Documents the no-crate loopback HTTP server, method handling, request parsing, traversal defense, route scope, content types, and production non-goals.
Implementation evidence: this topic is grounded in the reviewed GGUF.MiRust.com source snapshot. It documents observed code and artifacts without claiming broad deployment, model quality, or production readiness.
Purpose
The Rust server supports local development, Visual Studio F5, harness HTTP probes, and browser smoke. It is not a public web server.
Protocol surface
It binds loopback, supports GET and HEAD, parses a bounded request line, maps directories to index.html, percent-decodes paths, streams files, sets content length, and maps HTML, CSS, JS, WASM, SLM, manifest, and text content types.
Path safety
Absolute, traversal, and drive-qualified paths are rejected after decoding and normalization. The resolved path must stay beneath the configured static root.
Limits
No TLS, HTTP/2, compression, range requests, cache validators, concurrency pool, access control, CSP/COOP/COEP, upload route, or production hardening is claimed.
Testing
Source-reported tests cover GET/HEAD, content length, percent decoding, traversal rejection, and app/WASM/model/manifest routes.
Scope
This starter page defines the questions, boundaries, evidence, and failure modes that should be recorded before a capability is presented as supported.
Engineering considerations
- Identify the source, version, target environment, and owner.
- Separate observed values from estimates and externally reported values.
- Record trade-offs, unsupported cases, and fallback behavior.
- Link performance statements to a compatible benchmark methodology.
Verification questions
- What exact artifact, revision, backend, and environment were reviewed?
- Which assumptions could change the result?
- Which data should be retained so another engineer can reproduce the conclusion?