v4.8.17

changelog.md

@@ -1,5 +1,24 @@
 # Changelog
 
+## 2026-03-17 - 4.8.17 - fix(protocol)
+increase per-stream flow control windows and remove adaptive read caps
+
+- Raise the initial per-stream window from 4MB to 16MB and expand the adaptive window budget to 800MB with a 4MB floor
+- Stop limiting edge and hub reads by the adaptive per-stream target window, keeping reads capped only by the current window and 32KB chunk size
+- Update protocol tests to match the new adaptive window scaling and budget boundaries
+
+## 2026-03-17 - 4.8.16 - fix(release)
+bump package version to 4.8.15
+
+- Updates the package.json version field from 4.8.13 to 4.8.15.
+
+## 2026-03-17 - 4.8.13 - fix(remoteingress-protocol)
+require a flush after each written frame to bound TLS buffer growth
+
+- Remove the unflushed byte threshold and stop queueing additional writes while a flush is pending
+- Simplify write and flush error logging after dropping unflushed byte tracking
+- Update tunnel I/O comments to reflect the stricter flush behavior that avoids OOM and connection resets
+
 ## 2026-03-17 - 4.8.12 - fix(tunnel)
 prevent tunnel backpressure buffering from exhausting memory and cancel stream handlers before TLS shutdown
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@serve.zone/remoteingress",
-  "version": "4.8.12",
+  "version": "4.8.17",
   "private": false,
   "description": "Edge ingress tunnel for DcRouter - accepts incoming TCP connections at network edge and tunnels them to DcRouter SmartProxy preserving client IP via PROXY protocol v1.",
   "main": "dist_ts/index.js",

rust/crates/remoteingress-core/src/edge.rs

@@ -519,6 +519,7 @@ async fn connect_to_hub_and_run(
     // Single-owner I/O engine — no tokio::io::split, no mutex
     let mut tunnel_io = remoteingress_protocol::TunnelIo::new(tls_stream, Vec::new());
 
+
     let liveness_timeout_dur = Duration::from_secs(45);
     let mut last_activity = Instant::now();
     let mut liveness_deadline = Box::pin(sleep_until(last_activity + liveness_timeout_dur));
@@ -861,11 +862,7 @@ async fn handle_client_connection(
             log::warn!("Stream {} upload: window still 0 after stall timeout, closing", stream_id);
             break;
         }
-        // Adaptive: cap read to current per-stream target window
+        let max_read = w.min(32768);
-        let adaptive_cap = remoteingress_protocol::compute_window_for_stream_count(
-            active_streams.load(Ordering::Relaxed),
-        ) as usize;
-        let max_read = w.min(32768).min(adaptive_cap);
 
         tokio::select! {
             read_result = client_read.read(&mut buf[FRAME_HEADER_SIZE..FRAME_HEADER_SIZE + max_read]) => {

rust/crates/remoteingress-core/src/hub.rs

@@ -487,11 +487,7 @@ async fn handle_hub_frame(
                             log::warn!("Stream {} download: window still 0 after stall timeout, closing", stream_id);
                             break;
                         }
-                        // Adaptive: cap read to current per-stream target window
+                        let max_read = w.min(32768);
-                        let adaptive_cap = remoteingress_protocol::compute_window_for_stream_count(
-                            stream_counter.load(Ordering::Relaxed),
-                        ) as usize;
-                        let max_read = w.min(32768).min(adaptive_cap);
 
                         tokio::select! {
                             read_result = up_read.read(&mut buf[FRAME_HEADER_SIZE..FRAME_HEADER_SIZE + max_read]) => {
@@ -755,6 +751,7 @@ async fn handle_edge_connection(
     // Single-owner I/O engine — no tokio::io::split, no mutex
     let mut tunnel_io = remoteingress_protocol::TunnelIo::new(tls_stream, Vec::new());
 
