alkdev/alknet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
41062d810e729a7ba5cd2597cebcce7828ad8075
alknet/docs/architecture
History
glm-5.1 41062d810e docs: add configuration architecture research 
Explore static/dynamic config split, hot-reloadable auth via ArcSwap,
forwarding policy, multi-transport listeners, and config file format.
Documents three problems: no auth hot-reload, no forwarding access control,
no structured config beyond CLI flags.

Key findings:
- Static config (transport, TLS, host key) loaded once at startup
- Dynamic config (auth, forwarding, rate limits) reloadable via ArcSwap
- ForwardingPolicy with rule-based allow/deny, first-match evaluation
- Multi-transport: Server spawns Vec<ListenerConfig> sharing auth config
- WebTransport out of scope for now (requires separate auth model)
- Proposes ADR-020 (static/dynamic split), ADR-021 (forwarding policy),
  ADR-022 (multi-transport listeners)

Adds OQ-12 through OQ-17 to open-questions.md.
2026-06-04 09:40:58 +00:00
..
decisions
Review architecture specs, address critical/warning issues, mark reviewed
2026-06-02 07:44:42 +00:00
client.md
Review architecture specs, address critical/warning issues, mark reviewed
2026-06-02 07:44:42 +00:00
napi-and-pubsub.md
Review architecture specs, address critical/warning issues, mark reviewed
2026-06-02 07:44:42 +00:00
open-questions.md
docs: add configuration architecture research
2026-06-04 09:40:58 +00:00
overview.md
Review architecture specs, address critical/warning issues, mark reviewed
2026-06-02 07:44:42 +00:00
README.md
docs: add configuration architecture research
2026-06-04 09:40:58 +00:00
server.md
Review architecture specs, address critical/warning issues, mark reviewed
2026-06-02 07:44:42 +00:00
transport.md
Review architecture specs, address critical/warning issues, mark reviewed
2026-06-02 07:44:42 +00:00
tun-shim.md
Resolve all architecture open questions, add 13 ADRs, update specs
2026-06-01 17:31:28 +00:00

README.md

status, last_updated
status last_updated
reviewed 2026-06-02

Wraith Architecture

Current State

Architecture specification reviewed and ready for implementation. 19 ADRs accepted. Configuration architecture under exploration — see research/configuration.md.

Architecture Documents

Document Status Description
overview.md reviewed Package purpose, exports, dependencies
transport.md reviewed Transport abstraction: TCP, TLS, iroh
client.md reviewed Client connection, SOCKS5, port forwarding
server.md reviewed Server acceptance, channel handling, proxy
tun-shim.md deprecated TUN interface wrapper — deferred, use tun2proxy
napi-and-pubsub.md reviewed NAPI wrapper and pubsub event target adapter

Research Documents

Document Status Description
configuration.md draft Configuration architecture: static/dynamic split, hot reload, forwarding policy

ADR Table

ADR Title Status
001 Pluggable transport via AsyncRead+AsyncWrite trait Accepted
002 TUN shim as separate process Superseded by ADR-014
003 iroh stream via tokio::io::join Accepted
004 SSH runs over transport, not alongside Accepted
005 SOCKS5 as primary interface, TUN as add-on Accepted
006 No logging of tunnel destinations Accepted
007 NAPI exposes single duplex stream Accepted
008 ACME/Let's Encrypt certificate provisioning Accepted
009 Default iroh relay with override Accepted
010 Transport chaining in CLI Accepted
011 Programmatic-first API, no file-based config Accepted
012 Ed25519 keys + OpenSSH cert-authority, no password auth Accepted
013 Fail2ban-friendly logging + built-in rate limiting Accepted
014 Defer TUN, recommend local SOCKS5 + tun2proxy Accepted
015 napi-rs for FFI bridge Accepted
016 NAPI exposes both connect() and serve() Accepted
017 Stealth mode — protocol multiplexing on port 443 Accepted
018 Control channel for pubsub over SSH Accepted
019 --proxy dual semantics (client vs server) Accepted

Open Questions

Most open questions have been resolved. New questions from configuration research — see open-questions.md for details.

Lifecycle Definitions

Status Meaning Transitions
draft Under active development. May change significantly. reviewed when open questions resolved
reviewed Architecture final. Implementation may begin. Changes require review. stable when implementation verified
stable Locked. Changes require review and may warrant an ADR. deprecated when superseded
deprecated Superseded. Kept for reference. Removed when no longer referenced
Reference in New Issue View Git Blame Copy Permalink