Skip to main content

The Python framework for building applications that humans use and agents can safely operate.

Project description

Quater

CI Coverage Python 3.11+ License: MIT Docs

PyPI Downloads

Most backend frameworks were designed for one main job: serve data to a frontend, then let humans click through that frontend to get work done.

That model still matters, but it is no longer enough. Moving ahead, more work is going to be done by AI agents. Asking those agents to use a product through screens, buttons, and forms is slow, fragile, and often the wrong level of access. Agents need a safe way to work with the backend directly.

That does not mean giving agents unlimited access. It means exposing the right operations, with clear inputs, clear descriptions, real auth, audit trails, and approval gates where the action is sensitive.

Quater is a Python backend framework built for this shift. You build a normal backend for people and services, and you can expose selected views directly to MCP Clients through MCP or to AI agents through the CLI. The same operation can serve the app, power an agent, and support production workflows without becoming three different pieces of code.

The goal is simple: make the backend usable by humans and operable by AI agents, without losing safety, structure, or ownership of the application logic.

Highlights

  • One view serves HTTP, MCP, and CLI. You annotate the route once and all three entry points share the same handler logic, while auth is configured per surface.
  • Exposing a view to AI agents takes a single flag. No extra service, no separate schema file, no adapter to maintain.
  • Request safety is on by default. Host checking, CORS, body limits, and request IDs run without you touching configuration; authentication is enabled per surface with AuthConfig, and surfaces without one are deliberately public.
  • Every request carries source and entrypoint metadata, so audit logs always know whether a human or an AI agent used your backend and how it arrived.
  • It gives slightly better performance than FastAPI for real workloads, with no measurable overhead when database I/O dominates.
  • It's simple to use, with a small API surface and no extra configuration required.

A Small App

from quater import AuthConfig, AuthContext, HTTPError, Quater, Request


async def authenticate(request: Request) -> AuthContext | None:
    if request.headers.get("authorization") != "Bearer admin-token":
        return None
    return AuthContext(subject="admin")


app = Quater(auth=[AuthConfig(authenticate, surfaces=["api", "mcp", "cli"])])

ORDERS: dict[str, dict[str, object]] = {
    "ord_1001": {"id": "ord_1001", "status": "paid", "total": 42.5}
}


@app.get("/health", public=True)
async def health() -> dict[str, bool]:
    return {"ok": True}


@app.get(
    "/orders/{order_id}",
    tool=True,
    cli=True,
    description="Fetch one order by id.",
)
async def get_order(order_id: str, request: Request) -> dict[str, object]:
    order = ORDERS.get(order_id)
    if order is None:
        raise HTTPError("Order not found", status_code=404)
    assert request.auth is not None
    return {
        **order,
        "subject": request.auth.subject,
        "source": request.context.source,
        "entrypoint": request.context.entrypoint,
    }

Run it:

python -m pip install quater
quater dev main.py

If you use uv, install with uv add quater instead.

Expected server output:

[INFO] Starting granian
[INFO] Listening at: http://127.0.0.1:8000
  1. Call HTTP:
curl -H "Authorization: Bearer admin-token" \
  http://127.0.0.1:8000/orders/ord_1001
{
  "id": "ord_1001",
  "status": "paid",
  "total": 42.5,
  "subject": "admin",
  "source": "api",
  "entrypoint": "server"
}
  1. Call the same handler as an MCP tool:
curl http://127.0.0.1:8000/mcp \
  -H "Authorization: Bearer admin-token" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"get_order","arguments":{"order_id":"ord_1001"}}}'
{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\"id\":\"ord_1001\",\"status\":\"paid\",\"total\":42.5,\"subject\":\"admin\",\"source\":\"mcp\",\"entrypoint\":\"server\"}"
      }
    ],
    "isError": false
  }
}
  1. Call the same handler from the local CLI without a server round trip:
export QUATER_APP=main:app
export QUATER_TOKEN=admin-token
quater actions list
quater call get_order --order-id ord_1001
{
  "id": "ord_1001",
  "status": "paid",
  "total": 42.5,
  "subject": "admin",
  "source": "cli",
  "entrypoint": "local"
}
  1. For a hosted app, connect once and call the named remote, just like git:
quater connect store https://api.example.com --token admin-token
quater actions describe store get_order
quater call store get_order --order-id ord_1001

Production demo

If you want to see how an app built on Quater behaves in production, check out DevilsAutumn/frustrated. It is a demo Quater app that users can operate through their AI agents and MCP clients, along with normal HTTP routes. It's not 100% production-ready, but it serves as a good example of how Quater can be used in a real-world app.

