http_connection_pool 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: dcde2d73c540f08460cedccdbe23d1b963a6efadb10572932b33c27ba7e2ad24
+  data.tar.gz: 01e68de6a8cff18d5aa24479a78342016fbf11d424a21a612e28158114a7ebbc
+SHA512:
+  metadata.gz: 56d902f8c8cec43e09a689c934f7f6c2632db1066f107abbfebc7c85fa1b114f6f83c5ec3e3c83bf15444377b68fa24c7bb8874211328237ca579d0360e7b22a
+  data.tar.gz: 1d134c8c37cec6111439e1761dcd6e9e88efccdb138805ce37c906ba8b19492b12e41547b5f58d705724f25ca2fcb8e02ddb417f35e44f1db17d148ebae03b56

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 bbarberBPL
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,490 @@
+# HttpConnectionPool
+
+Thread-safe (and Fiber-scheduler-aware) persistent HTTP connection pooling for
+the [http.rb](https://github.com/httprb/http) gem.
+
+`HttpConnectionPool` keeps **one pool of persistent `HTTP::Session` connections
+per URL origin** (scheme + host + port) and hands them out to threads or fibers
+on demand. It is built on top of the battle-tested
+[`connection_pool`](https://github.com/mperham/connection_pool) gem and uses
+[`concurrent-ruby`](https://github.com/ruby-concurrency/concurrent-ruby)
+primitives for its registry, so checkouts are safe under heavy concurrency
+without you having to manage sockets, mutexes, or keep-alive state yourself.
+
+On http.rb v6, `HTTP.persistent` returns an `HTTP::Session`, and http.rb's own
+README notes that a persistent session is **not** thread-safe on its own —
+it recommends pairing it with the `connection_pool` gem. That is exactly what
+this gem does, with an origin-keyed registry, a `Connectable` mixin, and
+credential-isolated pools layered on top.
+
+## Features
+
+- **Persistent connections** — reuses keep-alive `HTTP::Session` connections
+  instead of opening a fresh socket per request.
+- **One pool per origin** — a global registry guarantees a single shared pool
+  for every `scheme://host:port`, normalised automatically from any URL.
+- **Thread-safe & fiber-aware** — backed by `connection_pool`, so a blocking
+  checkout yields to the fiber scheduler when one is active instead of parking
+  the OS thread.
+- **Bounded with timeouts** — configurable pool size and checkout timeout;
+  exhausted pools raise `HttpConnectionPool::Pool::TimeoutError` rather than
+  blocking forever.
+- **`Connectable` mixin** — drop into any service/API client class (or `extend`
+  onto a module) for a clean `with_connection { |conn| ... }` API.
+- **Introspectable** — `#stats` exposes pool size, checked-out, and idle counts.
+
+## Requirements
+
+- Ruby `>= 3.3.0`. Tested on **MRI (CRuby)**. JRuby support is planned but
+  currently **untested** — `http.rb` selects its parser by engine
+  ([`llhttp`](https://rubygems.org/gems/llhttp), a native C extension, on MRI
+  and `llhttp-ffi` on JRuby), so JRuby installs are not blocked, just not yet
+  verified.
+- On MRI, a C compiler/toolchain is needed at install time, since the `llhttp`
+  extension is compiled during `gem install` / `bundle install`. On
+  Debian/Ubuntu, for example, install `build-essential`; on macOS, the Xcode
+  Command Line Tools.
+
+### Dependency tree
+
+This gem pulls in the following runtime dependencies:
+
+| Gem               | Version constraint       | Notes                                  |
+| ----------------- | ------------------------ | -------------------------------------- |
+| `http`            | `~> 6.0`                 | The underlying http.rb client          |
+| `connection_pool` | `>= 2.5.5, < 3`          | Generic, fiber-aware pooling primitive |
+| `concurrent-ruby` | `>= 1.3.7, ~> 1.3`       | Lock-free registry & atomics; floor fixes CVE-2026-54904/54905/54906 |
+
+`http.rb` in turn brings in `http-cookie`, `domain_name`, and its parser
+(`llhttp` on MRI, `llhttp-ffi` on JRuby). All are pure Ruby except the native
+`llhttp` build used on MRI.
+
+## Installation
+
+Add it to your application's Gemfile:
+
+```ruby
+gem 'http_connection_pool'
+```
+
+Then run:
+
+```bash
+bundle install
+```
+
+Or install it directly:
+
+```bash
+gem install http_connection_pool
+```
+
+## Usage
+
+### The `Connectable` mixin (recommended)
+
+Include `HttpConnectionPool::Connectable` in a client class and configure it
+with a base URL. Each class sharing a base URL transparently shares one pool.
+
+```ruby
+require 'http_connection_pool'
+
+class GithubClient
+  include HttpConnectionPool::Connectable
+
+  self.base_url     = 'https://api.github.com'
+  self.pool_size    = 10
+  self.pool_timeout = 3.0
+  self.pool_options = { headers: { 'Authorization' => "Bearer #{ENV['GITHUB_TOKEN']}" } }
+
+  def user(login)
+    with_connection { |conn| conn.get("/users/#{login}").parse }
+  end
+end
+
+GithubClient.new.user('bbarberBPL')
+```
+
+You can also `extend` it onto a module for a class-method-only API:
+
+```ruby
+module GithubAPI
+  extend HttpConnectionPool::Connectable
+
+  self.base_url = 'https://api.github.com'
+
+  def self.user(login)
+    with_connection { |conn| conn.get("/users/#{login}").parse }
+  end
+end
+```
+
+### Using the registry directly
+
+If you don't want the mixin, reach for the registry. It returns (and caches) a
+pool for any URL's origin:
+
+```ruby
+registry = HttpConnectionPool::Registry.instance
+
+registry.pool_for('https://api.example.com').with do |conn|
+  conn.get('/status').parse
+end
+```
+
+### Configuration options
+
+`pool_options` (or the keyword args to `pool_for`) configure every
+`HTTP::Session` in the pool. Most are set on the underlying `HTTP::Options`
+when the session is built; `timeout` and `proxy` use http.rb's chainable
+translation:
+
+| Option        | How it is applied                          | Example                                       |
+| ------------- | ------------------------------------------ | --------------------------------------------- |
+| `:headers`    | `HTTP::Options` `headers` field            | `{ headers: { 'Accept' => 'application/json' } }` |
+| `:auth`       | folded into an `Authorization` header      | `{ auth: 'Bearer token' }`                    |
+| `:ssl`        | `HTTP::Options` `ssl` field                | `{ ssl: { ca_file: '/path/ca.pem' } }`        |
+| `:timeout`    | `HTTP::Session#timeout` (chainable)        | `{ timeout: 5 }`                              |
+| `:proxy`      | `HTTP::Session#via` (chainable)            | `{ proxy: ['proxy.example.com', 8080] }`      |
+| `:ssl_context`| not supported — raises `OptionKeyError`    | use `:ssl` instead                            |
+
+Request paths are resolved against the pool's origin, so pass relative paths
+(`conn.get('/users/1')`) — they target the pool's `scheme://host:port` (the
+origin of `base_url` when using the `Connectable` mixin).
