Bump version to 3.3.0

Add auth, WebSocket, middleware, config guides. Examples and changelog.
New documentation pages: - Authentication: API keys, JWT tokens, session auth, custom exceptions - WebSocket Tutorial: echo server, chat room, HTML client, data formats - Writing Middleware: hooks vs middleware, Starlette integration, ordering - Configuration: env vars, .env files, secret keys, debug mode, production setup Also: - Complete working example at end of quickstart with cross-references - Three new example files: rest_api.py, websocket_chat.py, sse_stream.py - Changelog updated for v3.2.0 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-06-05 23:00:17 +00:00 · 2026-03-22 13:58:18 -04:00 · 2026-03-22 13:56:35 -04:00 · 2026-03-22 13:34:01 -04:00 · 2026-03-22 13:09:46 -04:00 · 2026-03-22 13:07:56 -04:00
146 changed files with 7174 additions and 4026 deletions
@@ -0,0 +1,3 @@
+github: kennethreitz
+thanks_dev: kennethreitz
+custom: https://cash.app/$KennethReitz
@@ -0,0 +1,16 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
@@ -0,0 +1,53 @@
+name: "Documentation"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request: ~
+  workflow_dispatch:
+
+# Cancel redundant in-progress jobs.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: write
+
+jobs:
+
+  documentation:
+    name: "Documentation"
+    runs-on: ubuntu-latest
+    env:
+      UV_SYSTEM_PYTHON: true
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.13"
+
+    - name: Set up uv
+      uses: astral-sh/setup-uv@v5
+      with:
+        version: "latest"
+        enable-cache: true
+        cache-dependency-glob: |
+          pyproject.toml
+
+    - name: Install package and documentation dependencies
+      run: uv pip install '.[docs]'
+
+    - name: Build static HTML documentation
+      run: sphinx-build -W --keep-going docs/source docs/build
+
+    - name: Deploy to GitHub Pages
+      if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+      uses: peaceiris/actions-gh-pages@v4
+      with:
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        publish_dir: ./docs/build
+        cname: responder.kennethreitz.org
@@ -0,0 +1,56 @@
+name: "Tests"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request: ~
+  workflow_dispatch:
+
+# Cancel redundant in-progress jobs.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+
+  test:
+    name: "Python ${{ matrix.python-version }}"
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: [
+          "3.9",
+          "3.10",
+          "3.11",
+          "3.12",
+          "3.13",
+        ]
+    env:
+      UV_SYSTEM_PYTHON: true
+
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 22
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+
+    - name: Set up uv
+      uses: astral-sh/setup-uv@v5
+      with:
+        version: "latest"
+        enable-cache: true
+        cache-suffix: ${{ matrix.python-version }}
+        cache-dependency-glob: |
+          pyproject.toml
+
+    - name: Install package
+      run: uv pip install '.[develop,test]'
+
+    - name: Run tests
+      run: pytest
@@ -1,3 +1,4 @@
+.venv*
 .vscode/
 .cache
 .idea
@@ -6,6 +7,7 @@
 .pytest_cache
 .DS_Store
 coverage.xml
+.coverage*

 __pycache__
 tests/__pycache__
@@ -0,0 +1,33 @@
+# .readthedocs.yml
+# Read the Docs configuration file
+
+# Details
+# - https://docs.readthedocs.io/en/stable/config-file/v2.html
+
+# Required
+version: 2
+
+build:
+  os: "ubuntu-24.04"
+  tools:
+    python: "3.12"
+
+python:
+  install:
+      - method: pip
+        path: .
+        extra_requirements:
+          - docs
+
+sphinx:
+  configuration: docs/source/conf.py
+
+  # Use standard HTML builder.
+  builder: html
+
+  # Fail on all warnings to avoid broken references.
+  fail_on_warning: true
+
+# Optionally build your docs in additional formats such as PDF
+#formats:
+#  - pdf
@@ -1,18 +0,0 @@
-# travis use trusty by default
-dist: xenial
-
-language: python
-python:
-  - 3.6
-  - 3.7
-  - "3.8-dev"
-
-# command to install dependencies
-install:
-  - pip install pipenv --upgrade-strategy=only-if-needed
-  - pipenv install --dev
-
-# command to run the dependencies
-script:
-  - black responder tests setup.py --check
-  - pytest
@@ -1,279 +1,460 @@
 # Changelog
+
 All notable changes to this project will be documented in this file.

-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and
+this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

 ## [Unreleased]
-## [v2.0.5] - 2019-12-15
+
+## [v3.2.0] - 2026-03-22
+
 ### Added
+
+- Pydantic auto-validation: `request_model` validates input, returns 422 on failure
+- Pydantic auto-serialization: `response_model` strips extra fields from responses
+- Server-Sent Events: `@resp.sse` for real-time streaming
+- `resp.stream_file()` for streaming large files without loading into memory
+- `@api.after_request()` hooks
+- `api.group("/prefix")` for route groups and API versioning
+- `api.graphql("/path", schema=schema)` one-liner GraphQL setup
+- `api = responder.API(request_id=True)` for automatic request ID generation
+- Built-in rate limiter: `RateLimiter(requests=100, period=60).install(api)`
+- MessagePack format support: `await req.media("msgpack")`
+- `req.is_json`, `req.path_params`, `req.client` properties
+- `api.exception_handler()` decorator for custom error handling
+- Lifespan context manager support
+- `uuid` and `path` route convertors
+- PEP 561 `py.typed` marker
+- Pydantic support for OpenAPI schema generation
+
+### Changed
+
+- Dependencies flattened: `pip install responder` gets everything
+- Core deps reduced to starlette + uvicorn
+- TestClient lazy-loaded (no httpx import in production)
+- Before-request hooks can short-circuit by setting status code
+- Removed poethepoet task runner
+
+### Fixed
+
+- Multipart parser losing headers when parts have multiple headers
+- `url_for()` with typed route params (`{id:int}`)
+- `resp.body` encoding crash on bytes content
+- GraphQL text query missing `await`
+- Streaming responses not sending Content-Type headers
+- Python 3.9 compatibility for union type syntax
+
+## [v3.0.0] - 2026-03-22
+
+### Added
+
+- Platform: Added support for Python 3.10 - Python 3.13
+- CLI: `responder run` now also accepts a filesystem path on its `<target>`
+  argument, enabling usage on single-file applications.
+- CLI: `responder run` now also accepts URLs.
+
+### Changed
+
+- Platform: Minimum Python version is now 3.9 (dropped 3.6, 3.7, 3.8)
+- Dependencies: Dramatically reduced core dependency count (10 → 5)
+  - Removed `requests`, `requests-toolbelt`, `rfc3986`, `whitenoise`
+  - Moved `apispec` and `marshmallow` to `openapi` optional extra
+  - Replaced `rfc3986` with stdlib `urllib.parse`
+  - Replaced `requests-toolbelt` multipart decoder with `python-multipart`
+  - Replaced deprecated `starlette.middleware.wsgi` with `a2wsgi`
+  - Switched from WhiteNoise to ServeStatic
+- Dependencies: Pinned `starlette[full]>=0.40` (was unpinned)
+- GraphQL: Upgraded to `graphene>=3` and `graphql-core>=3.1`
+  (from `graphene<3` and `graphql-server-core`, which is unmaintained)
+- GraphQL: Updated GraphiQL UI from 0.12.0 (2018) to 3.0.6 with React 18
+- Extensions: All of CLI-, GraphQL-, and OpenAPI-Support modules are
+  extensions now, found within the `responder.ext` module namespace.
+- Packaging: Migrated from `setup.py` to declarative `pyproject.toml`
+
+### Removed
+
+- Platform: Removed support for EOL Python 3.6, 3.7, 3.8
+- Status codes: Removed deprecated `resume_incomplete` and `resume`
+  aliases for HTTP 308 (marked for removal in 3.0)
+- CLI: `responder run --build` ceased to exist
+
+### Fixed
+
+- Routing: Fixed dispatching `static_route=None` on Windows
+- uvicorn: `--debug` now maps to uvicorn's `log_level = "debug"`
+- Tests: Fixed deprecated httpx TestClient usage
+
+## [v2.0.5] - 2019-12-15
+
+### Added
+
 - Update requirements to support python 3.8

 ## [v2.0.4] - 2019-11-19
+
 ### Fixed
+
 - Fix static app resolving

 ## [v2.0.3] - 2019-09-20
+
 ### Fixed
+
 - Fix template conflicts

 ## [v2.0.2] - 2019-09-20
+
 ### Fixed
+
 - Fix template conflicts

 ## [v2.0.1] - 2019-09-20
+
 ### Fixed
+
 - Fix template import

 ## [v2.0.0] - 2019-09-19
+
 ### Changed
+
 - Refactor Router and Schema

 ## [v1.3.2] - 2019-08-15
+
 ### Added
+
 - ASGI 3 support
 - CI tests for python 3.8-dev
 - Now requests have `state` a mapping object

 ### Deprecated
+
 - ASGI 2

 ## [v1.3.1] - 2019-04-28
+
 ### Added
+
 - Route params Converters
 - Add search for documentation pages

 ### Changed
+
 - Bump dependencies

 ## [v1.3.0] - 2019-02-22
+
 ### Fixed
+
 - Versioning issue
 - Multiple cookies.
 - Whitenoise returns not found.
 - Other bugfixes.

 ### Added
+
 - Stream support via `resp.stream`.
 - Cookie directives via `resp.set_cookie`.
 - Add `resp.html` to send HTML.
 - Other improvements.

 ## [v1.1.3] - 2019-01-12
+
 ### Changed
+
 - Refactor `_route_for`

 ### Fixed
+
 - Resolve startup/shutdwown events

 ## [v1.2.0] - 2018-12-29
+
 ### Added
+
 - Documentations

 ### Changed
+
 - Use Starlette's LifeSpan middleware
 - Update denpendencies

 ### Fixed
+
 - Fix route.is_class_based
 - Fix test_500
 - Typos

 ## [v1.1.2] - 2018-11-11
+
 ### Fixed
+
 - Minor fixes for Open API
 - Typos

 ## [v1.1.1] - 2018-10-29
+
 ### Changed
+
 - Run sync views in a threadpoolexecutor.

 ## [v1.1.0] - 2018-10-27
+
 ### Added
+
 - Support for `before_request`.

 ## [v1.0.5]- 2018-10-27
+
 ### Fixed
+
 - Fix sessions.

 ## [v1.0.4] - 2018-10-27
+
 ### Fixed
+
 - Potential bufix for cookies.

 ## [v1.0.3] - 2018-10-27
+
 ### Fixed
+
 - Bugfix for redirects.

 ## [v1.0.2] - 2018-10-27
+
 ### Changed
+
 - Improvement for static file hosting.

 ## [v1.0.1] - 2018-10-26
+
 ### Changed
+
 - Improve cors configuration settings.

 ## [v1.0.0] - 2018-10-26
+
 ### Changed
+
 - Move GraphQL support into a built-in plugin.

 ## [v0.3.3] - 2018-10-25
+
 ### Added
+
 - CORS support

 ### Changed
+
 - Improved exceptions.

 ## [v0.3.2] - 2018-10-25
+
 ### Changed
+
 - Subtle improvements.

 ## [v0.3.1] - 2018-10-24
+
 ### Fixed
+
 - Packaging fix.

 ## [v0.3.0] - 2018-10-24
+
 ### Changed
+
 - Interactive Documentation endpoint.
 - Minor improvements.

 ## [v0.2.3] - 2018-10-24
+
 ### Changed
+
 - Overall improvements.

 ## [v0.2.2] - 2018-10-23
+
 ### Added
+
 - Show traceback info when background tasks raise exceptions.

 ## [v0.2.1] - 2018-10-23
+
 ### Added
+
 - api.requests.

 ## [v0.2.0] - 2018-10-22
+
 ### Added
+
 - WebSocket support.

 ## [v0.1.6] - 2018-10-20
+
 ### Added
+
 - 500 support.

 ## [v0.1.5] - 2018-10-20
+
 ### Added
+
 - File upload support

 ### Changed
+
 - Improvements to sequential media reading.

 ## [v0.1.4] - 2018-10-19
+
 ### Fixed
+
 - Stability.

 ## [v0.1.3] - 2018-10-18
+
 ### Added
+
 - Sessions support.

 ## [v0.1.2] - 2018-10-18
+
 ### Added
+
 - Cookies support.

 ## [v0.1.1] - 2018-10-17
+
 ### Changed
+
 - Default routes.

 ## [v0.1.0] - 2018-10-17
+
 ### Added
+
 - Prototype of static application support.

 ## [v0.0.10] - 2018-10-17
+
 ### Fixed
+
 - Bugfix for async class-based views.

 ## [v0.0.9] - 2018-10-17
+
 ### Fixed
+
 - Bugfix for async class-based views.

 ## [v0.0.8] - 2018-10-17
+
 ### Added
+
 - GraphiQL Support.

 ### Changed
+
 - Improvement to route selection.

 ## [v0.0.7] - 2018-10-16
+
 ### Changed
+
 - Immutable Request object.

 ## [v0.0.6] - 2018-10-16
+
 ### Added
+
 - Ability to mount WSGI apps.
 - Supply content-type when serving up the schema.

 ## [v0.0.5] - 2018-10-15
+
 ### Added
+
 - OpenAPI Schema support.
 - Safe load/dump yaml.

 ## [v0.0.4] - 2018-10-15
+
 ### Added
+
 - Asynchronous support for data uploads.

 ### Fixed
+
 - Bug fixes.

 ## [v0.0.3] - 2018-10-13
+
 ### Fixed
+
 - Bug fixes.

 ## [v0.0.2] - 2018-10-13
+
 ### Changed
+
 - Switch to ASGI/Starlette.

 ## [v0.0.1] - 2018-10-12
+
 ### Added
+
 - Conception!

-[Unreleased]: https://github.com/taoufik07/responder/compare/v2.0.5..HEAD
-[v2.0.5]: https://github.com/taoufik07/responder/compare/v2.0.4..v2.0.5
-[v2.0.4]: https://github.com/taoufik07/responder/compare/v2.0.3..v2.0.4
-[v2.0.3]: https://github.com/taoufik07/responder/compare/v2.0.2..v2.0.3
-[v2.0.2]: https://github.com/taoufik07/responder/compare/v2.0.1..v2.0.2
-[v2.0.1]: https://github.com/taoufik07/responder/compare/v2.0.0..v2.0.1
-[v2.0.0]: https://github.com/taoufik07/responder/compare/v1.3.2..v2.0.0
-[v1.3.2]: https://github.com/taoufik07/responder/compare/v1.3.1..v1.3.2
-[v1.3.1]: https://github.com/taoufik07/responder/compare/v1.3.0..v1.3.1
-[v1.3.0]: https://github.com/taoufik07/responder/compare/v1.2.0..v1.3.0
-[v1.2.0]: https://github.com/taoufik07/responder/compare/v1.1.3..v1.2.0
-[v1.1.3]: https://github.com/taoufik07/responder/compare/v1.1.2..v1.1.3
-[v1.1.2]: https://github.com/taoufik07/responder/compare/v1.1.1..v1.1.2
-[v1.1.1]: https://github.com/taoufik07/responder/compare/v1.1.0..v1.1.1
-[v1.1.0]: https://github.com/taoufik07/responder/compare/v1.0.5..v1.1.0
-[v1.0.5]: https://github.com/taoufik07/responder/compare/v1.0.4..v1.0.5
-[v1.0.4]: https://github.com/taoufik07/responder/compare/v1.0.3..v1.0.4
-[v1.0.3]: https://github.com/taoufik07/responder/compare/v1.0.2..v1.0.3
-[v1.0.2]: https://github.com/taoufik07/responder/compare/v1.0.1..v1.0.2
-[v1.0.1]: https://github.com/taoufik07/responder/compare/v1.0.0..v1.0.1
-[v1.0.0]: https://github.com/taoufik07/responder/compare/v0.3.3..v1.0.0
-[v0.3.3]: https://github.com/taoufik07/responder/compare/v0.3.2..v0.3.3
-[v0.3.2]: https://github.com/taoufik07/responder/compare/v0.3.1..v0.3.2
-[v0.3.1]: https://github.com/taoufik07/responder/compare/v0.3.0..v0.3.1
-[v0.3.0]: https://github.com/taoufik07/responder/compare/v0.2.3..v0.3.0
-[v0.2.3]: https://github.com/taoufik07/responder/compare/v0.2.2..v0.2.3
-[v0.2.2]: https://github.com/taoufik07/responder/compare/v0.2.1..v0.2.2
-[v0.2.1]: https://github.com/taoufik07/responder/compare/v0.2.0..v0.2.1
-[v0.2.0]: https://github.com/taoufik07/responder/compare/v0.1.6..v0.2.0
-[v0.1.6]: https://github.com/taoufik07/responder/compare/v0.1.5..v0.1.6
-[v0.1.5]: https://github.com/taoufik07/responder/compare/v0.1.4..v0.1.5
-[v0.1.4]: https://github.com/taoufik07/responder/compare/v0.1.3..v0.1.4
-[v0.1.3]: https://github.com/taoufik07/responder/compare/v0.1.2..v0.1.3
-[v0.1.2]: https://github.com/taoufik07/responder/compare/v0.1.1..v0.1.2
-[v0.1.1]: https://github.com/taoufik07/responder/compare/v0.1.0..v0.1.1
-[v0.1.0]: https://github.com/taoufik07/responder/compare/v0.0.10..v0.1.0
-[v0.0.10]: https://github.com/taoufik07/responder/compare/v0.0.9..v0.0.10
-[v0.0.9]: https://github.com/taoufik07/responder/compare/v0.0.8..v0.0.9
-[v0.0.8]: https://github.com/taoufik07/responder/compare/v0.0.7..v0.0.8
-[v0.0.7]: https://github.com/taoufik07/responder/compare/v0.0.6..v0.0.7
-[v0.0.6]: https://github.com/taoufik07/responder/compare/v0.0.5..v0.0.6
-[v0.0.5]: https://github.com/taoufik07/responder/compare/v0.0.4..v0.0.5
-[v0.0.4]: https://github.com/taoufik07/responder/compare/v0.0.3..v0.0.4
-[v0.0.3]: https://github.com/taoufik07/responder/compare/v0.0.2..v0.0.3
-[v0.0.2]: https://github.com/taoufik07/responder/compare/v0.0.1..v0.0.2
-[v0.0.1]: https://github.com/taoufik07/responder/compare/v0.0.0..v0.0.1
+[unreleased]: https://github.com/kennethreitz/responder/compare/v3.0.0..HEAD
+[v3.0.0]: https://github.com/kennethreitz/responder/compare/v2.0.5..v3.0.0
+[v2.0.5]: https://github.com/kennethreitz/responder/compare/v2.0.4..v2.0.5
+[v2.0.4]: https://github.com/kennethreitz/responder/compare/v2.0.3..v2.0.4
+[v2.0.3]: https://github.com/kennethreitz/responder/compare/v2.0.2..v2.0.3
+[v2.0.2]: https://github.com/kennethreitz/responder/compare/v2.0.1..v2.0.2
+[v2.0.1]: https://github.com/kennethreitz/responder/compare/v2.0.0..v2.0.1
+[v2.0.0]: https://github.com/kennethreitz/responder/compare/v1.3.2..v2.0.0
+[v1.3.2]: https://github.com/kennethreitz/responder/compare/v1.3.1..v1.3.2
+[v1.3.1]: https://github.com/kennethreitz/responder/compare/v1.3.0..v1.3.1
+[v1.3.0]: https://github.com/kennethreitz/responder/compare/v1.2.0..v1.3.0
+[v1.2.0]: https://github.com/kennethreitz/responder/compare/v1.1.3..v1.2.0
+[v1.1.3]: https://github.com/kennethreitz/responder/compare/v1.1.2..v1.1.3
+[v1.1.2]: https://github.com/kennethreitz/responder/compare/v1.1.1..v1.1.2
+[v1.1.1]: https://github.com/kennethreitz/responder/compare/v1.1.0..v1.1.1
+[v1.1.0]: https://github.com/kennethreitz/responder/compare/v1.0.5..v1.1.0
+[v1.0.5]: https://github.com/kennethreitz/responder/compare/v1.0.4..v1.0.5
+[v1.0.4]: https://github.com/kennethreitz/responder/compare/v1.0.3..v1.0.4
+[v1.0.3]: https://github.com/kennethreitz/responder/compare/v1.0.2..v1.0.3
+[v1.0.2]: https://github.com/kennethreitz/responder/compare/v1.0.1..v1.0.2
+[v1.0.1]: https://github.com/kennethreitz/responder/compare/v1.0.0..v1.0.1
+[v1.0.0]: https://github.com/kennethreitz/responder/compare/v0.3.3..v1.0.0
+[v0.3.3]: https://github.com/kennethreitz/responder/compare/v0.3.2..v0.3.3
+[v0.3.2]: https://github.com/kennethreitz/responder/compare/v0.3.1..v0.3.2
+[v0.3.1]: https://github.com/kennethreitz/responder/compare/v0.3.0..v0.3.1
+[v0.3.0]: https://github.com/kennethreitz/responder/compare/v0.2.3..v0.3.0
+[v0.2.3]: https://github.com/kennethreitz/responder/compare/v0.2.2..v0.2.3
+[v0.2.2]: https://github.com/kennethreitz/responder/compare/v0.2.1..v0.2.2
+[v0.2.1]: https://github.com/kennethreitz/responder/compare/v0.2.0..v0.2.1
+[v0.2.0]: https://github.com/kennethreitz/responder/compare/v0.1.6..v0.2.0
+[v0.1.6]: https://github.com/kennethreitz/responder/compare/v0.1.5..v0.1.6
+[v0.1.5]: https://github.com/kennethreitz/responder/compare/v0.1.4..v0.1.5
+[v0.1.4]: https://github.com/kennethreitz/responder/compare/v0.1.3..v0.1.4
+[v0.1.3]: https://github.com/kennethreitz/responder/compare/v0.1.2..v0.1.3
+[v0.1.2]: https://github.com/kennethreitz/responder/compare/v0.1.1..v0.1.2
+[v0.1.1]: https://github.com/kennethreitz/responder/compare/v0.1.0..v0.1.1
+[v0.1.0]: https://github.com/kennethreitz/responder/compare/v0.0.10..v0.1.0
+[v0.0.10]: https://github.com/kennethreitz/responder/compare/v0.0.9..v0.0.10
+[v0.0.9]: https://github.com/kennethreitz/responder/compare/v0.0.8..v0.0.9
+[v0.0.8]: https://github.com/kennethreitz/responder/compare/v0.0.7..v0.0.8
+[v0.0.7]: https://github.com/kennethreitz/responder/compare/v0.0.6..v0.0.7
+[v0.0.6]: https://github.com/kennethreitz/responder/compare/v0.0.5..v0.0.6
+[v0.0.5]: https://github.com/kennethreitz/responder/compare/v0.0.4..v0.0.5
+[v0.0.4]: https://github.com/kennethreitz/responder/compare/v0.0.3..v0.0.4
+[v0.0.3]: https://github.com/kennethreitz/responder/compare/v0.0.2..v0.0.3
+[v0.0.2]: https://github.com/kennethreitz/responder/compare/v0.0.1..v0.0.2
+[v0.0.1]: https://github.com/kennethreitz/responder/compare/v0.0.0..v0.0.1
@@ -1,13 +1,178 @@
-Copyright 2018 Kenneth Reitz

-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at

-    http://www.apache.org/licenses/LICENSE-2.0
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/