+
     // Assigned in every break path of the hub_loop before use at the end.
     #[allow(unused_assignments)]
     let mut disconnect_reason = String::new();

rust/crates/remoteingress-protocol/src/lib.rs

@@ -23,9 +23,8 @@ pub const FRAME_HEADER_SIZE: usize = 9;
 pub const MAX_PAYLOAD_SIZE: u32 = 16 * 1024 * 1024;
 
 // Per-stream flow control constants
-/// Initial per-stream window size (4 MB). Sized for full throughput at high RTT:
+/// Initial (and maximum) per-stream window size (16 MB).
-/// at 100ms RTT, this sustains ~40 MB/s per stream.
+pub const INITIAL_STREAM_WINDOW: u32 = 16 * 1024 * 1024;
-pub const INITIAL_STREAM_WINDOW: u32 = 4 * 1024 * 1024;
 /// Send WINDOW_UPDATE after consuming this many bytes (half the initial window).
 pub const WINDOW_UPDATE_THRESHOLD: u32 = INITIAL_STREAM_WINDOW / 2;
 /// Maximum window size to prevent overflow.
@@ -37,12 +36,11 @@ pub fn encode_window_update(stream_id: u32, frame_type: u8, increment: u32) -> V
 }
 
 /// Compute the target per-stream window size based on the number of active streams.
-/// Total memory budget is ~32MB shared across all streams. As more streams are active,
+/// Total memory budget is ~800MB shared across all streams. Up to 50 streams get the
-/// each gets a smaller window. This adapts to current demand — few streams get high
+/// full 16MB window; above that the window scales down to a 4MB floor at 200+ streams.
-/// throughput, many streams save memory and reduce control frame pressure.
 pub fn compute_window_for_stream_count(active: u32) -> u32 {
-    let per_stream = (32 * 1024 * 1024u64) / (active.max(1) as u64);
+    let per_stream = (800 * 1024 * 1024u64) / (active.max(1) as u64);
-    per_stream.clamp(64 * 1024, INITIAL_STREAM_WINDOW as u64) as u32
+    per_stream.clamp(4 * 1024 * 1024, INITIAL_STREAM_WINDOW as u64) as u32
 }
 
 /// Decode a WINDOW_UPDATE payload into a byte increment. Returns None if payload is malformed.
@@ -312,9 +310,8 @@ impl<S: AsyncRead + AsyncWrite + Unpin> TunnelIo<S> {
         cancel_token: &tokio_util::sync::CancellationToken,
     ) -> Poll<TunnelEvent> {
         // 1. WRITE: drain ctrl queue first, then data queue.
-        //    Only write when flush is complete — otherwise the TLS session buffer
+        //    Write one frame, set flush_needed, then flush must complete before
-        //    grows without bound (poll_write always returns Ready, buffering plaintext
+        //    writing more. This prevents unbounded TLS session buffer growth.
-        //    in the TLS session even when TCP can't keep up).
         //    Safe: `self.write` and `self.stream` are disjoint fields.
         let mut writes = 0;
         while self.write.has_work() && writes < 16 && !self.write.flush_needed {
@@ -328,6 +325,8 @@ impl<S: AsyncRead + AsyncWrite + Unpin> TunnelIo<S> {
 