+
+> **Note (http.rb v6):** `:ssl_context` is not supported. An `OpenSSL::SSL::SSLContext`
+> cannot be safely used as a pool key — two contexts that differ only in a
+> write-only field (e.g. `min_version`/`max_version`, which OpenSSL does not let
+> us read back) would key to the same pool and silently share connections. So
+> passing `:ssl_context` raises `HttpConnectionPool::OptionKeyError`. Configure
+> TLS via the `:ssl` hash (`ssl: { ca_file: ..., verify_mode: ... }`) instead.
+
+### One pool per (origin + options), and credential isolation
+
+Pools are keyed by a **SHA-256 digest of the origin and options**, so two
+callers that target the same host but supply different credentials each get
+their own isolated pool. There is no error, no interference, and no shared
+connections:
+
+```ruby
+# Each token gets its own pool — no conflict.
+registry.pool_for('https://api.example.com', headers: { 'Authorization' => 'Bearer aaa' })
+registry.pool_for('https://api.example.com', headers: { 'Authorization' => 'Bearer bbb' })
+```
+
+Requesting the same origin with **identical** options returns the cached pool
+without allocating a new one.
+
+This design also makes subclassing safe. A subclass that overrides
+`pool_options` receives its own isolated pool; a subclass that leaves
+`pool_options` untouched shares the parent's pool:
+
+```ruby
+class BaseClient
+  include HttpConnectionPool::Connectable
+  self.base_url  = 'https://api.example.com'
+  self.pool_size = 10
+end
+
+class AdminClient < BaseClient
+  # Inherits base_url and pool_size; gets a separate pool for admin credentials.
+  self.pool_options = { headers: { 'Authorization' => "Bearer #{ENV['ADMIN_TOKEN']}" } }
+end
+
+class ReadOnlyClient < BaseClient
+  self.pool_options = { headers: { 'Authorization' => "Bearer #{ENV['READONLY_TOKEN']}" } }
+end
+
+# BaseClient, AdminClient, and ReadOnlyClient each have their own pool.
+# BaseClient.connection_pool      — no auth
+# AdminClient.connection_pool     — admin token, never mixed with read-only
+# ReadOnlyClient.connection_pool  — read-only token, never mixed with admin
+```
+
+> **Note:** `pool_options` on a subclass *replaces* the parent's options
+> entirely — it does not merge them. If you need to add headers on top of a
+> parent's defaults, merge explicitly:
+> ```ruby
+> self.pool_options = BaseClient.pool_options.merge(
+>   headers: BaseClient.pool_options.fetch(:headers, {}).merge(
+>     'X-Extra' => 'value'
+>   )
+> )
+> ```
+
+**Option-hash key ordering** does not matter — `{ 'X-A' => '1', 'X-B' => '2' }`
+and `{ 'X-B' => '2', 'X-A' => '1' }` are treated as the same options and
+return the same pool. The registry normalises nested hashes before hashing.
+
+**Host casing** does not matter either — `https://API.Example.com` and
+`https://api.example.com` resolve to the same origin (and pool), since DNS
+hostnames are case-insensitive.
+
+When you `release` a pool you must pass the same options so the registry can
+locate the correct key:
+
+```ruby
+registry.release('https://api.example.com', headers: { 'Authorization' => 'Bearer aaa' })
+```
+
+Credentials are kept out of `#inspect`, `#to_s`, and `pp` output for both the
+pool and the registry:
+
+```ruby
+pool.inspect
+# => #<HttpConnectionPool::Pool origin="https://api.github.com:443" size=10 \
+#      timeout=3.0 closed=false options=[headers, auth]>
+
+HttpConnectionPool::Registry.instance.inspect
+# => #<HttpConnectionPool::Registry pools=3 max_pools=unlimited>
+```
+
+### Bounding the number of pools
+
+By default the registry holds an unbounded number of pools — one per distinct
+origin. If origins can be influenced by **untrusted input** (webhook targets,
+redirect hosts, user-supplied URLs), cap the registry so a flood of unique
+origins can't exhaust memory or file descriptors:
+
+```ruby
+# Per-registry:
+registry = HttpConnectionPool::Registry.new(max_pools: 100)
+
+# Or for the process-wide singleton, before first use (e.g. a Rails initializer):
+HttpConnectionPool::Registry.configure(max_pools: 100)
+```
+
+Creating a pool for a *new* origin beyond the cap raises
+`HttpConnectionPool::Registry::PoolLimitError`; reusing an existing origin is
+never blocked, and `release`-ing a pool frees a slot. The cap is a soft limit —
+under heavy concurrency the count may briefly overshoot by the number of
+distinct origins racing to be created, but growth stays bounded.
