therealaleph
diff --git a/‎README.md‎
Lines changed: 62 additions & 1 deletion b/‎README.md‎
Lines changed: 62 additions & 1 deletion
diff --git a/‎android/app/src/main/java/com/therealaleph/mhrv/ConfigStore.kt‎
Lines changed: 5 additions & 1 deletion b/‎android/app/src/main/java/com/therealaleph/mhrv/ConfigStore.kt‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎android/app/src/main/java/com/therealaleph/mhrv/MhrvVpnService.kt‎
Lines changed: 2 additions & 10 deletions b/‎android/app/src/main/java/com/therealaleph/mhrv/MhrvVpnService.kt‎
Lines changed: 2 additions & 10 deletions
diff --git a/‎android/app/src/main/java/com/therealaleph/mhrv/ui/HomeScreen.kt‎
Lines changed: 11 additions & 2 deletions b/‎android/app/src/main/java/com/therealaleph/mhrv/ui/HomeScreen.kt‎
Lines changed: 11 additions & 2 deletions
diff --git a/‎src/bin/ui.rs‎
Lines changed: 20 additions & 6 deletions b/‎src/bin/ui.rs‎
Lines changed: 20 additions & 6 deletions
diff --git a/‎src/config.rs‎
Lines changed: 27 additions & 2 deletions b/‎src/config.rs‎
Lines changed: 27 additions & 2 deletions
@@ -160,7 +160,7 @@ Firefox keeps its own cert store; the installer also drops the CA into Firefox's
 
 Open the UI and fill in the form:
 
-- **Apps Script ID** — the Deployment ID from Step 1. Comma-separate multiple IDs for round-robin rotation across several deployments (higher quota, more throughput).
+- **Apps Script ID** — the Deployment ID from Step 1. Add multiple IDs (one per line in the UI, or a JSON array in `config.json`) for higher quota **and** lower latency. In `apps_script` mode, IDs are round-robined. In `full` mode, more IDs directly increase the pipeline depth (see [Full tunnel mode](#full-tunnel-mode) below).
 - **Auth key** — the same secret you set in `Code.gs`.
 - **Google IP** — `216.239.38.120` is a solid default. Use the **scan** button to probe for a faster one from your network.
 - **Front domain** — keep `www.google.com`.
@@ -262,6 +262,46 @@ Example config fragment (both UI and JSON):
 
 HTTP/HTTPS continues to route through the Apps Script relay (no change), and the SNI-rewrite tunnel for `google.com` / `youtube.com` / etc. keeps bypassing both — so YouTube stays as fast as before while Telegram gets a real tunnel.
 
+## Full tunnel mode
+
+Full tunnel mode (`"mode": "full"`) routes **all** traffic end-to-end through Apps Script and a remote [tunnel-node](tunnel-node/) — no MITM certificate needed. The trade-off is higher latency per request (every byte goes Apps Script → tunnel-node → destination), but it works for every protocol and every app without CA installation.
+
+### How deployment IDs affect performance
+
+Each Apps Script batch request takes ~2 seconds round-trip. In full mode, `mhrv-rs` runs a **pipelined batch multiplexer** that fires multiple batch requests concurrently without waiting for the previous one to return. The number of in-flight batches (the *pipeline depth*) scales directly with the number of deployment IDs you configure:
+
+```
+pipeline_depth = number_of_script_ids  (clamped to 2..12)
+```
+
+| Deployments | Pipeline depth | Effective batch interval | Notes |
+|-------------|---------------|------------------------|-------|
+| 1 | 2 | ~1.0s | Minimum — still pipelines 2 batches |
+| 3 | 3 | ~0.7s | Good for light browsing |
+| 6 | 6 | ~0.3s | Recommended for daily use |
+| 12 | 12 | ~0.17s | Maximum — diminishing returns past this |
+
+More deployments = more concurrent batches = lower per-session latency. Each batch round-robins across your deployment IDs, so the load is spread evenly and you're less likely to hit a single deployment's quota ceiling.
+
+**Resource guards** keep things safe:
+- **50 ops max** per batch — if more sessions are active, the mux splits into multiple batches
+- **4 MB payload cap** per batch — well under Apps Script's 50 MB limit
+- **30 s timeout** per batch — a slow/dead target can't block other sessions forever
+
+### Quick start
+
+1. Deploy [`CodeFull.gs`](assets/apps_script/CodeFull.gs) to 3–12 Google accounts (same steps as `Code.gs`, but use the full-mode script that forwards to your tunnel-node)
+2. Deploy the [tunnel-node](tunnel-node/) on a VPS
+3. Set `"mode": "full"` in your config with all deployment IDs:
+
+```json
+{
+  "mode": "full",
+  "script_id": ["id1", "id2", "id3", "id4", "id5", "id6"],
+  "auth_key": "your-secret"
+}
+```
+
 ## Running on OpenWRT (or any musl distro)
 
