network-protocol 1.0.1

Secure, high-performance protocol core with backpressure control, structured logging, timeout handling, TLS support, and comprehensive benchmarking for robust Rust networked applications and services.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246

# Changelog

All notable changes to the Network Protocol project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

## [1.0.1] - 2026-01-23

### Security
- **CODE QUALITY**: Refactored TLS `load_client_config()` from 143 lines to 6 focused helper functions, reducing cyclomatic complexity
- **SUPPLY CHAIN**: Updated deny.toml to modern cargo-deny 0.18+ format (removed deprecated keys, improved compatibility)
- **QUALITY GATES**: Applied comprehensive Clippy deny lints: `suspicious` and `correctness` at priority 0, `unwrap/expect/panic` at priority 1
- **CRITICAL**: Resolved all LZ4 decompression OOM attack vectors with pre-validation size checks and 16MB limit

### Added
- **DOCUMENTATION**: Comprehensive module-level documentation for core/protocol/service/utils layers
- **ARCHITECTURE.md**: 500+ line system design document with layer diagrams, data flow, security model, deployment patterns
- **THREAT_MODEL.md**: 300+ line threat analysis with attack scenarios, mitigations, trust boundaries
- **Security Guarantees Section**: Enhanced README with explicit cryptographic, DoS/memory, implementation, and compliance guarantees
- **CI/CD HARDENING**: 
  - Format gate: `cargo fmt --all -- --check`
  - Clippy gate: `cargo clippy -D warnings` across all targets
  - Supply chain: `cargo-deny check` for licenses/advisories/sources
  - Audit gate: `cargo-audit` for known vulnerabilities
  - Fuzz smoke: 30s libFuzzer runs on 3 targets

### Fixed
- **FORMAT**: Corrected whitespace/blank line issues across error.rs, tls.rs to pass `cargo fmt --check`
- **CLIPPY**: Added `#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)]` attributes to all test/bench files:
  - src/protocol/tests.rs (test module)
  - src/protocol/handshake.rs (test module)
  - benches/packet_bench.rs, compression_bench.rs, message_bench.rs
  - tests/stress.rs, config_test.rs, concurrency.rs, tls.rs, perf.rs, dispatcher_bench.rs, test_utils.rs, timeouts.rs, integration.rs, shutdown.rs, edge_cases.rs
  - Fixed inner attribute ordering in tests/timeouts.rs (must come before imports)
  - Fixed `let_unit_value` lint in tests/perf.rs by removing unnecessary let binding
- **DENY.toml**: Removed invalid advisory severity keys (`vulnerability`, `unlicensed`, `copyleft`, `default`), now compatible with cargo-deny 0.18+
- **100% CLEAN**: All 80 tests passing, cargo fmt clean, cargo clippy -D warnings passing, release build optimized

## [Unreleased - Previous entries]

### Security
- **CRITICAL**: Added pre-decompression size validation for LZ4 to prevent OOM DoS attacks from malicious size claims (discovered via fuzzing)
- Refactored the handshake to per-session state with `#[derive(Zeroize)]`, eliminating global mutexed state and ensuring secrets are cleared on drop.
- Added explicit nonce/key zeroization in secure send/receive paths to prevent secret retention in memory.
- Bounded decompression output to `MAX_PAYLOAD_SIZE` (4MB) for LZ4 and Zstd to mitigate compression-bomb DoS vectors.
- Tightened replay protection: 30s maximum age with 2s future skew tolerance for handshake timestamps.
- Authenticated packet headers (magic/version/length) via AEAD associated data to detect header tampering.
- Hardened TLS configuration: validate requested versions/cipher suites, validate pinned cert hash length, and emit warnings when insecure mode disables certificate verification.
- Resolved `cargo-audit` findings by upgrading `rcgen` to 0.14.5 (now 0.14.7 via patch) and pinning `tracing-subscriber` to 0.3.20.
- Updated TLS self-signed certificate generation to use `rcgen` 0.14 `CertifiedKey` API.

