TNT/docs/CHANGELOG.md

# Changelog

## 2026-04-23 - Chat UX Commands and MOTD

### Added
- **`:last [N]`** — show last N messages retrieved directly from the log file (1–50, default 10), bypassing the 100-message in-memory ring buffer limit
- **`:search <keyword>`** — case-insensitive full-text search across the entire message history on disk; returns the most recent 15 matches
- **`:mute-joins`** — per-client toggle to silence join/leave system notifications; title bar shows `[静音]` when active
- **MOTD support** — place `motd.txt` in the state directory; users see it on connect and press any key to enter chat
- **`message_search()`** — new function in `message.c` / `message.h` for log file keyword search with rolling result collection
- Updated in-TUI help screens (English and Chinese) with new commands

## 2026-03-10 - SSH Runtime & Unix Interface Update

### Fixed
- moved SSH handshake/auth/channel setup out of the main accept loop
- replaced synchronous room-wide fan-out with room update sequencing and per-client refresh
- switched idle session handling to `ssh_channel_poll_timeout()` plus blocking reads so quiet sessions are not dropped incorrectly
- made `-d/--state-dir` create the runtime state directory automatically

### Added
- SSH exec commands: `help`, `health`, `users`, `stats --json`, `tail`, `post`
- PTY window-change handling for terminal resize
- `TNT_MAX_CONN_RATE_PER_IP` for per-IP connection-rate control
- `tests/test_exec_mode.sh`
- `tests/test_connection_limits.sh`

### Changed
- `TNT_MAX_CONN_PER_IP` now means concurrent sessions per IP
- stress tests now disable rate-based blocking so they exercise concurrency instead of self-throttling

## 2026-01-22 - Security Audit Fixes

Comprehensive security hardening addressing 23 identified vulnerabilities across 6 categories.

### Critical

- **[AUTH]** Add optional access token authentication (`TNT_ACCESS_TOKEN`)
- **[AUTH]** Implement IP-based rate limiting (10 conn/IP/60s, 5-min block after 5 auth failures)
- **[AUTH]** Add global connection limits (default: 64, configurable via `TNT_MAX_CONNECTIONS`)

### High Priority

- **[BUFFER]** Replace all `strcpy()` with `strncpy()` (3 locations)
- **[BUFFER]** Add buffer overflow checking in `client_printf()`
- **[BUFFER]** Implement UTF-8 validation to prevent malformed input and overlong encodings
- **[SSH]** Upgrade RSA key from 2048 to 4096 bits
- **[SSH]** Fix key file permission race with atomic generation (umask + temp file + rename)
- **[SSH]** Add configurable bind address (`TNT_BIND_ADDR`) and log level (`TNT_SSH_LOG_LEVEL`)
- **[CONCURRENCY]** Fix `room_broadcast()` reference counting race
- **[CONCURRENCY]** Fix `tui_render_screen()` message array TOCTOU via snapshot approach
- **[CONCURRENCY]** Fix `handle_key()` scroll position TOCTOU

### Medium Priority

- **[INPUT]** Add username validation rejecting shell metacharacters and control chars
- **[INPUT]** Sanitize message content to prevent log injection attacks
- **[INPUT]** Enhance `message_load()` with field length and timestamp validation
- **[RESOURCE]** Convert message position array from fixed 1000 to dynamic allocation
- **[RESOURCE]** Enhance `setup_host_key()` validation (size, permissions, auto-regeneration)
- **[RESOURCE]** Improve thread cleanup with proper pthread_attr and error handling

### New Environment Variables

- `TNT_ACCESS_TOKEN` - Optional password for authentication (backward compatible)
- `TNT_BIND_ADDR` - Bind address (default: 0.0.0.0)
- `TNT_SSH_LOG_LEVEL` - SSH logging verbosity 0-4 (default: 1)
- `TNT_RATE_LIMIT` - Enable/disable rate limiting (default: 1)
- `TNT_MAX_CONNECTIONS` - Max concurrent connections (default: 64)
- `TNT_MAX_CONN_PER_IP` - Max connections per IP (default: 5)

### Security Summary

| Category | Fixes | Impact |
|----------|-------|--------|
| Buffer Security | 3 | Prevents overflows, malformed UTF-8 |
| SSH Hardening | 4 | Stronger crypto, no races |
| Input Validation | 3 | Prevents injection, log poisoning |
| Resource Management | 3 | Handles large logs, prevents DoS |
| Authentication | 3 | Optional protection, rate limiting |
| Concurrency Safety | 3 | Eliminates races, crashes |
| **TOTAL** | **19** | **23 vulnerabilities fixed** |

All changes maintain backward compatibility. Server remains open by default.

