yosebyte
diff --git a/‎.github/copilot-instructions.md‎
Lines changed: 214 additions & 0 deletions b/‎.github/copilot-instructions.md‎
Lines changed: 214 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 7 additions & 3 deletions b/‎README.md‎
Lines changed: 7 additions & 3 deletions
diff --git a/‎README_zh.md‎
Lines changed: 8 additions & 4 deletions b/‎README_zh.md‎
Lines changed: 8 additions & 4 deletions
@@ -0,0 +1,214 @@
+# NodePass AI Coding Agent Instructions
+
+## Project Overview
+
+NodePass is an enterprise-grade TCP/UDP network tunneling solution with a three-tier architecture supporting server, client, and master modes. The core is written in Go with a focus on performance, security, and minimal configuration.
+
+## Architecture Essentials
+
+### Three-Tier S/C/M Architecture
+
+1. **Server Mode** (`internal/server.go`): Accepts tunnel connections, manages connection pools, forwards traffic bidirectionally
+2. **Client Mode** (`internal/client.go`): Connects to servers, supports single-end forwarding or dual-end handshake modes
+3. **Master Mode** (`internal/master.go`): RESTful API for dynamic instance management with persistent state in `nodepass.gob`
+
+### Critical Design Patterns
+
+- **Separation of Control/Data Channels**: 
+  - Control channel: Unencrypted TCP for signaling (`np://` scheme with fragments)
+  - Data channel: Configurable TLS (modes 0/1/2) for actual traffic
+  
+- **Connection Pooling**: Pre-established connections via `github.com/NodePassProject/pool` library
+  - Server controls `max` pool capacity, passes to client during handshake
+  - Client manages `min` capacity for persistent connections
+  
+- **Bidirectional Data Flow**: Automatic mode detection in `Common.runMode`
+  - Mode 0: Auto-detect based on target address bindability
+  - Mode 1: Reverse/single-end (server receives OR client listens locally)
+  - Mode 2: Forward/dual-end (server sends OR client connects remotely)
+
+### External Dependencies (NodePassProject Ecosystem)
+
+All critical networking primitives are in separate libraries:
+- `github.com/NodePassProject/cert`: TLS certificate generation and management
+- `github.com/NodePassProject/conn`: Custom connection types (`StatConn`, `TimeoutReader`, `DataExchange`)
+- `github.com/NodePassProject/logs`: Structured logging with levels (None/Debug/Info/Warn/Error/Event)
+- `github.com/NodePassProject/pool`: Connection pool management for both server and client
+
+**Never modify these libraries directly** - they're external dependencies. Use their exported APIs only.
+
+## Configuration System
+
+### URL-Based Configuration
+
+All modes use URL-style configuration: `scheme://[password@]host:port/target?param=value`
+
+**Server**: `server://bind_addr:port/target_addr:port?max=1024&tls=1&log=debug`
+**Client**: `client://server_addr:port/local_addr:port?min=128&mode=0&rate=100`
+**Master**: `master://api_addr:port/prefix?log=info&tls=2&crt=path&key=path`
+
+### Query Parameters
+
+- `log`: none|debug|info|warn|error|event (default: info)
+- `tls`: 0=plain, 1=self-signed, 2=custom cert (server/master only)
+- `min`/`max`: Connection pool capacity (client sets min, server sets max)
+- `mode`: 0=auto, 1=reverse/single-end, 2=forward/dual-end
+- `read`: Timeout duration (e.g., 1h, 30m, 15s)
+- `rate`: Mbps bandwidth limit (0=unlimited)
+- `slot`: Max concurrent connections (default: 65536)
+- `proxy`: PROXY protocol v1 support (0=off, 1=on)
+
+### Environment Variables for Tuning
+
+See `internal/common.go` for all `NP_*` environment variables:
+- `NP_TCP_DATA_BUF_SIZE`: TCP buffer size (default: 16384)
+- `NP_UDP_DATA_BUF_SIZE`: UDP buffer size (default: 2048)
+- `NP_HANDSHAKE_TIMEOUT`: Handshake timeout (default: 5s)
+- `NP_POOL_GET_TIMEOUT`: Pool connection timeout (default: 5s)
+- `NP_REPORT_INTERVAL`: Health check interval (default: 5s)
+- `NP_RELOAD_INTERVAL`: TLS cert reload interval (default: 1h)
+
+## Development Workflow
+
+### Building
+
+```bash
+# Development build
+go build -o nodepass ./cmd/nodepass
+
+# Release build (mimics .goreleaser.yml)
+go build -trimpath -ldflags="-s -w -X main.version=dev" -o nodepass ./cmd/nodepass
+```
+
+### Testing Manually
+
+No automated test suite exists currently. Test via real-world scenarios:
+
+```bash
+# Terminal 1: Server with debug logging
+./nodepass "server://0.0.0.0:10101/127.0.0.1:8080?log=debug&tls=1&max=256"
+
+# Terminal 2: Client
+./nodepass "client://localhost:10101/127.0.0.1:9090?log=debug&min=64"
+
+# Terminal 3: Master mode for API testing
+./nodepass "master://0.0.0.0:9090/api?log=debug&tls=0"
+```
+
+Test all TLS modes (0, 1, 2) and protocol types (TCP, UDP). Verify graceful shutdown with SIGTERM/SIGINT.
+
+### Release Process
+
