miso-client 0.2.0__tar.gz → 0.4.0__tar.gz

{miso_client-0.2.0 → miso_client-0.4.0}/CHANGELOG.md

@@ -5,7 +5,121 @@ All notable changes to the MisoClient SDK will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [1.2.0] - 2025-10-31
+## [0.4.0] - 2025-11-02
+
+### Added
+
+- **ISO 27001 Compliant HTTP Client with Automatic Audit and Debug Logging**: New public `HttpClient` class that wraps `InternalHttpClient` with automatic ISO 27001 compliant audit and debug logging
+  - Automatic audit logging for all HTTP requests (`http.request.{METHOD}` format)
+  - Debug logging when `log_level === 'debug'` with detailed request/response information
+  - Automatic data masking using `DataMasker` before logging (ISO 27001 compliant)
+  - All request headers are masked (Authorization, x-client-token, Cookie, etc.)
+  - All request bodies are recursively masked for sensitive fields (password, token, secret, SSN, etc.)
+  - All response bodies are masked (limited to first 1000 characters)
+  - Query parameters are automatically masked
+  - Error messages are masked if they contain sensitive data
+  - Sensitive endpoints (`/api/logs`, `/api/auth/token`) are excluded from audit logging to prevent infinite loops
+  - JWT user ID extraction from Authorization headers for audit context
+  - Request duration tracking for performance monitoring
+  - Request/response size tracking for observability
+
+- **JSON Configuration Support for DataMasker**: Enhanced `DataMasker` with JSON configuration file support for sensitive fields
+  - New `sensitive_fields_config.json` file with default ISO 27001 compliant sensitive fields
+  - Categories: authentication, pii, security
+  - Support for custom configuration path via `MISO_SENSITIVE_FIELDS_CONFIG` environment variable
+  - `DataMasker.set_config_path()` method for programmatic configuration
+  - Automatic merging of JSON fields with hardcoded defaults (fallback if JSON cannot be loaded)
+  - Backward compatible - existing hardcoded fields still work as fallback
+
+- **New InternalHttpClient Class**: Separated core HTTP functionality into `InternalHttpClient` class
+  - Pure HTTP functionality with automatic client token management (no logging)
+  - Used internally by public `HttpClient` for actual HTTP requests
+  - Used by `LoggerService` for sending logs to prevent circular dependencies
+  - Not exported in public API (internal use only)
+
+- **New sensitive_fields_loader Module**: Utility module for loading and merging sensitive fields configuration
+  - `load_sensitive_fields_config()` function for loading JSON configuration
+  - `get_sensitive_fields_array()` function for flattened sensitive fields list
+  - `get_field_patterns()` function for pattern matching rules
+  - Support for custom configuration paths via environment variables
+
+### Changed
+
+- **Breaking Change: HttpClient Constructor**: Public `HttpClient` constructor now requires `logger` parameter
+  - Old: `HttpClient(config)`
+  - New: `HttpClient(config, logger)`
+  - This is handled automatically when using `MisoClient` - no changes needed for typical usage
+  - Only affects code that directly instantiates `HttpClient`
+
+- **Breaking Change: LoggerService Constructor**: `LoggerService` constructor now uses `InternalHttpClient` instead of `HttpClient`
+  - Old: `LoggerService(http_client: HttpClient, redis: RedisService)`
+  - New: `LoggerService(internal_http_client: InternalHttpClient, redis: RedisService)`
+  - This is handled automatically when using `MisoClient` - no changes needed for typical usage
+  - Prevents circular dependency (LoggerService uses InternalHttpClient for log sending)
