Add launch hardening gates

This commit is contained in:
DuProcess
2026-06-18 09:45:27 -04:00
parent 25d9a6aefa
commit d0d6f59cdf
11 changed files with 583 additions and 61 deletions
+10 -9
View File
@@ -13,16 +13,17 @@
> the default with explicit, visible SSH fallback. Local and Docker benchmark gates
> cover cached attach, SSH fallback, and native cold auth (Track C /
> `BENCHMARKS.md`).
> - Milestone 4 — forwarding: **implemented.** Stream mux, `-L`, `-R`, `-D`, `-N`,
> `-f`, and per-stream flow control exist; terminal-priority/load regressions are
> covered, and hostile-network/long-soak proof is still being expanded before parity
> is claimed.
> - Milestone 4 — forwarding: **implemented with one reliability caveat.** Stream
> mux, `-L`, `-R`, `-D`, `-N`, `-f`, and per-stream flow control exist;
> terminal-priority/load and replay/reorder regressions are covered. Dropped
> `StreamData` recovery still needs stream retransmission before lossy-link
> forwarding parity is claimed.
> - Milestone 5 — hardening: **partly done.** Per-IP token-bucket rate limiting,
> fail-closed protocol-version checks, parser fuzz targets, fuzz-smoke CI, scripted
> TUI transport tests, forwarding load/priority tests, and independent persistent
> session restart tests exist. External review, long soak, and future multi-version
> compatibility policy are not yet complete. The threat model is published
> (`docs/THREAT_MODEL.md`).
> fail-closed protocol-version checks with a documented v1 policy, parser fuzz
> targets, fuzz-smoke/deep CI entry points, scripted TUI transport tests,
> forwarding load/priority/replay tests, and independent persistent session restart
> tests exist. External review and published long-soak evidence are not yet
> complete. The threat model is published (`docs/THREAT_MODEL.md`).
> - Milestone 6 — workflow parity: **mostly done.** `dosh doctor`, host-trust
> management, and the encrypted-key prompt flow exist; cross-OS daily-driver soak is
> ongoing.