Item 3: SSH-agent forwarding, double-gated (client -A/forward_agent AND server
allow_agent_forwarding) and off by default on both ends.
Wire: new ForwardingKind::Agent (appended, existing bincode discriminants
unchanged). Bumped protocol VERSION 2 -> 3 so a pre-agent peer answers with a
clear version-mismatch reject instead of a deserialize error.
Client: -A / --forward-agent flag; requires local SSH_AUTH_SOCK. Requests an
Agent forwarding during native auth (agent forwarding requires native auth) and,
on a server-initiated StreamOpen carrying the reserved @dosh-agent sentinel,
splices the stream into the local agent unix socket (separate agent_writers map,
TCP forwarding paths untouched). Rejects agent StreamOpens unless it opted in, so
a server cannot reach the agent without consent.
Server: when the client opted in and allow_agent_forwarding is set, binds a
per-session proxy unix socket (dir 0700, socket 0600) before the shell spawns,
exports its path as the session's SSH_AUTH_SOCK, and tunnels each connection back
to the client over the agent sentinel stream. Applies only to freshly spawned
shells (documented). Socket cleaned up on auth/forward failure and when the
accept loop ends. SECURITY rationale documented in comments.
Tests: 2 end-to-end integration tests (full chain identities round-trip via a
PTY-hosted client + looping fake agent; and "no -A => no proxy socket"). Docs
updated (README forwarding + disconnect-status note, spec §12.1). fmt + full test
suite green (122 tests).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Item 1: mosh-style disconnect status line. When UDP packets stop arriving,
paint a single reverse-video cyan "[dosh] last contact Ns ago — reconnecting…"
on the terminal's bottom row using save/restore cursor (ESC7/ESC8) so the app
cursor never moves and full-screen TUIs are not corrupted. Cleared the instant a
packet resumes and refreshed on the status timer tick. Configurable via
client.toml `disconnect_status` (default on) and `DOSH_DISCONNECT_STATUS` env
override. State machine and rendered escape sequences are pure and unit-tested.
Item 2: re-evaluate the prediction display policy on the select-loop status tick
via `Predictor::refresh_policy`, so a latency spike flips speculation on (or off
on recovery) promptly instead of waiting for the next keystroke. Repaints only
when the on-screen result would change, so idle ticks are no-ops.
Tests: 8 new client unit tests (status state machine + overlay bytes, predictor
spike/recovery/idle). fmt + full test suite green. No wire-format change.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Track A protocol hardening for native-v1.
1. Protocol VERSION discipline (protocol.rs, native.rs, dosh-server.rs,
dosh-client.rs): bump protocol::VERSION to 2 and NATIVE_PROTOCOL_VERSION to 2.
Foreign wire-version datagrams now get a clear named "protocol version
mismatch - upgrade dosh" reject from the server instead of a silent timeout
(peek_foreign_wire_version + VERSION_MISMATCH_REASON). The native handshake's
plaintext protocol_version is also checked server-side before any crypto via
check_native_protocol_version, returning a typed ProtocolVersionMismatch.
2. Transport rekey (spec section 11/9): server rotates a client's traffic key
after rekey_after_packets OR rekey_after_secs (config knobs). Rotated keys are
derived independently of the handshake keys from the current key plus fresh
server CSPRNG material shipped confidentially in an AEAD Rekey packet
(derive_rekey_session_key). The previous epoch's key is retained briefly so
in-flight pre-rekey packets still decrypt (matched by session_key_id), and
stale-epoch packets are ignored, not fatal. Client handles Rekey/RekeyAck.
3. Connection migration (spec section 11): every authenticated, replay-accepted
packet now migrates client.endpoint to the new source address (input, resize,
ping, ack, resume, stream*, rekey-ack), not just resume. Ping now verifies its
AEAD tag before acting so migration cannot be spoofed.
4. Native auth rate limiting: per-source-IP token bucket
(native_auth_rate_limit_per_minute) enforced in handle_native_client_hello
BEFORE any X25519/Ed25519 work; over-limit hellos get a non-crypto reject.
5. Speed: replaced O(sessions x clients) per-packet linear scans with an O(1)
HashMap<conn_id, session_name> index in ServerState, kept in sync on every
client insert/remove (attach handlers, detach, remove_client, cleanup reap,
session-exit drain).
New config keys (ServerConfig, with defaults): rekey_after_packets = 100000,
rekey_after_secs = 3600.
Tests: version-mismatch reject (no hang), rate-limit flood reject, rekey
round-trip end-to-end + key-derivation unit tests, source-address migration,
client-index sync + cleanup purge. fmt and full test suite green.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Self-contained orientation for AI agents: what dosh is, capabilities,
the bidirectional homelab forwarding patterns (-L/-R/-D with concrete
examples), fast-path order, architecture, security summary, config, and
how to drive dosh non-interactively. Links to the deeper docs.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Replace the basic printable-only predictor with a clean-room speculative
local-echo engine modeled on the Mosh paper's prediction overlay design
(no GPL code copied or translated; original Rust written from the
algorithm).
Model:
- Per-line cell model with a local cursor; printable keystrokes echo
immediately, dimmed (and underlined on a very slow link) via
save/restore cursor so full-screen TUIs are never corrupted.
- Backspace and in-line Left/Right arrow prediction (CSI and SS3).
- Epoch grouping per keystroke burst; anything unmodelable (CR/LF,
escapes, control bytes, wide chars, right margin, paste-sized bursts)
ends the epoch safely rather than mispredicting.
- Frame-sequenced confirmation: an authoritative server frame supersedes
and erases the overlay (dosh has no client-side emulator, so it cannot
do Mosh's per-cell content match; frame arrival is the confirmation).
