuthorizationProvider(abc.ABC):
         subject: str,
         resource: str,
         action: str,
-        user_object: Optional[dict[str, Any]] = None,
+        user_object: dict[str, Any] | None = None,
     ) -> bool:
         """
         Check if a subject is allowed to perform an action on a resource.
@@ -195,7 +195,7 @@ class BaseAuthorizationProvider(abc.ABC):
         resource: str,
         action: str,
         error: Exception,
-        context: Optional[str] = None,
+        context: str | None = None,
     ) -> bool:
         """
         Handle authorization evaluation errors with fail-closed security.

mdb_engine/auth/casbin_factory.py CHANGED Viewed

@@ -11,7 +11,7 @@ from __future__ import annotations
 import logging
 from pathlib import Path
-from typing import TYPE_CHECKING, Any, Optional
+from typing import TYPE_CHECKING, Any
 from .casbin_models import DEFAULT_RBAC_MODEL, SIMPLE_ACL_MODEL
@@ -46,7 +46,7 @@ async def get_casbin_model(model_type: str = "rbac") -> str:
                 # Try async file reading (non-blocking)
                 import aiofiles
-                async with aiofiles.open(model_path, "r") as f:
+                async with aiofiles.open(model_path) as f:
                     content = await f.read()
                     logger.debug(f"Read model file asynchronously: {model_path}")
                     return content
@@ -67,7 +67,7 @@ async def create_casbin_enforcer(
     db_name: str,
     model: str = "rbac",
     policies_collection: str = "casbin_policies",
-    default_roles: Optional[list] = None,
+    default_roles: list | None = None,
 ) -> casbin.AsyncEnforcer:
     """
     Create a Casbin AsyncEnforcer with MongoDB adapter.
@@ -189,7 +189,7 @@ async def create_casbin_enforcer(
 async def initialize_casbin_from_manifest(
     engine, app_slug: str, auth_config: dict[str, Any]
-) -> Optional[CasbinAdapter]:
+) -> CasbinAdapter | None:
     """
     Initialize Casbin provider from manifest configuration.
@@ -261,7 +261,7 @@ async def initialize_casbin_from_manifest(
         if initial_policies:
             logger.info(f"Setting up {len(initial_policies)} initial policies...")
             for policy in initial_policies:
-                if isinstance(policy, (list, tuple)) and len(policy) >= 3:
+                if isinstance(policy, list | tuple) and len(policy) >= 3:
                     role, resource, action = policy[0], policy[1], policy[2]
                     try:
                         # Check if policy already exists
@@ -331,7 +331,7 @@ async def initialize_casbin_from_manifest(
         if initial_policies:
             verified = 0
             for policy in initial_policies:
-                if isinstance(policy, (list, tuple)) and len(policy) >= 3:
+                if isinstance(policy, list | tuple) and len(policy) >= 3:
                     role, resource, action = policy[0], policy[1], policy[2]
                     if await adapter.has_policy(role, resource, action):
                         verified += 1

mdb_engine/auth/config_defaults.py CHANGED Viewed

@@ -7,9 +7,9 @@ This module provides a single source of truth for all config defaults.
 This module is part of MDB_ENGINE - MongoDB Engine.
 """
-from typing import Any, Dict
+from typing import Any
-SECURITY_CONFIG_DEFAULTS: Dict[str, Any] = {
+SECURITY_CONFIG_DEFAULTS: dict[str, Any] = {
     "password_policy": {
         "allow_plain_text": False,
         "min_length": 8,
@@ -35,7 +35,7 @@ SECURITY_CONFIG_DEFAULTS: Dict[str, Any] = {
     "token_fingerprinting": {"enabled": True, "bind_to_device": True},
 }
-TOKEN_MANAGEMENT_DEFAULTS: Dict[str, Any] = {
+TOKEN_MANAGEMENT_DEFAULTS: dict[str, Any] = {
     "enabled": True,
     "access_token_ttl": 900,
     "refresh_token_ttl": 604800,
@@ -45,7 +45,7 @@ TOKEN_MANAGEMENT_DEFAULTS: Dict[str, Any] = {
     "auto_setup": True,
 }
-CORS_DEFAULTS: Dict[str, Any] = {
+CORS_DEFAULTS: dict[str, Any] = {
     "enabled": False,
     "allow_origins": ["*"],
     "allow_credentials": False,
@@ -54,7 +54,7 @@ CORS_DEFAULTS: Dict[str, Any] = {
     "max_age": 3600,
 }
-OBSERVABILITY_DEFAULTS: Dict[str, Any] = {
+OBSERVABILITY_DEFAULTS: dict[str, Any] = {
     "health_checks": {"enabled": True, "endpoint": "/health", "interval_seconds": 30},
     "metrics": {
         "enabled": True,

