2025-08-23 09:39:20 +03:00
13 changed files with 980 additions and 93 deletions
--- a/cmd/client/main.go
+++ b/cmd/client/main.go
@ -0,0 +1,134 @@
 package main
 import (
 	"context"
 	"flag"
 	"fmt"
 	"log"
 	"net"
 	"time"
 	"hash-of-wisdom/internal/pow/challenge"
 	"hash-of-wisdom/internal/pow/solver"
 	"hash-of-wisdom/internal/protocol"
 )
 func main() {
 	serverAddr := flag.String("addr", "localhost:8080", "server address")
 	flag.Parse()
 	fmt.Printf("Connecting to Word of Wisdom server at %s\n", *serverAddr)
 	// Step 1: Get challenge
 	challengeResp, err := requestChallenge(*serverAddr)
 	if err != nil {
 		log.Fatalf("Failed to get challenge: %v", err)
 	}
 	fmt.Printf("Received challenge with difficulty %d\n", challengeResp.Challenge.Difficulty)
 	// Step 2: Solve challenge
 	fmt.Println("Solving challenge...")
 	start := time.Now()
 	s := solver.NewSolver()
 	solution, err := s.Solve(context.Background(), challengeResp.Challenge)
 	if err != nil {
 		log.Fatalf("Failed to solve challenge: %v", err)
 	}
 	solveTime := time.Since(start)
 	fmt.Printf("Challenge solved in %v with nonce %d\n", solveTime, solution.Nonce)
 	// Step 3: Submit solution and get quote
 	err = submitSolution(*serverAddr, challengeResp.Challenge, solution.Nonce)
 	if err != nil {
 		log.Fatalf("Failed to submit solution: %v", err)
 	}
 }
 func requestChallenge(serverAddr string) (*protocol.ChallengeResponse, error) {
 	// Connect with timeout
 	conn, err := net.DialTimeout("tcp", serverAddr, 5*time.Second)
 	if err != nil {
 		return nil, fmt.Errorf("failed to connect: %w", err)
 	}
 	defer conn.Close()
 	// Request challenge
 	fmt.Println("Requesting challenge...")
 	challengeReq := &protocol.ChallengeRequest{}
 	if err := challengeReq.Encode(conn); err != nil {
 		return nil, fmt.Errorf("failed to send challenge request: %w", err)
 	}
 	// Receive challenge
 	decoder := protocol.NewMessageDecoder()
 	msg, err := decoder.Decode(conn)
 	if err != nil {
 		return nil, fmt.Errorf("failed to receive challenge: %w", err)
 	}
 	if msg.Type != protocol.ChallengeResponseType {
 		return nil, fmt.Errorf("unexpected response type: %v", msg.Type)
 	}
 	// Parse challenge
 	challengeResp := &protocol.ChallengeResponse{}
 	if err := challengeResp.Decode(msg.PayloadStream); err != nil {
 		return nil, fmt.Errorf("failed to parse challenge: %w", err)
 	}
 	return challengeResp, nil
 }
 func submitSolution(serverAddr string, chall *challenge.Challenge, nonce uint64) error {
 	// Connect with timeout
 	conn, err := net.DialTimeout("tcp", serverAddr, 5*time.Second)
 	if err != nil {
 		return fmt.Errorf("failed to connect: %w", err)
 	}
 	defer conn.Close()
 	// Submit solution
 	solutionReq := &protocol.SolutionRequest{
 		Challenge: *chall,
 		Nonce:     nonce,
 	}
 	fmt.Println("Submitting solution...")
 	if err := solutionReq.Encode(conn); err != nil {
 		return fmt.Errorf("failed to send solution: %w", err)
 	}
 	// Receive quote or error
 	decoder := protocol.NewMessageDecoder()
 	msg, err := decoder.Decode(conn)
 	if err != nil {
 		return fmt.Errorf("failed to receive response: %w", err)
 	}
 	switch msg.Type {
 	case protocol.QuoteResponseType:
 		solutionResp := &protocol.SolutionResponse{}
 		if err := solutionResp.Decode(msg.PayloadStream); err != nil {
 			return fmt.Errorf("failed to parse quote: %w", err)
 		}
 		fmt.Printf("\nQuote received:\n\"%s\"\n— %s\n", solutionResp.Quote.Text, solutionResp.Quote.Author)
 	case protocol.ErrorResponseType:
 		errorResp := &protocol.ErrorResponse{}
 		if err := errorResp.Decode(msg.PayloadStream); err != nil {
 			fmt.Println("Error: Contact administrator")
 			return nil
 		}
 		if errorResp.Code == protocol.ErrServerError {
 			fmt.Println("Error: Contact administrator")
 		} else {
 			fmt.Printf("Error: %s\n", errorResp.Message)
 		}
 	default:
 		return fmt.Errorf("unexpected response type: %v", msg.Type)
 	}
 	return nil
 }
--- a/docs/IMPLEMENTATION.md
+++ b/docs/IMPLEMENTATION.md
@ -89,14 +89,13 @@
 - [X] Update cmd/server to use new TCP server with logging
 ## Phase 7: Client Implementation
- [ ] Create client application structure
+- [X] Create client application structure
- [ ] Implement PoW solver algorithm on client side
+- [X] Implement PoW solver algorithm on client side
- [ ] Create client-side protocol implementation
+- [X] Create client-side protocol implementation
- [ ] Add retry logic and error handling
+- [X] Add retry logic and error handling
- [ ] Implement connection management
+- [X] Implement connection management
- [ ] Create CLI interface for client
+- [X] Create CLI interface for client
