v1.4.0

What's New

Local MultipeerConnectivity Fixes

• Host message relay — Host now forwards received MC messages to all other primary peers, fixing the hub-and-spoke topology gap where members couldn't see each other's messages
• Peer roster broadcast — Host notifies all members about each other via .peerInfo messages, enabling E2E key exchange between non-adjacent peers
• Hub-and-spoke routing — Targeted sends to unreachable peers are routed through the host
• Consistent peer identity — All internal logic uses localPeerID computed property instead of raw MCPeerID.displayName

Security Hardening

• Secure RemotePoolState storage provider (pluggable encrypted backend)
• Mesh relay HMAC validation and topology broadcast authentication
• WebSocket frame size limits
• Stale remote transport cleanup on disconnect

Bug Fixes

• Clear duplicate Combine subscriptions in MultiplayerGameService on window reopen
• Add self to connectedPeers for non-host peers on connection

v1.3.0

What's New

Remote Relay Transport

Connect to a self-hosted StealthRelay server from anywhere — not just local Wi-Fi/Bluetooth.

• WebSocket transport with Ed25519 host authentication
• Invitation-based joining with signed URLs and proof-of-work
• TLS certificate pinning and session token enforcement
• Automatic reconnection with peer auto-acceptance

Security Hardening (5 Audit Laps, 50+ Fixes)

• HMAC integrity uses shared secret with length-prefixed inputs
• Constant-time HMAC verification via CryptoKit
• Peer IDs use stable UUIDs, not attacker-controlled display names
• Transport-authenticated identity for games, polls, reactions
• Global brute-force rate limiting
• Notification privacy — no message content in OS notifications

68 Unit Tests

Full test coverage for RelayEnvelope, MeshTopology, PoolMessage, dedup cache, and RemotePoolState.

UI Improvements

• Max members picker, delete saved servers, proper disconnect cleanup
• Share sheet auto-dismisses for join approval

v1.2.0

• Add Chess multiplayer game type (2-player, crown icon)
• Add Chess to game selection sheet in ConnectionPoolView

v1.1.0

Concurrency Fixes

• ConnectionPoolConfiguration — Logger access is now protected by NSLock (was an unguarded nonisolated(unsafe) mutable global)
• MeshTopology — Removed TOCTOU-prone computed property wrappers that acquired the lock twice on read-modify-write
• Peer — Replaced static var cache with static let closure for thread-safe one-time initialization
• ConnectionPoolManager — Delayed Tasks are now tracked and cancelled on disconnect, preventing stale operations on rapid reconnect cycles
• UncheckedSendableBox — Added safety documentation

v1.0.0

ConnectionPool v1.0.0

Initial public release — secure local P2P mesh networking for iOS and macOS.

Features

• MultipeerConnectivity-based local P2P networking (up to 8 peers)
• Mesh networking with multi-hop relay routing (BFS pathfinding)
• Separate relay service type (stealthos-rly) — no DTLS conflicts
• DTLS encryption enforced on all sessions
• HMAC-SHA256 envelope integrity protection
• Host-side pool code authentication (never broadcast via Bonjour)
• Brute-force protection with persistent attempt tracking and auto-blocking
• Per-peer rate limiting (5s cooldown)
• 10 MB inbound message size limit
• Relay envelope with TTL, loop prevention, and deduplication cache
• Topology broadcasts with freshness validation
• Device block list with pluggable secure storage
• Multiplayer game service
• Configurable logging via protocol injection
• Zero external dependencies

Security

• 3 laps of security audits completed
• All CRITICAL, HIGH, and MEDIUM findings resolved
• Ready for public audit

Requirements

• iOS 17.0+ / macOS 14.0+
• Swift 6.0+
• Xcode 16+