fix: tighten MIME type validation regex (#35)

[cmeans-claude-dev]

Summary

• MIME type and subtype must now start with a letter (rejects 123/456, _/_)
• Parameter syntax validated as name=value (rejects ;garbage)
• Custom MIME types like application/x-custom still accepted

Test plan

• uv run pytest tests/test_server.py::test_read_raw_rejects_numeric_mime -v passes
• uv run pytest tests/test_server.py::test_read_raw_rejects_underscore_mime -v passes
• uv run pytest tests/test_server.py::test_read_raw_accepts_custom_mime -v passes
• Full suite: uv run pytest -q -- 453 passed, 6 deselected, 8 xfailed

Closes #35

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[cmeans]

LGTM

[cmeans]

QA Review — PR #60

Verdict: Zero findings. Ready for maintainer signoff.

Checkboxes verified

CHECKBOX 1: test_read_raw_rejects_numeric_mime     → PASSED (123/456 rejected)
CHECKBOX 2: test_read_raw_rejects_underscore_mime   → PASSED (_/_ rejected)
CHECKBOX 3: test_read_raw_accepts_custom_mime        → PASSED (application/x-custom accepted)
CHECKBOX 4: pytest -q                               → 453 passed, 6 deselected, 8 xfailed

All checkboxes ticked.

Code review

Old regex: r"^[\w.+\-]+/[\w.+\-]+(;[\w.+\-=]+)*$" — accepted 123/456, _/_, ;garbage
New regex: r"^[a-zA-Z][\w.+\-]*/[a-zA-Z][\w.+\-]*(;\s*[\w.+\-]+=[\w.+\-]+)*$" — type/subtype must start with a letter, parameters must be name=value

Per RFC 2045 §5.1, type and subtype tokens must start with a letter. The new regex is more RFC-compliant. \s* after ; allows ; charset=utf-8 (common in the wild). Custom types like application/x-custom still pass. ✓

Other checks

• CHANGELOG: ### Fixed in [Unreleased]. Accurate. Closes #35. ✓
• CI: All green. ✓
• Diff scope: 3 files, +30/-2, single commit. Clean. ✓

Findings

None.

[cmeans]

Applying Ready for QA Signoff. All 4 checkboxes verified and ticked. Regex now RFC 2045 compliant — type/subtype must start with letter, parameters require name=value. 453/453 pass. Zero findings.