Ryth Azhur
ae684a36cb
Roll the working tree back to the last approved shape, before the post-LICENSE span that false-greened the AFI parity matrix with symbol-presence probes and smuggled an unauthorized SQLAlchemy dependency into FastAPI's Shapes binding.
Forward commit, not a history rewrite — the six commits since 4effcc7 stay in the log as the record of what happened.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
264 lines
10 KiB
Python
264 lines
10 KiB
Python
"""
|
|
RPC dispatch — looks up registered functions, validates input against the
|
|
function's Pydantic Input model, executes, and returns the serialized result.
|
|
|
|
Errors raise typed exceptions (MizanError subclasses). Wire those to JSON
|
|
responses by registering `mizan_exception_handler` on the FastAPI app, or
|
|
let them propagate to your own handler.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
from enum import Enum
|
|
from typing import Any
|
|
|
|
from fastapi.encoders import jsonable_encoder
|
|
from pydantic import BaseModel, ValidationError
|
|
|
|
from mizan_core.registry import get_context_groups, get_function
|
|
from mizan_core.type_utils import types_match_for_merge
|
|
|
|
|
|
# ─── Error taxonomy ─────────────────────────────────────────────────────────
|
|
|
|
|
|
class ErrorCode(str, Enum):
|
|
NOT_FOUND = "NOT_FOUND"
|
|
BAD_REQUEST = "BAD_REQUEST"
|
|
VALIDATION_ERROR = "VALIDATION_ERROR"
|
|
UNAUTHORIZED = "UNAUTHORIZED"
|
|
FORBIDDEN = "FORBIDDEN"
|
|
NOT_IMPLEMENTED = "NOT_IMPLEMENTED"
|
|
INTERNAL_ERROR = "INTERNAL_ERROR"
|
|
|
|
|
|
_STATUS = {
|
|
ErrorCode.NOT_FOUND: 404,
|
|
ErrorCode.BAD_REQUEST: 400,
|
|
ErrorCode.VALIDATION_ERROR: 422,
|
|
ErrorCode.UNAUTHORIZED: 401,
|
|
ErrorCode.FORBIDDEN: 403,
|
|
ErrorCode.NOT_IMPLEMENTED: 501,
|
|
ErrorCode.INTERNAL_ERROR: 500,
|
|
}
|
|
|
|
|
|
class MizanError(Exception):
|
|
"""Base for protocol-level dispatch errors."""
|
|
|
|
code: ErrorCode = ErrorCode.INTERNAL_ERROR
|
|
|
|
def __init__(self, message: str, *, details: dict[str, Any] | None = None) -> None:
|
|
super().__init__(message)
|
|
self.message = message
|
|
self.details = details
|
|
|
|
@property
|
|
def status_code(self) -> int:
|
|
return _STATUS[self.code]
|
|
|
|
|
|
class NotFound(MizanError): code = ErrorCode.NOT_FOUND # noqa: E701
|
|
class BadRequest(MizanError): code = ErrorCode.BAD_REQUEST # noqa: E701
|
|
class ValidationFailed(MizanError): code = ErrorCode.VALIDATION_ERROR # noqa: E701
|
|
class Unauthorized(MizanError): code = ErrorCode.UNAUTHORIZED # noqa: E701
|
|
class Forbidden(MizanError): code = ErrorCode.FORBIDDEN # noqa: E701
|
|
class NotImplementedYet(MizanError): code = ErrorCode.NOT_IMPLEMENTED # noqa: E701
|
|
class InternalError(MizanError): code = ErrorCode.INTERNAL_ERROR # noqa: E701
|
|
|
|
|
|
# ─── Auth ───────────────────────────────────────────────────────────────────
|
|
|
|
|
|
def _user(request: Any) -> Any:
|
|
return getattr(getattr(request, "state", None), "user", None)
|
|
|
|
|
|
def _is_authenticated(user: Any) -> bool:
|
|
return bool(user) and getattr(user, "is_authenticated", True)
|
|
|
|
|
|
def _enforce_auth(request: Any, requirement: Any) -> None:
|
|
"""Verify the request meets the function's @client(auth=...) requirement, or raise."""