mdb_engine/auth/config_helpers.py CHANGED Viewed

@@ -8,7 +8,7 @@ This module is part of MDB_ENGINE - MongoDB Engine.
 """
 import logging
-from typing import Any, Dict
+from typing import Any
 from fastapi import Request
@@ -23,8 +23,8 @@ logger = logging.getLogger(__name__)
 def merge_config_with_defaults(
-    user_config: Dict[str, Any], defaults: Dict[str, Any]
-) -> Dict[str, Any]:
+    user_config: dict[str, Any], defaults: dict[str, Any]
+) -> dict[str, Any]:
     """
     Deep merge user config with defaults.
@@ -55,7 +55,7 @@ def merge_config_with_defaults(
     return merged
-def get_security_config(request: Request) -> Dict[str, Any]:
+def get_security_config(request: Request) -> dict[str, Any]:
     """
     Get security configuration from app.state with defaults merged.
@@ -75,7 +75,7 @@ def get_security_config(request: Request) -> Dict[str, Any]:
         return SECURITY_CONFIG_DEFAULTS.copy()
-def get_password_policy(request: Request) -> Dict[str, Any]:
+def get_password_policy(request: Request) -> dict[str, Any]:
     """
     Get password policy configuration with defaults merged.
@@ -91,7 +91,7 @@ def get_password_policy(request: Request) -> Dict[str, Any]:
     )
-def get_session_fingerprinting_config(request: Request) -> Dict[str, Any]:
+def get_session_fingerprinting_config(request: Request) -> dict[str, Any]:
     """
     Get session fingerprinting configuration with defaults merged.
@@ -108,7 +108,7 @@ def get_session_fingerprinting_config(request: Request) -> Dict[str, Any]:
     )
-def get_account_lockout_config(request: Request) -> Dict[str, Any]:
+def get_account_lockout_config(request: Request) -> dict[str, Any]:
     """
     Get account lockout configuration with defaults merged.
@@ -124,7 +124,7 @@ def get_account_lockout_config(request: Request) -> Dict[str, Any]:
     )
-def get_ip_validation_config(request: Request) -> Dict[str, Any]:
+def get_ip_validation_config(request: Request) -> dict[str, Any]:
     """
     Get IP validation configuration with defaults merged.
@@ -138,7 +138,7 @@ def get_ip_validation_config(request: Request) -> Dict[str, Any]:
     return security_config.get("ip_validation", SECURITY_CONFIG_DEFAULTS["ip_validation"].copy())
-def get_token_fingerprinting_config(request: Request) -> Dict[str, Any]:
+def get_token_fingerprinting_config(request: Request) -> dict[str, Any]:
     """
     Get token fingerprinting configuration with defaults merged.
@@ -154,7 +154,7 @@ def get_token_fingerprinting_config(request: Request) -> Dict[str, Any]:
     )
-def get_token_management_config(request: Request) -> Dict[str, Any]:
+def get_token_management_config(request: Request) -> dict[str, Any]:
     """
     Get token management configuration from app.state with defaults merged.
@@ -174,7 +174,7 @@ def get_token_management_config(request: Request) -> Dict[str, Any]:
         return TOKEN_MANAGEMENT_DEFAULTS.copy()
-def get_cors_config(request: Request) -> Dict[str, Any]:
+def get_cors_config(request: Request) -> dict[str, Any]:
     """
     Get CORS configuration from app.state with defaults merged.
@@ -194,7 +194,7 @@ def get_cors_config(request: Request) -> Dict[str, Any]:
         return CORS_DEFAULTS.copy()
-def get_observability_config(request: Request) -> Dict[str, Any]:
+def get_observability_config(request: Request) -> dict[str, Any]:
     """
     Get observability configuration from app.state with defaults merged.

mdb_engine/auth/cookie_utils.py CHANGED Viewed

@@ -8,7 +8,7 @@ This module is part of MDB_ENGINE - MongoDB Engine.
 import logging
 import os
-from typing import Any, Dict, Optional
+from typing import Any
 from fastapi import Request
@@ -16,8 +16,8 @@ logger = logging.getLogger(__name__)
 def get_secure_cookie_settings(
-    request: Request, config: Optional[Dict[str, Any]] = None
-) -> Dict[str, Any]:
+    request: Request, config: dict[str, Any] | None = None
+) -> dict[str, Any]:
     """
     Get secure cookie settings based on manifest config and request environment.
@@ -76,11 +76,11 @@ def get_secure_cookie_settings(
 def set_auth_cookies(
     response,
     access_token: str,
-    refresh_token: Optional[str] = None,
-    request: Optional[Request] = None,
-    config: Optional[Dict[str, Any]] = None,
-    access_token_ttl: Optional[int] = None,
-    refresh_token_ttl: Optional[int] = None,
+    refresh_token: str | None = None,
+    request: Request | None = None,
+    config: dict[str, Any] | None = None,
+    access_token_ttl: int | None = None,
+    refresh_token_ttl: int | None = None,
 ):
     """
     Set authentication cookies on a response with secure settings.
@@ -130,7 +130,7 @@ def set_auth_cookies(
         )
-def clear_auth_cookies(response, request: Optional[Request] = None):
+def clear_auth_cookies(response, request: Request | None = None):
     """
     Clear authentication cookies from response.