+
+- **MisoClient Architecture**: Updated `MisoClient` constructor to use new HttpClient architecture
+  - Creates `InternalHttpClient` first (pure HTTP functionality)
+  - Creates `LoggerService` with `InternalHttpClient` (prevents circular dependency)
+  - Creates public `HttpClient` wrapping `InternalHttpClient` with logger (adds audit/debug logging)
+  - All services now use public `HttpClient` with automatic audit logging
+
+- **DataMasker Enhancement**: Updated `DataMasker` to load sensitive fields from JSON configuration
+  - Maintains backward compatibility with hardcoded fields as fallback
+  - Automatic loading on first use with caching
+  - Support for custom configuration paths
+
+### ISO 27001 Compliance Features
+
+- **Automatic Data Masking**: All sensitive data is automatically masked before logging
+  - Request headers: Authorization, x-client-token, Cookie, Set-Cookie, and any header containing sensitive keywords
+  - Request bodies: Recursively masks password, token, secret, SSN, creditcard, CVV, PIN, OTP, API keys, etc.
+  - Response bodies: Especially important for error responses that might contain sensitive data
+  - Query parameters: Automatically extracted and masked
+  - Error messages: Masked if containing sensitive data
+
+- **Audit Log Structure**: Standardized audit log format for all HTTP requests
+  - Action: `http.request.{METHOD}` (e.g., `http.request.GET`, `http.request.POST`)
+  - Resource: Request URL path
+  - Context: method, url, statusCode, duration, userId, requestSize, responseSize, error (all sensitive data masked)
+
+- **Debug Log Structure**: Detailed debug logging when `log_level === 'debug'`
+  - All audit context fields plus: requestHeaders, responseHeaders, requestBody, responseBody (all masked)
+  - Additional context: baseURL, timeout, queryParams (all sensitive data masked)
+
+### Technical Improvements
+
+- Improved error handling: Logging errors never break HTTP requests (all errors caught and swallowed)
+- Performance: Async logging that doesn't block request/response flow
+- Safety: Sensitive endpoints excluded from audit logging to prevent infinite loops
+- Flexibility: Configurable sensitive fields via JSON configuration file
+
+---
+
+## [0.3.0] - 2025-11-01
+
+### Added
+
+- **Structured Error Response Interface**: Added generic `ErrorResponse` model following RFC 7807-style format for consistent error handling across applications
+  - `ErrorResponse` Pydantic model with fields: `errors`, `type`, `title`, `statusCode`, `instance`
+  - Automatic parsing of structured error responses from HTTP responses in `HttpClient`
+  - Support for both camelCase (`statusCode`) and snake_case (`status_code`) field names
+  - `MisoClientError` now includes optional `error_response` field with structured error information
+  - Enhanced error messages automatically generated from structured error responses
+  - Instance URI automatically extracted from request URL when not provided in response
+  - Backward compatible - falls back to traditional `error_body` dict when structured format is not available
+  - Export `ErrorResponse` from main module for reuse in other applications
+  - Comprehensive test coverage for error response parsing and fallback behavior
+  - Full type safety with Pydantic models
+
+### Changed
+
+- **Error Handling**: `MisoClientError` now prioritizes structured error information when available
+  - Error messages are automatically enhanced from structured error responses
+  - Status codes are extracted from structured responses when provided
+
+---
+
+## [0.2.0] - 2025-10-31
 
