- Introduced `WireCodec` interface in `internal/protocol/codec.go` to abstract serialization/deserialization logic.
- Updated server and client to use `DefaultCodec`, replacing direct JSON encoding/decoding.
- Eliminated `bufio.Reader` from session handling, as `DefaultCodec` manages buffering for DTLS sessions.
- Marked related protocol tasks in `progress.md` as complete.
- Replaced single-envelope JSON model with a stream/frame-based protocol using `StreamOpen`, `StreamData`, and `StreamClose` for chunked transmission.
- Added application-level ARQ with selective retransmission (`StreamAck`) for reliability over DTLS/UDP.
- Defined MTU-safe chunk sizes and sequence-based flow control to handle large HTTP bodies effectively.
- Updated `internal/protocol` for structured stream message handling, including ACK/NACK support.
- Documented potential transition to binary serialization for performance optimization.
- Designed a stream/frame-based protocol leveraging `StreamOpen`, `StreamData`, and `StreamClose` fields for chunked transmission.
- Addressed DTLS/UDP MTU limits by capping tunneled body sizes to 48 KiB and replacing oversized responses with `502 Bad Gateway`.
- Updated `internal/protocol` to enable safe handling of large HTTP bodies via streaming.
- Documented future work on replacing JSON with binary encoding for improved performance.
- Added `canonicalizeDomainForDNS` to normalize domain strings for DNS and DB lookups.
- Implemented `domainGateValidator` to verify if client-provided domains resolve to expected IPs (`HOP_ACME_EXPECT_IPS`) using A/AAAA DNS queries.
- Included a fallback for DB-only validation if `HOP_ACME_EXPECT_IPS` is unset or empty.
- Updated `parseExpectedIPsFromEnv` to parse and validate IP lists from environment variables.
- Marked relevant handshake enhancements in `progress.md` as completed.
- Updated `domain_validator` to strip brackets from IPv6 addresses for proper normalization when `net.SplitHostPort` fails.
- Marked the Admin API integration task in `progress.md` as complete.
- Added `entDomainValidator` implementation to validate `(domain, client_api_key)` combinations from the `Domain` table using `ent.Client`.
- Replaced dummy validator with the new ent-based validator in server initialization.
- Updated documentation and progress tracking for domain validation implementation.
- Ensured compatibility with `host` and `host:port` formats by normalizing domain strings during validation.
- Implemented custom HTML templates for `400`, `404`, `500`, and `525` error pages with multilingual support.
- Added embedded file system for error page templates and assets.
- Introduced fallback mechanism to serve minimal plain text for missing error templates.
- Integrated TailwindCSS for styling error pages, with a build script in `package.json`.
- Introduced `HOP_ACME_STANDALONE_ONLY` env variable to run the ACME client without starting HTTP/DTLS servers.
- Allows certificate issuance/renewal solely and exits upon completion.
- Includes initialization of the ACME manager with domain verification, certificate management, and caching mechanisms. DomainService and expand Admin API
- Added `DomainServiceImpl` with support for registering, unregistering, and querying domains.
- Expanded Admin API with new endpoints:
- `GET /api/v1/admin/domains/exists` to check domain registration status.
- `GET /api/v1/admin/domains/status` to retrieve detailed domain information.
- Updated server initialization to wire `DomainService` and Admin API routes.
- Documented new Admin API endpoints in `API.md`.
- Introduced Prometheus metrics tracking for DTLS handshakes, HTTP requests, and proxy errors.
- Defined counters and histograms with labels for detailed observability.
- Registered metrics via `MustRegister` during server initialization.
- Added `/metrics` endpoint protected by host domain filtering.
- Updated HTTP handler to capture request metadata and record metrics.
- Integrated metrics tracking for DTLS handshake processes and various error conditions.
- Updated `go.mod` and `go.sum` with Prometheus client dependencies.
- Marked proxy implementation, ACME integration, and wiring tasks as complete.
- Updated details for ACME HTTP-01 challenge handling and certificate management.
- Added notes on remaining milestones, including TLS-ALPN-01 support and strategy refinement.
