v0.10.3

[v0.10.3] - 2026-02-15

Fixed

• Request Parameter Injection (#22):

  • Fixed route handlers not receiving the request parameter when declared in their signature.
  • Added automatic request parameter injection in both sync and async wrapper functions.
  • JWT authentication endpoints now work correctly with request-dependent handlers.

• Blueprint JWT Support (#23):

  • Improved error message when JWT is not initialized, with specific guidance for Blueprint usage.
  • Added comprehensive example (examples/routing/blueprint_with_jwt.py) showing correct JWT + Blueprint pattern.
  • Clarified that JWT must be initialized on the main app, not in blueprint files.

Full Changelog: v0.10.1...v0.10.3

v0.10.1

Full Changelog: v0.10.0...v0.10.1

v0.10.0

Major Features

• WebSocket Configuration:
  • Introduced WebSocketConfig struct accessible from Python.
  • RAM Protection: max_message_size limit enforces strict payload caps.
  • CPU Protection: rate_limit (messages/sec) prevents abuse.
  • Support for heartbeat_interval and connection timeout.
  • Applied to both @app.websocket (Standard) and @app.turbo_websocket (Turbo) routes.

Documentation & Examples

• Added examples/websockets_demo.py featuring echo, chat, and limits.
• Added docs/websockets.md with performance guides and configuration details.
• Consolidated benchmark suite into benchmarks/bustapi_bench.py and benchmarks/comparison_bench.py.

v0.9.2

Full Changelog: v0.9.0...v0.9.2

v0.9.1 -Fixed

[0.9.1] - 2026-01-27

Fixed

• CI/CD Expansion: Added comprehensive cross-platform build support:
  • Alpine Linux (musl): Added musllinux wheels for x86_64 (#14).
  • ARM64 (aarch64): Added support for both glibc (Ubuntu/Debian) and musl (Alpine) on ARM processors.
• Session Persistence: Fixed bug where session.pop() did not save changes (#17).
• Template Path: Fixed BustAPI() default template loading when no import_name is provided (#15).
• Content-Type: render_template now reliably returns text/html headers.

v0.9.0 -beta-rc

[0.9.0] - 2026-01-22

Major Features

• WebSocket Support:

  • Full WebSocket support with @app.websocket() decorator.
  • Integration with actix-ws for heavy lifting in Rust.
  • Python-side API compatible with popular async frameworks.

• Turbo WebSocket (Performance):

  • New @app.turbo_websocket() decorator for ultra-high performance.
  • Pure Rust Message Handling: Messages are processed entirely in Rust (no Python GIL, no callbacks) for maximum throughput.
  • ~74% Performance Boost: Benchmarks show ~17k msg/sec vs ~10k msg/sec for standard mode.

• Video Streaming & Range Requests:

  • Full support for HTTP Range requests (seeking, scrubbing) via FileResponse and static files.
  • Implemented HEAD method support for all routes to handle browser pre-flight checks correctly.
  • Video streaming is now production-ready (verified with browser tests).

• Rust-Core Request Logging:

  • Migrated logging logic from Python to Rust for 100% request coverage.
  • Now captures 404 Not Found, Static Files, and Fast Routes which were previously invisible to Python middleware.
  • High-performance, zero-allocation logging with accurate Rust-level latency timings.
  • Removed duplicate logging hooks from Python side.

• Rust-Based Path Parameter Extraction:

  • Moved regex parsing and parameter extraction to the Rust backend.
  • Significant performance boost for dynamic routes.
  • Supports int, float, path, and strict validation rules entirely in Rust.

• Developer Experience:

  • Enhanced Hot-Reloader: Cleaner output, suppresses internal noise, and clearly shows changed files.
  • bustapi.logging: New customizable logging module for users.

Added

• src/websocket/mod.rs and session.rs for core WebSocket logic.
• src/websocket/turbo.rs for optimized Rust-only handling.
• examples/advanced/28_websocket.py and 29_turbo_websocket.py.
• benchmarks/ws_benchmark.py for testing WebSocket performance.

Refactoring

• Modular Application Structure:
  • Refactored app.py into a Mixin-based architecture (RoutingMixin, ExtractionMixin, ContextMixin, HooksMixin) for better maintainability.
  • Improved WSGI/ASGI compatibility with WSGIAdapter mixin.

Fixed

• Static Route Registration: Fixed a bug where static route patterns were generated without a leading slash.
• Example Fixes: Updated 27_video_stream.py to correctly resolve static folders relative to the script directory.
• Process Management: Fixed a recursion bug in kill_process utility.

Performance

• Optimized Route Matching: Deterministic scoring system and Rust-side optimizations.

