TS3-vibed/Documentation/Mile_Stones/Milestone_6.md

Milestone 6: Deployment & Automation (The Release)

Goal: Finalize security and automate the installation for self-hosters.

1. Network Encryption

• TCP TLS: Wrap the server's TcpListener and client's TcpStream using rustls. Generate or require self-signed certificates for the server.
• AI Context Trap (Crypto Nonce): chacha20poly1305 is completely compromised if a Nonce is reused. To avoid tracking state or sending large random bytes over UDP, strictly cast the SequenceNumber (u64) padded with zeros into a 12-byte array to act as a guaranteed-unique Nonce.
• UDP Encryption: Add chacha20poly1305. After Opus encoding, encrypt the payload byte array using a symmetric key negotiated during the TLS TCP handshake, before sending over UDP.

2. Dockerization

• Dockerfile: Write a multi-stage Dockerfile. Stage 1: cargo build --release using a minimal rust alpine image. Stage 2: Copy the binary to a scratch/debian container.
• Docker Compose: Write docker-compose.yml mapping ports 8080/tcp (Control), 8080/udp (Voice), and 3000/tcp (Admin Dashboard), and volume-mapping the SQLite database file.

3. CI/CD & Auto-Installer

• GitHub Actions: Create .github/workflows/release.yml. Trigger on tags. Cross-compile binaries for x86_64-linux, x86_64-windows, and aarch64-macos.
• Security Auditing: Add cargo audit to the pipeline to automatically fail the build if a known CVE is discovered.
• Install Script: Write scripts/install.sh. The script downloads the correct binary via GitHub API, creates a non-root voiceapp user, and writes a /etc/systemd/system/voiceapp.service file.

4. The Final Stress Test

• Load Tester Bot: Build a standalone Rust binary (tests/load_tester.rs).
• Concurrency: Use Tokio to spawn 100+ async tasks. Each task connects via TCP, gets a SessionToken, and then blasts pre-recorded .wav data over UDP to the server at exactly 20ms intervals.
• Verification: Use the Admin Dashboard to verify the server handles the packet throughput without CPU spiking or crashing.