smartproxy/readme.plan.md

# SmartProxy Connection Limiting Improvements Plan

Command to re-read CLAUDE.md: `cat /home/philkunz/.claude/CLAUDE.md`

## Issues Identified

1. **HttpProxy Bypass**: Connections forwarded to HttpProxy for TLS termination only check global limits, not per-IP limits
2. **Missing Route-Level Connection Enforcement**: Routes can define `security.maxConnections` but it's never enforced
3. **Cleanup Queue Race Condition**: New connections can be added to cleanup queue while processing
4. **IP Tracking Memory Optimization**: IP entries remain in map even without active connections

## Implementation Steps

### 1. Fix HttpProxy Per-IP Validation ✓
- [x] Pass IP information to HttpProxy when forwarding connections
- [x] Add per-IP validation in HttpProxy connection handler
- [x] Ensure connection tracking is consistent between SmartProxy and HttpProxy

### 2. Implement Route-Level Connection Limits ✓
- [x] Add connection count tracking per route in ConnectionManager
- [x] Update SharedSecurityManager.isAllowed() to check route-specific maxConnections
- [x] Add route connection limit validation in route-connection-handler.ts

### 3. Fix Cleanup Queue Race Condition ✓
- [x] Implement proper queue snapshotting before processing
- [x] Ensure new connections added during processing aren't missed
- [x] Add proper synchronization for cleanup operations

### 4. Optimize IP Tracking Memory Usage ✓
- [x] Add periodic cleanup for IPs with no active connections
- [x] Implement expiry for rate limit timestamps
- [x] Add memory-efficient data structures for IP tracking

### 5. Add Comprehensive Tests ✓
- [x] Test per-IP limits with HttpProxy forwarding
- [x] Test route-level connection limits
- [x] Test cleanup queue edge cases
- [x] Test memory usage with many unique IPs

## Notes

- All connection limiting is now consistent across SmartProxy and HttpProxy
- Route-level limits provide additional granular control
- Memory usage is optimized for high-traffic scenarios
- Comprehensive test coverage ensures reliability
better logging 2025-07-03 02:32:17 +00:00			`# SmartProxy Connection Limiting Improvements Plan`
fix(metrics): improve metrics 2025-06-22 22:28:37 +00:00
better logging 2025-07-03 02:32:17 +00:00			Command to re-read CLAUDE.md: `cat /home/philkunz/.claude/CLAUDE.md`
fix(metrics): improve metrics 2025-06-22 22:28:37 +00:00
better logging 2025-07-03 02:32:17 +00:00			`## Issues Identified`
fix(metrics): improve metrics 2025-06-22 22:28:37 +00:00
better logging 2025-07-03 02:32:17 +00:00			`1. HttpProxy Bypass: Connections forwarded to HttpProxy for TLS termination only check global limits, not per-IP limits`
			2. Missing Route-Level Connection Enforcement: Routes can define `security.maxConnections` but it's never enforced
			`3. Cleanup Queue Race Condition: New connections can be added to cleanup queue while processing`
			`4. IP Tracking Memory Optimization: IP entries remain in map even without active connections`
fix(metrics): improve metrics 2025-06-22 22:28:37 +00:00
better logging 2025-07-03 02:32:17 +00:00			`## Implementation Steps`
fix(metrics): improve metrics 2025-06-22 22:28:37 +00:00
better logging 2025-07-03 02:32:17 +00:00			`### 1. Fix HttpProxy Per-IP Validation ✓`
			`- [x] Pass IP information to HttpProxy when forwarding connections`
			`- [x] Add per-IP validation in HttpProxy connection handler`
			`- [x] Ensure connection tracking is consistent between SmartProxy and HttpProxy`
fix(metrics): improve metrics 2025-06-22 22:28:37 +00:00
better logging 2025-07-03 02:32:17 +00:00			`### 2. Implement Route-Level Connection Limits ✓`
			`- [x] Add connection count tracking per route in ConnectionManager`
			`- [x] Update SharedSecurityManager.isAllowed() to check route-specific maxConnections`
			`- [x] Add route connection limit validation in route-connection-handler.ts`
fix(metrics): improve metrics 2025-06-22 22:28:37 +00:00
better logging 2025-07-03 02:32:17 +00:00			`### 3. Fix Cleanup Queue Race Condition ✓`
			`- [x] Implement proper queue snapshotting before processing`
			`- [x] Ensure new connections added during processing aren't missed`
			`- [x] Add proper synchronization for cleanup operations`
fix(metrics): improve metrics 2025-06-22 22:28:37 +00:00
better logging 2025-07-03 02:32:17 +00:00			`### 4. Optimize IP Tracking Memory Usage ✓`
			`- [x] Add periodic cleanup for IPs with no active connections`
			`- [x] Implement expiry for rate limit timestamps`
			`- [x] Add memory-efficient data structures for IP tracking`
fix(metrics): improve metrics 2025-06-22 22:28:37 +00:00
better logging 2025-07-03 02:32:17 +00:00			`### 5. Add Comprehensive Tests ✓`
			`- [x] Test per-IP limits with HttpProxy forwarding`
			`- [x] Test route-level connection limits`
			`- [x] Test cleanup queue edge cases`
			`- [x] Test memory usage with many unique IPs`
fix(metrics): improve metrics 2025-06-22 22:28:37 +00:00
better logging 2025-07-03 02:32:17 +00:00			`## Notes`
fix(metrics): improve metrics 2025-06-22 22:28:37 +00:00
better logging 2025-07-03 02:32:17 +00:00			`- All connection limiting is now consistent across SmartProxy and HttpProxy`
			`- Route-level limits provide additional granular control`
			`- Memory usage is optimized for high-traffic scenarios`
			`- Comprehensive test coverage ensures reliability`