v0.6.0: performance pack — pool prewarm, SNI rotation, per-site stats, parallel dispatch

Tier-1 perf changes from the brainstorm, all on by default except where
they change semantics (parallel_relay is opt-in).

Connection pool pre-warm (domain_fronter.rs):
  On startup, open 3 TLS connections to Google edge in parallel and
  park them in the pool. First user request skips the ~300-500 ms
  handshake cost. Best-effort: warm failures are logged at debug and
  ignored. Triggered from ProxyServer::run() in a fire-and-forget
  tokio spawn.

SNI rotation (domain_fronter.rs):
  Replace the single sni_host String with a Vec<String> plus an atomic
  round-robin index. When front_domain is one of the known Google-edge
  subdomains, build_sni_pool() expands it to include the other four
  (www/mail/drive/docs/calendar.google.com), so outbound TLS connection
  counts get spread across names instead of concentrating on one. Custom
  front_domain values are preserved as the single entry (we can't verify
  siblings of a non-Google edge).

Expanded SNI-rewrite suffix list (proxy_server.rs):
  Added gstatic.com, googleusercontent.com, googleapis.com, ggpht.com,
  ytimg.com, blogspot.com, blogger.com to the list of domains routed
  directly via the Google-edge tunnel instead of through the Apps Script
  relay. Bigger bypass = less UA-locking, less quota burn on static CDN
  content.

Per-site stats (domain_fronter.rs + ui.rs):
  New HostStat struct {requests, cache_hits, bytes, total_latency_ns}
  tracked per URL host. Records on both cache hits and relay calls, not
  on SNI-rewrite bypasses (those never touch the fronter). UI renders
  a collapsible table under the existing stats grid with the top 60
  hosts sorted by request count, showing req count, cache hit %, bytes,
  avg latency ms.

Parallel script-ID dispatch (config.rs, domain_fronter.rs, ui.rs):
  New config field parallel_relay: u8 (default 0 = off). When >= 2 and
  there are enough non-blacklisted IDs, do_relay_with_retry fans out
  the request to N script instances concurrently via futures_util's
  select_ok, returns first success, cancels the rest. Kills long-tail
  latency when one Apps Script instance happens to be slow, at the
  cost of N× quota per request. UI exposes it as a DragValue 0-8.

TCP_NODELAY audit (proxy_server.rs):
  Added the missing set_nodelay(true) call on the SNI-rewrite outbound
  TCP stream. All six TcpStream::connect sites in the user traffic path
  now disable Nagle.

Expanded feature list in README, added futures-util dep, added unit
tests for extract_host and build_sni_pool.

Verified end-to-end locally:
- Pool pre-warm log line appears on startup: 'pool pre-warmed with 3
  connection(s)'.
- Static asset hit 3x: first = 2.2s (Apps Script), 2-3 = 6ms (cache).
- youtube.com / google.com: SNI-rewrite tunnel (unchanged).
- All 28 unit tests pass.

Deferred (not in this release, each needs its own cycle):
- uTLS / Chrome fingerprint mimicry (TLS stack swap)
- QUIC/HTTP3 transport (new transport)
- ETag / If-None-Match revalidation (needs cache schema change)
- JSON envelope gzip on request (needs Code.gs change)
- Firebase Cloud Functions as alt backend (new architecture)
- MSS clamp / TCP Fast Open (platform-specific, marginal)

Author: therealaleph

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "mhrv-rs"
-version = "0.5.1"
+version = "0.6.0"
 edition = "2021"
 description = "Rust port of MasterHttpRelayVPN -- DPI bypass via Google Apps Script relay with domain fronting"
 license = "MIT"
@@ -44,6 +44,7 @@ h2 = "0.4"
 http = "1"
 flate2 = "1"
 directories = "5"
+futures-util = { version = "0.3", default-features = false, features = ["std"] }
 
 # Optional UI dep: only pulled in when --features ui is set.
 eframe = { version = "0.28", default-features = false, features = [