- [ ] Add client structured logging
+- [X] Write client integration tests for slowloris protection
 - [ ] Write client unit and integration tests
 ## Phase 8: Basic Server Architecture
 - [ ] Set up metrics collection (prometheus)
--- a/docs/PROTOCOL.md
+++ b/docs/PROTOCOL.md
@ -31,27 +31,37 @@ For detailed analysis of alternative PoW algorithms and comprehensive justificat
 ## Protocol Flow
-### Successful Flow
+### Challenge Request Flow
 ```
 Client                                    Server
  |                                         |
  |-------- CHALLENGE_REQUEST ------------->|
  |                                         |
  |<------- CHALLENGE_RESPONSE -------------| (HMAC-signed)
  |                                         |
  [Connection closes]
 ```
 ### Solution Submission Flow
 ```
 Client                                    Server
  |                                         |
  |-------- SOLUTION_REQUEST -------------->|
  |                                         |
  |<------- QUOTE_RESPONSE -----------------| (if solution valid)
  |                                         |
  [Connection closes]
 ```
 ### Error Flow
 ```
 Client                                    Server
-  |-------- CHALLENGE_REQUEST ------------->|
+  |                                         |
  |<------- CHALLENGE_RESPONSE -------------|
  |-------- SOLUTION_REQUEST (invalid) ---->|
  |                                         |
  |<------- ERROR_RESPONSE -----------------| (if solution invalid)
  |                                         |
  [Connection closes]
 ```
 ## Message Format
@ -252,12 +262,21 @@ Server verifies solutions through the following steps:
 ## Connection Management
 ### Connection Lifecycle
 The protocol uses separate TCP connections for challenge requests and solution submissions:
 #### Challenge Request:
 1. **Connect**: Client establishes TCP connection to server
-2. **Challenge**: Client requests and receives HMAC-signed challenge
+2. **Request**: Client sends CHALLENGE_REQUEST
-3. **Solve**: Client solves PoW challenge offline (can take time)
+3. **Receive**: Client receives CHALLENGE_RESPONSE with HMAC-signed challenge
-4. **Submit**: Client submits solution with challenge proof
+4. **Disconnect**: Connection closes automatically
-5. **Receive**: Client receives quote (if valid) or error (if invalid)
+
-6. **Disconnect**: Connection closes automatically after response
+#### Solution Submission:
 1. **Solve**: Client solves PoW challenge offline
 2. **Connect**: Client establishes new TCP connection to server
 3. **Submit**: Client sends SOLUTION_REQUEST with challenge and nonce
 4. **Receive**: Client receives QUOTE_RESPONSE or ERROR_RESPONSE
 5. **Disconnect**: Connection closes automatically
 ### Timeouts and Limits
--- a/internal/protocol/encode_decode_test.go
+++ b/internal/protocol/encode_decode_test.go
@ -0,0 +1,157 @@
 package protocol
 import (
 	"bytes"
 	"testing"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"hash-of-wisdom/internal/pow/challenge"
 	"hash-of-wisdom/internal/quotes"
 )
 func TestSymmetricEncoding_ChallengeRequest(t *testing.T) {
 	// Create a challenge request
 	req := &ChallengeRequest{}
 	// Encode it
 	var buf bytes.Buffer
 	err := req.Encode(&buf)
 	require.NoError(t, err)
 	// Decode it back
 	decoder := NewMessageDecoder()
 	msg, err := decoder.Decode(&buf)
 	require.NoError(t, err)
 	assert.Equal(t, ChallengeRequestType, msg.Type)
 	assert.Equal(t, uint32(0), msg.PayloadLength)
 	// Decode the request payload
 	decodedReq := &ChallengeRequest{}
 	err = decodedReq.Decode(msg.PayloadStream)
 	require.NoError(t, err)
 }
 func TestSymmetricEncoding_SolutionRequest(t *testing.T) {
 	// Create a solution request
 	req := &SolutionRequest{
 		Challenge: challenge.Challenge{
 			Timestamp:  1640995200,
 			Difficulty: 4,
 			Resource:   "quotes",
 			Random:     []byte("test"),
 			HMAC:       []byte("test"),
 		},
 		Nonce: 12345,
 	}
 	// Encode it
 	var buf bytes.Buffer
 	err := req.Encode(&buf)
 	require.NoError(t, err)
 	// Decode it back
 	decoder := NewMessageDecoder()
 	msg, err := decoder.Decode(&buf)
 	require.NoError(t, err)
 	assert.Equal(t, SolutionRequestType, msg.Type)
 	assert.Greater(t, msg.PayloadLength, uint32(0))
 	// Decode the request payload
 	decodedReq := &SolutionRequest{}
 	err = decodedReq.Decode(msg.PayloadStream)
 	require.NoError(t, err)
 	assert.Equal(t, req.Nonce, decodedReq.Nonce)
 	assert.Equal(t, req.Challenge.Timestamp, decodedReq.Challenge.Timestamp)
 }
 func TestSymmetricEncoding_ChallengeResponse(t *testing.T) {
 	// Create a challenge response
