fix: resolve 20 bugs found by performance audit

Critical fixes:
- server.rs: BUG-1 — client_count was never incremented, only decremented;
  move count management into handle_client_handshake with fetch_add on connect
  and fetch_sub on disconnect
- server.rs: BUG-6 — wrap every handshake with 10s tokio::time::timeout to
  prevent stalled/malicious connections from leaking tasks indefinitely
- server.rs: BUG-8 — UDP broadcast task was not cancelled on server stop;
  pass CancellationToken and use select! so the UdpSocket is released before
  the next server start (fixes "address already in use" on UDP rebind)
- main.rs: BUG-14 — handle.shutdown() was called without .await; the future
  was dropped immediately, leaving the TcpListener bound across restarts
- main.rs: BUG-2 — _status_rx was immediately dropped, silently discarding
  all disconnect/error events from the client UDP task; spawn forwarding task
- session.rs: BUG-5 — replace rand::thread_rng() with OsRng for session code
  generation; session codes are security credentials

High fixes:
- server.rs: BUG-7 — Mutex was held across all async UDP sends; clone client
  data under lock then release before sending
- server.rs: BUG-16 — add MAX_CLIENTS=10 check before accepting new sessions
- client.rs: BUG-9 — TCP port was hardcoded to 24800 ignoring config; pass
  control_port parameter through connect_to_server
- client.rs: BUG-10 — UDP port was hardcoded to CLIENT_UDP_PORT constant;
  bind to OS-assigned port (0.0.0.0:0) and report actual port to server
- client.rs: BUG-12 — TLS fallback ServerName "InputSync" panicked for IP
  addresses; detect IP with parse::<IpAddr>() and use ServerName::IpAddress
- client.rs: BUG-21 — unbounded std::mpsc::channel for simulator could grow
  without bound; switch to sync_channel(512) with try_send
- capture.rs: BUG-11 — seq counter was incremented before checking whether
  a packet would be emitted; move increment inside the Some(pkt) branch

Medium fixes:
- capture.rs: SMELL-3 — first_move not reset when forwarding re-enabled;
  track was_forwarding and set first_move=true on forwarding transitions
- app.rs: BUG-15 — ctx.set_visuals() was called every frame; move once to
  InputSyncApp::new via cc.egui_ctx
- logs_panel.rs: BUG-19 — remove non-functional Clear/Export buttons that
  egui_logger 0.6 does not support
- settings_panel.rs: BUG-18 — dead zone w_frac/h_frac could exceed screen
  bounds; clamp to (1.0 - x_frac) / (1.0 - y_frac) in the DragValue range
- main.rs: BUG-20 — server_addr in ClientState hardcoded port 24800 instead
  of config.control_port

Note: BUG-13 (AltGr distinction) deferred — enigo 0.2 does not expose
Key::AltGr; requires dependency upgrade tracked for v1.2.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: KaiCreates

src-tauri/src/app.rs

@@ -25,13 +25,15 @@ pub struct InputSyncApp {
 
 impl InputSyncApp {
     pub fn new(
-        _cc: &eframe::CreationContext<'_>,
+        cc: &eframe::CreationContext<'_>,
         cmd_tx: mpsc::UnboundedSender<UiCommand>,
         net_rx: mpsc::UnboundedReceiver<NetEvent>,
         shared: SharedState,
         config: ServerConfig,
         data_dir: PathBuf,
     ) -> Self {
+        // Set dark theme once at startup instead of every frame.
+        cc.egui_ctx.set_visuals(egui::Visuals::dark());
         Self {
             cmd_tx,
             net_rx,
@@ -82,9 +84,6 @@ impl eframe::App for InputSyncApp {
         };
         ctx.request_repaint_after(repaint_delay);
 
-        // Apply dark theme
-        ctx.set_visuals(egui::Visuals::dark());
-
         egui::CentralPanel::default().show(ctx, |ui| {
             crate::ui::show(&mut self.ui, ui, &self.status, &self.cmd_tx, &self.data_dir);
         });

src-tauri/src/core/session.rs

@@ -1,11 +1,13 @@
+use rand::rngs::OsRng;
 use rand::Rng;
 
 const CODE_CHARSET: &[u8] = b"ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
 const CODE_LENGTH: usize = 6;
 