 The `*-linux-musl-*` archives ship a fully static CLI that runs on OpenWRT, Alpine, and any libc-less Linux userland. Put the binary on the router and start it as a service:
@@ -569,6 +609,27 @@ Original project: <https://github.com/masterking32/MasterHttpRelayVPN> by [@mast
 ۴. اگر نام جدیدی می‌خواهید اضافه کنید، در کادر پایین نام را بنویسید و **`+ Add`** بزنید — خودکار تست می‌شود
 ۵. با **`Save config`** در پنجرهٔ اصلی ذخیره کنید
 
+### حالت تونل کامل (Full tunnel mode)
+
+حالت `"mode": "full"` **تمام** ترافیک را سرتاسر از طریق `Apps Script` و یک [tunnel-node](tunnel-node/) روی سرور شما عبور می‌دهد — **بدون نیاز به نصب گواهی `MITM`**. تنها هزینه‌اش تأخیر بیشتر است (هر بایت از مسیر `Apps Script → tunnel-node → مقصد` می‌رود)، اما برای هر پروتکل و هر برنامه بدون نصب `CA` کار می‌کند.
+
+#### چرا تعداد `Deployment ID` مهم است؟
+
+هر درخواست دسته‌ای (`batch`) به `Apps Script` حدود ۲ ثانیه طول می‌کشد. در حالت `full`، برنامه یک **لولهٔ موازی** (`pipeline`) اجرا می‌کند که چند درخواست دسته‌ای را همزمان می‌فرستد بدون اینکه منتظر پاسخ قبلی بماند. تعداد درخواست‌های همزمان مستقیماً با تعداد `Deployment ID`ها رابطه دارد:
+
+```
+عمق لوله = تعداد Deployment IDها  (حداقل ۲، حداکثر ۱۲)
+```
+
+| تعداد Deployment | عمق لوله | فاصلهٔ مؤثر بین دسته‌ها | |
+|-----------------|----------|------------------------|---|
+| ۱ | ۲ | ~۱ ثانیه | حداقل |
+| ۳ | ۳ | ~۰.۷ ثانیه | مناسب مرور سبک |
+| ۶ | ۶ | ~۰.۳ ثانیه | توصیه‌شده برای استفادهٔ روزانه |
+| ۱۲ | ۱۲ | ~۰.۱۷ ثانیه | حداکثر |
+
+بیشتر `Deployment` = بیشتر درخواست همزمان = تأخیر کمتر برای هر نشست. هر دسته بین `ID`ها چرخش می‌کند (`round-robin`)، پس بار به‌طور یکنواخت توزیع می‌شود.
+
 ### اجرا روی OpenWRT (روتر)
 
 اگر می‌خواهید برنامه را روی روترتان اجرا کنید تا همهٔ دستگاه‌های شبکه از آن استفاده کنند، آرشیو `mhrv-rs-linux-musl-*.tar.gz` را دانلود کنید (این نسخه فایل اجرایی استاتیک دارد و بدون نصب هیچ وابستگی روی روتر کار می‌کند).
 
@@ -68,8 +68,10 @@ enum class UiLang { AUTO, FA, EN }
  *   Google edge is active, so the user can reach `script.google.com` to
  *   deploy Code.gs in the first place. No Deployment ID / Auth key needed.
  *   Non-Google traffic goes direct (no relay).
+ * - [FULL] — full tunnel mode. ALL traffic is tunneled end-to-end through
+ *   Apps Script + a remote tunnel node. No certificate installation needed.
  */
-enum class Mode { APPS_SCRIPT, GOOGLE_ONLY }
+enum class Mode { APPS_SCRIPT, GOOGLE_ONLY, FULL }
 
 data class MhrvConfig(
     val mode: Mode = Mode.APPS_SCRIPT,
@@ -147,6 +149,7 @@ data class MhrvConfig(
             put("mode", when (mode) {
                 Mode.APPS_SCRIPT -> "apps_script"
                 Mode.GOOGLE_ONLY -> "google_only"
+                Mode.FULL -> "full"
             })
             put("listen_host", listenHost)
             put("listen_port", listenPort)
@@ -231,6 +234,7 @@ object ConfigStore {
             MhrvConfig(
                 mode = when (obj.optString("mode", "apps_script")) {
                     "google_only" -> Mode.GOOGLE_ONLY
+                    "full" -> Mode.FULL
                     else -> Mode.APPS_SCRIPT
                 },
                 listenHost = obj.optString("listen_host", "127.0.0.1"),
 
