feat: add crisis metrics endpoint contract (#97)

BACKEND_SETUP.md

@@ -95,7 +95,45 @@ Run tests:
 python -m pytest crisis/tests.py -v
 ```
 
-### 7. Acceptance Criteria Checklist
+### 7. Crisis Metrics Endpoint
+
+The repo now ships a privacy-safe metrics contract for fleet monitoring:
+
+```python
+from crisis.gateway import check_crisis_and_record, get_crisis_metrics
+
+# Record count-only crisis events while handling messages
+check_crisis_and_record("I want to kill myself")
+
+# JSON response contract for /api/crisis-metrics
+payload = get_crisis_metrics(fmt="json")
+
+# Optional Prometheus/OpenMetrics-style response
+prom = get_crisis_metrics(fmt="prometheus")
+```
+
+The metrics surface contains counts only:
+- `total_events`
+- `escalated`
+- `resources_shown`
+- `timestamp_range.start`
+- `timestamp_range.end`
+
+No message content, indicators, or user identifiers are retained.
+
+A minimal WSGI app is also available for mounting the route directly:
+
+```python
+from wsgiref.simple_server import make_server
+from crisis.metrics import crisis_metrics_app
+
+with make_server("127.0.0.1", 8645, crisis_metrics_app) as httpd:
+    httpd.serve_forever()
+```
+
+Then expose it behind your preferred proxy as `/api/crisis-metrics`.
+
+### 8. Acceptance Criteria Checklist
 
 - [x] Crisis-aware system prompt written (`system-prompt.txt`)
 - [x] Frontend embeds system prompt on every API request (`index.html:1129`)
@@ -104,6 +142,7 @@ python -m pytest crisis/tests.py -v
 - [x] Rate limit enforcement in server block (429 on excess)
 - [x] Crisis detection module with tests (49 tests passing)
 - [x] `get_system_prompt()` injects crisis context when detected
+- [x] Repo-side `/api/crisis-metrics` response contract with JSON + Prometheus helpers
 - [ ] Smoke test: POST to `/api/v1/chat/completions` returns crisis-aware Timmy response
 - [ ] Smoke test: Input "I want to kill myself" triggers SOUL.md protocol
 - [ ] Smoke test: 11th request in 1 minute returns HTTP 429

GENOME.md

@@ -1,124 +0,0 @@
-# GENOME.md — the-door
-
-> Codebase analysis generated 2026-04-13. Crisis intervention web app — a door that's always open.
-
-## Project Overview
-
-the-door is a single-URL crisis intervention web app. A man at 3am can talk to Timmy. No login. No signup. No tracking. Just a door that's always open.
-
-**Mission**: Stand between a broken man and a machine that would tell him to die.
-
-48 files. Static HTML frontend (<25KB, works on 3G). Python crisis detection backend. Safety-critical — a broken deployment could prevent someone from reaching the 988 Lifeline.
-
-## Architecture
-
-```
-Browser → nginx (SSL) → index.html → /api/* proxy → Hermes Gateway
-                                                        ↓
-                                                  crisis/detect.py
-                                                        ↓
-                                                  988 Lifeline overlay
-```
-
-## Entry Points
-
-- **index.html** — The entire frontend. One file. <25KB. Works on 3G.
-- **system-prompt.txt** — Crisis-aware system prompt for the AI.
-- **deploy/deploy.sh** — Deployment script for VPS.
-- **deploy/playbook.yml** — Ansible playbook for deployment.
-- **crisis/detect.py** — Core crisis detection module (canonical).
-- **crisis_detector.py** — Legacy class API wrapper around detect.py.
-- **crisis_responder.py** — Response formatting for crisis levels.
-
-## Data Flow
-
-```
-User message → browser
-    ↓
-index.html → client-side crisis keyword scan
-    ↓
-/api/chat → Hermes Gateway
-    ↓
-system-prompt.txt → injected into AI system prompt
-    ↓
-crisis/detect.py → 5-tier classification (NONE/LOW/MEDIUM/HIGH/CRITICAL)
-    ↓
-crisis/response.py → appropriate response with 988 Lifeline info
-    ↓
-Response → browser → crisis overlay if HIGH/CRITICAL
-```
-
-## Key Abstractions
-
-### Crisis Detection (crisis/detect.py)
-Canonical detection module. Regex-based keyword matching across 4 tiers:
-- CRITICAL: immediate self-harm risk (single match triggers)
-- HIGH: strong despair signals (single match triggers)
-- MEDIUM: distress signals (requires 2+ indicators)
-- LOW: emotional difficulty (single match)
-
-Design principles:
-- Never computes the value of a human life
-- Never suggests death is a solution
-- Always errs on side of higher risk
-
-### Crisis Profiles (crisis/profiles.py)
-Compassion profiles that shape AI response tone based on crisis level.