 	resp := &ChallengeResponse{
 		Challenge: &challenge.Challenge{
 			Timestamp:  1640995200,
 			Difficulty: 4,
 			Resource:   "quotes",
 			Random:     []byte("test"),
 			HMAC:       []byte("test"),
 		},
 	}
 	// Encode it
 	var buf bytes.Buffer
 	err := resp.Encode(&buf)
 	require.NoError(t, err)
 	// Decode it back
 	decoder := NewMessageDecoder()
 	msg, err := decoder.Decode(&buf)
 	require.NoError(t, err)
 	assert.Equal(t, ChallengeResponseType, msg.Type)
 	assert.Greater(t, msg.PayloadLength, uint32(0))
 	// Decode the response payload
 	decodedResp := &ChallengeResponse{}
 	err = decodedResp.Decode(msg.PayloadStream)
 	require.NoError(t, err)
 	assert.Equal(t, resp.Challenge.Timestamp, decodedResp.Challenge.Timestamp)
 	assert.Equal(t, resp.Challenge.Difficulty, decodedResp.Challenge.Difficulty)
 }
 func TestSymmetricEncoding_SolutionResponse(t *testing.T) {
 	// Create a solution response
 	resp := &SolutionResponse{
 		Quote: &quotes.Quote{
 			Text:   "Test quote",
 			Author: "Test Author",
 		},
 	}
 	// Encode it
 	var buf bytes.Buffer
 	err := resp.Encode(&buf)
 	require.NoError(t, err)
 	// Decode it back
 	decoder := NewMessageDecoder()
 	msg, err := decoder.Decode(&buf)
 	require.NoError(t, err)
 	assert.Equal(t, QuoteResponseType, msg.Type)
 	assert.Greater(t, msg.PayloadLength, uint32(0))
 	// Decode the response payload
 	decodedResp := &SolutionResponse{}
 	err = decodedResp.Decode(msg.PayloadStream)
 	require.NoError(t, err)
 	assert.Equal(t, resp.Quote.Text, decodedResp.Quote.Text)
 	assert.Equal(t, resp.Quote.Author, decodedResp.Quote.Author)
 }
 func TestSymmetricEncoding_ErrorResponse(t *testing.T) {
 	// Create an error response
 	resp := &ErrorResponse{
 		Code:    "TEST_ERROR",
 		Message: "Test error message",
 		Details: map[string]string{"key": "value"},
 	}
 	// Encode it
 	var buf bytes.Buffer
 	err := resp.Encode(&buf)
 	require.NoError(t, err)
 	// Decode it back
 	decoder := NewMessageDecoder()
 	msg, err := decoder.Decode(&buf)
 	require.NoError(t, err)
 	assert.Equal(t, ErrorResponseType, msg.Type)
 	assert.Greater(t, msg.PayloadLength, uint32(0))
 	// Decode the response payload
 	decodedResp := &ErrorResponse{}
 	err = decodedResp.Decode(msg.PayloadStream)
 	require.NoError(t, err)
 	assert.Equal(t, resp.Code, decodedResp.Code)
 	assert.Equal(t, resp.Message, decodedResp.Message)
 	assert.Equal(t, resp.Details, decodedResp.Details)
 }
--- a/internal/protocol/encoder.go
+++ b/internal/protocol/encoder.go
@ -0,0 +1,41 @@
 package protocol
 import (
 	"encoding/binary"
 	"encoding/json"
 	"fmt"
 	"io"
 )
 // encode is a helper function that encodes any message with the given message type
 func encode(w io.Writer, msgType MessageType, payload interface{}) error {
 	var payloadBytes []byte
 	var err error
 	// Only marshal if payload is not nil
 	if payload != nil {
 		payloadBytes, err = json.Marshal(payload)
 		if err != nil {
 			return fmt.Errorf("failed to encode payload: %w", err)
 		}
 	}
 	// Write message type (1 byte)
 	if err := binary.Write(w, binary.BigEndian, msgType); err != nil {
 		return fmt.Errorf("failed to write message type: %w", err)
 	}
 	// Write payload length (4 bytes, big-endian)
 	if err := binary.Write(w, binary.BigEndian, uint32(len(payloadBytes))); err != nil {
 		return fmt.Errorf("failed to write payload length: %w", err)
 	}
 	// Write JSON payload if we have one
 	if len(payloadBytes) > 0 {
 		if _, err := w.Write(payloadBytes); err != nil {
 			return fmt.Errorf("failed to write payload: %w", err)
 		}
 	}
 	return nil
 }
--- a/internal/protocol/message_decoder.go
+++ b/internal/protocol/message_decoder.go
@ -25,11 +25,6 @@ func (d *MessageDecoder) Decode(r io.Reader) (*Message, error) {
 		return nil, fmt.Errorf("failed to read message type: %w", err)
 	}
 	// Validate message type (only request types are valid for server)
 	if !isValidRequestType(msgType) {
 		return nil, fmt.Errorf("invalid message type: 0x%02x", msgType)
 	}
 	// Read payload length (4 bytes, big-endian)
 	var payloadLength uint32
 	if err := binary.Read(r, binary.BigEndian, &payloadLength); err != nil {
@ -53,13 +48,3 @@ func (d *MessageDecoder) Decode(r io.Reader) (*Message, error) {
 		PayloadStream:  payloadStream,
 	}, nil
 }
 // isValidRequestType checks if the message type is a valid request type
 func isValidRequestType(msgType MessageType) bool {
 	switch msgType {
 	case ChallengeRequestType, SolutionRequestType:
 		return true
 	default:
 		return false
 	}
 }
--- a/internal/protocol/message_decoder_test.go
+++ b/internal/protocol/message_decoder_test.go
