feat: M1 lumen-core (FEC/crypto/packet/session + C ABI) and workspace scaffold

Ground-up low-latency streaming stack per docs/implementation-plan.md. M1 is
complete and tested; Linux host backends are cfg-gated stubs to be filled in on
real hardware (M0/M2).

lumen-core (built + tested on macOS/aarch64 — 21 tests):
- fec: ErasureCoder over GF(2^8) (reed-solomon-erasure, Moonlight-compatible)
  and GF(2^16) Leopard-RS (reed-solomon-simd, the >1 Gbps wall-breaker); proptested
- packet: zero-copy #[repr(C)] framing, multi-block, FEC-aware reassembly
- crypto: AES-128-GCM with per-direction nonce salts + sequence-as-AAD
- session: host submit / client poll hot paths + input; loopback & UDP transports
- abi: opaque handles, versioned LumenConfig, panic guards; cbindgen-generated header
- acceptance: Rust loopback+proptest and a C harness that links the staticlib

Scaffold (compiles green on all platforms): lumen-host (vdisplay/capture/encode/
inject/web/pipeline seams under cfg(linux)), lumen-client-rs, tools/{loss-harness,
latency-probe}, Apple/Android client stubs, Gitea CI, docs.

Hardened against a multi-agent adversarial review (13 verified findings fixed,
regression-tested): reassembler memory-DoS bounds + block-consistency validation,
GCM nonce-reuse direction separation, ABI struct_size guard + range checks, FEC
shard-length guards, shard_payload datagram bound, key zeroization + Debug redaction.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-09 00:02:52 +02:00
parent 4a1e3cd2fd
commit a913042367
47 changed files with 6015 additions and 0 deletions
+61
View File
@@ -0,0 +1,61 @@
//! `lumen-host` — the Linux streaming host (plan §2, §6, §7).
//!
//! Creates a client-sized virtual display, captures it via PipeWire, encodes with
//! VAAPI/NVENC, and hands encoded access units to `lumen_core` for FEC + packetization +
//! pacing + send. Input flows back via libei/uinput. The platform backends are
//! `#[cfg(target_os = "linux")]`; the crate compiles everywhere so the workspace builds
//! on non-Linux dev machines — it just can't run the pipeline there.
//!
//! Status: scaffold. M0 wires capture→encode→file; M2 wires the full P1 host that a
//! stock Moonlight client connects to.
// Scaffold: trait methods and config paths are defined ahead of their backends.
#![allow(dead_code)]
mod capture;
mod encode;
mod inject;
mod pipeline;
mod vdisplay;
mod web;
use vdisplay::{Compositor, Mode};
fn main() {
tracing_subscriber::fmt()
.with_env_filter(
tracing_subscriber::EnvFilter::try_from_default_env().unwrap_or_else(|_| "info".into()),
)
.init();
tracing::info!(
"lumen-host scaffold (lumen_core ABI v{})",
lumen_core::ABI_VERSION
);
// The intended startup sequence (each step is a separate, pluggable subsystem):
// 1. negotiate mode + codec + FEC scheme over the control plane (web::WebConfig)
// 2. vdisplay::open(compositor).create(mode) -> client-sized virtual output
// 3. capture::open_pipewire(node) ; encode::open(codec, bitrate)
// 4. build a lumen_core::Session (host role) over a UDP transport to the client
// 5. loop pipeline::pump_once(..) until disconnect, then destroy the output
let target_mode = Mode {
width: 2560,
height: 1440,
refresh_hz: 240,
};
let compositor = Compositor::Kwin; // MVP target
if cfg!(target_os = "linux") {
tracing::info!(
?compositor,
?target_mode,
"would create a virtual output and start streaming (backends pending M0/M2)"
);
} else {
tracing::warn!(
"this is a Linux host; on {} only the shared lumen_core builds and is testable",
std::env::consts::OS
);
}
}