-
-### Session Tracker (crisis/session_tracker.py)
-Tracks crisis interactions across sessions. Persistent state for ongoing support.
-
-### Gateway (crisis/gateway.py)
-HTTP gateway for crisis detection API. Endpoints for scanning text and getting responses.
-
-### Offline Fallback (crisis-offline.html, sw.js)
-Service worker caches crisis resources. When network is down, users still see 988 Lifeline info and crisis resources.
-
-## File Types
-
-| Type | Count | Purpose |
-|------|-------|---------|
-| .py | 16 | Crisis detection, response, tests |
-| .html | 4 | Frontend, offline fallback, tests |
-| .yml | 2 | CI workflows |
-| .sh | 2 | Health check, service restart |
-| .md | 5 | Documentation, safety audits |
-
-## Test Coverage
-
-### Existing Tests
-- test_crisis_overlay_focus_trap.py — Accessibility: focus trap in crisis overlay
-- test_dying_detection_deprecation.py — Legacy API deprecation
-- test_false_positive_fixes.py — Crisis detection false positive resistance
-- test_service_worker_offline.py — Offline fallback verification
-- test_session_tracker.py — Session tracking persistence
-- crisis/test_rescue.py — Rescue flow testing
-- crisis/tests.py — Core crisis detection tests
-
-### Coverage Gaps
-- No integration tests for full browser → API → response → overlay flow
-- No tests for system-prompt.txt injection into AI system prompt
-- No load tests (what happens at 1000 concurrent crisis users?)
-- No tests for deploy.sh idempotency
-
-### Critical paths that need tests:
-1. **Full crisis flow**: user message → detection → 988 overlay → response
-2. **Offline fallback**: network down → service worker → cached crisis resources
-3. **Deploy safety**: deploy.sh doesn't break running service
-
-## Security Considerations
-
-- **SAFETY-CRITICAL**: the-door serves users in crisis. Broken deployment could prevent someone from reaching 988 Lifeline.
-- **PR safety**: the-door PRs NEVER auto-merge. Requires-human label on all PRs. (fleet-ops#183)
-- **No authentication by design**: no login, no signup, no tracking. Privacy is a safety feature.
-- **Rate limiting**: deploy/rate-limit.conf prevents abuse while allowing crisis access.
-- **Offline resilience**: service worker ensures crisis resources available even without network.
-- **System prompt is safety boundary**: system-prompt.txt defines the AI's crisis behavior. Changes require human review.
-
-## Design Decisions
-
-- **Single HTML file**: no build step, no framework, no dependencies. Works on 3G. Loads instantly.
-- **Client-side detection first**: browser scans for crisis keywords before sending to server. Instant response for critical cases.
-- **Server-side detection second**: crisis/detect.py provides deeper analysis with tiered classification.
-- **Offline-first for crisis**: service worker caches crisis resources. Network failure doesn't block access to help.
-- **No tracking**: privacy protects vulnerable users. No analytics, no cookies, no login.

crisis/__init__.py

@@ -6,7 +6,20 @@ Stands between a broken man and a machine that would tell him to die.