mdb_engine/auth/csrf.py CHANGED Viewed

@@ -36,7 +36,8 @@ import logging
 import os
 import secrets
 import time
-from typing import Any, Awaitable, Callable, Dict, List, Optional, Set
+from collections.abc import Awaitable, Callable
+from typing import Any
 from fastapi import Request, Response, status
 from fastapi.responses import JSONResponse
@@ -55,7 +56,7 @@ DEFAULT_TOKEN_TTL = 3600  # 1 hour
 UNSAFE_METHODS = {"POST", "PUT", "DELETE", "PATCH"}
-def generate_csrf_token(secret: Optional[str] = None) -> str:
+def generate_csrf_token(secret: str | None = None) -> str:
     """
     Generate a cryptographically secure CSRF token.
@@ -79,7 +80,7 @@ def generate_csrf_token(secret: Optional[str] = None) -> str:
 def validate_csrf_token(
     token: str,
-    secret: Optional[str] = None,
+    secret: str | None = None,
     max_age: int = DEFAULT_TOKEN_TTL,
 ) -> bool:
     """
@@ -146,9 +147,9 @@ class CSRFMiddleware(BaseHTTPMiddleware):
     def __init__(
         self,
         app,
-        secret: Optional[str] = None,
-        exempt_routes: Optional[List[str]] = None,
-        exempt_methods: Optional[Set[str]] = None,
+        secret: str | None = None,
+        exempt_routes: list[str] | None = None,
+        exempt_methods: set[str] | None = None,
         cookie_name: str = CSRF_COOKIE_NAME,
         header_name: str = CSRF_HEADER_NAME,
         form_field: str = CSRF_FORM_FIELD,
@@ -300,8 +301,8 @@ class CSRFMiddleware(BaseHTTPMiddleware):
 def create_csrf_middleware(
-    manifest_auth: Dict[str, Any],
-    secret: Optional[str] = None,
+    manifest_auth: dict[str, Any],
+    secret: str | None = None,
 ) -> type:
     """
     Create CSRF middleware from manifest configuration.

mdb_engine/auth/decorators.py CHANGED Viewed

@@ -9,8 +9,9 @@ This module is part of MDB_ENGINE - MongoDB Engine.
 import logging
 import time
 from collections import defaultdict
+from collections.abc import Awaitable, Callable
 from functools import wraps
-from typing import Any, Awaitable, Callable, Dict, Optional
+from typing import Any
 from fastapi import HTTPException, Request, status
 from fastapi.responses import RedirectResponse
@@ -20,7 +21,7 @@ from .dependencies import get_current_user_from_request
 logger = logging.getLogger(__name__)
 # Rate limiting storage (in-memory, can be replaced with Redis for distributed systems)
-_rate_limit_storage: Dict[str, Dict[str, Any]] = defaultdict(dict)
+_rate_limit_storage: dict[str, dict[str, Any]] = defaultdict(dict)
 def require_auth(redirect_to: str = "/login"):
@@ -82,7 +83,7 @@ def _validate_https(request: Request) -> None:
         )
-async def _get_csrf_token(request: Request) -> Optional[str]:
+async def _get_csrf_token(request: Request) -> str | None:
     """Extract CSRF token from request headers or form data."""
     csrf_token = request.headers.get("X-CSRF-Token")
     if csrf_token:
@@ -151,8 +152,8 @@ def token_security(enforce_https: bool = True, check_csrf: bool = True):
 def rate_limit_auth(
     endpoint: str = "login",
-    max_attempts: Optional[int] = None,
-    window_seconds: Optional[int] = None,
+    max_attempts: int | None = None,
+    window_seconds: int | None = None,
 ):
     """
     Rate limiting decorator for auth endpoints.
@@ -242,7 +243,7 @@ def rate_limit_auth(
     return decorator
-def auto_token_setup(func: Optional[Callable[..., Awaitable[Any]]] = None):
+def auto_token_setup(func: Callable[..., Awaitable[Any]] | None = None):
     """
     Decorator to automatically set up tokens on successful login/register.

mdb-engine 0.2.1__py3-none-any.whl → 0.2.3__py3-none-any.whl

mdb-engine 0.2.1py3-none-any.whl → 0.2.3py3-none-any.whl