





























@@ -73,10 +73,24 @@ Gateway → Client:
7373"type": "res",
7474"id": "…",
7575"ok": true,
76-"payload": { "type": "hello-ok", "protocol": 3, "policy": { "tickIntervalMs": 15000 } }
76+"payload": {
77+"type": "hello-ok",
78+"protocol": 3,
79+"server": { "version": "…", "connId": "…" },
80+"features": { "methods": ["…"], "events": ["…"] },
81+"snapshot": { "…": "…" },
82+"policy": {
83+"maxPayload": 26214400,
84+"maxBufferedBytes": 52428800,
85+"tickIntervalMs": 15000
86+ }
87+ }
7788}
7889```
799091+`server`, `features`, `snapshot`, and `policy` are all required by the schema
92+(`src/gateway/protocol/schema/frames.ts`). `auth` and `canvasHostUrl` are optional.
93+8094When a device token is issued, `hello-ok` also includes:
81958296```json
@@ -492,13 +506,36 @@ implemented in `src/gateway/server-methods/*.ts`.
492506493507## Versioning
494508495-- `PROTOCOL_VERSION` lives in `src/gateway/protocol/schema.ts`.
509+- `PROTOCOL_VERSION` lives in `src/gateway/protocol/schema/protocol-schemas.ts`.
496510- Clients send `minProtocol` + `maxProtocol`; the server rejects mismatches.
497511- Schemas + models are generated from TypeBox definitions:
498512- `pnpm protocol:gen`
499513- `pnpm protocol:gen:swift`
500514- `pnpm protocol:check`
501515516+### Client constants
517+518+The reference client in `src/gateway/client.ts` uses these defaults. Values are
519+stable across protocol v3 and are the expected baseline for third-party clients.
520+521+| Constant | Default | Source |
522+| ----------------------------------------- | ----------------------------------------------------- | ---------------------------------------------------------- |
523+| `PROTOCOL_VERSION` | `3` | `src/gateway/protocol/schema/protocol-schemas.ts` |
524+| Request timeout (per RPC) | `30_000` ms | `src/gateway/client.ts` (`requestTimeoutMs`) |
525+| Preauth / connect-challenge timeout | `10_000` ms | `src/gateway/handshake-timeouts.ts` (clamp `250`–`10_000`) |
526+| Initial reconnect backoff | `1_000` ms | `src/gateway/client.ts` (`backoffMs`) |
527+| Max reconnect backoff | `30_000` ms | `src/gateway/client.ts` (`scheduleReconnect`) |
528+| Fast-retry clamp after device-token close | `250` ms | `src/gateway/client.ts` |
529+| Force-stop grace before `terminate()` | `250` ms | `FORCE_STOP_TERMINATE_GRACE_MS` |
530+| `stopAndWait()` default timeout | `1_000` ms | `STOP_AND_WAIT_TIMEOUT_MS` |
531+| Default tick interval (pre `hello-ok`) | `30_000` ms | `src/gateway/client.ts` |
532+| Tick-timeout close | code `4000` when silence exceeds `tickIntervalMs * 2` | `src/gateway/client.ts` |
533+| `MAX_PAYLOAD_BYTES` | `25 * 1024 * 1024` (25 MB) | `src/gateway/server-constants.ts` |
534+535+The server advertises the effective `policy.tickIntervalMs`, `policy.maxPayload`,
536+and `policy.maxBufferedBytes` in `hello-ok`; clients should honor those values
537+rather than the pre-handshake defaults.
538+502539## Auth
503540504541- Shared-secret gateway auth uses `connect.params.auth.token` or
@@ -518,8 +555,18 @@ implemented in `src/gateway/server-methods/*.ts`.
518555 approved scope set for that token. This preserves read/probe/status access
519556 that was already granted and avoids silently collapsing reconnects to a
520557 narrower implicit admin-only scope.
521-- Normal connect auth precedence is explicit shared token/password first, then
522- explicit `deviceToken`, then stored per-device token, then bootstrap token.
558+- Client-side connect auth assembly (`selectConnectAuth` in
559+`src/gateway/client.ts`):
560+- `auth.password` is orthogonal and is always forwarded when set.
561+- `auth.token` is populated in priority order: explicit shared token first,
562+ then an explicit `deviceToken`, then a stored per-device token (keyed by
563+`deviceId` + `role`).
564+- `auth.bootstrapToken` is sent only when none of the above resolved an
565+`auth.token`. A shared token or any resolved device token suppresses it.
566+- Auto-promotion of a stored device token on the one-shot
567+`AUTH_TOKEN_MISMATCH` retry is gated to **trusted endpoints only** —
568+ loopback, or `wss://` with a pinned `tlsFingerprint`. Public `wss://`
569+ without pinning does not qualify.
523570- Additional `hello-ok.auth.deviceTokens` entries are bootstrap handoff tokens.
524571 Persist them only when the connect used bootstrap auth on a trusted transport
525572 such as `wss://` or loopback/local pairing.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。