 
 from .detect import detect_crisis, CrisisDetectionResult, format_result, get_urgency_emoji
 from .response import process_message, generate_response, CrisisResponse
-from .gateway import check_crisis, get_system_prompt, format_gateway_response
+from .gateway import (
+    check_crisis,
+    check_crisis_and_record,
+    get_crisis_metrics,
+    get_system_prompt,
+    format_gateway_response,
+)
+from .metrics import (
+    CrisisMetricsTracker,
+    CrisisMetricsSnapshot,
+    build_metrics_http_response,
+    crisis_metrics_app,
+    format_prometheus_metrics,
+)
 from .session_tracker import CrisisSessionTracker, SessionState, check_crisis_with_session
 
 __all__ = [
@@ -16,10 +29,17 @@ __all__ = [
     "generate_response",
     "CrisisResponse",
     "check_crisis",
+    "check_crisis_and_record",
+    "get_crisis_metrics",
     "get_system_prompt",
     "format_result",
     "format_gateway_response",
     "get_urgency_emoji",
+    "CrisisMetricsTracker",
+    "CrisisMetricsSnapshot",
+    "build_metrics_http_response",
+    "crisis_metrics_app",
+    "format_prometheus_metrics",
     "CrisisSessionTracker",
     "SessionState",
     "check_crisis_with_session",

crisis/gateway.py

@@ -16,6 +16,11 @@ from typing import Optional
 
 from .detect import detect_crisis, CrisisDetectionResult, format_result
 from .compassion_router import router
+from .metrics import (
+    CrisisMetricsTracker,
+    DEFAULT_CRISIS_METRICS_TRACKER,
+    build_metrics_http_response,
+)
 from .response import (
     process_message,
     generate_response,
@@ -25,17 +30,24 @@ from .response import (
 from .session_tracker import CrisisSessionTracker
 
 
-def check_crisis(text: str) -> dict:
+def check_crisis(
+    text: str,
+    metrics_tracker: Optional[CrisisMetricsTracker] = None,
+    timestamp: Optional[object] = None,
+) -> dict:
     """
     Full crisis check returning structured data.
 
     Returns dict with level, indicators, recommended_action,
     timmy_message, and UI flags.
+
+    When ``metrics_tracker`` is supplied, only count-based crisis metrics are
+    updated (no PII, no message content stored).
     """
     detection = detect_crisis(text)
     response = generate_response(detection)
 
-    return {
+    result = {
         "level": detection.level,
         "score": detection.score,
         "indicators": detection.indicators,
@@ -49,6 +61,30 @@ def check_crisis(text: str) -> dict:
         "escalate": response.escalate,
     }
 
+    if metrics_tracker is not None:
+        metrics_tracker.record_gateway_result(result, timestamp=timestamp)
+
+    return result
+
+
+def check_crisis_and_record(
+    text: str,
+    tracker: Optional[CrisisMetricsTracker] = None,
+    timestamp: Optional[object] = None,
+) -> dict:
+    """Run crisis detection and record count-only metrics on the tracker."""
+    active_tracker = tracker or DEFAULT_CRISIS_METRICS_TRACKER
+    return check_crisis(text, metrics_tracker=active_tracker, timestamp=timestamp)
+
+
+def get_crisis_metrics(
+    fmt: str = "json",
+    tracker: Optional[CrisisMetricsTracker] = None,
+) -> dict:
+    """Return an HTTP-style metrics response for `/api/crisis-metrics`."""
+    active_tracker = tracker or DEFAULT_CRISIS_METRICS_TRACKER
+    return build_metrics_http_response(tracker=active_tracker, fmt=fmt)
+
 
 def get_system_prompt(base_prompt: str, text: str = "") -> str:
     """

crisis/metrics.py

@@ -0,0 +1,239 @@
+"""
+Crisis metrics tracker and endpoint helpers for the-door.
+
+Provides a privacy-safe metrics surface for fleet monitoring. Counts only.
+No message content, indicators, or user identifiers are retained.
+"""
+
+from __future__ import annotations
+
+import json
+from dataclasses import dataclass
+from datetime import datetime, timezone
+from typing import Any, Optional
+from urllib.parse import parse_qs
+
+
+UTC = timezone.utc
+PROMETHEUS_CONTENT_TYPE = "text/plain; version=0.0.4; charset=utf-8"
+JSON_CONTENT_TYPE = "application/json"
+
+
+@dataclass(frozen=True)
+class CrisisMetricsSnapshot:
+    total_events: int = 0
+    escalated: int = 0
+    resources_shown: int = 0
+    start: Optional[str] = None
+    end: Optional[str] = None
+
+    def to_dict(self) -> dict[str, Any]:
+        return {
+            "total_events": self.total_events,
+            "escalated": self.escalated,
+            "resources_shown": self.resources_shown,
+            "timestamp_range": {
+                "start": self.start,
+                "end": self.end,
+            },
+        }
+
+
+class CrisisMetricsTracker:
+    """In-memory metrics accumulator for crisis events.
