servery 1.1.1__tar.gz

servery-1.1.1/.github/dependabot.yml

@@ -0,0 +1,17 @@
+version: 2
+updates:
+  # Keep GitHub Actions current (and enable SHA-pin maintenance).
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: ci
+
+  # Dev/CI tooling only (runtime deps are zero by mandate).
+  - package-ecosystem: uv
+    directory: "/"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: deps

servery-1.1.1/.github/workflows/ci.yml

@@ -0,0 +1,131 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+  workflow_dispatch:
+
+# Least privilege by default; jobs opt into more if needed.
+permissions:
+  contents: read
+
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  lint:
+    name: Lint & format (ruff)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
+        with:
+          persist-credentials: false
+      - uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+        with:
+          enable-cache: true
+      - run: uv run ruff check --output-format=github .
+      - run: uv run ruff format --check .
+
+  type:
+    name: Type check (ty)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
+        with:
+          persist-credentials: false
+      - uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+        with:
+          enable-cache: true
+      # httpx is a dev-only interop dependency used in tests; give ty access to
+      # it (in its isolated env) so it resolves and type-checks that code.
+      - run: uvx --with "httpx[http2]" ty check src tests
+
+  security:
+    name: SAST (bandit)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
+        with:
+          persist-credentials: false
+      - uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+        with:
+          enable-cache: true
+      - run: uv run bandit -c pyproject.toml -r src
+
+  test:
+    name: Test (${{ matrix.os }}, py${{ matrix.python }})
+    needs: [lint, type, security]
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        python: ["3.13", "3.14"]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
+        with:
+          persist-credentials: false
+      - uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+        with:
+          enable-cache: true
+          python-version: ${{ matrix.python }}
+      - run: uv run --no-default-groups --group test --python ${{ matrix.python }} coverage run -m unittest discover -s tests -v
+      - run: uv run --no-default-groups --group test --python ${{ matrix.python }} coverage report
+
+  test-freethreaded:
+    name: Test free-threaded (py${{ matrix.python }})
+    needs: [lint, type, security]
+    strategy:
+      fail-fast: false
+      matrix:
+        python: ["3.13t", "3.14t"]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
+        with:
+          persist-credentials: false
+      - uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+        with:
+          enable-cache: true
+          python-version: ${{ matrix.python }}
+      # PYTHON_GIL=0 ensures the GIL stays disabled so concurrency is exercised.
+      # --no-default-groups --group test avoids the publish tooling (cffi has no free-threaded build).
+      - run: PYTHON_GIL=0 uv run --no-default-groups --group test --python ${{ matrix.python }} python -m unittest discover -s tests -v
+
+  test-experimental:
+    name: Test (py${{ matrix.python }}, allowed to fail)
+    needs: [lint, type, security]
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    strategy:
+      fail-fast: false
+      matrix:
+        python: ["3.15", "3.15t"]
+    steps:
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
+        with:
+          persist-credentials: false
+      - uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+        with:
+          enable-cache: true
+          python-version: ${{ matrix.python }}
+      - run: uv run --no-default-groups --group test --python ${{ matrix.python }} python -m unittest discover -s tests -v
+
+  build:
+    name: Build & zero-dependency gate
+    needs: [lint, type, security]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
+        with:
+          persist-credentials: false
+      - uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+        with:
+          enable-cache: true
+      - run: uv build
+      - name: Enforce zero runtime dependencies
+        run: uv run python scripts/check_zero_deps.py
+      - name: Validate distribution metadata
+        run: uvx twine check dist/*

servery-1.1.1/.github/workflows/release.yml

@@ -0,0 +1,52 @@
+name: Publish to PyPI
+
+# Publishes on a version tag (vX.Y.Z), or manually via the Actions tab. Uses
+# PyPI Trusted Publishing (OIDC): no API token is ever stored — the publish job
+# mints a short-lived token scoped to this repo + the `pypi` environment.
+on:
+  push:
+    tags: ["v*"]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Build & verify distributions
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
+        with:
+          persist-credentials: false
+      # No build cache in the publish path: a poisoned cache could taint the
+      # released artifacts (zizmor cache-poisoning). Releases build clean.
+      - uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+        with:
+          enable-cache: false
+      - run: uv build
+      - name: Enforce zero runtime dependencies
+        run: uv run python scripts/check_zero_deps.py
+      - name: Validate distribution metadata
+        run: uvx twine check dist/*
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+        with:
+          name: dist
+          path: dist/
+          if-no-files-found: error
+
+  publish:
+    name: Publish to PyPI (Trusted Publishing)
+    needs: build
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/servery
+    permissions:
+      id-token: write # OIDC token for Trusted Publishing — the only privilege needed
+    steps:
+      - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
+        with:
+          name: dist
+          path: dist/
+      - uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0