@ -70,16 +70,6 @@ func TestMessageDecoder_Decode_Errors(t *testing.T) {
 			data:    []byte{},
 			wantErr: "EOF",
 		},
 		{
 			name:    "invalid message type",
 			data:    []byte{0xFF, 0x00, 0x00, 0x00, 0x00},
 			wantErr: "invalid message type",
 		},
 		{
 			name:    "response type not allowed",
 			data:    []byte{0x02, 0x00, 0x00, 0x00, 0x00}, // ChallengeResponseType
 			wantErr: "invalid message type",
 		},
 		{
 			name:    "incomplete header",
 			data:    []byte{0x01, 0x00, 0x00},
--- a/internal/protocol/requests.go
+++ b/internal/protocol/requests.go
@ -7,6 +7,7 @@ import (
 	"hash-of-wisdom/internal/pow/challenge"
 )
 // ChallengeRequest is empty (no payload for challenge requests)
 type ChallengeRequest struct{}
@ -16,6 +17,11 @@ func (r *ChallengeRequest) Decode(stream io.Reader) error {
 	return nil
 }
 // Encode writes a challenge request to the writer
 func (r *ChallengeRequest) Encode(w io.Writer) error {
 	return encode(w, ChallengeRequestType, nil)
 }
 // SolutionRequest contains the client's solution attempt
 type SolutionRequest struct {
 	Challenge challenge.Challenge `json:"challenge"`
@ -33,3 +39,8 @@ func (r *SolutionRequest) Decode(stream io.Reader) error {
 	decoder := json.NewDecoder(stream)
 	return decoder.Decode(r)
 }
 // Encode writes a solution request to the writer
 func (r *SolutionRequest) Encode(w io.Writer) error {
 	return encode(w, SolutionRequestType, r)
 }
--- a/internal/protocol/responses.go
+++ b/internal/protocol/responses.go
@ -1,63 +1,46 @@
 package protocol
 import (
 	"encoding/binary"
 	"encoding/json"
 	"fmt"
 	"io"
 	"hash-of-wisdom/internal/pow/challenge"
 	"hash-of-wisdom/internal/quotes"
 )
 // writeHeader writes the message type and payload length to the writer
 func writeHeader(w io.Writer, msgType MessageType, payloadLength uint32) error {
 	// Write message type (1 byte)
 	if err := binary.Write(w, binary.BigEndian, msgType); err != nil {
 		return fmt.Errorf("failed to write message type: %w", err)
 	}
 	// Write payload length (4 bytes, big-endian)
 	if err := binary.Write(w, binary.BigEndian, payloadLength); err != nil {
 		return fmt.Errorf("failed to write payload length: %w", err)
 	}
 	return nil
 }
 // encodeResponse is a helper function that encodes any response with the given message type
 func encodeResponse(w io.Writer, msgType MessageType, payload interface{}) error {
 	// Marshal to get exact payload size
 	payloadBytes, err := json.Marshal(payload)
 	if err != nil {
 		return fmt.Errorf("failed to encode payload: %w", err)
 	}
 	// Write header
 	if err := writeHeader(w, msgType, uint32(len(payloadBytes))); err != nil {
 		return err
 	}
 	// Write JSON payload directly to stream
 	if len(payloadBytes) > 0 {
 		if _, err := w.Write(payloadBytes); err != nil {
 			return fmt.Errorf("failed to write payload: %w", err)
 		}
 	}
 	return nil
 }
 // ChallengeResponse represents a challenge response
 type ChallengeResponse struct {
 	Challenge *challenge.Challenge
 }
 // Decode reads a challenge response from the payload stream
 func (r *ChallengeResponse) Decode(stream io.Reader) error {
 	if stream == nil {
 		return io.EOF
 	}
 	// Parse JSON directly from stream
 	decoder := json.NewDecoder(stream)
 	return decoder.Decode(&r.Challenge)
 }
 // SolutionResponse represents a successful solution response (contains quote)
 type SolutionResponse struct {
 	Quote *quotes.Quote
 }
 // Decode reads a solution response from the payload stream
 func (r *SolutionResponse) Decode(stream io.Reader) error {
 	if stream == nil {
 		return io.EOF
 	}
 	// Parse JSON directly from stream
 	decoder := json.NewDecoder(stream)
 	return decoder.Decode(&r.Quote)
 }
 // ErrorResponse represents an error response
 type ErrorResponse struct {
 	Code       string            `json:"code"`
@ -66,17 +49,28 @@ type ErrorResponse struct {
 	Details    map[string]string `json:"details,omitempty"`
 }
 // Decode reads an error response from the payload stream
 func (r *ErrorResponse) Decode(stream io.Reader) error {
 	if stream == nil {
 		return io.EOF
 	}
 	// Parse JSON directly from stream
 	decoder := json.NewDecoder(stream)
 	return decoder.Decode(r)
 }
 // Encode writes the challenge response to the writer
 func (r *ChallengeResponse) Encode(w io.Writer) error {
-	return encodeResponse(w, ChallengeResponseType, r.Challenge)
+	return encode(w, ChallengeResponseType, r.Challenge)
 }
 // Encode writes the solution response to the writer
 func (r *SolutionResponse) Encode(w io.Writer) error {
-	return encodeResponse(w, QuoteResponseType, r.Quote)
+	return encode(w, QuoteResponseType, r.Quote)