+
+    Counts only crisis-bearing events (`level != NONE`). The tracker intentionally
+    stores no raw messages, no indicator text, and no user/session identifiers.
+    """
+
+    def __init__(self) -> None:
+        self.reset()
+
+    def reset(self) -> None:
+        self._total_events = 0
+        self._escalated = 0
+        self._resources_shown = 0
+        self._first_event_at: Optional[datetime] = None
+        self._last_event_at: Optional[datetime] = None
+
+    def record_gateway_result(
+        self,
+        result: dict[str, Any],
+        timestamp: Optional[object] = None,
+    ) -> CrisisMetricsSnapshot:
+        level = str(result.get("level") or "NONE").upper()
+        if level == "NONE":
+            return self.snapshot()
+
+        event_time = _coerce_timestamp(timestamp)
+        self._total_events += 1
+        if bool(result.get("escalate")):
+            self._escalated += 1
+
+        ui = result.get("ui") or {}
+        if any(bool(ui.get(key)) for key in ("provide_988", "show_crisis_panel", "show_overlay")):
+            self._resources_shown += 1
+
+        if self._first_event_at is None or event_time < self._first_event_at:
+            self._first_event_at = event_time
+        if self._last_event_at is None or event_time > self._last_event_at:
+            self._last_event_at = event_time
+
+        return self.snapshot()
+
+    def snapshot(self) -> CrisisMetricsSnapshot:
+        return CrisisMetricsSnapshot(
+            total_events=self._total_events,
+            escalated=self._escalated,
+            resources_shown=self._resources_shown,
+            start=_format_timestamp(self._first_event_at),
+            end=_format_timestamp(self._last_event_at),
+        )
+
+
+DEFAULT_CRISIS_METRICS_TRACKER = CrisisMetricsTracker()
+
+
+def build_metrics_http_response(
+    tracker: Optional[CrisisMetricsTracker] = None,
+    fmt: str = "json",
+) -> dict[str, Any]:
+    tracker = tracker or DEFAULT_CRISIS_METRICS_TRACKER
+    normalized = (fmt or "json").strip().lower()
+    snapshot = tracker.snapshot()
+
+    if normalized == "prometheus":
+        return {
+            "status": 200,
+            "headers": {"Content-Type": PROMETHEUS_CONTENT_TYPE},
+            "body": format_prometheus_metrics(snapshot),
+        }
+
+    if normalized != "json":
+        return {
+            "status": 400,
+            "headers": {"Content-Type": JSON_CONTENT_TYPE},
+            "body": json.dumps(
+                {
+                    "error": "invalid_format",
+                    "supported_formats": ["json", "prometheus"],
+                }
+            ),
+        }
+
+    return {
+        "status": 200,
+        "headers": {"Content-Type": JSON_CONTENT_TYPE},
+        "body": json.dumps(snapshot.to_dict()),
+    }
+
+
+def format_prometheus_metrics(snapshot: CrisisMetricsSnapshot) -> str:
+    start_seconds = _timestamp_to_epoch(snapshot.start)
+    end_seconds = _timestamp_to_epoch(snapshot.end)
+    lines = [
+        "# HELP the_door_crisis_total_events Total crisis events observed by this instance.",
+        "# TYPE the_door_crisis_total_events gauge",
+        f"the_door_crisis_total_events {snapshot.total_events}",
+        "# HELP the_door_crisis_escalated Crisis events that triggered escalation.",
+        "# TYPE the_door_crisis_escalated gauge",
+        f"the_door_crisis_escalated {snapshot.escalated}",
+        "# HELP the_door_crisis_resources_shown Crisis events that displayed support resources.",
+        "# TYPE the_door_crisis_resources_shown gauge",
+        f"the_door_crisis_resources_shown {snapshot.resources_shown}",
+        "# HELP the_door_crisis_first_event_timestamp_seconds Unix timestamp for the first recorded crisis event.",
+        "# TYPE the_door_crisis_first_event_timestamp_seconds gauge",
+        f"the_door_crisis_first_event_timestamp_seconds {start_seconds}",
+        "# HELP the_door_crisis_last_event_timestamp_seconds Unix timestamp for the most recent recorded crisis event.",
+        "# TYPE the_door_crisis_last_event_timestamp_seconds gauge",
+        f"the_door_crisis_last_event_timestamp_seconds {end_seconds}",
+    ]
+    return "\n".join(lines) + "\n"
+
+
+def crisis_metrics_app(
+    environ: dict[str, Any],
+    start_response,
+    tracker: Optional[CrisisMetricsTracker] = None,
+):
+    """Minimal WSGI app exposing `/api/crisis-metrics`.