+
+### Inspecting pool state
+
+```ruby
+# Stats for a single pool:
+pool = GithubClient.connection_pool
+pool.stats
+# => { origin: "https://api.github.com:443", size: 10,
+#      checked_out: 0, idle: 10, closed: false }
+
+# Stats for all pools in the registry (Array, one entry per pool):
+HttpConnectionPool::Registry.instance.stats
+# => [
+#      { origin: "https://api.github.com:443", size: 10, ... },
+#      { origin: "https://api.example.com:443", size: 5,  ... },
+#    ]
+```
+
+### Shutting pools down
+
+```ruby
+GithubClient.release_connection_pool          # close one class's pool
+HttpConnectionPool::Registry.instance.close_all  # close every pool
+```
+
+Prefer `release_connection_pool` / `Registry#release` / `close_all`, which both
+close the pool **and** remove it from the registry. Calling `Pool#close`
+directly on a pool you obtained from the registry closes its connections but
+leaves the dead entry in the registry until its exact key is requested again —
+the entry keeps its slot under [`max_pools`](#bounding-the-number-of-pools)
+until then. A long-running process that closes pools out-of-band can reclaim
+them all at once:
+
+```ruby
+HttpConnectionPool::Registry.instance.sweep_closed!  # evict closed pools, returns count
+```
+
+
+### Forking app servers (Puma, Unicorn, Spring, Resque, Sidekiq)
+
+Clustered Puma, Unicorn, and other preforking servers boot the app **once in a
+parent process** and then `fork` worker processes. A network socket must never
+be shared across a fork — two processes reading and writing the same TLS/HTTP
+connection will corrupt each other's streams.
+
+**The good news:** this gem's backing `connection_pool` (>= 2.5) is fork-aware.
+It defaults to `auto_reload_after_fork: true` and hooks `Process._fork`, so a
+freshly forked worker automatically **discards any inherited connections and
+opens its own** on first checkout. You do not need to do anything for
+correctness — there is no risk of workers sharing a socket.
+
+What is still worth doing is **hygiene**: proactively close inherited pools in
+each worker so you start from a clean slate and don't briefly retain the
+parent's (now-defunct) connection objects. Every server exposes an
+`after_fork`/`on_worker_boot` hook for exactly this:
+
+```ruby
+# Puma — config/puma.rb
+on_worker_boot do
+  HttpConnectionPool::Registry.instance.close_all
+end
+
+# Unicorn — config/unicorn.rb
+after_fork do |_server, _worker|
+  HttpConnectionPool::Registry.instance.close_all
+end
+```
+
+```ruby
+# Resque
+Resque.after_fork { HttpConnectionPool::Registry.instance.close_all }
+
+# Sidekiq runs jobs in threads, not forks, so no per-job reset is needed; the
+# shared pool is what you want there.
+```
+
+The parent process is unaffected by a worker closing its own copy — each forked
+worker gets its own copy-on-write view of the singleton registry. You can pair
+this with `Registry.configure(max_pools:)` (see above) in the parent's boot so
+every worker inherits the same ceiling.
+
+It is also good practice to close pools on graceful shutdown so connections are
+released promptly rather than waiting on GC / socket timeouts:
+
+```ruby
+at_exit { HttpConnectionPool::Registry.instance.close_all }
+```
+
+## Security
+
+Keeping a persistent connection open means any header configured on the pool
+(`auth`, `Authorization`, `Cookie`) is reused for every request on that
+connection. Two practices keep that from leaking:
+
+- **Never build a request path from untrusted input without validating it.**
+  A protocol-relative path (`//evil-host/path`) can be interpreted as a
+  network-path reference that replaces the origin's authority, redirecting the
+  request — and its connection-scoped credentials — to an attacker-controlled
+  host. As a defensive measure, reject request paths that begin with `//`
+  before passing them to `with_connection`.
+- **Cap the registry when origins come from untrusted input** — see
+  [Bounding the number of pools](#bounding-the-number-of-pools).
+
+Credentials are also kept out of `#inspect`, `#to_s`, and `pp` output for both
+the pool and the registry (origin, size, and option *keys* only — never option
+values). See
+[credential isolation](#one-pool-per-origin--options-and-credential-isolation).
+
+## Error handling
+
+Every error raised by the pool/registry layer descends from a single root, so
+one rescue catches them all:
+
+| Error                                  | Raised when                                      |
+| -------------------------------------- | ------------------------------------------------ |
+| `HttpConnectionPool::TimeoutError`     | No connection available within the checkout timeout |
+| `HttpConnectionPool::ClosedError`      | A closed pool is used                            |
+| `HttpConnectionPool::PoolLimitError`   | A new pool would exceed `max_pools`              |
+| `HttpConnectionPool::InvalidURLError`  | A URL has no/unsupported scheme or no host       |
+| `HttpConnectionPool::OptionKeyError`   | An option value cannot be used as a pool key     |
+
+`InvalidURLError` and `OptionKeyError` are both `ConfigurationError`, which is
+itself a `HttpConnectionPool::Error`:
+
+```ruby
+begin
+  client.with_connection { |conn| conn.get('/status') }
+rescue HttpConnectionPool::Error => e
+  # any pool/registry-layer failure
+end
+```
+
+The legacy constants `Pool::TimeoutError`, `Pool::ClosedError`, and
+`Registry::PoolLimitError` still work — they are aliases of the classes above.
+
+**Request errors pass through.** A request you make inside the block
+(`conn.get(...)`) is yours: any `HTTP::Error` (timeouts, connection failures,
+status errors) propagates **unchanged**, because the pool does not own your
+request semantics. Rescue `HttpConnectionPool::Error` for pool/registry
+failures and `HTTP::Error` for request failures.
+
+## Rails compatibility
+
+This gem works inside Rails (verified against the **7.2.x** series) but does
+**not** depend on Rails — it stays usable in any plain-Ruby project. Rails and
+this gem share two dependencies, and the version constraints overlap cleanly:
+
+| Shared dep        | Rails 7.2 requires    | This gem requires  |
+| ----------------- | --------------------- | ------------------ |
+| `concurrent-ruby` | `~> 1.0, >= 1.3.1`    | `~> 1.3`           |
+| `connection_pool` | `>= 2.2.5`            | `>= 2.5.5, < 3`    |
+
+Compatibility is enforced in CI: `activesupport` is pulled into the **test
+group only** (never the gemspec), and `spec/integration/rails_compatibility_spec.rb`
+asserts the resolved dependency versions satisfy both Rails and this gem, and
+that the `Connectable` mixin behaves correctly under a Rails-style service
+object (including across class reloads). To test a newer Rails, bump the
+`activesupport` pin in the Gemfile and re-run the suite.