             match Pin::new(&mut self.stream).poll_write(cx, remaining) {
                 Poll::Ready(Ok(0)) => {
+                    log::error!("TunnelIo: poll_write returned 0 (write zero), ctrl_q={} data_q={}",
+                        self.write.ctrl_queue.len(), self.write.data_queue.len());
                     return Poll::Ready(TunnelEvent::WriteError(
                         std::io::Error::new(std::io::ErrorKind::WriteZero, "write zero"),
                     ));
@@ -342,7 +341,11 @@ impl<S: AsyncRead + AsyncWrite + Unpin> TunnelIo<S> {
                         writes += 1;
                     }
                 }
-                Poll::Ready(Err(e)) => return Poll::Ready(TunnelEvent::WriteError(e)),
+                Poll::Ready(Err(e)) => {
+                    log::error!("TunnelIo: poll_write error: {} (ctrl_q={} data_q={})",
+                        e, self.write.ctrl_queue.len(), self.write.data_queue.len());
+                    return Poll::Ready(TunnelEvent::WriteError(e));
+                }
                 Poll::Pending => break,
             }
         }
@@ -350,8 +353,13 @@ impl<S: AsyncRead + AsyncWrite + Unpin> TunnelIo<S> {
         // 2. FLUSH: push encrypted data from TLS session to TCP.
         if self.write.flush_needed {
             match Pin::new(&mut self.stream).poll_flush(cx) {
-                Poll::Ready(Ok(())) => self.write.flush_needed = false,
+                Poll::Ready(Ok(())) => {
-                Poll::Ready(Err(e)) => return Poll::Ready(TunnelEvent::WriteError(e)),
+                    self.write.flush_needed = false;
+                }
+                Poll::Ready(Err(e)) => {
+                    log::error!("TunnelIo: poll_flush error: {}", e);
+                    return Poll::Ready(TunnelEvent::WriteError(e));
+                }
                 Poll::Pending => {} // TCP waker will notify us
             }
         }
@@ -387,12 +395,19 @@ impl<S: AsyncRead + AsyncWrite + Unpin> TunnelIo<S> {
                     // Partial data — loop to call poll_read again so the TCP
                     // waker is re-registered when it finally returns Pending.
                 }
-                Poll::Ready(Err(e)) => return Poll::Ready(TunnelEvent::ReadError(e)),
+                Poll::Ready(Err(e)) => {
+                    log::error!("TunnelIo: poll_read error: {}", e);
+                    return Poll::Ready(TunnelEvent::ReadError(e));
+                }
                 Poll::Pending => break,
             }
         }
 
-        // 4. CHANNELS: drain ctrl into ctrl_queue, data into data_queue.
+        // 4. CHANNELS: drain ctrl (always — priority), data (only if queue is small).
+        //    Ctrl frames must never be delayed — always drain fully.
+        //    Data frames are gated: keep data in the bounded channel for proper
+        //    backpressure when TLS writes are slow. Without this gate, the internal
+        //    data_queue (unbounded VecDeque) grows to hundreds of MB under throttle → OOM.
         let mut got_new = false;
         loop {
             match ctrl_rx.poll_recv(cx) {
@@ -405,15 +420,17 @@ impl<S: AsyncRead + AsyncWrite + Unpin> TunnelIo<S> {
                 Poll::Pending => break,
             }
         }
-        loop {
+        if self.write.data_queue.len() < 64 {
-            match data_rx.poll_recv(cx) {
+            loop {
-                Poll::Ready(Some(frame)) => { self.write.data_queue.push_back(frame); got_new = true; }
+                match data_rx.poll_recv(cx) {
-                Poll::Ready(None) => {
+                    Poll::Ready(Some(frame)) => { self.write.data_queue.push_back(frame); got_new = true; }
-                    return Poll::Ready(TunnelEvent::WriteError(
+                    Poll::Ready(None) => {
-                        std::io::Error::new(std::io::ErrorKind::BrokenPipe, "data channel closed"),
+                        return Poll::Ready(TunnelEvent::WriteError(
-                    ));
+                            std::io::Error::new(std::io::ErrorKind::BrokenPipe, "data channel closed"),
+                        ));
+                    }
+                    Poll::Pending => break,
                 }
-                Poll::Pending => break,
             }
         }
 
@@ -426,10 +443,10 @@ impl<S: AsyncRead + AsyncWrite + Unpin> TunnelIo<S> {
         }
 