Cargo.toml

@@ -261,6 +261,11 @@ This port focuses on the **`apps_script` mode** — the only one that reliably w
 - [x] Script IDs masked in logs (`prefix…suffix`) so `info` logs don't leak deployment IDs
 - [x] Desktop UI (egui) — cross-platform, no bundler needed
 - [x] Optional upstream SOCKS5 chaining for non-HTTP traffic (Telegram MTProto, IMAP, SSH…) so raw-TCP flows can be tunneled through xray / v2ray / sing-box instead of connecting directly. HTTP/HTTPS keeps going through the Apps Script relay.
+- [x] Connection pool pre-warm on startup (first request skips the TLS handshake to Google edge).
+- [x] Per-connection SNI rotation across a pool of Google subdomains (`www/mail/drive/docs/calendar.google.com`), so outbound connection counts aren't concentrated on one SNI.
+- [x] Optional parallel script-ID dispatch (`parallel_relay`): fan out a relay request to N script instances concurrently, return first success, kill p95 latency at the cost of N× quota.
+- [x] Per-site stats drill-down in the UI (requests, cache hit %, bytes, avg latency per host) for live debugging.
+- [x] OpenWRT / Alpine / musl builds — static binaries, procd init script included.
 
 Intentionally **not** implemented (rationale included so future contributors don't spend cycles on them):
 

README.md

@@ -70,6 +70,7 @@ struct UiState {
     running: bool,
     started_at: Option<Instant>,
     last_stats: Option<mhrv_rs::domain_fronter::StatsSnapshot>,
+    last_per_site: Vec<(String, mhrv_rs::domain_fronter::HostStat)>,
     log: VecDeque<String>,
     ca_trusted: Option<bool>,
     last_test_ok: Option<bool>,
@@ -105,6 +106,7 @@ struct FormState {
     log_level: String,
     verify_ssl: bool,
     upstream_socks5: String,
+    parallel_relay: u8,
     show_auth_key: bool,
 }
 
@@ -139,6 +141,7 @@ fn load_form() -> FormState {
             log_level: c.log_level,
             verify_ssl: c.verify_ssl,
             upstream_socks5: c.upstream_socks5.unwrap_or_default(),
+            parallel_relay: c.parallel_relay,
             show_auth_key: false,
         }
     } else {
@@ -153,6 +156,7 @@ fn load_form() -> FormState {
             log_level: "info".into(),
             verify_ssl: true,
             upstream_socks5: String::new(),
+            parallel_relay: 0,
             show_auth_key: false,
         }
     }
@@ -208,6 +212,7 @@ impl FormState {
                 let v = self.upstream_socks5.trim();
                 if v.is_empty() { None } else { Some(v.to_string()) }
             },
+            parallel_relay: self.parallel_relay,
         })
     }
 }
@@ -241,6 +246,12 @@ struct ConfigWire<'a> {
     hosts: &'a std::collections::HashMap<String, String>,
     #[serde(skip_serializing_if = "Option::is_none")]
     upstream_socks5: Option<&'a str>,
+    #[serde(skip_serializing_if = "is_zero_u8")]
+    parallel_relay: u8,
+}
+
+fn is_zero_u8(v: &u8) -> bool {
+    *v == 0
 }
 
 #[derive(serde::Serialize)]
@@ -269,6 +280,7 @@ impl<'a> From<&'a Config> for ConfigWire<'a> {
             verify_ssl: c.verify_ssl,
             hosts: &c.hosts,
             upstream_socks5: c.upstream_socks5.as_deref(),
+            parallel_relay: c.parallel_relay,
         }
     }
 }
@@ -382,6 +394,20 @@ impl eframe::App for App {
                         .desired_width(f32::INFINITY));
                     ui.end_row();
 
+                    ui.label("Parallel dispatch")
+                        .on_hover_text(
+                            "Fire this many Apps Script IDs in parallel per relay request and\n\
+                             return the first successful response. 0/1 = off (round-robin).\n\
+                             Higher values eliminate long-tail latency (slow script instance\n\
+                             doesn't hold up the fast one) but spend that many times more\n\
+                             daily quota. Only effective with multiple IDs configured.\n\
+                             Recommend 2-3 if you have plenty of quota headroom."
+                        );
+                    ui.add(egui::DragValue::new(&mut self.form.parallel_relay)
+                        .speed(1)
+                        .range(0..=8));
+                    ui.end_row();
+
                     ui.label("Log level");
                     egui::ComboBox::from_id_source("loglevel")
                         .selected_text(&self.form.log_level)
@@ -415,9 +441,16 @@ impl eframe::App for App {
             ui.separator();
 
