This page records the behavioral rules that contributors should preserve when making changes.
Routing Invariants
- route selection must be deterministic
- longer path prefixes beat shorter prefixes
- exact host matches beat wildcard or host-agnostic matches
- method-specific matches beat any-method matches
- ambiguous normalized routes should be rejected at startup
Connection And CID Invariants
- a connection’s primary CID must remain consistent with the primary key in the connection map
- alias CIDs must resolve back to the correct primary CID
- CID cleanup must not leave orphaned alias mappings
- draining or timeout cleanup must not leak connection-tracking state
Stream Lifecycle Invariants
- terminated streams must release all associated resource reservations
- client-side reset and upstream timeout paths must not leak inflight permits
- a finished or failed stream must not block progress of unrelated streams
- body caps and idle timeouts should terminate with the intended HTTP behavior when applicable
Health And Backend Invariants
- 2xx and 3xx responses are success signals
- 4xx responses are neutral health signals
- 5xx, timeout, and transport errors are unhealthy signals
- backend health transitions must respect configured thresholds and cooldowns
Control-Plane Invariants
- certificate reload is not full config reload
- runtime inspection endpoints must remain informative but constrained
- control-plane auth requirements must remain explicit in docs and code