         // 6. SELF-WAKE: only when flush is complete AND we have work.
-        //    If flush is pending, the TCP write-readiness waker will notify us.
+        //    When flush is Pending, the TCP write-readiness waker will notify us.
-        //    CRITICAL: do NOT self-wake when flush_needed — this causes unbounded
+        //    CRITICAL: do NOT self-wake when flush_needed — poll_write always returns
-        //    TLS session buffer growth (poll_write always accepts plaintext, but TCP
+        //    Ready (TLS buffers in-memory), so self-waking causes a tight spin loop
-        //    can't drain it fast enough → OOM → process killed → ECONNRESET).
+        //    that fills the TLS session buffer unboundedly -> OOM -> ECONNRESET.
         if !self.write.flush_needed && (got_new || self.write.has_work()) {
             cx.waker().wake_by_ref();
         }
@@ -664,90 +681,57 @@ mod tests {
 
     #[test]
     fn test_adaptive_window_zero_streams() {
-        // 0 streams treated as 1: 32MB/1 = 32MB → clamped to 4MB max
+        // 0 streams treated as 1: 800MB/1 → clamped to 16MB max
         assert_eq!(compute_window_for_stream_count(0), INITIAL_STREAM_WINDOW);
     }
 
     #[test]
     fn test_adaptive_window_one_stream() {
-        // 32MB/1 = 32MB → clamped to 4MB max
         assert_eq!(compute_window_for_stream_count(1), INITIAL_STREAM_WINDOW);
     }
 
     #[test]
-    fn test_adaptive_window_at_max_boundary() {
+    fn test_adaptive_window_50_streams_full() {
-        // 32MB/8 = 4MB = exactly INITIAL_STREAM_WINDOW
+        // 800MB/50 = 16MB = exactly INITIAL_STREAM_WINDOW
-        assert_eq!(compute_window_for_stream_count(8), INITIAL_STREAM_WINDOW);
+        assert_eq!(compute_window_for_stream_count(50), INITIAL_STREAM_WINDOW);
     }
 
     #[test]
-    fn test_adaptive_window_just_below_max() {
+    fn test_adaptive_window_51_streams_starts_scaling() {
-        // 32MB/9 = 3,728,270 — first value below INITIAL_STREAM_WINDOW
+        // 800MB/51 < 16MB — first value below max
-        let w = compute_window_for_stream_count(9);
+        let w = compute_window_for_stream_count(51);
         assert!(w < INITIAL_STREAM_WINDOW);
-        assert_eq!(w, (32 * 1024 * 1024u64 / 9) as u32);
+        assert_eq!(w, (800 * 1024 * 1024u64 / 51) as u32);
-    }
-
-    #[test]
-    fn test_adaptive_window_16_streams() {
-        // 32MB/16 = 2MB
-        assert_eq!(compute_window_for_stream_count(16), 2 * 1024 * 1024);
     }
 
     #[test]
     fn test_adaptive_window_100_streams() {
-        // 32MB/100 = 335,544 bytes (~327KB)
+        // 800MB/100 = 8MB
-        let w = compute_window_for_stream_count(100);
+        assert_eq!(compute_window_for_stream_count(100), 8 * 1024 * 1024);
-        assert_eq!(w, (32 * 1024 * 1024u64 / 100) as u32);
-        assert!(w > 64 * 1024); // above floor
-        assert!(w < INITIAL_STREAM_WINDOW as u32); // below ceiling
     }
 
     #[test]
-    fn test_adaptive_window_200_streams() {
+    fn test_adaptive_window_200_streams_at_floor() {
-        // 32MB/200 = 167,772 bytes (~163KB), above 64KB floor
+        // 800MB/200 = 4MB = exactly the floor
-        let w = compute_window_for_stream_count(200);
+        assert_eq!(compute_window_for_stream_count(200), 4 * 1024 * 1024);
-        assert_eq!(w, (32 * 1024 * 1024u64 / 200) as u32);
-        assert!(w > 64 * 1024);
     }
 
