Home/HiveLink/Features

HiveLink — Feature Reference

Every capability. Implementation status. Technical specs.

33 implemented

4 partial

3 planned

P2P Transport(3)

QUIC v1 (Quinn)

Implemented

All data travels node-to-node over encrypted QUIC

quinn 0.11

TLS 1.3 via rustls 0.23

4-byte BE length-prefixed JSON frames

Verified: cross-device QUIC handshake + ping between two PCs on same LAN

128 Concurrent Sessions

Implemented

Hard-coded session limit per node

ALPN Negotiation

Implemented

Protocol negotiation for versioned connections

Discovery(2)

mDNS Auto-Discovery

Implemented

LAN nodes find each other via _hivelink._udp.local.

mdns-sd 0.11

TXT records: node_id, transport, fingerprint

Also discovers Home Assistant + SSDP devices

Verified: cross-device discovery on 192.168.1.x LAN

Identity-Only WAN Registry

Implemented

HTTP server for WAN node lookup — data still P2P

Axum + SQLite backend

OAuth Device Flow (RFC 8628)

Heartbeat with bind_addr for direct QUIC connection

NAT Traversal(3)

UPnP Port Mapping

Implemented

Automatic port forwarding via igd-next

igd-next 0.14

5s timeout, fallback to add_any_port()

STUN

Implemented

Reflexive address discovery (RFC 5389)

Hand-rolled XOR-MAPPED-ADDRESS parsing

Default: stun.l.google.com:19302

IPv4 + IPv6 support

ICE / TURN / Hole-Punching

Planned

Advanced NAT traversal for symmetric NAT

Not implemented. UPnP + STUN only.

Security(4)

TOFU (Trust On First Use)

Implemented

SHA-256 fingerprint verification, timing-safe compare

ring::digest::SHA256

subtle::ConstantTimeEq

Mismatch → connection rejected

Pairing Tokens

Implemented

Expiring tokens with lockout after 5 failures in 300s

DLP File Scanning

Implemented

Detect PEM keys, AWS credentials, GitHub tokens before transfer

3 scanner types

DlpMode: Off / Warn / Block

64KB scan limit

Path Traversal Sandbox

Implemented

Canonicalized path components prevent ../ escapes

Remote Desktop(3)

6 Capture Sources

Partial

GDI grab, DXGI Desktop Duplication, scrap crate — desktop + window modes

Windows host only. macOS/Linux host not supported.

ffmpeg_desktop, ffmpeg_window

ffmpeg_ddagrab_desktop, ffmpeg_ddagrab_window

scrap_dxgi_desktop, scrap_dxgi_window

WebRTC H.264 Streaming

Partial

Profile 42e01f, NACK/PLI feedback, 90kHz clock

Windows host only. Build fix applied: Self:: prefix for build_h264_peer_connection().

webrtc 0.17.1

Signaling over QUIC opcodes

Bounded NAL queue (cap=2)

15s TTFF timeout guard

Mouse/Keyboard Input

Implemented

Full remote input via opcodes

MouseClickRequest, KeyboardInputRequest, GamepadButton/Axis opcodes

Terminal(2)

PTY over QUIC

Implemented

Remote shell sessions with xterm-256color

portable-pty 0.8 (feature-gated)

4 concurrent sessions per node

256 KiB output buffer (oldest-drop)

Unix ($SHELL) + Windows ($COMSPEC)

Terminal I/O

Implemented

Base64-encoded input/output over QUIC bidirectional streams

open, write_input, drain_output, resize, close, list_sessions

AI Execution(4)

Ollama Integration

Implemented

Local LLM inference via /api/generate + /api/embeddings

LlmBackend trait (pluggable)

stream: false, format: json

GPU Detection

Implemented

nvidia-smi query for GPU-aware job routing

name, utilization, memory.used, memory.total

GpuSnapshot { available, devices }

Work Scheduler

Implemented

Bounded mpsc channel with configurable worker count

DAG Swarm Orchestration

Implemented

Fan-out dispatch with dependency tracking

Aggregation: first / majority / all

Node registry for GPU-aware routing

Cross-Node Mesh Routing(6)