-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
@@ -1 +0,0 @@
-include LICENSE
@@ -1,20 +0,0 @@
-[[source]]
-url = "https://pypi.org/simple"
-verify_ssl = true
-name = "pypi"
-
-[packages]
-responder = {editable = true, path = "."}
-
-[dev-packages]
-pytest = "*"
-"flake8" = "*"
-black = "*"
-twine = "*"
-flask = "*"
-sphinx = "*"
-marshmallow = "*"
-pytest-cov = "*"
-
-[pipenv]
-allow_prereleases = true
@@ -1,896 +0,0 @@
-{
-    "_meta": {
-        "hash": {
-            "sha256": "ea12c0d556a3ca0848b0eba291a11a5ea98a701f0885c2d030b2aeb1e5b9c15f"
-        },
-        "pipfile-spec": 6,
-        "requires": {},
-        "sources": [
-            {
-                "name": "pypi",
-                "url": "https://pypi.org/simple",
-                "verify_ssl": true
-            }
-        ]
-    },
-    "default": {
-        "aiofiles": {
-            "hashes": [
-                "sha256:021ea0ba314a86027c166ecc4b4c07f2d40fc0f4b3a950d1868a0f2571c2bbee",
-                "sha256:1e644c2573f953664368de28d2aa4c89dfd64550429d0c27c4680ccd3aa4985d"
-            ],
-            "version": "==0.4.0"
-        },
-        "aniso8601": {
-            "hashes": [
-                "sha256:513d2b6637b7853806ae79ffaca6f3e8754bdd547048f5ccc1420aec4b714f1e",
-                "sha256:d10a4bf949f619f719b227ef5386e31f49a2b6d453004b21f02661ccc8670c7b"
-            ],
-            "version": "==7.0.0"
-        },
-        "apispec": {
-            "hashes": [
-                "sha256:cf8e1f3b56949710f8cf23797b7f40215e9dae8bac583789a3f2c13dc56349fa",
-                "sha256:fe5cf5fc89b1c4a73acd5af3a10ede02b31ec116f215ed02271cb905d3172367"
-            ],
-            "version": "==3.1.0"
-        },
-        "apistar": {
-            "hashes": [
-                "sha256:8da0d3f15748c8ed6e68914ba5b8f6dd5dff5afbe137950d07103575df0bce73"
-            ],
-            "version": "==0.7.2"
-        },
-        "certifi": {
-            "hashes": [
-                "sha256:017c25db2a153ce562900032d5bc68e9f191e44e9a0f762f373977de9df1fbb3",
-                "sha256:25b64c7da4cd7479594d035c08c2d809eb4aab3a26e5a990ea98cc450c320f1f"
-            ],
-            "version": "==2019.11.28"
-        },
-        "chardet": {
-            "hashes": [
-                "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
-                "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
-            ],
-            "version": "==3.0.4"
-        },
-        "click": {
-            "hashes": [
-                "sha256:2335065e6395b9e67ca716de5f7526736bfa6ceead690adf616d925bdc622b13",
-                "sha256:5b94b49521f6456670fdb30cd82a4eca9412788a93fa6dd6df72c94d5a8ff2d7"
-            ],
-            "version": "==7.0"
-        },
-        "docopt": {
-            "hashes": [
-                "sha256:49b3a825280bd66b3aa83585ef59c4a8c82f2c8a522dbe754a8bc8d08c85c491"
-            ],
-            "version": "==0.6.2"
-        },
-        "graphene": {
-            "hashes": [
-                "sha256:09165f03e1591b76bf57b133482db9be6dac72c74b0a628d3c93182af9c5a896",
-                "sha256:2cbe6d4ef15cfc7b7805e0760a0e5b80747161ce1b0f990dfdc0d2cf497c12f9"
-            ],
-            "version": "==2.1.8"
-        },
-        "graphql-core": {
-            "hashes": [
-                "sha256:1488f2a5c2272dc9ba66e3042a6d1c30cea0db4c80bd1e911c6791ad6187d91b",
-                "sha256:da64c472d720da4537a2e8de8ba859210b62841bd47a9be65ca35177f62fe0e4"
-            ],
-            "version": "==2.2.1"
-        },
-        "graphql-relay": {
-            "hashes": [
-                "sha256:870b6b5304123a38a0b215a79eace021acce5a466bf40cd39fa18cb8528afabb",
-                "sha256:ac514cb86db9a43014d7e73511d521137ac12cf0101b2eaa5f0a3da2e10d913d"
-            ],
-            "version": "==2.0.1"
-        },
-        "graphql-server-core": {
-            "hashes": [
-                "sha256:fa810f811cd91dd938ac49819562c3a12f2b6bf141164f984b16359359133983"
-            ],
-            "version": "==1.1.3"
-        },
-        "h11": {
-            "hashes": [
-                "sha256:acca6a44cb52a32ab442b1779adf0875c443c689e9e028f8d831a3769f9c5208",
-                "sha256:f2b1ca39bfed357d1f19ac732913d5f9faa54a5062eca7d2ec3a916cfb7ae4c7"
-            ],
-            "version": "==0.8.1"
-        },
-        "httptools": {
-            "hashes": [
-                "sha256:e00cbd7ba01ff748e494248183abc6e153f49181169d8a3d41bb49132ca01dfc"
-            ],
-            "version": "==0.0.13"
-        },
-        "idna": {
-            "hashes": [
-                "sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407",
-                "sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c"
-            ],
-            "version": "==2.8"
-        },
-        "itsdangerous": {
-            "hashes": [
-                "sha256:321b033d07f2a4136d3ec762eac9f16a10ccd60f53c0c91af90217ace7ba1f19",
-                "sha256:b12271b2047cb23eeb98c8b5622e2e5c5e9abd9784a153e9d8ef9cb4dd09d749"
-            ],
-            "version": "==1.1.0"
-        },
-        "jinja2": {
-            "hashes": [
-                "sha256:74320bb91f31270f9551d46522e33af46a80c3d619f4a4bf42b3164d30b5911f",
-                "sha256:9fe95f19286cfefaa917656583d020be14e7859c6b0252588391e47db34527de"
-            ],
-            "version": "==2.10.3"
-        },
-        "markupsafe": {
-            "hashes": [
-                "sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473",
-                "sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161",
-                "sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235",
-                "sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5",
-                "sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff",
-                "sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b",
-                "sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1",
-                "sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e",
-                "sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183",
-                "sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66",
-                "sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1",
-                "sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1",
-                "sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e",
-                "sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b",
-                "sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905",
-                "sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735",
-                "sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d",
-                "sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e",
-                "sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d",
-                "sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c",
-                "sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21",
-                "sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2",
-                "sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5",
-                "sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b",
-                "sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6",
-                "sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f",
-                "sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f",
-                "sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7"
-            ],
-            "version": "==1.1.1"
-        },
-        "marshmallow": {
-            "hashes": [
-                "sha256:0ba81b6da4ae69eb229b74b3c741ff13fe04fb899824377b1aff5aaa1a9fd46e",
-                "sha256:3e53dd9e9358977a3929e45cdbe4a671f9eff53a7d6a23f33ed3eab8c1890d8f"
-            ],
-            "version": "==3.3.0"
-        },
-        "promise": {
-            "hashes": [
-                "sha256:2ebbfc10b7abf6354403ed785fe4f04b9dfd421eb1a474ac8d187022228332af",
-                "sha256:348f5f6c3edd4fd47c9cd65aed03ac1b31136d375aa63871a57d3e444c85655c"
-            ],
-            "version": "==2.2.1"
-        },
-        "python-multipart": {
-            "hashes": [
-                "sha256:f7bb5f611fc600d15fa47b3974c8aa16e93724513b49b5f95c81e6624c83fa43"
-            ],
-            "version": "==0.0.5"
-        },
-        "pyyaml": {
-            "hashes": [
-                "sha256:0e7f69397d53155e55d10ff68fdfb2cf630a35e6daf65cf0bdeaf04f127c09dc",
-                "sha256:2e9f0b7c5914367b0916c3c104a024bb68f269a486b9d04a2e8ac6f6597b7803",
-                "sha256:35ace9b4147848cafac3db142795ee42deebe9d0dad885ce643928e88daebdcc",
-                "sha256:38a4f0d114101c58c0f3a88aeaa44d63efd588845c5a2df5290b73db8f246d15",
-                "sha256:483eb6a33b671408c8529106df3707270bfacb2447bf8ad856a4b4f57f6e3075",
-                "sha256:4b6be5edb9f6bb73680f5bf4ee08ff25416d1400fbd4535fe0069b2994da07cd",
-                "sha256:7f38e35c00e160db592091751d385cd7b3046d6d51f578b29943225178257b31",
-                "sha256:8100c896ecb361794d8bfdb9c11fce618c7cf83d624d73d5ab38aef3bc82d43f",
-                "sha256:c0ee8eca2c582d29c3c2ec6e2c4f703d1b7f1fb10bc72317355a746057e7346c",
-                "sha256:e4c015484ff0ff197564917b4b4246ca03f411b9bd7f16e02a2f586eb48b6d04",
-                "sha256:ebc4ed52dcc93eeebeae5cf5deb2ae4347b3a81c3fa12b0b8c976544829396a4"
-            ],
-            "version": "==5.2"
-        },
-        "requests": {
-            "hashes": [
-                "sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4",
-                "sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31"
-            ],
-            "version": "==2.22.0"
-        },
-        "requests-toolbelt": {
-            "hashes": [
-                "sha256:380606e1d10dc85c3bd47bf5a6095f815ec007be7a8b69c878507068df059e6f",
-                "sha256:968089d4584ad4ad7c171454f0a5c6dac23971e9472521ea3b6d49d610aa6fc0"
-            ],
-            "version": "==0.9.1"
-        },
-        "responder": {
-            "editable": true,
-            "path": "."
-        },
-        "rfc3986": {
-            "hashes": [
-                "sha256:0344d0bd428126ce554e7ca2b61787b6a28d2bbd19fc70ed2dd85efe31176405",
-                "sha256:df4eba676077cefb86450c8f60121b9ae04b94f65f85b69f3f731af0516b7b18"
-            ],
-            "version": "==1.3.2"
-        },
-        "rx": {
-            "hashes": [
-                "sha256:13a1d8d9e252625c173dc795471e614eadfe1cf40ffc684e08b8fff0d9748c23",
-                "sha256:7357592bc7e881a95e0c2013b73326f704953301ab551fbc8133a6fadab84105"
-            ],
-            "version": "==1.6.1"
-        },
-        "six": {
-            "hashes": [
-                "sha256:1f1b7d42e254082a9db6279deae68afb421ceba6158efa6131de7b3003ee93fd",
-                "sha256:30f610279e8b2578cab6db20741130331735c781b56053c59c4076da27f06b66"
-            ],
-            "version": "==1.13.0"
-        },
-        "starlette": {
-            "hashes": [
-                "sha256:9597bc28e3c4659107c1c4a45ec32dc45e947d78fe56230222be673b2c36454a"
-            ],
-            "version": "==0.12.13"
-        },
-        "typesystem": {
-            "hashes": [
-                "sha256:ba2bd10f1c5844d08dd8841e777bdee55bfca569bf21cb96cd0f91e0a4f66cd8"
-            ],
-            "version": "==0.2.4"
-        },
-        "urllib3": {
-            "hashes": [
-                "sha256:a8a318824cc77d1fd4b2bec2ded92646630d7fe8619497b142c84a9e6f5a7293",
-                "sha256:f3c5fd51747d450d4dcf6f923c81f78f811aab8205fda64b0aba34a4e48b0745"
-            ],
-            "version": "==1.25.7"
-        },
-        "uvicorn": {
-            "hashes": [
-                "sha256:f4c34642618449f55e2bab8c6b22ff7615b520d2e7e23275be2ca894254327a3"
-            ],
-            "version": "==0.10.8"
-        },
-        "uvloop": {
-            "hashes": [
-                "sha256:08b109f0213af392150e2fe6f81d33261bb5ce968a288eb698aad4f46eb711bd",
-                "sha256:123ac9c0c7dd71464f58f1b4ee0bbd81285d96cdda8bc3519281b8973e3a461e",
-                "sha256:4315d2ec3ca393dd5bc0b0089d23101276778c304d42faff5dc4579cb6caef09",
-                "sha256:4544dcf77d74f3a84f03dd6278174575c44c67d7165d4c42c71db3fdc3860726",
-                "sha256:afd5513c0ae414ec71d24f6f123614a80f3d27ca655a4fcf6cabe50994cc1891",
-                "sha256:b4f591aa4b3fa7f32fb51e2ee9fea1b495eb75b0b3c8d0ca52514ad675ae63f7",
-                "sha256:bcac356d62edd330080aed082e78d4b580ff260a677508718f88016333e2c9c5",
-                "sha256:e7514d7a48c063226b7d06617cbb12a14278d4323a065a8d46a7962686ce2e95",
-                "sha256:f07909cd9fc08c52d294b1570bba92186181ca01fe3dc9ffba68955273dd7362"
-            ],
-            "version": "==0.14.0"
-        },
-        "websockets": {
-            "hashes": [
-                "sha256:0e4fb4de42701340bd2353bb2eee45314651caa6ccee80dbd5f5d5978888fed5",
-                "sha256:1d3f1bf059d04a4e0eb4985a887d49195e15ebabc42364f4eb564b1d065793f5",
-                "sha256:20891f0dddade307ffddf593c733a3fdb6b83e6f9eef85908113e628fa5a8308",
-                "sha256:295359a2cc78736737dd88c343cd0747546b2174b5e1adc223824bcaf3e164cb",
-                "sha256:2db62a9142e88535038a6bcfea70ef9447696ea77891aebb730a333a51ed559a",
-                "sha256:3762791ab8b38948f0c4d281c8b2ddfa99b7e510e46bd8dfa942a5fff621068c",
-                "sha256:3db87421956f1b0779a7564915875ba774295cc86e81bc671631379371af1170",
-                "sha256:3ef56fcc7b1ff90de46ccd5a687bbd13a3180132268c4254fc0fa44ecf4fc422",
-                "sha256:4f9f7d28ce1d8f1295717c2c25b732c2bc0645db3215cf757551c392177d7cb8",
-                "sha256:5c01fd846263a75bc8a2b9542606927cfad57e7282965d96b93c387622487485",
-                "sha256:5c65d2da8c6bce0fca2528f69f44b2f977e06954c8512a952222cea50dad430f",
-                "sha256:751a556205d8245ff94aeef23546a1113b1dd4f6e4d102ded66c39b99c2ce6c8",
-                "sha256:7ff46d441db78241f4c6c27b3868c9ae71473fe03341340d2dfdbe8d79310acc",
-                "sha256:965889d9f0e2a75edd81a07592d0ced54daa5b0785f57dc429c378edbcffe779",
-                "sha256:9b248ba3dd8a03b1a10b19efe7d4f7fa41d158fdaa95e2cf65af5a7b95a4f989",
-                "sha256:9bef37ee224e104a413f0780e29adb3e514a5b698aabe0d969a6ba426b8435d1",
-                "sha256:c1ec8db4fac31850286b7cd3b9c0e1b944204668b8eb721674916d4e28744092",
-                "sha256:c8a116feafdb1f84607cb3b14aa1418424ae71fee131642fc568d21423b51824",
-                "sha256:ce85b06a10fc65e6143518b96d3dca27b081a740bae261c2fb20375801a9d56d",
-                "sha256:d705f8aeecdf3262379644e4b55107a3b55860eb812b673b28d0fbc347a60c55",
-                "sha256:e898a0863421650f0bebac8ba40840fc02258ef4714cb7e1fd76b6a6354bda36",
-                "sha256:f8a7bff6e8664afc4e6c28b983845c5bc14965030e3fb98789734d416af77c4b"
-            ],
-            "version": "==8.1"
-        },
-        "whitenoise": {
-            "hashes": [
-                "sha256:0f9137f74bd95fa54329ace88d8dc695fbe895369a632e35f7a136e003e41d73",
-                "sha256:62556265ec1011bd87113fb81b7516f52688887b7a010ee899ff1fd18fd22700"
-            ],
-            "version": "==5.0.1"
-        }
-    },
-    "develop": {
-        "alabaster": {
-            "hashes": [
-                "sha256:446438bdcca0e05bd45ea2de1668c1d9b032e1a9154c2c259092d77031ddd359",
-                "sha256:a661d72d58e6ea8a57f7a86e37d86716863ee5e92788398526d58b26a4e4dc02"
-            ],
-            "version": "==0.7.12"
-        },
-        "appdirs": {
-            "hashes": [
-                "sha256:9e5896d1372858f8dd3344faf4e5014d21849c756c8d5701f78f8a103b372d92",
-                "sha256:d8b24664561d0d34ddfaec54636d502d7cea6e29c3eaf68f3df6180863e2166e"
-            ],
-            "version": "==1.4.3"
-        },
-        "attrs": {
-            "hashes": [
-                "sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c",
-                "sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72"
-            ],
-            "version": "==19.3.0"
-        },
-        "babel": {
-            "hashes": [
-                "sha256:af92e6106cb7c55286b25b38ad7695f8b4efb36a90ba483d7f7a6628c46158ab",
-                "sha256:e86135ae101e31e2c8ec20a4e0c5220f4eed12487d5cf3f78be7e98d3a57fc28"
-            ],
-            "version": "==2.7.0"
-        },
-        "black": {
-            "hashes": [
-                "sha256:1b30e59be925fafc1ee4565e5e08abef6b03fe455102883820fe5ee2e4734e0b",
-                "sha256:c2edb73a08e9e0e6f65a0e6af18b059b8b1cdd5bef997d7a0b181df93dc81539"
-            ],
-            "index": "pypi",
-            "version": "==19.10b0"
-        },
-        "bleach": {
-            "hashes": [
-                "sha256:213336e49e102af26d9cde77dd2d0397afabc5a6bf2fed985dc35b5d1e285a16",
-                "sha256:3fdf7f77adcf649c9911387df51254b813185e32b2c6619f690b593a617e19fa"
-            ],
-            "version": "==3.1.0"
-        },
-        "certifi": {
-            "hashes": [
-                "sha256:017c25db2a153ce562900032d5bc68e9f191e44e9a0f762f373977de9df1fbb3",
-                "sha256:25b64c7da4cd7479594d035c08c2d809eb4aab3a26e5a990ea98cc450c320f1f"
-            ],
-            "version": "==2019.11.28"
-        },
-        "cffi": {
-            "hashes": [
-                "sha256:0b49274afc941c626b605fb59b59c3485c17dc776dc3cc7cc14aca74cc19cc42",
-                "sha256:0e3ea92942cb1168e38c05c1d56b0527ce31f1a370f6117f1d490b8dcd6b3a04",
-                "sha256:135f69aecbf4517d5b3d6429207b2dff49c876be724ac0c8bf8e1ea99df3d7e5",
-                "sha256:19db0cdd6e516f13329cba4903368bff9bb5a9331d3410b1b448daaadc495e54",
-                "sha256:2781e9ad0e9d47173c0093321bb5435a9dfae0ed6a762aabafa13108f5f7b2ba",
-                "sha256:291f7c42e21d72144bb1c1b2e825ec60f46d0a7468f5346841860454c7aa8f57",
-                "sha256:2c5e309ec482556397cb21ede0350c5e82f0eb2621de04b2633588d118da4396",
-                "sha256:2e9c80a8c3344a92cb04661115898a9129c074f7ab82011ef4b612f645939f12",
-                "sha256:32a262e2b90ffcfdd97c7a5e24a6012a43c61f1f5a57789ad80af1d26c6acd97",
-                "sha256:3c9fff570f13480b201e9ab69453108f6d98244a7f495e91b6c654a47486ba43",
-                "sha256:415bdc7ca8c1c634a6d7163d43fb0ea885a07e9618a64bda407e04b04333b7db",
-                "sha256:42194f54c11abc8583417a7cf4eaff544ce0de8187abaf5d29029c91b1725ad3",
-                "sha256:4424e42199e86b21fc4db83bd76909a6fc2a2aefb352cb5414833c030f6ed71b",
-                "sha256:4a43c91840bda5f55249413037b7a9b79c90b1184ed504883b72c4df70778579",
-                "sha256:599a1e8ff057ac530c9ad1778293c665cb81a791421f46922d80a86473c13346",
-                "sha256:5c4fae4e9cdd18c82ba3a134be256e98dc0596af1e7285a3d2602c97dcfa5159",
-                "sha256:5ecfa867dea6fabe2a58f03ac9186ea64da1386af2159196da51c4904e11d652",
-                "sha256:62f2578358d3a92e4ab2d830cd1c2049c9c0d0e6d3c58322993cc341bdeac22e",
-                "sha256:6471a82d5abea994e38d2c2abc77164b4f7fbaaf80261cb98394d5793f11b12a",
-                "sha256:6d4f18483d040e18546108eb13b1dfa1000a089bcf8529e30346116ea6240506",
-                "sha256:71a608532ab3bd26223c8d841dde43f3516aa5d2bf37b50ac410bb5e99053e8f",
-                "sha256:74a1d8c85fb6ff0b30fbfa8ad0ac23cd601a138f7509dc617ebc65ef305bb98d",
-                "sha256:7b93a885bb13073afb0aa73ad82059a4c41f4b7d8eb8368980448b52d4c7dc2c",
-                "sha256:7d4751da932caaec419d514eaa4215eaf14b612cff66398dd51129ac22680b20",
-                "sha256:7f627141a26b551bdebbc4855c1157feeef18241b4b8366ed22a5c7d672ef858",
-                "sha256:8169cf44dd8f9071b2b9248c35fc35e8677451c52f795daa2bb4643f32a540bc",
-                "sha256:aa00d66c0fab27373ae44ae26a66a9e43ff2a678bf63a9c7c1a9a4d61172827a",
-                "sha256:ccb032fda0873254380aa2bfad2582aedc2959186cce61e3a17abc1a55ff89c3",
-                "sha256:d754f39e0d1603b5b24a7f8484b22d2904fa551fe865fd0d4c3332f078d20d4e",
-                "sha256:d75c461e20e29afc0aee7172a0950157c704ff0dd51613506bd7d82b718e7410",
-                "sha256:dcd65317dd15bc0451f3e01c80da2216a31916bdcffd6221ca1202d96584aa25",
-                "sha256:e570d3ab32e2c2861c4ebe6ffcad6a8abf9347432a37608fe1fbd157b3f0036b",
-                "sha256:fd43a88e045cf992ed09fa724b5315b790525f2676883a6ea64e3263bae6549d"
-            ],
-            "version": "==1.13.2"
-        },
-        "chardet": {
-            "hashes": [
-                "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
-                "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
-            ],
-            "version": "==3.0.4"
-        },
-        "click": {
-            "hashes": [
-                "sha256:2335065e6395b9e67ca716de5f7526736bfa6ceead690adf616d925bdc622b13",
-                "sha256:5b94b49521f6456670fdb30cd82a4eca9412788a93fa6dd6df72c94d5a8ff2d7"
-            ],
-            "version": "==7.0"
-        },
-        "coverage": {
-            "hashes": [
-                "sha256:0cd13a6e98c37b510a2d34c8281d5e1a226aaf9b65b7d770ef03c63169965351",
-                "sha256:1a4b6b6a2a3a6612e6361130c2cc3dc4378d8c221752b96167ccbad94b47f3cd",
-                "sha256:2ee55e6dba516ddf6f484aa83ccabbb0adf45a18892204c23486938d12258cde",
-                "sha256:3be5338a2eb4ef03c57f20917e1d12a1fd10e3853fed060b6d6b677cb3745898",
-                "sha256:44b783b02db03c4777d8cf71bae19eadc171a6f2a96777d916b2c30a1eb3d070",
-                "sha256:475bf7c4252af0a56e1abba9606f1e54127cdf122063095c75ab04f6f99cf45e",
-                "sha256:47c81ee687eafc2f1db7f03fbe99aab81330565ebc62fb3b61edfc2216a550c8",
-                "sha256:4a7f8e72b18f2aca288ff02255ce32cc830bc04d993efbc87abf6beddc9e56c0",
-                "sha256:50197163a22fd17f79086e087a787883b3ec9280a509807daf158dfc2a7ded02",
-                "sha256:56b13000acf891f700f5067512b804d1ec8c301d627486c678b903859d07f798",
-                "sha256:79388ae29c896299b3567965dbcd93255f175c17c6c7bca38614d12718c47466",
-                "sha256:79fd5d3d62238c4f583b75d48d53cdae759fe04d4fb18fe8b371d88ad2b6f8be",
-                "sha256:7fe3e2fde2bf1d7ce25ebcd2d3de3650b8d60d9a73ce6dcef36e20191291613d",
-                "sha256:81042a24f67b96e4287774014fa27220d8a4d91af1043389e4d73892efc89ac6",
-                "sha256:81326f1095c53111f8afc95da281e1414185f4a538609a77ca50bdfa39a6c207",
-                "sha256:8873dc0d8f42142ea9f20c27bbdc485190fff93823c6795be661703369e5877d",
-                "sha256:88d2cbcb0a112f47eef71eb95460b6995da18e6f8ca50c264585abc2c473154b",
-                "sha256:91f2491aeab9599956c45a77c5666d323efdec790bfe23fcceafcd91105d585a",
-                "sha256:979daa8655ae5a51e8e7a24e7d34e250ae8309fd9719490df92cbb2fe2b0422b",
-                "sha256:9c871b006c878a890c6e44a5b2f3c6291335324b298c904dc0402ee92ee1f0be",
-                "sha256:a6d092545e5af53e960465f652e00efbf5357adad177b2630d63978d85e46a72",
-                "sha256:b5ed7837b923d1d71c4f587ae1539ccd96bfd6be9788f507dbe94dab5febbb5d",
-                "sha256:ba259f68250f16d2444cbbfaddaa0bb20e1560a4fdaad50bece25c199e6af864",
-                "sha256:be1d89614c6b6c36d7578496dc8625123bda2ff44f224cf8b1c45b810ee7383f",
-                "sha256:c1b030a79749aa8d1f1486885040114ee56933b15ccfc90049ba266e4aa2139f",
-                "sha256:c95bb147fab76f2ecde332d972d8f4138b8f2daee6c466af4ff3b4f29bd4c19e",
-                "sha256:d52c1c2d7e856cecc05aa0526453cb14574f821b7f413cc279b9514750d795c1",
-                "sha256:d609a6d564ad3d327e9509846c2c47f170456344521462b469e5cb39e48ba31c",
-                "sha256:e1bad043c12fb58e8c7d92b3d7f2f49977dcb80a08a6d1e7a5114a11bf819fca",
-                "sha256:e5a675f6829c53c87d79117a8eb656cc4a5f8918185a32fc93ba09778e90f6db",
-                "sha256:fec32646b98baf4a22fdceb08703965bd16dea09051fbeb31a04b5b6e72b846c"
-            ],
-            "version": "==5.0"
-        },
-        "cryptography": {
-            "hashes": [
-                "sha256:02079a6addc7b5140ba0825f542c0869ff4df9a69c360e339ecead5baefa843c",
-                "sha256:1df22371fbf2004c6f64e927668734070a8953362cd8370ddd336774d6743595",
-                "sha256:369d2346db5934345787451504853ad9d342d7f721ae82d098083e1f49a582ad",
-                "sha256:3cda1f0ed8747339bbdf71b9f38ca74c7b592f24f65cdb3ab3765e4b02871651",
-                "sha256:44ff04138935882fef7c686878e1c8fd80a723161ad6a98da31e14b7553170c2",
-                "sha256:4b1030728872c59687badcca1e225a9103440e467c17d6d1730ab3d2d64bfeff",
-                "sha256:58363dbd966afb4f89b3b11dfb8ff200058fbc3b947507675c19ceb46104b48d",
-                "sha256:6ec280fb24d27e3d97aa731e16207d58bd8ae94ef6eab97249a2afe4ba643d42",
-                "sha256:7270a6c29199adc1297776937a05b59720e8a782531f1f122f2eb8467f9aab4d",
-                "sha256:73fd30c57fa2d0a1d7a49c561c40c2f79c7d6c374cc7750e9ac7c99176f6428e",
-                "sha256:7f09806ed4fbea8f51585231ba742b58cbcfbfe823ea197d8c89a5e433c7e912",
-                "sha256:90df0cc93e1f8d2fba8365fb59a858f51a11a394d64dbf3ef844f783844cc793",
-                "sha256:971221ed40f058f5662a604bd1ae6e4521d84e6cad0b7b170564cc34169c8f13",
-                "sha256:a518c153a2b5ed6b8cc03f7ae79d5ffad7315ad4569b2d5333a13c38d64bd8d7",
-                "sha256:b0de590a8b0979649ebeef8bb9f54394d3a41f66c5584fff4220901739b6b2f0",
-                "sha256:b43f53f29816ba1db8525f006fa6f49292e9b029554b3eb56a189a70f2a40879",
-                "sha256:d31402aad60ed889c7e57934a03477b572a03af7794fa8fb1780f21ea8f6551f",
-                "sha256:de96157ec73458a7f14e3d26f17f8128c959084931e8997b9e655a39c8fde9f9",
-                "sha256:df6b4dca2e11865e6cfbfb708e800efb18370f5a46fd601d3755bc7f85b3a8a2",
-                "sha256:ecadccc7ba52193963c0475ac9f6fa28ac01e01349a2ca48509667ef41ffd2cf",
-                "sha256:fb81c17e0ebe3358486cd8cc3ad78adbae58af12fc2bf2bc0bb84e8090fa5ce8"
-            ],
-            "version": "==2.8"
-        },
-        "docutils": {
-            "hashes": [
-                "sha256:7a6228589435302e421f5c473ce0180878b90f70227f7174cacde5efbd34275f",
-                "sha256:f1bad547016f945f7b35b28d8bead307821822ca3f8d4f87a1bd2ad1a8faab51"
-            ],
-            "version": "==0.16b0.dev0"
-        },
-        "entrypoints": {
-            "hashes": [
-                "sha256:589f874b313739ad35be6e0cd7efde2a4e9b6fea91edcc34e58ecbb8dbe56d19",
-                "sha256:c70dd71abe5a8c85e55e12c19bd91ccfeec11a6e99044204511f9ed547d48451"
-            ],
-            "version": "==0.3"
-        },
-        "flake8": {
-            "hashes": [
-                "sha256:45681a117ecc81e870cbf1262835ae4af5e7a8b08e40b944a8a6e6b895914cfb",
-                "sha256:49356e766643ad15072a789a20915d3c91dc89fd313ccd71802303fd67e4deca"
-            ],
-            "index": "pypi",
-            "version": "==3.7.9"
-        },
-        "flask": {
-            "hashes": [
-                "sha256:13f9f196f330c7c2c5d7a5cf91af894110ca0215ac051b5844701f2bfd934d52",
-                "sha256:45eb5a6fd193d6cf7e0cf5d8a5b31f83d5faae0293695626f539a823e93b13f6"
-            ],
-            "index": "pypi",
-            "version": "==1.1.1"
-        },
-        "idna": {
-            "hashes": [
-                "sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407",
-                "sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c"
-            ],
-            "version": "==2.8"
-        },
-        "imagesize": {
-            "hashes": [
-                "sha256:3f349de3eb99145973fefb7dbe38554414e5c30abd0c8e4b970a7c9d09f3a1d8",
-                "sha256:f3832918bc3c66617f92e35f5d70729187676313caa60c187eb0f28b8fe5e3b5"
-            ],
-            "version": "==1.1.0"
-        },
-        "importlib-metadata": {
-            "hashes": [
-                "sha256:073a852570f92da5f744a3472af1b61e28e9f78ccf0c9117658dc32b15de7b45",
-                "sha256:d95141fbfa7ef2ec65cfd945e2af7e5a6ddbd7c8d9a25e66ff3be8e3daf9f60f"
-            ],
-            "markers": "python_version < '3.8'",
-            "version": "==1.3.0"
-        },
-        "itsdangerous": {
-            "hashes": [
-                "sha256:321b033d07f2a4136d3ec762eac9f16a10ccd60f53c0c91af90217ace7ba1f19",
-                "sha256:b12271b2047cb23eeb98c8b5622e2e5c5e9abd9784a153e9d8ef9cb4dd09d749"
-            ],
-            "version": "==1.1.0"
-        },
-        "jeepney": {
-            "hashes": [
-                "sha256:13806f91a96e9b2623fd2a81b950d763ee471454aafd9eb6d75dbe7afce428fb",
-                "sha256:f6a3f93464a0cf052f4e87da3c8b3ed1e27696758fb9739c63d3a74d9a1b6774"
-            ],
-            "version": "==0.4.1"
-        },
-        "jinja2": {
-            "hashes": [
-                "sha256:74320bb91f31270f9551d46522e33af46a80c3d619f4a4bf42b3164d30b5911f",
-                "sha256:9fe95f19286cfefaa917656583d020be14e7859c6b0252588391e47db34527de"
-            ],
-            "version": "==2.10.3"
-        },
-        "keyring": {
-            "hashes": [
-                "sha256:a3f71fc0cf6b74e201e70532879ba1d15db25cb2c7407dce52fe52a6d5fc7b66",
-                "sha256:fc9cadedae35b77141f670f84c10a657147d2e526348698c93dd77f039979729"
-            ],
-            "version": "==20.0.0"
-        },
-        "markupsafe": {
-            "hashes": [
-                "sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473",
-                "sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161",
-                "sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235",
-                "sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5",
-                "sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff",
-                "sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b",
-                "sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1",
-                "sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e",
-                "sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183",
-                "sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66",
-                "sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1",
-                "sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1",
-                "sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e",
-                "sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b",
-                "sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905",
-                "sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735",
-                "sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d",
-                "sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e",
-                "sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d",
-                "sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c",
-                "sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21",
-                "sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2",
-                "sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5",
-                "sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b",
-                "sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6",
-                "sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f",
-                "sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f",
-                "sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7"
-            ],
-            "version": "==1.1.1"
-        },
-        "marshmallow": {
-            "hashes": [
-                "sha256:0ba81b6da4ae69eb229b74b3c741ff13fe04fb899824377b1aff5aaa1a9fd46e",
-                "sha256:3e53dd9e9358977a3929e45cdbe4a671f9eff53a7d6a23f33ed3eab8c1890d8f"
-            ],
-            "version": "==3.3.0"
-        },
-        "mccabe": {
-            "hashes": [
-                "sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42",
-                "sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"
-            ],
-            "version": "==0.6.1"
-        },
-        "more-itertools": {
-            "hashes": [
-                "sha256:b84b238cce0d9adad5ed87e745778d20a3f8487d0f0cb8b8a586816c7496458d",
-                "sha256:c833ef592a0324bcc6a60e48440da07645063c453880c9477ceb22490aec1564"
-            ],
-            "version": "==8.0.2"
-        },
-        "packaging": {
-            "hashes": [
-                "sha256:28b924174df7a2fa32c1953825ff29c61e2f5e082343165438812f00d3a7fc47",
-                "sha256:d9551545c6d761f3def1677baf08ab2a3ca17c56879e70fecba2fc4dde4ed108"
-            ],
-            "version": "==19.2"
-        },
-        "pathspec": {
-            "hashes": [
-                "sha256:e285ccc8b0785beadd4c18e5708b12bb8fcf529a1e61215b3feff1d1e559ea5c"
-            ],
-            "version": "==0.6.0"
-        },
-        "pkginfo": {
-            "hashes": [
-                "sha256:7424f2c8511c186cd5424bbf31045b77435b37a8d604990b79d4e70d741148bb",
-                "sha256:a6d9e40ca61ad3ebd0b72fbadd4fba16e4c0e4df0428c041e01e06eb6ee71f32"
-            ],
-            "version": "==1.5.0.1"
-        },
-        "pluggy": {
-            "hashes": [
-                "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0",
-                "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d"
-            ],
-            "version": "==0.13.1"
-        },
-        "py": {
-            "hashes": [
-                "sha256:64f65755aee5b381cea27766a3a147c3f15b9b6b9ac88676de66ba2ae36793fa",
-                "sha256:dc639b046a6e2cff5bbe40194ad65936d6ba360b52b3c3fe1d08a82dd50b5e53"
-            ],
-            "version": "==1.8.0"
-        },
-        "pycodestyle": {
-            "hashes": [
-                "sha256:95a2219d12372f05704562a14ec30bc76b05a5b297b21a5dfe3f6fac3491ae56",
-                "sha256:e40a936c9a450ad81df37f549d676d127b1b66000a6c500caa2b085bc0ca976c"
-            ],
-            "version": "==2.5.0"
-        },
-        "pycparser": {
-            "hashes": [
-                "sha256:a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3"
-            ],
-            "version": "==2.19"
-        },
-        "pyflakes": {
-            "hashes": [
-                "sha256:17dbeb2e3f4d772725c777fabc446d5634d1038f234e77343108ce445ea69ce0",
-                "sha256:d976835886f8c5b31d47970ed689944a0262b5f3afa00a5a7b4dc81e5449f8a2"
-            ],
-            "version": "==2.1.1"
-        },
-        "pygments": {
-            "hashes": [
-                "sha256:2a3fe295e54a20164a9df49c75fa58526d3be48e14aceba6d6b1e8ac0bfd6f1b",
-                "sha256:98c8aa5a9f778fcd1026a17361ddaf7330d1b7c62ae97c3bb0ae73e0b9b6b0fe"
-            ],
-            "version": "==2.5.2"
-        },
-        "pyparsing": {
-            "hashes": [
-                "sha256:20f995ecd72f2a1f4bf6b072b63b22e2eb457836601e76d6e5dfcd75436acc1f",
-                "sha256:4ca62001be367f01bd3e92ecbb79070272a9d4964dce6a48a82ff0b8bc7e683a"
-            ],
-            "version": "==2.4.5"
-        },
-        "pytest": {
-            "hashes": [
-                "sha256:6b571215b5a790f9b41f19f3531c53a45cf6bb8ef2988bc1ff9afb38270b25fa",
-                "sha256:e41d489ff43948babd0fad7ad5e49b8735d5d55e26628a58673c39ff61d95de4"
-            ],
-            "index": "pypi",
-            "version": "==5.3.2"
-        },
-        "pytest-cov": {
-            "hashes": [
-                "sha256:cc6742d8bac45070217169f5f72ceee1e0e55b0221f54bcf24845972d3a47f2b",
-                "sha256:cdbdef4f870408ebdbfeb44e63e07eb18bb4619fae852f6e760645fa36172626"
-            ],
-            "index": "pypi",
-            "version": "==2.8.1"
-        },
-        "pytz": {
-            "hashes": [
-                "sha256:1c557d7d0e871de1f5ccd5833f60fb2550652da6be2693c1e02300743d21500d",
-                "sha256:b02c06db6cf09c12dd25137e563b31700d3b80fcc4ad23abb7a315f2789819be"
-            ],
-            "version": "==2019.3"
-        },
-        "readme-renderer": {
-            "hashes": [
-                "sha256:bb16f55b259f27f75f640acf5e00cf897845a8b3e4731b5c1a436e4b8529202f",
-                "sha256:c8532b79afc0375a85f10433eca157d6b50f7d6990f337fa498c96cd4bfc203d"
-            ],
-            "version": "==24.0"
-        },
-        "regex": {
-            "hashes": [
-                "sha256:3dbd8333fd2ebd50977ac8747385a73aa1f546eb6b16fcd83d274470fe11f243",
-                "sha256:40b7d1291a56897927e08bb973f8c186c2feb14c7f708bfe7aaee09483e85a20",
-                "sha256:719978a9145d59fc78509ea1d1bb74243f93583ef2a34dcc5623cf8118ae9726",
-                "sha256:75cf3796f89f75f83207a5c6a6e14eaf57e0369ef0ffff8e22bf36bbcfa0f1de",
-                "sha256:77396cf80be8b2a35db863cca4c1a902d88ceeb183adab328b81184e71a5eafe",
-                "sha256:77a3799152951d6d14ae5720ca162c97c64f85d4755da585418eac216b736cad",
-                "sha256:91235c98283d2bddf1a588f0fbc2da8afa37959294bbd18b76297bdf316ba4d6",
-                "sha256:aaffd68c4c1ed891366d5c390081f4bf6337595e76a157baf453603d8e53fbcb",
-                "sha256:ad9e3c7260809c0d1ded100269f78ea0217c0704f1eaaf40a382008461848b45",
-                "sha256:c203c9ee755e9656d0af8fab82754d5a664ebaf707b3f883c7eff6a3dd5151cf",
-                "sha256:e865bc508e316a3a09d36c8621596e6599a203bc54f1cd41020a127ccdac468a"
-            ],
-            "version": "==2019.12.9"
-        },
-        "requests": {
-            "hashes": [
-                "sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4",
-                "sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31"
-            ],
-            "version": "==2.22.0"
-        },
-        "requests-toolbelt": {
-            "hashes": [
-                "sha256:380606e1d10dc85c3bd47bf5a6095f815ec007be7a8b69c878507068df059e6f",
-                "sha256:968089d4584ad4ad7c171454f0a5c6dac23971e9472521ea3b6d49d610aa6fc0"
-            ],
-            "version": "==0.9.1"
-        },
-        "secretstorage": {
-            "hashes": [
-                "sha256:20c797ae48a4419f66f8d28fc221623f11fc45b6828f96bdb1ad9990acb59f92",
-                "sha256:7a119fb52a88e398dbb22a4b3eb39b779bfbace7e4153b7bc6e5954d86282a8a"
-            ],
-            "markers": "sys_platform == 'linux'",
-            "version": "==3.1.1"
-        },
-        "six": {
-            "hashes": [
-                "sha256:1f1b7d42e254082a9db6279deae68afb421ceba6158efa6131de7b3003ee93fd",
-                "sha256:30f610279e8b2578cab6db20741130331735c781b56053c59c4076da27f06b66"
-            ],
-            "version": "==1.13.0"
-        },
-        "snowballstemmer": {
-            "hashes": [
-                "sha256:209f257d7533fdb3cb73bdbd24f436239ca3b2fa67d56f6ff88e86be08cc5ef0",
-                "sha256:df3bac3df4c2c01363f3dd2cfa78cce2840a79b9f1c2d2de9ce8d31683992f52"
-            ],
-            "version": "==2.0.0"
-        },
-        "sphinx": {
-            "hashes": [
-                "sha256:0a11e2fd31fe5c7e64b4fc53c2c022946512f021d603eb41ac6ae51d5fcbb574",
-                "sha256:138e39aa10f28d52aa5759fc6d1cba2be6a4b750010974047fa7d0e31addcf63"
-            ],
-            "index": "pypi",
-            "version": "==2.3.0"
-        },
-        "sphinxcontrib-applehelp": {
-            "hashes": [
-                "sha256:edaa0ab2b2bc74403149cb0209d6775c96de797dfd5b5e2a71981309efab3897",
-                "sha256:fb8dee85af95e5c30c91f10e7eb3c8967308518e0f7488a2828ef7bc191d0d5d"
-            ],
-            "version": "==1.0.1"
-        },
-        "sphinxcontrib-devhelp": {
-            "hashes": [
-                "sha256:6c64b077937330a9128a4da74586e8c2130262f014689b4b89e2d08ee7294a34",
-                "sha256:9512ecb00a2b0821a146736b39f7aeb90759834b07e81e8cc23a9c70bacb9981"
-            ],
-            "version": "==1.0.1"
-        },
-        "sphinxcontrib-htmlhelp": {
-            "hashes": [
-                "sha256:4670f99f8951bd78cd4ad2ab962f798f5618b17675c35c5ac3b2132a14ea8422",
-                "sha256:d4fd39a65a625c9df86d7fa8a2d9f3cd8299a3a4b15db63b50aac9e161d8eff7"
-            ],
-            "version": "==1.0.2"
-        },
-        "sphinxcontrib-jsmath": {
-            "hashes": [
-                "sha256:2ec2eaebfb78f3f2078e73666b1415417a116cc848b72e5172e596c871103178",
-                "sha256:a9925e4a4587247ed2191a22df5f6970656cb8ca2bd6284309578f2153e0c4b8"
-            ],
-            "version": "==1.0.1"
-        },
-        "sphinxcontrib-qthelp": {
-            "hashes": [
-                "sha256:513049b93031beb1f57d4daea74068a4feb77aa5630f856fcff2e50de14e9a20",
-                "sha256:79465ce11ae5694ff165becda529a600c754f4bc459778778c7017374d4d406f"
-            ],
-            "version": "==1.0.2"
-        },
-        "sphinxcontrib-serializinghtml": {
-            "hashes": [
-                "sha256:c0efb33f8052c04fd7a26c0a07f1678e8512e0faec19f4aa8f2473a8b81d5227",
-                "sha256:db6615af393650bf1151a6cd39120c29abaf93cc60db8c48eb2dddbfdc3a9768"
-            ],
-            "version": "==1.1.3"
-        },
-        "toml": {
-            "hashes": [
-                "sha256:229f81c57791a41d65e399fc06bf0848bab550a9dfd5ed66df18ce5f05e73d5c",
-                "sha256:235682dd292d5899d361a811df37e04a8828a5b1da3115886b73cf81ebc9100e"
-            ],
-            "version": "==0.10.0"
-        },
-        "tqdm": {
-            "hashes": [
-                "sha256:7543892c59720e36e4212180274d8f58dde36803bc1f6370fd09afa20b8f5892",
-                "sha256:f0ab01cf3ae5673d18f918700c0165e5fad0f26b5ebe4b34f62ead92686b5340"
-            ],
-            "version": "==4.40.2"
-        },
-        "twine": {
-            "hashes": [
-                "sha256:c1af8ca391e43b0a06bbc155f7f67db0bf0d19d284bfc88d1675da497a946124",
-                "sha256:d561a5e511f70275e5a485a6275ff61851c16ffcb3a95a602189161112d9f160"
-            ],
-            "index": "pypi",
-            "version": "==3.1.1"
-        },
-        "typed-ast": {
-            "hashes": [
-                "sha256:1170afa46a3799e18b4c977777ce137bb53c7485379d9706af8a59f2ea1aa161",
-                "sha256:18511a0b3e7922276346bcb47e2ef9f38fb90fd31cb9223eed42c85d1312344e",
-                "sha256:262c247a82d005e43b5b7f69aff746370538e176131c32dda9cb0f324d27141e",
-                "sha256:2b907eb046d049bcd9892e3076c7a6456c93a25bebfe554e931620c90e6a25b0",
-                "sha256:354c16e5babd09f5cb0ee000d54cfa38401d8b8891eefa878ac772f827181a3c",
-                "sha256:48e5b1e71f25cfdef98b013263a88d7145879fbb2d5185f2a0c79fa7ebbeae47",
-                "sha256:4e0b70c6fc4d010f8107726af5fd37921b666f5b31d9331f0bd24ad9a088e631",
-                "sha256:630968c5cdee51a11c05a30453f8cd65e0cc1d2ad0d9192819df9978984529f4",
-                "sha256:66480f95b8167c9c5c5c87f32cf437d585937970f3fc24386f313a4c97b44e34",
-                "sha256:71211d26ffd12d63a83e079ff258ac9d56a1376a25bc80b1cdcdf601b855b90b",
-                "sha256:7954560051331d003b4e2b3eb822d9dd2e376fa4f6d98fee32f452f52dd6ebb2",
-                "sha256:838997f4310012cf2e1ad3803bce2f3402e9ffb71ded61b5ee22617b3a7f6b6e",
-                "sha256:95bd11af7eafc16e829af2d3df510cecfd4387f6453355188342c3e79a2ec87a",
-                "sha256:bc6c7d3fa1325a0c6613512a093bc2a2a15aeec350451cbdf9e1d4bffe3e3233",
-                "sha256:cc34a6f5b426748a507dd5d1de4c1978f2eb5626d51326e43280941206c209e1",
-                "sha256:d755f03c1e4a51e9b24d899561fec4ccaf51f210d52abdf8c07ee2849b212a36",
-                "sha256:d7c45933b1bdfaf9f36c579671fec15d25b06c8398f113dab64c18ed1adda01d",
-                "sha256:d896919306dd0aa22d0132f62a1b78d11aaf4c9fc5b3410d3c666b818191630a",
-                "sha256:fdc1c9bbf79510b76408840e009ed65958feba92a88833cdceecff93ae8fff66",
-                "sha256:ffde2fbfad571af120fcbfbbc61c72469e72f550d676c3342492a9dfdefb8f12"
-            ],
-            "version": "==1.4.0"
-        },
-        "urllib3": {
-            "hashes": [
-                "sha256:a8a318824cc77d1fd4b2bec2ded92646630d7fe8619497b142c84a9e6f5a7293",
-                "sha256:f3c5fd51747d450d4dcf6f923c81f78f811aab8205fda64b0aba34a4e48b0745"
-            ],
-            "version": "==1.25.7"
-        },
-        "wcwidth": {
-            "hashes": [
-                "sha256:3df37372226d6e63e1b1e1eda15c594bca98a22d33a23832a90998faa96bc65e",
-                "sha256:f4ebe71925af7b40a864553f761ed559b43544f8f71746c2d756c7fe788ade7c"
-            ],
-            "version": "==0.1.7"
-        },
-        "webencodings": {
-            "hashes": [
-                "sha256:a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78",
-                "sha256:b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923"
-            ],
-            "version": "==0.5.1"
-        },
-        "werkzeug": {
-            "hashes": [
-                "sha256:7280924747b5733b246fe23972186c6b348f9ae29724135a6dfc1e53cea433e7",
-                "sha256:e5f4a1f98b52b18a93da705a7458e55afb26f32bff83ff5d19189f92462d65c4"
-            ],
-            "version": "==0.16.0"
-        },
-        "zipp": {
-            "hashes": [
-                "sha256:3718b1cbcd963c7d4c5511a8240812904164b7f381b647143a89d3b98f9bcd8e",
-                "sha256:f06903e9f1f43b12d371004b4ac7b06ab39a44adc747266928ae6debfa7b3335"
-            ],
-            "version": "==0.6.0"
-        }
-    }
-}
@@ -1,70 +1,109 @@
-# Responder: a familiar HTTP Service Framework for Python
+# Responder