-/// Generate a cryptographically random 6-character alphanumeric session code
+/// Generate a cryptographically random 6-character alphanumeric session code.
+/// Uses OsRng (OS entropy source) — a security credential must not use thread_rng.
 pub fn generate_session_code() -> String {
-    let mut rng = rand::thread_rng();
+    let mut rng = OsRng;
     (0..CODE_LENGTH)
         .map(|_| {
             let idx = rng.gen_range(0..CODE_CHARSET.len());

src-tauri/src/input/capture.rs

@@ -150,6 +150,7 @@ pub fn start_capture(
             let mut last_y: f64 = 0.0;
             let mut first_move = true;
             let mut local_seq: u32 = 0;
+            let mut was_forwarding = false;
 
             let callback = move |event: Event| {
                 if stop_rx.try_recv().is_ok() {
@@ -168,11 +169,19 @@ pub fn start_capture(
                     check_edge_trigger(*x, *y, &config, screen_size, &forwarding);
                 }
 
-                if !forwarding.load(Ordering::Relaxed) {
-                    return;
+                let is_forwarding = forwarding.load(Ordering::Relaxed);
+
+                // Reset mouse baseline when forwarding is re-enabled to avoid a
+                // large delta jump on the client from the cursor position change
+                // that occurred while forwarding was off.
+                if is_forwarding && !was_forwarding {
+                    first_move = true;
                 }
+                was_forwarding = is_forwarding;
 
-                local_seq = local_seq.wrapping_add(1);
+                if !is_forwarding {
+                    return;
+                }
 
                 let packet: Option<InputPacket> = match &event.event_type {
                     EventType::MouseMove { x, y } => {
@@ -233,7 +242,11 @@ pub fn start_capture(
                     }
                 };
 
+                // Only advance seq when a packet is actually emitted.
+                // Advancing it for dropped events (first_move, zero delta, zero wheel)
+                // would create spurious counter gaps on the receiver side.
                 if let Some(pkt) = packet {
+                    local_seq = local_seq.wrapping_add(1);
                     if event_tx.try_send(pkt).is_err() {
                         tracing::trace!("Input queue full — packet dropped");
                     }

src-tauri/src/input/simulation.rs

@@ -123,6 +123,9 @@ fn keycode_to_enigo(kc: KeyCode) -> Option<Key> {
         F7  => Some(Key::F7),  F8  => Some(Key::F8),  F9  => Some(Key::F9),
         F10 => Some(Key::F10), F11 => Some(Key::F11), F12 => Some(Key::F12),
         // Modifiers
+        // Note: enigo 0.2 does not expose Key::AltGr/RControl/RShift separately,
+        // so left and right variants map to the same logical key. AltGr distinction
+        // requires upgrading to a newer enigo release.
         LeftCtrl  | RightCtrl  => Some(Key::Control),
         LeftShift | RightShift => Some(Key::Shift),
         LeftAlt   | RightAlt   => Some(Key::Alt),

src-tauri/src/main.rs

@@ -164,7 +164,7 @@ async fn async_main(
                         Err(e) => {
                             let _ = net_tx
                                 .send(NetEvent::Error(format!("Capture error: {}", e)));
-                            handle.shutdown();
+                            handle.shutdown().await;
                             continue;
                         }
                     };
@@ -212,15 +212,16 @@ async fn async_main(
                 }
 
                 let ssl_enabled = locked.config.ssl_enabled;
+                let control_port = locked.config.control_port;
                 let tls_connector = if ssl_enabled {
                     Some(crate::network::tls::make_tls_connector())
                 } else {
                     None
                 };
 
-                let (status_tx, _status_rx) = mpsc::unbounded_channel::<String>();
+                let (status_tx, mut status_rx) = mpsc::unbounded_channel::<String>();
                 let handle =
-                    match connect_to_server(&ip, &code, status_tx, tls_connector).await {
+                    match connect_to_server(&ip, &code, control_port, status_tx, tls_connector).await {
                         Ok(h) => h,
                         Err(e) => {
                             let _ = net_tx
@@ -231,11 +232,24 @@ async fn async_main(
 
                 locked.client = Some(ClientState {
                     handle,
-                    server_addr: format!("{}:24800", ip),
+                    server_addr: format!("{}:{}", ip, control_port),
                     latency_ms: None,
                     last_error: None,
                 });
 
+                // Forward disconnect events from the client UDP task to the UI.
+                // Without this the receiver is dropped and all status sends silently fail.
+                let net_tx_status = net_tx.clone();
+                let shared_status = shared.clone();
+                tokio::spawn(async move {
+                    while let Some(msg) = status_rx.recv().await {
+                        if msg.starts_with("disconnected") || msg.starts_with("simulator_error") {
+                            shared_status.lock().await.client = None;
+                            let _ = net_tx_status.send(NetEvent::Disconnected);
+                        }
+                    }
+                });
+
                 tracing::info!("Connected to {}", ip);
                 let _ = net_tx.send(NetEvent::Connected);
                 let _ = net_tx.send(NetEvent::StatusUpdate(locked.status()));

src-tauri/src/network/client.rs

@@ -12,8 +12,10 @@ use crate::core::protocol::{
 };
 use crate::input::simulation::InputSimulator;
 
