[WIP] Add support for mTLS and custom certificates

.devwork/plan.md

@@ -0,0 +1,5 @@
+# Execution Plan
+
+## Tasks: 2
+
+{"summary":"Add mTLS and custom certificate support to the gRPC-zig project. This involves creating a TLS configuration module, modifying the transport layer for TLS, and updating server/client APIs to accept certificate configurations.","tasks":[{"id":"T001","tool":"Bash","args":{"command":"mkdir -p /tmp/claudev-pr-43226/specs/020-mtls-support"},"depends_on":[],"description":"Create directory for specification document"},{"id":"T002","tool":"Write","args":{"file_path":"/tmp/claudev-pr-43226/specs/020-mtls-support/spec.md","content":"# mTLS and Custom Certificate Support Specification\n\n## Overview\nAdd support for mTLS (mutual TLS) and custom certificates to enable secure gRPC communications with certificate-based authentication.\n\n## Requirements\n\n### Server-side TLS\n- Load server certificate from PEM file\n- Load server private key from PEM file\n- Optional: Client CA certificate for mTLS client verification\n- Support custom certificate paths\n\n### Client-side TLS\n- Load trusted CA certificate for server verification\n- Load client certificate for mTLS\n- Load client private key\n- Support custom certificate paths\n- Option to skip server certificate verification (insecure mode for development)\n\n### API Design\n\n#### Server Configuration\n```zig\npub const TlsConfig = struct {\n    cert_file: []const u8,\n    key_file: []const u8,\n    client_ca_file: ?[]const u8 = null, // for mTLS\n};\n\n// Server init with TLS:\nGrpcServer.init(allocator, port, secret_key, tls_config);\n```\n\n#### Client Configuration\n```zig\npub const ClientTlsConfig = struct {\n    ca_file: ?[]const u8 = null,\n    cert_file: ?[]const u8 = null,\n    key_file: ?[]const u8 = null,\n    skip_verify: bool = false,\n};\n\n// Client init with TLS:\nGrpcClient.init(allocator, host, port, tls_config);\n```\n\n## Implementation Plan\n\n1. Create `src/tls.zig` - TLS configuration and utilities\n2. Modify `src/transport.zig` - Add TLS stream wrapper\n3. Modify `src/server.zig` - Add TLS support to server initialization\n4. Modify `src/client.zig` - Add TLS support to client initialization\n5. Update examples with TLS usage\n6. Build and test\n\n## Files to Modify\n- `src/server.zig` - Add TLS config parameter\n- `src/client.zig` - Add TLS config parameter\n- `src/transport.zig` - Add TLS stream support\n\n## Files to Create\n- `src/tls.zig` - TLS configuration module\n"},"depends_on":[],"description":"Create specification document for mTLS support"}]}

.devwork/plan_response.txt

@@ -0,0 +1 @@
+{"summary":"Add mTLS and custom certificate support to the gRPC-zig project. This involves creating a TLS configuration module, modifying the transport layer for TLS, and updating server/client APIs to accept certificate configurations.","tasks":[{"id":"T001","tool":"Bash","args":{"command":"mkdir -p /tmp/claudev-pr-43226/specs/020-mtls-support"},"depends_on":[],"description":"Create directory for specification document"},{"id":"T002","tool":"Write","args":{"file_path":"/tmp/claudev-pr-43226/specs/020-mtls-support/spec.md","content":"# mTLS and Custom Certificate Support Specification\n\n## Overview\nAdd support for mTLS (mutual TLS) and custom certificates to enable secure gRPC communications with certificate-based authentication.\n\n## Requirements\n\n### Server-side TLS\n- Load server certificate from PEM file\n- Load server private key from PEM file\n- Optional: Client CA certificate for mTLS client verification\n- Support custom certificate paths\n\n### Client-side TLS\n- Load trusted CA certificate for server verification\n- Load client certificate for mTLS\n- Load client private key\n- Support custom certificate paths\n- Option to skip server certificate verification (insecure mode for development)\n\n### API Design\n\n#### Server Configuration\n```zig\npub const TlsConfig = struct {\n    cert_file: []const u8,\n    key_file: []const u8,\n    client_ca_file: ?[]const u8 = null, // for mTLS\n};\n\n// Server init with TLS:\nGrpcServer.init(allocator, port, secret_key, tls_config);\n```\n\n#### Client Configuration\n```zig\npub const ClientTlsConfig = struct {\n    ca_file: ?[]const u8 = null,\n    cert_file: ?[]const u8 = null,\n    key_file: ?[]const u8 = null,\n    skip_verify: bool = false,\n};\n\n// Client init with TLS:\nGrpcClient.init(allocator, host, port, tls_config);\n```\n\n## Implementation Plan\n\n1. Create `src/tls.zig` - TLS configuration and utilities\n2. Modify `src/transport.zig` - Add TLS stream wrapper\n3. Modify `src/server.zig` - Add TLS support to server initialization\n4. Modify `src/client.zig` - Add TLS support to client initialization\n5. Update examples with TLS usage\n6. Build and test\n\n## Files to Modify\n- `src/server.zig` - Add TLS config parameter\n- `src/client.zig` - Add TLS config parameter\n- `src/transport.zig` - Add TLS stream support\n\n## Files to Create\n- `src/tls.zig` - TLS configuration module\n"},"depends_on":[],"description":"Create specification document for mTLS support"}]}

