hey, i'm hugh

ed25519 per-agent identity, capability tokens with monotonic attenuation enforced by construction, wasmtime + wasi preview1 sandbox (fuel limits, memory caps, default-deny fs/network), sha-256 hash-chain audit log, per-sender replay protection. three-stage pep: signature and replay verification, policy binding, capability evaluation. ~30k authenticated messages/sec per core. 86 tests across 6 crates. pure rust, no c bindings. github →

two hosts behind consumer nat run gretun up --coordinator <url> and get a direct, kernel-fastpath gre tunnel between them — no port forwarding, no static ips, no manual config. fou encapsulation wraps gre (ip proto 47) in udp so consumer nats can map it and it can be hole-punched. stun over a shared userspace udp socket discovers each node's public ip:port. a small http coordinator registers peers and relays sealed disco envelopes — 6-byte magic + sender curve25519 pubkey + nacl-box body, tailscale-compatible format — and holds no node private keys. hole punching: each side pings published endpoints, first pong wins; symmetric-nat detection built in. control plane: ed25519 + curve25519. data plane: pure kernel gre-over-fou. prometheus metrics, keepalives. go. github →

4-stage pipeline (ingestion → filter → aggregation → output), each stage on its own thread, connected by wait-free spsc ring buffers with cache-line padding so the hot path has zero mutexes. zero-copy data flow via object pool, buffer pool, and arc-shared payloads. adaptive backpressure controller (block, drop, or sample) with hysteresis to avoid thrash under load. hdr-histogram latency metrics with per-stage dashboards. no_std-compatible core (buffer, error, sensor, stage modules) builds without std for embedded targets; std build adds channels, metrics, and the udp/tcp ingest. cargo bench on apple m-series: 2.2b items/sec stage throughput, ~20ns channel latency, 0.3ns ring-buffer push, 9ns pop. 280 tests, published on crates.io + docs.rs. mit/apache-2.0. github → · crates.io →

rust + tokio cli that ingests pcap and classifies flows by coefficient-of-variation on inter-packet timing — cv < 0.1 is a probable c2 beacon, > 1.0 is organic human traffic. ja4-style fingerprints on tls client hellos to flag non-browser tooling. dns tunneling detection via subdomain shannon entropy (> 3.5 bits/char), label length, and txt/null record abuse. http beacon heuristics on post repetition, suspicious user-agents, and payload-size variance. protocol-mismatch flag for tls on non-443 ports. maxmind geoip/asn enrichment, prometheus /metrics, ratatui live tui, throttled+deduped webhook alerts, json/jsonl output for siem ingestion, pcap replay for offline analysis. 218 tests across 10.5k loc. github →