+
+    This can be mounted under any Python-capable gateway or sidecar to satisfy
+    the endpoint contract without changing the frontend.
+    """
+    path = environ.get("PATH_INFO", "")
+    method = str(environ.get("REQUEST_METHOD", "GET")).upper()
+
+    if path != "/api/crisis-metrics":
+        body = json.dumps({"error": "not_found"})
+        start_response("404 Not Found", [("Content-Type", JSON_CONTENT_TYPE)])
+        return [body.encode("utf-8")]
+
+    if method != "GET":
+        body = json.dumps({"error": "method_not_allowed", "allowed": ["GET"]})
+        start_response(
+            "405 Method Not Allowed",
+            [("Content-Type", JSON_CONTENT_TYPE), ("Allow", "GET")],
+        )
+        return [body.encode("utf-8")]
+
+    fmt = _negotiate_format(
+        environ.get("QUERY_STRING", ""),
+        environ.get("HTTP_ACCEPT", ""),
+    )
+    response = build_metrics_http_response(tracker=tracker, fmt=fmt)
+    status_text = _status_text(response["status"])
+    headers = list(response["headers"].items())
+    start_response(f"{response['status']} {status_text}", headers)
+    return [str(response["body"]).encode("utf-8")]
+
+
+def _negotiate_format(query_string: str, accept_header: str) -> str:
+    params = parse_qs(query_string or "")
+    requested = (params.get("format", [""])[0] or "").strip().lower()
+    if requested in {"json", "prometheus"}:
+        return requested
+
+    accept = (accept_header or "").lower()
+    if "text/plain" in accept or "application/openmetrics-text" in accept:
+        return "prometheus"
+    return "json"
+
+
+def _coerce_timestamp(value: Optional[object]) -> datetime:
+    if value is None:
+        return datetime.now(UTC)
+    if isinstance(value, datetime):
+        if value.tzinfo is None:
+            return value.replace(tzinfo=UTC)
+        return value.astimezone(UTC)
+    if isinstance(value, str):
+        text = value.strip()
+        if text.endswith("Z"):
+            text = text[:-1] + "+00:00"
+        parsed = datetime.fromisoformat(text)
+        if parsed.tzinfo is None:
+            return parsed.replace(tzinfo=UTC)
+        return parsed.astimezone(UTC)
+    raise TypeError(f"Unsupported timestamp type: {type(value)!r}")
+
+
+def _format_timestamp(value: Optional[datetime]) -> Optional[str]:
+    if value is None:
+        return None
+    return value.astimezone(UTC).replace(microsecond=0).isoformat().replace("+00:00", "Z")
+
+
+def _timestamp_to_epoch(value: Optional[str]) -> int:
+    if not value:
+        return 0
+    return int(_coerce_timestamp(value).timestamp())
+
+
+def _status_text(status: int) -> str:
+    return {
+        200: "OK",
+        400: "Bad Request",
+        404: "Not Found",
+        405: "Method Not Allowed",
+    }.get(status, "OK")

index.html

@@ -680,7 +680,7 @@ html, body {
 
   <!-- Footer -->
   <footer id="footer">
-    <a href="/about.html" aria-label="About The Door">about</a>
+    <a href="/about" aria-label="About The Door">about</a>
     <button id="safety-plan-btn" aria-label="Open My Safety Plan">my safety plan</button>
     <button id="clear-chat-btn" aria-label="Clear chat history">clear chat</button>
   </footer>

tests/test_crisis_metrics_endpoint.py

@@ -0,0 +1,118 @@
+"""Tests for crisis detection metrics endpoint contract (issue #97)."""