servery-1.1.1/.github/workflows/security.yml

@@ -0,0 +1,54 @@
+name: Security
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+  schedule:
+    - cron: "0 6 * * 1" # weekly, Monday 06:00 UTC
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  zizmor:
+    name: Audit workflows (zizmor)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
+        with:
+          persist-credentials: false
+      - uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+      # Audit our own GitHub Actions for injection / privilege / pinning issues.
+      # Fails on medium-or-higher findings. Actions are SHA-pinned (Dependabot
+      # maintains the pins), so unpinned-uses stays clean.
+      - run: uvx zizmor --min-severity=medium --format plain .github/workflows
+
+  bandit:
+    name: SAST (bandit)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
+        with:
+          persist-credentials: false
+      - uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
+      - run: uv run bandit -c pyproject.toml -r src
+
+  secrets:
+    name: Secret scan (gitleaks)
+    runs-on: ubuntu-latest
+    # Dependabot PR runs get a read-only token that can't list PR commits via the
+    # API (gitleaks-action 403s). Skip them — push, schedule, and human PRs still scan.
+    if: github.actor != 'dependabot[bot]'
+    permissions:
+      contents: read
+      pull-requests: read
+    steps:
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+      - uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

servery-1.1.1/.gitignore

@@ -0,0 +1,26 @@
+# Python
+__pycache__/
+*.py[cod]
+*.egg-info/
+.eggs/
+
+# Build artifacts
+build/
+dist/
+*.whl
+*.tar.gz
+
+# Test / tooling caches
+.coverage
+.coverage.*
+htmlcov/
+.mypy_cache/
+.ruff_cache/
+.pytest_cache/
+
+# Environments
+.venv/
+venv/
+
+# uv
+# (uv.lock IS committed; the virtualenv is not)

servery-1.1.1/.pre-commit-config.yaml

@@ -0,0 +1,36 @@
+# Local commit gates. Install once with: uv run pre-commit install
+# Keep revs current with: uv run pre-commit autoupdate
+# (mypy runs via CI / `make type`, not here — its isolated env can't resolve the
+#  package import graph cleanly.)
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-toml
+      - id: check-merge-conflict
+      - id: check-added-large-files
+      - id: mixed-line-ending
+      - id: detect-private-key
+
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.8.6
+    hooks:
+      - id: ruff
+        args: [--fix]
+      - id: ruff-format
+
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.8.0
+    hooks:
+      - id: bandit
+        args: ["-c", "pyproject.toml", "-r", "src"]
+        additional_dependencies: ["bandit[toml]"]
+
+  - repo: https://github.com/woodruffw/zizmor-pre-commit
+    rev: v1.0.0
+    hooks:
+      - id: zizmor
+        args: ["--min-severity=medium"]