+
+### Zeitwerk
+
+The gem loads its own constants with plain `require_relative`, so it is
+invisible to — and safe for — a host Rails app's Zeitwerk loader, even under
+`eager_load` in production. Its file/constant layout is nonetheless fully
+Zeitwerk-conformant: `spec/integration/zeitwerk_compliance_spec.rb` eager-loads
+the gem through a real `Zeitwerk::Loader` (in a clean process) and fails if any
+file/constant naming ever drifts. Like every gem, only `version.rb` is exempt
+(it defines `VERSION`, not `Version`). Zeitwerk is a **test-only** dependency,
+never a runtime one.
+
+### Background jobs
+
+The gem is also verified inside background jobs:
+`spec/integration/background_job_spec.rb` runs the `Connectable` pool through a
+bare `Sidekiq::Job`, an Active Job on the `:test` adapter, and an Active Job on
+the `:sidekiq` adapter (all under `Sidekiq::Testing.inline!`, no Redis). It
+asserts that jobs hitting one origin share a single pool, that job classes with
+different credentials get isolated pools, that a connection is returned to the
+pool when a job raises, and that neither the registry nor the live `Pool` count
+grows with job count. Sidekiq and Active Job are **test-only** dependencies.
+
+## Development
+
+After checking out the repo, install dependencies and run the test suite:
+
+```bash
+bin/setup          # bundle install
+bundle exec rake   # runs RuboCop, then RSpec (the default `ci` task)
+```
+
+For an interactive sandbox with the gem and an `EXAMPLE` client preloaded:
+
+```bash
+bin/console
+```
+
+```ruby
+>> EXAMPLE.with_connection { |conn| conn.get('/get').status }
+>> EXAMPLE.connection_pool_stats
+```
+
+### Examples
+
+The [`examples/`](examples/) directory has runnable, real-backend examples that
+are not part of the gem package. [`examples/solr_client.rb`](examples/solr_client.rb)
+is a `Connectable` client for a Solr 8.11.x core, and
+[`examples/solr_update_demo.rb`](examples/solr_update_demo.rb) walks an
+add/update/read/delete round-trip through the pool. See
+[`examples/README.md`](examples/README.md) for how to run them.
+
+### Building and publishing
+
+```bash
+bundle exec rake build            # build the gem into pkg/ (gitignored)
+bundle exec rake build:checksum   # build, then write SHA-256 + SHA-512 to checksums/
+```
+
+`rake build:checksum` records both digests under `checksums/` in the standard
+`sha256sum -c` / `sha512sum -c` format, so a published artifact can be verified
+against this repository. The built `.gem` is never committed; only its
+checksums are.
+
+Publishing to RubyGems is a manual, maintainer-only step — this project
+deliberately ships no automated push task. Regenerate the checksums whenever
+the version changes, immediately before publishing.
+
+## License
+
+Released under the [MIT License](LICENSE).

data/lib/http_connection_pool/connectable.rb

@@ -0,0 +1,175 @@
+# frozen_string_literal: true
+
+require_relative 'registry'
+
+module HttpConnectionPool
+  # Mixin that gives any class a `connection_pool` class-level accessor and a
+  # `with_connection` method for safely borrowing a persistent HTTP client.
+  #
+  # ── Include (instance + class API) ──────────────────────────────────────────
+  #
+  #   class GithubClient
+  #     include HttpConnectionPool::Connectable
+  #
+  #     self.base_url     = 'https://api.github.com'
+  #     self.pool_size    = 10
+  #     self.pool_timeout = 3.0
+  #     self.pool_options = { headers: { 'Authorization' => "Bearer #{ENV['GITHUB_TOKEN']}" } }
+  #
+  #     def user(login)
+  #       with_connection { |conn| conn.get("/users/#{login}").parse }
+  #     end
+  #   end
+  #
+  # ── Subclassing ─────────────────────────────────────────────────────────────
+  #
+  # Subclasses inherit base_url, pool_size, pool_timeout, and pool_options from
+  # their parent. Each class that declares its own pool_options receives its own
+  # isolated pool (keyed by origin + options digest), so a subclass that adds
+  # credentials never shares connections with the base class or siblings:
+  #
+  #   class AdminClient < GithubClient
+  #     self.pool_options = { headers: { 'Authorization' => "Bearer #{ENV['ADMIN_TOKEN']}" } }
+  #   end
+  #
+  # ── Extend (class-level methods only) ───────────────────────────────────────
+  #
+  #   module GithubAPI
+  #     extend HttpConnectionPool::Connectable
+  #
+  #     self.base_url = 'https://api.github.com'
+  #
+  #     def self.user(login)
+  #       with_connection { |conn| conn.get("/users/#{login}").parse }
+  #     end
+  #   end
+  #
+  module Connectable
+    # Called when the module is included into a class.
+    def self.included(base)
+      base.extend(ClassMethods)
+      base.extend(PoolAccessors)
+    end
+
+    # Called when the module is extended onto an object/module.
+    def self.extended(base)
+      base.extend(ClassMethods)
+      base.extend(PoolAccessors)
+    end
+
+    # Class-level configuration attributes.
+    # Readers walk the ancestor chain so subclasses inherit configuration
+    # without having to restate it; the writer pins the value on that class.
+    module PoolAccessors
+      attr_writer :base_url, :pool_size, :pool_timeout, :pool_options
+
+      def base_url
+        # Walk superclass chain until we find a set value.
+        klass = self
+        while klass
+          return klass.instance_variable_get(:@base_url) if
+            klass.instance_variable_defined?(:@base_url) && klass.instance_variable_get(:@base_url)
+
+          klass = klass.respond_to?(:superclass) ? klass.superclass : nil
+        end
+
+        raise NotImplementedError,
+              "#{name || inspect} must set `self.base_url = <url>` before using the connection pool"
+      end
+
+      def pool_size
+        klass = self
+        while klass
+          return klass.instance_variable_get(:@pool_size) if
+            klass.instance_variable_defined?(:@pool_size)
+
+          klass = klass.respond_to?(:superclass) ? klass.superclass : nil
+        end
+        Pool::DEFAULT_SIZE
+      end
+
+      def pool_timeout
+        klass = self
+        while klass
+          return klass.instance_variable_get(:@pool_timeout) if
+            klass.instance_variable_defined?(:@pool_timeout)
+
+          klass = klass.respond_to?(:superclass) ? klass.superclass : nil
+        end
+        Pool::DEFAULT_TIMEOUT
+      end
+
+      def pool_options
+        klass = self
+        while klass
+          return klass.instance_variable_get(:@pool_options) if
+            klass.instance_variable_defined?(:@pool_options)
+
+          klass = klass.respond_to?(:superclass) ? klass.superclass : nil
+        end
+        {}
+      end
+    end
+
+    # Class-level behaviour available after include/extend.
