- Added safeguards to restrict HTTP body and stream payload sizes to 4KiB (`StreamChunkSize`) in the Protobuf codec.
- Updated client logic to apply consistent limits for streaming and non-streaming scenarios.
- Improved error handling with clear messages for oversized payloads.
- Added support for `StreamOpen`, `StreamData`, `StreamClose`, and `StreamAck` types in the Protobuf codec.
- Defined new pseudo-header constants for HTTP-over-stream tunneling.
- Introduced `StreamChunkSize` constant for MTU-safe payload sizes (4 KiB).
- Updated encoding and decoding logic to handle stream-based types seamlessly.
- Defined `hopgate_stream.proto` with message definitions for stream-based DTLS tunneling, including `Request`, `Response`, `StreamOpen`, `StreamData`, `StreamAck`, and `StreamClose`.
- Added `Envelope` container for top-level message encapsulation.
- Integrated Protobuf code generation into the `Makefile` using `protoc` with `protoc-gen-go`.
- Generated Go types under `internal/protocol/pb`.
- Introduced `WireCodec` interface in `internal/protocol/codec.go` to abstract serialization/deserialization logic.
- Updated server and client to use `DefaultCodec`, replacing direct JSON encoding/decoding.
- Eliminated `bufio.Reader` from session handling, as `DefaultCodec` manages buffering for DTLS sessions.
- Marked related protocol tasks in `progress.md` as complete.
- Replaced single-envelope JSON model with a stream/frame-based protocol using `StreamOpen`, `StreamData`, and `StreamClose` for chunked transmission.
- Added application-level ARQ with selective retransmission (`StreamAck`) for reliability over DTLS/UDP.
- Defined MTU-safe chunk sizes and sequence-based flow control to handle large HTTP bodies effectively.
- Updated `internal/protocol` for structured stream message handling, including ACK/NACK support.
- Documented potential transition to binary serialization for performance optimization.
- Refactored HTTP tunneling protocol to use `protocol.Envelope` for better extensibility.
- Implemented support for message types including HTTP requests, stream handling, and responses.
- Added common security headers like HSTS and X-Forwarded-For processing for improved security and identity handling.
- Introduced GitHub Actions workflow to build and publish Docker images to GHCR.
- Added new protocol structures for stream-based communication in anticipation of future WebSocket/TCP tunneling.
- Updated `go.sum` to remove unused dependencies and reflect new changes.
