7.0.0
fastapi-guard v7.0.0 — Fail-secure by default (upstream), agent-stats surface, version reporting
Breaking changes (upstream)
-
SecurityConfig.fail_securenow defaults toTrue(inherited fromguard-core >= 3.0.0). When any security check raises an unhandled exception, the request is now blocked with HTTP 500 instead of logging and falling through. Bugs in checks that previously slipped past as silent fail-open responses now surface immediately.Restore the old behavior on deployments that depend on it:
from guard import SecurityConfig config = SecurityConfig(fail_secure=False)
Recommended migration: keep the new default, surface any check exceptions in your monitoring, and fix them — the previous default could mask serious bugs. The fastapi-guard major bump tracks this upstream change so deployments see a clear signal.
Added
-
SecurityMiddleware.agent_stats— read-only@propertyreturning the agent's telemetry buffer state. Returns{"enabled": False}when no agent is wired; otherwise returns{"enabled": True, **agent_handler.get_stats()}exposingevents_dropped,metrics_dropped,circuit_breaker_state, and other agent counters. No caching — fresh on each call. Lets app teams build health endpoints that surface agent-side drops and circuit-breaker trips without scraping the agent directly. -
from guard import __version__— package version is now exported viaimportlib.metadata.version("fastapi-guard")with a"0.0.0+unknown"fallback if the package is not installed (development from source). Pairs withguard-core >= 3.0.0'sSecurityConfig.agent_guard_versionso application code can wire the fastapi-guard version through to the agent for SaaS-side telemetry attribution:from guard import SecurityConfig, __version__ config = SecurityConfig(agent_guard_version=__version__)
Compatibility
SecurityMiddleware.agent_statsis purely additive — no existing API was changed.__version__was previously absent; reading it before this release returnedNonevia missing-attribute fallback in some integrations.
What's Changed
Full Changelog: 6.0.0...7.0.0