diff --git a/.devwork/plan.md b/.devwork/plan.md
new file mode 100644
index 0000000..e6efccb
--- /dev/null
+++ b/.devwork/plan.md
@@ -0,0 +1,5 @@
+# Execution Plan
+
+## Tasks: 2
+
+{"summary":"Add mTLS and custom certificate support to the gRPC-zig project. This involves creating a TLS configuration module, modifying the transport layer for TLS, and updating server/client APIs to accept certificate configurations.","tasks":[{"id":"T001","tool":"Bash","args":{"command":"mkdir -p /tmp/claudev-pr-43226/specs/020-mtls-support"},"depends_on":[],"description":"Create directory for specification document"},{"id":"T002","tool":"Write","args":{"file_path":"/tmp/claudev-pr-43226/specs/020-mtls-support/spec.md","content":"# mTLS and Custom Certificate Support Specification\n\n## Overview\nAdd support for mTLS (mutual TLS) and custom certificates to enable secure gRPC communications with certificate-based authentication.\n\n## Requirements\n\n### Server-side TLS\n- Load server certificate from PEM file\n- Load server private key from PEM file\n- Optional: Client CA certificate for mTLS client verification\n- Support custom certificate paths\n\n### Client-side TLS\n- Load trusted CA certificate for server verification\n- Load client certificate for mTLS\n- Load client private key\n- Support custom certificate paths\n- Option to skip server certificate verification (insecure mode for development)\n\n### API Design\n\n#### Server Configuration\n```zig\npub const TlsConfig = struct {\n cert_file: []const u8,\n key_file: []const u8,\n client_ca_file: ?[]const u8 = null, // for mTLS\n};\n\n// Server init with TLS:\nGrpcServer.init(allocator, port, secret_key, tls_config);\n```\n\n#### Client Configuration\n```zig\npub const ClientTlsConfig = struct {\n ca_file: ?[]const u8 = null,\n cert_file: ?[]const u8 = null,\n key_file: ?[]const u8 = null,\n skip_verify: bool = false,\n};\n\n// Client init with TLS:\nGrpcClient.init(allocator, host, port, tls_config);\n```\n\n## Implementation Plan\n\n1. Create `src/tls.zig` - TLS configuration and utilities\n2. Modify `src/transport.zig` - Add TLS stream wrapper\n3. Modify `src/server.zig` - Add TLS support to server initialization\n4. Modify `src/client.zig` - Add TLS support to client initialization\n5. Update examples with TLS usage\n6. Build and test\n\n## Files to Modify\n- `src/server.zig` - Add TLS config parameter\n- `src/client.zig` - Add TLS config parameter\n- `src/transport.zig` - Add TLS stream support\n\n## Files to Create\n- `src/tls.zig` - TLS configuration module\n"},"depends_on":[],"description":"Create specification document for mTLS support"}]}
diff --git a/.devwork/plan_response.txt b/.devwork/plan_response.txt
new file mode 100644
index 0000000..338a53f
--- /dev/null
+++ b/.devwork/plan_response.txt
@@ -0,0 +1 @@
+{"summary":"Add mTLS and custom certificate support to the gRPC-zig project. This involves creating a TLS configuration module, modifying the transport layer for TLS, and updating server/client APIs to accept certificate configurations.","tasks":[{"id":"T001","tool":"Bash","args":{"command":"mkdir -p /tmp/claudev-pr-43226/specs/020-mtls-support"},"depends_on":[],"description":"Create directory for specification document"},{"id":"T002","tool":"Write","args":{"file_path":"/tmp/claudev-pr-43226/specs/020-mtls-support/spec.md","content":"# mTLS and Custom Certificate Support Specification\n\n## Overview\nAdd support for mTLS (mutual TLS) and custom certificates to enable secure gRPC communications with certificate-based authentication.