plain 0.81.0__tar.gz → 0.82.0__tar.gz

{plain-0.81.0 → plain-0.82.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: plain
-Version: 0.81.0
+Version: 0.82.0
 Summary: A web framework for building products with Python.
 Author-email: Dave Gaeddert <dave.gaeddert@dropseed.dev>
 License-File: LICENSE

{plain-0.81.0 → plain-0.82.0}/plain/CHANGELOG.md

@@ -1,5 +1,18 @@
 # plain changelog
 
+## [0.82.0](https://github.com/dropseed/plain/releases/plain@0.82.0) (2025-10-29)
+
+### What's changed
+
+- The `DEFAULT_RESPONSE_HEADERS` setting can now be a callable that accepts a request argument, enabling dynamic header generation per request ([cb92905834](https://github.com/dropseed/plain/commit/cb92905834))
+- Added `request.csp_nonce` cached property for generating Content Security Policy nonces ([75071dcc70](https://github.com/dropseed/plain/commit/75071dcc70))
+- Simplified the preflight command by moving `plain preflight check` back to `plain preflight` ([40c2c4560e](https://github.com/dropseed/plain/commit/40c2c4560e))
+
+### Upgrade instructions
+
+- If you use `plain preflight check`, update to `plain preflight` (the `check` subcommand has been removed for simplicity)
+- If you use `plain preflight check --deploy`, update to `plain preflight --deploy`
+
 ## [0.81.0](https://github.com/dropseed/plain/releases/plain@0.81.0) (2025-10-22)
 
 ### What's changed

{plain-0.81.0 → plain-0.82.0}/plain/cli/preflight.py

@@ -5,21 +5,13 @@ import click
 
 from plain import preflight
 from plain.packages import packages_registry
-from plain.preflight.registry import checks_registry
-from plain.runtime import settings
 
 
-@click.group("preflight")
-def preflight_cli() -> None:
-    """Run or manage preflight checks."""
-    pass
-
-
-@preflight_cli.command("check")
+@click.command("preflight")
 @click.option(
     "--deploy",
     is_flag=True,
-    help="Check deployment settings.",
+    help="Include deployment checks.",
 )
 @click.option(
     "--format",
@@ -32,14 +24,13 @@ def preflight_cli() -> None:
     is_flag=True,
     help="Hide progress output and warnings, only show errors.",
 )
-def check_command(deploy: bool, format: str, quiet: bool) -> None:
+def preflight_cli(deploy: bool, format: str, quiet: bool) -> None:
     """
-    Use the system check framework to validate entire Plain project.
+    Run preflight checks to validate your Plain project.
     Exit with error code if any errors are found. Warnings do not cause failure.
     """
     # Auto-discover and load preflight checks
     packages_registry.autodiscover_modules("preflight", include_app=True)
-
     if not quiet:
         click.secho("Running preflight checks...", dim=True, italic=True, err=True)
 
@@ -200,48 +191,3 @@ def check_command(deploy: bool, format: str, quiet: bool) -> None:
     # Exit with error if there are any errors (not warnings)
     if has_errors:
         sys.exit(1)
-
-
-@preflight_cli.command("list")
-def list_checks() -> None:
-    """List all available preflight checks."""
-    packages_registry.autodiscover_modules("preflight", include_app=True)
-
-    regular = []
-    deployment = []
-    silenced_checks = settings.PREFLIGHT_SILENCED_CHECKS
-
-    for name, (check_class, deploy) in sorted(checks_registry.checks.items()):
-        # Use class docstring as description
-        description = check_class.__doc__ or "No description"
-        # Get first line of docstring
-        description = description.strip().split("\n")[0]
-
-        is_silenced = name in silenced_checks
-        if deploy:
-            deployment.append((name, description, is_silenced))
-        else:
-            regular.append((name, description, is_silenced))
-
-    if regular:
-        click.echo("Regular checks:")
-        for name, description, is_silenced in regular:
-            silenced_text = (
-                click.style(" (silenced)", fg="red", dim=True) if is_silenced else ""
-            )
-            click.echo(
-                f"  {click.style(name)}: {click.style(description, dim=True)}{silenced_text}"
-            )
-
-    if deployment:
-        click.echo("\nDeployment checks:")
-        for name, description, is_silenced in deployment:
-            silenced_text = (
-                click.style(" (silenced)", fg="red", dim=True) if is_silenced else ""
-            )
-            click.echo(
-                f"  {click.style(name)}: {click.style(description, dim=True)}{silenced_text}"
-            )
-
-    if not regular and not deployment:
-        click.echo("No preflight checks found.")

{plain-0.81.0 → plain-0.82.0}/plain/http/request.py

@@ -3,6 +3,7 @@ from __future__ import annotations
 import codecs
 import copy
 import json
+import secrets
 import uuid
 from collections.abc import Iterator
 from functools import cached_property
@@ -101,6 +102,16 @@ class Request:
     def headers(self) -> RequestHeaders:
         return RequestHeaders(self.meta)
 
+    @cached_property
+    def csp_nonce(self) -> str:
+        """Generate a cryptographically secure nonce for Content Security Policy.
+
+        The nonce is generated once per request and cached. It can be used in
+        CSP headers and templates to allow specific inline scripts/styles while
+        blocking others.
+        """
+        return secrets.token_urlsafe(16)
+
     @cached_property
     def accepted_types(self) -> list[MediaType]:
         """Return accepted media types sorted by quality value (highest first).