 ### Added
 
@@ -43,7 +157,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ---
 
-## [1.1.0] - 2025-10-30
+## [0.1.0] - 2025-10-30
 
 ### Added
 
@@ -82,7 +196,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ---
 
-## [1.0.0] - 2025-10-01
+## [0.1.0] - 2025-10-01
 
 ### Added
 

{miso_client-0.2.0/miso_client.egg-info → miso_client-0.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: miso-client
-Version: 0.2.0
+Version: 0.4.0
 Summary: Python client SDK for AI Fabrix authentication, authorization, and logging
 Home-page: https://github.com/aifabrix/miso-client-python
 Author: AI Fabrix Team
@@ -80,10 +80,13 @@ The **AI Fabrix Miso Client SDK** provides authentication, authorization, and lo
 ### 📊 Compliance & Audit
 
 **ISO 27001 Compliance**
-- Comprehensive audit trails for all user actions
+- Comprehensive audit trails for all user actions and HTTP requests
+- Automatic data masking for all sensitive information in logs
+- HTTP request/response audit logging with masked sensitive data
 - Data access logging and monitoring
 - Security event tracking
 - Accountability and non-repudiation
+- Configurable sensitive fields via JSON configuration
 
 **Regulatory Compliance**
 - GDPR-ready data protection
@@ -134,9 +137,13 @@ The **AI Fabrix Miso Client SDK** provides authentication, authorization, and lo
 
 **Observability**
 - Centralized logging with correlation IDs
+- Automatic HTTP request/response audit logging (ISO 27001 compliant)
+- Debug logging with detailed request/response information (when `log_level='debug'`)
 - Performance tracking and metrics
 - Error tracking and debugging
 - Health monitoring
+- Automatic data masking for sensitive information in logs
+- Configurable sensitive fields via JSON configuration
 
 ---
 
@@ -262,7 +269,7 @@ if is_admin:
 
 ### Step 5: Activate Logging
 
-**What happens:** Application logs are sent to the Miso Controller with client token authentication.
+**What happens:** Application logs are sent to the Miso Controller with client token authentication. All HTTP requests are automatically audited with ISO 27001 compliant data masking.
 
 ```python
 from miso_client import MisoClient, load_config
@@ -278,10 +285,17 @@ user = await client.get_user(token)
 await client.log.info('User accessed dashboard', {'userId': user.id if user else None})
 await client.log.error('Operation failed', {'error': str(err)})
 await client.log.warn('Unusual activity', {'details': '...'})
+
+# HTTP requests are automatically audited
+# All sensitive data is automatically masked before logging
+result = await client.http_client.get('/api/users')
+# This automatically creates an audit log: http.request.GET with masked sensitive data
 ```
 
 **What happens to logs?** They're sent to the Miso Controller for centralized monitoring and analysis. Client token is automatically included.
 
+**ISO 27001 Compliance:** All HTTP requests are automatically audited with sensitive data masked. Set `log_level='debug'` to enable detailed request/response logging (all sensitive data is still masked).
+
 → [Complete logging example](examples/step-5-logging.py)  
 → [Logging Reference](docs/api-reference.md#logger-service)
 
@@ -414,6 +428,7 @@ config = MisoClientConfig(
         port=6379,
     ),
     log_level="info",                         # Optional: 'debug' | 'info' | 'warn' | 'error'
+                                              # Set to 'debug' for detailed HTTP request/response logging
     api_key="your-test-api-key",              # Optional: API key for testing (bypasses OAuth2)
     cache={                                   # Optional: Cache TTL settings
         "role_ttl": 900,       # Role cache TTL (default: 900s)
@@ -424,6 +439,18 @@ config = MisoClientConfig(
 
 **Recommended:** Use `load_config()` to load from `.env` file automatically.
 
+**ISO 27001 Data Masking Configuration:**
+
+Sensitive fields are configured via `miso_client/utils/sensitive_fields_config.json`. You can customize this by:
+
+1. Setting `MISO_SENSITIVE_FIELDS_CONFIG` environment variable to point to a custom JSON file
+2. Using `DataMasker.set_config_path()` to set a custom path programmatically
+
+The default configuration includes ISO 27001 compliant sensitive fields:
+- Authentication: password, token, secret, key, auth, authorization
+- PII: ssn, creditcard, cc, cvv, pin, otp
+- Security: apikey, accesstoken, refreshtoken, privatekey, secretkey, cookie, session
+
 → [Complete Configuration Reference](docs/configuration.md)
 
 ---
@@ -448,6 +475,28 @@ The SDK consists of five core services:
 - **LoggerService** - Centralized logging with API key authentication
 - **RedisService** - Caching and queue management (optional)
 
