mgf-fastapi 0.1.0__py3-none-any.whl

mgf/fastapi/__init__.py

@@ -0,0 +1,73 @@
+"""``mgf.fastapi`` — FastAPI integration adapters for ``mgf-common``.
+
+Sibling of :mod:`mgf.common` under the ``mgf.*`` namespace. Houses
+every FastAPI-specific adapter that previously lived under
+``mgf.common.fastapi.*`` — extracted at mgf-common v0.28 /
+mgf-fastapi v0.1 per the federation split plan.
+
+A consumer building a FastAPI service shouldn't reinvent the wiring
+for these every time:
+
+  - :func:`bootstrap` ↔ FastAPI lifespan (start/stop wiring).
+  - Per-request ``X-Request-Id`` generation + propagation to logs.
+  - Typed-exception → JSON response mapping
+    (``ConfigError`` → 400, ``ResourceNotFoundError`` → 404,
+    HTTP-01 leaves resolved via ``http_status``, etc.).
+  - ``Depends()`` helpers for request-scoped data (settings,
+    request_id, ``AppContext``).
+
+The submodules:
+
+  - :mod:`mgf.fastapi.webhooks` — Svix-shape HMAC webhook
+    verification (``HmacWebhookVerifier``, ``verify_request``).
+  - :mod:`mgf.fastapi.security` — request-side security
+    primitives (``IpAllowlist``).
+  - :mod:`mgf.fastapi.testing` — async context-manager test
+    server (``run_test_app``).
+  - :mod:`mgf.fastapi.exceptions` — sibling-domain concrete
+    exception leaves (``HmacVerificationError``).
+
+Install: ``pip install mgf-fastapi`` (or
+``pip install 'mgf-fastapi[testing]'`` for ``run_test_app``).
+
+The integration is **adapter-shaped, not framework-shaped**. Nothing
+here re-exports FastAPI primitives or hides them. The consumer's app
+is still a regular FastAPI app — these helpers just plug into the
+seams FastAPI provides (lifespan, middleware, dependencies).
+
+Closed-box invariant: ``mgf-fastapi`` depends on ``mgf-common`` +
+``fastapi`` only. Consumers using only ``mgf-common`` never see
+the import.
+"""
+
+from __future__ import annotations
+
+from mgf.fastapi._dependencies import (
+    get_app_context,
+    get_request_id,
+    get_settings,
+)
+from mgf.fastapi._exceptions import (
+    DEFAULT_STATUS_MAP,
+    ExceptionTranslationMiddleware,
+)
+from mgf.fastapi._lifespan import setup_lifespan
+from mgf.fastapi._request_id import (
+    REQUEST_ID_HEADER,
+    RequestIdMiddleware,
+    current_request_id,
+)
+from mgf.fastapi.exceptions import HmacVerificationError
+
+__all__ = [
+    "DEFAULT_STATUS_MAP",
+    "REQUEST_ID_HEADER",
+    "ExceptionTranslationMiddleware",
+    "HmacVerificationError",
+    "RequestIdMiddleware",
+    "current_request_id",
+    "get_app_context",
+    "get_request_id",
+    "get_settings",
+    "setup_lifespan",
+]

mgf/fastapi/_dependencies.py

@@ -0,0 +1,93 @@
+"""FastAPI ``Depends()`` helpers for mgf-common-shaped data.
+
+Each function is a plain callable suitable for use as a FastAPI
+dependency::
+
+    from fastapi import Depends, FastAPI
+    from mgf.fastapi import get_app_context, get_request_id
+
+    @app.get("/whoami")
+    async def whoami(
+        ctx: AppContext = Depends(get_app_context),
+        request_id: str = Depends(get_request_id),
+    ) -> dict[str, str]:
+        return {
+            "app": ctx.app_name,
+            "request": request_id,
+        }
+
+The dependencies don't construct anything — they read state set by
+:func:`setup_lifespan` and :class:`RequestIdMiddleware`. Missing
+state raises :class:`ApiprobeConfigError`-shaped errors so the
+consumer's exception translation maps them cleanly.
+"""
+
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+from starlette.requests import (
+    Request,  # noqa: TC002 — FastAPI needs runtime type for Depends introspection
+)
+
+from mgf.common.exceptions import AppConfigError
+
+if TYPE_CHECKING:
+    from mgf.common._lifecycle import AppContext
+    from mgf.common.settings import MgfSettings
+
+
+def get_app_context(request: Request) -> AppContext:
+    """Return the active :class:`AppContext` set by :func:`setup_lifespan`.
+
+    Raises :class:`AppConfigError` if the lifespan hasn't run (test
+    fixtures that bypass lifespan, missing ``setup_lifespan(...)``
+    in the FastAPI constructor).
+    """
+    from mgf.common._lifecycle import AppContext as _AppContext
+
+    ctx = getattr(request.app.state, "mgf_context", None)
+    if ctx is None:
+        raise AppConfigError(
+            "mgf.fastapi: app.state.mgf_context is unset. "
+            "Did you pass `lifespan=setup_lifespan(...)` to FastAPI()?"
+        )
+    if not isinstance(ctx, _AppContext):
+        raise AppConfigError(
+            f"mgf.fastapi: app.state.mgf_context is not an "
+            f"AppContext (got {type(ctx).__name__}). Use "
+            f"setup_lifespan() to wire it correctly."
+        )
+    return ctx
+
+
+def get_settings(request: Request) -> MgfSettings:
+    """Return the :class:`MgfSettings` bound to the active context.
+
+    Convenience wrapper over :func:`get_app_context` — same error
+    semantics if the lifespan didn't run.
+    """
+    return get_app_context(request).settings
+
+
+def get_request_id(request: Request) -> str:
+    """Return the current request id set by :class:`RequestIdMiddleware`.
+
+    Returns an empty string if the middleware isn't installed (the
+    consumer's choice — empty string is a valid value, not an
+    error). Consumers that want a hard error should raise from the
+    endpoint::
+
+        @app.get("/x")
+        async def my_endpoint(rid: str = Depends(get_request_id)):
+            if not rid:
+                raise AppConfigError("RequestIdMiddleware not installed")
+    """
+    return getattr(request.state, "request_id", "")
+
+
+__all__ = [
+    "get_app_context",
+    "get_request_id",
+    "get_settings",
+]