-[![Build Status](https://travis-ci.org/taoufik07/responder.svg?branch=master)](https://travis-ci.org/taoufik07/responder)
-[![Documentation Status](https://readthedocs.org/projects/mybinder/badge/?version=latest)](https://responder.readthedocs.io/en/latest/)
-[![image](https://img.shields.io/pypi/v/responder.svg)](https://pypi.org/project/responder/)
-[![image](https://img.shields.io/pypi/l/responder.svg)](https://pypi.org/project/responder/)
-[![image](https://img.shields.io/pypi/pyversions/responder.svg)](https://pypi.org/project/responder/)
-[![image](https://img.shields.io/github/contributors/taoufik07/responder.svg)](https://github.com/taoufik07/responder/graphs/contributors)
+A familiar HTTP Service Framework for Python, powered by [Starlette](https://www.starlette.io/).

-[![](https://farm2.staticflickr.com/1959/43750081370_a4e20752de_o_d.png)](https://responder.readthedocs.io)
+```python
+import responder

+api = responder.API()

-Powered by [Starlette](https://www.starlette.io/). That `async` declaration is optional. [View documentation](https://responder.readthedocs.io).
+@api.route("/{greeting}")
+async def greet_world(req, resp, *, greeting):
+    resp.text = f"{greeting}, world!"

-This gets you a ASGI app, with a production static files server pre-installed, jinja2 templating (without additional imports), and a production webserver based on uvloop, serving up requests with gzip compression automatically.
+if __name__ == "__main__":
+    api.run()
+```

+    $ pip install responder

-## Testimonials
+That's it. Supports Python 3.9+.

-> "Pleasantly very taken with python-responder. [@kennethreitz](https://twitter.com/kennethreitz) at his absolute best." —Rudraksh M.K.
+## The Basics

-> "ASGI is going to enable all sorts of new high-performance web services. It's awesome to see Responder starting to take advantage of that." — Tom Christie author of [Django REST Framework](https://www.django-rest-framework.org/)
+- `resp.text` sends back text. `resp.html` sends back HTML. `resp.content` sends back bytes.
+- `resp.media` sends back JSON (or YAML, with content negotiation).
+- `resp.file("path.pdf")` serves a file with automatic content-type detection.
+- `req.headers` is case-insensitive. `req.params` gives you query parameters.
+- Both sync and async views work — the `async` is optional.

-> "I love that you are exploring new patterns. Go go go!" — Danny Greenfield, author of [Two Scoops of Django]()
+## Highlights

+```python
+# Type-safe route parameters
+@api.route("/users/{user_id:int}")
+async def get_user(req, resp, *, user_id):
+    resp.media = {"id": user_id}

-## More Examples
+# HTTP method filtering
+@api.route("/items", methods=["POST"])
+async def create_item(req, resp):
+    data = await req.media()
+    resp.media = {"created": data}

-See [the documentation's feature tour](https://responder.readthedocs.io/en/latest/tour.html) for more details on features available in Responder.
+# Class-based views
+@api.route("/things/{id}")
+class ThingResource:
+    def on_get(self, req, resp, *, id):
+        resp.media = {"id": id}
+    def on_post(self, req, resp, *, id):
+        resp.text = "created"

+# Before-request hooks (auth, rate limiting, etc.)
+@api.route(before_request=True)
+def check_auth(req, resp):
+    if not req.headers.get("Authorization"):
+        resp.status_code = 401
+        resp.media = {"error": "unauthorized"}

-# Installing Responder
+# Custom error handling
+@api.exception_handler(ValueError)
+async def handle_error(req, resp, exc):
+    resp.status_code = 400
+    resp.media = {"error": str(exc)}

-Install the stable release:
+# Lifespan events
+from contextlib import asynccontextmanager

+@asynccontextmanager
+async def lifespan(app):
+    print("starting up")
+    yield
+    print("shutting down")

-    $ pipenv install responder
-    ✨🍰✨
+api = responder.API(lifespan=lifespan)

+# GraphQL
+import graphene
+api.graphql("/graphql", schema=graphene.Schema(query=Query))

-Or, install from the development branch:
+# WebSockets
+@api.route("/ws", websocket=True)
+async def websocket(ws):
+    await ws.accept()
+    while True:
+        name = await ws.receive_text()
+        await ws.send_text(f"Hello {name}!")

-    $ pipenv install -e git+https://github.com/taoufik07/responder.git#egg=responder
+# Mount WSGI/ASGI apps
+from flask import Flask
+flask_app = Flask(__name__)
+api.mount("/flask", flask_app)

-Only **Python 3.6+** is supported.
+# Background tasks
+@api.route("/work")
+def do_work(req, resp):
+    @api.background.task
+    def process():
+        import time; time.sleep(10)
+    process()
+    resp.media = {"status": "processing"}
+```

+Built-in OpenAPI docs, cookie-based sessions, gzip compression, static file serving, Jinja2 templates, and a production uvicorn server.

-# The Basic Idea
+Route convertors: `str`, `int`, `float`, `uuid`, `path`.

-The primary concept here is to bring the niceties that are brought forth from both Flask and Falcon and unify them into a single framework, along with some new ideas I have. I also wanted to take some of the API primitives that are instilled in the Requests library and put them into a web framework. So, you'll find a lot of parallels here with Requests.
+## Documentation