\n\n## Requirements\n\n### Server-side TLS\n- Load server certificate from PEM file\n- Load server private key from PEM file\n- Optional: Client CA certificate for mTLS client verification\n- Support custom certificate paths\n\n### Client-side TLS\n- Load trusted CA certificate for server verification\n- Load client certificate for mTLS\n- Load client private key\n- Support custom certificate paths\n- Option to skip server certificate verification (insecure mode for development)\n\n### API Design\n\n#### Server Configuration\n```zig\npub const TlsConfig = struct {\n cert_file: []const u8,\n key_file: []const u8,\n client_ca_file: ?[]const u8 = null, // for mTLS\n};\n\n// Server init with TLS:\nGrpcServer.init(allocator, port, secret_key, tls_config);\n```\n\n#### Client Configuration\n```zig\npub const ClientTlsConfig = struct {\n ca_file: ?[]const u8 = null,\n cert_file: ?[]const u8 = null,\n key_file: ?[]const u8 = null,\n skip_verify: bool = false,\n};\n\n// Client init with TLS:\nGrpcClient.init(allocator, host, port, tls_config);\n```\n\n## Implementation Plan\n\n1. Create `src/tls.zig` - TLS configuration and utilities\n2. Modify `src/transport.zig` - Add TLS stream wrapper\n3. Modify `src/server.zig` - Add TLS support to server initialization\n4. Modify `src/client.zig` - Add TLS support to client initialization\n5. Update examples with TLS usage\n6. Build and test\n\n## Files to Modify\n- `src/server.zig` - Add TLS config parameter\n- `src/client.zig` - Add TLS config parameter\n- `src/transport.zig` - Add TLS stream support\n\n## Files to Create\n- `src/tls.zig` - TLS configuration module\n"},"depends_on":[],"description":"Create specification document for mTLS support"}]}
\ No newline at end of file
diff --git a/.devwork/prompt.txt b/.devwork/prompt.txt
new file mode 100644
index 0000000..177aeeb
--- /dev/null
+++ b/.devwork/prompt.txt
@@ -0,0 +1,85 @@
+# PR #20: [WIP] Add support for mTLS and custom certificates
+
+## Description
+Thanks for assigning this issue to me. I'm starting to work on it and will keep this PR's description up to date as I form a plan and make progress.
+
+
+
+
+
+
+
+Original prompt
+
+>
+> ----
+>
+> *This section details on the original issue you should resolve*
+>
+> Is it support mTLS and custom certs?
+>
+>
+> is it? add support of custom certs too
+>
+> ## Comments on the Issue (you are @copilot in this section)
+>
+>
+>
+>
+
+
+
+
+
+
+
+
+- Fixes ziglana/gRPC-zig#15
+
+
+---
+
+💬 We'd love your input! Share your thoughts on Copilot coding agent in our [2 minute survey](https://gh.io/copilot-coding-agent-survey).
+
+
+## Task
+Thanks for assigning this issue to me. I'm starting to work on it and will keep this PR's description up to date as I form a plan and make progress.
+
+
+
+
+
+
+
+Original prompt
+
+>
+> ----
+>
+> *This section details on the original issue you should resolve*
+>
+> Is it support mTLS and custom certs?
+>
+>
+> is it? add support of custom certs too
+>
+> ## Comments on the Issue (you are @copilot in this section)
+>
+>
+>
+>
+
+
+
+
+
+
+
+
+- Fixes ziglana/gRPC-zig#15
+
+
+---
+
+💬 We'd love your input! Share your thoughts on Copilot coding agent in our [2 minute survey](https://gh.io/copilot-coding-agent-survey).
+
diff --git a/.devwork/result.json b/.devwork/result.json
new file mode 100644
index 0000000..ebe6ae9
--- /dev/null
+++ b/.devwork/result.json
@@ -0,0 +1,10 @@
+{
+ "success": true,
+ "tasks_total": 2,
+ "tasks_completed": 2,
+ "tasks_failed": 0,
+ "planning_ms": 36273,
+ "execution_ms": 12,
+ "total_ms": 36397,
+ "error": ""
+}
diff --git a/.devwork/tree-after.txt b/.devwork/tree-after.txt
new file mode 100644
index 0000000..3bdc16d
--- /dev/null
+++ b/.devwork/tree-after.txt
@@ -0,0 +1,50 @@
+# Directory snapshot after SpecKit execution
+
+/tmp/claudev-pr-43226
+├── build.zig
+├── build.zig.zon
+├── docs
+│  └── benchmarking.md
+├── examples
+│  ├── auth.zig
+│  ├── basic_client.zig
+│  ├── basic_server.zig
+│  ├── compression.zig
+│  ├── health.zig
+│  ├── http2_transport.zig
+│  └── streaming.zig