+### HTTP Client Architecture
+
+The SDK uses a two-layer HTTP client architecture for ISO 27001 compliance:
+
+- **InternalHttpClient** - Core HTTP functionality with automatic client token management (internal)
+- **HttpClient** - Public wrapper that adds automatic ISO 27001 compliant audit and debug logging
+
+**Features:**
+- Automatic audit logging for all HTTP requests (`http.request.{METHOD}`)
+- Debug logging when `log_level === 'debug'` with detailed request/response information
+- Automatic data masking using `DataMasker` before logging (ISO 27001 compliant)
+- Sensitive endpoints (`/api/logs`, `/api/auth/token`) are excluded from audit logging to prevent infinite loops
+- All sensitive data (headers, bodies, query params) is automatically masked before logging
+
+**ISO 27001 Compliance:**
+- All request headers are masked (Authorization, x-client-token, Cookie, etc.)
+- All request bodies are recursively masked for sensitive fields (password, token, secret, SSN, etc.)
+- All response bodies are masked (limited to first 1000 characters)
+- Query parameters are automatically masked
+- Error messages are masked if they contain sensitive data
+- Sensitive fields configuration can be customized via `sensitive_fields_config.json`
+
 → [Architecture Details](docs/api-reference.md#architecture)
 
 ---
@@ -485,6 +534,83 @@ The SDK consists of five core services:
 - [Flask Decorators](docs/examples.md#flask-decorators) - Decorator-based auth
 - [Error Handling](docs/examples.md#error-handling) - Best practices
 
+---
+
+### Structured Error Responses
+
+**What happens:** The SDK automatically parses structured error responses from the API (RFC 7807-style format) and makes them available through the `MisoClientError` exception.
+
+```python
+from miso_client import MisoClient, MisoClientError, ErrorResponse, load_config
+
+client = MisoClient(load_config())
+await client.initialize()
+
+try:
+    result = await client.http_client.get("/api/some-endpoint")
+except MisoClientError as e:
+    # Check if structured error response is available
+    if e.error_response:
+        print(f"Error Type: {e.error_response.type}")
+        print(f"Error Title: {e.error_response.title}")
+        print(f"Status Code: {e.error_response.statusCode}")
+        print(f"Errors: {e.error_response.errors}")
+        print(f"Instance: {e.error_response.instance}")
+    else:
+        # Fallback to traditional error handling
+        print(f"Error: {e.message}")
+        print(f"Status Code: {e.status_code}")
+        print(f"Error Body: {e.error_body}")
+```
+
+**Error Response Structure:**
+
+The `ErrorResponse` model follows RFC 7807-style format:
+
+```json
+{
+   "errors": [
+      "The user has provided input that the browser is unable to convert.",
+      "There are multiple rows in the database for the same value"
+   ],
+   "type": "/Errors/Bad Input",
+   "title": "Bad Request",
+   "statusCode": 400,
+   "instance": "/OpenApi/rest/Xzy"
+}
+```
+
+**Features:**
+
+- **Automatic Parsing**: Structured error responses are automatically parsed from HTTP responses
+- **Backward Compatible**: Falls back to traditional error handling when structured format is not available
+- **Type Safety**: Full type hints with Pydantic models for reliable error handling
+- **Generic Interface**: `ErrorResponse` model can be reused across different applications
+- **Instance URI**: Automatically extracted from request URL if not provided in response
+
+**Using ErrorResponse directly:**
+
+```python
+from miso_client import ErrorResponse
+
+# Create ErrorResponse from dict
+error_data = {
+    "errors": ["Validation failed"],
+    "type": "/Errors/Validation",
+    "title": "Validation Error",
+    "statusCode": 422,
+    "instance": "/api/endpoint"
+}
+error_response = ErrorResponse(**error_data)
+
+# Access fields
+print(error_response.errors)  # ["Validation failed"]
+print(error_response.type)    # "/Errors/Validation"
+print(error_response.title)   # "Validation Error"
+print(error_response.statusCode)  # 422
+print(error_response.instance)   # "/api/endpoint"
+```
+
 ### Common Tasks
 
 **Add authentication middleware (FastAPI):**

{miso_client-0.2.0 → miso_client-0.4.0}/README.md

@@ -31,10 +31,13 @@ The **AI Fabrix Miso Client SDK** provides authentication, authorization, and lo
 ### 📊 Compliance & Audit
 