- Setting `resp.content` sends back bytes.
- Setting `resp.text` sends back unicode, while setting `resp.html` sends back HTML.
- Setting `resp.media` sends back JSON/YAML (`.text`/`.html`/`.content` override this).
- Case-insensitive `req.headers` dict (from Requests directly).
- `resp.status_code`, `req.method`, `req.url`, and other familiar friends.
-
-
-## Ideas
-
- Flask-style route expression, with new capabilities -- all while using Python 3.6+'s new f-string syntax.
- I love Falcon's "every request and response is passed into to each view and mutated" methodology, especially `response.media`, and have used it here. In addition to supporting JSON, I have decided to support YAML as well, as Kubernetes is slowly taking over the world, and it uses YAML for all the things. Content-negotiation and all that.
- **A built in testing client that uses the actual Requests you know and love**.
- The ability to mount other WSGI apps easily.
- Automatic gzipped-responses.
- In addition to Falcon's `on_get`, `on_post`, etc methods, Responder features an `on_request` method, which gets called on every type of request, much like Requests.
- A production static file server is built-in.
- Uvicorn built-in as a production web server. I would have chosen Gunicorn, but it doesn't run on Windows. Plus, Uvicorn serves well to protect against slowloris attacks, making nginx unnecessary in production.
- GraphQL support, via Graphene. The goal here is to have any GraphQL query exposable at any route, magically.
- Provide an official way to run webpack.
+https://responder.kennethreitz.org
@@ -1,48 +0,0 @@
-alabaster==0.7.12
-appdirs==1.4.3
-atomicwrites==1.2.1
-attrs==18.2.0
-babel==2.6.0
-black==18.9b0
-bleach==3.0.2
-certifi==2018.8.24
-cffi==1.11.5
-chardet==3.0.4
-click==7.0
-cmarkgfm==0.4.2
-colorama==0.4.0 ; sys_platform == 'win32'
-docutils==0.14
-flake8==3.5.0
-flask==1.0.2
-future==0.16.0
-idna==2.7
-imagesize==1.1.0
-itsdangerous==0.24
-jinja2==2.10
-markupsafe==1.0
-mccabe==0.6.1
-more-itertools==4.3.0
-packaging==18.0
-pkginfo==1.4.2
-pluggy==0.7.1
-py==1.7.0
-pycodestyle==2.3.1
-pycparser==2.19
-pyflakes==1.6.0
-pygments==2.2.0
-pyparsing==2.2.2
-pytest==3.8.2
-pytz==2018.5
-readme-renderer==22.0
-requests-toolbelt==0.8.0
-requests==2.19.1
-six==1.11.0
-snowballstemmer==1.2.1
-sphinx==1.8.1
-sphinxcontrib-websupport==1.1.0
-toml==0.10.0
-tqdm==4.26.0
-twine==1.12.1
-urllib3==1.23
-webencodings==0.5.1
-werkzeug==0.15.5
@@ -1,7 +0,0 @@
-/* Hide module name and default value for environment variable section */
-div[id$='environment-variables'] code.descclassname {
-    display: none;
-}
-div[id$='environment-variables'] em.property {
-    display: none;
-}
@@ -1,19 +0,0 @@
-
-/*
-	Copyright (C) 2011-2018 Hoefler & Co.
-	This software is the property of Hoefler & Co. (H&Co).
-	Your right to access and use this software is subject to the
-	applicable License Agreement, or Terms of Service, that exists
-	between you and H&Co. If no such agreement exists, you may not
-	access or use this software for any purpose.
-	This software may only be hosted at the locations specified in
-	the applicable License Agreement or Terms of Service, and only
-	for the purposes expressly set forth therein. You may not copy,
-	modify, convert, create derivative works from or distribute this
-	software in any way, or make it accessible to any third party,
-	without first obtaining the written permission of H&Co.
-	For more information, please visit us at http://typography.com.
-	148887-130097-20181011
-*/
-
-<!-- sorry your browser is not supported. -->
@@ -1,19 +0,0 @@
-
-/*
-	Copyright (C) 2011-2018 Hoefler & Co.
-	This software is the property of Hoefler & Co. (H&Co).
-	Your right to access and use this software is subject to the
-	applicable License Agreement, or Terms of Service, that exists
-	between you and H&Co. If no such agreement exists, you may not
-	access or use this software for any purpose.
-	This software may only be hosted at the locations specified in
-	the applicable License Agreement or Terms of Service, and only
-	for the purposes expressly set forth therein. You may not copy,
-	modify, convert, create derivative works from or distribute this
-	software in any way, or make it accessible to any third party,
-	without first obtaining the written permission of H&Co.
-	For more information, please visit us at http://typography.com.
-	148887-130097-20181011
-*/
-
-<!-- sorry your browser is not supported. -->
@@ -1,151 +0,0 @@
-/*
- * Konami-JS ~
- * :: Now with support for touch events and multiple instances for
- * :: those situations that call for multiple easter eggs!
- * Code: https://github.com/snaptortoise/konami-js
- * Copyright (c) 2009 George Mandis (georgemandis.com, snaptortoise.com)
- * Version: 1.6.2 (7/17/2018)
- * Licensed under the MIT License (http://opensource.org/licenses/MIT)
- * Tested in: Safari 4+, Google Chrome 4+, Firefox 3+, IE7+, Mobile Safari 2.2.1+ and Android
- */
-
-var Konami = function (callback) {
-    var konami = {
-        addEvent: function (obj, type, fn, ref_obj) {
-            if (obj.addEventListener)
-                obj.addEventListener(type, fn, false);
-            else if (obj.attachEvent) {
-                // IE
-                obj["e" + type + fn] = fn;
-                obj[type + fn] = function () {
-                    obj["e" + type + fn](window.event, ref_obj);
-                }
-                obj.attachEvent("on" + type, obj[type + fn]);
-            }
-        },
-        removeEvent: function (obj, eventName, eventCallback) {
-            if (obj.removeEventListener) {
-                obj.removeEventListener(eventName, eventCallback);
-            } else if (obj.attachEvent) {
-                obj.detachEvent(eventName);
-            }
-        },
-        input: "",
-        pattern: "38384040373937396665",
-        keydownHandler: function (e, ref_obj) {
-            if (ref_obj) {
-                konami = ref_obj;
-            } // IE
-            konami.input += e ? e.keyCode : event.keyCode;
-            if (konami.input.length > konami.pattern.length) {
-                konami.input = konami.input.substr((konami.input.length - konami.pattern.length));
-            }
-            if (konami.input === konami.pattern) {
-                konami.code(konami._currentLink);
-                konami.input = '';
-                e.preventDefault();
-                return false;
-            }
-        },
-        load: function (link) {
-            this._currentLink = link;
-            this.addEvent(document, "keydown", this.keydownHandler, this);
-            this.iphone.load(link);
-        },
-        unload: function () {
-            this.removeEvent(document, 'keydown', this.keydownHandler);
-            this.iphone.unload();
-        },
-        code: function (link) {
-            window.location = link
-        },
-        iphone: {
-            start_x: 0,
-            start_y: 0,
-            stop_x: 0,
-            stop_y: 0,
-            tap: false,
-            capture: false,
-            orig_keys: "",
-            keys: ["UP", "UP", "DOWN", "DOWN", "LEFT", "RIGHT", "LEFT", "RIGHT", "TAP", "TAP"],
-            input: [],
-            code: function (link) {
-                konami.code(link);
-            },
-            touchmoveHandler: function (e) {
-                if (e.touches.length === 1 && konami.iphone.capture === true) {
-                    var touch = e.touches[0];
-                    konami.iphone.stop_x = touch.pageX;
-                    konami.iphone.stop_y = touch.pageY;
-                    konami.iphone.tap = false;
-                    konami.iphone.capture = false;
-                    konami.iphone.check_direction();
-                }
-            },
-            touchendHandler: function () {
-                konami.iphone.input.push(konami.iphone.check_direction());
-                
-                if (konami.iphone.input.length > konami.iphone.keys.length) konami.iphone.input.shift();
-                
-                if (konami.iphone.input.length === konami.iphone.keys.length) {
-                    var match = true;
-                    for (var i = 0; i < konami.iphone.keys.length; i++) {
-                        if (konami.iphone.input[i] !== konami.iphone.keys[i]) {
-                            match = false;
-                        }
-                    }
-                    if (match) {
-                        konami.iphone.code(konami._currentLink);
-                    }
-                }
-            },
-            touchstartHandler: function (e) {
-                konami.iphone.start_x = e.changedTouches[0].pageX;
-                konami.iphone.start_y = e.changedTouches[0].pageY;
-                konami.iphone.tap = true;
-                konami.iphone.capture = true;
-            },
-            load: function (link) {
-                this.orig_keys = this.keys;
-                konami.addEvent(document, "touchmove", this.touchmoveHandler);
-                konami.addEvent(document, "touchend", this.touchendHandler, false);
-                konami.addEvent(document, "touchstart", this.touchstartHandler);
-            },
-            unload: function () {
-                konami.removeEvent(document, 'touchmove', this.touchmoveHandler);
-                konami.removeEvent(document, 'touchend', this.touchendHandler);
-                konami.removeEvent(document, 'touchstart', this.touchstartHandler);
-            },
-            check_direction: function () {
-                x_magnitude = Math.abs(this.start_x - this.stop_x);
-                y_magnitude = Math.abs(this.start_y - this.stop_y);
-                x = ((this.start_x - this.stop_x) < 0) ? "RIGHT" : "LEFT";
-                y = ((this.start_y - this.stop_y) < 0) ? "DOWN" : "UP";
-                result = (x_magnitude > y_magnitude) ? x : y;
-                result = (this.tap === true) ? "TAP" : result;
-                return result;
-            }
-        }
-    }
-
-    typeof callback === "string" && konami.load(callback);
-    if (typeof callback === "function") {
-        konami.code = callback;
-        konami.load();
-    }
-
-    return konami;
-};
-
-
-if (typeof module !== 'undefined' && typeof module.exports !== 'undefined') {
-        module.exports = Konami;
-} else {
-        if (typeof define === 'function' && define.amd) {
-                define([], function() {
-                        return Konami;
-                });
-        } else {
-                window.Konami = Konami;
-        }
-}
@@ -1,206 +1,21 @@
-<link rel="stylesheet" type="text/css" href="https://cloud.typography.com/7584432/7586812/css/fonts.css" />
-<script type="text/javascript">$('#searchbox').hide(0);</script>
-<!--Alabaster (krTheme++) Hacks -->
-
-<!-- CSS Adjustments (I'm very picky.) -->
 <style type="text/css">
-  /* Rezzy requires precise alignment. */
-  img.logo {
-    margin-left: -20px !important;
-  }
-
-  h1 {
-    font-family: "Mercury Text G1 A", "Mercury Text G1 B" !important;
-    font-style: normal !important;
-    font-weight: 600 !important;
-  }
-
-  .section {
-    font-family: "Mercury Text G1 A", "Mercury Text G1 B" !important;
-    font-style: normal !important;
-    font-weight: 400 !important;
-  }
-
-  pre,
-  .pre,
-  .class em,
-  .descname,
-  .method em {
-    font-family: "Operator Mono SSm A", "Operator Mono SSm B", monospace !important;
-    font-weight: 400 !important;
-  }
-
-  .property {
-    color: lightgrey !important;
-  }
-
-  .method .descname {
-    color: #220a54;
-  }
-
-  .method {
-
-    margin-bottom: 2em;
-
-  }
-
-  .si,
-  .s2,
-  .s1,
-  .method em,
-  .class em {
-    font-style: italic !important;
-    color: grey;
-  }
-
-  .method em,
-  .class em {
-    margin-left: 0.3em;
-    margin-right: 0.3em;
-  }
-
-  .method p,
-  .class p {
-    font-family: "Mercury Text G1 A", "Mercury Text G1 B";
-    font-style: italic !important;
-    font-weight: 400 !important;
-    font-size: 1.15em;
-  }
-
-  .method p:first,
-  .class p:first {
-    background: #fffcbf;
-  }
-
-  .class .property {
-    display: none;
-  }
-
-  #testimonials p.attribution {
-    margin-top: -1em;
-  }
-
-
-
-  /* "Quick Search" should be not be shown for now. */
-  div#searchbox h3 {
-    display: none;
-  }
-
-  /* Make the document a little wider, less code is cut-off. */
+  /* Make the document a little wider. */
  div.document {
    width: 1008px;
  }

-  /* Much-improved spacing around code blocks. */
+  /* Better spacing around code blocks. */
  div.highlight pre {
    padding: 11px 14px;
  }

-  /* Remain Responsive! */
+  /* Responsive layout. */
  @media screen and (max-width: 1008px) {
    div.sphinxsidebar {
      display: none;
    }
-
    div.document {
      width: 100% !important;
    }
-
-    /* Have code blocks escape the document right-margin. */
-    div.highlight pre {
-      margin-right: -30px;
-    }
  }
 </style>
-
-<!-- Analytics tracking for Kenneth. -->
-<script async src="https://www.googletagmanager.com/gtag/js?id=UA-127383416-1"></script>
-<script>
-  window.dataLayer = window.dataLayer || [];
-  function gtag() { dataLayer.push(arguments); }
-  gtag('js', new Date());
-
-  gtag('config', 'UA-127383416-1');
-</script>
-
-<!-- There are no more hacks. -->
-<!--         இڿڰۣ-ڰۣ—         -->
-<!--   Love, Kenneth Reitz    -->
-
-<script src="{{ pathto('_static/', 1) }}/konami.js"></script>
-<script>
-  var easter_egg = new Konami('https://www.myfortunecookie.co.uk/fortunes/' + (Math.floor(Math.random() * 152) + 1));
-</script>
-
-<style>
-  .injected {
-    display: none !important;
-  }
-</style>
-
-<!-- GitHub Logo -->
-<a href="https://github.com/kennethreitz/responder" class="github-corner" aria-label="View source on GitHub">
-  <svg width="80" height="80" viewBox="0 0 250 250" style="fill:#151513; color:#fff; position: absolute; top: 0; border: 0; right: 0;"
-    aria-hidden="true">
-    <path d="M0,0 L115,115 L130,115 L142,142 L250,250 L250,0 Z"></path>
-    <path d="M128.3,109.0 C113.8,99.7 119.0,89.6 119.0,89.6 C122.0,82.7 120.5,78.6 120.5,78.6 C119.2,72.0 123.4,76.3 123.4,76.3 C127.3,80.9 125.5,87.3 125.5,87.3 C122.9,97.6 130.6,101.9 134.4,103.2"
-      fill="currentColor" style="transform-origin: 130px 106px;" class="octo-arm"></path>
-    <path d="M115.0,115.0 C114.9,115.1 118.7,116.5 119.8,115.4 L133.7,101.6 C136.9,99.2 139.9,98.4 142.2,98.6 C133.8,88.0 127.5,74.4 143.8,58.0 C148.5,53.4 154.0,51.2 159.7,51.0 C160.3,49.4 163.2,43.6 171.4,40.1 C171.4,40.1 176.1,42.5 178.8,56.2 C183.1,58.6 187.2,61.8 190.9,65.4 C194.5,69.0 197.7,73.2 200.1,77.6 C213.8,80.2 216.3,84.9 216.3,84.9 C212.7,93.1 206.9,96.0 205.4,96.6 C205.1,102.4 203.0,107.8 198.3,112.5 C181.9,128.9 168.3,122.5 157.7,114.1 C157.9,116.9 156.7,120.9 152.7,124.9 L141.0,136.5 C139.8,137.7 141.6,141.9 141.8,141.8 Z"
-      fill="currentColor" class="octo-body"></path>
-  </svg>
-</a>
-<style>
-  .github-corner:hover .octo-arm {
-    animation: octocat-wave 560ms ease-in-out
-  }
-
-  @keyframes octocat-wave {
-
-    0%,
-    100% {
-      transform: rotate(0)
-    }
-
-    20%,
-    60% {
-      transform: rotate(-25deg)
-    }
-
-    40%,
-    80% {
-      transform: rotate(10deg)
-    }
-  }
-
-  @media (max-width:500px) {
-    .github-corner:hover .octo-arm {
-      animation: none
-    }
-
-    .github-corner .octo-arm {
-      animation: octocat-wave 560ms ease-in-out
-    }
-  }
-</style>
-
-
-<!-- That was not a hack. That was art.
-
-<!-- UserVoice JavaScript SDK (only needed once on a page) -->
-<script>(function () { var uv = document.createElement('script'); uv.type = 'text/javascript'; uv.async = true; uv.src = '//widget.uservoice.com/f4AQraEfwInlMzkexfRLg.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(uv, s) })()</script>
-
-<!-- A tab to launch the Classic Widget -->
-<script>
-  UserVoice = window.UserVoice || [];
-  UserVoice.push(['showTab', 'classic_widget', {
-    mode: 'feedback',
-    primary_color: '#fa8c28',
-    link_color: '#0a8cc6',
-    forum_id: 913660,
-    tab_label: 'Got feedback?',
-    tab_color: '#00994f',
-    tab_position: 'bottom-left',
-    tab_inverted: true
-  }]);
-</script>
@@ -1,55 +1,14 @@
 <p class="logo">
  <a href="{{ pathto(master_doc) }}">
-    <img class="logo" src="{{ pathto('_static/responder.png', 1) }}" title="https://kennethreitz.org/tattoos" />
+    <img class="logo" src="{{ pathto('_static/responder.png', 1) }}" />
  </a>
 </p>
-
 <p>
-  <iframe src="https://ghbtns.com/github-btn.html?user=kennethreitz&repo=responder&type=watch&count=true&size=large"
-    allowtransparency="true" frameborder="0" scrolling="0" width="200px" height="35px"></iframe>
+  <strong>Responder</strong> — a familiar HTTP service framework for Python.
 </p>
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/docsearch.js@2/dist/cdn/docsearch.min.css" />
-<style>
-.algolia-autocomplete{
-  width: 100%;
-  height: 1.5em
-}
-.algolia-autocomplete a{
-  border-bottom: none !important;
-}
-#doc_search{
-  width: 100%;
-  height: 100%;
-}
-</style>
-<input id="doc_search" placeholder="Search the doc" autofocus/>
-<script type="text/javascript" src="https://cdn.jsdelivr.net/npm/docsearch.js@2/dist/cdn/docsearch.min.js" onload="docsearch({
-  apiKey: 'ac965312db252e0496283c75c6f76f0b',
-  indexName: 'python-responder',
-  inputSelector: '#doc_search',
-  debug: false // Set debug to true if you want to inspect the dropdown
-})" async></script>
-
-<p>
-  <strong>Responder</strong> is a web service framework, written for human beings.
-</p>
-
-<h3>Stay Informed</h3>
-<p>Receive updates on new releases and upcoming projects.</p>
-
-<p><iframe src="https://ghbtns.com/github-btn.html?user=kennethreitz&type=follow&count=true" allowtransparency="true"
-    frameborder="0" scrolling="0" width="200" height="20"></iframe></p>
-
-<p><a href="https://twitter.com/kennethreitz" class="twitter-follow-button" data-show-count="false">Follow
-    @kennethreitz</a>
-  <script>!function (d, s, id) { var js, fjs = d.getElementsByTagName(s)[0], p = /^http:/.test(d.location) ? 'http' : 'https'; if (!d.getElementById(id)) { js = d.createElement(s); js.id = id; js.src = p + '://platform.twitter.com/widgets.js'; fjs.parentNode.insertBefore(js, fjs); } }(document, 'script', 'twitter-wjs');</script>
-</p>
-
-
 <h3>Useful Links</h3>
 <ul>
-
-  <li><a href="http://github.com/kennethreitz/responder">Responder @ GitHub</a></li>
-  <li><a href="http://pypi.python.org/pypi/responder">Responder @ PyPI</a></li>
-  <li><a href="http://github.com/kennethreitz/responder/issues">Issue Tracker</a></li>
+  <li><a href="https://github.com/kennethreitz/responder">Responder @ GitHub</a></li>
+  <li><a href="https://pypi.org/project/responder/">Responder @ PyPI</a></li>
+  <li><a href="https://github.com/kennethreitz/responder/issues">Issue Tracker</a></li>
 </ul>
@@ -1,55 +0,0 @@
-<p class="logo">
-  <a href="{{ pathto(master_doc) }}">
-    <img class="logo" src="{{ pathto('_static/responder.png', 1) }}" title="https://kennethreitz.org/tattoos" />
-  </a>
-</p>
-
-<p>
-  <iframe src="https://ghbtns.com/github-btn.html?user=kennethreitz&repo=responder&type=watch&count=true&size=large"
-    allowtransparency="true" frameborder="0" scrolling="0" width="200px" height="35px"></iframe>
-</p>
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/docsearch.js@2/dist/cdn/docsearch.min.css" />
-<style>
-.algolia-autocomplete{
-  width: 100%;
-  height: 1.5em
-}
-.algolia-autocomplete a{
-  border-bottom: none !important;
-}
-#doc_search{
-  width: 100%;
-  height: 100%;
-}
-</style>
-<input id="doc_search" placeholder="Search the doc" autofocus/>
-<script type="text/javascript" src="https://cdn.jsdelivr.net/npm/docsearch.js@2/dist/cdn/docsearch.min.js" onload="docsearch({
-  apiKey: 'ac965312db252e0496283c75c6f76f0b',
-  indexName: 'python-responder',
-  inputSelector: '#doc_search',
-  debug: false // Set debug to true if you want to inspect the dropdown
-})" async></script>
-
-<p>
-  <strong>Responder</strong> is a web service framework, written for human beings.
-</p>
-
-<h3>Stay Informed</h3>
-<p>Receive updates on new releases and upcoming projects.</p>
-
-<p><iframe src="https://ghbtns.com/github-btn.html?user=kennethreitz&type=follow&count=true" allowtransparency="true"
-    frameborder="0" scrolling="0" width="200" height="20"></iframe></p>
-
-<p><a href="https://twitter.com/kennethreitz" class="twitter-follow-button" data-show-count="false">Follow
-    @kennethreitz</a>
-  <script>!function (d, s, id) { var js, fjs = d.getElementsByTagName(s)[0], p = /^http:/.test(d.location) ? 'http' : 'https'; if (!d.getElementById(id)) { js = d.createElement(s); js.id = id; js.src = p + '://platform.twitter.com/widgets.js'; fjs.parentNode.insertBefore(js, fjs); } }(document, 'script', 'twitter-wjs');</script>
-</p>
-
-
-<h3>Useful Links</h3>
-<ul>
-
-  <li><a href="http://github.com/kennethreitz/responder">Responder @ GitHub</a></li>
-  <li><a href="http://pypi.python.org/pypi/responder">Responder @ PyPI</a></li>
-  <li><a href="http://github.com/kennethreitz/responder/issues">Issue Tracker</a></li>
-</ul>
@@ -1,35 +1,60 @@
+API Reference
+=============

-API Documentation
-=================
+This page documents Responder's public Python API. For usage examples
+and explanations, see the :doc:`quickstart` and :doc:`tour`.


-Web Service (API) Class
-----------------------
+The API Class
+-------------
+
+The central object of every Responder application. It holds your routes,
+middleware, templates, and configuration. Create one at the top of your
+module and use it to define your entire web service.
+
 .. module:: responder

 .. autoclass:: API
    :inherited-members:

-Requests & Responses
--------------------

+Request
+-------
+
+The request object is passed into every view as the first argument. It
+gives you access to everything the client sent — headers, query
+parameters, the request body, cookies, and more.
+
+Most properties are synchronous, but reading the body requires ``await``
+because it involves I/O.

 .. autoclass:: Request
    :inherited-members:

+
+Response
+--------
+
+The response object is passed into every view as the second argument.
+Mutate it to control what gets sent back to the client — the body,
+status code, headers, and cookies.
+
 .. autoclass:: Response
    :inherited-members:


-Utility Functions
-----------------
+Status Code Helpers
+-------------------

-.. autofunction:: responder.API.status_codes.is_100
+Convenience functions for checking which category a status code falls
+into. Useful in middleware and after-request hooks.

-.. autofunction:: responder.API.status_codes.is_200
+.. autofunction:: responder.status_codes.is_100

-.. autofunction:: responder.API.status_codes.is_300
+.. autofunction:: responder.status_codes.is_200

-.. autofunction:: responder.API.status_codes.is_400
+.. autofunction:: responder.status_codes.is_300

-.. autofunction:: responder.API.status_codes.is_500
+.. autofunction:: responder.status_codes.is_400
+
+.. autofunction:: responder.status_codes.is_500
@@ -0,0 +1,7 @@
+# Backlog
+
+## Future Ideas
+- Consider adding `after_request` hooks (complement to `before_request`)
+- Explore WebSocket before_request short-circuit support
+- Add rate limiting middleware
+- Consider async template rendering by default
@@ -0,0 +1 @@
+../../CHANGELOG.md
@@ -0,0 +1,81 @@
+Command Line Interface
+======================
+
+Responder installs a ``responder`` command that lets you launch
+applications from the terminal. You can point it at a Python module,
+a local file, or even a URL — and it will find your ``API`` instance
+and start serving.
+
+
+Launching from a Module
+-----------------------
+
+The most common way to run a Responder application in production. Use
+Python's standard dotted module path::
+
+    $ responder run acme.app
+
+This imports ``acme.app`` and looks for an attribute called ``api``
+(a ``responder.API`` instance). It's the same import system Python
+uses everywhere — your ``PYTHONPATH`` and virtual environment are
+respected.
+
+
+Launching from a File
+---------------------
+
+During development, you often have a single file you want to run::
+
+    $ responder run helloworld.py
+
+This loads the file directly and starts the server. Quick and easy for
+prototyping and single-file applications.
+
+You can test it with a simple HTTP request::
+
+    $ curl http://127.0.0.1:5042/hello
+    hello, world!
+
+
+Launching from a URL
+--------------------
+
+Responder can fetch and run a Python file from any URL — great for
+demos, sharing examples, and running code from GitHub::
+
+    $ responder run https://github.com/kennethreitz/responder/raw/refs/heads/main/examples/helloworld.py
+
+This also works with ``github://`` URLs and any filesystem protocol
+supported by `fsspec <https://filesystem-spec.readthedocs.io/>`_::
+
+    $ responder run github://kennethreitz:responder@/examples/helloworld.py
+
+Cloud storage is supported too — Azure Blob Storage, Google Cloud
+Storage, S3, HDFS, SFTP, and more. Install ``fsspec[full]`` for all
+protocols::
+
+    $ uv pip install 'fsspec[full]'
+
+
+Custom Instance Names
+---------------------
+
+By default, Responder looks for an attribute called ``api``. If your
+application uses a different name, specify it with a colon::
+
+    $ responder run acme.app:service
+    $ responder run myapp.py:application
+
+For URLs, use a fragment::
+
+    $ responder run https://example.com/app.py#service
+
+
+Building Frontend Assets
+-------------------------
+
+If your project includes a JavaScript frontend with a ``package.json``,
+the ``build`` subcommand runs ``npm run build``::
+
+    $ responder build
+    $ responder build /path/to/frontend
@@ -1,103 +1,35 @@
-# -*- coding: utf-8 -*-
-#
-# Configuration file for the Sphinx documentation builder.
-#
-# This file does only contain a selection of the most common options. For a
-# full list see the documentation:
-# http://www.sphinx-doc.org/en/master/config
+# Sphinx configuration for Responder documentation.

-# -- Path setup --------------------------------------------------------------
-
-# If extensions (or modules to document with autodoc) are in another directory,
-# add these directories to sys.path here. If the directory is relative to the
-# documentation root, use os.path.abspath to make it absolute, like shown here.
-#
-# import os
-# import sys
-# sys.path.insert(0, os.path.abspath('.'))
-
-
-# -- Project information -----------------------------------------------------
-
-project = "responder"
-copyright = "2018, A Kenneth Reitz project"
-author = "Kenneth Reitz"
-
-# The short X.Y version
 import os

-# Path hackery to get current version number.
-here = os.path.abspath(os.path.dirname(__file__))
+project = "responder"
+copyright = "2018-2026, Kenneth Reitz"
+author = "Kenneth Reitz"

+here = os.path.abspath(os.path.dirname(__file__))
 about = {}
 with open(os.path.join(here, "..", "..", "responder", "__version__.py")) as f:
    exec(f.read(), about)

 version = about["__version__"]
-# The full version, including alpha/beta/rc tags
 release = about["__version__"]

-
-# -- General configuration ---------------------------------------------------
-
-# If your documentation needs a minimal Sphinx version, state it here.
-#
-# needs_sphinx = '1.0'
-
-# Add any Sphinx extension module names here, as strings. They can be
-# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
-# ones.
 extensions = [
    "sphinx.ext.autodoc",
-    "sphinx.ext.doctest",
-    "sphinx.ext.intersphinx",
-    "sphinx.ext.todo",
-    "sphinx.ext.coverage",
-    "sphinx.ext.mathjax",
-    "sphinx.ext.ifconfig",
    "sphinx.ext.viewcode",
-    "sphinx.ext.githubpages",
+    "myst_parser",
+    "sphinx_copybutton",
+    "sphinx_design_elements",
 ]

-# Add any paths that contain templates here, relative to this directory.
 templates_path = ["_templates"]
-
-# The suffix(es) of source filenames.
-# You can specify multiple suffix as a list of string:
-#
-# source_suffix = ['.rst', '.md']
-source_suffix = ".rst"
-
-# The master toctree document.
+source_suffix = {".rst": "restructuredtext"}
 master_doc = "index"
-
-# The language for content autogenerated by Sphinx. Refer to documentation
-# for a list of supported languages.
-#
-# This is also used if you do content translation via gettext catalogs.
-# Usually you set "language" from the command line for these cases.
-language = None
-
-# List of patterns, relative to source directory, that match files and
-# directories to ignore when looking for source files.
-# This pattern also affects html_static_path and html_extra_path.
+language = "en"
 exclude_patterns = []

-# The name of the Pygments (syntax highlighting) style to use.
-pygments_style = None
-
-
-# -- Options for HTML output -------------------------------------------------
-
-# The theme to use for HTML and HTML Help pages.  See the documentation for
-# a list of builtin themes.
-#
+# Theme
 html_theme = "alabaster"
-
-# Theme options are theme-specific and customize the look and feel of a theme
-# further.  For a list of options available for each theme, see the
-# documentation.
-#
 html_theme_options = {
    "show_powered_by": False,
    "github_user": "kennethreitz",
@@ -105,118 +37,16 @@ html_theme_options = {
    "github_banner": False,
    "show_related": False,
 }
-
-
-html_sidebars = {
-    "index": ["sidebarintro.html", "sourcelink.html", "searchbox.html", "hacks.html"],
-    "**": [
-        "sidebarlogo.html",
-        "localtoc.html",
-        "relations.html",
-        "sourcelink.html",
-        "searchbox.html",
-        "hacks.html",
-    ],
-}
-
-# Add any paths that contain custom static files (such as style sheets) here,
-# relative to this directory. They are copied after the builtin static files,
-# so a file named "default.css" will overwrite the builtin "default.css".
 html_static_path = ["_static"]
-
-# Custom sidebar templates, must be a dictionary that maps document names
-# to template names.
-#
-# The default sidebars (for documents that don't match any pattern) are
-# defined by theme itself.  Builtin themes are using these templates by
-# default: ``['localtoc.html', 'relations.html', 'sourcelink.html',
-# 'searchbox.html']``.
-#
-# html_sidebars = {}
-
-
-# -- Options for HTMLHelp output ---------------------------------------------
-
-# Output file base name for HTML help builder.
-htmlhelp_basename = "responderdoc"
-
-
-# -- Options for LaTeX output ------------------------------------------------
-
-latex_elements = {
-    # The paper size ('letterpaper' or 'a4paper').
-    #
-    # 'papersize': 'letterpaper',
-    # The font size ('10pt', '11pt' or '12pt').
-    #
-    # 'pointsize': '10pt',
-    # Additional stuff for the LaTeX preamble.
-    #
-    # 'preamble': '',
-    # Latex figure (float) alignment
-    #
-    # 'figure_align': 'htbp',
+html_sidebars = {
+    "index": ["sidebarintro.html", "searchbox.html"],
+    "**": ["sidebarintro.html", "localtoc.html", "searchbox.html"],
 }

-# Grouping the document tree into LaTeX files. List of tuples
-# (source start file, target name, title,
-#  author, documentclass [howto, manual, or own class]).
-latex_documents = [
-    (master_doc, "responder.tex", "responder Documentation", "Kenneth Reitz", "manual")
-]
+# MyST
+myst_heading_anchors = 3

-
-# -- Options for manual page output ------------------------------------------
-
-# One entry per manual page. List of tuples
-# (source start file, name, description, authors, manual section).
-man_pages = [(master_doc, "responder", "responder Documentation", [author], 1)]
-
-
-# -- Options for Texinfo output ----------------------------------------------
-
-# Grouping the document tree into Texinfo files. List of tuples
-# (source start file, target name, title, author,
-#  dir menu entry, description, category)
-texinfo_documents = [
-    (
-        master_doc,
-        "responder",
-        "responder Documentation",
-        author,
-        "responder",
-        "One line description of project.",
-        "Miscellaneous",
-    )
-]
-
-
-# -- Options for Epub output -------------------------------------------------
-
-# Bibliographic Dublin Core info.
-epub_title = project
-
-# The unique identifier of the text. This can be a ISBN number
-# or the project homepage.
-#
-# epub_identifier = ''
-
-# A unique identification for the text.
-#
-# epub_uid = ''
-
-# A list of files that should not be packed into the epub file.
-epub_exclude_files = ["search.html"]
-
-
-# -- Extension configuration -------------------------------------------------
-
-# -- Options for intersphinx extension ---------------------------------------
-
-# Example configuration for intersphinx: refer to the Python standard library.
-intersphinx_mapping = {"https://docs.python.org/": None}
-
-# -- Options for todo extension ----------------------------------------------
-
-# If true, `todo` and `todoList` produce output, else they produce nothing.
-todo_include_todos = True
+# Copybutton
+copybutton_remove_prompts = True
+copybutton_prompt_text = r">>> |\.\.\. |\$ "
+copybutton_prompt_is_regexp = True
@@ -1,58 +1,103 @@
-Deploying Responder
-===================
+Deployment
+==========

-You can deploy Responder anywhere you can deploy a basic Python application.
+Responder applications are standard `ASGI <https://asgi.readthedocs.io/>`_
+apps. ASGI (Asynchronous Server Gateway Interface) is the modern successor
+to WSGI — it supports async, WebSockets, and HTTP/2. This means you can
+deploy a Responder app anywhere that runs Python, using any ASGI server.

