Skip to content

v0.4.0

Choose a tag to compare

@ack1d ack1d released this 24 Feb 12:19

Highlights

  • Inspector class - stateful wrapper that accumulates violations across
    all connections. Unlike inspect() (which returns a plain callable with no
    way to read results), Inspector keeps a .violations list you can assert
    on after driving the app:

    inspector = Inspector(app)
    # ... drive the app with httpx, TestClient, etc. ...
    assert inspector.violations == []

    Inspector is also directly callable as an ASGI app.

  • User-defined profiles - define reusable rule presets in pyproject.toml
    or .asgion.toml and reference them by name in config or CLI:

    [tool.asgion.profiles.ci]
    min_severity = "error"
    categories = ["http.fsm", "ws.fsm"]
    asgion check myapp:app --profile ci
  • inspect() is now a thin wrapper around Inspector - no behavior change,
    fully backward-compatible.

Breaking Changes

  • InspectedApp (internal class in asgion.pytest_plugin) is replaced by
    Inspector. If you annotated the return type of asgi_inspect explicitly,
    update it:

    # before
    app: InspectedApp = asgi_inspect(my_app)
    
    # after
    from asgion import Inspector
    app: Inspector = asgi_inspect(my_app)

    Existing test code that only accesses .violations or calls app(...) works
    without changes.


Full changelog: CHANGELOG.md