 **ISO 27001 Compliance**
-- Comprehensive audit trails for all user actions
+- Comprehensive audit trails for all user actions and HTTP requests
+- Automatic data masking for all sensitive information in logs
+- HTTP request/response audit logging with masked sensitive data
 - Data access logging and monitoring
 - Security event tracking
 - Accountability and non-repudiation
+- Configurable sensitive fields via JSON configuration
 
 **Regulatory Compliance**
 - GDPR-ready data protection
@@ -85,9 +88,13 @@ The **AI Fabrix Miso Client SDK** provides authentication, authorization, and lo
 
 **Observability**
 - Centralized logging with correlation IDs
+- Automatic HTTP request/response audit logging (ISO 27001 compliant)
+- Debug logging with detailed request/response information (when `log_level='debug'`)
 - Performance tracking and metrics
 - Error tracking and debugging
 - Health monitoring
+- Automatic data masking for sensitive information in logs
+- Configurable sensitive fields via JSON configuration
 
 ---
 
@@ -213,7 +220,7 @@ if is_admin:
 
 ### Step 5: Activate Logging
 
-**What happens:** Application logs are sent to the Miso Controller with client token authentication.
+**What happens:** Application logs are sent to the Miso Controller with client token authentication. All HTTP requests are automatically audited with ISO 27001 compliant data masking.
 
 ```python
 from miso_client import MisoClient, load_config
@@ -229,10 +236,17 @@ user = await client.get_user(token)
 await client.log.info('User accessed dashboard', {'userId': user.id if user else None})
 await client.log.error('Operation failed', {'error': str(err)})
 await client.log.warn('Unusual activity', {'details': '...'})
+
+# HTTP requests are automatically audited
+# All sensitive data is automatically masked before logging
+result = await client.http_client.get('/api/users')
+# This automatically creates an audit log: http.request.GET with masked sensitive data
 ```
 
 **What happens to logs?** They're sent to the Miso Controller for centralized monitoring and analysis. Client token is automatically included.
 
+**ISO 27001 Compliance:** All HTTP requests are automatically audited with sensitive data masked. Set `log_level='debug'` to enable detailed request/response logging (all sensitive data is still masked).
+
 → [Complete logging example](examples/step-5-logging.py)  
 → [Logging Reference](docs/api-reference.md#logger-service)
 
@@ -365,6 +379,7 @@ config = MisoClientConfig(
         port=6379,
     ),
     log_level="info",                         # Optional: 'debug' | 'info' | 'warn' | 'error'
+                                              # Set to 'debug' for detailed HTTP request/response logging
     api_key="your-test-api-key",              # Optional: API key for testing (bypasses OAuth2)
     cache={                                   # Optional: Cache TTL settings
         "role_ttl": 900,       # Role cache TTL (default: 900s)
@@ -375,6 +390,18 @@ config = MisoClientConfig(
 
 **Recommended:** Use `load_config()` to load from `.env` file automatically.
 
+**ISO 27001 Data Masking Configuration:**
+
+Sensitive fields are configured via `miso_client/utils/sensitive_fields_config.json`. You can customize this by:
+
+1. Setting `MISO_SENSITIVE_FIELDS_CONFIG` environment variable to point to a custom JSON file
+2. Using `DataMasker.set_config_path()` to set a custom path programmatically
+
+The default configuration includes ISO 27001 compliant sensitive fields:
+- Authentication: password, token, secret, key, auth, authorization
+- PII: ssn, creditcard, cc, cvv, pin, otp
+- Security: apikey, accesstoken, refreshtoken, privatekey, secretkey, cookie, session
+
 → [Complete Configuration Reference](docs/configuration.md)
 
 ---
@@ -399,6 +426,28 @@ The SDK consists of five core services:
 - **LoggerService** - Centralized logging with API key authentication
 - **RedisService** - Caching and queue management (optional)
 