-Docker Deployment
-----------------

-Assuming existing ``api.py`` and ``Pipfile.lock`` containing ``responder``.
+Running Locally
+---------------

-``Dockerfile``::
-
-    FROM kennethreitz/pipenv
-    ENV PORT '80'
-    COPY . /app
-    CMD python3 api.py
-    EXPOSE 80
-
-That's it!
-
-Heroku Deployment
-----------------
-
-The basics::
-
-    $ mkdir my-api
-    $ cd my-api
-    $ git init
-    $ heroku create
-    ...
-
-Install Responder::
-
-    $ pipenv install responder
-    ...
-
-Write out an ``api.py``::
-
-    import responder
-
-    api = responder.API()
-
-    @api.route("/")
-    async def hello(req, resp):
-        resp.text = "hello, world!"
+During development, ``api.run()`` is all you need::

    if __name__ == "__main__":
        api.run()

-Write out a ``Procfile``::
+This starts a `uvicorn <https://www.uvicorn.org/>`_ server on
+``127.0.0.1:5042``. Uvicorn is a lightning-fast ASGI server built on
+`uvloop <https://uvloop.readthedocs.io/>`_ — it handles thousands of
+concurrent connections efficiently and protects against slowloris attacks,
+making a reverse proxy like nginx optional for many deployments.

-    web: python api.py

-That's it! Next, we commit and push to Heroku::
+Docker
+------

-    $ git add -A
-    $ git commit -m 'initial commit'
-    $ git push heroku master
+Docker is the most common way to package and deploy web applications.
+Here's a minimal Dockerfile::
+
+    FROM python:3.13-slim
+    WORKDIR /app
+    COPY . .
+    RUN pip install responder
+    ENV PORT=80
+    EXPOSE 80
+    CMD ["python", "api.py"]
+
+Build and run::
+
+    $ docker build -t myapi .
+    $ docker run -p 8000:80 myapi
+
+The ``python:3.13-slim`` image is about 150MB — small enough for fast
+deploys but includes everything you need. For even smaller images, you
+can use ``python:3.13-alpine``, though some packages may need extra
+build dependencies.
+
+
+Cloud Platforms
+---------------
+
+Responder automatically honors the ``PORT`` environment variable. When
+``PORT`` is set, the server binds to ``0.0.0.0`` on that port — this is
+the convention that virtually every cloud platform uses.
+
+This means zero configuration on:
+
+- **Fly.io** — ``fly launch`` and you're done
+- **Railway** — push your code, Railway sets ``PORT``
+- **Render** — set start command to ``python api.py``
+- **Google Cloud Run** — containerize and deploy
+- **Azure Container Apps** — same pattern
+- **AWS App Runner** — and here too
+
+The pattern is always the same: deploy your code, set the start command
+to ``python api.py``, and the platform handles the rest.
+
+
+Uvicorn Directly
+----------------
+
+For production deployments where you want more control, bypass
+``api.run()`` and use uvicorn directly::
+
+    $ uvicorn api:api --host 0.0.0.0 --port 8000 --workers 4
+
+The ``--workers`` flag spawns multiple processes, each handling requests
+independently. A good starting point is 2-4 workers per CPU core.
+
+Uvicorn supports many options — SSL certificates, access logging, graceful
+shutdown timeouts, and more. See the
+`uvicorn documentation <https://www.uvicorn.org/deployment/>`_ for details.
+
+
+Reverse Proxy
+-------------
+
+For high-traffic production deployments, you may want a reverse proxy like
+`nginx <https://nginx.org/>`_ or `Caddy <https://caddyserver.com/>`_ in
+front of your application for:
+
+- **SSL/TLS termination** — let the proxy handle HTTPS certificates
+- **Load balancing** — distribute traffic across multiple app instances
+- **Static asset serving** — offload static files to the proxy
+- **Rate limiting** — at the infrastructure level
+
+Responder's ``TrustedHostMiddleware`` and ``HTTPSRedirectMiddleware`` work
+correctly behind proxies that set standard forwarding headers
+(``X-Forwarded-For``, ``X-Forwarded-Proto``).
+
+That said, uvicorn is production-ready on its own. Many applications run
+uvicorn directly without a reverse proxy and do just fine.
@@ -0,0 +1,172 @@
+Configuration
+=============
+
+Every application needs different settings for different environments —
+debug mode in development, real secrets in production, different database
+URLs for testing. This guide covers how to manage configuration cleanly.
+
+
+Environment Variables
+---------------------
+
+The simplest and most universal approach. Environment variables work
+everywhere — locally, in Docker, on cloud platforms — and keep secrets
+out of your source code::
+
+    import os
+    import responder
+
+    api = responder.API(
+        debug=os.getenv("DEBUG", "false").lower() == "true",
+        secret_key=os.environ["SECRET_KEY"],
+        cors=os.getenv("CORS_ENABLED", "false").lower() == "true",
+    )
+
+Some variables Responder handles automatically:
+
+- ``PORT`` — when set, the server binds to ``0.0.0.0`` on this port
+
+Set variables in your shell::
+
+    $ export SECRET_KEY="your-secret-here"
+    $ export DEBUG=true
+    $ python app.py
+
+Or in a ``.env`` file (don't commit this to git)::
+
+    SECRET_KEY=your-secret-here
+    DEBUG=true
+
+
+Using .env Files
+----------------
+
+For local development, a ``.env`` file is convenient. Install
+``python-dotenv`` and load it at the top of your app::
+
+    $ uv pip install python-dotenv
+
+::
+
+    from dotenv import load_dotenv
+    load_dotenv()
+
+    import os
+    import responder
+
+    api = responder.API(
+        secret_key=os.environ["SECRET_KEY"],
+    )
+
+Add ``.env`` to your ``.gitignore`` — never commit secrets.
+
+
+Configuration Class Pattern
+----------------------------
+
+For larger applications, a configuration class keeps things organized::
+
+    import os
+
+    class Config:
+        SECRET_KEY = os.environ.get("SECRET_KEY", "dev-secret")
+        DEBUG = os.environ.get("DEBUG", "false").lower() == "true"
+        DATABASE_URL = os.environ.get("DATABASE_URL", "sqlite:///dev.db")
+        CORS_ORIGINS = os.environ.get("CORS_ORIGINS", "").split(",")
+
+    config = Config()
+
+    api = responder.API(
+        debug=config.DEBUG,
+        secret_key=config.SECRET_KEY,
+        cors=bool(config.CORS_ORIGINS[0]),
+        cors_params={"allow_origins": config.CORS_ORIGINS},
+    )
+
+This makes it easy to see all your settings in one place.
+
+
+Secret Key
+----------
+
+The ``secret_key`` is used to sign session cookies. If someone knows your
+secret key, they can forge session data and impersonate any user.
+
+Rules:
+
+- **Never use the default** in production
+- **Generate a random key**: ``python -c "import secrets; print(secrets.token_hex(32))"``
+- **Store it in an environment variable**, not in code
+- **Rotate it** if it's ever compromised (this invalidates all sessions)
+
+::
+
+    api = responder.API(secret_key=os.environ["SECRET_KEY"])
+
+
+Debug Mode
+----------
+
+Debug mode controls error page behavior:
+
+- **On** (``debug=True``): detailed error pages with tracebacks. Never
+  use this in production — it exposes your source code.
+- **Off** (``debug=False``): generic error pages. This is the default.
+
+::
+
+    api = responder.API(debug=True)  # development only
+
+A common pattern is to read it from the environment::
+
+    api = responder.API(debug=os.getenv("DEBUG") == "true")
+
+
+Allowed Hosts
+-------------
+
+In production, always set ``allowed_hosts`` to prevent Host header
+attacks. This should match the domain names your application serves::
+
+    api = responder.API(
+        allowed_hosts=["example.com", "www.example.com"],
+    )
+
+In development, you can use ``["*"]`` (the default) or specific local
+addresses::
+
+    api = responder.API(allowed_hosts=["localhost", "127.0.0.1"])
+
+
+Putting It All Together
+-----------------------
+
+A production-ready configuration setup::
+
+    import os
+    from dotenv import load_dotenv
+
+    load_dotenv()
+
+    import responder
+
+    api = responder.API(
+        debug=os.getenv("DEBUG", "false") == "true",
+        secret_key=os.environ["SECRET_KEY"],
+        allowed_hosts=os.getenv("ALLOWED_HOSTS", "*").split(","),
+        cors=bool(os.getenv("CORS_ORIGINS")),
+        cors_params={
+            "allow_origins": os.getenv("CORS_ORIGINS", "").split(","),
+            "allow_methods": ["GET", "POST", "PUT", "DELETE"],
+        },
+    )
+
+With a ``.env`` file for local development::
+
+    SECRET_KEY=dev-secret-do-not-use-in-prod
+    DEBUG=true
+    ALLOWED_HOSTS=localhost,127.0.0.1
+    CORS_ORIGINS=http://localhost:3000
+
+And environment variables set properly in production (via your cloud
+platform's dashboard, Docker secrets, or a secrets manager).
@@ -1,25 +1,7 @@
-.. responder documentation master file, created by
-   sphinx-quickstart on Thu Oct 11 12:58:34 2018.
-   You can adapt this file completely to your liking, but it should at least
-   contain the root `toctree` directive.
+Responder
+=========

-A familiar HTTP Service Framework
-=================================
-
-|Build Status| |image1| |image2| |image3| |image4| |image5|
-
-.. |Build Status| image:: https://travis-ci.org/kennethreitz/responder.svg?branch=master
-   :target: https://travis-ci.org/kennethreitz/responder
-.. |image1| image:: https://img.shields.io/pypi/v/responder.svg
-   :target: https://pypi.org/project/responder/
-.. |image2| image:: https://img.shields.io/pypi/l/responder.svg
-   :target: https://pypi.org/project/responder/
-.. |image3| image:: https://img.shields.io/pypi/pyversions/responder.svg
-   :target: https://pypi.org/project/responder/
-.. |image4| image:: https://img.shields.io/github/contributors/kennethreitz/responder.svg
-   :target: https://github.com/kennethreitz/responder/graphs/contributors
-.. |image5| image:: https://img.shields.io/badge/Say%20Thanks-!-1EAEDB.svg
-   :target: https://saythanks.io/to/kennethreitz
+A familiar HTTP Service Framework for Python.

 .. code:: python

@@ -34,109 +16,115 @@ A familiar HTTP Service Framework
   if __name__ == '__main__':
       api.run()

-Powered by `Starlette <https://www.starlette.io/>`_. That ``async`` declaration is optional.
+Powered by `Starlette`_, `uvicorn`_, and good intentions. The ``async`` is optional.

-This gets you a ASGI app, with a production static files server
-(`WhiteNoise <http://whitenoise.evans.io/en/stable/>`_)
-pre-installed, jinja2 templating (without additional imports), and a
-production webserver based on uvloop, serving up requests with
-automatic gzip compression.

-Features
+The Idea
 --------

- A pleasant API, with a single import statement.
- Class-based views without inheritance.
- `ASGI <https://asgi.readthedocs.io>`_ framework, the future of Python web services.
- WebSocket support!
- The ability to mount any ASGI / WSGI app at a subroute.
- `f-string syntax <https://docs.python.org/3/whatsnew/3.6.html#pep-498-formatted-string-literals>`_ route declaration.
- Mutable response object, passed into each view. No need to return anything.
- Background tasks, spawned off in a ``ThreadPoolExecutor``.
- GraphQL (with *GraphiQL*) support!
- OpenAPI schema generation, with interactive documentation!
- Single-page webapp support!
+If you've ever used `Flask`_, the routing will look familiar. If you've
+used `Falcon`_, the request/response pattern will click immediately. And
+if you've used `Requests`_ — well, you'll feel right at home.

-Testimonials
+Responder takes these ideas and brings them together. Every view receives
+a request and a response. You read from one and write to the other. No
+return values, no special response classes, no boilerplate.
+
+- ``resp.text`` sends text. ``resp.html`` sends HTML. ``resp.media`` sends JSON.
+- ``resp.file("path")`` serves a file. ``resp.content`` sends raw bytes.
+- ``req.headers`` is case-insensitive. ``req.params`` holds query parameters.
+- ``resp.status_code``, ``req.method``, ``req.url`` — the familiar ones.
+
+Set ``resp.media`` to a dict and the right thing happens. If the client
+asks for YAML, it gets YAML. Content negotiation is automatic.
+
+Responder and `FastAPI`_ are siblings — both built on Starlette, both
+born around the same time, both part of the push that made ASGI the
+future of Python web services. FastAPI went deep on type annotations
+and automatic validation. Responder went for simplicity and a mutable
+request/response pattern. Both projects are better for the other
+existing. Use whichever feels right.
+
+This is a passion project. It exists because building a web framework
+from scratch is one of the best ways to understand how the web works.
+It's a great fit for personal projects, prototyping, teaching, research,
+and anyone who values a clean API over a sprawling ecosystem. If you
+need battle-tested infrastructure at scale, FastAPI and Django will
+serve you well. If you want something small, expressive, and fun to
+work with — welcome.
+
+
+What You Get
 ------------

-   “Pleasantly very taken with python-responder.
-   `@kennethreitz <https://twitter.com/kennethreitz>`_ at his absolute
-   best.”
+One ``pip install``, batteries included:

-    —Rudraksh M.K.
+- Mount Flask, Django, or any WSGI/ASGI app at a subroute.
+- Gzip compression, HSTS, CORS, and trusted host validation.
+- Before-request hooks that can short-circuit for auth guards.
+- A test client for fast, in-process testing with pytest.
+- Route parameters with f-string syntax and type convertors.
+- Lifespan context managers for startup and shutdown logic.
+- Custom exception handlers for clean error responses.
+- `GraphQL`_ with Graphene and a built-in GraphiQL IDE.
+- File serving with automatic content-type detection.
+- Sync and async views — ``async`` is always optional.
+- Class-based views with ``on_get``, ``on_post``, ``on_request``.
+- A pleasant API with a single import statement.
+- OpenAPI schema generation with Swagger UI.
+- A production `uvicorn`_ server, ready to deploy.
+- HTTP method filtering for REST APIs.
+- Signed cookie-based sessions.
+- Background tasks in a thread pool.
+- WebSocket support.


+Installation
+------------

-..
+.. code-block:: shell

-   "ASGI is going to enable all sorts of new high-performance web services. It's awesome to see Responder starting to take advantage of that."
+    $ uv pip install responder

-    —Tom Christie, author of `Django REST Framework`_
+Python 3.9 and above. That's it.

-..
-
-
-   “I love that you are exploring new patterns. Go go go!”
-
-    — Danny Greenfield, author of `Two Scoops of Django`_
-
-
-.. _Django REST Framework: https://www.django-rest-framework.org/
-.. _Two Scoops of Django: https://www.twoscoopspress.com/products/two-scoops-of-django-1-11
-
-User Guides
-----------

 .. toctree::
   :maxdepth: 2
+   :caption: User Guide

   quickstart
   tour
   deployment
   testing
   api
+   cli
+
+.. toctree::
+   :maxdepth: 2
+   :caption: Tutorials
+
+   tutorial-rest
+   tutorial-sqlalchemy
+   tutorial-auth
+   tutorial-websockets
+   tutorial-middleware
+   tutorial-flask
+   guide-config
+
+.. toctree::
+   :maxdepth: 1
+   :caption: Project
+
+   changes
+   Sandbox <sandbox>
+   backlog


-Installing Responder
--------------------
-
-.. code-block:: shell
-
-    $ pipenv install responder
-    ✨🍰✨
-
-Only **Python 3.6+** is supported.
-
-
-The Basic Idea
--------------
-
-The primary concept here is to bring the niceties that are brought forth from both Flask and Falcon and unify them into a single framework, along with some new ideas I have. I also wanted to take some of the API primitives that are instilled in the Requests library and put them into a web framework. So, you'll find a lot of parallels here with Requests.
-
- Setting ``resp.content`` sends back bytes.
- Setting ``resp.text`` sends back unicode, while setting ``resp.html`` sends back HTML.
- Setting ``resp.media`` sends back JSON/YAML (``.text``/``.html``/``.content`` override this).
- Case-insensitive ``req.headers`` dict (from Requests directly).
- ``resp.status_code``, ``req.method``, ``req.url``, and other familiar friends.
-
-Ideas
-----
-
- Flask-style route expression, with new capabilities -- all while using Python 3.6+'s new f-string syntax.
- I love Falcon's "every request and response is passed into each view and mutated" methodology, especially ``response.media``, and have used it here. In addition to supporting JSON, I have decided to support YAML as well, as Kubernetes is slowly taking over the world, and it uses YAML for all the things. Content-negotiation and all that.
- **A built in testing client that uses the actual Requests you know and love**.
- The ability to mount other WSGI apps easily.
- Automatic gzipped-responses.
- In addition to Falcon's ``on_get``, ``on_post``, etc methods, Responder features an ``on_request`` method, which gets called on every type of request, much like Requests.
- A production static files server is built-in.
- `Uvicorn <https://www.uvicorn.org/>`_ is built-in as a production web server. I would have chosen Gunicorn, but it doesn't run on Windows. Plus, Uvicorn serves well to protect against `slowloris <https://en.wikipedia.org/wiki/Slowloris_(computer_security)>`_ attacks, making nginx unnecessary in production.
- GraphQL support, via Graphene. The goal here is to have any GraphQL query exposable at any route, magically.
-
-
-Indices and tables
-==================
-
-* :ref:`genindex`
-* :ref:`modindex`
-* :ref:`search`
+.. _Starlette: https://www.starlette.io/
+.. _uvicorn: https://www.uvicorn.org/
+.. _Flask: https://flask.palletsprojects.com/
+.. _Falcon: https://falconframework.org/
+.. _FastAPI: https://fastapi.tiangolo.com/
+.. _GraphQL: https://graphql.org/
+.. _Requests: https://requests.readthedocs.io/
@@ -1,177 +1,378 @@
-Quick Start!
-============
+Quick Start
+===========

-This section of the documentation exists to provide an introduction to the Responder interface,
-as well as educate the user on basic functionality.
+This guide will walk you through the basics of building a web service with
+Responder. By the end, you'll understand how HTTP requests and responses
+work, how to define routes, read data from clients, send data back, render
+HTML templates, and process work in the background.


-Declare a Web Service
---------------------
+Create a Web Service
+--------------------

-The first thing you need to do is declare a web service::
+Every web application starts with a single object — the application
+instance. In Responder, this is the ``API`` class. It holds your routes,
+middleware, templates, and configuration. Think of it as the central
+nervous system of your web service::

    import responder

    api = responder.API()

-Hello World!
------------
+That's it. One import, one line. You now have a fully functional ASGI
+application with gzip compression, static file serving, session support,
+and a production-ready server — all wired up and ready to go.

-Then, you can add a view / route to it.

-Here, we'll make the root URL say "hello world!"::
+Hello World
+-----------
+
+A web service isn't very useful until it can respond to requests. In HTTP,
+a *route* maps a URL path to a function that handles it. When a client
+(like a browser or ``curl``) sends a request to that path, your function
+runs and produces a response.
+
+Here's the simplest possible route::

    @api.route("/")
    def hello_world(req, resp):
        resp.text = "hello, world!"

+Two things to notice:
+
+1. Every view function receives two arguments: ``req`` (the incoming
+   request) and ``resp`` (the outgoing response).
+2. You don't return anything. Instead, you *mutate* the response object
+   directly. This is a deliberate design choice — it keeps the API
+   consistent whether you're setting text, JSON, headers, cookies, or
+   status codes.
+
+
 Run the Server
 --------------

-Next, we can run our web service easily, with ``api.run()``::
+Start your web service with a single call::

    api.run()

-This will spin up a production web server on port ``5042``, ready for incoming HTTP requests.
+This spins up a production-grade `uvicorn <https://www.uvicorn.org/>`_
+server on port ``5042``, ready for incoming HTTP requests. Open
+``http://localhost:5042`` in your browser and you'll see your hello world
+response.

-Note: you can pass ``port=5000`` if you want to customize the port. The ``PORT`` environment variable for established web service providers (e.g. Heroku) will automatically be honored and will set the listening address to ``0.0.0.0`` automatically (also configurable through the ``address`` keyword argument).
+You can customize the port with ``api.run(port=8000)``. The ``PORT``
+environment variable is also honored automatically — when set, Responder
+binds to ``0.0.0.0`` on that port, which is what cloud platforms expect.
+
+.. note::
+
+   Both sync and async views are supported. The ``async`` keyword is always
+   optional — use it when you need to ``await`` something, like reading a
+   request body or querying a database.


-Accept Route Arguments
----------------------
+Route Parameters
+----------------

-If you want dynamic URLs, you can use Python's familiar *f-string syntax* to declare variables in your routes::
+Static URLs like ``/about`` are useful, but most applications need dynamic
+routes — URLs that contain variable data, like a user ID or a product slug.
+
+In Responder, you declare route parameters using Python's f-string syntax::

    @api.route("/hello/{who}")
    def hello_to(req, resp, *, who):
        resp.text = f"hello, {who}!"

-A ``GET`` request to ``/hello/brettcannon`` will result in a response of ``hello, brettcannon!``.
+A ``GET`` request to ``/hello/world`` will respond with ``hello, world!``.
+A request to ``/hello/guido`` will respond with ``hello, guido!``.

-Type convertors are also available::
+Route parameters are passed as *keyword-only* arguments (after the ``*``
+in the function signature). This is a Python feature that makes the
+interface explicit — you always know which arguments come from the URL.
+
+
+Type Convertors
+^^^^^^^^^^^^^^^
+
+By default, route parameters are strings. But often you want them as
+integers, UUIDs, or other types. Responder can convert them automatically
+using type annotations in the route pattern::

    @api.route("/add/{a:int}/{b:int}")
    async def add(req, resp, *, a, b):
        resp.text = f"{a} + {b} = {a + b}"

-Supported types: ``str``, ``int`` and ``float``.
+Here, ``a`` and ``b`` will arrive as Python ``int`` objects, not strings.
+If someone requests ``/add/3/hello``, they'll get a 404 — the route won't
+match because ``hello`` isn't a valid integer.

-Returning JSON / YAML
---------------------
+Supported types:

-If you want your API to send back JSON, simply set the ``resp.media`` property to a JSON-serializable Python object::
+- ``str`` — matches any string without slashes (this is the default)
+- ``int`` — matches digits and converts to ``int``
+- ``float`` — matches decimal numbers and converts to ``float``
+- ``uuid`` — matches UUID strings like ``550e8400-e29b-41d4-a716-446655440000``
+- ``path`` — matches any string *including* slashes, useful for file paths
+  like ``/files/{filepath:path}``


+Sending Responses
+-----------------
+
+When an HTTP server receives a request, it must send back a response. Every
+HTTP response has three parts: a status code (like ``200 OK`` or ``404 Not
+Found``), headers (metadata like ``Content-Type``), and a body (the actual
+data).
+
+Responder lets you set all three by mutating the response object.
+
+**Text and HTML** — the simplest response types. ``resp.text`` sets the
+``Content-Type`` to ``text/plain``, while ``resp.html`` sets it to
+``text/html``::
+
+    resp.text = "plain text response"
+    resp.html = "<h1>HTML response</h1>"
+
+**JSON** — the lingua franca of web APIs. Set ``resp.media`` to any
+JSON-serializable Python object — a dict, a list, whatever — and Responder
+will serialize it to JSON and set the right headers::
+
    @api.route("/hello/{who}/json")
-    def hello_to(req, resp, *, who):
+    def hello_json(req, resp, *, who):
        resp.media = {"hello": who}

-A ``GET`` request to ``/hello/guido/json`` will result in a response of ``{'hello': 'guido'}``.
+If the client sends an ``Accept: application/x-yaml`` header, the same data
+will be returned as YAML instead. This is called *content negotiation* —
+the server and client agree on a format. It happens automatically.

-If the client requests YAML instead (with a header of ``Accept: application/x-yaml``), YAML will be sent.
+**Files** — serve a file from disk. Responder uses Python's ``mimetypes``
+module to figure out the ``Content-Type`` from the file extension::

-Rendering a Template
--------------------
+    resp.file("reports/annual.pdf")

-Responder provides a built-in light `jinja2 <http://jinja.pocoo.org/docs/>`_ wrapper ``templates.Templates``
+**Raw bytes** — for binary data like images or protocol buffers::

-Usage::
+    resp.content = b"\x89PNG\r\n..."