+    module ClassMethods
+      # Borrow a connection from the pool and yield it to the block.
+      #
+      # @yieldparam conn [HTTP::Session] a persistent session pre-configured for base_url
+      # @return [Object] the return value of the block
+      def with_connection(&)
+        connection_pool.with(&)
+      end
+
+      # Lazy accessor for the pool — initialised on first call and memoized so
+      # the request hot path avoids re-parsing the URL and re-allocating the
+      # options hash on every `with_connection`. The memo is dropped whenever
+      # the underlying pool has been closed (e.g. via the registry), so the
+      # next call transparently obtains a fresh pool.
+      #
+      # @return [HttpConnectionPool::Pool]
+      def connection_pool
+        cached = @connection_pool
+        return cached if cached && !cached.closed?
+
+        @connection_pool = HttpConnectionPool::Registry.instance.pool_for(
+          base_url,
+          size: pool_size,
+          timeout: pool_timeout,
+          **pool_options
+        )
+      end
+
+      # Explicitly release and close this class's pool.
+      # The next call to `with_connection` will open a fresh pool.
+      def release_connection_pool
+        @connection_pool = nil
+        HttpConnectionPool::Registry.instance.release(base_url, **pool_options)
+      end
+
+      # Snapshot of the pool's current stats.
+      #
+      # @return [Hash]
+      def connection_pool_stats
+        connection_pool.stats
+      end
+    end
+
+    # ── Instance-level proxy methods (only meaningful after `include`) ────────
+
+    # @see ClassMethods#with_connection
+    def with_connection(&)
+      self.class.with_connection(&)
+    end
+
+    # @see ClassMethods#connection_pool
+    def connection_pool
+      self.class.connection_pool
+    end
+
+    # @see ClassMethods#connection_pool_stats
+    def connection_pool_stats
+      self.class.connection_pool_stats
+    end
+  end
+end

data/lib/http_connection_pool/errors.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module HttpConnectionPool
+  # Root of every error raised by this gem's pool/registry layer. Rescue this to
+  # catch any failure that originates here. Request-body errors from http.rb
+  # (HTTP::Error and subclasses) are NOT remapped — they propagate raw, since a
+  # request made inside a `with`/`with_connection` block is the caller's own.
+  class Error < StandardError; end
+
+  # Unusable configuration, detected before any I/O (URL validation, option
+  # keyability). All ConfigurationError subclasses are raised at setup time.
+  class ConfigurationError < Error; end
+
+  # A URL had no scheme, an unsupported scheme, or no host.
+  class InvalidURLError < ConfigurationError; end
+
+  # An option value cannot be safely/canonically used as part of a pool key
+  # (e.g. an SSLContext object, whose inspect omits distinguishing material and
+  # would silently collide). See README "Error handling".
+  class OptionKeyError < ConfigurationError; end
+
+  # Creating a new pool would exceed the registry's max_pools cap.
+  class PoolLimitError < Error; end
+
+  # No connection became available within the checkout timeout.
+  class TimeoutError < Error; end
+
+  # A pool was used after it was closed.
+  class ClosedError < Error; end
+end

data/lib/http_connection_pool/pool.rb

@@ -0,0 +1,170 @@
+# frozen_string_literal: true
+
+# Require only the concurrent-ruby primitives we use rather than the whole
+# library — this keeps load time and memory footprint down (the same approach
+# Rails takes).
+require 'concurrent/atomic/atomic_boolean'
+require 'connection_pool'
+require 'http'
+require_relative 'errors'
+
+module HttpConnectionPool
+  # Manages a pool of persistent HTTP::Session connections for a single URL
+  # origin. On http v6, HTTP.persistent returns an HTTP::Session, and http's own
+  # README notes that a persistent session is not thread-safe on its own — it
+  # points to the `connection_pool` gem for thread-safe persistent use. That is
+  # exactly the pattern this class follows: each caller checks out its own
+  # Session for the duration of a request.
+  #
+  # Backed by the `connection_pool` gem (>= 2.5.5), which is both thread- and
+  # Fiber.scheduler-aware: when running under a fiber scheduler, blocking
+  # checkouts yield to the scheduler instead of parking the OS thread.
+  #
+  # Pool instances are never created directly — obtain them through Registry.
+  class Pool
+    # Backward-compatible aliases — the canonical classes live in errors.rb
+    # under HttpConnectionPool. Existing `rescue Pool::TimeoutError` keeps working.
+    TimeoutError = HttpConnectionPool::TimeoutError
+    ClosedError  = HttpConnectionPool::ClosedError
+
+    DEFAULT_SIZE    = 5
+    DEFAULT_TIMEOUT = 5.0 # seconds to wait for a connection to become available
+
+    # @param origin  [String] canonical origin, e.g. "https://api.example.com:443"
+    # @param size    [Integer] maximum number of concurrent connections
+    # @param timeout [Float]   seconds to block waiting for a free connection
+    # @param options [Hash]    options forwarded to every HTTP::Session (headers, timeout, ssl, etc.)
+    def initialize(origin:, size: DEFAULT_SIZE, timeout: DEFAULT_TIMEOUT, **options)
+      @origin  = origin
+      @size    = Integer(size)
+      @timeout = Float(timeout)
+      @options = deep_freeze(options)
+
+      raise ArgumentError, 'size must be >= 1' unless @size >= 1
+      raise ArgumentError, 'timeout must be > 0' unless @timeout.positive?