|
|
if requirement is None:
|
|
return
|
|
|
|
user = _user(request)
|
|
|
|
match requirement:
|
|
case True | "required":
|
|
if not _is_authenticated(user):
|
|
raise Unauthorized("Authentication required")
|
|
case "staff":
|
|
if not _is_authenticated(user):
|
|
raise Unauthorized("Authentication required")
|
|
if not getattr(user, "is_staff", False):
|
|
raise Forbidden("Staff access required")
|
|
case "superuser":
|
|
if not _is_authenticated(user):
|
|
raise Unauthorized("Authentication required")
|
|
if not getattr(user, "is_superuser", False):
|
|
raise Forbidden("Superuser access required")
|
|
case f if callable(f):
|
|
if not f(request):
|
|
raise Forbidden("Permission denied")
|
|
case other:
|
|
raise InternalError(f"Unknown auth requirement: {other!r}")
|
|
|
|
|
|
# ─── Input validation ───────────────────────────────────────────────────────
|
|
|
|
|
|
def _validate_input(input_cls: Any, input_data: Any) -> BaseModel | None:
|
|
"""Validate input_data against the function's Input model. Returns the instance or None."""
|
|
if input_cls in (None, BaseModel) or not getattr(input_cls, "model_fields", None):
|
|
return None
|
|
|
|
fields = input_cls.model_fields
|
|
required = [name for name, f in fields.items() if f.is_required()]
|
|
|
|
if not input_data:
|
|
if required:
|
|
raise ValidationFailed(
|
|
"Input validation failed",
|
|
details={"fields": {name: ["Field required"] for name in required}},
|
|
)
|
|
return input_cls()
|
|
|
|
if not isinstance(input_data, dict):
|
|
raise BadRequest(f"Input must be an object, got {type(input_data).__name__}")
|
|
|
|
try:
|
|
return input_cls(**input_data)
|
|
except ValidationError as e:
|
|
raise ValidationFailed(
|
|
"Input validation failed",
|
|
details={"errors": e.errors()},
|
|
) from e
|
|
|
|
|
|
# ─── Dispatch ───────────────────────────────────────────────────────────────
|
|
|
|
|
|
def _resolve_function(fn_name: str) -> Any:
|
|
view_class = get_function(fn_name)
|
|
if view_class is None:
|
|
raise NotFound("Function not found")
|
|
if getattr(view_class, "_meta", {}).get("private"):
|
|
raise Forbidden("Function is not client-callable")
|
|
return view_class
|
|
|
|
|
|
def _serialize(result: Any) -> Any:
|
|
# jsonable_encoder walks BaseModel / list / dict recursively, so list[BaseModel]
|
|
# (and nested shapes) come out wire-ready without a per-shape branch here.
|
|
return jsonable_encoder(result)
|
|
|
|
|
|
async def execute_function(
|
|
request: Any,
|
|
fn_name: str,
|
|
input_data: dict[str, Any] | None = None,
|
|
) -> Any:
|
|
"""Dispatch a registered function. Returns the serialized result, or raises MizanError.
|
|
|
|
Awaits `view.acall` — async handlers run on the loop, sync handlers run
|
|
in the default threadpool, both via the same entrypoint.
|
|
"""
|
|
view_class = _resolve_function(fn_name)
|
|
_enforce_auth(request, view_class._meta.get("auth"))
|
|
|
|
view = view_class(request)
|
|
validated = _validate_input(view.Input, input_data)
|
|
|
|
try:
|
|
result = await view.acall(validated)
|
|
except NotImplementedError as e:
|
|
raise NotImplementedYet(str(e) or "Not implemented") from e
|
|
except MizanError:
|
|
raise
|
|
except Exception as e:
|
|
raise InternalError(str(e)) from e
|
|
|
|
return _serialize(result)
|
|
|
|
|
|
# ─── Invalidation ───────────────────────────────────────────────────────────
|
|
|
|
|
|
def compute_invalidation(view_class: Any, input_data: dict[str, Any] | None) -> list[Any]:
|
|
"""Build the `invalidate` list from @client(affects=...) metadata, auto-scoping when arg names match context params."""