-  from responder.templates import Templates
+**Status codes** — HTTP status codes tell the client what happened. ``200``
+means success, ``201`` means something was created, ``404`` means not found,
+``500`` means the server broke. Set it directly::

-  templates = Templates()
+    resp.status_code = 201

-  @api.route("/hello/{name}/html")
-  def hello(req, resp, name):
-      resp.html = templates.render("hello.html", name=name)
+**Headers** — HTTP headers carry metadata. Common ones include
+``Content-Type``, ``Cache-Control``, ``Authorization``, and custom
+application headers::
+
+    resp.headers["X-Custom"] = "value"
+
+**Redirects** — tell the client to go somewhere else::
+
+    api.redirect(resp, location="/new-url")
+
+This sends a ``301 Moved Permanently`` response by default. The client's
+browser will automatically follow the redirect.


-Also a ``render_async`` is available::
+Reading Requests
+----------------

-    templates = Templates(enable_async=True)
-    resp.html = await templates.render_async("hello.html", who=who)
+The other half of HTTP is the request — the data the client sends to your
+server. This includes the HTTP method (GET, POST, PUT, DELETE), the URL,
+headers, query parameters, cookies, and optionally a body.

-You can also use the existing ``api.template(filename, *args, **kwargs)`` to render templates::
+Responder wraps all of this in the ``req`` object.

-    @api.route("/hello/{who}/html")
-    def hello_html(req, resp, *, who):
-        resp.html = api.template('hello.html', who=who)
+**Method and URL** — every HTTP request has a method (what the client wants
+to do) and a URL (what resource it's about)::
+
+    req.method      # "get", "post", etc. (lowercase)
+    req.full_url    # "http://example.com/path?q=1"
+    req.url         # parsed URL object
+
+**Headers** — HTTP headers carry metadata from the client, like what
+content types it accepts, authentication tokens, and more. Responder's
+headers dict is case-insensitive, because the HTTP spec says header names
+are case-insensitive::
+
+    req.headers["Content-Type"]
+    req.headers["content-type"]  # same thing
+
+**Query parameters** — the part of the URL after the ``?``. These are
+commonly used for search, filtering, and pagination::
+
+    # GET /search?q=python&page=2
+    req.params["q"]     # "python"
+    req.params["page"]  # "2"
+
+Note that query parameters are always strings. If you need an integer,
+you'll need to convert it yourself: ``int(req.params["page"])``.
+
+**Path parameters** — the dynamic parts of the URL that matched your route
+pattern. These are also available on the request object, which is useful
+in before-request hooks where they aren't passed as function arguments::
+
+    req.path_params["user_id"]  # same as the keyword argument
+
+**Request body** — for POST, PUT, and PATCH requests, the client sends
+data in the body. Since reading the body is an I/O operation, you need to
+``await`` it::
+
+    # JSON body (the most common format for APIs)
+    data = await req.media()
+
+    # Form data (from HTML forms)
+    data = await req.media("form")
+
+    # File uploads (multipart)
+    files = await req.media("files")
+
+    # Raw bytes
+    body = await req.content
+
+    # Raw text
+    text = await req.text
+
+**Other useful properties**::
+
+    req.is_json     # True if the content type is JSON
+    req.cookies     # dict of cookies sent by the client
+    req.session     # session data (a signed, server-side dict)
+    req.client      # (host, port) tuple — the client's IP address
+    req.is_secure   # True if the request came over HTTPS


-Setting Response Status Code
----------------------------
+Rendering Templates
+-------------------

-If you want to set the response status code, simply set ``resp.status_code``::
+While APIs typically return JSON, many web applications need to render
+HTML pages. Responder includes built-in support for
+`Jinja2 <https://jinja.palletsprojects.com/>`_, one of the most popular
+templating engines in the Python ecosystem.

-    @api.route("/416")
-    def teapot(req, resp):
-        resp.status_code = api.status_codes.HTTP_416   # ...or 416
+Templates let you write HTML with placeholders that get filled in with
+dynamic data. This keeps your presentation logic (HTML) separate from
+your application logic (Python) — a pattern called
+*separation of concerns*.
+
+The simplest way to render a template is ``api.template()``. Templates
+are loaded from the ``templates/`` directory by default::
+
+    @api.route("/hello/{name}/html")
+    def hello_html(req, resp, *, name):
+        resp.html = api.template("hello.html", name=name)
+
+The template file ``templates/hello.html`` might look like::
+
+    <h1>Hello, {{ name }}!</h1>
+
+The ``{{ name }}`` part is a Jinja2 expression — it gets replaced with
+the value you passed in.
+
+You can also use the ``Templates`` class directly for more control over
+the template directory and configuration::
+
+    from responder.templates import Templates
+
+    templates = Templates(directory="my_templates")
+
+    @api.route("/page")
+    def page(req, resp):
+        resp.html = templates.render("page.html", title="Hello")
+
+For applications that need non-blocking template rendering (rare, but
+useful under extreme load), async rendering is supported::
+
+    templates = Templates(directory="templates", enable_async=True)
+    resp.html = await templates.render_async("page.html", title="Hello")
+
+And for quick one-off templates, you can render a string directly without
+a file::
+
+    resp.html = api.template_string("Hello, {{ name }}!", name="world")


-Setting Response Headers
------------------------
+Background Tasks
+----------------

-If you want to set a response header, like ``X-Pizza: 42``, simply modify the ``resp.headers`` dictionary::
+Sometimes you want to accept a request, respond immediately, and do the
+actual processing later. This is a common pattern for operations that take
+a long time — sending emails, processing images, updating caches, or
+calling slow external APIs.

-    @api.route("/pizza")
-    def pizza_pizza(req, resp):
-        resp.headers['X-Pizza'] = '42'
-
-That's it!
-
-
-Receiving Data & Background Tasks
---------------------------------
-
-If you're expecting to read any request data, on the server, you need to declare your view as async and await the content.
-
-Here, we'll process our data in the background, while responding immediately to the client::
-
-    import time
+Responder makes this easy with background tasks. Decorate any function
+with ``@api.background.task`` and it will run in a thread pool, separate
+from the request/response cycle::

    @api.route("/incoming")
    async def receive_incoming(req, resp):
-
-        @api.background.task
-        def process_data(data):
-            """Just sleeps for three seconds, as a demo."""
-            time.sleep(3)
-
-
-        # Parse the incoming data as form-encoded.
-        # Note: 'json' and 'yaml' formats are also automatically supported.
        data = await req.media()

-        # Process the data (in the background).
-        process_data(data)
-
-        # Immediately respond that upload was successful.
-        resp.media = {'success': True}
-
-A ``POST`` request to ``/incoming`` will result in an immediate response of ``{'success': true}``.
-
-
-Here's a sample code to post a file with background::
-
-    @api.route("/")
-    async def upload_file(req, resp):
-
        @api.background.task
        def process_data(data):
-            f = open('./{}'.format(data['file']['filename']), 'w')
-            f.write(data['file']['content'].decode('utf-8'))
-            f.close()
+            """This runs in a background thread."""
+            import time
+            time.sleep(10)  # simulate heavy work

-        data = await req.media(format='files')
        process_data(data)

-        resp.media = {'success': 'ok'}
+        # This response is sent immediately, while process_data
+        # continues running in the background.
+        resp.media = {"status": "accepted"}

-You can send a file easily with requests::
+The client gets an instant response — the heavy lifting happens after.
+This is the same pattern used by task queues like Celery, but much simpler
+for lightweight use cases where you don't need a full message broker.

-	  import requests
+.. note::

-	  data = {'file': ('hello.txt', 'hello, world!', "text/plain")}
-	  r = requests.post('http://127.0.0.1:8210/file', files=data)
+   Background tasks run in threads, not processes. They share memory with
+   your application, which makes them fast to start but means CPU-intensive
+   work will block the event loop. For heavy computation, consider a proper
+   task queue.

-	  print(r.text)
+
+Putting It All Together
+-----------------------
+
+Here's a complete, working Responder application that combines everything
+from this guide::
+
+    import responder
+
+    api = responder.API()
+
+    @api.route("/")
+    def index(req, resp):
+        resp.text = "Welcome to the API"
+
+    @api.route("/hello/{name}")
+    def greet(req, resp, *, name):
+        resp.media = {"message": f"hello, {name}!"}
+
+    @api.route("/add/{a:int}/{b:int}")
+    def add(req, resp, *, a, b):
+        resp.media = {"result": a + b}
+
+    @api.route("/echo", methods=["POST"])
+    async def echo(req, resp):
+        data = await req.media()
+        resp.media = {"received": data}
+
+    if __name__ == "__main__":
+        api.run()
+
+Save this as ``app.py``, run it with ``python app.py``, and try::
+
+    $ curl http://localhost:5042/
+    $ curl http://localhost:5042/hello/world
+    $ curl http://localhost:5042/add/3/4
+    $ curl -X POST http://localhost:5042/echo \
+        -H "Content-Type: application/json" -d '{"key": "value"}'
+
+From here, explore the :doc:`tour` for the full range of features, or
+jump into the tutorials:
+
+- :doc:`tutorial-rest` — build a full CRUD API with validation
+- :doc:`tutorial-sqlalchemy` — connect to a database
+- :doc:`tutorial-auth` — add authentication
@@ -0,0 +1,36 @@
+(sandbox)=
+# Development Sandbox
+
+## Setup
+Set up a development sandbox.
+
+Acquire sources and create virtualenv.
+```shell
+git clone https://github.com/kennethreitz/responder.git
+cd responder
+uv venv
+```
+
+Install project in editable mode, including
+all development tools.
+```shell
+uv pip install --upgrade --editable '.[develop,docs,release,test]'
+```
+
+## Operations
+Run tests.
+```shell
+source .venv/bin/activate
+pytest
+```
+
+Format code.
+```shell
+ruff format .
+ruff check --fix .
+```
+
+Documentation authoring.
+```shell
+sphinx-autobuild --open-browser --watch docs/source docs/source docs/build
+```
@@ -1,54 +1,53 @@
-Building and Testing with Responder
-===================================
+Testing
+=======

-Responder comes with a first-class, well supported test client for your ASGI web services: **Requests**.
+Responder includes a built-in test client powered by Starlette's
+``TestClient``. You don't need to start a server — tests run in-process,
+making them fast and reliable. There's no separate test server to manage,
+no ports to allocate, and no race conditions to worry about. Just import
+your app and start making requests.

-Here, we'll go over the basics of setting up a proper Python package and adding testing to it.

-The Basics
----------
+Getting Started
+---------------

-Your repository should look like this::
-
-    Pipfile   Pipfile.lock   api.py  test_api.py
-
-``$ cat api.py``::
+Given a simple application in ``api.py``::

    import responder

    api = responder.API()

    @api.route("/")
-    def hello_world(req, resp):
+    def hello(req, resp):
        resp.text = "hello, world!"

    if __name__ == "__main__":
        api.run()

+You can test it with pytest. Every Responder ``API`` instance has a
+``requests`` property that gives you a test client — use it exactly like
+you'd use ``requests`` or ``httpx``::

-``$ cat Pipfile``::
+    # test_api.py
+    import api as service

-    [[source]]
-    url = "https://pypi.org/simple"
-    verify_ssl = true
-    name = "pypi"
+    def test_hello():
+        r = service.api.requests.get("/")
+        assert r.text == "hello, world!"

-    [packages]
-    responder = "*"
+Run your tests::

-    [dev-packages]
-    pytest = "*"
+    $ pytest

-    [requires]
-    python_version = "3.7"
+That's really all there is to it. No configuration, no test server setup.

-    [pipenv]
-    allow_prereleases = true

-Writing Tests
-------------
+Using Fixtures
+--------------

-``$ cat test_api.py``::
+For larger test suites, pytest fixtures keep things organized. Create a
+fixture that returns your API instance, and every test gets a fresh
+reference to it::

    import pytest
    import api as service
@@ -57,25 +56,231 @@ Writing Tests
    def api():
        return service.api

-
-    def test_hello_world(api):
+    def test_hello(api):
        r = api.requests.get("/")
        assert r.text == "hello, world!"

-``$ pytest``::
+    def test_json(api):
+        @api.route("/data")
+        def data(req, resp):
+            resp.media = {"key": "value"}

-    ...
-    ========================== 1 passed in 0.10 seconds ==========================
+        r = api.requests.get(api.url_for(data))
+        assert r.json() == {"key": "value"}
+
+The ``api.url_for()`` method generates a URL for a given route endpoint,
+so you don't have to hard-code paths in your tests. If you rename a route
+later, your tests won't break.


-(Optional) Proper Python Package
--------------------------------
+Testing JSON APIs
+-----------------

-Optionally, you can not rely on relative imports, and instead install your api as a proper package. This requires:
+Most APIs send and receive JSON. The test client makes this natural — pass
+``json=`` to send a JSON body, and call ``.json()`` on the response to
+parse it::

-1. A `proper setup.py <https://github.com/kennethreitz/setup.py>`_ file.
-2. ``$ pipenv install -e . --dev``
+    def test_create_item(api):
+        @api.route("/items")
+        async def create(req, resp):
+            data = await req.media()
+            resp.media = {"created": data}
+            resp.status_code = 201

-This will allow you to only specify your dependencies once: in ``setup.py``. ``$ pipenv lock`` will automatically lock your transitive dependencies (e.g. Responder), even if it's not specified in the ``Pipfile``.
+        r = api.requests.post(api.url_for(create), json={"name": "widget"})
+        assert r.status_code == 201
+        assert r.json() == {"created": {"name": "widget"}}

-This will ensure that your application gets installed in every developer's environment, using Pipenv.
+You can also test content negotiation by setting the ``Accept`` header::
+
+    r = api.requests.get("/data", headers={"Accept": "application/x-yaml"})
+    assert "key: value" in r.text
+
+
+Testing Request Validation
+--------------------------
+
+If you're using Pydantic models for request validation, you can test
+that invalid inputs are properly rejected::
+
+    from pydantic import BaseModel
+
+    class Item(BaseModel):
+        name: str
+        price: float
+
+    def test_validation(api):
+        @api.route("/items", methods=["POST"], request_model=Item)
+        async def create(req, resp):
+            data = await req.media()
+            resp.media = data
+
+        # Valid request
+        r = api.requests.post("/items", json={"name": "thing", "price": 9.99})
+        assert r.status_code == 200
+
+        # Missing required field
+        r = api.requests.post("/items", json={"name": "thing"})
+        assert r.status_code == 422
+        assert "errors" in r.json()
+
+
+Testing File Uploads
+--------------------
+
+File uploads use the ``files`` parameter, just like the ``requests``
+library. Each file is a tuple of ``(filename, content, content_type)``::
+
+    def test_upload(api):
+        @api.route("/upload")
+        async def upload(req, resp):
+            files = await req.media("files")
+            resp.media = {"received": list(files.keys())}
+
+        files = {"doc": ("report.pdf", b"content", "application/pdf")}
+        r = api.requests.post(api.url_for(upload), files=files)
+        assert r.json() == {"received": ["doc"]}
+
+
+Testing Headers and Cookies
+----------------------------
+
+Check response headers and cookies just like you would with any HTTP
+client::
+
+    def test_headers(api):
+        @api.route("/")
+        def view(req, resp):
+            resp.headers["X-Custom"] = "hello"
+            resp.cookies["session"] = "abc123"
+
+        r = api.requests.get("/")
+        assert r.headers["X-Custom"] == "hello"
+        assert "session" in r.cookies
+
+
+Testing WebSockets
+------------------
+
+WebSocket tests use Starlette's ``TestClient`` directly, since WebSocket
+connections require a different protocol. The ``websocket_connect`` context
+manager gives you a connection you can send and receive on::
+
+    from starlette.testclient import TestClient
+
+    def test_websocket(api):
+        @api.route("/ws", websocket=True)
+        async def ws(ws):
+            await ws.accept()
+            name = await ws.receive_text()
+            await ws.send_text(f"hello, {name}!")
+            await ws.close()
+
+        client = TestClient(api)
+        with client.websocket_connect("/ws") as ws:
+            ws.send_text("world")
+            assert ws.receive_text() == "hello, world!"
+
+
+Testing Error Handling
+----------------------
+
+By default, the test client raises exceptions from your route handlers,
+which is usually what you want — it makes bugs obvious. But when you're
+testing error handling specifically, you want to see the error response
+instead. Disable exception propagation with ``raise_server_exceptions``::
+
+    from starlette.testclient import TestClient
+
+    def test_500(api):
+        @api.route("/fail")
+        def fail(req, resp):
+            raise ValueError("something broke")
+
+        client = TestClient(api, raise_server_exceptions=False)
+        r = client.get(api.url_for(fail))
+        assert r.status_code == 500
+
+If you've registered a custom exception handler, you can test that too::
+
+    def test_custom_error(api):
+        @api.exception_handler(ValueError)
+        async def handle(req, resp, exc):
+            resp.status_code = 400
+            resp.media = {"error": str(exc)}
+
+        @api.route("/fail")
+        def fail(req, resp):
+            raise ValueError("bad input")
+
+        client = TestClient(api, raise_server_exceptions=False)
+        r = client.get(api.url_for(fail))
+        assert r.status_code == 400
+        assert r.json() == {"error": "bad input"}
+
+
+Testing Lifespan Events
+-----------------------
+
+If your app uses startup and shutdown events (for database connections,
+caches, etc.), you need the test client to trigger them. Wrap the client
+in a ``with`` block — startup runs on enter, shutdown runs on exit::
+
+    def test_with_lifespan(api):
+        started = {"value": False}
+
+        @api.on_event("startup")
+        async def on_startup():
+            started["value"] = True
+
+        @api.route("/")
+        def check(req, resp):
+            resp.media = {"started": started["value"]}
+
+        with api.requests as session:
+            r = session.get("http://;/")
+            assert r.json() == {"started": True}
+
+Without the ``with`` block, lifespan events won't fire, which can lead to
+confusing test failures if your routes depend on startup initialization.
+
+
+Testing Before and After Hooks
+------------------------------
+
+Before-request and after-request hooks run automatically during tests,
+just like in production. You can verify their effects on the response::
+
+    def test_hooks(api):
+        @api.route(before_request=True)
+        def add_version(req, resp):
+            resp.headers["X-Version"] = "3.2"
+
+        @api.after_request()
+        def add_timing(req, resp):
+            resp.headers["X-Served-By"] = "responder"
+
+        @api.route("/")
+        def view(req, resp):
+            resp.text = "ok"
+
+        r = api.requests.get("/")
+        assert r.headers["X-Version"] == "3.2"
+        assert r.headers["X-Served-By"] == "responder"
+
+
+Tips
+----
+
+- **Keep tests fast.** The in-process test client is already fast — no
+  network overhead. Avoid ``time.sleep()`` in tests.
+
+- **One API per test** when testing configuration. If you need a specific
+  ``API()`` configuration (like ``cors=True``), create a new instance
+  in the test rather than sharing the fixture.
+
+- Use ``api.url_for()`` instead of hard-coded paths. It's a small
+  thing, but it makes refactoring painless.
+
+- **Test the contract, not the implementation.** Assert on status codes,
+  response bodies, and headers — not on internal state.
@@ -1,41 +1,276 @@
 Feature Tour
 ============

+This section walks through Responder's features in depth. Each section
+explains the concept, shows working code, and explains the design choices
+behind it. If you're new to web development, this is a good place to learn
+how modern web frameworks work under the hood.
+
+
+Method Filtering
+----------------
+
+HTTP defines several *methods* (also called verbs) that describe what a
+client wants to do with a resource. The most common are:
+
+- ``GET`` — retrieve data
+- ``POST`` — create something new
+- ``PUT`` — replace something entirely
+- ``PATCH`` — update part of something
+- ``DELETE`` — remove something
+
+By default, a Responder route matches all methods. This is fine for simple
+endpoints, but REST APIs typically map different methods to different
+operations. Use the ``methods`` parameter to restrict a route::
+
+    @api.route("/items", methods=["GET"])
+    def list_items(req, resp):
+        resp.media = {"items": []}
+
+    @api.route("/items", methods=["POST"], check_existing=False)
+    async def create_item(req, resp):
+        data = await req.media()
+        resp.media = {"created": data}
+
+Note the ``check_existing=False`` — Responder normally prevents you from
+registering two routes with the same path (to catch typos). When you
+intentionally want multiple handlers for the same path with different
+methods, you need to opt in.
+

 Class-Based Views
 -----------------

-Class-based views (and setting some headers and stuff)::
+Function-based views are great for simple endpoints, but sometimes you want
+to group related HTTP methods together into a single resource. This is
+where class-based views come in — a pattern popularized by
+`Falcon <https://falconframework.org/>`_.
+
+Responder dispatches to the appropriate method handler based on the HTTP
+method::

    @api.route("/{greeting}")
    class GreetingResource:
-        def on_request(self, req, resp, *, greeting):   # or on_get...
+        def on_get(self, req, resp, *, greeting):
            resp.text = f"{greeting}, world!"
-            resp.headers.update({'X-Life': '42'})
-            resp.status_code = api.status_codes.HTTP_416
+
+        def on_post(self, req, resp, *, greeting):
+            resp.media = {"received": greeting}
+
+        def on_request(self, req, resp, *, greeting):
+            """Called on EVERY request, before the method-specific handler."""
+            resp.headers["X-Greeting"] = greeting
+
+The ``on_request`` method is called for all HTTP methods, much like
+middleware scoped to a single route. Method-specific handlers (``on_get``,
+``on_post``, ``on_put``, ``on_delete``, etc.) are called after.
+
+No inheritance required — just define a class with the right method names.
+This is simpler than Django's ``View`` classes and more Pythonic than
+framework-specific base classes.


-Background Tasks
----------------
+Lifespan Events
+---------------

-Here, you can spawn off a background thread to run any function, out-of-request::
+Real applications need to set up resources when they start (database
+connection pools, ML models, caches) and tear them down when they stop.
+This is called the application *lifespan*.

-    @api.route("/")
-    def hello(req, resp):
+The modern approach is the *context manager* pattern, where startup and
+shutdown are two halves of the same block::

-        @api.background.task
-        def sleep(s=10):
-            time.sleep(s)
-            print("slept!")
+    from contextlib import asynccontextmanager

-        sleep()
-        resp.content = "processing"
+    @asynccontextmanager
+    async def lifespan(app):
+        # Startup — runs before the first request
+        print("connecting to database...")
+        yield
+        # Shutdown — runs after the server stops
+        print("closing connections...")
+
+    api = responder.API(lifespan=lifespan)
+
+Everything before ``yield`` runs at startup. Everything after runs at
+shutdown. If startup fails, the server won't start. If shutdown raises,
+it's logged but the server still exits.
+
+The traditional event decorator style also works::
+
+    @api.on_event("startup")
+    async def startup():
+        print("starting up")
+
+    @api.on_event("shutdown")
+    async def shutdown():
+        print("shutting down")
+
+The context manager is preferred for new code — it keeps related startup
+and shutdown logic together and makes resource cleanup more explicit.
+
+
+Serving Files
+-------------
+
+Web applications often need to serve files — downloads, reports, images.
+Responder makes this simple with ``resp.file()``, which reads a file from
+disk and sets the ``Content-Type`` header automatically using Python's
+``mimetypes`` module::
+
+    @api.route("/download")
+    def download(req, resp):
+        resp.file("reports/annual.pdf")
+
+You can override the content type if the automatic detection isn't right::
+
+    @api.route("/image")
+    def image(req, resp):
+        resp.file("photos/cat.jpg", content_type="image/jpeg")
+
+For large files, use ``resp.stream_file()`` to avoid loading the entire
+file into memory. This streams the file in chunks::
+
+    @api.route("/export")
+    def export(req, resp):
+        resp.stream_file("data/export.csv")
+
+
+Custom Error Handling
+---------------------
+
+In production, you don't want your users to see raw Python tracebacks.
+Responder lets you register custom handlers for specific exception types,
+so you can return clean, structured error responses::
+
+    @api.exception_handler(ValueError)
+    async def handle_value_error(req, resp, exc):
+        resp.status_code = 400
+        resp.media = {"error": str(exc)}
+
+Now, any route that raises a ``ValueError`` will return a clean JSON
+response with a 400 status code instead of a generic 500 error page.
+
+This is a common pattern in API development — you define your own exception
+classes for different error conditions, register handlers for each, and
+your API always returns consistent, machine-readable error responses.
+
+
+Before-Request Hooks
+--------------------
+
+Sometimes you need to run the same code before every request —
+authentication checks, request logging, adding common headers, or setting
+up per-request state. Before-request hooks let you do this without
+duplicating code in every route::
+
+    @api.route(before_request=True)
+    def add_headers(req, resp):
+        resp.headers["X-API-Version"] = "3.2"
+
+**Short-circuiting** is the really powerful part. If your hook sets
+``resp.status_code``, the route handler is skipped entirely and the
+response is sent immediately. This is the pattern for authentication::
+
+    @api.route(before_request=True)
+    def auth_check(req, resp):
+        if "Authorization" not in req.headers:
+            resp.status_code = 401
+            resp.media = {"error": "unauthorized"}
+
+If the ``Authorization`` header is missing, the client gets a 401 response
+and the actual route handler never runs. This is cleaner than adding
+auth checks to every individual route.
+
+
+After-Request Hooks
+-------------------
+
+The complement to before-request hooks. After-request hooks run after the
+route handler completes but before the response is sent. They're useful
+for logging, adding response headers, or any post-processing::
+
+    @api.after_request()
+    def log_response(req, resp):
+        print(f"{req.method} {req.full_url} -> {resp.status_code}")
+
+    @api.after_request()
+    async def add_timing(req, resp):
+        resp.headers["X-Served-By"] = "responder"
+
+
+WebSocket Support
+-----------------
+
+HTTP is a request-response protocol — the client asks, the server answers.
+But some applications need real-time, bidirectional communication: chat
+apps, live dashboards, multiplayer games, collaborative editors.
+
+`WebSockets <https://en.wikipedia.org/wiki/WebSocket>`_ solve this by
+upgrading an HTTP connection into a persistent, full-duplex channel where
+both sides can send messages at any time::
+
+    @api.route("/ws", websocket=True)
+    async def websocket(ws):
+        await ws.accept()
+        while True:
+            name = await ws.receive_text()
+            await ws.send_text(f"Hello {name}!")
+        await ws.close()
+
+You can send and receive in multiple formats:
+
+- ``send_text`` / ``receive_text`` — plain text strings
+- ``send_json`` / ``receive_json`` — JSON objects (auto-serialized)
+- ``send_bytes`` / ``receive_bytes`` — raw binary data
+
+WebSocket routes are marked with ``websocket=True`` in the route decorator.
+They receive a ``ws`` object instead of ``req`` and ``resp``.
+
+
+Server-Sent Events (SSE)
+-------------------------
+
+SSE is a simpler alternative to WebSockets for *one-way* real-time
+communication — the server pushes events to the client, but the client
+can't send messages back. This is perfect for live feeds, progress bars,
+notification streams, and AI response streaming.
+
+Unlike WebSockets, SSE works over plain HTTP, is automatically reconnected
+by the browser, and doesn't require any special client-side libraries::
+
+    @api.route("/events")
+    async def events(req, resp):
+        @resp.sse
+        async def stream():
+            for i in range(10):
+                yield {"data": f"message {i}"}
+
+On the client side, you consume SSE events with JavaScript's built-in
+``EventSource`` API::
+
+    const source = new EventSource("/events");
+    source.onmessage = (event) => {
+        console.log(event.data);
+    };
+
+Each yielded value can be a string (treated as data) or a dict with the
+standard SSE fields::
+
+    yield {"event": "update", "data": "hello", "id": "1", "retry": "5000"}
+    yield "simple string message"


 GraphQL
 -------

-Serve a GraphQL API::
+`GraphQL <https://graphql.org/>`_ is a query language for APIs that lets
+clients request exactly the data they need — no more, no less. Instead of
+multiple REST endpoints, you define a schema and let clients query it.
+
+Responder includes built-in GraphQL support via
+`Graphene <https://graphene-python.org/>`_. Set up a full GraphQL endpoint
+with a single method call::

    import graphene

@@ -45,383 +280,318 @@ Serve a GraphQL API::
        def resolve_hello(self, info, name):
            return f"Hello {name}"

-    schema = graphene.Schema(query=Query)
-    view = responder.ext.GraphQLView(api=api, schema=schema)
+    api.graphql("/graphql", schema=graphene.Schema(query=Query))

-    api.add_route("/graph", view)
+Visiting ``/graphql`` in a browser renders the
+`GraphiQL <https://github.com/graphql/graphiql>`_ interactive IDE, where
+you can explore your schema, write queries, and see results in real-time.
+Programmatic clients can POST JSON queries to the same endpoint.