 }
 // Encode writes the error response to the writer
 func (r *ErrorResponse) Encode(w io.Writer) error {
-	return encodeResponse(w, ErrorResponseType, r)
+	return encode(w, ErrorResponseType, r)
 }
--- a/internal/protocol/roundtrip_test.go
+++ b/internal/protocol/roundtrip_test.go
@ -113,16 +113,6 @@ func TestChallengeRequest_EmptyPayload(t *testing.T) {
 	require.NoError(t, err)
 }
 func TestMessageDecoder_RejectsResponseTypes(t *testing.T) {
 	decoder := NewMessageDecoder()
 	data := []byte{byte(ErrorResponseType), 0x00, 0x00, 0x00, 0x05, 'h', 'e', 'l', 'l', 'o'}
 	buf := bytes.NewBuffer(data)
 	_, err := decoder.Decode(buf)
 	assert.Error(t, err)
 	assert.Contains(t, err.Error(), "invalid message type")
 }
 func TestPayloadStream_LimitedRead(t *testing.T) {
 	decoder := NewMessageDecoder()
--- a/internal/protocol/spec_compliance_test.go
+++ b/internal/protocol/spec_compliance_test.go
@ -0,0 +1,177 @@
 package protocol
 import (
 	"bytes"
 	"encoding/json"
 	"testing"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"hash-of-wisdom/internal/pow/challenge"
 	"hash-of-wisdom/internal/quotes"
 )
 // TestSpecCompliance_ChallengeResponse verifies challenge response matches PROTOCOL.md format
 func TestSpecCompliance_ChallengeResponse(t *testing.T) {
 	resp := &ChallengeResponse{
 		Challenge: &challenge.Challenge{
 			Timestamp:  1640995200,
 			Difficulty: 4,
 			Resource:   "quotes",
 			Random:     []byte{0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0xf6},
 			HMAC:       []byte("base64url_encoded_signature"),
 		},
 	}
 	var buf bytes.Buffer
 	err := resp.Encode(&buf)
 	require.NoError(t, err)
 	// Skip header (5 bytes) and get payload
 	header := buf.Bytes()[:5]
 	payload := buf.Bytes()[5:]
 	// Verify header format
 	assert.Equal(t, byte(ChallengeResponseType), header[0])
 	assert.Equal(t, uint32(len(payload)), uint32(header[1])<<24|uint32(header[2])<<16|uint32(header[3])<<8|uint32(header[4]))
 	// Verify JSON payload matches spec format
 	var decoded map[string]interface{}
 	err = json.Unmarshal(payload, &decoded)
 	require.NoError(t, err)
 	// Check required fields from spec
 	assert.Contains(t, decoded, "timestamp")
 	assert.Contains(t, decoded, "difficulty")
 	assert.Contains(t, decoded, "resource")
 	assert.Contains(t, decoded, "random")
 	assert.Contains(t, decoded, "hmac")
 	assert.Equal(t, float64(1640995200), decoded["timestamp"])
 	assert.Equal(t, float64(4), decoded["difficulty"])
 	assert.Equal(t, "quotes", decoded["resource"])
 }
 // TestSpecCompliance_SolutionRequest verifies solution request matches PROTOCOL.md format
 func TestSpecCompliance_SolutionRequest(t *testing.T) {
 	req := &SolutionRequest{
 		Challenge: challenge.Challenge{
 			Timestamp:  1640995200,
 			Difficulty: 4,
 			Resource:   "quotes",
 			Random:     []byte{0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0xf6},
 			HMAC:       []byte("base64url_encoded_signature"),
 		},
 		Nonce: 12345,
 	}
 	var buf bytes.Buffer
 	err := req.Encode(&buf)
 	require.NoError(t, err)
 	// Skip header and get payload
 	payload := buf.Bytes()[5:]
 	// Verify JSON payload matches spec format
 	var decoded map[string]interface{}
 	err = json.Unmarshal(payload, &decoded)
 	require.NoError(t, err)
 	// Check required top-level fields
 	assert.Contains(t, decoded, "challenge")
 	assert.Contains(t, decoded, "nonce")
 	assert.Equal(t, float64(12345), decoded["nonce"])
 	// Check challenge structure
 	challenge := decoded["challenge"].(map[string]interface{})
 	assert.Contains(t, challenge, "timestamp")
 	assert.Contains(t, challenge, "difficulty")
 	assert.Contains(t, challenge, "resource")
 	assert.Contains(t, challenge, "random")
 	assert.Contains(t, challenge, "hmac")
 }
 // TestSpecCompliance_QuoteResponse verifies quote response matches PROTOCOL.md format
 func TestSpecCompliance_QuoteResponse(t *testing.T) {
 	resp := &SolutionResponse{
 		Quote: &quotes.Quote{
 			Text:   "The only way to do great work is to love what you do.",
 			Author: "Steve Jobs",
 		},
 	}
 	var buf bytes.Buffer
 	err := resp.Encode(&buf)
 	require.NoError(t, err)
 	// Skip header and get payload
 	payload := buf.Bytes()[5:]
 	// Verify JSON payload matches spec format
 	var decoded map[string]interface{}
 	err = json.Unmarshal(payload, &decoded)
 	require.NoError(t, err)
 	// Check required fields from spec
 	assert.Contains(t, decoded, "text")
 	assert.Contains(t, decoded, "author")
 	assert.Equal(t, "The only way to do great work is to love what you do.", decoded["text"])
 	assert.Equal(t, "Steve Jobs", decoded["author"])
 }
