docs: align limit semantics and exec support

docs/ANONYMOUS_ACCESS_SUMMARY.md

@@ -164,9 +164,12 @@ TNT_ACCESS_TOKEN="secret" tnt
 # 限制连接数
 TNT_MAX_CONNECTIONS=100 tnt
 
-# 限制每IP连接数
+# Limit concurrent sessions per IP
 TNT_MAX_CONN_PER_IP=10 tnt
 
+# Limit new connections per IP per 60 seconds
+TNT_MAX_CONN_RATE_PER_IP=30 tnt
+
 # 只允许本地访问
 TNT_BIND_ADDR=127.0.0.1 tnt
 ```

docs/CHANGELOG.md

@@ -1,5 +1,24 @@
 # Changelog
 
+## 2026-03-10 - SSH Runtime & Unix Interface Update
+
+### Fixed
+- moved SSH handshake/auth/channel setup out of the main accept loop
+- replaced synchronous room-wide fan-out with room update sequencing and per-client refresh
+- switched idle session handling to `ssh_channel_poll_timeout()` plus blocking reads so quiet sessions are not dropped incorrectly
+- made `-d/--state-dir` create the runtime state directory automatically
+
+### Added
+- SSH exec commands: `help`, `health`, `users`, `stats --json`, `tail`, `post`
+- PTY window-change handling for terminal resize
+- `TNT_MAX_CONN_RATE_PER_IP` for per-IP connection-rate control
+- `tests/test_exec_mode.sh`
+- `tests/test_connection_limits.sh`
+
+### Changed
+- `TNT_MAX_CONN_PER_IP` now means concurrent sessions per IP
+- stress tests now disable rate-based blocking so they exercise concurrency instead of self-throttling
+
 ## 2026-01-22 - Security Audit Fixes
 
 Comprehensive security hardening addressing 23 identified vulnerabilities across 6 categories.

docs/EASY_SETUP.md

@@ -181,9 +181,12 @@ PORT=3333 tnt
 # Limit max connections
 TNT_MAX_CONNECTIONS=100 tnt
 
-# Limit connections per IP
+# Limit concurrent sessions per IP
 TNT_MAX_CONN_PER_IP=10 tnt
 
+# Limit new connections per IP per 60 seconds
+TNT_MAX_CONN_RATE_PER_IP=30 tnt
+
 # Bind to localhost only
 TNT_BIND_ADDR=127.0.0.1 tnt
 

docs/IMPLEMENTATION_SUMMARY.txt

@@ -59,10 +59,10 @@ Branch 4: fix/resource-management (Medium Priority)
 Branch 5: fix/auth-protection (Critical Priority)
 --------------------------------------------------
 ✅ Add optional access token (TNT_ACCESS_TOKEN)
-✅ IP-based rate limiting (10 conn/IP/60s)
+✅ IP-based connection-rate limiting (10 new conn/IP/60s)
 ✅ Auth failure tracking (5 failures → 5 min block)
-✅ Connection counting (total and per-IP)
+✅ Connection counting (total, per-IP active sessions, per-IP recent attempts)
-✅ Configurable limits (TNT_MAX_CONNECTIONS, TNT_MAX_CONN_PER_IP)
+✅ Configurable limits (TNT_MAX_CONNECTIONS, TNT_MAX_CONN_PER_IP, TNT_MAX_CONN_RATE_PER_IP)
 ✅ Rate limit toggle (TNT_RATE_LIMIT)
 
 Branch 6: fix/concurrency-safety (High Priority)
@@ -84,7 +84,8 @@ TNT_BIND_ADDR         - Configurable bind address (default: 0.0.0.0)
 TNT_SSH_LOG_LEVEL     - SSH logging verbosity 0-4 (default: 1)
 TNT_RATE_LIMIT        - Enable/disable rate limiting (default: 1)
 TNT_MAX_CONNECTIONS   - Global connection limit (default: 64)
-TNT_MAX_CONN_PER_IP   - Per-IP connection limit (default: 5)
+TNT_MAX_CONN_PER_IP   - Concurrent sessions allowed per IP (default: 5)
+TNT_MAX_CONN_RATE_PER_IP - New connections allowed per IP per 60s (default: 10)
 
 Security Enhancements:
 ---------------------

docs/TEST_RESULTS.md

@@ -75,8 +75,8 @@
 | **Crypto** | RSA Key Size | 4096-bit (upgraded from 2048) | ✅ |
 | **Crypto** | Key Permissions | Atomic generation with 0600 perms | ✅ |
 | **Auth** | Access Token | Optional password protection | ✅ |
-| **Auth** | Rate Limiting | IP-based connection throttling | ✅ |
+| **Auth** | Rate Limiting | Per-IP connection-rate throttling | ✅ |
-| **Auth** | Connection Limits | Global and per-IP limits | ✅ |
+| **Auth** | Connection Limits | Global and per-IP concurrent session limits | ✅ |
 | **Input** | Username Validation | Shell metacharacter rejection | ✅ |
 | **Input** | Log Sanitization | Pipe/newline replacement | ✅ |
 | **Input** | UTF-8 Validation | Overlong encoding prevention | ✅ |
@@ -114,9 +114,10 @@ TNT_BIND_ADDR=127.0.0.1 ./tnt
 
 ### Strict Limits
 ```bash
-TNT_MAX_CONNECTIONS=10 TNT_MAX_CONN_PER_IP=2 ./tnt
+TNT_MAX_CONNECTIONS=10 TNT_MAX_CONN_PER_IP=2 TNT_MAX_CONN_RATE_PER_IP=10 ./tnt
 # Max 10 total connections
-# Max 2 connections per IP address
+# Max 2 concurrent sessions per IP address
+# Max 10 new connections per IP per 60 seconds
 ```
 
 ### Disabled Rate Limiting (Testing)
@@ -155,7 +156,7 @@ gcc -fsanitize=thread -g -O1 -c src/chat_room.c
 
 ## Known Limitations
 
-1. **Interactive Only:** Server requires PTY sessions (no command execution via SSH)
+1. **Exec Surface Is Minimal:** The SSH exec interface is intentionally small and currently focused on operational commands
 2. **libssh Deprecations:** Uses deprecated PTY width/height functions (4 warnings)
 3. **UTF-8 Unit Test:** Skipped in automated tests (requires manual compilation)
 
@@ -165,7 +166,7 @@ gcc -fsanitize=thread -g -O1 -c src/chat_room.c
 
 ✅ **All 23 security vulnerabilities fixed and verified**
 
-✅ **100% test pass rate** (10/10 tests)
+✅ **100% security-suite pass rate** (12/12 tests)
 
 ✅ **Backward compatible** - server remains open by default