@@ -90,19 +90,11 @@ class MhrvVpnService : VpnService() {
         // `ForegroundServiceDidNotStartInTimeException`. Every `stopSelf()`
         // path below MUST therefore happen after a `startForeground()`
         // call — otherwise the user-visible symptom is "the app crashes
-        // the instant I tap Start". See issue #73: user configured
-        // google_only mode (no deployment ID needed), which tripped the
-        // old early-return-before-startForeground branch.
-        //
-        // We call startForeground immediately here with the notification
-        // used by the normal running state; if we bail out below, we
-        // tear the foreground service down in an orderly way.
+        // the instant I tap Start". See issue #73.
         startForeground(NOTIF_ID, buildNotif(cfg.listenPort))
 
         // Deployment ID + auth key are only required in apps_script mode.
-        // google_only mode (bootstrap / Telegram-only use cases) runs
-        // with neither. Closes #73 regression where google_only users
-        // hit this branch and crashed on startForeground timeout.
+        // google_only (bootstrap) and full (tunnel) modes run without them.
         val needsAppsScriptCreds = cfg.mode == Mode.APPS_SCRIPT
         if (needsAppsScriptCreds && (!cfg.hasDeploymentId || cfg.authKey.isBlank())) {
             Log.e(TAG, "Config is incomplete — can't start proxy in apps_script mode")
 
@@ -238,7 +238,7 @@ fun HomeScreen(
             Spacer(Modifier.height(4.dp))
             SectionHeader(stringResource(R.string.sec_apps_script_relay))
 
-            val appsScriptEnabled = cfg.mode == Mode.APPS_SCRIPT
+            val appsScriptEnabled = cfg.mode == Mode.APPS_SCRIPT || cfg.mode == Mode.FULL
             DeploymentIdsField(
                 urls = cfg.appsScriptUrls,
                 onChange = { persist(cfg.copy(appsScriptUrls = it)) },
@@ -418,6 +418,7 @@ fun HomeScreen(
                 },
                 enabled = (isVpnRunning ||
                     cfg.mode == Mode.GOOGLE_ONLY ||
+                    cfg.mode == Mode.FULL ||
                     (cfg.hasDeploymentId && cfg.authKey.isNotBlank())) && !transitionCooldown,
                 colors = ButtonDefaults.buttonColors(
                     containerColor = if (isVpnRunning) ErrRed else OkGreen,
@@ -729,11 +730,13 @@ private fun ModeDropdown(
     mode: Mode,
     onChange: (Mode) -> Unit,
 ) {
-    val labelApps = "Apps Script (full)"
+    val labelApps = "Apps Script (MITM)"
     val labelGoogle = "Google-only (bootstrap)"
+    val labelFull = "Full tunnel (no cert)"
     val currentLabel = when (mode) {
         Mode.APPS_SCRIPT -> labelApps
         Mode.GOOGLE_ONLY -> labelGoogle
+        Mode.FULL -> labelFull
     }
     var expanded by remember { mutableStateOf(false) }
 
@@ -762,6 +765,10 @@ private fun ModeDropdown(
                     text = { Text(labelGoogle) },
                     onClick = { onChange(Mode.GOOGLE_ONLY); expanded = false },
                 )
+                DropdownMenuItem(
+                    text = { Text(labelFull) },
+                    onClick = { onChange(Mode.FULL); expanded = false },
+                )
             }
         }
 
@@ -770,6 +777,8 @@ private fun ModeDropdown(
                 "Full DPI bypass through your deployed Apps Script relay."
             Mode.GOOGLE_ONLY ->
                 "Bootstrap: reach *.google.com directly so you can open script.google.com and deploy Code.gs. Non-Google traffic goes direct."
+            Mode.FULL ->
+                "All traffic tunneled end-to-end through Apps Script + remote tunnel node. No certificate needed."
         }
         Text(
             help,
 
