Expand description
Secure tunneling library for agent-rust
This crate provides the shared types and cryptography for establishing secure tunnels between a local agent server and remote clients through a relay server.
§Architecture
┌─────────────────┐ WebSocket ┌─────────────────┐
│ Local Agent │◄═══════════════════════════►│ Relay Server │
│ --serve │ (encrypted traffic) │ (public VPS) │
│ --tunnel │ │ │
└─────────────────┘ └────────┬────────┘
│
│ HTTPS
▼
┌─────────────────┐
│ Remote Client │
│ --connect URL │
└─────────────────┘§Security
All traffic is end-to-end encrypted using XChaCha20-Poly1305:
- The encryption key is generated by the local agent
- The key is embedded in the URL fragment (never sent to servers)
- The relay server cannot decrypt or modify traffic
§URL Format
https://{tunnel_id}.relay.example.com#{encryption_key}
└──────────────────────────┘ └──────────────┘
Subdomain Fragment (client-side only)Re-exports§
pub use crypto::TunnelCrypto;pub use crypto::TunnelKey;pub use crypto::KEY_SIZE;pub use crypto::NONCE_SIZE;pub use protocol::message_type;pub use protocol::url::TunnelUrl;pub use protocol::ControlMessage;pub use protocol::DataMessage;pub use protocol::WireMessage;
Modules§
Constants§
- DEFAULT_
RELAY_ URL - Default relay server URL
- PROTOCOL_
VERSION - Current protocol version
- RELAY_
URL_ ENV - Environment variable for relay URL override