### Added
- Comprehensive fuzzing infrastructure using cargo-fuzz and libFuzzer
- Three fuzz targets: packet deserialization, protocol messages, and compression boundaries
- Fuzzing documentation in fuzz/README.md with usage guidelines and CI integration
- Pre-decompression validation of LZ4 claimed size to prevent memory exhaustion
- Configurable `compression_threshold_bytes` to bypass compression for tiny payloads (default 512B)
- Helper APIs `maybe_compress`/`maybe_decompress` for threshold-aware compression
- GitHub Actions fuzz smoke job (nightly, 30s per target)
- Criterion microbenchmarks for packet, compression, message paths
- Stress tests for encode/decode bursts and concurrent async load
- Optimized release/bench profiles (LTO, codegen-units=1, strip symbols)



## [1.0.0] - 2025-08-18

### Added
- Comprehensive configuration management system with extensive customization options
- Support for TOML configuration files with serde serialization/deserialization
- Environment variable overrides for all configuration settings
- Configuration structures for server, client, transport, and logging settings
- Default configuration values aligned with existing protocol constants
- Example configuration file in docs/example_config.toml
- Helper modules for serializing Duration and tracing::Level types
- API for loading configuration from files, environment variables, and TOML strings
- ConfigError variant added to ProtocolError enum for proper error handling
- Custom configuration serialization utilities for duration and log level

### Changed
- Updated service APIs to accept custom configuration parameters
- Enhanced daemon server to use configuration for timeouts, backpressure, and connection limits
- Modified client connection code to support configuration-driven behavior
- Refactored protocol constants into structured configuration objects
- Improved error handling for configuration-related operations
- Added Copy and Clone derives to CompressionKind enum for better ergonomics
- Modified compression utilities to take references instead of values for better performance

### Fixed
- Fixed clippy warnings throughout the codebase for better code quality
- Improved TLS shutdown test stability by increasing startup delay

### Documentation
- Enhanced error documentation across core modules:
  - Added comprehensive error case documentation to compress/decompress functions
  - Added detailed error documentation to timeout utility functions
  - Improved codec documentation with better error case descriptions
  - Enhanced handshake protocol documentation with security considerations
- Updated API documentation with more usage examples
- Clarified error handling patterns in public API functions


## [0.9.9] - 2025-08-17

### Added
- Comprehensive benchmarking documentation in API.md
- Performance metrics reference in README.md
- Benchmark result interpretation guidelines
- Research and evaluation of zero-copy deserialization approaches
- Detailed zero-copy deserialization analysis in docs/zero-copy.md

### Changed
- Improved benchmark tests with proper graceful shutdown
- Enhanced error handling in performance tests
- Added explicit server termination in benchmark tests
- Updated project description and keywords to reflect benchmarking focus

### Fixed
- Fixed "broken pipe" errors in benchmark tests with proper connection handling
- Corrected throughput calculation in benchmarking
- Added proper error documentation for expected benchmark behavior


## [0.9.6] - 2025-08-17

### Added
- Integrated structured logging with `tracing` crate throughout the codebase
- Added `#[tracing::instrument]` attributes to key async functions for enhanced contextual logging
- Created logging configuration module with flexible log level control via environment variables
- Implemented concurrent-safe logging infrastructure for better debugging and observability
- Added configurable connection timeouts for all network operations
- Implemented heartbeat mechanism with keep-alive ping/pong messages
- Added automatic detection and cleanup of dead connections
- Implemented client-side timeout handling with automatic reconnection capability
- Implemented backpressure mechanism in connection handling with bounded channels to prevent server overload
- Added ability to pause reading from connections when processing queues are full

### Changed
- Optimized packet encoding to avoid intermediate Vec<u8> allocations, reducing memory pressure and improving performance
- Replaced all `println!` and `eprintln!` calls with appropriate structured logging macros (`debug!`, `info!`, `warn!`, `error!`)
- Enhanced logging detail with structured fields for better filtering and analysis
- Improved error logging with contextual information across all modules
- Updated documentation examples to use structured logging
- Modified connection handling to use timeout wrappers for all I/O operations
- Enhanced client and server implementations to support configurable timeouts
- Updated network transport layer to detect and report connection timeouts
- Refactored message processing loops to handle keep-alive messages transparently