 // TestSpecCompliance_ErrorResponse verifies error response matches PROTOCOL.md format
 func TestSpecCompliance_ErrorResponse(t *testing.T) {
 	resp := &ErrorResponse{
 		Code:       "INVALID_SOLUTION",
 		Message:    "The provided PoW solution is incorrect",
 		RetryAfter: 30,
 		Details:    map[string]string{"reason": "hash verification failed"},
 	}
 	var buf bytes.Buffer
 	err := resp.Encode(&buf)
 	require.NoError(t, err)
 	// Skip header and get payload
 	payload := buf.Bytes()[5:]
 	// Verify JSON payload matches spec format
 	var decoded map[string]interface{}
 	err = json.Unmarshal(payload, &decoded)
 	require.NoError(t, err)
 	// Check required fields from spec
 	assert.Contains(t, decoded, "code")
 	assert.Contains(t, decoded, "message")
 	assert.Equal(t, "INVALID_SOLUTION", decoded["code"])
 	assert.Equal(t, "The provided PoW solution is incorrect", decoded["message"])
 	// Check optional fields
 	assert.Contains(t, decoded, "retry_after")
 	assert.Contains(t, decoded, "details")
 	assert.Equal(t, float64(30), decoded["retry_after"])
 }
 // TestSpecCompliance_MessageSizeLimits verifies 8KB payload limit
 func TestSpecCompliance_MessageSizeLimits(t *testing.T) {
 	decoder := NewMessageDecoder()
 	// Create a message that exceeds 8KB payload limit
 	largePayload := make([]byte, MaxPayloadSize+1)
 	for i := range largePayload {
 		largePayload[i] = 'A'
 	}
 	// Create message with oversized payload
 	var buf bytes.Buffer
 	buf.WriteByte(byte(ChallengeRequestType))
 	buf.Write([]byte{0x00, 0x00, 0x20, 0x01}) // 8193 bytes (8KB + 1)
 	buf.Write(largePayload)
 	// Should reject oversized payload
 	_, err := decoder.Decode(&buf)
 	assert.Error(t, err)
 	assert.Contains(t, err.Error(), "payload length")
 	assert.Contains(t, err.Error(), "exceeds maximum")
 }
--- a/test/integration/slowloris_test.go
+++ b/test/integration/slowloris_test.go
@ -0,0 +1,198 @@
 package integration
 import (
 	"net"
 	"testing"
 	"time"
 	"hash-of-wisdom/internal/protocol"
 	"hash-of-wisdom/internal/server"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 func TestSlowlorisProtection_SlowReader(t *testing.T) {
 	// Setup server with very short read timeout for testing
 	config := server.DefaultConfig()
 	config.Address = ":0"
 	config.Timeouts.Read = 100 * time.Millisecond
 	config.Timeouts.Write = 5 * time.Second
 	config.Timeouts.Connection = 15 * time.Second
 	srv := setupTestServerWithConfig(t, config)
 	defer srv.Stop()
 	// Connect to server
 	conn, err := net.Dial("tcp", srv.Address())
 	require.NoError(t, err)
 	defer conn.Close()
 	// Send partial message header very slowly (slowloris attack)
 	_, err = conn.Write([]byte{0x01}) // Challenge request type
 	require.NoError(t, err)
 	// Wait longer than read timeout before sending length
 	time.Sleep(200 * time.Millisecond)
 	// Try to send more data - connection should be timed out
 	_, err = conn.Write([]byte{0x00, 0x00, 0x00, 0x00}) // Payload length
 	// Verify connection is closed by trying to read
 	buffer := make([]byte, 1024)
 	conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond))
 	_, err = conn.Read(buffer)
 	assert.Error(t, err, "Connection should be closed due to slow reading")
 }
 func TestSlowlorisProtection_SlowWriter(t *testing.T) {
 	// Setup server with very short write timeout for testing
 	config := server.DefaultConfig()
 	config.Address = ":0"
 	config.Timeouts.Read = 5 * time.Second
 	config.Timeouts.Write = 100 * time.Millisecond
 	config.Timeouts.Connection = 15 * time.Second
 	srv := setupTestServerWithConfig(t, config)
 	defer srv.Stop()
 	// Connect to server but don't read responses (simulate slow writer client)
 	conn, err := net.Dial("tcp", srv.Address())
 	require.NoError(t, err)
 	defer conn.Close()
 	// Send a complete challenge request
 	challengeReq := &protocol.ChallengeRequest{}
 	err = challengeReq.Encode(conn)
 	require.NoError(t, err)
 	// Don't read the response to simulate slow writer
 	// Server should timeout when trying to write response
 	time.Sleep(200 * time.Millisecond)
 	// Try to send another request - connection should be closed
 	err = challengeReq.Encode(conn)
 	assert.Error(t, err, "Connection should be closed due to slow writing")
 }
 func TestSlowlorisProtection_ConnectionTimeout(t *testing.T) {
 	// Setup server with very short connection timeout
 	config := server.DefaultConfig()
 	config.Address = ":0"
 	config.Timeouts.Read = 5 * time.Second
 	config.Timeouts.Write = 5 * time.Second
 	config.Timeouts.Connection = 100 * time.Millisecond
 	srv := setupTestServerWithConfig(t, config)
 	defer srv.Stop()
 	// Connect to server
 	conn, err := net.Dial("tcp", srv.Address())