mgf/fastapi/_exceptions.py

@@ -0,0 +1,200 @@
+"""``ExceptionTranslationMiddleware`` — typed AppError → typed HTTP response.
+
+A consumer that already has a typed ``AppError`` hierarchy (per
+``mgf.common.exceptions``) shouldn't have to repeat itself in every
+handler with ``try / except / HTTPException(...)``. This middleware
+catches :class:`AppError` subclasses bubbling out of handlers + maps
+them to clean JSON responses with the right status code.
+
+Default mapping (override via the ``status_map=`` constructor kwarg):
+
+  - :class:`SchemaValidationError`         → 400 Bad Request
+  - :class:`AppConfigError` / :class:`ConfigError`  → 500 Internal Server Error
+    (config errors are server-side; the consumer fix the config, not the client)
+  - :class:`ResourceNotFoundError`          → 404 Not Found
+  - :class:`ResourceAlreadyExistsError`     → 409 Conflict
+  - :class:`HostEnvironmentError`           → 503 Service Unavailable
+  - :class:`VaultError`                     → 500 Internal Server Error
+  - :class:`OperationError`                 → 500 Internal Server Error
+  - :class:`AppError` (catch-all)           → 500 Internal Server Error
+
+The response shape is:
+
+    {
+      "error": {
+        "type": "ResourceNotFoundError",
+        "message": "user not found: alice",
+        "request_id": "<...>"   # if RequestIdMiddleware is installed
+      }
+    }
+
+Consumers wanting different shapes (RFC 7807 problem+json, JSON:API,
+etc.) provide a custom ``response_factory`` to the constructor.
+"""
+
+from __future__ import annotations
+
+from typing import TYPE_CHECKING, Any
+
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.responses import JSONResponse
+
+from mgf.common.exceptions import (
+    AppError,
+    ConfigError,
+    HostEnvironmentError,
+    OperationError,
+    ResourceAlreadyExistsError,
+    ResourceNotFoundError,
+    SchemaValidationError,
+    VaultError,
+)
+
+if TYPE_CHECKING:
+    from collections.abc import Awaitable, Callable
+
+    from starlette.requests import Request
+    from starlette.responses import Response
+
+
+# Default exception → status code mapping. Order matters: more
+# specific subclasses BEFORE their parent classes, so the dispatch
+# loop picks the most specific match.
+DEFAULT_STATUS_MAP: dict[type[AppError], int] = {
+    SchemaValidationError: 400,
+    ResourceNotFoundError: 404,
+    ResourceAlreadyExistsError: 409,
+    HostEnvironmentError: 503,
+    ConfigError: 500,
+    VaultError: 500,
+    OperationError: 500,
+    AppError: 500,
+}
+
+
+class ExceptionTranslationMiddleware(BaseHTTPMiddleware):
+    """Catch :class:`AppError` from handlers; translate to JSON response.
+
+    Install at app construction time::
+
+        from fastapi import FastAPI
+        from mgf.fastapi import (
+            ExceptionTranslationMiddleware,
+            RequestIdMiddleware,
+        )
+
+        app = FastAPI()
+        app.add_middleware(ExceptionTranslationMiddleware)
+        app.add_middleware(RequestIdMiddleware)
+
+    Order: install RequestIdMiddleware AFTER (so it runs FIRST),
+    so the request id is set before the translation middleware needs
+    to read it for the response payload.
+
+    Custom mapping::
+
+        from mgf.fastapi import ExceptionTranslationMiddleware
+        from mgf.common.exceptions import AppError
+
+        class MyDomainError(AppError): ...
+
+        app.add_middleware(
+            ExceptionTranslationMiddleware,
+            status_map={MyDomainError: 422, **DEFAULT_STATUS_MAP},
+        )
+
+    Custom response shape::
+
+        def my_response(exc, status, request_id):
+            return JSONResponse(
+                {"detail": str(exc), "trace": request_id},
+                status_code=status,
+            )
+
+        app.add_middleware(
+            ExceptionTranslationMiddleware,
+            response_factory=my_response,
+        )
+    """
+
+    def __init__(
+        self,
+        app: Any,
+        *,
+        status_map: dict[type[AppError], int] | None = None,
+        response_factory: (
+            Callable[[AppError, int, str], Response] | None
+        ) = None,
+    ) -> None:
+        super().__init__(app)
+        self._status_map = status_map or DEFAULT_STATUS_MAP
+        self._response_factory = response_factory or _default_response_factory
+
+    async def dispatch(
+        self,
+        request: Request,
+        call_next: Callable[[Request], Awaitable[Response]],
+    ) -> Response:
+        try:
+            return await call_next(request)
+        except AppError as exc:
+            status = self._lookup_status(type(exc))
+            request_id = getattr(request.state, "request_id", "")
+            return self._response_factory(exc, status, request_id)
+
+    def _lookup_status(self, exc_type: type[AppError]) -> int:
+        """Return the status for ``exc_type`` walking MRO until a hit.
+
+        Resolution order (closes PAPER-24 — HTTP-01 ↔ middleware
+        composition):
+
+        1. ``status_map`` entry for any non-``AppError`` ancestor —
+           this is the "explicit override" seam. ``AppError`` itself
+           is deferred because it acts as a catch-all and would mask
+           the class-declared status below.
+        2. Class-declared :attr:`HttpError.http_status` — HTTP-01 leaves
+           (``HttpNotFound``, ``HttpConflict``, …) carry their status as
+           a class attribute. A consumer who roots their domain
+           exceptions in ``HttpError`` subclasses gets the right status
+           without having to register every leaf in ``status_map``.
+        3. ``status_map[AppError]`` catch-all (default 500).
+        """
+        appbase_status: int | None = None
+        for ancestor in exc_type.__mro__:
+            if not isinstance(ancestor, type):
+                continue
+            if not issubclass(ancestor, AppError):
+                continue
+            if ancestor not in self._status_map:
+                continue
+            if ancestor is AppError:
+                appbase_status = self._status_map[ancestor]
+                continue
+            return self._status_map[ancestor]
+        declared = getattr(exc_type, "http_status", None)
+        if isinstance(declared, int):
+            return declared
+        return appbase_status if appbase_status is not None else 500
+
+
+def _default_response_factory(
+    exc: AppError,
+    status: int,
+    request_id: str,
+) -> Response:
+    """Default JSON response shape for translated AppErrors."""
+    body: dict[str, Any] = {
+        "error": {
+            "type": type(exc).__name__,
+            "message": str(exc),
+        },
+    }
+    if request_id:
+        body["error"]["request_id"] = request_id
+    return JSONResponse(body, status_code=status)
+
+
+__all__ = [
+    "DEFAULT_STATUS_MAP",
+    "ExceptionTranslationMiddleware",
+]

