greenfield: clean slate for ALPN-as-service pivot
Delete old source crates (alknet-core, alknet, alknet-napi), old architecture docs (ADRs, specs, open questions), old research docs (phase2, event-sourcing, feasibility, etc.), old tasks, and obsolete reference material (gitserver/MPL, honker, nats, rustfs, polyglot, keystone, distributed-identity). Keep: alknet-secret (standalone, compiles), pivot docs, iroh and ssh references, rudolfs reference (MIT/Apache, fork candidate), ops docs, sdd_process.md, and licenses. Previous implementation preserved at /workspace/@alkdev/alknet-main/ for reference during porting. Workspace compiles: cargo check + 14 tests pass for alknet-secret.
This commit is contained in:
@@ -1,110 +0,0 @@
|
||||
//! # alknet-core
|
||||
//!
|
||||
//! Core library for [Alknet](https://git.alk.dev/alkdev/alknet), a self-hostable SSH-based
|
||||
//! tunnel tool. This crate provides the transport abstraction, SOCKS5 server, port forwarding,
|
||||
//! authentication, and server handler — everything needed to build an alknet client or server
|
||||
//! on top of pluggable transports.
|
||||
//!
|
||||
//! > **Alpha software.** This crate depends on solid libraries (russh, tokio, rustls, iroh)
|
||||
//! > for core functionality, but the integration layer has not been battle-tested. Use with
|
||||
//! > caution and report issues.
|
||||
//!
|
||||
//! # Key concepts
|
||||
//!
|
||||
//! - **Transport trait** — produces a duplex byte stream (`AsyncRead + AsyncWrite + Unpin + Send`)
|
||||
//! that SSH consumes. Implementations: TCP, TLS, iroh (QUIC P2P).
|
||||
//! - **SOCKS5 server** — the primary client interface, listening on a local port and routing
|
||||
//! traffic through SSH channels.
|
||||
//! - **Port forwarding** — `-L` local and `-R` remote port forwards over SSH channels.
|
||||
//! - **Authentication** — Ed25519 public key and OpenSSH certificate authority. No passwords.
|
||||
//! - **Server handler** — accepts SSH connections via a `TransportAcceptor` and proxies
|
||||
//! `direct-tcpip` channel requests to targets (directly or via outbound proxy).
|
||||
//!
|
||||
//! # Feature flags
|
||||
//!
|
||||
//! | Feature | Default | Description |
|
||||
//! |---------|---------|-------------|
|
||||
//! | `tls` | yes | TLS transport via `tokio-rustls` |
|
||||
//! | `iroh` | yes | iroh QUIC P2P transport |
|
||||
//! | `acme` | no | ACME/Let's Encrypt auto-cert provisioning (implies `tls`) |
|
||||
//! | `irpc` | no | irpc service layer (AuthProtocol, AuthServiceImpl) |
|
||||
//! | `testutil` | no | Test utilities (for internal use) |
|
||||
//!
|
||||
//! # Quick example
|
||||
//!
|
||||
//! ```no_run
|
||||
//! use std::sync::Arc;
|
||||
//! use alknet_core::transport::TcpTransport;
|
||||
//! use alknet_core::client::{ClientSession, ConnectOptions, TransportMode};
|
||||
//! use alknet_core::auth::keys::KeySource;
|
||||
//! use alknet_core::Transport;
|
||||
//!
|
||||
//! #[tokio::main]
|
||||
//! async fn main() -> anyhow::Result<()> {
|
||||
//! let opts = ConnectOptions::new(KeySource::File("/path/to/key".into()))
|
||||
//! .server("example.com:22")
|
||||
//! .transport_mode(TransportMode::Tcp);
|
||||
//! let transport = Arc::new(TcpTransport::new("example.com:22".parse()?));
|
||||
//! let session = ClientSession::new(opts, transport).await?;
|
||||
//! session.run().await?;
|
||||
//! Ok(())
|
||||
//! }
|
||||
//! ```
|
||||
|
||||
pub mod auth;
|
||||
pub mod call;
|
||||
pub mod client;
|
||||
pub mod config;
|
||||
pub mod credentials;
|
||||
pub mod error;
|
||||
pub mod interface;
|
||||
pub mod server;
|
||||
pub mod socks5;
|
||||
pub mod transport;
|
||||
|
||||
#[cfg(feature = "http")]
|
||||
pub mod http;
|
||||
|
||||
#[cfg(feature = "http")]
|
||||
pub use http::IdentityExt;
|
||||
|
||||
#[cfg(feature = "testutil")]
|
||||
pub mod testutil;
|
||||
|
||||
#[cfg(feature = "irpc")]
|
||||
pub use auth::{AuthProtocol, AuthResult, AuthServiceImpl};
|
||||
pub use auth::{AuthToken, ConfigIdentityProvider, Identity, IdentityProvider};
|
||||
pub use call::{
|
||||
decode as decode_frame, decode_with_remainder as decode_frame_with_remainder,
|
||||
encode as encode_frame,
|
||||
};
|
||||
pub use call::{
|
||||
register_default_operations, services_list_spec, services_schema_spec, AccessControl,
|
||||
CallError, EventEnvelope, FrameDecodeError, Handler, OperationContext, OperationEnv,
|
||||
OperationRegistry, OperationRegistryBuilder, OperationSpec, OperationType, PendingRequestMap,
|
||||
ResponseEnvelope,
|
||||
};
|
||||
pub use call::{CALL_ABORTED, CALL_COMPLETED, CALL_ERROR, CALL_REQUESTED, CALL_RESPONDED};
|
||||
pub use client::channel_manager::{ChannelManager, ForwardRequest};
|
||||
pub use client::connect::{ClientSession, ConnectError, ConnectOptions, TransportMode};
|
||||
pub use config::{
|
||||
AuthPolicy, ConfigReloadHandle, ConfigServiceImpl, DynamicConfig, ForwardingAction,
|
||||
ForwardingPolicy, ForwardingRule, RateLimitConfig, StaticConfig, TargetPattern,
|
||||
};
|
||||
pub use credentials::{
|
||||
ConfigCredentialProvider, CredentialProvider, CredentialSet, SecretStoreCredentialProvider,
|
||||
};
|
||||
pub use error::{AuthError, ChannelError, ConfigError, ForwardError, TransportError};
|
||||
pub use interface::{
|
||||
is_valid_pair, DnsInterface, DnsInterfaceConfig, HttpInterface, HttpInterfaceConfig,
|
||||
InterfaceConfig, InterfaceEvent, InterfaceRequest, InterfaceResponse, InterfaceSession,
|
||||
MessageInterface, MessageInterfaceConfig, MessageInterfaceKind, RawFramingConfig,
|
||||
RawFramingInterface, RawFramingSession, SshInterface, SshInterfaceConfig, SshSession,
|
||||
StreamInterface, StreamInterfaceConfig, StreamInterfaceKind, TransportKindBase,
|
||||
TransportStream, VALID_TRANSPORT_INTERFACE_PAIRS,
|
||||
};
|
||||
pub use server::serve::{
|
||||
DnsListenerConfig, HttpListenerConfig, ListenerConfig, ServeError, ServeOptions,
|
||||
ServeTransportMode, Server, StreamListenerConfig,
|
||||
};
|
||||
pub use transport::{Transport, TransportAcceptor, TransportInfo, TransportKind};
|
||||
Reference in New Issue
Block a user