Skip to content

bengal-pounce 0.6.0

Choose a tag to compare

View all tags
@lbliii lbliii released this 14 Apr 00:27
· 62 commits to main since this release
v0.6.0
1e20ed6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

  • Subinterpreter workers — New --worker-mode subinterpreter option using Python 3.14's concurrent.interpreters (PEP 734). Thread-like performance with process-like isolation, all in one process.
  • RFC 9842 Compression Dictionary Transport — Shared zstd dictionaries for dcz content-encoding, Available-Dictionary / Use-As-Dictionary header negotiation, and built-in dictionary serving at /.well-known/compression-dictionary/.
  • Zero-copy sendfileos.sendfile() for static file serving on non-TLS connections, plus RFC 7233 multipart range requests.
  • TOML config — Load settings from pounce.toml or [tool.pounce] in pyproject.toml.
  • Framework compatibility tests — 48 integration tests proving compatibility with FastAPI, Starlette, Django, and Litestar through real Pounce workers.
  • Security hardening — Fixed 12 security issues including CRLF injection, unenforced limits, weak TLS ciphers, and world-writable UDS sockets.

Added

  • Subinterpreter worker mode (--worker-mode subinterpreter) via PEP 734
  • RFC 9842 Compression Dictionary Transport with dcz content-encoding
  • Zero-copy os.sendfile() for static file serving on non-TLS connections
  • RFC 7233 multipart range requests
  • TOML config file support (pounce.toml / [tool.pounce])
  • 48 framework compatibility integration tests (FastAPI, Starlette, Django, Litestar)
  • Towncrier changelog management with CI-enforced fragments
  • bengal-zoomies 0.3.1: QUIC client tests, QPACK compression, 0-RTT policy control

Changed

  • Bump milo-cli to 0.2.2 and kida-templates to 0.6.0 (get_env() cache fix: 122 us to 125 ns)
  • Split _apply_integrations() god method into 7 focused private methods

Fixed

  • 60+ bug fixes across protocols, config, CLI, middleware, and worker lifecycle
  • Fixed Python 2 exception syntax errors across 27 files that would crash on import
  • Worker shutdown hang when keep-alive/WebSocket/SSE connections were open
  • CLI config precedence: explicit args now always override TOML values
  • Exponential backoff for worker restart to prevent tight crash-restart loops
  • CORS/security middleware now skip headers already set by the app
  • Hardened subinterpreter workers: socket FD leak, lifespan state drops, error messages

Security

  • Fixed CRLF injection in proxy headers and request IDs
  • Enforced max_headers and websocket_max_message_size limits
  • Strengthened TLS cipher suite defaults
  • Fixed world-writable UDS socket permissions
  • Completed security middleware header coverage

Install

uv add "bengal-pounce==0.6.0"
Assets 2
Loading