mgf/fastapi/_lifespan.py

@@ -0,0 +1,72 @@
+"""``setup_lifespan`` — wire :func:`mgf.common.bootstrap` into FastAPI.
+
+Returns an async context manager FastAPI accepts as its
+``lifespan=`` argument. Inside the lifespan, :func:`bootstrap` runs;
+the resulting :class:`AppContext` is stashed on ``app.state.mgf_context``
+so dependencies can read it.
+
+When the app shuts down (signal, ASGI shutdown, etc.), the
+:class:`AppContext` LIFO-unwinds — exactly like a synchronous
+``with bootstrap(...):`` block would.
+"""
+
+from __future__ import annotations
+
+from contextlib import AbstractAsyncContextManager, asynccontextmanager
+from typing import TYPE_CHECKING
+
+from mgf.common._lifecycle import bootstrap
+
+if TYPE_CHECKING:
+    from collections.abc import Callable
+
+    from fastapi import FastAPI
+
+    from mgf.common.settings import MgfSettings
+
+
+def setup_lifespan(
+    *,
+    app_name: str | None = None,
+    app_version: str | None = None,
+    settings: MgfSettings | None = None,
+) -> Callable[[FastAPI], AbstractAsyncContextManager[None]]:
+    """Build a FastAPI lifespan that runs :func:`mgf.common.bootstrap`.
+
+    Use as::
+
+        from fastapi import FastAPI
+        from mgf.fastapi import setup_lifespan
+
+        app = FastAPI(
+            lifespan=setup_lifespan(
+                app_name="myapp",
+                app_version="1.0.0",
+            )
+        )
+
+    With ``app_name`` / ``app_version`` omitted, the same auto-derivation
+    rules apply as with bare :func:`bootstrap` (see
+    ``docs/reference/lifecycle.md``). The resulting :class:`AppContext`
+    is stashed on ``app.state.mgf_context`` for dependency injection
+    via :func:`mgf.fastapi.get_app_context`.
+
+    The lifespan is an async context manager; on app shutdown the
+    :class:`AppContext` LIFO-unwinds (logging handlers detach, OTel
+    flushes, crash-reporter excepthook restores, etc.).
+    """
+
+    @asynccontextmanager
+    async def _lifespan(app: FastAPI):  # type: ignore[no-untyped-def]
+        with bootstrap(
+            app_name=app_name,
+            app_version=app_version,
+            settings=settings,
+        ) as ctx:
+            app.state.mgf_context = ctx
+            yield
+
+    return _lifespan
+
+
+__all__ = ["setup_lifespan"]

mgf/fastapi/_request_id.py

@@ -0,0 +1,87 @@
+"""``RequestIdMiddleware`` — per-request X-Request-Id generation + propagation.
+
+Every HTTP request gets a request id:
+
+  - If the inbound request carries ``X-Request-Id`` (canonical name —
+    case-insensitive lookup), reuse it.
+  - Otherwise, generate a UUID4.
+
+The request id is:
+
+  - Set on ``request.state.request_id`` (FastAPI standard surface).
+  - Set on a contextvar so :func:`current_request_id` works from any
+    code path inside the request — including async task children
+    via :pep:`567` propagation.
+  - Echoed in the response's ``X-Request-Id`` header.
+
+Logging integration: add a logging filter that injects the contextvar
+into log records. The filter is shipped in v0.7 Phase D's async-logging
+work; for v0.6, consumers can attach it manually via ``%(request_id)s``
+format directive in their log config.
+"""
+
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+from starlette.middleware.base import BaseHTTPMiddleware
+
+# Shared contextvar + helpers — same identity across framework
+# adapters so request-id correlation works in mixed processes.
+from mgf.common._request_id import (
+    _REQUEST_ID_VAR,
+    REQUEST_ID_HEADER,
+    _generate_request_id,
+    current_request_id,
+)
+
+if TYPE_CHECKING:
+    from collections.abc import Awaitable, Callable
+
+    from starlette.requests import Request
+    from starlette.responses import Response
+
+
+class RequestIdMiddleware(BaseHTTPMiddleware):
+    """ASGI middleware that injects/forwards ``X-Request-Id``.
+
+    Install at app construction time::
+
+        from fastapi import FastAPI
+        from mgf.fastapi import RequestIdMiddleware
+
+        app = FastAPI()
+        app.add_middleware(RequestIdMiddleware)
+
+    Order matters when combined with other middlewares: install
+    :class:`RequestIdMiddleware` **early** so downstream middlewares +
+    handlers see ``request.state.request_id`` populated.
+    """
+
+    async def dispatch(
+        self,
+        request: Request,
+        call_next: Callable[[Request], Awaitable[Response]],
+    ) -> Response:
+        # Case-insensitive header lookup. Starlette normalises header
+        # keys to lowercase internally.
+        existing = request.headers.get(REQUEST_ID_HEADER.lower())
+        request_id = existing or _generate_request_id()
+
+        request.state.request_id = request_id
+        token = _REQUEST_ID_VAR.set(request_id)
+        try:
+            response = await call_next(request)
+        finally:
+            _REQUEST_ID_VAR.reset(token)
+
+        # Echo in the response so clients can correlate too.
+        response.headers[REQUEST_ID_HEADER] = request_id
+        return response
+
+
+__all__ = [
+    "REQUEST_ID_HEADER",
+    "RequestIdMiddleware",
+    "current_request_id",
+]

mgf/fastapi/exceptions.py

@@ -0,0 +1,43 @@
+"""``mgf.fastapi.exceptions`` — sibling-domain concrete exception leaves.
+
+Per the federation rule (decision **D3** in
+``mgf-common/docs/release/federation_roadmap.md``): **siblings own
+their domain concretes; mgf-common owns hierarchy roots + status
+leaves.** The HTTP-01 hierarchy roots (`AppError`, `HttpError`,
+`HttpClientError`, `HttpServerError`) and the generic status-code
+leaves (`HttpUnauthorized`, `HttpForbidden`, `HttpNotFound`, etc.)
+stay in :mod:`mgf.common.exceptions`. Sibling-domain concretes that
+inherit from them live here.
+
+Today the only such concrete is
+:class:`HmacVerificationError`. Future framework-domain leaves
+(e.g. for FastAPI-specific routing-validation failures) will land
+here as they're added.
+"""
+
+from __future__ import annotations
+
+from mgf.common.exceptions import HttpUnauthorized
+
+__all__ = ["HmacVerificationError"]
+
+
+class HmacVerificationError(HttpUnauthorized):
+    """A webhook HMAC signature failed verification.
+
+    Raised by :class:`mgf.fastapi.webhooks.HmacWebhookVerifier`
+    on any failure of the Svix-shape verification dance: missing
+    header, unparseable timestamp, replay-window miss, signature
+    mismatch.
+
+    Inherits from :class:`mgf.common.exceptions.HttpUnauthorized` so
+    PAPER-24's ``http_status`` resolution maps it to 401 in
+    :class:`mgf.fastapi.ExceptionTranslationMiddleware` without an
+    explicit ``status_map`` entry.
+
+    Lived under :mod:`mgf.common.exceptions` through mgf-common
+    v0.27.0; moved here at the v0.28 / v0.1 federation cutover
+    per the rule above.
+    """
+
+    http_status: int = 401

