muc111
diff --git a/‎Cargo.lock‎
Lines changed: 88 additions & 1 deletion b/‎Cargo.lock‎
Lines changed: 88 additions & 1 deletion
diff --git a/‎Cargo.toml‎
Lines changed: 5 additions & 2 deletions b/‎Cargo.toml‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎README.md‎
Lines changed: 52 additions & 28 deletions b/‎README.md‎
Lines changed: 52 additions & 28 deletions
@@ -1,10 +1,13 @@
 [package]
 name = "i2p-ephemeral"
-version = "0.1.0"
+version = "0.2.0"
 edition = "2021"
 
 [dependencies]
 yosemite = "0.6.3"
 tokio = { version = "1", features = ["full"] }
 anyhow = "1.0"
-rand = "0.8"
+rand = "0.8"
+dashmap = "5"
+tracing = "0.1"
+tracing-subscriber = "0.3"
@@ -2,62 +2,86 @@
 
 An ephemeral I2P proxy daemon written in Rust, designed to run on Android via **Termux**.
 
-Each request to an `.i2p` site generates a **fresh EdDSA (Sig=7) identity and keypair** via the I2P SAM bridge. On completion, the session is destroyed and keys are wiped — leaving no persistent identity linkable across requests.
+Each unique `.i2p` destination you visit receives a **fresh EdDSA (Sig=7) identity and keypair** via the I2P SAM bridge. The identity is cached and reused for all subsequent requests to that same site during your browsing session. After **300 seconds** of inactivity, the session is destroyed and keys are wiped—ensuring no persistent identity is linkable across different sites.
+
+## Why per‑destination instead of per‑request?
+
+Earlier versions created a new tunnel for every single HTTP request (images, CSS, scripts), which risked flooding the I2P network with excessive tunnel builds. The current **per‑destination caching** approach:
+
+- Builds **one tunnel per website** (e.g., `forum.i2p`), reused for all assets on that page.
+- Maintains strong cross‑site unlinkability (different sites see different identities).
+- Dramatically reduces network overhead and respects I2P's shared infrastructure.
 
 ## How it works
 
 ```
+
 Browser -> 127.0.0.1:8080 -> i2p-ephemeral -> SAM bridge -> .i2p destination
+
 ```
 
-- Opens a SAM session (via yosemite crate) with a newly generated transient identity per request
-- Resolves the .i2p destination, connects, and proxies the response
-- Destroys the session and wipes keys immediately on completion
-- Max 2 concurrent sessions with a 2s throttle between accepts
+- **First request** to a `.i2p` domain: generates a new transient EdDSA identity via SAM.
+- **Subsequent requests** to the same domain reuse the cached session (no new tunnel build).
+- **Idle sessions** are automatically destroyed after **300 seconds** (configurable) and keys are wiped.
+- Up to **20 concurrent cached sessions** (LRU eviction) and **10 simultaneous connections**.
+- Throttles requests (500ms delay) to prevent accidental bursts.
 
 ## Requirements
 
 - Termux on Android
-- I2P router running with SAM bridge enabled (default 127.0.0.1:7656)
-- Rust toolchain: pkg install rust
+- I2P router running with SAM bridge enabled (default `127.0.0.1:7656`)
+- Rust toolchain: `pkg install rust`
 
 ## Build
 
 ```bash
 cargo build --release
 ```
 
-## Run
+Run
 
 ```bash
 ./target/release/i2p-ephemeral
 ```
 
-Set your browser proxy to **127.0.0.1:8080** and browse .i2p sites normally.
+Set your browser's HTTP proxy to 127.0.0.1:8080 and browse .i2p sites normally.
+
+Privacy & Network Impact
 
-## Privacy model
+Property Status
+Fresh identity per destination Yes
+No persistent keypair on disk Yes
+Keys wiped after idle timeout Yes (300s)
+No cross‑site linkability Yes
+EdDSA Sig=7 (I2P standard) Yes
+Network‑friendly (per‑site tunnels) Yes
 
-| Property | Status |
-|---|---|
-| Fresh identity per request | Yes |
-| No persistent keypair on disk | Yes |
-| Keys wiped after session | Yes |
-| No cross-request linkability | Yes |
-| EdDSA Sig=7 (I2P standard) | Yes |
+Configuration
 
-## Dependencies
+Adjust the following constants in src/main.rs to suit your needs:
 
-| Crate | Purpose |
-|---|---|
-| yosemite | I2P SAM bridge client |
-| tokio | Async runtime |
-| anyhow | Error handling |
-| rand | Identity name generation |
+Constant Default Description
+SESSION_IDLE_TIMEOUT_SECS 300 Seconds before an unused session is evicted
+MAX_CACHED_SESSIONS 20 Maximum number of distinct sites cached
+MAX_CONCURRENT 10 Maximum simultaneous client connections
+REQUEST_THROTTLE_MS 500 Delay between accepting connections
+
+Rebuild after changes:
+
+```bash
+cargo build --release
+```
 
-## License
+Dependencies
 
-MIT
+Crate Purpose
+yosemite I2P SAM bridge client
+tokio Async runtime
+anyhow Error handling
+rand Identity name generation
+dashmap Concurrent session cache
+tracing Structured logging
 
----
+License
 
-> Part of a broader personal privacy toolchain. See also: [OTRv4Plus](https://github.com/muc111/OTRv4Plus)
+MIT