@@ -694,21 +694,26 @@ impl eframe::App for App {
             // apps_script.
             section(ui, "Mode", |ui| {
                 form_row(ui, "Mode", Some(
-                    "apps_script: full DPI bypass via your Apps Script relay.\n\
-                     google_only: bootstrap — direct SNI-rewrite tunnel to *.google.com \
-                     only (no relay, no script_id needed). Use this just long enough to \
-                     open https://script.google.com and deploy Code.gs."
+                    "apps_script: DPI bypass via Apps Script relay (needs cert).\n\
+                     full: tunnel ALL traffic through Apps Script + tunnel node (no cert needed).\n\
+                     google_only: bootstrap — direct SNI-rewrite tunnel to *.google.com only."
                 ), |ui| {
                     egui::ComboBox::from_id_source("mode")
                         .selected_text(match self.form.mode.as_str() {
                             "google_only" => "Google-only (bootstrap)",
-                            _ => "Apps Script (full)",
+                            "full" => "Full tunnel (no cert)",
+                            _ => "Apps Script (MITM)",
                         })
                         .show_ui(ui, |ui| {
                             ui.selectable_value(
                                 &mut self.form.mode,
                                 "apps_script".into(),
-                                "Apps Script (full)",
+                                "Apps Script (MITM)",
+                            );
+                            ui.selectable_value(
+                                &mut self.form.mode,
+                                "full".into(),
+                                "Full tunnel (no cert)",
                             );
                             ui.selectable_value(
                                 &mut self.form.mode,
@@ -726,6 +731,15 @@ impl eframe::App for App {
                         .color(OK_GREEN));
                     });
                 }
+                if self.form.mode == "full" {
+                    ui.horizontal(|ui| {
+                        ui.add_space(120.0 + 8.0);
+                        ui.small(egui::RichText::new(
+                            "Full tunnel — all traffic tunneled end-to-end via Apps Script + remote tunnel node. No certificate needed.",
+                        )
+                        .color(OK_GREEN));
+                    });
+                }
             });
 
             let google_only = self.form.mode == "google_only";
 
@@ -22,13 +22,15 @@ pub enum ConfigError {
 pub enum Mode {
     AppsScript,
     GoogleOnly,
+    Full,
 }
 
 impl Mode {
     pub fn as_str(self) -> &'static str {
         match self {
             Mode::AppsScript => "apps_script",
             Mode::GoogleOnly => "google_only",
+            Mode::Full => "full",
         }
     }
 }
@@ -181,7 +183,7 @@ impl Config {
 
     fn validate(&self) -> Result<(), ConfigError> {
         let mode = self.mode_kind()?;
-        if mode == Mode::AppsScript {
+        if mode == Mode::AppsScript || mode == Mode::Full {
             if self.auth_key.trim().is_empty() || self.auth_key == "CHANGE_ME_TO_A_STRONG_SECRET" {
                 return Err(ConfigError::Invalid(
                     "auth_key must be set to a strong secret".into(),
@@ -218,8 +220,9 @@ impl Config {
         match self.mode.as_str() {
             "apps_script" => Ok(Mode::AppsScript),
             "google_only" => Ok(Mode::GoogleOnly),
+            "full" => Ok(Mode::Full),
             other => Err(ConfigError::Invalid(format!(
-                "unknown mode '{}' (expected 'apps_script' or 'google_only')",
+                "unknown mode '{}' (expected 'apps_script', 'google_only', or 'full')",
                 other
             ))),
         }
@@ -310,6 +313,28 @@ mod tests {
         cfg.validate().unwrap();
     }
 
+    #[test]
+    fn parses_full_mode() {
+        let s = r#"{
+            "mode": "full",
+            "auth_key": "MY_SECRET_KEY_123",
+            "script_id": "ABCDEF"
+        }"#;
+        let cfg: Config = serde_json::from_str(s).unwrap();
+        cfg.validate().unwrap();
+        assert_eq!(cfg.mode_kind().unwrap(), Mode::Full);
+    }
+
+    #[test]
+    fn full_mode_requires_script_id() {
+        let s = r#"{
+            "mode": "full",
+            "auth_key": "SECRET"
+        }"#;
+        let cfg: Config = serde_json::from_str(s).unwrap();
+        assert!(cfg.validate().is_err());
+    }
+
     #[test]
     fn rejects_unknown_mode_value() {
         let s = r#"{