Data flow diagram

flowchart TB
    caller["Caller\nperson, service, or AI agent"]
    http["HTTP request\nGET /orders/ord_1001"]
    mcp["MCP tool call\ntools/call get_order"]
    remote_cli["Remote CLI action\nquater call store get_order"]
    adapter["Server adapter\nRSGI / ASGI / WSGI"]
    checks["Framework checks\nhost, body limit, CORS, request id"]
    router["Route metadata\nmethod, path, public, resources"]
    auth["Per-surface Auth\none authenticator, by source,\nsharing the request scope"]
    handler["Your handler\nget_order(...)"]
    response["Serialized response\nJSON, text, bytes, stream"]

    caller --> http
    caller --> mcp
    caller --> remote_cli
    http --> adapter
    mcp --> adapter
    remote_cli --> adapter
    adapter --> checks
    checks --> router
    router -->|HTTP api| auth
    router -->|MCP| auth
    router -->|remote CLI| auth
    auth --> handler
    handler --> response

Why This Shape

Quater treats HTTP, MCP, and CLI as different ways to reach the same backend capability, not as three products you have to maintain.

  • For people and services: Quater gives you normal HTTP APIs with route decorators, OpenAPI, Swagger UI, request binding, response classes, route groups, middleware, and tests.
  • For MCP Clients: tool=True exposes selected routes through MCP with required descriptions, generated input schemas, per-surface transport auth, MCP docs, and audit hooks.
  • For AI agents: cli=True exposes selected routes as local or remote CLI actions with discovery, dry-run, approval hooks, and JSON output for scripts.
  • For the app itself: auth context, resources, app.state, lifespan hooks, and serialization stay attached to the handler instead of drifting into wrappers.
  • For performance: the request path stays deliberately small with Granian/RSGI, msgspec JSON, and a native route matcher.

Benchmarks

To measure performance, we ran benchmarks on an Apple M2 with an 8-core CPU, 16 GiB RAM, macOS 26.3, Python 3.11.12, and one worker per app. Quater performed slightly better than FastAPI when real database work was involved.

For very small endpoints without database access, FastAPI can be faster because the benchmark mostly measures framework overhead. Quater still runs built-in checks such as host validation, request IDs, body limits, and security headers on every request.

In the latest run, Quater used Granian/RSGI, while FastAPI used Uvicorn with uvloop and httptools. Full setup, commands, and CSV files are available in benchmarks.

No database throughput No database p95 latency
Postgres throughput Postgres p95 latency

Current Status

Quater is still moving quickly. Current versions are 0.x.x, and any release can potentially include breaking changes. Pin the exact version that works with your app, read the release notes before upgrading, and run your tests after each upgrade.

Documentation

Contributing

Quater is meant to be a community-driven project. Please read CONTRIBUTING.md before you start contributing.

Agent Skills

Quater ships two agent skills:

  • quater-apps: for operating applications built with Quater through MCP, CLI actions, and HTTP. The applications build on quater can have their own skills for operating their applications.
  • quater-framework: for building and debugging applications with Quater.

Install the app-operator skill:

npx -y skills add \
  https://github.com/DevilsAutumn/quater/tree/main/agent-skills/quater-apps

Install the framework-development skill:

npx -y skills add \
  https://github.com/DevilsAutumn/quater/tree/main/agent-skills/quater-framework

Working On Quater

This repo uses uv for local development:

uv sync --group dev
uv run pytest
uv run mypy
uv run ruff format --check src tests scripts
uv run ruff check src tests scripts
uv build

Docs use VitePress:

npm install
npm run docs:reference
npm run docs:dev
npm run docs:build
npm run docs:build:site

docs/en/dev is the only docs source tree. npm run docs:build publishes the dev channel under /en/dev/. npm run docs:build:site builds the deployable site in one VitePress pass: the dev channel from the working tree plus a stable channel materialized from the latest release tag at /en/stable/. Release docs are frozen by the Git tag, never copied into the repo.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

quater-0.2.0.tar.gz (494.3 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

quater-0.2.0-cp311-abi3-win_amd64.whl (288.5 kB view details)

Uploaded CPython 3.11+Windows x86-64

quater-0.2.0-cp311-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (388.9 kB view details)

Uploaded CPython 3.11+manylinux: glibc 2.17+ x86-64

quater-0.2.0-cp311-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (377.8 kB view details)

Uploaded CPython 3.11+manylinux: glibc 2.17+ ARM64

quater-0.2.0-cp311-abi3-macosx_11_0_arm64.whl (358.0 kB view details)

Uploaded CPython 3.11+macOS 11.0+ ARM64

quater-0.2.0-cp311-abi3-macosx_10_12_x86_64.whl (365.5 kB view details)

Uploaded CPython 3.11+macOS 10.12+ x86-64

File details

Details for the file quater-0.2.0.tar.gz.