.devwork/prompt.txt

@@ -0,0 +1,85 @@
+# PR #20: [WIP] Add support for mTLS and custom certificates
+
+## Description
+Thanks for assigning this issue to me. I'm starting to work on it and will keep this PR's description up to date as I form a plan and make progress.
+
+<!-- START COPILOT ORIGINAL PROMPT -->
+
+
+
+<details>
+
+<summary>Original prompt</summary>
+
+> 
+> ----
+> 
+> *This section details on the original issue you should resolve*
+> 
+> <issue_title>Is it support mTLS and custom certs?</issue_title>
+> <issue_description></issue_description>
+> 
+> <agent_instructions>is it? add support of custom certs too</agent_instructions>
+> 
+> ## Comments on the Issue (you are @copilot in this section)
+> 
+> <comments>
+> </comments>
+> 
+
+
+</details>
+
+
+
+<!-- START COPILOT CODING AGENT SUFFIX -->
+
+- Fixes ziglana/gRPC-zig#15
+
+<!-- START COPILOT CODING AGENT TIPS -->
+---
+
+💬 We'd love your input! Share your thoughts on Copilot coding agent in our [2 minute survey](https://gh.io/copilot-coding-agent-survey).
+
+
+## Task
+Thanks for assigning this issue to me. I'm starting to work on it and will keep this PR's description up to date as I form a plan and make progress.
+
+<!-- START COPILOT ORIGINAL PROMPT -->
+
+
+
+<details>
+
+<summary>Original prompt</summary>
+
+> 
+> ----
+> 
+> *This section details on the original issue you should resolve*
+> 
+> <issue_title>Is it support mTLS and custom certs?</issue_title>
+> <issue_description></issue_description>
+> 
+> <agent_instructions>is it? add support of custom certs too</agent_instructions>
+> 
+> ## Comments on the Issue (you are @copilot in this section)
+> 
+> <comments>
+> </comments>
+> 
+
+
+</details>
+
+
+
+<!-- START COPILOT CODING AGENT SUFFIX -->
+
+- Fixes ziglana/gRPC-zig#15
+
+<!-- START COPILOT CODING AGENT TIPS -->
+---
+
+💬 We'd love your input! Share your thoughts on Copilot coding agent in our [2 minute survey](https://gh.io/copilot-coding-agent-survey).
+

.devwork/result.json

@@ -0,0 +1,10 @@
+{
+  "success": true,
+  "tasks_total": 2,
+  "tasks_completed": 2,
+  "tasks_failed": 0,
+  "planning_ms": 36273,
+  "execution_ms": 12,
+  "total_ms": 36397,
+  "error": ""
+}