+
+      @closed = Concurrent::AtomicBoolean.new(false)
+      @pool   = ::ConnectionPool.new(size: @size, timeout: @timeout) { build_connection }
+    end
+
+    attr_reader :origin, :size
+
+    # Yields a live HTTP::Session scoped to @origin, returning it to the pool when done.
+    #
+    # @raise [ClosedError]  if the pool has been shut down
+    # @raise [TimeoutError] if no connection is available within the configured timeout
+    # @yieldparam conn [HTTP::Session]
+    # @return [Object] the value returned by the block
+    def with(&)
+      raise ClosedError, "pool for #{@origin} is closed" if @closed.true?
+
+      @pool.with(&)
+    rescue ::ConnectionPool::TimeoutError => e
+      raise TimeoutError, "no connection available for #{@origin} within #{@timeout}s (#{e.message})"
+    rescue ::ConnectionPool::PoolShuttingDownError
+      # Another thread closed the pool between our @closed check and checkout.
+      # Surface it as our own ClosedError rather than leaking the backing
+      # library's exception type.
+      raise ClosedError, "pool for #{@origin} is closed"
+    end
+
+    # Immediately close every connection and mark the pool as closed.
+    # Any subsequent call to #with will raise ClosedError.
+    def close
+      return unless @closed.make_true
+
+      @pool.shutdown do |conn|
+        conn&.close
+      rescue StandardError
+        # Closing a stale connection should not mask the shutdown.
+        nil
+      end
+    end
+
+    def closed?
+      @closed.true?
+    end
+
+    def stats
+      available = @pool.available
+      {
+        origin: @origin,
+        size: @size,
+        checked_out: @size - available,
+        idle: available,
+        closed: closed?
+      }
+    end
+
+    # Redacted inspect. The default Ruby #inspect would dump @options verbatim,
+    # exposing any Authorization header / auth token / SSL material in logs,
+    # backtraces, and error-reporting payloads. We list only the option *keys*
+    # (never their values) plus the non-sensitive pool state.
+    def inspect
+      keys = @options.keys
+      option_keys = keys.empty? ? 'none' : keys.join(', ')
+      "#<#{self.class.name} origin=#{@origin.inspect} size=#{@size} " \
+        "timeout=#{@timeout} closed=#{closed?} options=[#{option_keys}]>"
+    end
+    alias to_s inspect
+
+    # Belt-and-suspenders for pretty-printers (pp / awesome_print), which call
+    # #pretty_print rather than #inspect and would otherwise reach @options.
+    def pretty_print(pp)
+      pp.text(inspect)
+    end
+
+    private
+
+    # Freeze the options hash and every nested hash/array/value, so a pool's
+    # configuration cannot mutate after creation (and cannot diverge from the
+    # options that were hashed into its registry key).
+    def deep_freeze(obj)
+      case obj
+      when Hash  then obj.each { |k, v| [k, v].each { |e| deep_freeze(e) } }
+      when Array then obj.each { |v| deep_freeze(v) }
+      end
+      obj.freeze
+    end
+
+    def build_connection
+      session = HTTP::Session.new(HTTP::Options.new(**native_options))
+      apply_chainable(session)
+    end
+
+    # Directly-mappable HTTP::Options fields, including persistent (= origin).
+    # auth is folded into headers as an Authorization header, matching what
+    # http.rb's own `auth` chainable does internally.
+    def native_options
+      opts = { persistent: @origin, headers: headers_with_auth }
+      opts[:ssl] = @options[:ssl] if @options[:ssl]
+      # TODO: case C — when ssl_context becomes safely keyable, set
+      # opts[:ssl_context] = @options[:ssl_context] here. It is currently
+      # rejected at the registry keying boundary, so it never reaches this
+      # method. See docs/superpowers/specs/2026-06-25-error-handling-design.md.
+      opts
+    end
+
+    # Merge auth into the headers hash as an Authorization header. Uses merge
+    # (not mutation) so the frozen @options[:headers] is never modified, and
+    # `to_s` to mirror http.rb's own `auth` chainable (which stringifies value).
+    def headers_with_auth
+      headers = @options[:headers] || {}
+      return headers unless @options[:auth]
+
+      headers.merge('Authorization' => @options[:auth].to_s)
+    end
+
+    # timeout/proxy need http.rb's own translation (number/hash -> timeout_class
+    # + timeout_options; positional args -> proxy_hash), so they stay chainable.
+    # Early-return when neither is set (the common case) to avoid extra
+    # HTTP::Session allocations from branch/dup.
+    def apply_chainable(session)
+      return session unless @options[:timeout] || @options[:proxy]
+
+      session = session.timeout(@options[:timeout]) if @options[:timeout]
+      session = session.via(*@options[:proxy])      if @options[:proxy]
+      session
+    end
+  end
+end

data/lib/http_connection_pool/registry.rb

@@ -0,0 +1,298 @@
+# frozen_string_literal: true
+
+# Require only the concurrent-ruby primitives we use rather than the whole
+# library — keeps load time and footprint down.
+require 'concurrent/atomic/atomic_reference'
+require 'concurrent/map'
+require 'digest'
+require 'uri'
+require_relative 'errors'
+require_relative 'pool'
+
+module HttpConnectionPool
+  # Global, thread-safe registry that holds one Pool per (origin, options) pair.
+  #
+  # Pools are keyed by a SHA-256 digest of the canonical origin + options, so
+  # two callers targeting the same host with different credentials each get their
+  # own isolated pool — no credential confusion, no error. This makes subclassing
+  # safe: a subclass that overrides pool_options gets a distinct pool from its
+  # parent even when both share the same base_url.
+  #
+  # The registry itself is a singleton (one instance per process). It is not
+  # implemented with the `Singleton` module so it can be replaced in tests.
+  # Storage is backed by `Concurrent::Map`, and the singleton slot by
+  # `Concurrent::AtomicReference`, so reads are lock-free under contention.
+  #
+  # Usage:
+  #   registry = HttpConnectionPool::Registry.instance
+  #   registry.pool_for('https://api.example.com').with { |conn| conn.get('/status') }
+  class Registry
+    # Backward-compatible alias — canonical class lives in errors.rb.