+├── integration_test
+│  ├── proto.zig
+│  ├── README.md
+│  ├── requirements.txt
+│  ├── run_tests.sh
+│  ├── test_client.py
+│  ├── test_server.zig
+│  └── test_service.proto
+├── LICENSE
+├── README.md
+├── scripts
+│  └── run_benchmark.sh
+├── specs
+│  └── 020-mtls-support
+│  └── spec.md
+└── src
+ ├── benchmark.zig
+ ├── client.zig
+ ├── features
+ │  ├── auth.zig
+ │  ├── compression.zig
+ │  ├── health.zig
+ │  └── streaming.zig
+ ├── http2
+ │  ├── connection.zig
+ │  ├── frame.zig
+ │  ├── hpack.zig
+ │  └── stream.zig
+ ├── proto
+ │  └── service.zig
+ ├── server.zig
+ ├── tests.zig
+ └── transport.zig
+
+11 directories, 35 files
\ No newline at end of file
diff --git a/.devwork/tree.txt b/.devwork/tree.txt
new file mode 100644
index 0000000..2ef80d0
--- /dev/null
+++ b/.devwork/tree.txt
@@ -0,0 +1,48 @@
+# Directory snapshot before SpecKit execution
+# 1771271222847932405
+
+/tmp/claudev-pr-43226
+├── build.zig
+├── build.zig.zon
+├── docs
+│  └── benchmarking.md
+├── examples
+│  ├── auth.zig
+│  ├── basic_client.zig
+│  ├── basic_server.zig
+│  ├── compression.zig
+│  ├── health.zig
+│  ├── http2_transport.zig
+│  └── streaming.zig
+├── integration_test
+│  ├── proto.zig
+│  ├── README.md
+│  ├── requirements.txt
+│  ├── run_tests.sh
+│  ├── test_client.py
+│  ├── test_server.zig
+│  └── test_service.proto
+├── LICENSE
+├── README.md
+├── scripts
+│  └── run_benchmark.sh
+└── src
+ ├── benchmark.zig
+ ├── client.zig
+ ├── features
+ │  ├── auth.zig
+ │  ├── compression.zig
+ │  ├── health.zig
+ │  └── streaming.zig
+ ├── http2
+ │  ├── connection.zig
+ │  ├── frame.zig
+ │  ├── hpack.zig
+ │  └── stream.zig
+ ├── proto
+ │  └── service.zig
+ ├── server.zig
+ ├── tests.zig
+ └── transport.zig
+
+9 directories, 34 files
\ No newline at end of file
diff --git a/specs/020-mtls-support/spec.md b/specs/020-mtls-support/spec.md
new file mode 100644
index 0000000..41689b7
--- /dev/null
+++ b/specs/020-mtls-support/spec.md
@@ -0,0 +1,63 @@
+# mTLS and Custom Certificate Support Specification
+
+## Overview
+Add support for mTLS (mutual TLS) and custom certificates to enable secure gRPC communications with certificate-based authentication.
+
+## Requirements
+
+### Server-side TLS
+- Load server certificate from PEM file
+- Load server private key from PEM file
+- Optional: Client CA certificate for mTLS client verification
+- Support custom certificate paths
+
+### Client-side TLS
+- Load trusted CA certificate for server verification
+- Load client certificate for mTLS
+- Load client private key
+- Support custom certificate paths
+- Option to skip server certificate verification (insecure mode for development)
+
+### API Design
+
+#### Server Configuration
+```zig
+pub const TlsConfig = struct {
+ cert_file: []const u8,
+ key_file: []const u8,
+ client_ca_file: ?[]const u8 = null, // for mTLS
+};
+
+// Server init with TLS:
+GrpcServer.init(allocator, port, secret_key, tls_config);
+```
+
+#### Client Configuration
+```zig
+pub const ClientTlsConfig = struct {
+ ca_file: ?[]const u8 = null,
+ cert_file: ?[]const u8 = null,
+ key_file: ?[]const u8 = null,
+ skip_verify: bool = false,
+};
+
+// Client init with TLS:
+GrpcClient.init(allocator, host, port, tls_config);
+```
+
+## Implementation Plan
+
+1. Create `src/tls.zig` - TLS configuration and utilities
+2. Modify `src/transport.zig` - Add TLS stream wrapper
+3. Modify `src/server.zig` - Add TLS support to server initialization
+4. Modify `src/client.zig` - Add TLS support to client initialization
+5. Update examples with TLS usage
+6. Build and test
+
+## Files to Modify
+- `src/server.zig` - Add TLS config parameter
+- `src/client.zig` - Add TLS config parameter
+- `src/transport.zig` - Add TLS stream support
+
+## Files to Create
+- `src/tls.zig` - TLS configuration module