### Fixed
- Removed deprecated legacy handshake functions (`derive_shared_key`, `verify_server_ack`, `server_handshake_response`)
- Removed deprecated message types (`HandshakeInit`, `HandshakeAck`)
- Removed references to deprecated code from dispatcher, client, and daemon
- Updated API documentation to reflect removal of legacy handshake functionality
- Fixed double error unwrapping in timeout handlers for client and server code
- Corrected handshake state management in parallel test executions
- Fixed client send_and_wait functionality to properly handle timeout errors
- Added proper cleanup of connection resources when timeout or keep-alive failures occur
- Fixed backpressure test freezing by adding proper timeout handling for all async operations
- Added appropriate mutability declarations for client variables in tests

### Security
- Enhanced security by removing insecure legacy handshake implementation


## [0.9.3] - 2025-08-17

### Added
- Cross-platform support for local transport (Windows compatibility)
- Windows-compatible alternative for Unix Domain Sockets using TCP
- Updated client and server binaries to work across platforms
- Secure handshake protocol using ECDH key exchange
- Protection against replay attacks using timestamps and nonce verification
- TLS support for secure external connections
- Self-signed certificate generation capability for development
- Dedicated TLS transport layer with client and server implementations
- Certificate pinning functionality for enhanced security in TLS connections
- Mutual TLS authentication (mTLS) support for bidirectional certificate verification
- Configuration options for TLS protocol versions (TLS 1.2, TLS 1.3)
- Customizable cipher suite selection for TLS connections
- Graceful shutdown support for all server implementations:
  - Signal handling (CTRL+C) for clean termination
  - Active connection tracking and draining
  - Configurable shutdown timeouts
  - Resource cleanup during shutdown (sockets, files, etc.)
  - Heartbeat task termination for cluster transport

### Changed
- Improved error handling in client/server binaries
- Updated format strings to use modern Rust syntax
- Fixed Clippy warnings throughout the codebase
- Added Default implementation for Dispatcher
- Replaced manual slice copying with more efficient `copy_from_slice` operations
- Added proper deprecated attribute handling for legacy message variants
- Fixed key derivation to ensure consistent shared secrets in secure handshake
- Replaced all `unwrap()` and `expect()` calls with proper error handling using Result propagation
- Added serialization support for ProtocolError with serde's Serialize/Deserialize traits
- Updated return types for handshake functions to use Result consistently
- Modified client handshake code to properly handle Result types
- Implemented graceful shutdown mechanism for the daemon server with proper signal handling
- Added comprehensive error propagation throughout the service layer
- Standardized graceful shutdown mechanism across all transport implementations
- Implemented proper shutdown test suite for verifying graceful termination

### Fixed
- Fixed intermittent test failures in secure handshake tests
- Added deterministic test keys for stable test behavior
- Implemented explicit nonce setting for reproducible tests
- Fixed integration tests to use random available ports to avoid port conflicts
- Corrected type mismatches in client connection code
- Resolved unused variable warnings
- Fixed unused Result warnings in daemon and server code

### Security
- Implemented Elliptic Curve Diffie-Hellman (ECDH) key exchange using x25519-dalek
- Added timestamp verification to prevent replay attacks
- Enhanced key derivation using SHA-256 and multiple entropy sources
- Ensured forward secrecy with ephemeral key pairs
- Deprecated the previous insecure handshake implementation



## [0.9.0] - 2025-07-29

### Added
- Initial release of Network Protocol
- Core packet structure with serialization and deserialization
- Protocol message types and dispatcher
- Transport layer with remote and cluster support
- Service layer with client and daemon implementations
- Secure connection handling with handshake protocol
- Cross-platform CI testing workflow

### Security
- Implemented secure handshake mechanism
- Added encryption for protocol messages

[Unreleased]: https://github.com/jamesgober/network-protocol/compare/v1.0.1...HEAD
[1.0.1]: https://github.com/jamesgober/network-protocol/compare/v1.0.0...v1.0.1
[1.0.0]: https://github.com/jamesgober/network-protocol/compare/v0.9.9...v1.0.0
[0.9.9]: https://github.com/jamesgober/network-protocol/compare/v0.9.6...v0.9.9
[0.9.6]: https://github.com/jamesgober/network-protocol/compare/v0.9.3...v0.9.6
[0.9.3]: https://github.com/jamesgober/network-protocol/compare/0.9.0...v0.9.3
[0.9.0]: https://github.com/jamesgober/network-protocol/releases/tag/0.9.0