VPNht · wallydz · Feb 21, 2026 · Feb 21, 2026 · Feb 21, 2026 · Feb 21, 2026
diff --git a/PRs/10_kill_switch.md b/PRs/10_kill_switch.md
@@ -0,0 +1,56 @@
+# PR #10: Kill Switch
+
+## Summary
+Implements a **Kill Switch** to block all non-VPN traffic when the VPN disconnects. Platform-specific implementations:
+- **Linux**: `iptables` (DROP non-VPN traffic).
+- **Windows**: Placeholder for WFP.
+- **macOS**: Placeholder for `pf`.
+
+## Changes
+
+### Backend (`src-tauri/`)
+- **`src/killswitch.rs`**: Core Kill Switch logic.
+  - `enable()` / `disable()`: Manage firewall rules.
+  - `on_vpn_disconnect()`: Block traffic on VPN drop.
+- **`src/commands/killswitch.rs`**: IPC commands.
+  - `enable_killswitch()` / `disable_killswitch()`.
+- **`src/main.rs`**: Integrate Kill Switch into Tauri app.
+  - Initialize Kill Switch on startup.
+  - Register commands.
+
+### Frontend (`src/`)
+- **`src/utils/killswitch.ts`**: Frontend API.
+  - `enableKillSwitch()` / `disableKillSwitch()`.
+- **`src/pages/Settings.tsx`**: UI toggle.
+  - Toggle in Connection settings.
+  - Toast notifications for success/error.
+
+## Testing
+
+### Linux
+1. Enable Kill Switch in UI.
+2. Verify `iptables` rules:
+   ```bash
+   sudo iptables -L -n -v | grep vpnht
+   ```
+   **Expected**:
+   ```
+   DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match ! 0xca6c
+   ```
+3. Disable Kill Switch and verify rules are removed.
+
+### Windows/macOS
+- Placeholder implementations (log warnings).
+- Ready for platform-specific PRs.
+
+## Security Notes
+- **Linux**: Requires `sudo` (handled by `iptables`).
+- **Windows**: Uses Windows Filtering Platform (WFP).
+- **macOS**: Uses Packet Filter (`pf`).
+
+## Files Changed
+- `src-tauri/src/killswitch.rs`
+- `src-tauri/src/commands/killswitch.rs`
+- `src-tauri/src/main.rs`
+- `src/utils/killswitch.ts`
+- `src/pages/Settings.tsx`
diff --git a/PRs/11_logging.md b/PRs/11_logging.md
@@ -0,0 +1,23 @@
+# PR #11: Structured Logging
+
+## Summary
+Adds structured logging with `tracing` + `tracing-subscriber`. Logs are JSON-formatted, rotated daily, and written to the app's log directory.
+
+## Changes
+
+### Backend (`src-tauri/`)
+- **`src/logging.rs`**: Logging initialization.
+  - JSON file output with daily rotation via `tracing-appender`.
+  - Pretty stderr output for development.
+  - Environment-based filter (`RUST_LOG` or default `info,vpnht=debug`).
+  - Includes thread IDs, file/line numbers, and targets.
+- **`src/main.rs`**: Calls `logging::init_logging()` on app setup (release builds only).
+
+## Log Location
+- Linux: `~/.local/share/com.vpnht.desktop/logs/vpnht.log`
+- macOS: `~/Library/Logs/com.vpnht.desktop/vpnht.log`
+- Windows: `%APPDATA%/com.vpnht.desktop/logs/vpnht.log`
+
+## Files Changed
+- `src-tauri/src/logging.rs` (new)
+- `src-tauri/src/main.rs` (modified)
diff --git a/PRs/12_latency.md b/PRs/12_latency.md
@@ -0,0 +1,20 @@
+# PR #12: Real Latency Measurement
+
+## Summary
+Replaces placeholder latency logic with real TCP-based latency measurement. Supports single-sample and median-of-N measurement modes.
+
+## Changes
+
+### Backend (`src-tauri/`)
+- **`src/latency.rs`**: Real latency measurement.
+  - `measure_tcp_latency()`: TCP connect timing to `host:port` with configurable timeout.
+  - `measure_latency_median()`: Multiple samples with median calculation for accuracy.
+  - Structured tracing for all measurements (success and failure).
+
+## How It Works
+1. Opens a TCP connection to the server's WireGuard port.
+2. Measures the time from `connect()` to established connection.
+3. For median mode, takes N samples and returns the middle value.
+
+## Files Changed
+- `src-tauri/src/latency.rs` (new)
diff --git a/PRs/13_network_monitoring.md b/PRs/13_network_monitoring.md
@@ -0,0 +1,20 @@
+# PR #13: Network Monitoring
+
+## Summary
+Adds network monitoring utilities to detect connectivity status and VPN tunnel presence.
+
+## Changes
+
+### Backend (`src-tauri/`)
+- **`src/network.rs`**: Network monitoring module.
+  - `get_default_interface()`: Detects default network route via UDP socket.
+  - `is_vpn_interface_active()`: Checks for `tun*`/`wg*` interfaces on Linux.
+  - `check_network_status()`: Returns combined `NetworkStatus` (connected, vpn_active, default_ip).
+  - `NetworkInterface` and `NetworkStatus` structs (serializable).
+
+## Platform Support
+- **Linux**: Full support (reads `/sys/class/net`).
+- **Windows/macOS**: Placeholder with warning logs.
+
+## Files Changed
+- `src-tauri/src/network.rs` (new)