Fixed

• Session Logout Bug: Fixed issue where session.pop() failures to persist changes to the session cookie (#17).
• Template Headers: render_template now correctly returns an HTMLResponse ensuring Content-Type: text/html is set instead of relying on implicit string handling (#17).

v0.8.0 -beta

[0.8.0] - 2026-01-14

Added

• Typed Dynamic Turbo Routes:

  • @app.turbo_route() now supports path parameters: /users/<int:id>.
  • Path parameters are parsed in Rust for maximum performance (~30k RPS).
  • Supports int, float, str, and path parameter types.
  • Automatic type validation with 404 response for mismatches.
  • Big integer support via Python fallback (no overflow).
  • Multiple parameters: /posts/<int:id>/comments/<int:cid>.

• Turbo Routes Documentation:

  • New docs/user-guide/turbo-routes.md with comprehensive guide.
  • Example examples/turbo/typed_turbo_example.py.

Changed

• turbo_route decorator now auto-detects parameters from route pattern.
• Improved error responses with structured JSON for type mismatches.

Fixed

• Static File Serving:
  • Fixed 404 errors for nested static files (e.g. css/style.css) using new wildcard routing.
  • Robust Path Resolution: Implemented get_root_path to correctly locate templates and static folders regardless of working directory.
• Dependency Issues:
  • Removed robyn dependency to eliminate build conflicts and simplify installation.
  • Ensured compatibility across diverse Linux environments.

Performance

• Dynamic turbo routes: ~30,000 requests/sec (vs ~18,000 for regular routes).
• 65% improvement for simple lookup endpoints.

🚀 Major Performance Breakthrough (Operation Mach 5)

• Native Multiprocessing (Linux):

  • Implemented os.fork() based process manager with SO_REUSEPORT load balancing.
  • Result: 97,376 RPS for standard routes (up from ~25k).
  • Beat Sanic (41k) and BlackSheep (28k) by a massive margin.
  • Memory usage remains efficient (~152MB for 4 workers).

• Cross-Platform Support (Issue #9):

  • New python/bustapi/multiprocess.py module.
  • New ci-multiplatform.yml for automated cross-platform testing with oha benchmarks.
  • CI Benchmark Results:
    • Linux: 55,726 RPS (CI runner) / 105,012 RPS (local)
    • macOS: 35,560 RPS (single-process)
    • Windows: 17,772 RPS (single-process)
  • Platform-specific behavior:
    • Linux: Full multiprocessing with SO_REUSEPORT (100k+ RPS)
    • macOS/Windows: Single-process fallback (Rust still 3x faster than Flask!)

• Cached Turbo Routes:

  • New built-in caching for turbo routes: @app.turbo_route("/", cache_ttl=60).
  • Result: ~140,961 RPS for cached endpoints.
  • Zero-latency responses (< 1ms).

Full Changelog: v0.7.0...v0.8.0

v0.7.0 -beta

[0.7.0] - 2026-01-14 -beta

Added

• JWT Authentication (Rust-backed):

  • JWT class for token management with HS256/HS384/HS512 algorithms.
  • create_access_token() and create_refresh_token() methods.
  • decode_token() and verify_token() for validation.
  • Decorators: @jwt_required, @jwt_optional, @fresh_jwt_required, @jwt_refresh_token_required.
  • Custom claims support and configurable expiry times.

• Session Login (Flask-Login style):

  • LoginManager - Configure user loading and session handling.
  • login_user() / logout_user() - Manage user sessions.
  • current_user proxy - Access logged-in user anywhere.
  • BaseUser / AnonUser - User model mixins.
  • @login_required, @fresh_login_required - Route protection.
  • @roles_required, @permission_required - Role-based access.

• Password Hashing (Argon2id):

  • hash_password() - Secure password hashing using Argon2id (OWASP recommended).
  • verify_password() - Constant-time password verification.
  • PHC-formatted hashes with automatic salt generation.

• Security Utilities:

  • generate_token() - Cryptographically secure random token generation.
  • generate_csrf_token() - CSRF token generation (32 bytes, hex-encoded).
  • CSRFProtect class for automatic CSRF validation on forms.

• New Dependencies (Rust):

  • jsonwebtoken v9 for JWT encoding/decoding.
  • argon2 v0.5 for password hashing.
  • rand v0.8 for secure random generation.

• CLI Tool (bustapi):

  • bustapi new: Scaffold new projects with pip, uv, or poetry.
  • bustapi run: Run development server with hot reload.
  • bustapi routes: List all registered routes.
  • bustapi info: View system and installation details.

