docs(architecture): add Phase 0 architecture specs for ALPN-as-service model

Foundational architecture documents following the SDD process:

ADRs:
- 001: ALPN-based protocol dispatch (one endpoint, ALPN negotiation)
- 002: ProtocolHandler trait (replaces StreamInterface/MessageInterface)
- 003: Crate decomposition (one crate per handler, core provides shared infra)
- 004: Auth as shared core (IdentityProvider, hybrid resolution model)
- 005: irpc as call protocol foundation
- 006: ALPN string convention and connection model (alknet/ prefix, one ALPN per connection)

Docs:
- overview.md: crate graph, shared types, ALPN registry, failure modes
- README.md: index with doc table, ADR table, lifecycle definitions
- open-questions.md: 10 OQs across 7 themes (3 resolved, 7 open)

Crate spec stubs for all 11 planned crates (alknet-core through alknet CLI).

Key decisions resolved during self-review:
- AuthContext resolution is hybrid: endpoint resolves TLS-level auth,
  handlers resolve protocol-level auth (resolves OQ-02)
- ALPN is per-connection not per-stream, corrected ADR-001 (resolves OQ-06)
- ALPN naming uses alknet/ prefix without versions (resolves OQ-03)
- HandlerError return type on ProtocolHandler trait
- alknet/secret removed from ALPN registry until OQ-08 resolved
This commit is contained in:
2026-06-15 22:14:58 +00:00
parent b5a4600d74
commit f77b515968
20 changed files with 1017 additions and 0 deletions

View File

@@ -0,0 +1,21 @@
---
status: planned
last_updated: 2026-06-15
---
# alknet-call
> **Status: Planned** — This spec has not been written yet.
## Purpose
Call protocol handler implementing `ProtocolHandler` on ALPN `alknet/call`. Provides JSON-RPC via irpc with operation registry, streaming subscriptions, pub/sub, and access control.
## Key Questions
- **OQ-07**: Call protocol scope within a connection — one stream per operation vs multiplexed
## References
- [overview.md](../../overview.md)
- ADR-005: irpc as call protocol foundation

View File

@@ -0,0 +1,26 @@
---
status: planned
last_updated: 2026-06-15
---
# alknet-core
> **Status: Planned** — This spec has not been written yet. It will be produced as part of Phase 1 architecture work.
## Purpose
Core crate providing the `ProtocolHandler` trait, ALPN router, endpoint, `BiStream`, `AuthContext`, `IdentityProvider`, configuration types, and shared infrastructure used by all handler crates.
## Key Questions
- **OQ-01**: BiStream type definition — trait vs concrete type vs newtype
- **OQ-05**: Multi-transport endpoint — TCP, TLS, iroh support scope
## References
- [overview.md](../../overview.md)
- ADR-001: ALPN-based protocol dispatch
- ADR-002: ProtocolHandler trait
- ADR-003: Crate decomposition
- ADR-004: Auth as shared core
- ADR-006: ALPN string convention and connection model

View File

@@ -0,0 +1,17 @@
---
status: planned
last_updated: 2026-06-15
---
# alknet-dns
> **Status: Planned** — This spec has not been written yet.
## Purpose
DNS handler implementing `ProtocolHandler` on ALPN `alknet/dns`. Uses hickory-proto (`#![no_std]`, WASM-compatible) for DNS wire format and pkarr for self-sovereign DNS. Provides service discovery, control channel via AuthToken in query labels, and encrypted DNS transports (DoT, DoQ, DoH3).
## References
- [overview.md](../../overview.md)
- ADR-002: ProtocolHandler trait

View File

@@ -0,0 +1,21 @@
---
status: planned
last_updated: 2026-06-15
---
# alknet-git
> **Status: Planned** — This spec has not been written yet.
## Purpose
Git smart protocol handler implementing `ProtocolHandler` on ALPN `alknet/git`. Uses gix (Apache-2.0/MIT) for pack generation, ref resolution, and object store. Custom pkt-line protocol adapter for QUIC streams. No HTTP layer — git protocol directly over QUIC.
## Key Questions
- **OQ-10**: Git adapter scope — smart protocol only or full server?
## References
- [overview.md](../../overview.md)
- ADR-002: ProtocolHandler trait

