bunny-lab/Borealis-Github-Replica
1
0
Fork 0
mirror of https://github.com/bunny-lab-io/Borealis.git synced 2025-12-16 10:45:48 -07:00
Code Issues Packages Projects Releases Wiki Activity

Plan Implemented to Overhaul Reverse Tunnel Orchestration

Browse Source
This commit is contained in:
Nicole Rappe
2025-12-16 01:17:44 -07:00
parent 9b848d4a0a
commit 2d5e444dbf
2 changed files with 157 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Docs/Codex/REVERSE_TUNNEL_UPDATES.md
View File

@@ -1,11 +0,0 @@
# Reverse Tunnel Updates Checklist
Keep these tasks aligned with `Docs/Codex/REVERSE_TUNNELS.md` and the current Engine/Agent implementations.
- [ ] **Signed tokens only**: Require Ed25519 signing when issuing tunnel tokens and have both Engine and Agent reject unsigned tokens (no unsigned fallbacks).
- [ ] **Agent-targeted start/stop**: Emit `reverse_tunnel_start/stop` to the intended agent only (Socket.IO room or equivalent), not a broadcast.
- [ ] **Close per-lease listeners**: When a lease ends (stop/idle/grace/agent disconnect), close the WebSocket server bound to that lease port and free it.
- [ ] **Enforce idle/grace fully**: Lease sweeper should call `stop_tunnel` for expired/idle leases; Agent watchdog should treat `expires_at` as an absolute cutoff (no doubled grace).
- [ ] **TLS required**: Refuse to start tunnel listeners without cert/key (or pinned bundle); disable plaintext listeners and surface clear errors.
Out of scope (per current decision): payload size limits and backpressure changes.