Skip to content

0.10.1 — delta-audit closure

Choose a tag to compare

@lesnik512 lesnik512 released this 13 Jun 12:42
dfd6f55

httpware 0.10.1 — 0.10.0 delta-audit closure

Patch release. Bug fixes + hardening from the 0.10.0 delta audit. No breaking changes (one additive observability field; see below).

Audit report: planning/audit/2026-06-13-delta-audit.md.

Fixes

  • AsyncTimeout now rejects non-finite values. AsyncTimeout(timeout=float("nan")) and float("inf") were silently accepted — timeout <= 0 is False for both under IEEE-754 — producing a nondeterministic (nan) or never-firing (inf) deadline. The constructor now requires a finite positive number.
  • Observability failures can no longer break the request path. _emit_event previously called OpenTelemetry's span.add_event(...) unguarded; a recording span whose add_event raised would propagate into the caller. Because the circuit breaker emits inside its state transitions, this could strand the circuit permanently in HALF_OPEN. The OTel emission now degrades silently on failure (the structured log record has already fired), at the root for all middleware.

Observability (additive)

  • Each event log record now carries an event field holding the event-name string (e.g. event="circuit.opened"). Previously the event name reached only OpenTelemetry span events; it is now also a first-class, filterable field on the stdlib log record. Purely additive — no existing attribute changed.

Docs

  • docs/index.md observability section now lists all four middleware loggers (httpware.retry, httpware.bulkhead, httpware.circuit_breaker, httpware.timeout) and their events with levels.
  • CircuitOpenError added to the resilience-refusal error lists in README.md and docs/index.md.
  • README logging example now sets httpware.circuit_breaker to INFO so the circuit.half_open / circuit.closed recovery events are visible.
  • Corrected the AsyncRetry timeout-knob note (now points to AsyncTimeout), the OPEN-state wording (the first request after reset_timeout becomes the probe), and the observability/breaker docstrings.

Tests

Hardened to assert the stable event-name strings, the exact retry_after value, the 429-resets-the-failure-streak path, success_threshold > 1 with a mid-streak probe failure, and reset_timeout=0 / empty failure_status_codes boundaries. No production behavior change from the test work.