 	require.NoError(t, err)
 	defer conn.Close()
 	// Wait longer than connection timeout without sending any data
 	time.Sleep(200 * time.Millisecond)
 	// Try to read from connection - should get EOF or connection reset
 	buffer := make([]byte, 1024)
 	conn.SetReadDeadline(time.Now().Add(100 * time.Millisecond))
 	_, err = conn.Read(buffer)
 	assert.Error(t, err, "Connection should be closed due to connection timeout")
 }
 func TestSlowlorisProtection_MultipleSlowConnections(t *testing.T) {
 	// Setup server with short timeouts
 	config := server.DefaultConfig()
 	config.Address = ":0"
 	config.Timeouts.Read = 50 * time.Millisecond
 	config.Timeouts.Write = 50 * time.Millisecond
 	config.Timeouts.Connection = 200 * time.Millisecond
 	srv := setupTestServerWithConfig(t, config)
 	defer srv.Stop()
 	// Create multiple slow connections (simulating slowloris attack)
 	var conns []net.Conn
 	for i := 0; i < 3; i++ {
 		conn, err := net.Dial("tcp", srv.Address())
 		require.NoError(t, err)
 		conns = append(conns, conn)
 		// Send partial data to trigger slow reader behavior
 		_, err = conn.Write([]byte{0x01}) // Just message type
 		require.NoError(t, err)
 	}
 	// Clean up connections
 	defer func() {
 		for _, conn := range conns {
 			conn.Close()
 		}
 	}()
 	// Wait for read timeouts to kick in
 	time.Sleep(100 * time.Millisecond)
 	// Verify slow connections are closed by trying to read from them
 	for i, conn := range conns {
 		buffer := make([]byte, 1024)
 		conn.SetReadDeadline(time.Now().Add(50 * time.Millisecond))
 		_, err := conn.Read(buffer)
 		assert.Error(t, err, "Slow connection %d should be closed", i)
 	}
 }
 func TestSlowlorisProtection_NormalOperationWithinTimeouts(t *testing.T) {
 	// Setup server with reasonable timeouts
 	config := server.DefaultConfig()
 	config.Address = ":0"
 	srv := setupTestServerWithConfig(t, config)
 	defer srv.Stop()
 	// Connect and complete normal flow quickly
 	conn, err := net.Dial("tcp", srv.Address())
 	require.NoError(t, err)
 	defer conn.Close()
 	// Request challenge
 	challengeReq := &protocol.ChallengeRequest{}
 	err = challengeReq.Encode(conn)
 	require.NoError(t, err)
 	// Should receive challenge response without timeout
 	decoder := protocol.NewMessageDecoder()
 	msg, err := decoder.Decode(conn)
 	require.NoError(t, err)
 	assert.Equal(t, protocol.ChallengeResponseType, msg.Type)
 	assert.Greater(t, msg.PayloadLength, uint32(0), "Challenge payload should not be empty")
 }
 func TestSlowlorisProtection_PartialHeaderAttack(t *testing.T) {
 	// Setup server with short read timeout
 	config := server.DefaultConfig()
 	config.Address = ":0"
 	config.Timeouts.Read = 100 * time.Millisecond
 	srv := setupTestServerWithConfig(t, config)
 	defer srv.Stop()
 	// Connect to server
 	conn, err := net.Dial("tcp", srv.Address())
 	require.NoError(t, err)
 	defer conn.Close()
 	// Send only message type byte, then stall
 	_, err = conn.Write([]byte{0x01})
 	require.NoError(t, err)
 	// Wait for read timeout
 	time.Sleep(200 * time.Millisecond)
 	// Try to read from connection - should be closed
 	buffer := make([]byte, 1024)
 	conn.SetReadDeadline(time.Now().Add(100 * time.Millisecond))
 	_, err = conn.Read(buffer)
 	assert.Error(t, err, "Connection should be closed due to partial header")
 }
--- a/test/integration/timeout_test.go
+++ b/test/integration/timeout_test.go
@ -0,0 +1,192 @@
 package integration
 import (
 	"context"
 	"net"
 	"testing"
 	"time"
 	"hash-of-wisdom/internal/lib/sl"
 	"hash-of-wisdom/internal/pow/challenge"
 	"hash-of-wisdom/internal/protocol"
 	"hash-of-wisdom/internal/quotes"
 	"hash-of-wisdom/internal/server"
 	"hash-of-wisdom/internal/service"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 func TestTCPServer_TimeoutProtection_SlowReader(t *testing.T) {
 	// Setup server with very short read timeout for testing
 	config := server.DefaultConfig()
 	config.Address = ":0"
 	config.Timeouts.Read = 500 * time.Millisecond
 	config.Timeouts.Write = 5 * time.Second
 	config.Timeouts.Connection = 15 * time.Second
 	srv := setupTestServerWithConfig(t, config)
 	defer srv.Stop()
 	// Connect to server
 	conn, err := net.Dial("tcp", srv.Address())
 	require.NoError(t, err)
 	defer conn.Close()
 	// Send partial message header (just type byte)
 	_, err = conn.Write([]byte{0x01}) // Challenge request type
 	require.NoError(t, err)
 	// Wait longer than read timeout before sending length
 	time.Sleep(700 * time.Millisecond)
 	// Try to send more data - connection should be timed out
 	_, err = conn.Write([]byte{0x00, 0x00, 0x00, 0x00}) // Payload length