             // Status + stats
-            let (running, started_at, stats, ca_trusted, last_test_msg) = {
+            let (running, started_at, stats, ca_trusted, last_test_msg, per_site) = {
                 let s = self.shared.state.lock().unwrap();
-                (s.running, s.started_at, s.last_stats, s.ca_trusted, s.last_test_msg.clone())
+                (
+                    s.running,
+                    s.started_at,
+                    s.last_stats,
+                    s.ca_trusted,
+                    s.last_test_msg.clone(),
+                    s.last_per_site.clone(),
+                )
             };
 
             ui.horizontal(|ui| {
@@ -464,6 +497,41 @@ impl eframe::App for App {
                 });
             }
 
+            if !per_site.is_empty() {
+                ui.add_space(2.0);
+                egui::CollapsingHeader::new(format!("Per-site ({} hosts)", per_site.len()))
+                    .default_open(false)
+                    .show(ui, |ui| {
+                        egui::ScrollArea::vertical()
+                            .max_height(140.0)
+                            .show(ui, |ui| {
+                                egui::Grid::new("per_site")
+                                    .num_columns(5)
+                                    .spacing([8.0, 2.0])
+                                    .striped(true)
+                                    .show(ui, |ui| {
+                                        ui.label(egui::RichText::new("host").strong());
+                                        ui.label(egui::RichText::new("req").strong());
+                                        ui.label(egui::RichText::new("hit%").strong());
+                                        ui.label(egui::RichText::new("bytes").strong());
+                                        ui.label(egui::RichText::new("avg ms").strong());
+                                        ui.end_row();
+                                        for (host, st) in per_site.iter().take(60) {
+                                            let hit_pct = if st.requests > 0 {
+                                                (st.cache_hits as f64 / st.requests as f64) * 100.0
+                                            } else { 0.0 };
+                                            ui.label(egui::RichText::new(host).monospace());
+                                            ui.label(egui::RichText::new(st.requests.to_string()).monospace());
+                                            ui.label(egui::RichText::new(format!("{:.0}%", hit_pct)).monospace());
+                                            ui.label(egui::RichText::new(fmt_bytes(st.bytes)).monospace());
+                                            ui.label(egui::RichText::new(format!("{:.0}", st.avg_latency_ms())).monospace());
+                                            ui.end_row();
+                                        }
+                                    });
+                            });
+                    });
+            }
+
             ui.add_space(4.0);
 
             ui.horizontal(|ui| {
@@ -573,7 +641,10 @@ fn background_thread(shared: Arc<Shared>, rx: Receiver<Cmd>) {
                         let f = slot.lock().await;
                         if let Some(fronter) = f.as_ref() {
                             let s = fronter.snapshot_stats();
-                            shared.state.lock().unwrap().last_stats = Some(s);
+                            let per_site = fronter.snapshot_per_site();
+                            let mut st = shared.state.lock().unwrap();
+                            st.last_stats = Some(s);
+                            st.last_per_site = per_site;
                         }
                     });
                 }

src/bin/ui.rs

@@ -62,6 +62,16 @@ pub struct Config {
     /// unaffected.
     #[serde(default)]
     pub upstream_socks5: Option<String>,
+    /// Fan-out factor for non-cached relay requests when multiple
+    /// `script_id`s are configured. `0` or `1` = off (round-robin, the
+    /// default). `2` or more = fire that many Apps Script instances in
+    /// parallel per request and return the first successful response —
+    /// kills long-tail latency caused by a single slow Apps Script
+    /// instance, at the cost of using that much more daily quota.
+    /// Value is clamped to the number of available (non-blacklisted)
+    /// script IDs.
+    #[serde(default)]
+    pub parallel_relay: u8,
 }
 
 fn default_google_ip() -> String {