servery-1.1.1/CHANGELOG.md

@@ -0,0 +1,178 @@
+# Changelog
+
+All notable changes to servery are documented here. The format follows
+[Keep a Changelog](https://keepachangelog.com/), and the project uses
+[semantic versioning](https://semver.org/).
+
+## [1.1.1] — 2026-06-22
+
+First release published to PyPI.
+
+### Fixed
+
+- **Directory listing on touch devices**: the per-file download button was
+  hover-only (invisible/untappable on phones); it is now shown via
+  `@media (hover: none)`, which also enlarges the facet chips, theme toggle, and
+  pager to finger-sized tap targets. Long filenames get `overflow-wrap` so they
+  can't force horizontal scroll on a narrow screen.
+
+### Changed
+
+- **Publishing**: releases go to PyPI via GitHub Actions **Trusted Publishing**
+  (OIDC) — no API token is stored anywhere.
+- **Packaging**: the version is single-sourced from `servery/_version.py`; added
+  the `Changelog` project URL and the `Programming Language :: Python :: Free
+  Threading` classifier.
+- **CI/dev**: bumped `actions/checkout` (v7), `astral-sh/setup-uv`,
+  `gitleaks-action`, and the `bandit` floor (`>=1.9.4`).
+
+## [1.1.0] — 2026-06-22
+
+### Added
+
+- **Directory-listing UI/UX pass** (still zero-dependency, server-side, **no
+  JavaScript**, and safe under the existing strict CSP):
+  - Clickable **breadcrumb** trail in the heading.
+  - Per-type **file icons** (extension-based, with a stdlib `mimetypes` fallback
+    for long-tail extensions — a pure lookup, no file content is read) and
+    **relative timestamps** ("3h ago", exact time on hover).
+  - Inline **size bars** and an aggregate **metrics strip** (file/dir counts,
+    total size, largest, newest).
+  - **`?ext=` file-type facet** chips alongside the existing `?q=` filter.
+  - Pure-**SVG modification timeline** histogram.
+  - **Per-file download** affordance (`?download=1` forces
+    `Content-Disposition: attachment`).
+  - **Pagination** for large directories (`?page=`, 1000 rows/page).
+  - Cookie-backed **light/dark/auto theme** toggle (`?theme=`).
+  - Friendly **empty / no-match** states, sticky table header, `aria-sort`, and
+    visible focus styles.
+
+### Performance
+
+A second profiling-driven pass (cProfile / strace / timeit, benchmarked
+before/after each change):
+
+- **HTTP/2 HPACK**: Huffman coding is now opt-in on the encoder (raw literals by
+  default — for a file server the CPU it costs outweighs the few header bytes it
+  saves). Also fixed an O(n²) bit accumulator in `huffman_encode`. **+20%** h2
+  throughput.
+- **HTTP/2 framing**: pack the 9-octet frame header in a single `struct` call
+  (was two packs + concatenations, ~4 allocations), byte-for-byte identical.
+  **+9%** h2; combined h2 throughput **+31%** (~11.6k → ~15k req/s, 1-core).
+- **Path containment**: `security.is_contained` uses a separator-anchored prefix
+  test on POSIX (≈15× faster than `os.path.commonpath`, exact-match verified;
+  Windows keeps `commonpath`). Runs on every request. **+3%** small-file.
+- **Listing render**: quote each entry name once (not twice) and cache file-type
+  extension lookups. **+5–6%** render.
+
+## [1.0.2] — 2026-06-22
+
+A profiling-driven performance pass (cProfile + strace, benchmarked before/after
+each change with a new single-core `scripts/microbench.py`).
+
+### Performance
+
+- **Fast request-header parser**: the stdlib's email-based
+  `http.client.parse_headers` dominated per-request CPU (MIME/multipart work HTTP
+  never needs). Replaced with a line-based reader + a minimal case-insensitive
+  header map. Faithful `parse_request` (limits, versions, 0.9, expect-100, obs-fold
+  per RFC 9112 §5.2 preserved). Small-file serving **8,896 → 10,766 req/s (+21%)**
+  single-core; **~42k → ~52k req/s (+23%)** at 16-way concurrency.
+- **Listing render**: `time.localtime` + manual date formatting instead of
+  `strftime`, and dropped a redundant `html.escape` on the already-percent-encoded
+  href. 50-entry listing **2,486 → 2,843 req/s (+14%)** single-core.
+- **Fewer syscalls per file request**: send the body in one `sendfile` (was two);
+  skip the SPA `os.path.exists` stat when SPA is off (the default); drop a
+  `tell()` `lseek`. Per small-file GET: `sendfile` 2→1, `stat` 2.2→1.2,
+  `lseek` 3→2 (≈13→11 syscalls).
+- Cached the constant `Server` header; guard access logging on the log level so a
+  disabled (quiet) logger does no per-request formatting.
+
+Cumulative: small-file throughput **+24%** single-core. The large-file `sendfile`
+path was already ~2.5 GB/s. No API or behavior changes; 295+ tests still pass.
