tf-transport 0.1.8

TrustForge first-party transport primitives and HTTP/1.1 client.
Documentation
# tf-transport

First-party transport primitives for TrustForge.

The current production slice provides a small async HTTP/1.1 client for
plain `http://` local-service calls. It is used by `tf-decide-client`
and `tf-prom-exporter` so TrustForge-owned local daemon traffic no
longer depends on `reqwest`.

Scope today:

- `GET` and `POST`.
- One request per TCP connection.
- `Connection: close`.
- `Content-Length`, chunked, and close-framed responses.
- Optional bearer auth and custom headers.
- Explicit timeout and response-size cap.
- Strict request-header validation: callers cannot inject or override
  `Host`, `Connection`, `Content-Length`, or `Transfer-Encoding`.
- Strict response-framing validation: conflicting `Content-Length`,
  mixed `Transfer-Encoding`/`Content-Length`, malformed chunk framing,
  and ambiguous authorities are rejected.
- IPv6 bracket authorities and query-only request targets are handled
  without depending on a URL parser crate.

Intentional limit: HTTPS, TLS 1.3, QUIC, and HTTP/3 are not claimed by
this first slice. Those land behind explicit experimental features after
the transport conformance and audit gates described in
`docs/dependency-replacement-roadmap.md`.