     #[test]
-    fn test_adaptive_window_500_streams() {
+    fn test_adaptive_window_500_streams_clamped() {
-        // 32MB/500 = 67,108 bytes (~65.5KB), just above 64KB floor
+        // 800MB/500 = 1.6MB → clamped up to 4MB floor
-        let w = compute_window_for_stream_count(500);
+        assert_eq!(compute_window_for_stream_count(500), 4 * 1024 * 1024);
-        assert_eq!(w, (32 * 1024 * 1024u64 / 500) as u32);
-        assert!(w > 64 * 1024);
-    }
-
-    #[test]
-    fn test_adaptive_window_at_min_boundary() {
-        // 32MB/512 = 65,536 = exactly 64KB floor
-        assert_eq!(compute_window_for_stream_count(512), 64 * 1024);
-    }
-
-    #[test]
-    fn test_adaptive_window_below_min_clamped() {
-        // 32MB/513 = 65,408 → clamped up to 64KB
-        assert_eq!(compute_window_for_stream_count(513), 64 * 1024);
-    }
-
-    #[test]
-    fn test_adaptive_window_1000_streams() {
-        // 32MB/1000 = 33,554 → clamped to 64KB
-        assert_eq!(compute_window_for_stream_count(1000), 64 * 1024);
     }
 
     #[test]
     fn test_adaptive_window_max_u32() {
-        // Extreme: u32::MAX streams → tiny value → clamped to 64KB
+        // Extreme: u32::MAX streams → tiny value → clamped to 4MB
-        assert_eq!(compute_window_for_stream_count(u32::MAX), 64 * 1024);
+        assert_eq!(compute_window_for_stream_count(u32::MAX), 4 * 1024 * 1024);
     }
 
     #[test]
     fn test_adaptive_window_monotonically_decreasing() {
-        // Window should decrease (or stay same) as stream count increases
         let mut prev = compute_window_for_stream_count(1);
-        for n in [2, 5, 10, 50, 100, 200, 500, 512, 1000] {
+        for n in [2, 10, 50, 51, 100, 200, 500, 1000] {
             let w = compute_window_for_stream_count(n);
             assert!(w <= prev, "window increased from {} to {} at n={}", prev, w, n);
             prev = w;
@@ -756,11 +740,11 @@ mod tests {
 
     #[test]
     fn test_adaptive_window_total_budget_bounded() {
-        // active × per_stream_window should never exceed 32MB (+ clamp overhead for high N)
+        // active × per_stream_window should never exceed 800MB (+ clamp overhead for high N)
-        for n in [1, 10, 50, 100, 200, 500] {
+        for n in [1, 10, 50, 100, 200] {
             let w = compute_window_for_stream_count(n);
             let total = w as u64 * n as u64;
-            assert!(total <= 32 * 1024 * 1024, "total {}MB exceeds budget at n={}", total / (1024*1024), n);
+            assert!(total <= 800 * 1024 * 1024, "total {}MB exceeds budget at n={}", total / (1024*1024), n);
         }
     }
 

test/test.loadtest.node.ts

@@ -142,7 +142,7 @@ class ThrottleTransform extends stream.Transform {
       this.bucket = 0;
       const delayMs = Math.min((deficit / this.bytesPerSec) * 1000, 1000);
       setTimeout(() => {
-        if (this.destroyed_) return;
+        if (this.destroyed_) { callback(); return; }
         this.lastRefill = Date.now();
         this.bucket = 0;
         callback(null, chunk);
@@ -179,7 +179,16 @@ async function startThrottleProxy(
     clientSock.pipe(throttleUp).pipe(upstream);
     upstream.pipe(throttleDown).pipe(clientSock);
 