{plain-0.81.0 → plain-0.82.0}/plain/internal/middleware/headers.py

@@ -13,8 +13,15 @@ class DefaultHeadersMiddleware(HttpMiddleware):
     def process_request(self, request: Request) -> Response:
         response = self.get_response(request)
 
-        for header, value in settings.DEFAULT_RESPONSE_HEADERS.items():
-            # Since we don't have a good way to *remote* default response headers,
+        # Support callable DEFAULT_RESPONSE_HEADERS for dynamic header generation
+        # (e.g., CSP nonces that change per request)
+        if callable(settings.DEFAULT_RESPONSE_HEADERS):
+            default_headers = settings.DEFAULT_RESPONSE_HEADERS(request)
+        else:
+            default_headers = settings.DEFAULT_RESPONSE_HEADERS
+
+        for header, value in default_headers.items():
+            # Since we don't have a good way to *remove* default response headers,
             # use allow users to set them to an empty string to indicate they should be removed.
             if header in response.headers and response.headers[header] == "":
                 del response.headers[header]

plain-0.82.0/plain/preflight/README.md

@@ -0,0 +1,83 @@
+# Preflight
+
+**System checks for Plain applications.**
+
+- [Overview](#overview)
+- [Development](#development)
+- [Deployment](#deployment)
+- [Custom preflight checks](#custom-preflight-checks)
+- [Silencing preflight checks](#silencing-preflight-checks)
+
+## Overview
+
+Preflight checks help identify issues with your settings or environment before running your application.
+
+```bash
+plain preflight
+```
+
+## Development
+
+If you use [`plain.dev`](/plain-dev/README.md) for local development, the Plain preflight command is run automatically when you run `plain dev`.
+
+## Deployment
+
+The `plain preflight` command should often be part of your deployment process. Make sure to add the `--deploy` flag to the command to run checks that are only relevant in a production environment.
+
+```bash
+plain preflight --deploy
+```
+
+## Custom preflight checks
+
+Use the `@register_check` decorator to add your own preflight check to the system. Create a class that inherits from `PreflightCheck` and implements a `run()` method that returns a list of `PreflightResult` objects.
+
+```python
+from plain.preflight import PreflightCheck, PreflightResult, register_check
+
+
+@register_check("custom.example")
+class CustomCheck(PreflightCheck):
+    """Description of what this check validates."""
+
+    def run(self) -> list[PreflightResult]:
+        # Your check logic here
+        if some_condition:
+            return [
+                PreflightResult(
+                    fix="This is a custom error message.",
+                    id="custom.example_failed",
+                )
+            ]
+        return []
+```
+
+For deployment-specific checks, add `deploy=True` to the decorator.
+
+```python
+@register_check("custom.deploy_example", deploy=True)
+class CustomDeployCheck(PreflightCheck):
+    """Description of what this deployment check validates."""
+
+    def run(self) -> list[PreflightResult]:
+        # Your deployment check logic here
+        if some_deploy_condition:
+            return [
+                PreflightResult(
+                    fix="This is a custom error message for deployment.",
+                    id="custom.deploy_example_failed",
+                )
+            ]
+        return []
+```
+
+## Silencing preflight checks
+
+The `settings.PREFLIGHT_SILENCED_CHECKS` setting can be used to silence individual checks by their ID (ex. `security.E020`).
+
+```python
+# app/settings.py
+PREFLIGHT_SILENCED_CHECKS = [
+    "security.E020",  # Allow empty ALLOWED_HOSTS in deployment
+]
+```

{plain-0.81.0 → plain-0.82.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "plain"
-version = "0.81.0"
+version = "0.82.0"
 description = "A web framework for building products with Python."
 authors = [{name = "Dave Gaeddert", email = "dave.gaeddert@dropseed.dev"}]
 readme = "README.md"

plain-0.81.0/plain/preflight/README.md

@@ -1,61 +0,0 @@
-# Preflight
-
-**System checks for Plain applications.**
-
-- [Overview](#overview)
-- [Development](#development)
-- [Deployment](#deployment)
-- [Custom preflight checks](#custom-preflight-checks)
-- [Silencing preflight checks](#silencing-preflight-checks)
-
-## Overview
-
-Preflight checks help identify issues with your settings or environment before running your application.
-
-```bash
-plain preflight check
-```
-
-## Development
-
-If you use [`plain.dev`](/plain-dev/README.md) for local development, the Plain preflight command is run automatically when you run `plain dev`.
-
-## Deployment
-
-The `plain preflight check` command should often be part of your deployment process. Make sure to add the `--deploy` flag to the command to run checks that are only relevant in a production environment.
-
-```bash
-plain preflight check --deploy
-```
-
-## Custom preflight checks
-
-Use the `@register_check` decorator to add your own preflight check to the system. Just make sure that particular Python module is somehow imported so the check registration runs.
-
-```python
-from plain.preflight import register_check, Error
-
-
-@register_check
-def custom_check(package_configs, **kwargs):
-    return Error("This is a custom error message.", id="custom.C001")
-```
-
-For deployment-specific checks, add the `deploy` argument to the decorator.
-
-```python
-@register_check(deploy=True)
-def custom_deploy_check(package_configs, **kwargs):
-    return Error("This is a custom error message for deployment.", id="custom.D001")
-```
-
-## Silencing preflight checks
-
-The `settings.PREFLIGHT_SILENCED_CHECKS` setting can be used to silence individual checks by their ID (ex. `security.E020`).
-
-```python
-# app/settings.py
-PREFLIGHT_SILENCED_CHECKS = [
-    "security.E020",  # Allow empty ALLOWED_HOSTS in deployment
-]
-```