Cello v1.2.3 — Full Middleware Python API & Docs Fixes¶

Release Date: June 14, 2026 License: MIT Python: 3.12+

Overview¶

Cello v1.2.3 exposes the complete authentication and security middleware suite to Python — functionality that existed in Rust since v0.4.0 but had no Python API. It also fixes all incorrect import paths across the documentation.

Drop-in upgrade from v1.2.2. No breaking changes.

New Features¶

Full Middleware Python API¶

All authentication and security middleware is now accessible from Python.

`app.use(middleware)` — universal middleware dispatcher¶

from cello import App, JwtConfig
from cello.middleware import JwtAuth, BasicAuth, ApiKeyAuth, CsrfConfig

app = App()

# JWT authentication
app.use(JwtAuth(JwtConfig(secret="your-32-byte-secret-key!", algorithm="HS256")))

# Basic auth with credential dict
app.use(BasicAuth(credentials={"admin": "s3cr3t"}, realm="My API"))

# API key validation
app.use(ApiKeyAuth(keys={"key-abc": "service-a", "key-xyz": "service-b"}))

# CSRF protection
app.use(CsrfConfig())

New `App` enable methods¶

app.enable_jwt(JwtConfig(secret="...", algorithm="HS256"), skip_paths=["/health"])
app.enable_session(SessionConfig(cookie_name="sid", max_age=3600))
app.enable_security_headers(strict=False)
app.enable_csrf()
app.enable_basic_auth(credentials={"admin": "secret"}, realm="Protected")
app.enable_api_key(keys={"key123": "service-a"}, header="X-API-Key")

New `cello.middleware` module¶

from cello.middleware import (
    JwtAuth,               # JWT auth wrapper for app.use()
    BasicAuth,             # Basic auth wrapper for app.use()
    ApiKeyAuth,            # API key auth wrapper for app.use()
    CsrfConfig,            # CSRF middleware config for app.use()
    AdaptiveRateLimitConfig,  # Convenience wrapper for RateLimitConfig.adaptive()
    # Also re-exported from cello for convenience:
    JwtConfig,
    SessionConfig,
    SecurityHeadersConfig,
    RateLimitConfig,
    CSP,
)

Docs Fixes¶

All documentation pages now use correct import paths. Previously, several pages showed imports that raised ImportError at runtime.

Wrong (raised ImportError)	Correct
`from cello.guards import RoleGuard`	`from cello import RoleGuard`
`from cello.guards import PermissionGuard`	`from cello import PermissionGuard`
`from cello.guards import AuthenticatedGuard`	`from cello import Authenticated`
`from cello.guards import AndGuard`	`from cello import And`
`from cello.middleware import CircuitBreaker`	`app.enable_circuit_breaker(...)`
`from cello.middleware import CacheConfig`	`app.enable_caching(ttl=...)`

Files Changed¶

File	Change
`src/lib.rs`	Add `enable_jwt`, `enable_session`, `enable_security_headers`, `enable_csrf`, `enable_basic_auth`, `enable_api_key` to Rust `Cello` struct
`python/cello/middleware.py`	New file — `JwtAuth`, `BasicAuth`, `ApiKeyAuth`, `CsrfConfig`, `AdaptiveRateLimitConfig`
`python/cello/__init__.py`	Add `App.use()` dispatcher and 6 new `enable_*` methods
`docs/`	9 pages updated with correct import paths
`docs/overrides/main.html`	Announcement bar updated to v1.2.3

Upgrade¶

pip install --upgrade cello-framework==1.2.3

Drop-in replacement for v1.2.2. No API changes.