Skip to content

gRPC tunnel#85

Open
shawnburke wants to merge 5 commits intomainfrom
grpc-tunnel
Open

gRPC tunnel#85
shawnburke wants to merge 5 commits intomainfrom
grpc-tunnel

Conversation

@shawnburke
Copy link
Collaborator

@shawnburke shawnburke commented Mar 9, 2026

Summary

  • Native Go gRPC bidirectional streaming tunnel to replace snyk-broker for HTTP traffic relay
  • Server-side: gRPC tunnel server with HTTP dispatch, client registry, BROKER_SERVER compat, prometheus metrics
  • Client-side: gRPC tunnel client implementing RelayInstanceManager interface, RequestExecutor for accept file rule matching
  • E2E tests passing in both proxy and no-proxy modes

Test plan

  • Unit tests for RequestExecutor, PendingRequests, ClientRegistry, BrokerServerClient
  • E2E test: text file relay through gRPC tunnel
  • E2E test: binary file relay (1MB, SHA-256 checksum)
  • E2E test: HTTPS relay (GitHub README)
  • E2E test: proxy header injection via mitmproxy
  • E2E test: accept file header injection
  • E2E test: plugin header injection
  • E2E test: gRPC tunnel stream establishment

🤖 Generated with Claude Code

@shawnburke shawnburke force-pushed the grpc-tunnel branch 2 times, most recently from 81bda7d to 63142b6 Compare March 10, 2026 02:58
shawnburke and others added 2 commits March 10, 2026 14:08
@shawnburke @claude
gRPC tunnel
d6e1d18 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@shawnburke @claude
Fix code review issues: send mutex, chunking, heartbeat timeout, body…
66c1df1 
… limits

- C1: Add mutex-protected sendFunc for concurrent gRPC stream sends (client)
- C2: Add 100MB request body size limit with HTTP 413 (server)
- C3: Sort streams by ID for deterministic round-robin dispatch (server)
- I1: Add heartbeat timeout detection via atomic + monitor goroutine (server)
- I2: Wire FailStream on stream close to fail pending dispatch requests (server)
- I3: Add requestAssembler for chunked request reassembly with unit tests (client)
- I4: Check and log all send errors (client)
- I5: Send ServerHello before Register to complete handshake first (server)
- I6: Call ServerStopping before GracefulStop for clean shutdown (server)
- I7: Add Token.String() with truncated hash for safe logging (server)
- Increase E2E binary test to 1.5MB to force chunking through tunnel

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
shawnburke and others added 3 commits March 10, 2026 16:15
@shawnburke @claude
Add HTTP CONNECT proxy support for gRPC tunnel
d182c6d 
- Add buildDialOptions to create gRPC dial options with proxy support
- Use passthrough:/// scheme to skip local DNS resolution when proxied
- Build custom dialer that tunnels gRPC through HTTP CONNECT proxy
- Add proto directory copy to Dockerfile for agent build
- Both PROXY=0 and PROXY=1 relay_test.grpc.sh tests pass

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@shawnburke @claude
Skip registration when BROKER_SERVER_URL and BROKER_TOKEN are set
412216e 
- Refactor startAsync into getConnectionConfig for cleaner logic
- If both env vars are set, connect directly without Cortex API registration
- Add launch.json config for gRPC relay mode with direct connection

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@shawnburke @claude
Add support for accept file 'valid' header requirements
4d744f1 
- Add Valid() method to AcceptFileRuleWrapper to parse the "valid" field
- Update MatchRule to check header requirements before matching a rule
- Rules with "valid" requirements only match if request headers satisfy them
- This fixes rules like the scaffolder rule being matched without x-cortex-service header
- Add comprehensive unit tests for valid header matching

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shawnburke