- Glitch detection: contradicting output (e.g. alternate-screen entry)
discards the epoch.
- SRTT-based display policy with hysteresis and a latency-spike override;
modes off / experimental(adaptive, default) / always via new
client config `predict_mode` and `DOSH_PREDICT_MODE` env override.
Improvements over the prior predictor: in-line arrow motion, dim+flag
styling, exact-width erase, paste guard, and faster (frame-arrival)
confirmation. Prediction is display-only and never swallows input.
Adds unit tests: printable run, confirmation-clears, glitch-discards,
backspace, line-wrap budget, paste-skip, newline, inline arrows, and the
experimental SRTT threshold gate.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Extend dosh-bench to benchmark the full attach path matrix and emit both raw
per-iteration samples and summary statistics (count/min/median/p95/mean/max):
- --cold-native: native cold auth terminal-ready (dosh_cold_native_ms)
- --cached-ticket: cached attach-ticket fast path (dosh_cached_attach_ms)
- --resume: UDP resume path (dosh_resume_ms; roaming-only, see docs)
- --local-auth: self-contained local bootstrap, no SSH (dosh_local_attach_ms)
- default: legacy SSH-bootstrap cold attach (dosh_attach_ms)
Existing ssh-bootstrap/local-auth/mosh modes and all assert gates are preserved;
legacy flags (--local-auth/--warm-cache/--no-cache) keep their prior behavior so
the CI docker scripts run unchanged. Add --json (machine-readable raw samples)
and --label. Add a table/JSON renderer and percentile-based summary stats.
Add scripts/bench-local.sh: a safe, self-contained harness that builds release,
spins up a throwaway dosh-server bound to 127.0.0.1 on a random free UDP port in
a temp HOME (never port 50000, never a systemd unit), runs the matrix, prints
results, sanity-checks native auth actually trusted the host, and cleans up.
Point `make bench-local` at the new harness and add `make bench-local-json`;
keep bench-docker-* targets intact.
Add docs/BENCHMARKS.md: how to run each benchmark, metric meanings, methodology
and caveats (resume is the roaming path, not cold reconnect; cite cached attach
as the core claim per PUBLIC_READINESS.md), plus a real loopback sample table
with machine/OS/sample-count and raw samples.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Track B (milestone 5 / §16 hardening):
- tests/hostile_network.rs: in-process UDP relay/shim between a test
client and a real dosh-server that can drop, reorder, and duplicate
datagrams, and rebind its upstream socket mid-session. Asserts:
session survives loss/reorder, duplicated/replayed Input is applied at
most once, stale packets after resume are ignored (not fatal), and a
client source-address change preserves the session.
- tests/parser_robustness.rs: deterministic randomized tests throwing
garbage at every reachable public parser (packet decode, from_body for
all protocol/native structs, authorized_keys, known_hosts, host-key
line, ssh-ed25519 blob, bootstrap, attach ticket); asserts none panic.
- fuzz/: standalone cargo-fuzz crate (own [workspace], non-default
member) with libfuzzer-sys harnesses for packet decode, from_body,
authorized_keys, known_hosts, handshake structs+verifiers, and attach
tickets. README documents the run command.
- .github/workflows/ci.yml: add fuzz-smoke job (nightly + cargo-fuzz,
short -max_total_time per target, tolerant if tooling unavailable);
existing fmt/test/build/bench steps unchanged.
cargo fmt --check and cargo test are green.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add docs/THREAT_MODEL.md deriving a publishable threat model from
NATIVE_V1_SPEC.md sections 4-6: assets, in/out-of-scope attackers,
security properties vs SSH (including where Dosh aims to exceed it),
cryptographic building blocks as implemented, and an honest
accepted-residual-risks / known-gaps section.
Refresh docs/PUBLIC_READINESS.md: feature matrix now reflects native
auth, host-key trust, authorized_keys policy, doctor, and -L/-R/-D
forwarding; add a per-item "Native v1 verification checklist status"
table mapping spec section 16 to done/in-progress/pending from code.
Update README.md status with a native v1 section and honest claim
posture pointing to THREAT_MODEL.md. Annotate NATIVE_V1_SPEC.md with a
v1 status block summarizing milestone progress. Point SPEC.md security
model and header at native auth and the threat model.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The native-v1 work changed the UDP wire format (HEADER_LEN 42->58) without a
version bump, so a current client silently timed out against the older
still-deployed server. The server just needed redeploying; alongside that,
fix the robustness bugs surfaced while restoring the connection:
- Server: clamp terminal size to >=1 at every PTY/parser resize site. A client
reporting a 0x0 terminal made vt100::Parser::set_size panic ("attempt to
subtract with overflow") and took down the whole single-threaded daemon.
- Client: treat size() == Ok((0,0)) like a missing size and fall back to 80x24
instead of sending 0x0 to the server.
- Reap abandoned sessions and their shells. PtyHandle now retains the child and
kills it on drop, and the cleanup task removes clientless, non-prewarmed
sessions after the grace period. Previously the shell leaked forever (one
zsh per abandoned session); prewarmed sessions still stay hot.
- Evict half-finished native handshakes (pending_native) after 30s so an
unauthenticated ClientHello flood can't grow the map without bound.
- Drop the per-client, per-packet vt100 Screen clone on the output hot path and
remove the write-only last_screen field.
- Guard load_or_create_server_secret against a <32-byte secret file (was an
index-out-of-range panic at startup).
- Reconcile stream flow-control credit (client and server) when StreamData hits
a missing writer, so a closed/unknown stream can't wedge the peer's window.
Adds a unit test for session reaping. cargo fmt + cargo test green.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>