mgf/fastapi/security.py

@@ -0,0 +1,137 @@
+"""``mgf.fastapi.security`` — request-side security primitives.
+
+Closes FEEDBACK PAPER-27 (v0.27.0): :class:`IpAllowlist`. A FastAPI
+dependency that gates routes on a CIDR allowlist. Concentrates the
+proxy-trust footgun (``X-Forwarded-For`` honouring) in one place
+with a clearly-named opt-in (``trust_proxy=False`` default).
+
+Use case: ops-only / staging-only / pre-auth-shipping admin
+endpoints that need a network gate even before SaaS auth is wired.
+
+The dependency reads ``request.client.host`` directly by default. If
+the consumer's deployment is behind a reverse proxy, a forwarded-
+headers middleware MUST be installed AND ``trust_proxy=True`` set
+explicitly — otherwise every request appears to originate from the
+proxy.
+"""
+
+from __future__ import annotations
+
+import ipaddress
+import logging
+from functools import lru_cache
+from typing import TYPE_CHECKING
+
+# ``Request`` looks type-only here, but FastAPI evaluates the
+# dependency's annotations at registration time via ``get_type_hints``
+# to bind the parameter — moving this into ``TYPE_CHECKING`` would
+# crash dep wiring at app-startup time.
+from fastapi import Request  # noqa: TC002
+
+from mgf.common.exceptions import HttpForbidden
+
+if TYPE_CHECKING:
+    from collections.abc import Iterable
+
+__all__ = ["LOOPBACK_CIDRS", "IpAllowlist"]
+
+LOG = logging.getLogger(__name__)
+
+#: Loopback CIDRs that match local-only traffic (IPv4 + IPv6).
+#: The default :class:`IpAllowlist` includes these so tests work
+#: out-of-the-box; consumers OVERRIDE ``cidrs=`` for production.
+LOOPBACK_CIDRS: tuple[str, ...] = ("127.0.0.0/8", "::1/128")
+
+
+@lru_cache(maxsize=128)
+def _parse_cidr(cidr: str) -> ipaddress.IPv4Network | ipaddress.IPv6Network:
+    """Cache-coerce a CIDR string. The allowlist is short and stable."""
+    return ipaddress.ip_network(cidr, strict=False)
+
+
+class IpAllowlist:
+    """FastAPI dependency that 403s requests whose client IP isn't in ``cidrs``.
+
+    Use as a route ``Depends`` annotation::
+
+        from fastapi import Depends, FastAPI
+        from mgf.fastapi.security import IpAllowlist
+
+        admin_only = IpAllowlist(cidrs=["10.0.0.0/8", "192.168.1.0/24"])
+
+        app = FastAPI()
+
+        @app.post("/admin/trackers", dependencies=[Depends(admin_only)])
+        async def create_tracker(): ...
+
+    :param cidrs: Allowed CIDRs (IPv4 and/or IPv6). Empty iterable
+        denies every request — useful as a "this endpoint exists
+        but is currently disabled" signal.
+    :param trust_proxy: When ``True``, the dependency honours the
+        first entry in ``X-Forwarded-For`` instead of
+        ``request.client.host``. Default ``False`` — your deployment
+        MUST explicitly opt in once a forwarded-headers middleware
+        is in place. Honouring forwarded headers without proxy trust
+        is the canonical IP-spoofing footgun.
+
+    Raises :class:`HttpForbidden` (403) on miss. Pair with
+    :class:`mgf.fastapi.ExceptionTranslationMiddleware` for
+    the JSON 403 response shape.
+    """
+
+    __slots__ = ("_networks", "_trust_proxy")
+
+    def __init__(
+        self,
+        cidrs: Iterable[str] = LOOPBACK_CIDRS,
+        *,
+        trust_proxy: bool = False,
+    ) -> None:
+        # Parse + validate CIDRs eagerly so a misconfiguration
+        # surfaces at construction, not at first request.
+        self._networks: list[ipaddress.IPv4Network | ipaddress.IPv6Network] = []
+        for cidr in cidrs:
+            try:
+                self._networks.append(_parse_cidr(cidr))
+            except ValueError as exc:
+                msg = f"IpAllowlist: invalid CIDR {cidr!r}"
+                raise ValueError(msg) from exc
+        self._trust_proxy = trust_proxy
+
+    def __call__(self, request: Request) -> None:
+        """FastAPI dependency form. 403 on miss; returns ``None`` on hit."""
+        client_host = self._extract_client_host(request)
+        if client_host is None:
+            LOG.warning("IpAllowlist: request had no client IP — denying")
+            raise HttpForbidden("client IP not in allowlist")
+
+        try:
+            client_ip = ipaddress.ip_address(client_host)
+        except ValueError as exc:
+            LOG.warning("IpAllowlist: unparseable client IP %r — denying", client_host)
+            raise HttpForbidden("client IP not in allowlist") from exc
+
+        for network in self._networks:
+            # IPv4 in IPv4 network OR IPv6 in IPv6 network — version mismatch
+            # always means "not a match" so we skip the cross-version pair.
+            if client_ip.version == network.version and client_ip in network:
+                return
+
+        LOG.warning(
+            "IpAllowlist: client IP %s not in allowlist (%d networks)",
+            client_host,
+            len(self._networks),
+        )
+        raise HttpForbidden("client IP not in allowlist")
+
+    def _extract_client_host(self, request: Request) -> str | None:
+        """Return the source IP per ``trust_proxy`` policy."""
+        if self._trust_proxy:
+            forwarded = request.headers.get("x-forwarded-for")
+            if forwarded:
+                # Take the first entry — the originating client.
+                # Subsequent entries are intermediate proxies.
+                return forwarded.split(",", 1)[0].strip()
+        if request.client is not None:
+            return request.client.host
+        return None