View File

@@ -0,0 +1,23 @@
---
status: planned
last_updated: 2026-06-15
---
# alknet-http
> **Status: Planned** — This spec has not been written yet.
## Purpose
HTTP handler implementing `ProtocolHandler` on ALPN `alknet/http`. Provides axum router with auth middleware, REST API, dashboard, and MCP endpoint. Also handles standard HTTP ALPNs (`h2`, `http/1.1`) and WebTransport upgrade on `h3`.
## Key Questions
- How does HttpAdapter handle both `alknet/http` and standard ALPNs (`h2`, `http/1.1`, `h3`)?
- WebTransport upgrade on `h3` — is this a separate handler or integrated into HttpAdapter?
## References
- [overview.md](../../overview.md)
- ADR-002: ProtocolHandler trait
- ADR-006: ALPN string convention and connection model

View File

@@ -0,0 +1,17 @@
---
status: planned
last_updated: 2026-06-15
---
# alknet-msg
> **Status: Planned** — This spec has not been written yet.
## Purpose
Messaging handler implementing `ProtocolHandler` on ALPN `alknet/msg`. Provides E2E encrypted direct messages (encrypt with recipient's public key) and mixnet support (Chaum 1981: nested encryption, batch-and-reorder, return addresses as digital pseudonyms).
## References
- [overview.md](../../overview.md)
- ADR-002: ProtocolHandler trait

View File

@@ -0,0 +1,18 @@
---
status: planned
last_updated: 2026-06-15
---
# alknet-napi
> **Status: Planned** — This spec has not been written yet.
## Purpose
Node.js native addon providing a call protocol client. Uses napi-rs for FFI. Depends only on alknet-call (not alknet-core) to keep the dependency tree minimal. Exposes connect/disconnect, call operations, and event subscriptions to JavaScript/TypeScript.
## References
- [overview.md](../../overview.md)
- ADR-003: Crate decomposition
- ADR-005: irpc as call protocol foundation

View File

@@ -0,0 +1,21 @@
---
status: planned
last_updated: 2026-06-15
---
# alknet-secret
> **Status: Planned** — This spec has not been written yet. The crate is already implemented and stable.
## Purpose
Standalone crate for BIP39 mnemonic generation, SLIP-0010 Ed25519 HD key derivation, AES-256-GCM encryption, and the `SecretProtocol` irpc service. Does not depend on alknet-core.
## Key Questions
- **OQ-08**: Secret service integration point — irpc service, ALPN handler, or embedded library?
## References
- [overview.md](../../overview.md)
- ADR-003: Crate decomposition (alknet-secret is standalone)

View File

@@ -0,0 +1,18 @@
---
status: planned
last_updated: 2026-06-15
---
# alknet-sftp
> **Status: Planned** — This spec has not been written yet.
## Purpose
SFTP handler implementing `ProtocolHandler` on ALPN `alknet/sftp`. Provides russh-sftp protocol core with 26 packet types, custom serde codec, and pure data transformation. WASM-ready: only `read_packet()` couples to I/O.
## References
- [overview.md](../../overview.md)
- ADR-002: ProtocolHandler trait
- russh-sftp reference: `docs/research/references/ssh/russh-sftp/`

View File

@@ -0,0 +1,29 @@
---
status: planned
last_updated: 2026-06-15
---
# alknet-ssh
> **Status: Planned** — This spec has not been written yet. It will be produced as part of Phase 2 architecture work.
## Purpose
SSH handler implementing `ProtocolHandler` on ALPN `alknet/ssh`. Provides russh-based SSH-2 handshake, channel multiplexing, SOCKS5 proxy, and port forwarding (direct-tcpip, forwarded-tcpip, streamlocal-forward).
## Port Source
| Old module | Lines | Notes |
|---|---|---|
| `src/interface/ssh.rs` | 982 | SSH channel handling |
| `src/server/handler.rs` | 974 | SSH server handler |
| `src/server/channel_proxy.rs` | 555 | Channel proxy |
| `src/client/*` | ~1900 | SOCKS5 client, connect logic |
| `src/socks5/*` | ~800 | SOCKS5 protocol |
## References
- [overview.md](../../overview.md)
- ADR-002: ProtocolHandler trait
- ADR-004: Auth as shared core
- russh reference: `docs/research/references/ssh/russh/`

View File

@@ -0,0 +1,17 @@
---
status: planned
last_updated: 2026-06-15
---
# alknet (CLI)
> **Status: Planned** — This spec has not been written yet.
## Purpose
CLI binary that assembles all handler crates and starts the alknet endpoint. Registers ProtocolHandler implementations with the ALPN router based on configuration. The only crate that depends on all handler crates.
## References
- [overview.md](../../overview.md)
- ADR-003: Crate decomposition