0.7.0 - Pounce

Highlights

Protocol fail-closed behavior — HTTP/2 and HTTP/3 now reject oversized bodies and malformed pseudo-headers before apps can process empty, truncated, or ambiguous tenant-facing scopes.
Config and operator UX —pounce config schema, pounce config show, pounce init, improved pounce check, and opt-in /_pounce/infomake deployed configuration easier to inspect without leaking secrets.
Production-shaped proof — Bengal static-site and Chirp/LB Sonic forum workloads are checked in as benchmark fixtures for representative static, tenant, form, SSE, and middleware behavior.
Release-path cleanup — worker lifecycle parity, fork-context diagnostics, compression guards, middleware contracts, Railway docs, and troubleshooting entries were tightened before release.

pounce config schemafor JSON Schema and commented TOML output.
pounce config showfor resolved configuration through a fail-closed redaction allowlist.
pounce init for scaffolding app.py, pounce.toml, and .gitignore.
/_pounce/info, disabled by default and loopback-bound by default, with allowlist-redacted runtime metadata.
Bengal and Chirp benchmark workloads underbenchmarks/.
Railway deployment guidance.

HTTP/2 and HTTP/3 body limits now reject oversized streams with 413 behavior instead of delivering empty or truncated request bodies.
HTTP/2 and HTTP/3 pseudo-headers are validated before scope construction, including Host/:authorityconflicts.
Single-worker startup hooks now treat unknown Pounce worker scopes as nonfatal, matching Worker-based paths.
Thread workers no longer require a multiprocessingforkcontext.
Already encoded responses are no longer double-compressed on H2, H3, sync ASGI, or sync-app paths.
Trusted proxy authority handling is consistent across HTTP/1.1, HTTP/2, HTTP/3, and WebSocket scopes.
WebSocket compression is advertised only when negotiated by the client.
Middleware request hooks no longer break lifespan or worker lifecycle scopes.

uv add "bengal-pounce==0.7.0"