alkdev/alknet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
alknet/tasks/server/handler.md
glm-5.1 5c820a41e9 tasks: decompose Phase 0a ADR foundation and mark prior tasks completed 
Add 10 new tasks under tasks/architecture/ for Phase 0a (ADR writing):
- 9 ADR tasks (026-034) with dependency-ordered structure
- 1 review checkpoint task before Phase 0b spec writing

ADR dependency graph (3 generations):
  Gen 1 (parallel): 026, 029, 030, 031, 032, 034
  Gen 2 (depends on 029): 027, 028
  Gen 3 (depends on 027+028): 033
  Gen 4: review checkpoint

Also mark all 34 prior implementation tasks as completed — they
were finished but still showing as pending in the taskgraph.
2026-06-07 08:55:33 +00:00

2.2 KiB
Raw Permalink Blame History

id, name, status, depends_on, scope, risk, impact, level
id name status depends_on scope risk impact level
server/handler Implement ServerHandler — russh server handler with auth and channel dispatch completed
auth/server-auth-handler
transport/trait-and-types
moderate medium component implementation

Description

Implement the core ServerHandler that implements russh::server::Handler. This is the heart of the server. Per server.md, it has two primary responsibilities:

  1. auth_publickey(): Delegated to ServerAuthConfig — checks key against authorized set or validates cert-authority
  2. channel_open_direct_tcpip(): Routes the channel — either to a TCP target (directly or via proxy) or internally for reserved alknet-* destinations (ADR-018)

At this stage, implement the handler struct, auth delegation, and the channel dispatch skeleton (actual TCP connection and proxy logic in dependent tasks).

Acceptance Criteria

  • crates/alknet-core/src/server/handler.rs exports ServerHandler
  • ServerHandler implements russh::server::Handler
  • ServerHandler holds: Arc<ServerAuthConfig>, outbound_proxy: Option<ProxyConfig>, remote_addr: Option<SocketAddr>
  • auth_publickey() delegates to ServerAuthConfig and returns Accept or Reject
  • channel_open_direct_tcpip() dispatches: if host.starts_with("alknet-"), route to internal handler (stub for control channel); otherwise, spawn TCP proxy task (stub that logs and returns error for now)
  • One ServerHandler instance per connection; state is not shared between connections (unless explicitly Arc'd)
  • Structured auth logging via tracing::info! with remote_addr, key_fingerprint, result (ADR-013)
  • Unit tests: auth delegation works, reserved destination routing logic, unknown channel types rejected

References

  • docs/architecture/server.md — Server Handler Behavior section, channel handling
  • docs/architecture/decisions/018-control-channel-for-pubsub.md — reserved alknet-* destinations
  • docs/architecture/decisions/013-fail2ban-friendly-logging.md — structured auth logging

Notes

To be filled by implementation agent

Summary

To be filled on completion

Reference in New Issue View Git Blame Copy Permalink