• Native Hot Reloading: replaced watchfiles with a Rust-native watcher using the notify crate. This removes the watchfiles Python dependency and provides instant, low-overhead reloads

• Advanced Routing:

  • Deterministic Matching: Implemented scoring system (Exact > Typed > Generic > Wildcard) to resolve overlapping routes predictably.
  • Wildcard Paths: Added <path:name> type for matching multiple URL segments (e.g. for static files).

• Examples: 17_jwt_auth.py, 18_session_login.py.

• Tests: test_jwt.py, test_auth.py, test_login_manager.py.

• Performance Optimizations:

  • Multiprocessing with SO_REUSEPORT: Uses os.fork() to spawn multiple worker processes sharing the same port for true parallel scaling.
  • Turbo Routes: New @app.turbo_route() decorator for zero-overhead routing—skips request context, sessions, and middleware for simple handlers.
  • mimalloc Allocator: Rust backend uses mimalloc for faster memory allocation.
  • Zero-Copy JSON: Native Rust JSON serialization with serde_json, bypassing Python's json.dumps().
  • CPU-Specific Optimizations: Build with target-cpu=native for maximum performance.

• Python 3.14 Support (#8):

  • Upgraded PyO3 from 0.23 to 0.27 to support Python 3.14.
  • Updated deprecated APIs: Python::with_gil → Python::attach, PyObject → Py<PyAny>, downcast → cast.

Fixed

• Static File Serving:
  • Fixed 404 errors for nested static files (e.g. css/style.css) using new wildcard routing.
  • Robust Path Resolution: Implemented get_root_path to correctly locate templates and static folders regardless of working directory.

Changed

• Refactored bustapi.auth into modular package: auth/login.py, auth/user.py, auth/decorators.py, auth/password.py, auth/tokens.py, auth/csrf.py.

v0.6.0 -Beta

[0.6.0] - 2026-01-13 -beta

Added

• HTTP Range Support for Video Streaming: Static files now support HTTP Range requests with 206 Partial Content responses (#1)
• Strict Path Routing: Bidirectional redirect support (FastAPI-style) ensures /foo and /foo/ are both accessible, returning 307 Temporary Redirect to the canonical URL (#7)
• Streaming Response Support: Implemented StreamingResponse for efficiency streaming of content from sync and async iterators (#3)
• Async Request Body Support: Added await request.body() and async for chunk in request.stream() methods for async compatibility (#4)
• Keyword Arguments Support: Automatic injection of path and query parameters into handler keyword arguments (#6)
• Query Params Alias: Added request.query_params property (alias to request.args) for FastAPI compatibility (#5)
• Flask-style send_file Helper: Updated to return FileResponse for efficient file serving with Range support
• Absolute Path Support: FileResponse now automatically converts relative paths to absolute paths for flexible file serving
• Video streaming example (examples/27_video_stream.py) demonstrating static and dynamic video serving
• Documentation: Updated user guides for Routing, Responses (Streaming), and Request Data (Async Body).

Removed

• Manual File Serving Module (src/file_serving.rs): Removed in favor of robust actix-files integration which handles Range requests automatically.

Changed

• Refactored src/server/handlers.rs to use actix-files for serving file responses.
• Updated src/bindings/converters.rs to pass FileResponse and StreamingResponse objects directly to Rust backend.
• Updated src/bindings/handlers.rs to pass request headers to response converter.

Fixed

• Windows Support: Gated Unix-specific hot-reload logic (nix::unistd) to fix build errors on Windows.
• Jinja2: Added jinja2 as a core dependency to ensure render_template works out-of-the-box and fix CI test failures.
• CI/CD: Resolved Rust clippy checks for manual_flatten and type_complexity to ensure strict CI compliance.
• Dynamic Route Range Support: Dynamic routes returning FileResponse now correctly support Range requests (Video seeking/scrubbing).
• Improved memory efficiency for large file serving.

v0.5.0 -beta

[0.5.0] - 2026-01-01

Major Features

• FastAPI Compatibility Layer:

  • Added support for Header, Cookie, Form, and File parameter validators.
  • Implemented UploadFile wrapper for easier file handling.
  • Added BackgroundTasks for simple background execution.
  • Introduced JSONResponse, HTMLResponse, PlainTextResponse, RedirectResponse, FileResponse aliases.

• Core Context Improvements:

  • Implemented functional g (application globals) and current_app context proxies.
  • Fixed issues where these globals were exported but not importable/functional.
  • Ensured correct context isolation using contextvars.

• API Completeness:

  • Improved Request object compatibility with Flask/Werkzeug (e.g. request.files, request.cookies via Rust).