+    PoolLimitError = HttpConnectionPool::PoolLimitError
+
+    SUPPORTED_SCHEMES = %w[http https].freeze
+
+    # Option values that can be canonically serialized into a pool key. Anything
+    # else (an SSLContext, a PKey, a proc, an arbitrary object) is rejected by
+    # ensure_keyable! rather than risking a silent inspect-based collision.
+    # FUTURE (case C): a canonical serializer would let us key these safely —
+    # e.g. restore ssl_context: by digesting its real security material — and
+    # remove this rejection. See docs/superpowers/specs/2026-06-25-error-handling-design.md.
+    KEYABLE_SCALARS = [String, Symbol, Integer, Float, TrueClass, FalseClass, NilClass].freeze
+
+    @instance_ref = Concurrent::AtomicReference.new(nil)
+
+    # @return [Registry] the process-wide singleton instance
+    def self.instance
+      existing = @instance_ref.get
+      return existing if existing
+
+      candidate = new(max_pools: @configured_max_pools)
+      @instance_ref.compare_and_set(nil, candidate) ? candidate : @instance_ref.get
+    end
+
+    # Configure the process-wide singleton's pool ceiling. Must be called before
+    # the singleton is first used (e.g. in a Rails initializer); raises if the
+    # singleton already exists, since max_pools is fixed at construction.
+    #
+    # @param max_pools [Integer, nil]
+    def self.configure(max_pools:)
+      raise 'Registry singleton already initialised; call configure earlier' if @instance_ref.get
+
+      @configured_max_pools = max_pools
+    end
+
+    # Replace the singleton — primarily for testing.
+    def self.reset!
+      previous = @instance_ref.get_and_set(nil)
+      @configured_max_pools = nil
+      previous&.close_all
+    end
+
+    # @param max_pools [Integer, nil]
+    #   Optional ceiling on the number of distinct origins held at once. nil
+    #   (the default) means unlimited. Set this when origins can be influenced
+    #   by untrusted input (webhook targets, redirect hosts, user-supplied
+    #   URLs) to bound memory and file-descriptor use — without it, each new
+    #   origin retains a pool and its sockets indefinitely.
+    def initialize(max_pools: nil)
+      @pools     = Concurrent::Map.new
+      @max_pools = max_pools && Integer(max_pools)
+
+      raise ArgumentError, 'max_pools must be >= 1' if @max_pools && @max_pools < 1
+    end
+
+    attr_reader :max_pools
+
+    # Return (or lazily create) a Pool for the given URL's origin + options.
+    #
+    # Each unique (origin, options) combination gets its own isolated pool, so
+    # two callers sharing a host but using different credentials (Authorization
+    # headers, auth tokens, etc.) never share connections.
+    #
+    # @param url     [String]  any URL whose scheme+host+port will be used as the key
+    # @param size    [Integer] pool size (ignored if an identical pool already exists)
+    # @param timeout [Float]   checkout timeout in seconds (ignored if pool already exists)
+    # @param options [Hash]    HTTP client options forwarded to Pool (headers, auth, ssl, etc.)
+    # @return [Pool]
+    def pool_for(url, size: Pool::DEFAULT_SIZE, timeout: Pool::DEFAULT_TIMEOUT, **options)
+      origin = extract_origin(url)
+      key    = pool_key(origin, options)
+
+      loop do
+        existing = @pools[key]
+        return existing if existing && !existing.closed?
+
+        # Only new keys count against the cap; reusing/replacing an existing
+        # key is always allowed.
+        ensure_within_limit!(key)
+
+        candidate = Pool.new(origin: origin, size: size, timeout: timeout, **options)
+        resolved  = insert_or_resolve(key, candidate)
+        return resolved if resolved
+      end
+    end
+
+    # Remove and close the pool that exactly matches the given URL + options.
+    # Without options it closes the no-options pool for the origin.
+    #
+    # @param url     [String]
+    # @param options [Hash]
+    def release(url, **options)
+      key  = pool_key(extract_origin(url), options)
+      pool = @pools.delete(key)
+      pool&.close
+    end
+
+    # Close every pool and clear the registry.
+    def close_all
+      @pools.each_pair do |key, pool|
+        @pools.delete_pair(key, pool)
+        pool.close
+      end
+    end
+
+    # Evict every pool that has already been closed out-of-band (e.g. via
+    # Pool#close rather than Registry#release). Dead pools are otherwise only
+    # reclaimed when their exact key is requested again, so a long-running
+    # process that closes pools directly should call this periodically to free
+    # the retained Pool objects (and their option material) and the cap slots
+    # they would otherwise hold. Returns the number of pools swept.
+    def sweep_closed!
+      swept = 0
+      @pools.each_pair do |key, pool|
+        swept += 1 if pool.closed? && @pools.delete_pair(key, pool)
+      end
+      swept
+    end
+
+    # @return [Array<Hash>] snapshot of stats for every registered pool
+    def stats
+      result = []
+      @pools.each_pair { |_key, pool| result << pool.stats }
+      result
+    end
+
+    # Safe inspect — shows pool count and cap without dumping internal keys or
+    # any pool state that might reference credential material.
+    def inspect
+      limit = @max_pools ? @max_pools.to_s : 'unlimited'
+      "#<#{self.class.name} pools=#{@pools.size} max_pools=#{limit}>"
+    end
+    alias to_s inspect
+
+    private
+
+    # Derive a stable, collision-resistant registry key from the canonical
+    # origin and options. The key is a SHA-256 hex digest of the origin and a
+    # deeply-sorted, canonical representation of the options hash, so:
+    #   * key ordering within nested hashes does not matter — callers that
+    #     supply the same headers in different insertion order get the same pool
+    #   * mixed symbol/string keys are handled safely (sorted by to_s)
+    #   * the digest itself never appears in user-visible output, so it cannot
+    #     be used to verify guesses about credential values
+    def pool_key(origin, options)
+      ensure_keyable!(options)
+      Digest::SHA256.hexdigest("#{origin}|#{normalize_options(options).inspect}")
+    end
+
+    # Reject any option value that cannot be canonically serialized for keying.
+    # The path is built only from Symbol option names (e.g. :ssl_context) and
+    # array indices; any non-Symbol key (e.g. a user-supplied header name, which
+    # could itself be sensitive) is rendered as its class, never its content, so
+    # the message can never leak credential material.