---

## 2025-12-02 - Stability & Testing Update

### Fixed
- Double colon bug in vim command mode (`:` key consumed properly)
- strtok data corruption in command output rendering
- Use-after-free race condition (added reference counting)
- SSH read blocking issues (added timeouts)
- PTY request infinite loop
- Message history memory waste (optimized loading)

### Added
- Reference counting for thread-safe client cleanup
- SSH read timeout (30s) and error handling
- UTF-8 incomplete sequence detection
- AddressSanitizer build target (`make asan`)
- Basic functional tests (`test_basic.sh`)
- Stress testing script (`test_stress.sh`)
- Static analysis target (`make check`)
- Developer documentation (HACKING)

### Changed
- Improved error handling throughout
- Better memory management in message loading

## 2025
- Ongoing development and improvements
- Bug fixes and optimizations
- Feature enhancements
- Optimize performance (2025-01-10)
- Code cleanup (2025-01-15)
- Code cleanup (2025-01-17)
- Add minor improvements (2025-01-22)
- Code cleanup (2025-01-28)
- Fix edge cases (2025-02-03)
- Update documentation (2025-02-06)
- Fix edge cases (2025-02-07)
- Add minor improvements (2025-02-26)
- Update dependencies (2025-02-27)
- Fix edge cases (2025-03-01)
- Fix bugs and improve stability (2025-03-06)
- Fix bugs and improve stability (2025-03-12)
- Minor fixes (2025-03-17)
- Add minor improvements (2025-03-18)
- Refactor code structure (2025-03-24)
- Update dependencies (2025-03-27)
- Improve error handling (2025-03-28)
- Improve error handling (2025-04-03)
- Update documentation (2025-04-07)
- Update documentation (2025-04-13)
- Code cleanup (2025-04-15)
- Fix bugs and improve stability (2025-04-16)
- Add minor improvements (2025-04-17)
- Minor fixes (2025-04-23)
- Code cleanup (2025-04-24)
- Fix edge cases (2025-04-25)
- Refactor code structure (2025-05-13)
- Fix edge cases (2025-05-14)
- Minor fixes (2025-06-03)
- Code cleanup (2025-06-05)
- Add minor improvements (2025-06-10)
- Fix bugs and improve stability (2025-06-18)
- Update dependencies (2025-06-24)
- Optimize performance (2025-06-30)
- Update documentation (2025-07-07)
- Refactor code structure (2025-07-17)
- Fix bugs and improve stability (2025-07-19)
- Refactor code structure (2025-07-21)
- Code cleanup (2025-07-27)
- Code cleanup (2025-08-04)
- Minor fixes (2025-08-28)
- Improve error handling (2025-09-05)
- Update documentation (2025-09-09)
- Code cleanup (2025-09-15)
- Fix bugs and improve stability (2025-09-19)
- Update documentation (2025-09-25)
- Fix bugs and improve stability (2025-10-06)
- Fix bugs and improve stability (2025-10-13)
- Fix bugs and improve stability (2025-10-16)
- Optimize performance (2025-10-17)
- Add minor improvements (2025-10-22)
- Code cleanup (2025-10-26)
- Add minor improvements (2025-10-28)
- Fix edge cases (2025-10-29)
- Fix bugs and improve stability (2025-10-30)
- Optimize performance (2025-11-04)
- Improve error handling (2025-11-07)
- Update documentation (2025-11-12)
- Fix bugs and improve stability (2025-11-14)
- Update documentation (2025-11-17)
- Add minor improvements (2025-11-18)
- Refactor code structure (2025-11-19)
- Fix bugs and improve stability (2025-11-20)
- Minor fixes (2025-11-24)