TASK-010: housekeeping (status + checkboxes + review record)

Mark TASK-010 as Done in both the task file and specs/tasks/_index.md,
tick the three Action Items checkboxes, and record the
2026-05-03 20:41 review run's 34 minor unworked findings under
specs/unworked_review_issues/. No critical or major findings; the
deferred items are predominantly cosmetic/style suggestions and
forward-task hooks for TASK-011 (accessor const-correctness) and
TASK-012 (fluent setters).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: etr

specs/tasks/M2-response/TASK-010.md

@@ -8,17 +8,17 @@
 Provide one canonical way to construct each body kind via static factories that return `http_response` by value.
 
 **Action Items:**
-- [ ] Add static factories on `http_response`:
+- [x] Add static factories on `http_response`:
   - `static http_response string(std::string body, std::string content_type = "text/plain");`
   - `static http_response file(std::string path);`
   - `static http_response iovec(std::span<const httpserver::iovec_entry> entries);`
   - `static http_response pipe(int fd, std::size_t size_hint = 0);`
   - `static http_response empty();`
   - `static http_response deferred(std::function<ssize_t(std::uint64_t, char*, std::size_t)> producer);`
   - `static http_response unauthorized(std::string_view scheme, std::string_view realm, std::string body = {});`
-- [ ] Each factory placement-news the appropriate `detail::body` subclass into `body_storage_` (and sets `body_inline_ = true`); for the (currently empty) heap-fallback path, the factory MUST use `::operator new(sizeof(concrete_body))` followed by placement-new (NOT plain `new concrete_body(...)`) so that `http_response`'s destructor — which always calls `body_->~body()` and then `::operator delete(body_)` for the heap path — does not double-destroy. This contract is set by TASK-009 (plan OQ-4) for symmetry between inline and heap teardown.
-- [ ] `unauthorized()` covers both basic and digest auth (scheme parameter); replaces v1's `basic_auth_fail_response` and `digest_auth_fail_response`.
-- [ ] Document lifetime: `pipe(fd, ...)` takes ownership of `fd` and closes it after the response is materialized.
+- [x] Each factory placement-news the appropriate `detail::body` subclass into `body_storage_` (and sets `body_inline_ = true`); for the (currently empty) heap-fallback path, the factory MUST use `::operator new(sizeof(concrete_body))` followed by placement-new (NOT plain `new concrete_body(...)`) so that `http_response`'s destructor — which always calls `body_->~body()` and then `::operator delete(body_)` for the heap path — does not double-destroy. This contract is set by TASK-009 (plan OQ-4) for symmetry between inline and heap teardown.
+- [x] `unauthorized()` covers both basic and digest auth (scheme parameter); replaces v1's `basic_auth_fail_response` and `digest_auth_fail_response`.
+- [x] Document lifetime: `pipe(fd, ...)` takes ownership of `fd` and closes it after the response is materialized.
 
 **Dependencies:**
 - Blocked by: TASK-008, TASK-009, TASK-004
@@ -34,4 +34,4 @@ Provide one canonical way to construct each body kind via static factories that
 **Related Requirements:** PRD-RSP-REQ-001, PRD-RSP-REQ-005, PRD-RSP-REQ-007
 **Related Decisions:** §4.3, DR-005
 
-**Status:** Not Started
+**Status:** Done

specs/tasks/_index.md

@@ -92,7 +92,7 @@ Nominally: **13 sequential tasks**, each S–XL. Most other tasks parallelize of
 | TASK-007 | CI test for public-header hygiene | M1 | Done | TASK-002 |
 | TASK-008 | Internal `detail::body` hierarchy | M2 | Done | TASK-002 |
 | TASK-009 | `http_response` value type with SBO buffer | M2 | Done | TASK-008 |
-| TASK-010 | `http_response` factory functions | M2 | Not Started | TASK-008, TASK-009, TASK-004 |
+| TASK-010 | `http_response` factory functions | M2 | Done | TASK-008, TASK-009, TASK-004 |
 | TASK-011 | `http_response` const-correct accessors | M2 | Not Started | TASK-009 |
 | TASK-012 | `http_response` fluent `with_*` setters | M2 | Not Started | TASK-009 |
 | TASK-013 | Remove `*_response` subclasses and dispatch virtuals | M2 | Not Started | TASK-009, TASK-010, TASK-011, TASK-012 |