-Visiting the endpoint will render a *GraphiQL* instance, in the browser.
-
-You can make use of Responder's Request and Response objects in your GraphQL resolvers through ``info.context['request']`` and ``info.context['response']``.
+You can access the Responder request and response objects in your resolvers
+through ``info.context["request"]`` and ``info.context["response"]``.


-OpenAPI Schema Support
----------------------
+OpenAPI Documentation
+---------------------

-Responder comes with built-in support for OpenAPI / marshmallow
+`OpenAPI <https://www.openapis.org/>`_ (formerly Swagger) is the industry
+standard for describing REST APIs. An OpenAPI specification lets you
+auto-generate interactive documentation, client libraries, and validation
+logic.

-New in Responder `1.4.0`::
-
-    import responder
-    from responder.ext.schema import Schema as OpenAPISchema
-    from marshmallow import Schema, fields
-
-    contact = {
-        "name": "API Support",
-        "url": "http://www.example.com/support",
-        "email": "support@example.com",
-    }
-    license = {
-        "name": "Apache 2.0",
-        "url": "https://www.apache.org/licenses/LICENSE-2.0.html",
-    }
-    
-    api = responder.API()
-
-    schema = OpenAPISchema(
-        app=api,
-        title="Web Service",
-        version="1.0",
-        openapi="3.0.2",
-        description="A simple pet store",
-        terms_of_service="http://example.com/terms/",
-        contact=contact,
-        license=license,
-    )
-
-    @schema.schema("Pet")
-    class PetSchema(Schema):
-        name = fields.Str()
-
-
-    @api.route("/")
-    def route(req, resp):
-        """A cute furry animal endpoint.
-        ---
-        get:
-            description: Get a random pet
-            responses:
-                200:
-                    description: A pet to be returned
-                    content:  
-                        application/json: 
-                            schema: 
-                                $ref: '#/components/schemas/Pet'                         
-        """
-        resp.media = PetSchema().dump({"name": "little orange"})
-
-
-Old way *It's recommended to use the code above* ::
-
-    import responder
-    from marshmallow import Schema, fields
-
-    contact = {
-        "name": "API Support",
-        "url": "http://www.example.com/support",
-        "email": "support@example.com",
-    }
-    license = {
-        "name": "Apache 2.0",
-        "url": "https://www.apache.org/licenses/LICENSE-2.0.html",
-    }
+Responder generates OpenAPI specs from your code::

    api = responder.API(
-        title="Web Service",
+        title="Pet Store",
        version="1.0",
        openapi="3.0.2",
-        description="A simple pet store",
-        terms_of_service="http://example.com/terms/",
-        contact=contact,
-        license=license,
+        docs_route="/docs",
    )

+This gives you:
+
+- An OpenAPI schema at ``/schema.yml``
+- Interactive Swagger UI documentation at ``/docs``
+
+There are three ways to document your endpoints.
+
+**Pydantic models** — the recommended approach. Use ``request_model`` and
+``response_model`` to annotate your routes, and Responder generates the
+schema automatically. When ``request_model`` is set, request bodies are
+also validated automatically — invalid inputs get a ``422`` response with
+detailed error messages::
+
+    from pydantic import BaseModel
+
+    class PetIn(BaseModel):
+        name: str
+        age: int = 0
+
+    class PetOut(BaseModel):
+        id: int
+        name: str
+        age: int
+
+    @api.route("/pets", methods=["POST"],
+               request_model=PetIn, response_model=PetOut)
+    async def create_pet(req, resp):
+        data = await req.media()
+        resp.media = {"id": 1, **data}
+
+When ``response_model`` is set, the response is serialized through the
+model — extra fields are stripped and types are enforced.
+
+**YAML docstrings** — for full control, embed OpenAPI YAML in the
+docstring::
+
+    @api.route("/pets")
+    def list_pets(req, resp):
+        """A list of pets.
+        ---
+        get:
+            description: Get all pets
+            responses:
+                200:
+                    description: A list of pets
+        """
+        resp.media = [{"name": "Fido"}]
+
+**Marshmallow schemas** — if you're already using marshmallow::
+
+    from marshmallow import Schema, fields
+
    @api.schema("Pet")
    class PetSchema(Schema):
        name = fields.Str()

-    @api.route("/")
-    def route(req, resp):
-        """A cute furry animal endpoint.
-        ---
-        get:
-            description: Get a random pet
-            responses:
-                200:
-                    description: A pet to be returned
-                    content:  
-                        application/json: 
-                            schema: 
-                                $ref: '#/components/schemas/Pet'                         
-        """
-        resp.media = PetSchema().dump({"name": "little orange"})
-
-::
-
-    >>> r = api.session().get("http://;/schema.yml")
-
-    >>> print(r.text)
-    components:
-      parameters: {}
-      responses: {}
-      schemas:
-        Pet:
-          properties:
-            name: {type: string}
-          type: object
-      securitySchemes: {}
-    info:
-      contact: {email: support@example.com, name: API Support, url: 'http://www.example.com/support'}
-      description: This is a sample server for a pet store.
-      license: {name: Apache 2.0, url: 'https://www.apache.org/licenses/LICENSE-2.0.html'}
-      termsOfService: http://example.com/terms/
-      title: Web Service
-      version: 1.0
-    openapi: 3.0.2
-    paths:
-      /:
-        get:
-          description: Get a random pet
-          responses:
-            200: {description: A pet to be returned, schema: $ref: "#/components/schemas/Pet"}
-    tags: []
+All three approaches can be mixed in the same API. You can choose from
+multiple documentation themes: ``swagger_ui`` (default), ``redoc``,
+``rapidoc``, or ``elements``.


-Interactive Documentation
-------------------------
+Route Groups
+------------

-Responder can automatically supply API Documentation for you. Using the example above
+As your application grows, you'll want to organize routes logically.
+Route groups let you share a URL prefix across related endpoints — a
+common pattern for API versioning::

-The new and recommended way::
+    v1 = api.group("/v1")

-    ...
-    from responder.ext.schema import Schema
-    ...
-    api = responder.API()
+    @v1.route("/users")
+    def list_users(req, resp):
+        resp.media = []

-    schema = Schema(
-        app=api,
-        title="Web Service",
-        version="1.0",
-        openapi="3.0.2",
-        ...
-        docs_route='/docs',
-        ...
-        description=description,
-        terms_of_service=terms_of_service,
-        contact=contact,
-        license=license,
-    )
-    
+    @v1.route("/users/{user_id:int}")
+    def get_user(req, resp, *, user_id):
+        resp.media = {"id": user_id}

-The old way ::
+    v2 = api.group("/v2")

-    api = responder.API(
-        title="Web Service",
-        version="1.0",
-        openapi="3.0.2",
-        docs_route='/docs',
-        description=description,
-        terms_of_service=terms_of_service,
-        contact=contact,
-        license=license,
-    )
+    @v2.route("/users")
+    def list_users_v2(req, resp):
+        resp.media = {"users": [], "total": 0}

-This will make ``/docs`` render interactive documentation for your API.
+This keeps your code organized without affecting the routing logic.

-Mount a WSGI / ASGI Apps (e.g. Flask, Starlette,...)
----------------------------------------------------

-Responder gives you the ability to mount another ASGI / WSGI app at a subroute::
+Mounting Other Apps
+-------------------
+
+Responder can mount any WSGI or ASGI application at a subroute. This is
+incredibly useful for gradual migrations — you can run Flask and Responder
+side by side, moving routes over one at a time::

-    import responder
    from flask import Flask

-    api = responder.API()
-    flask = Flask(__name__)
+    flask_app = Flask(__name__)

-    @flask.route('/')
+    @flask_app.route("/")
    def hello():
-        return 'hello'
+        return "Hello from Flask!"

-    api.mount('/flask', flask)
+    api.mount("/flask", flask_app)

-That's it!
+Requests to ``/flask/`` will be handled by Flask. Everything else goes
+through Responder. Both WSGI and ASGI apps are supported — Responder
+wraps WSGI apps in an ASGI adapter automatically.

-Single-Page Web Apps
--------------------

-If you have a single-page webapp, you can tell Responder to serve up your ``static/index.html`` at a route, like so::
+Cookies
+-------
+
+`Cookies <https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies>`_ are
+small pieces of data that the server asks the browser to store and send
+back with every subsequent request. They're the foundation of sessions,
+authentication tokens, and user preferences on the web.
+
+Reading and writing cookies is straightforward::
+
+    # Read cookies from the request
+    session_id = req.cookies.get("session_id")
+
+    # Set a cookie on the response
+    resp.cookies["hello"] = "world"
+
+For production use, you'll want to set security directives. The
+``httponly`` flag prevents JavaScript from reading the cookie (defending
+against XSS attacks), and ``secure`` ensures it's only sent over HTTPS::
+
+    resp.set_cookie(
+        "token",
+        value="abc123",
+        max_age=3600,        # expires in 1 hour
+        secure=True,         # HTTPS only
+        httponly=True,        # no JavaScript access
+        path="/",
+    )
+
+
+Cookie-Based Sessions
+---------------------
+
+Sessions let you store per-user data across multiple requests. Responder's
+built-in sessions are cookie-based — the session data is serialized, signed
+with your secret key, and stored in a cookie. The signature prevents
+tampering: if someone modifies the cookie, the signature won't match and
+the data will be rejected::
+
+    @api.route("/login")
+    def login(req, resp):
+        resp.session["username"] = "alice"
+
+    @api.route("/profile")
+    def profile(req, resp):
+        resp.media = {"user": req.session.get("username")}
+
+.. warning::
+
+   Always set a secret key in production. The default key is not secret::
+
+       api = responder.API(secret_key="your-secret-key-here")
+
+
+Static Files
+------------
+
+Most web applications serve static assets — CSS stylesheets, JavaScript
+files, images, fonts. Responder serves these from the ``static/`` directory
+by default::
+
+    api = responder.API(static_dir="static", static_route="/static")
+
+Place your assets in the ``static/`` directory and they'll be served
+automatically at ``/static/style.css``, ``/static/app.js``, etc.
+
+For single-page applications (React, Vue, Angular), you can serve
+``index.html`` as the default response for all unmatched routes::

    api.add_route("/", static=True)

-This will make ``index.html`` the default response to all undefined routes.
-
-Reading / Writing Cookies
-------------------------
-
-Responder makes it very easy to interact with cookies from a Request, or add some to a Response::
-
-    >>> resp.cookies["hello"] = "world"
-
-    >>> req.cookies
-    {"hello": "world"}
-
-
-To set cookies directives, you should use `resp.set_cookie`::
-
-    >>> resp.set_cookie("hello", value="world", max_age=60)
-
-Supported directives:
-
-* ``key`` - **Required**
-* ``value`` - [OPTIONAL] - Defaults to ``""``. 
-* ``expires`` - Defaults to ``None``.
-* ``max_age`` - Defaults to ``None``.
-* ``domain`` - Defaults to ``None``.
-* ``path`` - Defaults to ``"/"``.
-* ``secure`` - Defaults to ``False``.
-* ``httponly`` - Defaults to ``True``.
-
-For more information see `directives <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#Directives>`_
-
-
-Using Cookie-Based Sessions
---------------------------
-
-Responder has built-in support for cookie-based sessions. To enable cookie-based sessions, simply add something to the ``resp.session`` dictionary::
-
-    >>> resp.session['username'] = 'kennethreitz'
-
-A cookie called ``Responder-Session`` will be set, which contains all the data in ``resp.session``. It is signed, for verification purposes.
-
-You can easily read a Request's session data, that can be trusted to have originated from the API::
-
-    >>> req.session
-    {'username': 'kennethreitz'}
-
-**Note**: if you are using this in production, you should pass the ``secret_key`` argument to ``API(...)``::
-
-    api = responder.API(secret_key=os.environ['SECRET_KEY'])
-
-Using ``before_request``
------------------------
-
-If you'd like a view to be executed before every request, simply do the following::
-
-    @api.route(before_request=True)
-    def prepare_response(req, resp):
-        resp.headers["X-Pizza"] = "42"
-
-Now all requests to your HTTP Service will include an ``X-Pizza`` header.
-
-For ``websockets``::
-
-    @api.route(before_request=True, websocket=True)
-    def prepare_response(ws):
-        await ws.accept()
-
-
-WebSocket Support
-----------------
-
-Responder supports WebSockets::
-
-    @api.route('/ws', websocket=True)
-    async def websocket(ws):
-        await ws.accept()
-        while True:
-            name = await ws.receive_text()
-            await ws.send_text(f"Hello {name}!")
-        await ws.close()
-
-Accepting the connection::
-
-    await websocket.accept()
-
-Sending and receiving data::
-
-    await websocket.send_{format}(data) 
-    await websocket.receive_{format}(data)
-
-Supported formats: ``text``, ``json``, ``bytes``.
-
-Closing the connection::
-
-    await websocket.close()
-
-Using Requests Test Client
--------------------------
-
-Responder comes with a first-class, well supported test client for your ASGI web services: **Requests**.
-
-Here's an example of a test (written with pytest)::
-
-    import myapi
-
-    @pytest.fixture
-    def api():
-        return myapi.api
-
-    def test_response(api):
-        hello = "hello, world!"
-
-        @api.route('/some-url')
-        def some_view(req, resp):
-            resp.text = hello
-
-        r = api.requests.get(url=api.url_for(some_view))
-        assert r.text == hello
-
-HSTS (Redirect to HTTPS)
------------------------
-
-Want HSTS (to redirect all traffic to HTTPS)?
-
-::
-
-    api = responder.API(enable_hsts=True)
-
-
-Boom.

 CORS
 ----

-Want `CORS <https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/>`_ ?
+`CORS <https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS>`_ (Cross-
+Origin Resource Sharing) is a security mechanism that controls which
+websites can make requests to your API. Browsers enforce this — if your
+API is at ``api.example.com`` and your frontend is at ``app.example.com``,
+the browser will block requests unless your API explicitly allows it.

-::
+Enable CORS and configure which origins are allowed::

-    api = responder.API(cors=True)
+    api = responder.API(cors=True, cors_params={
+        "allow_origins": ["https://app.example.com"],
+        "allow_methods": ["GET", "POST"],
+        "allow_headers": ["*"],
+        "allow_credentials": True,
+        "max_age": 600,
+    })
+
+The default policy is restrictive — you must explicitly allow each origin.
+Using ``["*"]`` for allow_origins permits any website to call your API,
+which is fine for public APIs but not for private ones.


-The default parameters used by **Responder** are restrictive by default, so you'll need to explicitly enable particular origins, methods, or headers, in order for browsers to be permitted to use them in a Cross-Domain context.
+HSTS
+----

-In order to set custom parameters, you need to set the ``cors_params`` argument of ``api``, a dictionary containing the following entries:
+`HSTS <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security>`_
+(HTTP Strict Transport Security) tells browsers to always use HTTPS when
+communicating with your server. Once a browser sees the HSTS header, it
+will refuse to connect over plain HTTP, even if the user types ``http://``
+in the address bar::
+
+    api = responder.API(enable_hsts=True)

-* ``allow_origins`` - A list of origins that should be permitted to make cross-origin requests. eg. ``['https://example.org', 'https://www.example.org']``. You can use ``['*']`` to allow any origin.
-* ``allow_origin_regex`` - A regex string to match against origins that should be permitted to make cross-origin requests. eg. ``'https://.*\.example\.org'``.
-* ``allow_methods`` - A list of HTTP methods that should be allowed for cross-origin requests. Defaults to `['GET']`. You can use ``['*']`` to allow all standard methods.
-* ``allow_headers`` - A list of HTTP request headers that should be supported for cross-origin requests. Defaults to ``[]``. You can use ``['*']`` to allow all headers. The ``Accept``, ``Accept-Language``, ``Content-Language`` and ``Content-Type`` headers are always allowed for CORS requests.
-* ``allow_credentials`` - Indicate that cookies should be supported for cross-origin requests. Defaults to ``False``.
-* ``expose_headers`` - Indicate any response headers that should be made accessible to the browser. Defaults to ``[]``.
-* ``max_age`` - Sets a maximum time in seconds for browsers to cache CORS responses. Defaults to ``60``.

 Trusted Hosts
 -------------

-Make sure that all the incoming requests headers have a valid ``host``, that matches one of the provided patterns in the ``allowed_hosts`` attribute, in order to prevent HTTP Host Header attacks.
+The ``Host`` header in an HTTP request tells the server which domain name
+the client used. Attackers can forge this header to trick your application
+into generating URLs to malicious domains (a class of attack called *Host
+header injection*).

-A 400 response will be raised, if a request does not match any of the provided patterns in the ``allowed_hosts`` attribute.
+Restrict which hostnames your application accepts::

-::
+    api = responder.API(allowed_hosts=["example.com", "*.example.com"])

-    api = responder.API(allowed_hosts=['example.com', 'tenant.example.com'])
+Requests with unrecognized hosts get a ``400 Bad Request``. Wildcard
+patterns are supported. By default, all hostnames are allowed.

-* ``allowed_hosts`` - A list of allowed hostnames. 