+### HTTP Client Architecture
+
+The SDK uses a two-layer HTTP client architecture for ISO 27001 compliance:
+
+- **InternalHttpClient** - Core HTTP functionality with automatic client token management (internal)
+- **HttpClient** - Public wrapper that adds automatic ISO 27001 compliant audit and debug logging
+
+**Features:**
+- Automatic audit logging for all HTTP requests (`http.request.{METHOD}`)
+- Debug logging when `log_level === 'debug'` with detailed request/response information
+- Automatic data masking using `DataMasker` before logging (ISO 27001 compliant)
+- Sensitive endpoints (`/api/logs`, `/api/auth/token`) are excluded from audit logging to prevent infinite loops
+- All sensitive data (headers, bodies, query params) is automatically masked before logging
+
+**ISO 27001 Compliance:**
+- All request headers are masked (Authorization, x-client-token, Cookie, etc.)
+- All request bodies are recursively masked for sensitive fields (password, token, secret, SSN, etc.)
+- All response bodies are masked (limited to first 1000 characters)
+- Query parameters are automatically masked
+- Error messages are masked if they contain sensitive data
+- Sensitive fields configuration can be customized via `sensitive_fields_config.json`
+
 → [Architecture Details](docs/api-reference.md#architecture)
 
 ---
@@ -436,6 +485,83 @@ The SDK consists of five core services:
 - [Flask Decorators](docs/examples.md#flask-decorators) - Decorator-based auth
 - [Error Handling](docs/examples.md#error-handling) - Best practices
 
+---
+
+### Structured Error Responses
+
+**What happens:** The SDK automatically parses structured error responses from the API (RFC 7807-style format) and makes them available through the `MisoClientError` exception.
+
+```python
+from miso_client import MisoClient, MisoClientError, ErrorResponse, load_config
+
+client = MisoClient(load_config())
+await client.initialize()
+
+try:
+    result = await client.http_client.get("/api/some-endpoint")
+except MisoClientError as e:
+    # Check if structured error response is available
+    if e.error_response:
+        print(f"Error Type: {e.error_response.type}")
+        print(f"Error Title: {e.error_response.title}")
+        print(f"Status Code: {e.error_response.statusCode}")
+        print(f"Errors: {e.error_response.errors}")
+        print(f"Instance: {e.error_response.instance}")
+    else:
+        # Fallback to traditional error handling
+        print(f"Error: {e.message}")
+        print(f"Status Code: {e.status_code}")
+        print(f"Error Body: {e.error_body}")
+```
+
+**Error Response Structure:**
+
+The `ErrorResponse` model follows RFC 7807-style format:
+
+```json
+{
+   "errors": [
+      "The user has provided input that the browser is unable to convert.",
+      "There are multiple rows in the database for the same value"
+   ],
+   "type": "/Errors/Bad Input",
+   "title": "Bad Request",
+   "statusCode": 400,
+   "instance": "/OpenApi/rest/Xzy"
+}
+```
+
+**Features:**
+
+- **Automatic Parsing**: Structured error responses are automatically parsed from HTTP responses
+- **Backward Compatible**: Falls back to traditional error handling when structured format is not available
+- **Type Safety**: Full type hints with Pydantic models for reliable error handling
+- **Generic Interface**: `ErrorResponse` model can be reused across different applications
+- **Instance URI**: Automatically extracted from request URL if not provided in response
+
+**Using ErrorResponse directly:**
+
+```python
+from miso_client import ErrorResponse
+
+# Create ErrorResponse from dict
+error_data = {
+    "errors": ["Validation failed"],
+    "type": "/Errors/Validation",
+    "title": "Validation Error",
+    "statusCode": 422,
+    "instance": "/api/endpoint"
+}
+error_response = ErrorResponse(**error_data)
+
+# Access fields
+print(error_response.errors)  # ["Validation failed"]
+print(error_response.type)    # "/Errors/Validation"
+print(error_response.title)   # "Validation Error"
+print(error_response.statusCode)  # 422
+print(error_response.instance)   # "/api/endpoint"
+```
+
 ### Common Tasks
 