File metadata

  • Download URL: quater-0.2.0.tar.gz
  • Upload date:
  • Size: 494.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for quater-0.2.0.tar.gz
Algorithm Hash digest
SHA256 972dcd8847abedd6d4bec955ba3a3fb51804bb2da78ad21d94c24ad8465da0bf
MD5 3cd82df06eb9b2d233cb5def8cdd852d
BLAKE2b-256 3fc4b827bcb140512c30b8498deaa5760fa759ea8b42a1ebd7b1dcd4886f6e5f

See more details on using hashes here.

Provenance

The following attestation bundles were made for quater-0.2.0.tar.gz:

Publisher: release.yml on DevilsAutumn/quater

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file quater-0.2.0-cp311-abi3-win_amd64.whl.

File metadata

  • Download URL: quater-0.2.0-cp311-abi3-win_amd64.whl
  • Upload date:
  • Size: 288.5 kB
  • Tags: CPython 3.11+, Windows x86-64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for quater-0.2.0-cp311-abi3-win_amd64.whl
Algorithm Hash digest
SHA256 82e688af1308bb88a470e08baafc0282707347a0f7b661cc2415859f1394398d
MD5 d52fee6be0dcceaccb003d76e7e75b15
BLAKE2b-256 0866afbcdd46d82bd97496994e3f4d1d1031ce1a7db07f1a41122b108b00e189

See more details on using hashes here.

Provenance

The following attestation bundles were made for quater-0.2.0-cp311-abi3-win_amd64.whl:

Publisher: release.yml on DevilsAutumn/quater

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file quater-0.2.0-cp311-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for quater-0.2.0-cp311-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 4c2741be3a5ce2966e51f2b61585c5b7c09ac6451b62a78d68b5327d7ac03fd8
MD5 23dfea58750156cecbd117cf4f8281ad
BLAKE2b-256 c79cf79a82ac49a2a3662954e40b6696636d36c67f696fdf5216057668f9bc36

See more details on using hashes here.

Provenance

The following attestation bundles were made for quater-0.2.0-cp311-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: release.yml on DevilsAutumn/quater

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file quater-0.2.0-cp311-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.

File metadata

File hashes

Hashes for quater-0.2.0-cp311-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 bf51a0bbb8ef6eb964ad36594894321b581efe1ab4b28677c161306c126bf077
MD5 9ba7a1cc2eabc74a8899c466fc43698c
BLAKE2b-256 883f19e1c3ae3d030a7246aa70234901387ee1cfa6073c95848bc075fed4782d

See more details on using hashes here.

Provenance

The following attestation bundles were made for quater-0.2.0-cp311-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl:

Publisher: release.yml on DevilsAutumn/quater

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file quater-0.2.0-cp311-abi3-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for quater-0.2.0-cp311-abi3-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 90464f545d0e871abf752d3d606d42c7962f1898b81d34c1b0d05d6d79bb0d71
MD5 8807e6fc48c8a3574ce47663b06e77f4
BLAKE2b-256 3c1b67d6391b6f39c654693aca54248f7712bf73f61677dfbfb87627d89a12ae

See more details on using hashes here.

Provenance

The following attestation bundles were made for quater-0.2.0-cp311-abi3-macosx_11_0_arm64.whl:

Publisher: release.yml on DevilsAutumn/quater

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file quater-0.2.0-cp311-abi3-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for quater-0.2.0-cp311-abi3-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 4817b22eb2f0473c36ba13af7427a24e490635987ea7b054cc39ade292537c75
MD5 efbca8559317fdb8dec45662e6a81c7e
BLAKE2b-256 c7366e28bf2d3f59bdcd6158907351f5e6def93a49557b4a5ba5db2ce23f05f5

See more details on using hashes here.

Provenance

The following attestation bundles were made for quater-0.2.0-cp311-abi3-macosx_10_12_x86_64.whl:

Publisher: release.yml on DevilsAutumn/quater

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page