-pub const CLIENT_UDP_PORT: u16 = 24802;
 const COUNTER_WINDOW: u64 = 64;
+/// Bounded simulator channel capacity — drops old packets when the
+/// simulator thread falls behind, preventing unbounded heap growth.
+const SIM_CHANNEL_CAP: usize = 512;
 
 pub struct ClientHandle {
     shutdown_tx: oneshot::Sender<()>,
@@ -28,16 +30,28 @@ impl ClientHandle {
 pub async fn connect_to_server(
     server_host: &str,
     session_code: &str,
+    control_port: u16,
     status_tx: mpsc::UnboundedSender<String>,
     tls_connector: Option<tokio_rustls::TlsConnector>,
 ) -> Result<ClientHandle> {
-    let server_tcp_addr = format!("{}:24800", server_host);
+    let server_tcp_addr = format!("{}:{}", server_host, control_port);
     let tcp_stream = TcpStream::connect(&server_tcp_addr).await?;
     tracing::info!("TCP connected to {}", server_tcp_addr);
 
     if let Some(connector) = tls_connector {
-        let server_name = rustls::pki_types::ServerName::try_from(server_host.to_string())
-            .unwrap_or_else(|_| rustls::pki_types::ServerName::try_from("InputSync").unwrap());
+        // Handle both IP addresses and DNS hostnames.
+        // AcceptAnyCert ignores the server name for validation, but rustls
+        // still requires a syntactically valid ServerName.
+        let server_name = server_host
+            .parse::<std::net::IpAddr>()
+            .map(|ip| rustls::pki_types::ServerName::IpAddress(ip.into()))
+            .unwrap_or_else(|_| {
+                rustls::pki_types::ServerName::try_from(server_host.to_string())
+                    .unwrap_or_else(|_| {
+                        rustls::pki_types::ServerName::try_from("inputsync.local")
+                            .expect("inputsync.local is a valid DNS name")
+                    })
+            });
         let tls_stream = connector.connect(server_name, tcp_stream).await?;
         tracing::info!("TLS handshake complete");
         do_handshake_and_run(tls_stream, session_code, status_tx).await
@@ -94,8 +108,12 @@ where
     stream.write_u8(HS_NONCE_EXCHANGE).await?;
     stream.write_all(&client_base_nonce).await?;
 
-    // Step 5: Send UDP listen port
-    stream.write_u16(CLIENT_UDP_PORT).await?;
+    // Step 5: Bind UDP to OS-assigned port (port 0) to avoid hardcoded port
+    // conflicts when two clients run on the same machine. Report actual port
+    // to the server so it knows where to send events.
+    let udp_socket = Arc::new(UdpSocket::bind("0.0.0.0:0").await?);
+    let actual_udp_port = udp_socket.local_addr()?.port();
+    stream.write_u16(actual_udp_port).await?;
     stream.flush().await?;
 
     let combined_nonce = combine_nonces(&server_base_nonce, &client_base_nonce);
@@ -106,15 +124,15 @@ where
         bail!("Server did not acknowledge: 0x{:02X}", ack);
     }
 
-    tracing::info!("Handshake complete — session established.");
+    tracing::info!("Handshake complete — session established. UDP port: {}", actual_udp_port);
     let _ = status_tx.send("connected".to_string());
 
-    // ── UDP receive socket ───────────────────────────────────────────────
-    let udp_socket = Arc::new(UdpSocket::bind(format!("0.0.0.0:{}", CLIENT_UDP_PORT)).await?);
     let (shutdown_tx, mut shutdown_rx) = oneshot::channel::<()>();
 
     // ── Simulator thread ─────────────────────────────────────────────────
-    let (sim_tx, sim_rx) = std::sync::mpsc::channel::<Vec<u8>>();
+    // Bounded sync_channel prevents heap growth when simulator falls behind.
+    // The async UDP task uses try_send to avoid blocking the executor.
+    let (sim_tx, sim_rx) = std::sync::mpsc::sync_channel::<Vec<u8>>(SIM_CHANNEL_CAP);
     let status_sim = status_tx.clone();
     std::thread::Builder::new()
         .name("inputsync-simulator".into())
@@ -181,7 +199,10 @@ where
                                             matched - current
                                         );
                                     }
-                                    let _ = sim_tx.send(plain);
+                                    // try_send: discard packet if simulator is backed up
+                                    if sim_tx.try_send(plain).is_err() {
+                                        tracing::trace!("Simulator queue full — packet dropped");
+                                    }
                                 }
                                 None => {
                                     tracing::warn!(