 **Add authentication middleware (FastAPI):**

{miso_client-0.2.0 → miso_client-0.4.0}/miso_client/__init__.py

@@ -26,6 +26,7 @@ from .models.config import (
     RoleResult,
     UserInfo,
 )
+from .models.error_response import ErrorResponse
 from .services.auth import AuthService
 from .services.cache import CacheService
 from .services.encryption import EncryptionService
@@ -35,8 +36,9 @@ from .services.redis import RedisService
 from .services.role import RoleService
 from .utils.config_loader import load_config
 from .utils.http_client import HttpClient
+from .utils.internal_http_client import InternalHttpClient
 
-__version__ = "0.1.0"
+__version__ = "0.4.0"
 __author__ = "AI Fabrix Team"
 __license__ = "MIT"
 
@@ -60,14 +62,29 @@ class MisoClient:
             config: MisoClient configuration including controller URL, client credentials, etc.
         """
         self.config = config
-        self.http_client = HttpClient(config)
+
+        # Create InternalHttpClient first (pure HTTP functionality, no logging)
+        self._internal_http_client = InternalHttpClient(config)
+
+        # Create Redis service
         self.redis = RedisService(config.redis)
+
+        # Create LoggerService with InternalHttpClient (to avoid circular dependency)
+        # LoggerService uses InternalHttpClient for sending logs to prevent audit loops
+        self.logger = LoggerService(self._internal_http_client, self.redis)
+
+        # Create public HttpClient wrapping InternalHttpClient with logger
+        # This HttpClient adds automatic ISO 27001 compliant audit and debug logging
+        self.http_client = HttpClient(config, self.logger)
+
         # Cache service (uses Redis if available, falls back to in-memory)
         self.cache = CacheService(self.redis)
+
+        # Services use public HttpClient (with audit logging)
         self.auth = AuthService(self.http_client, self.redis)
         self.roles = RoleService(self.http_client, self.cache)
         self.permissions = PermissionService(self.http_client, self.cache)
-        self.logger = LoggerService(self.http_client, self.redis)
+
         # Encryption service (reads ENCRYPTION_KEY from environment by default)
         self.encryption = EncryptionService()
         self.initialized = False
@@ -473,6 +490,7 @@ __all__ = [
     "ClientTokenResponse",
     "PerformanceMetrics",
     "ClientLoggingOptions",
+    "ErrorResponse",
     "AuthService",
     "RoleService",
     "PermissionService",

{miso_client-0.2.0 → miso_client-0.4.0}/miso_client/errors.py

@@ -4,12 +4,21 @@ SDK exceptions and error handling.
 This module defines custom exceptions for the MisoClient SDK.
 """
 
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from ..models.error_response import ErrorResponse
+
 
 class MisoClientError(Exception):
     """Base exception for MisoClient SDK errors."""
 
     def __init__(
-        self, message: str, status_code: int | None = None, error_body: dict | None = None
+        self,
+        message: str,
+        status_code: int | None = None,
+        error_body: dict | None = None,
+        error_response: "ErrorResponse | None" = None,
     ):
         """
         Initialize MisoClient error.
@@ -18,11 +27,23 @@ class MisoClientError(Exception):
             message: Error message
             status_code: HTTP status code if applicable
             error_body: Sanitized error response body (secrets masked)
+            error_response: Structured error response object (RFC 7807-style)
         """
         super().__init__(message)
         self.message = message
         self.status_code = status_code
         self.error_body = error_body if error_body is not None else None
+        self.error_response = error_response
+
+        # Enhance message with structured error information if available
+        if error_response and error_response.errors:
+            if len(error_response.errors) == 1:
+                self.message = error_response.errors[0]
+            else:
+                self.message = f"{error_response.title}: {'; '.join(error_response.errors)}"
+            # Override status_code from structured response if available
+            if error_response.statusCode:
+                self.status_code = error_response.statusCode
 
 
 class AuthenticationError(MisoClientError):

miso_client-0.4.0/miso_client/models/__init__.py

@@ -0,0 +1,5 @@
+"""Pydantic models for MisoClient configuration and data types."""
+
+from .error_response import ErrorResponse
+
+__all__ = ["ErrorResponse"]