+Uses GoReleaser on tag push (`v*.*.*`). See `.goreleaser.yml` for build matrix (Linux, Windows, macOS, FreeBSD across multiple architectures).
+
+## Code Patterns & Conventions
+
+### Error Handling
+
+Always wrap errors with context using `fmt.Errorf("function: operation failed: %w", err)`
+
+### Logging
+
+Use the injected `logger` instance with appropriate levels:
+```go
+logger.Debug("Detailed info: %v", detail)  // Verbose debugging
+logger.Info("Operation: %v", status)       // Normal operations
+logger.Warn("Non-critical issue: %v", err) // Recoverable problems
+logger.Error("Critical error: %v", err)    // Functionality affected
+logger.Event("Traffic stats: %v", stats)   // Important events
+```
+
+### Goroutine Management
+
+All long-running goroutines must:
+1. Check `ctx.Err()` regularly for cancellation
+2. Use proper cleanup with `defer` statements
+3. Handle panics in critical sections
+4. Release resources (slots, buffers, connections) on exit
+
+### Buffer Pooling
+
+Always use `Common.getTCPBuffer()` / `Common.putTCPBuffer()` or UDP equivalents to minimize allocations:
+```go
+buf := c.getTCPBuffer()
+defer c.putTCPBuffer(buf)
+// ... use buf
+```
+
+### Connection Slot Management
+
+Before creating connections:
+```go
+if !c.tryAcquireSlot(isUDP) {
+    return fmt.Errorf("slot limit reached")
+}
+defer c.releaseSlot(isUDP)
+```
+
+### Comments Style
+
+Maintain bilingual (Chinese/English) comments for public APIs and exported functions:
+```go
+// NewServer 创建新的服务端实例
+// NewServer creates a new server instance
+func NewServer(parsedURL *url.URL, ...) (*Server, error) { ... }
+```
+
+## Master Mode Specifics
+
+### API Structure
+
+RESTful endpoints at `/{prefix}/*` (default `/api/*`):
+- Instance CRUD: POST/GET/PATCH/PUT/DELETE on `/instances` and `/instances/{id}`
+- Real-time events: SSE stream at `/events` (types: initial, create, update, delete, shutdown, log)
+- OpenAPI docs: `/openapi.json` and `/docs` (Swagger UI)
+
+### State Persistence
+
+All instances stored in `nodepass.gob` using Go's `encoding/gob`:
+- Auto-saved on instance changes via `saveMasterState()`
+- Restored on startup via `restoreMasterState()`
+- Mutex-protected writes with `stateMu`
+
+### API Authentication
+
+API Key in `X-API-Key` header. Special instance ID `********` for key regeneration via PATCH action `restart`.
+
+## Common Pitfalls
+
+1. **Don't modify NodePassProject libraries**: These are external dependencies, not internal packages
+2. **Always decode before using tunnel URLs**: Use `Common.decode()` for base64+XOR encoded data
+3. **TLS mode is server-controlled**: Clients receive TLS mode during handshake, don't override
+4. **Pool capacity coordination**: Server sets `max`, client sets `min` - they must align correctly
+5. **UDP session cleanup**: Sessions in `targetUDPSession` require explicit cleanup with timeouts
+6. **Certificate hot-reload**: Only applies to `tls=2` mode with periodic checks every `ReloadInterval`
+7. **Graceful shutdown**: Use context cancellation propagation, don't abruptly close connections
+
+## Key Files Reference
+
+- `cmd/nodepass/main.go`: Entry point, version variable injection
+- `cmd/nodepass/core.go`: Mode dispatch, TLS setup, CLI help formatting
+- `internal/common.go`: Shared primitives (buffer pools, slot management, encoding, config init)
+- `internal/server.go`: Server lifecycle, tunnel handshake, forward/reverse modes
+- `internal/client.go`: Client lifecycle, single-end/dual-end modes, tunnel connection
+- `internal/master.go`: HTTP API, SSE events, instance subprocess management, state persistence
+- `docs/en/how-it-works.md`: Detailed architecture documentation
+- `docs/en/configuration.md`: Complete parameter reference
+- `docs/en/api.md`: Master mode API specification
+
+## Documentation Requirements
+
+When adding features:
+1. Update relevant `docs/en/*.md` and `docs/zh/*.md` files
+2. Add examples to `docs/en/examples.md`
+3. Document new query parameters in `docs/en/configuration.md`
+4. Update API endpoints in `docs/en/api.md` if touching master mode
+5. Keep README.md feature list current
+
+## Additional Notes
+
+- Project uses Go 1.25+ features, maintain compatibility
+- Single binary with no external runtime dependencies (except TLS cert files for mode 2)
+- Focus on zero-configuration deployment - defaults should work for most use cases
+- Performance-critical paths: buffer allocation, connection pooling, data transfer loops
+- Security considerations: TLS mode selection, API key protection, input validation on master API
@@ -47,7 +47,7 @@ English | [简体中文](README_zh.md)
 - **📈 Performance**
   - Intelligent scheduling, auto-tuning, ultra-low resource usage.
   - Stable under high concurrency and heavy load.
-  - Health checks, auto-reconnect, self-healing.
+  - Load balancing, health checks, self-healing and more.
 
