The original scaffold's __init__.py imported Retry and RetryBudget before
either class existed, which both broke ruff F401 and would have raised
ImportError at module load time during the intermediate tasks (Tasks 4-6
import from httpware.middleware.resilience.budget, which triggers parent
__init__.py execution).

Defer the re-exports to Task 7 once both classes are defined; update the
plan to reflect this. Pure dev-loop fix, no behavior change.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

…ailures

Refines _terminal so httpx2.NetworkError-family exceptions (ConnectError, ReadError,
WriteError, PoolTimeout) map to httpware.NetworkError. InvalidURL and CookieConflict
stay bare TransportError. Prerequisite for the Retry middleware so it can retry
transient failures without retrying typos.

PoolTimeout inherits from httpx2.TimeoutException, not NetworkError, so
the bucket is connect/read/write/close. The dispatch logic is unchanged
(PoolTimeout was already caught by the timeout branch above NetworkError),
but the docstring was misleading future maintainers and the upcoming Retry
middleware author about what NetworkError actually wraps.

Update spec + plan to match.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Distinct exception raised by the Retry middleware when the RetryBudget
refuses to permit a retry. Carries last_response / last_exception / attempts.
Inherits ClientError so callers catching ClientError already handle it.

… assertion

Keyword-only __init__ breaks Python's default exception pickle protocol
(unpickle calls cls(str_message) positionally). Mirror StatusError's pattern:
add _reconstruct_budget_exhausted + __reduce__. A budget-exhausted error is
the most likely error to cross process boundaries (the budget exists to
protect against load), so silently losing diagnostic context via UnpicklingError
would be bad.

Also tightens the summary-message test from "'5' in str(exc)" to an exact-string
match — the digit-in-string check would pass for many wrong messages.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Finagle-style: ttl=10s, min_retries_per_sec=10, percent_can_retry=0.2.
Deterministic time via injected _now callable for tests.

- Add a comment to _purge explaining the strict-< window semantics
  ([now-ttl, now] inclusive). Prevents a future reader (or Hypothesis
  test in Task 5) from expecting <= and being surprised.
- Tighten the test_deposit_after_exhaustion docstring — "floor (int
  truncation)" used the word "floor" for two different things in one
  sentence; rephrase to "int() truncates to 0".

Pure documentation; no behavior change. 145 tests still pass at 100%.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…t ttl margin

- test_more_deposits_never_decreases_budget: was only varying extra_deposits
  with ttl/min_rps/percent hardcoded; now parameterizes all four so the
  monotonicity claim covers the actual claimed parameter space (e.g.
  percent=0.0 case where monotonicity comes entirely from the floor).
- test_advancing_past_ttl_purges_deposits: replace ttl + 0.1 epsilon with
  ttl * 2.0. Self-evident; stays safe regardless of strategy max_value.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Implements full_jitter_delay() per AWS's "full jitter" formulation:
sleep = uniform(0, min(max_delay, base_delay * 2**attempt_index)).
Injects a deterministic _random_uniform kwarg for testability.
Adds tests/test_backoff.py to keep 100% coverage gate green until
Task 7 adds Retry integration tests.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…attempt_index

base_delay * (2 ** attempt_index) raises OverflowError at attempt_index >= 1024
because 2**1024 is too large for int→float conversion. Float exponentiation
saturates to math.inf, which min() then clamps to max_delay. The current Retry
default max_attempts=3 makes this unreachable in practice, but the function
takes attempt_index unbounded, so closing the trap is a one-char fix at zero
behavior cost.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Hypothesis writes a constants/ cache under .hypothesis/ when property tests
run, which makes `just lint` (eof-fixer .) try to "fix" cache files outside
the tracked tree. Add to root .gitignore alongside .pytest_cache / .ruff_cache.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Covers: happy path, 503-then-200, max_attempts exhaustion with PEP-678 note,
idempotency gate (POST not retried by default, opt-in via retry_methods),
non-retryable status passthrough (404 raised immediately).
Exception-based retry, attempt_timeout, Retry-After, and budget integration
follow in subsequent commits.

…__init__.py

- retry.py:106: spec extracted the assert message to its own line for ruff's
  message-extraction rule; that line wasn't covered by the trailing # pragma:
  no cover. Add the pragma on the msg line too. 100% gate green again.
- resilience/__init__.py: Task 7 plan Step 4 was to re-export Retry and
  RetryBudget; missed in the prior commit. Re-export them with __all__ so
  the public resilience package surface is complete.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

- Retry.__call__: assert last_exc is not None is stripped by python -O,
  which would convert the structural invariant into an AttributeError
  ("NoneType has no attribute add_note") in optimized runtimes. Replace
  with an if guard that raises AssertionError unconditionally.
- test_budget_exhausted_raises_retry_budget_exhausted_error: add a NOTE
  warning Task 11 not to duplicate this test (it lives in Task 7 only
  because the budget gate's RetryBudgetExhaustedError branch needs coverage
  from the Retry-loop side).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Retries NetworkError and TimeoutError on idempotent methods.
Bare TransportError (e.g., InvalidURL) is NOT retried since it
escaped the NetworkError refinement in errors.py.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…with network test)

test_retries_on_network_error already asserts len(sleeper.calls) == 1; the
matching timeout test didn't, so a regression bypassing backoff on the
TimeoutError branch would go undetected.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Wraps each attempt in asyncio.timeout(); maps asyncio.TimeoutError to
httpware.TimeoutError. Caught timeouts count as retryable failures
subject to the idempotency + attempt-count gates.

- retry.py: add inline comment to wrapped.__cause__ = exc explaining it
  is load-bearing on the retry path (last_exc = wrapped) where no `raise
  ... from ...` clause sets the cause. Prevents future "cleanup" that
  silently breaks exhaustion chain display.
- test_retry.py: expand the pragma rationale to record how it was
  verified the assertions still execute (intentional break → test fails).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Parsed delay overrides backoff and is capped at max_delay. Malformed values
fall back to backoff. respect_retry_after=False disables the override.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

- _parse_retry_after: clamp the integer branch to max(0.0, ...) matching
  the HTTP-date branch. Negative Retry-After values from malformed servers
  silently became negative delays passed to asyncio.sleep (which treats
  them as 0). Explicit clamp removes the inconsistency.
- test_respect_retry_after_false_ignores_header: add len(sleeper.calls)==1
  assertion before indexing, matching the pattern used by test_retries_503.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Verifies RetryBudgetExhaustedError field population (last_response on
status path, last_exception on network path), per-instance fresh default
budget, and explicit budget sharing across multiple Retry middlewares.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…orkError

Completes the 0.4.0 slice 1: retry middleware + Finagle-style budget
+ NetworkError refinement for transient httpx2 failures.

…w-up

Stale references to "Task 7" and "through Tasks 6-7" don't survive
the shipped branch. Reword to describe what the file actually does
(unit coverage of the pure helper; integration via Retry tests).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>