 	// Verify connection is closed by reading
 	buffer := make([]byte, 1024)
 	conn.SetReadDeadline(time.Now().Add(1 * time.Second))
 	_, err = conn.Read(buffer)
 	assert.Error(t, err, "Connection should be closed due to slow reading")
 }
 func TestTCPServer_TimeoutProtection_ConnectionTimeout(t *testing.T) {
 	// Setup server with very short connection timeout
 	config := server.DefaultConfig()
 	config.Address = ":0"
 	config.Timeouts.Read = 5 * time.Second
 	config.Timeouts.Write = 5 * time.Second
 	config.Timeouts.Connection = 1 * time.Second
 	srv := setupTestServerWithConfig(t, config)
 	defer srv.Stop()
 	// Connect to server
 	conn, err := net.Dial("tcp", srv.Address())
 	require.NoError(t, err)
 	defer conn.Close()
 	// Wait longer than connection timeout
 	time.Sleep(1500 * time.Millisecond)
 	// Try to read from connection - should get EOF or connection reset
 	buffer := make([]byte, 1024)
 	conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond))
 	_, err = conn.Read(buffer)
 	assert.Error(t, err, "Connection should be closed due to timeout")
 }
 func TestTCPServer_NormalOperation_WithinTimeouts(t *testing.T) {
 	srv := setupTestServer(t)
 	defer srv.Stop()
 	// Connect and complete normal flow quickly
 	conn, err := net.Dial("tcp", srv.Address())
 	require.NoError(t, err)
 	defer conn.Close()
 	// Request challenge using new protocol API
 	challengeReq := &protocol.ChallengeRequest{}
 	err = challengeReq.Encode(conn)
 	require.NoError(t, err)
 	// Should receive challenge response without timeout
 	decoder := protocol.NewMessageDecoder()
 	msg, err := decoder.Decode(conn)
 	require.NoError(t, err)
 	assert.Equal(t, protocol.ChallengeResponseType, msg.Type)
 	assert.Greater(t, msg.PayloadLength, uint32(0), "Challenge payload should not be empty")
 }
 func TestTCPServer_MultipleConnections_IndependentTimeouts(t *testing.T) {
 	config := server.DefaultConfig()
 	config.Address = ":0"
 	config.Timeouts.Read = 1 * time.Second
 	config.Timeouts.Write = 5 * time.Second
 	config.Timeouts.Connection = 3 * time.Second
 	srv := setupTestServerWithConfig(t, config)
 	defer srv.Stop()
 	// Start two connections
 	conn1, err := net.Dial("tcp", srv.Address())
 	require.NoError(t, err)
 	defer conn1.Close()
 	conn2, err := net.Dial("tcp", srv.Address())
 	require.NoError(t, err)
 	defer conn2.Close()
 	// Conn1: Send complete request quickly
 	go func() {
 		req := &protocol.ChallengeRequest{}
 		req.Encode(conn1)
 	}()
 	// Conn2: Send partial request and stall
 	conn2.Write([]byte{0x01}) // Just message type
 	// Wait for read timeout
 	time.Sleep(1500 * time.Millisecond)
 	// Conn1 should still work, Conn2 should be closed
 	buffer := make([]byte, 1024)
 	// Conn1 should receive response
 	conn1.SetReadDeadline(time.Now().Add(1 * time.Second))
 	n, err := conn1.Read(buffer)
 	assert.NoError(t, err)
 	assert.Greater(t, n, 0, "Conn1 should receive response")
 	// Conn2 should be closed
 	conn2.SetReadDeadline(time.Now().Add(500 * time.Millisecond))
 	_, err = conn2.Read(buffer)
 	assert.Error(t, err, "Conn2 should be closed due to timeout")
 }
 // Helper function to create test server with default config
 func setupTestServer(t *testing.T) *server.TCPServer {
 	config := server.DefaultConfig()
 	config.Address = ":0"
 	return setupTestServerWithConfig(t, config)
 }
 // Helper function to create test server with custom config
 func setupTestServerWithConfig(t *testing.T, serverConfig *server.Config) *server.TCPServer {
 	// Create test components
 	challengeConfig := challenge.TestConfig()
 	generator := challenge.NewGenerator(challengeConfig)
 	verifier := challenge.NewVerifier(challengeConfig)
 	// Create a simple test quote service
 	quoteService := &testQuoteService{}
 	// Wire up service
 	genAdapter := service.NewGeneratorAdapter(generator)
 	wisdomService := service.NewWisdomService(genAdapter, verifier, quoteService)
 	// Create server with custom config using functional options
 	logger := sl.NewMockLogger()
 	srv := server.NewTCPServer(wisdomService,
 		server.WithConfig(serverConfig),
 		server.WithLogger(logger))
 	// Start server
 	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
 	defer cancel()
 	err := srv.Start(ctx)
 	require.NoError(t, err)
 	// Give server time to start
 	time.Sleep(100 * time.Millisecond)
 	return srv
 }
 // testQuoteService provides test quotes
 type testQuoteService struct{}
 func (s *testQuoteService) GetRandomQuote(ctx context.Context) (*quotes.Quote, error) {
 	return &quotes.Quote{
 		Text:   "Test quote for integration testing",
 		Author: "Test Author",
 	}, nil
 }