Consistency sweep: enum members, keyword status codes, SimpleCookie

analytics.py filters by TransactionType.COMPRA instead of the string
literal; budget.py uses keyword HTTPException args; the agent
middleware parses cookies with stdlib SimpleCookie instead of a regex
(ARCH-10); auth.py's lazy imports are hoisted — there was never an
actual auth/db cycle (ARCH-20); transactions.py hoists or_/and_.
Verified: dev container boots, agent auth paths return 401 for
missing/garbage cookies.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Carlos Escalante
2026-06-10 15:23:21 -06:00
parent 82f10a5d7c
commit 440da3e394
5 changed files with 15 additions and 16 deletions

View File

@@ -1,7 +1,7 @@
import asyncio
import json
import re
import uuid
from http.cookies import SimpleCookie
from contextlib import asynccontextmanager
from agent_framework_ag_ui import add_agent_framework_fastapi_endpoint
@@ -105,10 +105,10 @@ async def agent_auth_and_session(request: Request, call_next):
if auth_header.lower().startswith("bearer "):
token = auth_header.split(" ", 1)[1].strip()
else:
cookie_header = request.headers.get("cookie", "")
m = re.search(r"(?:^|;\s*)ws_token=([^;]+)", cookie_header)
if m:
token = m.group(1)
cookies = SimpleCookie()
cookies.load(request.headers.get("cookie", ""))
if "ws_token" in cookies:
token = cookies["ws_token"].value
if not token:
return Response(status_code=401, content="Missing auth")