mgf/fastapi/testing.py

@@ -0,0 +1,130 @@
+"""``mgf.fastapi.testing`` — context-manager test API server.
+
+Closes FEEDBACK PAPER-28 (v0.27.0): :func:`run_test_app`. Pulls the
+"start uvicorn on a free port for Playwright / e2e tests" dance into
+one helper. Replaces ~120 LOC per consumer (free-port discovery +
+``server.started`` race + clean-shutdown choreography).
+
+The server-lifecycle is generic; consumer-specific seeding (test DB
+reset, fixture loading) stays in consumer code — ``run_test_app``
+takes a fully-built :class:`fastapi.FastAPI` and yields the base
+URL.
+"""
+
+from __future__ import annotations
+
+import asyncio
+import contextlib
+import logging
+import socket
+from typing import TYPE_CHECKING
+
+import uvicorn
+
+if TYPE_CHECKING:
+    from collections.abc import AsyncIterator
+
+    from fastapi import FastAPI
+
+__all__ = ["run_test_app"]
+
+LOG = logging.getLogger(__name__)
+
+
+def _free_port(host: str = "127.0.0.1") -> int:
+    """Pick a free TCP port by binding ephemerally on ``host``.
+
+    Race-prone in theory (the kernel could reassign the port between
+    bind-and-release here and uvicorn's bind below) but reliable in
+    practice — every consumer's test fixture uses this pattern.
+    """
+    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+        s.bind((host, 0))
+        return int(s.getsockname()[1])
+
+
+@contextlib.asynccontextmanager
+async def run_test_app(
+    app: FastAPI,
+    *,
+    port: int | None = None,
+    host: str = "127.0.0.1",
+    log_level: str = "warning",
+    startup_timeout_seconds: float = 5.0,
+) -> AsyncIterator[str]:
+    """Start ``app`` under uvicorn; yield the base URL; tear down on exit.
+
+    Usage in a pytest-asyncio test::
+
+        from mgf.fastapi.testing import run_test_app
+
+        async def test_my_endpoint():
+            app = build_my_test_app()  # consumer-side fixture
+            async with run_test_app(app) as base_url:
+                async with httpx.AsyncClient(base_url=base_url) as client:
+                    response = await client.get("/health")
+                    assert response.status_code == 200
+
+    :param app: A :class:`fastapi.FastAPI` instance ready to serve.
+        Lifespan handlers fire as part of uvicorn startup.
+    :param port: Port to bind. ``None`` (default) picks a free
+        ephemeral port — the right answer for parallel test runs.
+    :param host: Bind host. Default ``127.0.0.1`` — never expose
+        a test server externally. Override only for container-bridge
+        scenarios where the test runner reaches the server through a
+        non-loopback address.
+    :param log_level: uvicorn log level. Default ``warning`` — uvicorn's
+        info-level chatter ("Started server process", etc.) crowds
+        test output.
+    :param startup_timeout_seconds: Max wait for uvicorn's
+        ``server.started`` flag. Default 5 s. Raises
+        :class:`TimeoutError` on miss.
+
+    Yields the base URL (``http://<host>:<port>``).
+
+    On exit (success OR exception), uvicorn is signalled to shut
+    down and the underlying task is awaited. ``CancelledError`` from
+    the server task is suppressed — it's the expected outcome of a
+    clean shutdown, not a failure.
+    """
+    bind_port = port if port is not None else _free_port(host=host)
+    base_url = f"http://{host}:{bind_port}"
+
+    config = uvicorn.Config(
+        app,
+        host=host,
+        port=bind_port,
+        log_level=log_level,
+        lifespan="on",
+    )
+    server = uvicorn.Server(config)
+
+    serve_task = asyncio.create_task(server.serve())
+    # Poll for uvicorn's started flag with a sensible bound.
+    deadline = asyncio.get_event_loop().time() + startup_timeout_seconds
+    while not server.started:
+        if asyncio.get_event_loop().time() > deadline:
+            server.should_exit = True
+            with contextlib.suppress(asyncio.CancelledError):
+                await serve_task
+            msg = (
+                f"run_test_app: server failed to start within "
+                f"{startup_timeout_seconds}s on {base_url}"
+            )
+            raise TimeoutError(msg)
+        # If the serve task has already crashed (e.g. port collision),
+        # surface its exception now instead of timing out silently.
+        if serve_task.done():
+            exc = serve_task.exception()
+            if exc is not None:
+                raise exc
+            msg = "run_test_app: server task exited before reaching started"
+            raise RuntimeError(msg)
+        await asyncio.sleep(0.02)
+
+    try:
+        yield base_url
+    finally:
+        server.should_exit = True
+        with contextlib.suppress(asyncio.CancelledError):
+            await serve_task

mgf/fastapi/webhooks/__init__.py

@@ -0,0 +1,43 @@
+"""``mgf.fastapi.webhooks`` — Svix-shape HMAC webhook verification.
+
+Closes FEEDBACK PAPER-26 (v0.26.0). Replaces the per-consumer
+HMAC verification dance every web app reinvents:
+
+  * Read ``<id>``, ``<ts>``, ``<sig>`` headers (case-insensitive).
+  * Validate timestamp against a replay window (default 5 minutes).
+  * Compute ``HMAC-SHA256(<id>.<ts>.<body>)``, base64-encode.
+  * Constant-time-compare against the signature header (multi-version
+    space-separated for key rotation).
+
+The core verifier (:class:`HmacWebhookVerifier`) is transport-
+agnostic — takes a header mapping and a body bytes object. The
+FastAPI request adapter (:func:`verify_request`) lifts a
+``Request`` into that shape; it lives separately so the core stays
+importable without ``fastapi``.
+
+Pairs with :class:`mgf.common.exceptions.HmacVerificationError`
+(inherits from :class:`HttpUnauthorized` so PAPER-24's
+``http_status`` resolution maps it to 401 without an explicit
+``status_map`` entry).
+
+v0.26.0 ships :data:`SVIX_SCHEMA` as the only built-in preset.
+Stripe / GitHub / Slack use related-but-distinct shapes (combined
+headers, hex encoding, alternate prefixes) and are deferred until
+a second consumer surfaces friction — file via :file:`FEEDBACK.md`.
+"""
+
+from __future__ import annotations
+
+from mgf.fastapi.webhooks._request import verify_request
+from mgf.fastapi.webhooks._verifier import (
+    SVIX_SCHEMA,
+    HmacWebhookVerifier,
+    WebhookHeaderSchema,
+)
+
+__all__ = [
+    "SVIX_SCHEMA",
+    "HmacWebhookVerifier",
+    "WebhookHeaderSchema",
+    "verify_request",
+]