 - **💡 Visualization**
   - Rich cross-platform visual frontends.
@@ -100,7 +100,7 @@ The [NodePassProject](https://github.com/NodePassProject) organization develops
 
 - **[npsh](https://github.com/NodePassProject/npsh)**: A collection of one-click scripts that provide simple deployment for API or Dashboard with flexible configuration and management.
 
-- **[NodePass-ApplePlatforms](https://github.com/NodePassProject/NodePass-ApplePlatforms)**: An iOS/macOS application that offers a native experience for Apple users.
+- **[NodePass-ApplePlatforms](https://github.com/NodePassProject/NodePass-ApplePlatforms)**: A service-oriented iOS/macOS application that offers a native experience for Apple users.
 
 - **[nodepass-core](https://github.com/NodePassProject/nodepass-core)**: Development branch, featuring previews of new functionalities and performance optimizations, suitable for advanced users and developers.
 
@@ -112,12 +112,16 @@ The [NodePassProject](https://github.com/NodePassProject) organization develops
 
 ## 📄 License
 
-Project `NodePass` is licensed under the [BSD 3-Clause License](LICENSE).
+Project **NodePass** is licensed under the [BSD 3-Clause License](LICENSE).
 
 ## ⚖️ Disclaimer
 
 This project is provided "as is" without any warranties. Users assume all risks and must comply with local laws for legal use only. Developers are not liable for any direct, indirect, incidental, or consequential damages. Secondary development requires commitment to legal use and self-responsibility for legal compliance. Developers reserve the right to modify software features and this disclaimer at any time. Final interpretation rights belong to developers.
 
+## 🔗 NFT Support
+
+Support **NodePass** in a unique way by checking out our NFT collection on [OpenSea](https://opensea.io/collection/nodepass).
+
 ## 🤝 Sponsors
 
 <table>
 
@@ -47,7 +47,7 @@
 - **📈 高性能优化**
   - 智能流量调度与自动连接调优，极低资源占用。
   - 高并发、高负载状态下卓越的系统稳定性能。
-  - 健康检查、断线重连、故障自愈，确保持续高可用。
+  - 负载均衡、健康检查、故障自愈，确保持续高可用。
 
 - **💡 可视化管理**
   - 配套跨平台、多样化的管理前端应用，具备可视化配置能力。
@@ -100,7 +100,7 @@ nodepass "master://:10101/api?log=debug&tls=1"
 
 - **[npsh](https://github.com/NodePassProject/npsh)**: 简单易用的 NodePass 一键脚本合集，包括 API 主控、Dash 面板的安装部署、灵活配置和辅助管理。
 
-- **[NodePass-ApplePlatforms](https://github.com/NodePassProject/NodePass-ApplePlatforms)**: 一款为 Apple 用户提供原生体验的 iOS/macOS 应用程序。
+- **[NodePass-ApplePlatforms](https://github.com/NodePassProject/NodePass-ApplePlatforms)**: 面向服务的 iOS/macOS 应用，为 Apple 用户提供原生体验。
 
 - **[nodepass-core](https://github.com/NodePassProject/nodepass-core)**: 开发分支，包含新功能预览和性能优化测试，适合高级用户和开发者。
 
@@ -112,11 +112,15 @@ nodepass "master://:10101/api?log=debug&tls=1"
 
 ## 📄 许可协议
 
-`NodePass`项目根据[BSD 3-Clause许可证](LICENSE)授权。
+**NodePass** 项目根据 [BSD 3-Clause 许可证](LICENSE)授权。
 
 ## ⚖️ 免责声明
 
-本项目以“现状”提供，开发者不提供任何明示或暗示的保证。用户使用风险自担，需遵守当地法律法规，仅限合法用途。开发者对任何直接、间接、偶然或后果性损害概不负责。进行二次开发须承诺合法使用并自负法律责任。开发者保留随时修改软件功能及本声明的权利。最终解释权归开发者所有。
+本项目以"现状"提供，开发者不提供任何明示或暗示的保证。用户使用风险自担，需遵守当地法律法规，仅限合法用途。开发者对任何直接、间接、偶然或后果性损害概不负责。进行二次开发须承诺合法使用并自负法律责任。开发者保留随时修改软件功能及本声明的权利。最终解释权归开发者所有。
+
+## 🔗 NFT 支持
+
+以独特方式支持 **NodePass**，查看我们在 [OpenSea](https://opensea.io/collection/nodepass) 上的 NFT 收藏。
 
 ## 🤝 赞助商