Release bengal-pounce 0.7.0 · lbliii/pounce

Highlights

Protocol fail-closed behavior — HTTP/2 and HTTP/3 now reject oversized bodies and malformed pseudo-headers before apps can process empty, truncated, or ambiguous tenant-facing scopes.
Config and operator UX — pounce config schema, pounce config show, pounce init, improved pounce check, and opt-in /_pounce/info make deployed configuration easier to inspect without leaking secrets.
Production-shaped proof — Bengal static-site and Chirp/LB Sonic forum workloads are checked in as benchmark fixtures for representative static, tenant, form, SSE, and middleware behavior.
Release-path cleanup — worker lifecycle parity, fork-context diagnostics, compression guards, middleware contracts, Railway docs, and troubleshooting entries were tightened before release.

pounce config schema for JSON Schema and commented TOML output.
pounce config show for resolved configuration through a fail-closed redaction allowlist.
pounce init for scaffolding app.py, pounce.toml, and .gitignore.
/_pounce/info, disabled by default and loopback-bound by default, with allowlist-redacted runtime metadata.
Bengal and Chirp benchmark workloads under benchmarks/.
Railway deployment guidance.

HTTP/2 and HTTP/3 body limits now reject oversized streams with 413 behavior instead of delivering empty or truncated request bodies.
HTTP/2 and HTTP/3 pseudo-headers are validated before scope construction, including Host/:authority conflicts.
Single-worker startup hooks now treat unknown Pounce worker scopes as nonfatal, matching Worker-based paths.
Thread workers no longer require a multiprocessing fork context.
Already encoded responses are no longer double-compressed on H2, H3, sync ASGI, or sync-app paths.
Trusted proxy authority handling is consistent across HTTP/1.1, HTTP/2, HTTP/3, and WebSocket scopes.
WebSocket compression is advertised only when negotiated by the client.
Middleware request hooks no longer break lifespan or worker lifecycle scopes.

uv add "bengal-pounce==0.7.0"