s5p/TASKS.md

# s5p -- Tasks

## Current

- [x] Scaffold project structure
- [x] Implement SOCKS5 server
- [x] Implement protocol handshakes (SOCKS5, SOCKS4/4a, HTTP CONNECT)
- [x] Implement chain builder
- [x] CLI and config loading
- [x] Unit tests (config, proto)
- [x] Documentation
- [x] Smoke test with Tor
- [x] Containerfile + compose.yaml (Alpine)
- [x] Graceful SIGTERM shutdown
- [x] cProfile support (`--cprofile`)
- [x] Config split (example.yaml tracked, s5p.yaml gitignored)

- [x] Dynamic proxy source API integration
- [x] Connection retry with proxy rotation
- [x] Connection metrics (periodic + shutdown logging)
- [x] Managed proxy pool (multi-source, health-tested, persistent)
- [x] Weighted proxy selection (prefer recently-tested proxies)
- [x] Per-proxy backoff (60s cooldown after connection failure)
- [x] Stale proxy expiry (evict dead proxies not seen for 3 refresh cycles)
- [x] Pool stats in periodic metrics log (`pool=alive/total`)
- [x] Fast warm start (trust cached state, defer all health tests)
- [x] Static chain health check (skip pool tests if chain unreachable)
- [x] SIGHUP hot config reload (timeout, retries, log_level, pool config)
- [x] Dead proxy reporting (`report_url` POST evicted proxies to API)
- [x] Concurrent connection semaphore (`max_connections`, CLI `-m`)
- [x] Async HTTP client (replace blocking urllib, parallel source fetch)
- [x] First-hop TCP connection pool (`pool_size`, `pool_max_idle`)

- [x] Codebase consolidation (refactor/codebase-consolidation)
  - [x] Extract shared proxy parsing and constants to config.py
  - [x] Consolidate health-check HTTP logic in pool
  - [x] Remove threading from metrics (pure asyncio, no lock needed)
  - [x] Replace `ensure_future` with `create_task`
  - [x] Rename ambiguous variables in config loader
  - [x] Remove legacy ProxySource layer (source.py deleted)
  - [x] Add tests for extracted `parse_api_proxies`
- [x] Instant warm start (trust cached state, defer all health tests)
- [x] Register signal handlers before startup (fix SIGKILL on stop)
- [x] Use k8s-file logging driver with rotation
- [x] Built-in control API (`api.py`, `--api`, `api_listen`)

- [x] Tor control port integration (NEWNYM signaling, periodic rotation)
- [x] Replace HTTP health check with TLS handshake (round-robin targets, no httpbin dependency)

- [x] Multi-listener with configurable proxy chaining (per-port chain depth)
- [x] Connection rate and chain latency metrics (rate/s, p50/p95/p99)
- [x] Per-listener latency tracking
- [x] Dynamic health test concurrency
- [x] Multi-Tor round-robin via `tor_nodes` config
- [x] Named proxy pools with per-listener assignment (`proxy_pools:`, `pool:`)
  - [x] `mitm` source filter (`?mitm=0` / `?mitm=1` API query param)
  - [x] Per-pool state files (`pool-{name}.json`)
  - [x] Per-pool log prefixes (`pool[name]: ...`)
  - [x] API: merged `/pool` with per-pool breakdown, `/status` pools summary
  - [x] Backward compat: singular `proxy_pool:` registers as `"default"`

- [x] Integration tests with mock SOCKS5 proxy (end-to-end)
- [x] Per-destination bypass rules (CIDR, suffix, exact match)
- [x] Weighted multi-candidate pool selection
- [x] Onion chain-only routing (.onion skips pool hops)
- [x] Graceful shutdown timeout (fixes cProfile data dump)

- [x] Gitea CI workflow (lint + test + Harbor image push)

## v0.3.0 Stabilization
- [x] Version bump to 0.3.0
- [x] Systemd service unit (`config/s5p.service`, `make install-service`)
- [x] CLI argument parsing tests (`tests/test_cli.py`)
- [x] Protocol handshake tests (`tests/test_proto.py` -- SOCKS5/4/HTTP)
- [x] API reference documentation (`docs/USAGE.md`)
- [x] Prometheus `/metrics` endpoint (OpenMetrics format)

## Quick Wins
- [x] Listener-level retry override (`retries` per listener)
- [x] Pool-level proxy protocol filter (`allowed_protos` on proxy pool)
- [x] Document connection pooling (`pool_size`/`pool_max_idle` in CHEATSHEET.md)

## Next
- [ ] UDP ASSOCIATE support
- [ ] BIND support
- [ ] Chain randomization