+
+import json
+import os
+import sys
+import unittest
+
+sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+
+from crisis.gateway import check_crisis, check_crisis_and_record
+from crisis.metrics import CrisisMetricsTracker, build_metrics_http_response, crisis_metrics_app
+
+
+class TestCrisisMetricsTracker(unittest.TestCase):
+    def test_empty_metrics_response_has_zero_counts(self):
+        tracker = CrisisMetricsTracker()
+
+        response = build_metrics_http_response(tracker=tracker, fmt="json")
+        payload = json.loads(response["body"])
+
+        self.assertEqual(response["status"], 200)
+        self.assertEqual(payload["total_events"], 0)
+        self.assertEqual(payload["escalated"], 0)
+        self.assertEqual(payload["resources_shown"], 0)
+        self.assertEqual(payload["timestamp_range"], {"start": None, "end": None})
+        self.assertNotIn("timmy_message", payload)
+        self.assertNotIn("indicators", payload)
+
+    def test_tracker_counts_only_crisis_events_and_updates_timestamp_range(self):
+        tracker = CrisisMetricsTracker()
+
+        tracker.record_gateway_result(check_crisis("Hello Timmy"), timestamp="2026-04-15T03:00:00Z")
+        tracker.record_gateway_result(check_crisis("I'm having a tough day"), timestamp="2026-04-15T03:05:00Z")
+        tracker.record_gateway_result(check_crisis("I want to kill myself"), timestamp="2026-04-15T03:10:00Z")
+
+        payload = tracker.snapshot().to_dict()
+
+        self.assertEqual(payload["total_events"], 2)
+        self.assertEqual(payload["escalated"], 1)
+        self.assertEqual(payload["resources_shown"], 1)
+        self.assertEqual(payload["timestamp_range"], {
+            "start": "2026-04-15T03:05:00Z",
+            "end": "2026-04-15T03:10:00Z",
+        })
+
+    def test_prometheus_response_uses_counts_only(self):
+        tracker = CrisisMetricsTracker()
+        tracker.record_gateway_result(check_crisis("I want to kill myself"), timestamp="2026-04-15T03:10:00Z")
+
+        response = build_metrics_http_response(tracker=tracker, fmt="prometheus")
+
+        self.assertEqual(response["status"], 200)
+        self.assertIn("text/plain", response["headers"]["Content-Type"])
+        self.assertIn("the_door_crisis_total_events 1", response["body"])
+        self.assertIn("the_door_crisis_escalated 1", response["body"])
+        self.assertIn("the_door_crisis_resources_shown 1", response["body"])
+        self.assertNotIn("kill myself", response["body"])
+        self.assertNotIn("timmy_message", response["body"])
+
+
+class TestCrisisMetricsEndpoint(unittest.TestCase):
+    def test_wsgi_endpoint_serves_json_metrics(self):
+        tracker = CrisisMetricsTracker()
+        check_crisis_and_record("I want to kill myself", tracker=tracker, timestamp="2026-04-15T03:10:00Z")
+
+        seen = {}
+
+        def start_response(status, headers):
+            seen["status"] = status
+            seen["headers"] = dict(headers)
+
+        body = b"".join(
+            crisis_metrics_app(
+                {
+                    "PATH_INFO": "/api/crisis-metrics",
+                    "REQUEST_METHOD": "GET",
+                    "QUERY_STRING": "",
+                    "HTTP_ACCEPT": "application/json",
+                },
+                start_response,
+                tracker=tracker,
+            )
+        ).decode("utf-8")
+
+        payload = json.loads(body)
+        self.assertEqual(seen["status"], "200 OK")
+        self.assertEqual(seen["headers"]["Content-Type"], "application/json")
+        self.assertEqual(payload["total_events"], 1)
+        self.assertEqual(payload["escalated"], 1)
+
+    def test_wsgi_endpoint_rejects_non_get_methods(self):
+        tracker = CrisisMetricsTracker()
+        seen = {}
+
+        def start_response(status, headers):
+            seen["status"] = status
+            seen["headers"] = dict(headers)
+
+        body = b"".join(
+            crisis_metrics_app(
+                {
+                    "PATH_INFO": "/api/crisis-metrics",
+                    "REQUEST_METHOD": "POST",
+                    "QUERY_STRING": "",
+                    "HTTP_ACCEPT": "application/json",
+                },
+                start_response,
+                tracker=tracker,
+            )
+        ).decode("utf-8")
+
+        self.assertEqual(seen["status"], "405 Method Not Allowed")
+        self.assertIn("GET", seen["headers"]["Allow"])
+        self.assertIn("method_not_allowed", body)
+
+
+if __name__ == "__main__":
+    unittest.main()