0.2.0
Production grade security, static files, observability, and developer experience
Highlights
- Security hardening — Proxy header validation, CRLF sanitization, slowloris protection, request smuggling prevention
- Static file serving — Pre-compressed files, ETags, range requests, chunked transfers
- Production observability — Built-in
/healthand/metricsendpoints, request IDs, OpenTelemetry, Sentry - Graceful operations — Zero-downtime SIGHUP reload, connection draining for Kubernetes
- Developer experience — Rich error pages, hot reload, middleware system, WebSocket compression
Security & Network
- Proxy header validation (
trusted_hosts) — X-Forwarded-* only from trusted peers - CRLF response header sanitization — Prevents header injection
- Slowloris protection —
header_timeout(default 10s) - Unix domain socket support —
--uds /run/pounce.sock - 503 backpressure —
Retry-After: 5whenmax_connectionsreached - Streaming body size enforcement for chunked requests
Features
- Static files —
static_files,static_precompressed, ETags, range requests - Middleware — Server-level ASGI3 middleware stack
- Graceful reload — SIGHUP triggers rolling worker restart
- WebSocket compression — permessage-deflate (RFC 7692)
- Error pages — Rich HTML tracebacks in debug mode
- Hot reload — In-process module reimport, configurable reload watch
Production Integrations
- OpenTelemetry —
otel_endpoint,otel_service_namefor distributed tracing - Sentry —
sentry_dsnfor error tracking - Rate limiting — Per-IP token bucket (
rate_limit_enabled) - Request queueing — Bounded queue with 503 load shedding
Status
- 103 files changed since 0.1.0
- Full H1/H2 feature parity for security and observability
- HTTP/1.1, HTTP/2, WebSocket, TLS, multi-worker
- ASGI 3.0 compliant
Install
uv add "bengal-pounce==0.2.0"
Documentation
- Deployment guides — Observability, rate limiting, request queueing, Sentry, Prometheus
- Features — Static files, middleware, graceful reload, error pages, lifecycle logging