.devwork/tree-after.txt

@@ -0,0 +1,50 @@
+# Directory snapshot after SpecKit execution
+
+/tmp/claudev-pr-43226
+├── build.zig
+├── build.zig.zon
+├── docs
+│   └── benchmarking.md
+├── examples
+│   ├── auth.zig
+│   ├── basic_client.zig
+│   ├── basic_server.zig
+│   ├── compression.zig
+│   ├── health.zig
+│   ├── http2_transport.zig
+│   └── streaming.zig
+├── integration_test
+│   ├── proto.zig
+│   ├── README.md
+│   ├── requirements.txt
+│   ├── run_tests.sh
+│   ├── test_client.py
+│   ├── test_server.zig
+│   └── test_service.proto
+├── LICENSE
+├── README.md
+├── scripts
+│   └── run_benchmark.sh
+├── specs
+│   └── 020-mtls-support
+│       └── spec.md
+└── src
+    ├── benchmark.zig
+    ├── client.zig
+    ├── features
+    │   ├── auth.zig
+    │   ├── compression.zig
+    │   ├── health.zig
+    │   └── streaming.zig
+    ├── http2
+    │   ├── connection.zig
+    │   ├── frame.zig
+    │   ├── hpack.zig
+    │   └── stream.zig
+    ├── proto
+    │   └── service.zig
+    ├── server.zig
+    ├── tests.zig
+    └── transport.zig
+
+11 directories, 35 files

.devwork/tree.txt

@@ -0,0 +1,48 @@
+# Directory snapshot before SpecKit execution
+# 1771271222847932405
+
+/tmp/claudev-pr-43226
+├── build.zig
+├── build.zig.zon
+├── docs
+│   └── benchmarking.md
+├── examples
+│   ├── auth.zig
+│   ├── basic_client.zig
+│   ├── basic_server.zig
+│   ├── compression.zig
+│   ├── health.zig
+│   ├── http2_transport.zig
+│   └── streaming.zig
+├── integration_test
+│   ├── proto.zig
+│   ├── README.md
+│   ├── requirements.txt
+│   ├── run_tests.sh
+│   ├── test_client.py
+│   ├── test_server.zig
+│   └── test_service.proto
+├── LICENSE
+├── README.md
+├── scripts
+│   └── run_benchmark.sh
+└── src
+    ├── benchmark.zig
+    ├── client.zig
+    ├── features
+    │   ├── auth.zig
+    │   ├── compression.zig
+    │   ├── health.zig
+    │   └── streaming.zig
+    ├── http2
+    │   ├── connection.zig
+    │   ├── frame.zig
+    │   ├── hpack.zig
+    │   └── stream.zig
+    ├── proto
+    │   └── service.zig
+    ├── server.zig
+    ├── tests.zig
+    └── transport.zig
+
+9 directories, 34 files

specs/020-mtls-support/spec.md

@@ -0,0 +1,63 @@
+# mTLS and Custom Certificate Support Specification
+
+## Overview
+Add support for mTLS (mutual TLS) and custom certificates to enable secure gRPC communications with certificate-based authentication.
+
+## Requirements
+
+### Server-side TLS
+- Load server certificate from PEM file
+- Load server private key from PEM file
+- Optional: Client CA certificate for mTLS client verification
+- Support custom certificate paths
+
+### Client-side TLS
+- Load trusted CA certificate for server verification
+- Load client certificate for mTLS
+- Load client private key
+- Support custom certificate paths
+- Option to skip server certificate verification (insecure mode for development)
+
+### API Design
+
+#### Server Configuration
+```zig
+pub const TlsConfig = struct {
+    cert_file: []const u8,
+    key_file: []const u8,
+    client_ca_file: ?[]const u8 = null, // for mTLS
+};
+
+// Server init with TLS:
+GrpcServer.init(allocator, port, secret_key, tls_config);
+```
+
+#### Client Configuration
+```zig
+pub const ClientTlsConfig = struct {
+    ca_file: ?[]const u8 = null,
+    cert_file: ?[]const u8 = null,
+    key_file: ?[]const u8 = null,
+    skip_verify: bool = false,
+};
+
+// Client init with TLS:
+GrpcClient.init(allocator, host, port, tls_config);
+```
+
+## Implementation Plan
+
+1. Create `src/tls.zig` - TLS configuration and utilities
+2. Modify `src/transport.zig` - Add TLS stream wrapper
+3. Modify `src/server.zig` - Add TLS support to server initialization
+4. Modify `src/client.zig` - Add TLS support to client initialization
+5. Update examples with TLS usage
+6. Build and test
+
+## Files to Modify
+- `src/server.zig` - Add TLS config parameter
+- `src/client.zig` - Add TLS config parameter
+- `src/transport.zig` - Add TLS stream support
+
+## Files to Create
+- `src/tls.zig` - TLS configuration module