|
|
affects = getattr(view_class, "_meta", {}).get("affects") or []
|
|
return [_invalidation_target(target, input_data or {}) for target in affects]
|
|
|
|
|
|
def compute_merges(view_class: Any, input_data: dict[str, Any] | None, result: Any) -> list[dict[str, Any]]:
|
|
"""Build the `merge` list from @client(merge=...) metadata.
|
|
|
|
Each entry is `{context, slot, value, params?}` where `slot` names the
|
|
function inside the context bundle the value lands in. The slot is
|
|
resolved server-side via `types_match_for_merge` so the kernel does
|
|
no shape inference — the server has the schema, type-checked routing
|
|
lives here. Entries whose slot can't be uniquely resolved are dropped
|
|
with a warning; the consumer falls back to refetch via `affects`.
|
|
"""
|
|
targets = getattr(view_class, "_meta", {}).get("merge") or []
|
|
if not targets:
|
|
return []
|
|
mutation_output = getattr(view_class, "Output", None)
|
|
out: list[dict[str, Any]] = []
|
|
for ctx_name in targets:
|
|
slot = _resolve_merge_slot(ctx_name, mutation_output)
|
|
if slot is None:
|
|
continue
|
|
entry: dict[str, Any] = {"context": ctx_name, "slot": slot, "value": result}
|
|
scoped = _scoped_params(ctx_name, input_data or {})
|
|
if scoped:
|
|
entry["params"] = scoped
|
|
out.append(entry)
|
|
return out
|
|
|
|
|
|
def _resolve_merge_slot(context_name: str, mutation_output: Any) -> str | None:
|
|
"""Find the unique function-name slot whose return type matches the mutation's output.
|
|
|
|
Returns None on no match or ambiguous match (multiple candidates).
|
|
"""
|
|
if mutation_output is None:
|
|
return None
|
|
matches: list[str] = []
|
|
for fn_name in get_context_groups().get(context_name, []):
|
|
fn_cls = get_function(fn_name)
|
|
if fn_cls is None:
|
|
continue
|
|
fn_output = getattr(fn_cls, "Output", None)
|
|
if fn_output is not None and types_match_for_merge(fn_output, mutation_output):
|
|
matches.append(fn_name)
|
|
return matches[0] if len(matches) == 1 else None
|
|
|
|
|
|
def _scoped_params(context_name: str, input_data: dict[str, Any]) -> dict[str, Any]:
|
|
"""Match input args against the context's declared Input field names."""
|
|
fn_names = get_context_groups().get(context_name, [])
|
|
declared: set[str] = set()
|
|
for fn_name in fn_names:
|
|
fn_cls = get_function(fn_name)
|
|
if fn_cls is None:
|
|
continue
|
|
input_cls = getattr(fn_cls, "Input", None)
|
|
if input_cls and input_cls is not BaseModel and hasattr(input_cls, "model_fields"):
|
|
declared.update(input_cls.model_fields.keys())
|
|
return {k: v for k, v in input_data.items() if k in declared}
|
|
|
|
|
|
def _invalidation_target(target: dict[str, Any], input_data: dict[str, Any]) -> Any:
|
|
match target.get("type"):
|
|
case "context":
|
|
name = target["name"]
|
|
scoped = _scoped_params(name, input_data)
|
|
return {"context": name, "params": scoped} if scoped else name
|
|
case "function":
|
|
return {"function": target["name"]}
|
|
case _:
|
|
return target
|