-    const cleanup = () => {
+    let cleaned = false;
+    const cleanup = (source: string, err?: Error) => {
+      if (cleaned) return;
+      cleaned = true;
+      if (err) {
+        console.error(`[ThrottleProxy] cleanup triggered by ${source}: ${err.message}`);
+      } else {
+        console.error(`[ThrottleProxy] cleanup triggered by ${source} (no error)`);
+      }
+      console.error(`[ThrottleProxy] stack:`, new Error().stack);
       throttleUp.destroy();
       throttleDown.destroy();
       clientSock.destroy();
@@ -187,12 +196,12 @@ async function startThrottleProxy(
       connections.delete(clientSock);
       connections.delete(upstream);
     };
-    clientSock.on('error', cleanup);
+    clientSock.on('error', (e) => cleanup('clientSock.error', e));
-    upstream.on('error', cleanup);
+    upstream.on('error', (e) => cleanup('upstream.error', e));
-    throttleUp.on('error', cleanup);
+    throttleUp.on('error', (e) => cleanup('throttleUp.error', e));
-    throttleDown.on('error', cleanup);
+    throttleDown.on('error', (e) => cleanup('throttleDown.error', e));
-    clientSock.on('close', cleanup);
+    clientSock.on('close', () => cleanup('clientSock.close'));
-    upstream.on('close', cleanup);
+    upstream.on('close', () => cleanup('upstream.close'));
   });
 
   await new Promise<void>((resolve) => server.listen(listenPort, '127.0.0.1', resolve));
@@ -222,13 +231,13 @@ let edgePort: number;
 // Tests
 // ---------------------------------------------------------------------------
 
-tap.test('setup: start throttled tunnel (20 Mbit/s)', async () => {
+tap.test('setup: start throttled tunnel (100 Mbit/s)', async () => {
   [hubPort, proxyPort, edgePort] = await findFreePorts(3);
 
   echoServer = await startEchoServer(edgePort, '127.0.0.2');
 
-  // Throttle proxy: edge → proxy → hub at 20 Mbit/s (2.5 MB/s)
+  // Throttle proxy: edge → proxy → hub at 100 Mbit/s (12.5 MB/s)
-  throttle = await startThrottleProxy(proxyPort, '127.0.0.1', hubPort, 2.5 * 1024 * 1024);
+  throttle = await startThrottleProxy(proxyPort, '127.0.0.1', hubPort, 12.5 * 1024 * 1024);
 
   hub = new RemoteIngressHub();
   edge = new RemoteIngressEdge();
@@ -246,7 +255,7 @@ tap.test('setup: start throttled tunnel (20 Mbit/s)', async () => {
     });
   });
 
-  // Edge connects to proxy, not hub directly
+  // Edge connects through throttle proxy
   await edge.start({
     hubHost: '127.0.0.1',
     hubPort: proxyPort,
@@ -262,12 +271,12 @@ tap.test('setup: start throttled tunnel (20 Mbit/s)', async () => {
   expect(status.connected).toBeTrue();
 });
 
-tap.test('throttled: 10 streams x 50MB each through 10MB/s tunnel', async () => {
+tap.test('throttled: 5 streams x 20MB each through 100Mbit tunnel', async () => {
-  const streamCount = 10;
+  const streamCount = 5;
-  const payloadSize = 50 * 1024 * 1024; // 50MB per stream = 500MB total round-trip
+  const payloadSize = 20 * 1024 * 1024; // 20MB per stream = 100MB total round-trip
 
-  const promises = Array.from({ length: streamCount }, () => {
+  const payloads = Array.from({ length: streamCount }, () => crypto.randomBytes(payloadSize));
-    const data = crypto.randomBytes(payloadSize);
+  const promises = payloads.map((data) => {
     const hash = sha256(data);
     return sendAndReceive(edgePort, data, 300000).then((received) => ({
       sent: hash,
@@ -284,23 +293,23 @@ tap.test('throttled: 10 streams x 50MB each through 10MB/s tunnel', async () =>
   expect(status.connected).toBeTrue();
 });
 
