Open LLM text
Share with AI
Ask Claude Ask ChatGPT Ask Gemini Ask Copilot
2 min read 338 words Updated 8 days ago

Chirp 0.3.0

Security middleware, caching framework, plugin system, schema migrations, i18n, and htmx header correctness

Focus: bridge five Django-ecosystem gaps — security middleware, response caching, a plugin system, auto-generated schema migrations, and internationalization — plus htmx header correctness improvements.

Highlights

Security middleware

Two new middleware close common deployment gaps:

  • AllowedHostsMiddleware validates the Host header against a configurable allowlist (via AppConfig(allowed_hosts=...) or AllowedHostsMiddleware(allowed_hosts=...)), returning 400 for spoofed hosts.
  • CSPNonceMiddleware generates a per-request nonce for Content-Security-Policy, available as request.state["csp_nonce"]and auto-injected into templates.

Caching framework

chirp.cache ships with a CacheBackendprotocol and three backends:

  • MemoryCacheBackend — in-process TTL cache for development and single-instance deploys.
  • NullCacheBackend — no-op backend for testing.
  • RedisCacheBackend — production-grade backend using redis.asyncio.

CacheMiddleware handles full-response caching and can use Vary-aware cache keys via vary_aware_cache_key and a configurable key_func.

Plugin system

ChirpPlugin is a protocol for packaging reusable middleware, routes, and template extensions. Install plugins by mounting them with a URL prefix, e.g. app.mount("/blog", plugin).

Schema migrations

chirp.data.schema introspects your models and the live database, diffs them, and generates migration files. The new chirp makemigrationsCLI command automates the workflow.

Internationalization

chirp.i18n provides message catalogs, LocaleMiddleware for automatic locale detection, and formatting helpers for numbers, dates, and currency. The t()translation helper is available in both Python and templates.

htmx header correctness

Request and Response htmx header handling is improved for spec compliance, inspired by django-htmx. HX-Trigger, HX-Push-Url, HX-Replace-Url, and related headers now use proper JSON encoding and boolean handling.

Changed

  • htmx headers — Improved correctness forHX-Trigger, HX-Push-Url, HX-Replace-Url, and related headers with proper JSON encoding and boolean handling.

Dependencies

No dependency changes — all new modules use the stdlib or existing dependencies.

Upgrading

uv pip install --upgrade "bengal-chirp>=0.3.0"

pip install --upgrade "bengal-chirp>=0.3.0"

Optional extras:

  • Redis cache backend:pip install "bengal-chirp[redis]"
  • UI layer:pip install "bengal-chirp[ui]"

To enable the new security middleware:

from chirp.middleware.allowed_hosts import AllowedHostsMiddleware
from chirp.middleware.csp_nonce import CSPNonceMiddleware

app.add_middleware(AllowedHostsMiddleware(allowed_hosts=("example.com",)))
app.add_middleware(CSPNonceMiddleware())