PeerPool (QUIC Client)

Implemented

Outbound connection pool to peer HiveLink nodes with lazy connect and auto-reconnect

TOFU TLS on all peer connections

One reconnect attempt on failure

Bidirectional QUIC streams, MsgPack encoding

ExecutionTarget Selection

Implemented

Score local + remote nodes by GPU utilization, queue depth, latency — route to best

Local latency: 1ms, remote: 10ms baseline

GPU availability + utilization weighted

Falls back to local if no remote is better

Remote Job Relay

Implemented

Forward AI job to GPU-capable peer, poll 500ms, relay progress/result/error back to client

spawn_remote_ai_job_relay() proxy pattern

300s configurable mesh_job_timeout_secs

Cancellation forwarding (AiJobCancelRequest)

Mesh Discovery Loop

Implemented

mDNS auto-discovery registers new peers into PeerPool every 30s

mesh_discovery_interval_secs: 30 (default)

Auto peer registration from mDNS results

Telemetry Exchange

Implemented

Live node metrics exchange between peers every 10s

mesh_telemetry_interval_secs: 10 (default)

GPU percent, queue depth per node

Fail-Safe Fallback

Implemented

Mesh forwarding failure automatically falls back to local execution

MESH_TIMEOUT, MESH_FORWARD_FAILED error codes

Stub fallback when LLM feature disabled

File Access(2)

Sandboxed File Server

Implemented

Read/list files with path traversal prevention

DLP Scan on Transfer

Implemented

Secret scanning before file leaves node

PEM keys, AWS AKIA/ASIA, GitHub tokens

Block mode prevents transfer

HiveGuard DNS(4)

3 Policy Modes

Implemented

Home / Dorm / Lockdown — configurable DNS filtering

Blocklist Loading

Implemented

Per-domain DNS resolution with blocklists

Anomaly Detection

Implemented

Query windows, NXDOMAIN rates, unique domain tracking with baseline profiles

Rate Limiting

Implemented

Per-IP rate limiting for DNS queries

Apps(3)

Tauri v2 Desktop

Implemented

Desktop app wrapping full Rust core with system tray

tauri 2, tauri-plugin-shell 2

SQLite, reqwest, uuid

Flutter Mobile (Android)

Implemented

Mobile app with flutter_rust_bridge (43 API functions)

flutter_webrtc, mobile_scanner

Build logs exist (flutter_01/02.log)

Flutter iOS/macOS

Planned

iOS and macOS directory scaffolding

Directory structure exists, no build evidence

Partial / Upcoming(4)

Remote Desktop (macOS/Linux)

Planned

Desktop capture on non-Windows hosts

All 6 capture sources are Windows-only (GDI, DXGI, scrap). macOS/Linux host capture not implemented. Client (viewer) is cross-platform.

3-5 day effort for platform capture APIs

Windows host fully functional

Audio Capture

Partial

Session state management (mute, volume, packet counters)

State machine only — no audio pipeline. Missing: cpal/OS audio API, Opus codec encoding, WebRTC audio track injection.

AudioSession struct with mute/volume/packet tracking

No platform audio capture (cpal not included)

No codec encoding (opus not included)

NeuralFS Keyword Search

Implemented

SQLite FTS5 full-text search — works standalone

No external dependencies

FTS5 match + rank

NeuralFS Semantic Search

Partial

Cosine similarity vector search via embeddings

Requires running Ollama + embedding model (e.g. nomic-embed-text). No bundled embeddings.

EmbeddingProvider trait → OllamaEmbeddingProvider

Cosine similarity computation is real

Depends on external Ollama process

Back to HiveLink View on GitHub