+
+### Added (tests)
+
+- `test_request_parsing.py`: the fast parser (case-insensitivity, first-wins,
+  obs-fold, no-colon, EOF-termination, bad version, HTTP/2.0-in-line, HTTP/0.9).
+- Listing: an XSS guard proving a hostile filename cannot break out of the href
+  now that it is no longer html-escaped, plus an mtime-format check.
+- `scripts/microbench.py` (single-core attribution) and a warmup in
+  `scripts/bench.py`.
+
+## [1.0.1] — 2026-06-22
+
+Fixes surfaced by a large test-suite expansion (RFC reads + cross-checking
+against httpx, curl, and h2spec).
+
+### Performance
+
+- **TCP_NODELAY**: every small response previously incurred a ~40 ms
+  Nagle/delayed-ACK stall. Disabling Nagle takes small-file throughput from
+  ~390 to ~41,600 req/s (p50 41 ms → 0.28 ms) and listings from ~380 to
+  ~14,100 req/s on loopback. The sendfile large-file path was already ~2.5 GB/s.
+
+### Fixed
+
+- Upload: RFC 5987/8187 `filename*` (non-ASCII filenames) was silently dropped;
+  now decoded (charset-validated) and preferred over plain `filename`.
+- Upload: a plain non-ASCII `filename="naïve.txt"` was mojibake'd — part headers
+  are decoded as UTF-8 (RFC 7578 §5.1.1).
+- Upload: a zero-part body (just the close-delimiter) is accepted as empty.
+
+### Added (tests)
+
+- HTTP/1.1 conformance (methods, 9 path-traversal vectors, conditional
+  precedence, MIME, HEAD==GET, multi-range, empty file) + httpx interop.
+- Upload robustness (filename*, multiple files, boundary-in-content, chunked
+  rejection) + httpx multipart interop.
+- HTTP/2 conformance (h2spec generic 50/52 + hpack 8/8 validated; padded
+  HEADERS, HPACK continuity, concurrent streams, malformed-request RST) + httpx
+  h2-over-TLS interop.
+- Security regression + abuse cases (URI/header limits, Slowloris timeout, CRLF
+  injection e2e, upload containment, auth bypass).
+- Performance/load smoke (Nagle regression guard, concurrent-correctness under
+  free-threading, large-file integrity) + a runnable `scripts/bench.py`.
+
+281 tests total.
+
+## [1.0.0] — 2026-06-21
+
+First stable release. A zero-dependency, pure-Python HTTP file server.
+
+### Added
+
+- **HTTP/1.1 file serving** (pure stdlib): rich, sortable (`?C=&O=`), searchable
+  (`?q=`) directory listings with sizes and modified times; index documents.
+- **RFC 9110 downloads**: `Range`/`206`/`416`, strong `ETag`s, the conditional
+  ladder (`If-None-Match`/`If-Modified-Since`/`If-Range` → `304`/`412`), and
+  zero-copy `socket.sendfile()` with a userspace fallback.
+- **TLS/HTTPS** via `--tls-cert`/`--tls-key`, ALPN, HSTS over TLS, `--tls-help`.
+- **HTTP Basic Auth** (`--auth`): single credential or pre-hashed
+  `user:sha256:…`/`sha512`, constant-time comparison, no-TLS warning.
+- **Upload** (`--upload`): streaming `multipart/form-data` parser (no `cgi`),
+  atomic `os.replace`, bounded size (`--max-upload-size`), `--allow-overwrite`.
+- **Archive download**: stream any directory as `tar.gz`/`zip` (`?archive=`),
+  chunked, `Content-Disposition` with `filename*`, symlink-safe.
+- **CORS** (`--cors` + preflight), **SPA fallback** (`--spa`), **cache control**
+  (`--cache`), and secure headers (`nosniff` everywhere, scoped CSP +
+  Referrer-Policy on generated pages; `--no-security-headers`).
+- **Hardening**: `logging`-module access logs, default socket timeout
+  (`--timeout`), optional bounded concurrency (`--max-workers`).
+- **HTTP/2** (`--http2`): a pure-stdlib HTTP/2 server — HPACK (RFC 7541) and the
+  frame codec (RFC 9113) implemented from the RFCs, ALPN `h2` + h2c, per-stream
+  flow control, and DoS limits (concurrent-stream cap, header-block cap, RST
+  budget). Verified against `curl --http2`.
+- **HTTP/3** via the optional `servery[http3]` (aioquic) extra; the core stays
+  zero-dependency. `servery._oscrypto` provides AES-256-GCM via `ctypes` → OS
+  OpenSSL (NIST-vector verified) as the zero-PyPI-dependency crypto foundation.
+- **Safe defaults**: localhost bind, path-traversal + symlink-escape containment
+  (`realpath` + `commonpath`), exposure/cleartext-auth warnings.
+- **Free-threading** support (3.13t/3.14t), full type hints (`ty`-checked), and a
+  CI gate that enforces zero runtime dependencies in the core wheel.
+
+[1.1.1]: https://github.com/mjbommar/servery/releases/tag/v1.1.1
+[1.1.0]: https://github.com/mjbommar/servery/releases/tag/v1.1.0
+[1.0.2]: https://github.com/mjbommar/servery/releases/tag/v1.0.2
+[1.0.1]: https://github.com/mjbommar/servery/releases/tag/v1.0.1
+[1.0.0]: https://github.com/mjbommar/servery/releases/tag/v1.0.0