-tap.test('throttled: slow consumer with 50MB does not kill other streams', async () => {
+tap.test('throttled: slow consumer with 20MB does not kill other streams', async () => {
-  // Open a connection that creates massive download-direction backpressure:
+  // Open a connection that creates download-direction backpressure:
-  // send 50MB but DON'T read the response — client TCP receive buffer fills
+  // send 20MB but DON'T read the response — client TCP receive buffer fills
   const slowSock = net.createConnection({ host: '127.0.0.1', port: edgePort });
   await new Promise<void>((resolve) => slowSock.on('connect', resolve));
-  const slowData = crypto.randomBytes(50 * 1024 * 1024);
+  const slowData = crypto.randomBytes(20 * 1024 * 1024);
   slowSock.write(slowData);
   slowSock.end();
   // Don't read — backpressure builds on the download path
 
   // Wait for backpressure to develop
-  await new Promise((r) => setTimeout(r, 3000));
+  await new Promise((r) => setTimeout(r, 2000));
 
-  // Meanwhile, 10 normal echo streams with 50MB each must complete
+  // Meanwhile, 5 normal echo streams with 20MB each must complete
-  const payload = crypto.randomBytes(50 * 1024 * 1024);
+  const payload = crypto.randomBytes(20 * 1024 * 1024);
   const hash = sha256(payload);
-  const promises = Array.from({ length: 10 }, () =>
+  const promises = Array.from({ length: 5 }, () =>
     sendAndReceive(edgePort, payload, 300000).then((r) => ({
       hash: sha256(r),
       sizeOk: r.length === payload.length,
@@ -317,11 +326,11 @@ tap.test('throttled: slow consumer with 50MB does not kill other streams', async
   slowSock.destroy();
 });
 
-tap.test('throttled: rapid churn — 5 x 50MB long + 200 x 1MB short streams', async () => {
+tap.test('throttled: rapid churn — 3 x 20MB long + 50 x 1MB short streams', async () => {
-  // 5 long streams (50MB each) running alongside 200 short streams (1MB each)
+  // 3 long streams (20MB each) running alongside 50 short streams (1MB each)
-  const longPayload = crypto.randomBytes(50 * 1024 * 1024);
+  const longPayload = crypto.randomBytes(20 * 1024 * 1024);
   const longHash = sha256(longPayload);
-  const longPromises = Array.from({ length: 5 }, () =>
+  const longPromises = Array.from({ length: 3 }, () =>
     sendAndReceive(edgePort, longPayload, 300000).then((r) => ({
       hash: sha256(r),
       sizeOk: r.length === longPayload.length,
@@ -330,7 +339,7 @@ tap.test('throttled: rapid churn — 5 x 50MB long + 200 x 1MB short streams', a
 
   const shortPayload = crypto.randomBytes(1024 * 1024);
   const shortHash = sha256(shortPayload);
-  const shortPromises = Array.from({ length: 200 }, () =>
+  const shortPromises = Array.from({ length: 50 }, () =>
     sendAndReceive(edgePort, shortPayload, 300000).then((r) => ({
       hash: sha256(r),
       sizeOk: r.length === shortPayload.length,
@@ -351,10 +360,10 @@ tap.test('throttled: rapid churn — 5 x 50MB long + 200 x 1MB short streams', a
   expect(status.connected).toBeTrue();
 });
 
-tap.test('throttled: 5 burst waves of 20 streams x 50MB each', async () => {
+tap.test('throttled: 3 burst waves of 5 streams x 20MB each', async () => {
-  for (let wave = 0; wave < 5; wave++) {
+  for (let wave = 0; wave < 3; wave++) {
-    const streamCount = 20;
+    const streamCount = 5;
-    const payloadSize = 50 * 1024 * 1024; // 50MB per stream = 1GB per wave
+    const payloadSize = 20 * 1024 * 1024; // 20MB per stream = 100MB per wave
 
     const promises = Array.from({ length: streamCount }, () => {
       const data = crypto.randomBytes(payloadSize);

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/remoteingress',
-  version: '4.8.12',
+  version: '4.8.17',
   description: 'Edge ingress tunnel for DcRouter - accepts incoming TCP connections at network edge and tunnels them to DcRouter SmartProxy preserving client IP via PROXY protocol v1.'
 }