Add launch hardening gates
This commit is contained in:
+10
-9
@@ -13,16 +13,17 @@
|
||||
> the default with explicit, visible SSH fallback. Local and Docker benchmark gates
|
||||
> cover cached attach, SSH fallback, and native cold auth (Track C /
|
||||
> `BENCHMARKS.md`).
|
||||
> - Milestone 4 — forwarding: **implemented.** Stream mux, `-L`, `-R`, `-D`, `-N`,
|
||||
> `-f`, and per-stream flow control exist; terminal-priority/load regressions are
|
||||
> covered, and hostile-network/long-soak proof is still being expanded before parity
|
||||
> is claimed.
|
||||
> - Milestone 4 — forwarding: **implemented with one reliability caveat.** Stream
|
||||
> mux, `-L`, `-R`, `-D`, `-N`, `-f`, and per-stream flow control exist;
|
||||
> terminal-priority/load and replay/reorder regressions are covered. Dropped
|
||||
> `StreamData` recovery still needs stream retransmission before lossy-link
|
||||
> forwarding parity is claimed.
|
||||
> - Milestone 5 — hardening: **partly done.** Per-IP token-bucket rate limiting,
|
||||
> fail-closed protocol-version checks, parser fuzz targets, fuzz-smoke CI, scripted
|
||||
> TUI transport tests, forwarding load/priority tests, and independent persistent
|
||||
> session restart tests exist. External review, long soak, and future multi-version
|
||||
> compatibility policy are not yet complete. The threat model is published
|
||||
> (`docs/THREAT_MODEL.md`).
|
||||
> fail-closed protocol-version checks with a documented v1 policy, parser fuzz
|
||||
> targets, fuzz-smoke/deep CI entry points, scripted TUI transport tests,
|
||||
> forwarding load/priority/replay tests, and independent persistent session restart
|
||||
> tests exist. External review and published long-soak evidence are not yet
|
||||
> complete. The threat model is published (`docs/THREAT_MODEL.md`).
|
||||
> - Milestone 6 — workflow parity: **mostly done.** `dosh doctor`, host-trust
|
||||
> management, and the encrypted-key prompt flow exist; cross-OS daily-driver soak is
|
||||
> ongoing.
|
||||
|
||||
Reference in New Issue
Block a user