mgf/fastapi/webhooks/_request.py

@@ -0,0 +1,57 @@
+"""FastAPI ``Request``-adapter for :class:`HmacWebhookVerifier`.
+
+The verifier itself is transport-agnostic. This module provides the
+thin lift from a FastAPI ``Request`` into the verifier's
+``Mapping[str, str]`` + ``bytes`` shape. Lives in its own file so the
+core verifier stays importable without ``fastapi`` installed (matches
+the closed-box invariant for ``mgf.fastapi``).
+"""
+
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from fastapi import Request
+
+    from mgf.fastapi.webhooks._verifier import HmacWebhookVerifier
+
+__all__ = ["verify_request"]
+
+
+async def verify_request(
+    request: Request,
+    verifier: HmacWebhookVerifier,
+) -> tuple[str, int]:
+    """Read body + headers from a FastAPI ``Request`` and verify.
+
+    :param request: A FastAPI ``Request``. Caller must NOT have
+        consumed the body yet — this function reads it via
+        ``await request.body()``.
+    :param verifier: The configured :class:`HmacWebhookVerifier`.
+    :returns: ``(event_id, timestamp)`` per :meth:`HmacWebhookVerifier.verify`.
+    :raises HmacVerificationError: on any verification failure.
+
+    Typical usage in a FastAPI route::
+
+        from mgf.fastapi.webhooks import (
+            HmacWebhookVerifier,
+            verify_request,
+        )
+
+        verifier = HmacWebhookVerifier(secret=settings.webhook_secret)
+
+        @app.post("/webhooks/clerk")
+        async def clerk_webhook(request: Request) -> dict:
+            event_id, ts = await verify_request(request, verifier)
+            payload = await request.json()
+            ...
+            return {"ok": True}
+
+    Pair with :class:`mgf.fastapi.ExceptionTranslationMiddleware`
+    to get the 401 response shape automatically — :class:`HmacVerificationError`
+    inherits from :class:`HttpUnauthorized` so PAPER-24's ``http_status``
+    resolution maps it without an explicit ``status_map`` entry.
+    """
+    body = await request.body()
+    return verifier.verify(request.headers, body)

mgf/fastapi/webhooks/_verifier.py

@@ -0,0 +1,188 @@
+"""Transport-agnostic Svix-shape HMAC webhook verifier.
+
+The verifier core takes a ``Mapping[str, str]`` of headers and a
+``bytes`` body — no FastAPI / Starlette / framework dependency.
+The framework adapter (``verify_request``) lives separately so the
+core is testable in isolation and reusable from non-FastAPI code
+paths (CLI, batch jobs, alternative HTTP frameworks).
+
+The signing scheme is Svix's: ``HMAC-SHA256(<id>.<ts>.<body>)`` keyed
+on the shared secret, base64-encoded, prefixed ``v1,`` per signature
+version, multiple versions space-separated for key rotation. Clerk
+ships Svix verbatim; Stripe / GitHub / Slack use related-but-distinct
+shapes (combined headers, hex encoding, alternate prefixes) and are
+NOT covered at v0.26 — see PAPER-26 retrospective.
+"""
+
+from __future__ import annotations
+
+import base64
+import hashlib
+import hmac
+import time
+from dataclasses import dataclass
+from typing import TYPE_CHECKING
+
+from mgf.fastapi.exceptions import HmacVerificationError
+
+if TYPE_CHECKING:
+    from collections.abc import Callable, Mapping
+
+__all__ = [
+    "SVIX_SCHEMA",
+    "HmacWebhookVerifier",
+    "WebhookHeaderSchema",
+]
+
+
+@dataclass(frozen=True, slots=True)
+class WebhookHeaderSchema:
+    """Names of the three Svix-style headers a provider uses.
+
+    Header names are matched case-insensitively against the input
+    mapping; the values stored here are the canonical lowercase form.
+    """
+
+    id_header: str
+    timestamp_header: str
+    signature_header: str
+
+    def __post_init__(self) -> None:
+        # Force-lowercase the canonical names so matching is uniform —
+        # consumers can pass any case and the verifier still finds them.
+        object.__setattr__(self, "id_header", self.id_header.lower())
+        object.__setattr__(self, "timestamp_header", self.timestamp_header.lower())
+        object.__setattr__(self, "signature_header", self.signature_header.lower())
+
+
+SVIX_SCHEMA = WebhookHeaderSchema(
+    id_header="svix-id",
+    timestamp_header="svix-timestamp",
+    signature_header="svix-signature",
+)
+"""Svix-flavoured header names. Used directly by Clerk webhooks.
+
+Stripe / GitHub / Slack are deliberately not shipped at v0.26 — their
+signing-header conventions differ enough (combined headers, hex
+encoding, alternate prefixes) that a single :class:`WebhookHeaderSchema`
+doesn't fit them. Adding them is tracked for follow-up papers.
+"""
+
+
+class HmacWebhookVerifier:
+    """Verify a Svix-shape HMAC-signed webhook.
+
+    The verifier is constructed once per webhook secret and reused
+    across requests. It is stateless and thread-safe; concurrent
+    callers MAY share a single instance.
+
+    :param secret: The shared secret. ``bytes`` is preferred; ``str``
+        is encoded as UTF-8 for convenience. For Svix/Clerk, the
+        ``whsec_…`` prefix is part of the secret and SHOULD be passed
+        through verbatim (do not strip).
+    :param schema: Header-name schema. Defaults to :data:`SVIX_SCHEMA`.
+    :param replay_window_seconds: Maximum age (in seconds) of a webhook
+        timestamp to accept. Default 300 (5 minutes), matching Svix's
+        published recommendation.
+    :param signature_prefix: The version prefix. Svix uses ``"v1,"``
+        (the comma is part of the prefix; the base64 sig follows).
+        Multi-version sigs are space-separated; the verifier accepts
+        any one matching this prefix.
+    :param now: Override the timestamp source. Tests pass a fixed
+        ``lambda: 1614265330``; production uses the default
+        :func:`time.time`. Returns float seconds-since-epoch.
+    """
+
+    __slots__ = (
+        "_now",
+        "_replay_window_seconds",
+        "_schema",
+        "_secret",
+        "_signature_prefix",
+    )
+
+    def __init__(
+        self,
+        *,
+        secret: bytes | str,
+        schema: WebhookHeaderSchema = SVIX_SCHEMA,
+        replay_window_seconds: int = 300,
+        signature_prefix: str = "v1,",
+        now: Callable[[], float] | None = None,
+    ) -> None:
+        self._secret = secret.encode("utf-8") if isinstance(secret, str) else secret
+        self._schema = schema
+        self._replay_window_seconds = replay_window_seconds
+        self._signature_prefix = signature_prefix
+        self._now = now if now is not None else time.time
+
+    def verify(
+        self,
+        headers: Mapping[str, str],
+        body: bytes,
+    ) -> tuple[str, int]:
+        """Verify the signature on ``body`` against the headers.
+
+        :returns: ``(event_id, timestamp)`` on success — the verified
+            header values, useful for callers that want to log the
+            event id or de-dupe.
+        :raises HmacVerificationError: on missing header, unparseable
+            timestamp, replay-window miss, or signature mismatch.
+            The message gives the proximate cause (no secret material).
+        """
+        # Case-insensitive header lookup. Build a single dict once;
+        # cheap relative to HMAC compute.
+        h = {k.lower(): v for k, v in headers.items()}
+
+        event_id = h.get(self._schema.id_header)
+        if event_id is None:
+            raise HmacVerificationError(
+                f"missing header {self._schema.id_header!r}"
+            )
+
+        ts_raw = h.get(self._schema.timestamp_header)
+        if ts_raw is None:
+            raise HmacVerificationError(
+                f"missing header {self._schema.timestamp_header!r}"
+            )
+        try:
+            ts = int(ts_raw)
+        except ValueError as exc:
+            raise HmacVerificationError(
+                f"header {self._schema.timestamp_header!r} is not an integer"
+            ) from exc
+
+        sig_header = h.get(self._schema.signature_header)
+        if sig_header is None:
+            raise HmacVerificationError(
+                f"missing header {self._schema.signature_header!r}"
+            )
+
+        # Replay window: reject timestamps too far in the past or future.
+        # Future skew is bounded too — a clock that's drifted way ahead
+        # is as suspicious as a stale one.
+        delta = abs(self._now() - ts)
+        if delta > self._replay_window_seconds:
+            raise HmacVerificationError(
+                f"timestamp outside replay window "
+                f"({self._replay_window_seconds}s)"
+            )
+
+        # Compute expected signature: HMAC-SHA256(<id>.<ts>.<body>)
+        # base64-encoded.
+        signed_payload = f"{event_id}.{ts}.".encode() + body
+        digest = hmac.new(self._secret, signed_payload, hashlib.sha256).digest()
+        expected = base64.b64encode(digest).decode("ascii")
+
+        # Multi-version signatures: Svix sends ``v1,sigA v1,sigB`` for
+        # key rotation. Accept any one matching the configured prefix.
+        candidates = sig_header.split(" ")
+        for candidate in candidates:
+            if not candidate.startswith(self._signature_prefix):
+                continue
+            received = candidate[len(self._signature_prefix) :]
+            # Constant-time comparison to prevent timing-oracle leak.
+            if hmac.compare_digest(received, expected):
+                return event_id, ts
+
+        raise HmacVerificationError("signature mismatch")