+    def ensure_keyable!(value, path = 'options')
+      case value
+      when *KEYABLE_SCALARS
+        nil
+      when Hash
+        value.each do |k, v|
+          ensure_keyable!(k, "#{path} key")
+          ensure_keyable!(v, "#{path}[#{key_label(k)}]")
+        end
+      when Array
+        value.each_with_index { |v, i| ensure_keyable!(v, "#{path}[#{i}]") }
+      else
+        raise OptionKeyError,
+              "option #{path} is a #{value.class} and cannot be used as a pool key; " \
+              'pass SSL material via the `ssl:` hash (e.g. ssl: { ca_file: ... }), or ' \
+              'give each distinct context its own Connectable subclass / explicit pool'
+      end
+    end
+
+    # Symbol keys are option names (:headers, :ssl_context) and safe to show;
+    # any other key (e.g. a user-supplied String header name) is shown only as
+    # its class, so a sensitive value used as a key cannot leak into the message.
+    def key_label(key)
+      key.is_a?(Symbol) ? key.inspect : "<#{key.class}>"
+    end
+
+    # Recursively sort hash keys so that two logically identical option hashes
+    # always produce the same digest regardless of key-insertion order. Arrays
+    # and scalar values are passed through as-is.
+    #
+    # Sort by k.inspect, not k.to_s: a String and a Symbol that stringify to the
+    # same value (e.g. 'a' and :a) would otherwise be indistinguishable to the
+    # comparator, so their relative order would depend on insertion order and
+    # the same logical hash could digest to two different keys. inspect renders
+    # them distinctly (":a" vs "\"a\""), giving a total, deterministic order.
+    def normalize_options(obj)
+      case obj
+      when Hash
+        obj.each_with_object({}) { |(k, v), h| h[k] = normalize_options(v) }
+           .sort_by { |k, _| k.inspect }.to_h
+      when Array then obj.map { |v| normalize_options(v) }
+      else obj
+      end
+    end
+
+    # Atomically insert `candidate`, or resolve what is already there.
+    # Returns the Pool to hand back, or nil to signal the caller should retry
+    # the loop (a stale closed pool was evicted).
+    def insert_or_resolve(key, candidate)
+      # compute_if_absent only inserts when no live entry exists.
+      winner = @pools.compute_if_absent(key) { candidate }
+      return candidate if winner.equal?(candidate)
+
+      # A stale closed pool is occupying the slot — evict it and retry.
+      if winner.closed?
+        @pools.delete_pair(key, winner)
+        candidate.close
+        return nil
+      end
+
+      # Lost the race to another caller with identical options; reuse theirs.
+      candidate.close
+      winner
+    end
+
+    # Enforce the optional max_pools ceiling before creating a new pool.
+    # This is a soft cap: the size check and the insert are not a single
+    # atomic step (doing so would require a global lock and defeat the
+    # lock-free Concurrent::Map). Under heavy concurrency the count may briefly
+    # overshoot by roughly the number of distinct keys racing to be created,
+    # but growth stays bounded — which is the point of the DoS backstop.
+    #
+    # Only *live* pools count toward the cap: a pool closed out-of-band (via
+    # Pool#close) is dead weight, not an active connection set, so it must not
+    # block creation of a new pool. It will be evicted lazily when its key is
+    # re-requested, or eagerly via sweep_closed!.
+    def ensure_within_limit!(key)
+      return unless @max_pools
+      return if @pools.key?(key) || live_pool_count < @max_pools
+
+      raise PoolLimitError,
+            "connection pool limit of #{@max_pools} reached. " \
+            'Release unused pools or raise max_pools.'
+    end
+
+    def live_pool_count
+      count = 0
+      @pools.each_value { |pool| count += 1 unless pool.closed? }
+      count
+    end
+
+    # Normalise a full URL down to its origin (scheme + host + port).
+    #
+    # @param url [String]
+    # @return [String]  e.g. "https://api.example.com:443"
+    def extract_origin(url)
+      uri = parse_url(url)
+      raise InvalidURLError, "URL must have a scheme (http/https): #{url}" unless uri.scheme
+      raise InvalidURLError, "unsupported scheme: #{uri.scheme}"           unless SUPPORTED_SCHEMES.include?(uri.scheme)
+      raise InvalidURLError, "URL must have a host: #{url}"                if uri.host.nil? || uri.host.empty?
+
+      # Hostnames are case-insensitive (DNS), so downcase to avoid keying two
+      # pools for the same origin written in different cases. URI always
+      # populates the default port (80/443) for http/https, so uri.port is
+      # reliable here and no fallback table is needed.
+      "#{uri.scheme}://#{uri.host.downcase}:#{uri.port}"
+    end
+
+    def parse_url(url)
+      URI.parse(url)
+    rescue URI::InvalidURIError => e
+      raise InvalidURLError, "could not parse URL: #{url} (#{e.message})"
+    end
+  end
+end

data/lib/http_connection_pool/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module HttpConnectionPool
+  VERSION = '0.1.0'
+end

data/lib/http_connection_pool.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+require_relative 'http_connection_pool/version'
+require_relative 'http_connection_pool/errors'
+require_relative 'http_connection_pool/pool'
+require_relative 'http_connection_pool/registry'
+require_relative 'http_connection_pool/connectable'

metadata

@@ -0,0 +1,100 @@
+--- !ruby/object:Gem::Specification
+name: http_connection_pool
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- bbarberBPL
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: concurrent-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.7
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.7
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: connection_pool
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.5.5
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.5.5
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
+- !ruby/object:Gem::Dependency
+  name: http
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+description: Provides a singleton connection pool per URL origin using http.rb (httprb),
+  with a Connectable mixin for easy integration into service/API client classes.
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/http_connection_pool.rb
+- lib/http_connection_pool/connectable.rb
+- lib/http_connection_pool/errors.rb
+- lib/http_connection_pool/pool.rb
+- lib/http_connection_pool/registry.rb
+- lib/http_connection_pool/version.rb
+licenses:
+- MIT
+metadata: {}
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 4.0.14
+specification_version: 4
+summary: Thread-safe persistent HTTP connection pool for the http.rb gem
+test_files: []