servery-1.1.1/CONTRIBUTING.md

@@ -0,0 +1,56 @@
+# Contributing to servery
+
+## The one rule that overrides everything
+
+**Zero third-party *runtime* dependencies.** The shipped wheel must declare no
+`Requires-Dist`. This is enforced in CI by `scripts/check_zero_deps.py` — if a
+runtime dependency ever appears, the build fails. Dev/CI tooling (ruff, mypy,
+bandit, coverage, build, twine, pre-commit) is fine: it lives in the `dev`
+[dependency group](pyproject.toml) and never ships in the wheel.
+
+Tests use the standard-library `unittest` only — no pytest, no hypothesis.
+
+## Setup
+
+```bash
+uv sync                      # create the env with dev tooling
+uv run pre-commit install    # local commit gates
+```
+
+## The gates
+
+Run everything locally before pushing:
+
+```bash
+make check     # lint + type + security + test
+make build     # build wheel/sdist + zero-dependency gate
+```
+
+Or individually:
+
+| Gate | Command | What it enforces |
+|------|---------|------------------|
+| Lint & format | `make lint` / `make format` | `ruff check` + `ruff format` |
+| Types | `make type` | `ty check` over `src` and `tests` |
+| Security (SAST) | `make security` | `bandit` over `src` |
+| Tests + coverage | `make test` | `unittest` discovery, ≥90% coverage |
+| Packaging | `make build` | builds, asserts zero runtime deps, `twine check` |
+
+CI (`.github/workflows/`) runs the same gates plus a test matrix
+(Linux/macOS/Windows × Python 3.13/3.14, free-threaded 3.13t/3.14t, and
+3.15/3.15t allowed to fail), a GitHub Actions audit (`zizmor`), and a secret
+scan (`gitleaks`). servery targets free-threaded builds as a first-class
+configuration — no module-level mutable state, no reliance on the GIL.
+
+## Standards
+
+servery aims to be a conformant HTTP/1.1 origin server (RFC 9110/9111/9112);
+see [`docs/STANDARDS.md`](docs/STANDARDS.md). New behavior should cite the RFC
+section it implements and ship with a test. Security-relevant changes should
+keep the safe-by-default posture described in
+[`docs/PRINCIPLES.md`](docs/PRINCIPLES.md).
+
+## Commits
+
+Small, focused commits. Reference the milestone from
+[`docs/ROADMAP.md`](docs/ROADMAP.md) where relevant.

servery-1.1.1/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Michael Bommarito
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

servery-1.1.1/Makefile

@@ -0,0 +1,33 @@
+.PHONY: install lint format type security test build check all clean
+
+install:
+	uv sync
+
+lint:
+	uv run ruff check .
+	uv run ruff format --check .
+
+format:
+	uv run ruff format .
+	uv run ruff check --fix .
+
+type:
+	uvx --with "httpx[http2]" ty check src tests
+
+security:
+	uv run bandit -c pyproject.toml -r src
+
+test:
+	uv run coverage run -m unittest discover -s tests -v
+	uv run coverage report
+
+build:
+	uv build
+	uv run python scripts/check_zero_deps.py
+
+check: lint type security test
+
+all: check build
+
+clean:
+	rm -rf dist build .coverage .mypy_cache .ruff_cache *.egg-info src/*.egg-info