-Note:
+Request ID
+----------

-* By default, all hostnames are allowed.
-* Wildcard domains such as ``*.example.com`` are supported.
-* To allow any hostname use ``allowed_hosts=["*"]``.
+In distributed systems, tracing a single request across multiple services
+is essential for debugging. Request IDs are unique identifiers attached to
+each request — if something goes wrong, you can search your logs for that
+ID and find every related event.
+
+Responder can auto-generate request IDs. If the client sends an
+``X-Request-ID`` header (common in microservice architectures), it's
+forwarded. Otherwise, a new UUID is generated::
+
+    api = responder.API(request_id=True)
+
+The ID appears in the ``X-Request-ID`` response header.
+
+
+Rate Limiting
+-------------
+
+Rate limiting prevents individual clients from overwhelming your API with
+too many requests. It's essential for public APIs, and good practice even
+for internal ones.
+
+Responder includes a built-in token bucket rate limiter::
+
+    from responder.ext.ratelimit import RateLimiter
+
+    limiter = RateLimiter(requests=100, period=60)  # 100 req/min
+    limiter.install(api)
+
+When the limit is exceeded, clients receive a ``429 Too Many Requests``
+response with a ``Retry-After`` header. Every response includes
+``X-RateLimit-Limit`` and ``X-RateLimit-Remaining`` headers so clients
+can pace themselves.
+
+The rate limiter is per-client, keyed by IP address.
+
+
+MessagePack
+-----------
+
+`MessagePack <https://msgpack.org/>`_ is a binary serialization format
+that's more compact and faster to parse than JSON. It's useful for
+high-throughput APIs, IoT devices, and anywhere bandwidth matters.
+
+Responder supports MessagePack alongside JSON and YAML::
+
+    # Decode a MessagePack request body
+    data = await req.media("msgpack")
+
+Content negotiation works too — clients can send
+``Accept: application/x-msgpack`` to receive MessagePack responses
+instead of JSON.
@@ -0,0 +1,191 @@
+Authentication
+==============
+
+Every API that handles user data needs authentication — a way to verify
+who is making a request. This guide covers the most common patterns:
+API keys, JWT tokens, and how to build reusable auth guards with
+Responder's before-request hooks.
+
+
+API Key Authentication
+----------------------
+
+The simplest approach. The client sends a secret key in a header, and
+your server checks it against a known value. This is common for
+server-to-server communication and simple APIs::
+
+    API_KEYS = {"sk-abc123", "sk-def456"}
+
+    @api.route(before_request=True)
+    def check_api_key(req, resp):
+        key = req.headers.get("X-API-Key")
+        if key not in API_KEYS:
+            resp.status_code = 401
+            resp.media = {"error": "Invalid or missing API key"}
+
+Because the before-request hook sets ``resp.status_code``, the route
+handler is skipped entirely for unauthorized requests. The client never
+reaches your endpoint — the guard catches them first.
+
+The client sends the key like this::
+
+    $ curl -H "X-API-Key: sk-abc123" http://localhost:5042/protected
+
+
+Bearer Token Authentication
+----------------------------
+
+Bearer tokens are the standard for modern APIs. The client sends a token
+in the ``Authorization`` header, and the server validates it. The most
+common format is `JWT <https://jwt.io/>`_ (JSON Web Tokens).
+
+Install PyJWT::
+
+    $ uv pip install pyjwt
+
+Create a helper to encode and decode tokens::
+
+    import jwt
+    from datetime import datetime, timedelta
+
+    SECRET = "your-secret-key"
+
+    def create_token(user_id: int) -> str:
+        payload = {
+            "sub": user_id,
+            "exp": datetime.utcnow() + timedelta(hours=24),
+        }
+        return jwt.encode(payload, SECRET, algorithm="HS256")
+
+    def verify_token(token: str) -> dict | None:
+        try:
+            return jwt.decode(token, SECRET, algorithms=["HS256"])
+        except jwt.InvalidTokenError:
+            return None
+
+Add a login endpoint that issues tokens, and a before-request hook that
+verifies them::
+
+    @api.route("/login", methods=["POST"])
+    async def login(req, resp):
+        data = await req.media()
+        # In a real app, check credentials against a database
+        if data.get("username") == "admin" and data.get("password") == "secret":
+            token = create_token(user_id=1)
+            resp.media = {"token": token}
+        else:
+            resp.status_code = 401
+            resp.media = {"error": "Invalid credentials"}
+
+    @api.route(before_request=True)
+    def auth_guard(req, resp):
+        # Skip auth for the login endpoint itself
+        if req.url.path == "/login":
+            return
+
+        auth = req.headers.get("Authorization", "")
+        if not auth.startswith("Bearer "):
+            resp.status_code = 401
+            resp.media = {"error": "Missing bearer token"}
+            return
+
+        token = auth[7:]  # Strip "Bearer "
+        payload = verify_token(token)
+        if payload is None:
+            resp.status_code = 401
+            resp.media = {"error": "Invalid or expired token"}
+            return
+
+        # Store the authenticated user on the request state
+        req.state.user_id = payload["sub"]
+
+Now any route can access the authenticated user::
+
+    @api.route("/me")
+    def get_me(req, resp):
+        resp.media = {"user_id": req.state.user_id}
+
+The client flow:
+
+1. ``POST /login`` with credentials → receive a token
+2. Include ``Authorization: Bearer <token>`` on every subsequent request
+3. The token expires after 24 hours — the client must log in again
+
+
+Skipping Auth for Public Routes
+--------------------------------
+
+The example above skips auth for ``/login`` by checking the path. For
+more control, you can use a set of public paths::
+
+    PUBLIC_PATHS = {"/login", "/signup", "/health", "/docs", "/schema.yml"}
+
+    @api.route(before_request=True)
+    def auth_guard(req, resp):
+        if req.url.path in PUBLIC_PATHS:
+            return
+        # ... check token
+
+
+Custom Exception for Auth Errors
+---------------------------------
+
+For cleaner code, define a custom exception and register a handler::
+
+    class AuthError(Exception):
+        def __init__(self, message="Unauthorized", status_code=401):
+            self.message = message
+            self.status_code = status_code
+
+    @api.exception_handler(AuthError)
+    async def handle_auth_error(req, resp, exc):
+        resp.status_code = exc.status_code
+        resp.media = {"error": exc.message}
+
+Now your auth guard can simply raise::
+
+    @api.route(before_request=True)
+    def auth_guard(req, resp):
+        if req.url.path in PUBLIC_PATHS:
+            return
+        if "Authorization" not in req.headers:
+            raise AuthError("Missing authorization header")
+
+
+Using Sessions for Web Apps
+----------------------------
+
+For traditional web applications (with HTML pages and forms), cookie-based
+sessions are simpler than tokens. The browser handles cookies automatically
+— no client-side token management needed::
+
+    @api.route("/login", methods=["POST"])
+    async def login(req, resp):
+        data = await req.media("form")
+        if data["username"] == "admin" and data["password"] == "secret":
+            resp.session["user"] = data["username"]
+            api.redirect(resp, location="/dashboard")
+        else:
+            resp.status_code = 401
+            resp.html = "<p>Invalid credentials</p>"
+
+    @api.route("/dashboard")
+    def dashboard(req, resp):
+        user = req.session.get("user")
+        if not user:
+            api.redirect(resp, location="/login")
+            return
+        resp.html = f"<h1>Welcome, {user}!</h1>"
+
+    @api.route("/logout")
+    def logout(req, resp):
+        resp.session.clear()
+        api.redirect(resp, location="/login")
+
+Remember to set a proper secret key::
+
+    api = responder.API(secret_key="your-production-secret-key")
+
+The session data is signed (not encrypted) — users can read it but
+can't tamper with it. Don't store sensitive data like passwords in
+sessions.
@@ -0,0 +1,192 @@
+Migrating from Flask
+====================
+
+If you're coming from Flask, you'll find Responder familiar but different
+in a few key ways. This guide maps Flask concepts to their Responder
+equivalents and shows you how to translate common patterns.
+
+
+The Big Differences
+-------------------
+
+**No return values.** In Flask, you return a response. In Responder, you
+mutate it. This is the single biggest difference:
+
+Flask::
+
+    @app.route("/")
+    def hello():
+        return "hello, world!"
+
+Responder::
+
+    @api.route("/")
+    def hello(req, resp):
+        resp.text = "hello, world!"
+
+**Explicit request and response.** Flask uses a global ``request`` object
+(via thread-local magic). Responder passes ``req`` and ``resp`` explicitly.
+No magic, no import needed — they're right there in the function signature.
+
+**ASGI, not WSGI.** Flask runs on WSGI, which is synchronous. Responder
+runs on ASGI, which supports async natively. You can still write sync
+views — Responder runs them in a thread pool automatically.
+
+
+Quick Reference
+---------------
+
+.. list-table::
+   :header-rows: 1
+   :widths: 40 60
+
+   * - Flask
+     - Responder
+   * - ``Flask(__name__)``
+     - ``responder.API()``
+   * - ``return "text"``
+     - ``resp.text = "text"``
+   * - ``return jsonify(data)``
+     - ``resp.media = data``
+   * - ``return render_template("t.html", x=1)``
+     - ``resp.html = api.template("t.html", x=1)``
+   * - ``request.args["q"]``
+     - ``req.params["q"]``
+   * - ``request.json``
+     - ``await req.media()``
+   * - ``request.form``
+     - ``await req.media("form")``
+   * - ``request.headers["X"]``
+     - ``req.headers["X"]``
+   * - ``request.method``
+     - ``req.method``
+   * - ``request.cookies["x"]``
+     - ``req.cookies["x"]``
+   * - ``session["x"] = 1``
+     - ``resp.session["x"] = 1``
+   * - ``abort(404)``
+     - ``resp.status_code = 404``
+   * - ``redirect("/new")``
+     - ``api.redirect(resp, location="/new")``
+   * - ``@app.before_request``
+     - ``@api.route(before_request=True)``
+   * - ``@app.errorhandler(404)``
+     - ``@api.exception_handler(ValueError)``
+   * - ``app.run(debug=True)``
+     - ``api.run(debug=True)``
+
+
+Route Parameters
+----------------
+
+Flask uses ``<angle_brackets>``. Responder uses ``{curly_braces}``
+with the same type convertor idea:
+
+Flask::
+
+    @app.route("/users/<int:user_id>")
+    def get_user(user_id):
+        return jsonify({"id": user_id})
+
+Responder::
+
+    @api.route("/users/{user_id:int}")
+    def get_user(req, resp, *, user_id):
+        resp.media = {"id": user_id}
+
+Note the ``*`` — route parameters are keyword-only arguments in
+Responder. This makes the interface explicit about which arguments
+come from the URL.
+
+
+JSON APIs
+---------
+
+Flask::
+
+    @app.route("/api/items", methods=["POST"])
+    def create_item():
+        data = request.json
+        # ... create item
+        return jsonify(item), 201
+
+Responder::
+
+    @api.route("/api/items", methods=["POST"])
+    async def create_item(req, resp):
+        data = await req.media()
+        # ... create item
+        resp.media = item
+        resp.status_code = 201
+
+The ``await`` is needed because reading the request body is an async
+I/O operation. This is more explicit than Flask's approach, and it
+means the event loop isn't blocked while waiting for the body to arrive.
+
+
+Templates
+---------
+
+Both use Jinja2. The syntax is nearly identical:
+
+Flask::
+
+    @app.route("/hello/<name>")
+    def hello(name):
+        return render_template("hello.html", name=name)
+
+Responder::
+
+    @api.route("/hello/{name}")
+    def hello(req, resp, *, name):
+        resp.html = api.template("hello.html", name=name)
+
+
+Blueprints → Route Groups
+--------------------------
+
+Flask uses Blueprints to organize routes. Responder has route groups:
+
+Flask::
+
+    bp = Blueprint("api", __name__, url_prefix="/api")
+
+    @bp.route("/users")
+    def list_users():
+        return jsonify([])
+
+    app.register_blueprint(bp)
+
+Responder::
+
+    api_v1 = api.group("/api")
+
+    @api_v1.route("/users")
+    def list_users(req, resp):
+        resp.media = []
+
+
+Gradual Migration
+-----------------
+
+You don't have to migrate all at once. Responder can mount your existing
+Flask app at a subroute, so you can move endpoints over one at a time::
+
+    from flask import Flask
+
+    flask_app = Flask(__name__)
+
+    # Your existing Flask routes stay here
+    @flask_app.route("/legacy")
+    def legacy():
+        return "old endpoint"
+
+    # Mount Flask under /old, new routes go on Responder
+    api.mount("/old", flask_app)
+
+    @api.route("/new")
+    def new_endpoint(req, resp):
+        resp.media = {"modern": True}
+
+Requests to ``/old/legacy`` go to Flask. Everything else goes to
+Responder. When you've moved everything over, remove the mount.
@@ -0,0 +1,129 @@
+Writing Middleware
+=================
+
+Middleware sits between the server and your route handlers, processing
+every request and response that flows through your application. It's the
+right tool for cross-cutting concerns — things that apply to *all*
+requests, not just specific routes.
+
+Common middleware use cases:
+
+- Request logging and timing
+- Authentication and authorization
+- Adding security headers
+- Request ID generation
+- Rate limiting
+- Response compression (built-in)
+
+
+Hooks vs. Middleware
+--------------------
+
+Responder gives you two levels of request processing:
+
+**Hooks** (``before_request`` / ``after_request``) run inside Responder's
+routing layer. They receive Responder's ``req`` and ``resp`` objects and
+are the simplest way to add behavior::
+
+    @api.route(before_request=True)
+    def add_header(req, resp):
+        resp.headers["X-Powered-By"] = "Responder"
+
+    @api.after_request()
+    def log_request(req, resp):
+        print(f"{req.method} {req.url.path} -> {resp.status_code}")
+
+**Middleware** runs at the ASGI level, wrapping the entire application.
+It's more powerful but more complex — you work with raw ASGI scopes
+instead of Responder objects. Use middleware when you need to process
+requests *before* they reach Responder's routing, or when you need to
+integrate with Starlette middleware.
+
+
+Using Starlette Middleware
+--------------------------
+
+Responder is built on Starlette, so any Starlette middleware works
+out of the box::
+
+    from starlette.middleware.base import BaseHTTPMiddleware
+
+    class TimingMiddleware(BaseHTTPMiddleware):
+        async def dispatch(self, request, call_next):
+            import time
+            start = time.time()
+            response = await call_next(request)
+            duration = time.time() - start
+            response.headers["X-Response-Time"] = f"{duration:.3f}s"
+            return response
+
+    api.add_middleware(TimingMiddleware)
+
+The ``dispatch`` method receives a Starlette ``Request`` and a
+``call_next`` function. Call ``call_next(request)`` to pass the request
+to the next middleware (or to your route handler). The return value is
+a Starlette ``Response`` that you can modify before it's sent.
+
+
+Built-in Middleware
+-------------------
+
+Responder configures several middleware components automatically:
+
+- **GZipMiddleware** — compresses responses larger than 500 bytes
+- **TrustedHostMiddleware** — validates the ``Host`` header
+- **ServerErrorMiddleware** — catches unhandled exceptions
+- **ExceptionMiddleware** — routes exceptions to your handlers
+- **SessionMiddleware** — manages signed cookie sessions
+
+Optional middleware you can enable:
+
+- **CORSMiddleware** — ``api = responder.API(cors=True)``
+- **HTTPSRedirectMiddleware** — ``api = responder.API(enable_hsts=True)``
+
+
+Adding Third-Party Middleware
+-----------------------------
+
+Any ASGI middleware can be added with ``api.add_middleware()``::
+
+    from some_package import SomeMiddleware
+
+    api.add_middleware(SomeMiddleware, option1="value", option2=True)
+
+Keyword arguments are passed to the middleware's constructor.
+
+
+Middleware Order
+----------------
+
+Middleware wraps your application like layers of an onion. The *last*
+middleware added is the *outermost* layer — it sees the request first
+and the response last.
+
+Responder's built-in middleware stack (from outermost to innermost):
+
+1. SessionMiddleware
+2. ServerErrorMiddleware
+3. CORSMiddleware (if enabled)
+4. TrustedHostMiddleware
+5. HTTPSRedirectMiddleware (if enabled)
+6. GZipMiddleware
+7. ExceptionMiddleware
+8. Your routes
+
+When you call ``api.add_middleware()``, your middleware is added *outside*
+the existing stack. Keep this in mind for ordering dependencies — if
+middleware A depends on middleware B having run first, add B before A.
+
+
+When to Use What
+-----------------
+
+- **Simple header additions, logging, auth checks** → use hooks
+- **Response transformation, timing, third-party integrations** → use middleware
+- **Rate limiting** → use the built-in ``RateLimiter`` (it uses hooks internally)
+- **Request ID** → use ``api = responder.API(request_id=True)``
+
+Start with hooks. They're simpler and cover most cases. Graduate to
+middleware when hooks aren't enough.
@@ -0,0 +1,219 @@
+Building a REST API
+===================
+
+This tutorial walks you through building a complete REST API from scratch.
+By the end, you'll have a working API with CRUD operations, request
+validation, error handling, and interactive documentation.
+
+We'll build a simple book catalog — a service that lets you create, read,
+update, and delete books.
+
+
+Project Setup
+-------------
+
+Create a new file called ``app.py``::
+
+    import responder
+
+    api = responder.API(
+        title="Book Catalog",
+        version="1.0",
+        openapi="3.0.2",
+        docs_route="/docs",
+    )
+
+We're enabling OpenAPI documentation from the start. Visit ``/docs`` at
+any point to see interactive Swagger UI for your API.
+
+
+Define Your Models
+------------------
+
+We'll use `Pydantic <https://docs.pydantic.dev/>`_ to define our data
+models. Pydantic models serve double duty — they validate incoming data
+*and* generate OpenAPI schemas automatically::
+
+    from pydantic import BaseModel
+
+    class BookIn(BaseModel):
+        """What the client sends when creating a book."""
+        title: str
+        author: str
+        year: int
+        isbn: str | None = None
+
+    class Book(BaseModel):
+        """What the API returns."""
+        id: int
+        title: str
+        author: str
+        year: int
+        isbn: str | None = None
+
+``BookIn`` is the *input* model — it doesn't have an ``id`` because the
+server assigns that. ``Book`` is the *output* model — it includes
+everything. This input/output separation is a common REST API pattern.
+
+
+In-Memory Storage
+-----------------
+
+For this tutorial, we'll store books in a simple dict. In a real
+application, you'd use a database (see :doc:`tutorial-sqlalchemy`)::
+
+    books_db: dict[int, dict] = {}
+    next_id = 1
+
+
+List All Books
+--------------
+
+The first endpoint — list all books. This is a ``GET`` request to
+``/books``::
+
+    @api.route("/books", methods=["GET"], response_model=list)
+    def list_books(req, resp):
+        resp.media = list(books_db.values())
+
+In REST API design, ``GET`` requests should never modify data. They're
+*safe* and *idempotent* — calling them multiple times has the same effect
+as calling them once.
+
+
+Create a Book
+-------------
+
+To create a book, the client sends a ``POST`` request with a JSON body.
+We use ``request_model=BookIn`` to validate the input automatically — if
+the client sends bad data, they get a ``422`` response with error details::
+
+    @api.route("/books", methods=["POST"], check_existing=False,
+               request_model=BookIn, response_model=Book)
+    async def create_book(req, resp):
+        global next_id
+        data = await req.media()
+
+        book = {"id": next_id, **data}
+        books_db[next_id] = book
+        next_id += 1
+
+        resp.media = book
+        resp.status_code = 201
+
+Note ``resp.status_code = 201`` — the HTTP ``201 Created`` status code
+tells the client that a new resource was successfully created. This is
+more informative than a generic ``200 OK``.
+
+
+Get a Single Book
+-----------------
+
+Retrieve a specific book by its ID. The ``{book_id:int}`` route parameter
+ensures only integer IDs match — requests like ``/books/abc`` will 404::
+
+    @api.route("/books/{book_id:int}", methods=["GET"], response_model=Book)
+    def get_book(req, resp, *, book_id):
+        if book_id not in books_db:
+            resp.status_code = 404
+            resp.media = {"error": f"Book {book_id} not found"}
+            return
+
+        resp.media = books_db[book_id]
+
+
+Update a Book
+-------------
+
+``PUT`` replaces a resource entirely. The client must send all fields::
+
+    @api.route("/books/{book_id:int}", methods=["PUT"], check_existing=False,
+               request_model=BookIn, response_model=Book)
+    async def update_book(req, resp, *, book_id):
+        if book_id not in books_db:
+            resp.status_code = 404
+            resp.media = {"error": f"Book {book_id} not found"}
+            return
+
+        data = await req.media()
+        book = {"id": book_id, **data}
+        books_db[book_id] = book
+        resp.media = book
+
+
+Delete a Book
+-------------
+
+``DELETE`` removes a resource. The convention is to return ``204 No Content``
+with an empty body on success::
+
+    @api.route("/books/{book_id:int}", methods=["DELETE"], check_existing=False)
+    def delete_book(req, resp, *, book_id):
+        if book_id not in books_db:
+            resp.status_code = 404
+            resp.media = {"error": f"Book {book_id} not found"}
+            return
+
+        del books_db[book_id]
+        resp.status_code = 204
+
+
+Error Handling
+--------------
+
+Let's add a custom error handler so any ``ValueError`` in our code returns
+a clean JSON response instead of a 500 error::
+
+    @api.exception_handler(ValueError)
+    async def handle_value_error(req, resp, exc):
+        resp.status_code = 400
+        resp.media = {"error": str(exc)}
+
+
+Run It
+------
+
+Add the standard entry point at the bottom of your file::
+
+    if __name__ == "__main__":
+        api.run()
+
+Start the server::
+
+    $ python app.py
+
+Visit ``http://localhost:5042/docs`` to see your interactive API
+documentation. You can test every endpoint directly from the browser.
+
+
+Try It Out
+----------
+
+Using ``curl``::
+
+    # Create a book
+    $ curl -X POST http://localhost:5042/books \
+        -H "Content-Type: application/json" \
+        -d '{"title": "Dune", "author": "Frank Herbert", "year": 1965}'
+
+    # List all books
+    $ curl http://localhost:5042/books
+
+    # Get a specific book
+    $ curl http://localhost:5042/books/1
+
+    # Update a book
+    $ curl -X PUT http://localhost:5042/books/1 \
+        -H "Content-Type: application/json" \
+        -d '{"title": "Dune", "author": "Frank Herbert", "year": 1965, "isbn": "978-0441172719"}'
+
+    # Delete a book
+    $ curl -X DELETE http://localhost:5042/books/1
+
+
+What's Next
+-----------
+
+This tutorial used in-memory storage. For a real application, you'll want
+a database. See :doc:`tutorial-sqlalchemy` for how to integrate SQLAlchemy
+with Responder using the lifespan pattern.
@@ -0,0 +1,254 @@
+Using SQLAlchemy
+================
+
+Most real web applications need a database. This guide shows how to
+integrate `SQLAlchemy <https://www.sqlalchemy.org/>`_ with Responder,
+using async support and the lifespan pattern for connection management.
+
+SQLAlchemy is the most popular Python database toolkit. It gives you an
+ORM (Object-Relational Mapper) for working with databases using Python
+classes instead of raw SQL, plus a powerful query builder for when you
+need fine-grained control.
+
+
+Installation
+------------
+
+Install SQLAlchemy with async support and an async database driver.
+We'll use SQLite for simplicity, but the pattern works with PostgreSQL,
+MySQL, and any other database SQLAlchemy supports::
+
+    $ uv pip install 'sqlalchemy[asyncio]' aiosqlite
+
+
+Define Your Models
+------------------
+
+SQLAlchemy models map Python classes to database tables. Each attribute
+becomes a column::
+
+    # models.py
+    from sqlalchemy import Column, Integer, String
+    from sqlalchemy.orm import DeclarativeBase
+
+    class Base(DeclarativeBase):
+        pass
+
+    class Book(Base):
+        __tablename__ = "books"
+
+        id = Column(Integer, primary_key=True, autoincrement=True)
+        title = Column(String, nullable=False)
+        author = Column(String, nullable=False)
+        year = Column(Integer, nullable=False)
+        isbn = Column(String, nullable=True)
+
+``DeclarativeBase`` is SQLAlchemy's modern base class (SQLAlchemy 2.0+).
+Each model class corresponds to a table, and each ``Column`` corresponds
+to a column in that table.
+
+
+Database Setup
+--------------
+
+Create the async engine and session factory. The *engine* manages
+the connection pool. The *session* is your unit of work — you use it to
+query and modify data within a transaction::
+
+    # database.py
+    from sqlalchemy.ext.asyncio import create_async_engine, async_sessionmaker
+
+    DATABASE_URL = "sqlite+aiosqlite:///./books.db"
+
+    engine = create_async_engine(DATABASE_URL, echo=True)
+    async_session = async_sessionmaker(engine, expire_on_commit=False)
+
+The ``echo=True`` flag prints all SQL queries to the console — very
+helpful during development, but you'll want to disable it in production.
+
+The ``expire_on_commit=False`` flag keeps model attributes accessible
+after a commit, which is convenient for returning created objects in
+API responses.
+
+
+Lifespan for Startup and Shutdown
+----------------------------------
+
+Use Responder's lifespan context manager to create the database tables
+on startup and dispose of connections on shutdown::
+
+    # app.py
+    from contextlib import asynccontextmanager
+    import responder
+    from database import engine
+    from models import Base
+
+    @asynccontextmanager
+    async def lifespan(app):
+        # Startup: create tables
+        async with engine.begin() as conn:
+            await conn.run_sync(Base.metadata.create_all)
+        yield
+        # Shutdown: close all connections
+        await engine.dispose()
+
+    api = responder.API(lifespan=lifespan)
+
+This is the proper way to manage database connections in an async
+application. The lifespan context manager ensures that:
+
+1. Tables are created before the first request
+2. The connection pool is properly closed when the server shuts down
+3. If table creation fails, the server won't start
+
+
+CRUD Endpoints
+--------------
+
+Now let's build the API endpoints. Each one opens a database session,
+does its work, and commits or rolls back::
+
+    from pydantic import BaseModel
+    from sqlalchemy import select
+    from database import async_session
+    from models import Book
+
+    # Pydantic models for request/response validation
+    class BookIn(BaseModel):
+        title: str
+        author: str
+        year: int
+        isbn: str | None = None
+
+    class BookOut(BaseModel):
+        id: int
+        title: str
+        author: str
+        year: int
+        isbn: str | None = None
+
+        class Config:
+            from_attributes = True
+
+The ``from_attributes = True`` config tells Pydantic to read data from
+SQLAlchemy model attributes (not just dicts). This lets you pass a
+SQLAlchemy ``Book`` object directly to ``BookOut``.
+
+**List all books**::
+
+    @api.route("/books", methods=["GET"])
+    async def list_books(req, resp):
+        async with async_session() as session:
+            result = await session.execute(select(Book))
+            books = result.scalars().all()
+            resp.media = [BookOut.model_validate(b).model_dump() for b in books]
+
+**Create a book**::
+
+    @api.route("/books", methods=["POST"], check_existing=False,
+               request_model=BookIn, response_model=BookOut)
+    async def create_book(req, resp):
+        data = await req.media()
+
+        async with async_session() as session:
+            book = Book(**data)
+            session.add(book)
+            await session.commit()
+            await session.refresh(book)
+            resp.media = BookOut.model_validate(book).model_dump()
+            resp.status_code = 201
+
+**Get a single book**::
+
+    @api.route("/books/{book_id:int}", methods=["GET"])
+    async def get_book(req, resp, *, book_id):
+        async with async_session() as session:
+            book = await session.get(Book, book_id)
+            if book is None:
+                resp.status_code = 404
+                resp.media = {"error": "Book not found"}
+                return
+            resp.media = BookOut.model_validate(book).model_dump()
+
+**Update a book**::
+
+    @api.route("/books/{book_id:int}", methods=["PUT"], check_existing=False,
+               request_model=BookIn)
+    async def update_book(req, resp, *, book_id):
+        data = await req.media()
+
+        async with async_session() as session:
+            book = await session.get(Book, book_id)
+            if book is None:
+                resp.status_code = 404
+                resp.media = {"error": "Book not found"}
+                return
+
+            for key, value in data.items():
+                setattr(book, key, value)
+
+            await session.commit()
+            await session.refresh(book)
+            resp.media = BookOut.model_validate(book).model_dump()
+
+**Delete a book**::
+
+    @api.route("/books/{book_id:int}", methods=["DELETE"], check_existing=False)
+    async def delete_book(req, resp, *, book_id):
+        async with async_session() as session:
+            book = await session.get(Book, book_id)
+            if book is None:
+                resp.status_code = 404
+                resp.media = {"error": "Book not found"}
+                return
+
+            await session.delete(book)
+            await session.commit()
+            resp.status_code = 204
+
+
+Run It
+------
+
+::
+
+    if __name__ == "__main__":
+        api.run()
+
+Start the server and you'll see SQLAlchemy's SQL echo in the console.
+The SQLite database file ``books.db`` is created automatically on first
+startup.
+
+
+Using PostgreSQL
+----------------
+
+To switch to PostgreSQL, just change the connection URL and driver::
+
+    $ uv pip install asyncpg
+
+::
+
+    DATABASE_URL = "postgresql+asyncpg://user:pass@localhost/mydb"
+
+Everything else stays the same. SQLAlchemy abstracts the database
+differences so your application code doesn't need to change.
+
+
+Tips
+----
+
+- Use ``async with async_session() as session`` for every request.
+  Don't share sessions across requests — each request should get its
+  own session and transaction.
+
+- For complex queries, use SQLAlchemy's ``select()`` with ``.where()``,
+  ``.order_by()``, ``.limit()``, and ``.offset()`` — it composes
+  naturally.
+
+- In production, use connection pooling (SQLAlchemy does this by
+  default) and set pool size limits appropriate for your database.
+
+- Consider `Alembic <https://alembic.sqlalchemy.org/>`_ for database
+  migrations — it tracks schema changes over time so you can evolve
+  your database without losing data.
@@ -0,0 +1,171 @@
+WebSocket Tutorial
+==================
+
+HTTP is request-response — the client asks, the server answers, and the
+connection closes. WebSockets upgrade that into a persistent, bidirectional
+channel where both sides can send messages at any time. This is what powers
+chat apps, live dashboards, multiplayer games, and collaborative editors.
+
+This tutorial builds a simple chat room to show how WebSockets work in
+Responder.
+
+
+How WebSockets Work
+-------------------
+
+1. The client sends a normal HTTP request with an ``Upgrade: websocket``
+   header.
+2. The server accepts the upgrade and the connection switches protocols.
+3. Both sides can now send messages freely — no more request/response.
+4. Either side can close the connection at any time.
+
+In Responder, WebSocket routes receive a ``ws`` object instead of
+``req`` and ``resp``. The ``ws`` object has methods for accepting the
+connection, sending and receiving data, and closing.
+
+
+Echo Server
+-----------
+
+The simplest WebSocket — echoes everything back::
+
+    @api.route("/ws", websocket=True)
+    async def echo(ws):
+        await ws.accept()
+        while True:
+            data = await ws.receive_text()
+            await ws.send_text(f"Echo: {data}")
+
+The ``await ws.accept()`` call completes the WebSocket handshake. After
+that, you're in a loop — receive a message, send a response.
+
+Test it with a WebSocket client::
+
+    $ pip install websocket-client
+    $ python -c "
+    import websocket
+    ws = websocket.create_connection('ws://localhost:5042/ws')
+    ws.send('hello')
+    print(ws.recv())  # Echo: hello
+    ws.close()
+    "
+
+
+Chat Room
+---------
+
+A chat room needs to broadcast messages to all connected clients. We keep
+a set of active connections and iterate through them when someone sends
+a message::
+
+    connected = set()
+
+    @api.route("/chat", websocket=True)
+    async def chat(ws):
+        await ws.accept()
+        connected.add(ws)
+        try:
+            while True:
+                message = await ws.receive_text()
+                # Broadcast to all connected clients
+                for client in connected:
+                    await client.send_text(message)
+        except Exception:
+            pass
+        finally:
+            connected.discard(ws)
+
+The ``try/finally`` block ensures we remove disconnected clients from
+the set, even if the connection drops unexpectedly.
+
+
+Data Formats
+------------
+
+WebSockets support three data formats:
+
+**Text** — plain strings::
+
+    await ws.send_text("hello")
+    message = await ws.receive_text()
+
+**JSON** — auto-serialized Python objects::
+
+    await ws.send_json({"type": "update", "data": [1, 2, 3]})
+    message = await ws.receive_json()
+
+**Binary** — raw bytes, useful for images, audio, or custom protocols::
+
+    await ws.send_bytes(b"\x00\x01\x02")
+    data = await ws.receive_bytes()
+
+
+HTML Client
+-----------
+
+Here's a minimal HTML page that connects to the chat room. The browser's
+built-in ``WebSocket`` API handles everything — no libraries needed:
+
+.. code-block:: html
+
+    <!DOCTYPE html>
+    <html>
+    <body>
+      <div id="messages"></div>
+      <input id="input" placeholder="Type a message..." />
+      <script>
+        const ws = new WebSocket("ws://localhost:5042/chat");
+        const messages = document.getElementById("messages");
+        const input = document.getElementById("input");
+
+        ws.onmessage = (event) => {
+          const p = document.createElement("p");
+          p.textContent = event.data;
+          messages.appendChild(p);
+        };
+
+        input.addEventListener("keypress", (e) => {
+          if (e.key === "Enter") {
+            ws.send(input.value);
+            input.value = "";
+          }
+        });
+      </script>
+    </body>
+    </html>
+
+Save this as ``static/index.html`` and serve it with Responder's
+built-in static file support.
+
+
+Before-Request Hooks for WebSockets
+------------------------------------
+
+You can run code before a WebSocket connection is established, just like
+HTTP before-request hooks. This is useful for authentication::
+
+    @api.before_request(websocket=True)
+    async def ws_auth(ws):
+        # Check for a token in the query string
+        # (WebSocket headers are limited in browsers)
+        await ws.accept()
+
+WebSocket before-request hooks receive the ``ws`` object and must call
+``await ws.accept()`` if they want the connection to proceed.
+
+
+Testing WebSockets
+------------------
+
+Use Starlette's ``TestClient`` for WebSocket tests::
+
+    from starlette.testclient import TestClient
+
+    def test_echo():
+        client = TestClient(api)
+        with client.websocket_connect("/ws") as ws:
+            ws.send_text("hello")
+            assert ws.receive_text() == "Echo: hello"
+
+The ``websocket_connect`` context manager handles the connection
+lifecycle — it connects on enter and disconnects on exit.
@@ -0,0 +1,19 @@
+# Example HTTP service definition, using Responder.
+# https://pypi.org/project/responder/
+import responder
+
+api = responder.API()
+
+
+@api.route("/")
+async def index(req, resp):
+    resp.text = "hello, world!"
+
+
+@api.route("/{greeting}")
+async def greet_world(req, resp, *, greeting):
+    resp.text = f"{greeting}, world!"
+
+
+if __name__ == "__main__":
+    api.run()
@@ -0,0 +1,26 @@
+# Example showing the lifespan context manager pattern.
+# https://pypi.org/project/responder/
+from contextlib import asynccontextmanager
+
+import responder
+
+
+@asynccontextmanager
+async def lifespan(app):
+    # Startup: initialize resources
+    print("Starting up...")
+    yield
+    # Shutdown: clean up resources
+    print("Shutting down...")
+
+
+api = responder.API(lifespan=lifespan)
+
+
+@api.route("/{greeting}")
+async def greet_world(req, resp, *, greeting):
+    resp.text = f"{greeting}, world!"
+
+
+if __name__ == "__main__":
+    api.run()
@@ -0,0 +1,70 @@
+# Complete REST API example with Pydantic validation.
+# https://responder.kennethreitz.org/tutorial-rest.html
+import responder
+from pydantic import BaseModel
+
+
+class BookIn(BaseModel):
+    title: str
+    author: str
+    year: int
+    isbn: str | None = None
+
+
+class BookOut(BaseModel):
+    id: int
+    title: str
+    author: str
+    year: int
+    isbn: str | None = None
+
+
+api = responder.API(
+    title="Book Catalog",
+    version="1.0",
+    openapi="3.0.2",
+    docs_route="/docs",
+)
+
+books_db: dict[int, dict] = {}
+next_id = 1
+
+
+@api.route("/books", methods=["GET"])
+def list_books(req, resp):
+    resp.media = list(books_db.values())
+
+
+@api.route("/books", methods=["POST"], check_existing=False,
+           request_model=BookIn, response_model=BookOut)
+async def create_book(req, resp):
+    global next_id
+    data = await req.media()
+    book = {"id": next_id, **data}
+    books_db[next_id] = book
+    next_id += 1
+    resp.media = book
+    resp.status_code = 201
+
+
+@api.route("/books/{book_id:int}", methods=["GET"])
+def get_book(req, resp, *, book_id):
+    if book_id not in books_db:
+        resp.status_code = 404
+        resp.media = {"error": f"Book {book_id} not found"}
+        return
+    resp.media = books_db[book_id]
+
+
+@api.route("/books/{book_id:int}", methods=["DELETE"], check_existing=False)
+def delete_book(req, resp, *, book_id):
+    if book_id not in books_db:
+        resp.status_code = 404
+        resp.media = {"error": f"Book {book_id} not found"}
+        return
+    del books_db[book_id]
+    resp.status_code = 204
+
+
+if __name__ == "__main__":
+    api.run()
--- a/Show More
+++ b/Show More