mgf_fastapi-0.1.0.dist-info/METADATA

@@ -0,0 +1,130 @@
+Metadata-Version: 2.4
+Name: mgf-fastapi
+Version: 0.1.0
+Summary: FastAPI integration adapters for mgf-common — request-id + exception translation + lifespan + webhooks (Svix HMAC) + IpAllowlist + run_test_app. Sibling of mgf-common under the mgf.* namespace.
+Project-URL: Homepage, https://codeberg.org/magogi-admin/mgf-fastapi
+Project-URL: Issues, https://codeberg.org/magogi-admin/mgf-fastapi/issues
+Project-URL: Changelog, https://codeberg.org/magogi-admin/mgf-fastapi/src/branch/master/CHANGELOG.md
+Author: Bassam Alsanie, mgf-fastapi contributors
+License: MIT
+License-File: LICENSE
+Keywords: fastapi,ip-allowlist,middleware,request-id,svix,webhooks
+Classifier: Development Status :: 3 - Alpha
+Classifier: Framework :: FastAPI
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: MacOS
+Classifier: Operating System :: Microsoft :: Windows
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Internet :: WWW/HTTP
+Classifier: Topic :: Software Development :: Libraries
+Classifier: Typing :: Typed
+Requires-Python: >=3.11
+Requires-Dist: fastapi>=0.110
+Requires-Dist: mgf-common<0.29,>=0.28
+Provides-Extra: dev
+Requires-Dist: httpx>=0.27; extra == 'dev'
+Requires-Dist: hypothesis>=6.100; extra == 'dev'
+Requires-Dist: import-linter>=2.0; extra == 'dev'
+Requires-Dist: mypy>=1.10; extra == 'dev'
+Requires-Dist: pytest-asyncio>=0.23; extra == 'dev'
+Requires-Dist: pytest-cov>=5.0; extra == 'dev'
+Requires-Dist: pytest>=8.0; extra == 'dev'
+Requires-Dist: ruff>=0.4; extra == 'dev'
+Requires-Dist: uvicorn>=0.30; extra == 'dev'
+Provides-Extra: testing
+Requires-Dist: httpx>=0.27; extra == 'testing'
+Requires-Dist: uvicorn>=0.30; extra == 'testing'
+Description-Content-Type: text/markdown
+
+# `mgf-fastapi` — FastAPI integration adapters for mgf-common
+
+[![PyPI](https://img.shields.io/pypi/v/mgf-fastapi)](https://pypi.org/project/mgf-fastapi/)
+[![Python](https://img.shields.io/pypi/pyversions/mgf-fastapi)](https://pypi.org/project/mgf-fastapi/)
+
+> **Sibling of [`mgf-common`](https://pypi.org/project/mgf-common/)
+> under the `mgf.*` namespace.** Houses every FastAPI-specific
+> adapter that previously lived under `mgf.common.fastapi.*` —
+> extracted at mgf-common v0.28 / mgf-fastapi v0.1 per the
+> [federation split plan](https://codeberg.org/magogi-admin/mgf_common/src/branch/master/docs/release/federation_roadmap.md).
+
+## What this provides
+
+| Submodule | What |
+|---|---|
+| `mgf.fastapi` | `bootstrap` ↔ FastAPI lifespan; `RequestIdMiddleware`; `ExceptionTranslationMiddleware`; `Depends()` helpers (`get_app_context`, `get_settings`, `get_request_id`); `setup_lifespan`. |
+| `mgf.fastapi.webhooks` | Svix-shape HMAC webhook verification (`HmacWebhookVerifier`, `WebhookHeaderSchema`, `SVIX_SCHEMA`, `verify_request`). |
+| `mgf.fastapi.security` | `IpAllowlist` FastAPI dependency with proxy-trust opt-in. |
+| `mgf.fastapi.testing` | `run_test_app` async context manager — start uvicorn for a FastAPI app on a free port; yield base URL; clean shutdown. |
+| `mgf.fastapi.exceptions` | `HmacVerificationError(HttpUnauthorized)` and other framework-domain concrete leaves. (HTTP-01 hierarchy roots stay in `mgf.common.exceptions`.) |
+
+## Install
+
+```bash
+pip install mgf-fastapi
+# Or with the test-helper extra (uvicorn + httpx for run_test_app):
+pip install 'mgf-fastapi[testing]'
+```
+
+Pulls in `mgf-common` and `fastapi` automatically.
+
+## Quick start
+
+```python
+from fastapi import FastAPI, Request
+from mgf.fastapi import (
+    ExceptionTranslationMiddleware,
+    RequestIdMiddleware,
+    setup_lifespan,
+)
+from mgf.fastapi.webhooks import HmacWebhookVerifier, verify_request
+
+app = FastAPI(lifespan=setup_lifespan(app_name="my-service", app_version="0.1.0"))
+app.add_middleware(ExceptionTranslationMiddleware)
+app.add_middleware(RequestIdMiddleware)
+
+webhook = HmacWebhookVerifier(secret=settings.webhook_secret)
+
+@app.post("/webhooks/clerk")
+async def clerk_webhook(request: Request) -> dict:
+    event_id, ts = await verify_request(request, webhook)
+    payload = await request.json()
+    # ... process the (now-trusted) payload ...
+    return {"ok": True}
+```
+
+## Documentation
+
+- [`docs/recipes/fastapi.md`](docs/recipes/fastapi.md) — full FastAPI service walkthrough.
+- [`docs/recipes/webhooks.md`](docs/recipes/webhooks.md) — HMAC webhook verification.
+- [`docs/cutover/v0.1.0.md`](docs/cutover/v0.1.0.md) — maiden voyage migration story (the v0.28 split).
+- [`PUBLIC_API.md`](PUBLIC_API.md) — full public surface contract.
+- [`CHANGELOG.md`](CHANGELOG.md) — release history.
+
+For the federation-wide engineering standards (DESIGN_PRINCIPLES,
+ERROR_HANDLING, SECURITY, etc.) see
+[`mgf-common/docs/standards/`](https://codeberg.org/magogi-admin/mgf_common/src/branch/master/docs/standards/).
+This sibling inherits them by reference; the standards source-of-truth
+lives in mgf-common.
+
+## Status
+
+🚧 **Experimental** — every public name is `experimental` per AP-09.
+Promotion to `stable` happens release-by-release as consumer feedback
+in [`FEEDBACK.md`](FEEDBACK.md) converges. The 0.x window applies.
+Pin tightly: `mgf-fastapi = ">=0.X.0,<0.Y"`.
+
+## Cross-references
+
+- **Filing process for sharp edges**: open an entry on
+  [`mgf-common/FEEDBACK.md`](https://codeberg.org/magogi-admin/mgf_common/src/branch/master/FEEDBACK.md)
+  with `[mgf-fastapi]` prefix, OR file directly on this repo's
+  Issues → maintainer mirrors into the canonical FEEDBACK.md.
+- **Federation pattern**:
+  [`mgf-common/docs/design/federation.md`](https://codeberg.org/magogi-admin/mgf_common/src/branch/master/docs/design/federation.md).
+- **The split that created this sibling**:
+  [`mgf-common/docs/release/federation_roadmap.md`](https://codeberg.org/magogi-admin/mgf_common/src/branch/master/docs/release/federation_roadmap.md).

mgf_fastapi-0.1.0.dist-info/RECORD

@@ -0,0 +1,16 @@
+mgf/fastapi/__init__.py,sha256=XJ_Fb4-IhN3cNlUGPbbqKrrMYZjNyJkDPjHyvniJpoE,2479
+mgf/fastapi/_dependencies.py,sha256=cIWmlh4oTrfKlT0udTLVNLw-SPzM2jK4OthbVyCqWGw,2965
+mgf/fastapi/_exceptions.py,sha256=dXQlDXgb4IA-Gs7Zd6Q1tUZc65LixJtGqbXdEFWxQE4,6715
+mgf/fastapi/_lifespan.py,sha256=Yx4rM0QQDnZTj6TZnAMjGvn-TxYUQMwTbFE06V3yksE,2185
+mgf/fastapi/_request_id.py,sha256=_o79Zv_G9bV6w-igA0FqfIqnH6FoNli8r95Ajpvl_v4,2728
+mgf/fastapi/exceptions.py,sha256=fNpStoXjwMd91h4Ol-74CryXc5tVBKBAgLGQ5N56S90,1592
+mgf/fastapi/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+mgf/fastapi/security.py,sha256=-E8D1GRJ0MzmWrK1mNBdlY78S3kt3dFvYcwrt9tCopc,5354
+mgf/fastapi/testing.py,sha256=OmgFl-Vo5oLFnsmc8mdFEr5nH97uZrJzgTLNgqGC04Q,4634
+mgf/fastapi/webhooks/__init__.py,sha256=-zDAHTIvg8LaYw7o16D5yUsLpNNyTNenlntDRjKFyzA,1567
+mgf/fastapi/webhooks/_request.py,sha256=XySFn5GIzfyzkn6DLAkY_mp7gtQz_6gMiK3QkGftxb8,2005
+mgf/fastapi/webhooks/_verifier.py,sha256=HSf4xwczN22Thj4HGg8L7I5fYaGj8Rpyk-so7QmFskY,7178
+mgf_fastapi-0.1.0.dist-info/METADATA,sha256=VXqWSksQGEk4Ws9cOb6PTFS-cC-zDyBgX6lhDoloyqM,6037
+mgf_fastapi-0.1.0.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
+mgf_fastapi-0.1.0.dist-info/licenses/LICENSE,sha256=akPl7tlbK9cB--mcmU-3T3VYoIpSXQUJd3DDpztyDFc,1099
+mgf_fastapi-0.1.0.dist-info/RECORD,,

mgf_fastapi-0.1.0.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.29.0
+Root-Is-Purelib: true
+Tag: py3-none-any

mgf_fastapi-0.1.0.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Bassam Alsanie and mgf-common contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.