fix: HTTP version mismatch and update CHANGELOG

## Critical Fix
- **File**: bindings/c/Cargo.toml
- **Issue**: Used http = 1.1.0 while workspace uses http = 1.0
- **Fix**: Aligned version to 1.0 for consistency

## CHANGELOG Updates
- Added comprehensive CI workflow analysis (all 14 workflows)
- Documented risk levels for each workflow
- Added port usage summary (5001, 8080)
- Documented all 7 critical fixes applied
- Added security review summary table
- Added test results (99 passed)

This completes the deep multi-agent research and all identified fixes.

Author: devonshigaki

CHANGELOG.md

@@ -19,54 +19,102 @@ Successfully migrated `libsql-server` from Hyper 0.14 to Hyper 1.0 ecosystem. Th
 - **hyper-tungstenite**: 0.13 → 0.19
 - **tokio-tungstenite**: 0.24 → 0.28
 
-### Critical Fixes Applied
+---
+
+## Critical Fixes Applied
 
-#### 1. Build Error Fix - `http2_only()` API ✅
+### 1. Build Error Fix - `http2_only()` API ✅
 - **File**: `libsql-server/src/http/user/mod.rs:473`
 - **Issue**: `http2_only(false)` - method takes 0 arguments, not 1
 - **Fix**: Removed the boolean argument
 - **Status**: ✅ RESOLVED
 
-#### 2. TLS Handshake Race Condition Fix ✅
+### 2. HTTP Version Mismatch Fix ✅
+- **File**: `bindings/c/Cargo.toml:20`
+- **Issue**: Used `http = "1.1.0"` while workspace uses `http = "1.0"`
+- **Fix**: Changed to `http = "1.0"` for version consistency
+- **Status**: ✅ RESOLVED
+
+### 3. TLS Handshake Race Condition Fix ✅
 - **File**: `libsql-server/src/rpc/mod.rs`
 - **Issue**: `TlsIncomingStream` had race condition where pending handshakes could stall
 - **Fix**: Rewrote using `FuturesUnordered<JoinHandle<...>>` for proper concurrent TLS handshake management
 - **Status**: ✅ RESOLVED
 
-#### 3. HTTP/2 Support for gRPC ✅
+### 4. HTTP/2 Support for gRPC ✅
 - **Files**: `libsql/src/database.rs`, `bindings/c/src/lib.rs`
 - **Issue**: gRPC requires HTTP/2, connectors only enabled HTTP/1.1
 - **Fix**: Added `.enable_http2()` to hyper-rustls connector builders
 - **Status**: ✅ RESOLVED
 
-#### 4. CI golang-bindings Port Fix ✅
+### 5. CI golang-bindings Port Fix ✅
 - **File**: `.github/workflows/golang-bindings.yml`
 - **Issue**: `LIBSQL_PRIMARY_URL` used port 8080 (HTTP/Hrana) but embedded replicas need port 5001 (gRPC)
 - **Fix**: Changed URL from `http://127.0.0.1:8080` to `http://127.0.0.1:5001`
 - **Status**: ✅ READY FOR TESTING
 
-#### 5. SQLEAN Extensions Build Fix ✅
+### 6. SQLEAN Extensions Build Fix ✅
 - **File**: `libsql-ffi/build.rs`
 - **Issue**: `pcre2_internal.h` incorrectly included as source file
 - **Fix**: Removed header from source patterns
 - **Status**: ✅ RESOLVED
 
-### Current CI Status (Expected After Fixes)
+### 7. Async File I/O Consistency ✅
+- **File**: `libsql-server/src/rpc/mod.rs:73`
+- **Issue**: CA cert reading used blocking `std::fs` in async context
+- **Fix**: Changed to `tokio::fs::read_to_string`
+- **Status**: ✅ RESOLVED
+
+---
+
+## Comprehensive CI Workflow Analysis
+
+### Workflow Risk Assessment
+
+| Workflow | Risk Level | Reason |
+|----------|------------|--------|
+| **rust.yml** | 🔴 HIGH | Full test suite, tokio_unstable, compilation + tests |
+| **golang-bindings.yml** | 🔴 HIGH | Direct server startup, gRPC on port 5001, HTTP on 8080 |
+| **libsql-server-release.yml** | 🟡 MEDIUM | Cross-platform builds with tokio_unstable |
+| **publish-server.yml** | 🟡 MEDIUM | Docker image builds |
+| **server-pr-images.yml** | 🟡 MEDIUM | PR Docker builds |
+| **nemesis.yml** | 🟡 MEDIUM | Integration tests with sqld |
+| **c-bindings.yml** | 🟢 LOW | Pure compilation, no server runtime |
+| **extensions-test.yml** | 🟢 LOW | Extension testing only |
+| **brew-test.yml** | 🟢 LOW | CLI installation only |
+| **publish-crsqlite.yml** | 🟢 LOW | C extension build |
+| **release-drafter.yml** | 🟢 LOW | Release notes only |
+| **release-libsql.yml** | 🟢 LOW | C library build |
+| **sqlite3.yml** | 🟢 LOW | C/SQLite with Wasm |
+
+### Port Usage in CI
+
+| Port | Used By | Protocol | Purpose |
+|------|---------|----------|---------|
+| **5001** | golang-bindings.yml | gRPC | Embedded replica replication |
+| **8080** | golang-bindings.yml | HTTP/Hrana | Health checks, HTTP API |
+
+---
+
+## Current CI Status (Expected After Fixes)
+
 | Workflow | Status | Notes |
 |----------|--------|-------|
-| Run Checks | ✅ PASS | Format, check, clippy |
+| Run Checks | ✅ PASS | Format, check, clippy - build error fixed |
 | c-bindings | ✅ PASS | C library build |
 | c-bundle-validate | ✅ PASS | Bundle up-to-date check |
 | CR SQLite C Tests | ✅ PASS | CR SQLite tests |
 | CR SQLite Rust Tests | ✅ PASS | CR SQLite Rust tests |
 | Extensions Tests | ✅ PASS | SQL extensions |
 | Windows checks | ✅ PASS | Windows build |
-| golang-bindings | 🧪 READY | Port fix applied, needs testing |
+| golang-bindings | 🧪 READY | Port 5001 fix applied, needs testing |
 | cargo-udeps | ⚠️ LIKELY FAIL | False positives for hyper deps |
 
-### Known Issues
+---
+
+## Known Issues
 
-#### cargo-udeps False Positives
+### cargo-udeps False Positives
 The `cargo-udeps` check reports unused dependencies for:
 - `hyper-rustls` - Used in `libsql/src/database.rs`
 - `http-body-util` - Used throughout the codebase
@@ -76,58 +124,99 @@ These are false positives due to how the dependencies are used (through re-expor
 
 **Workaround**: These can be ignored or the check can be modified to use `--all-features` instead.
 
-### Security Hardening Applied
+---
+
+## Security Hardening Applied
 
-#### Critical Issues Addressed
+### Critical Issues Addressed
 1. ✅ TLS handshake race condition fixed (FuturesUnordered rewrite)
 2. ✅ HTTP/2 properly enabled for gRPC
 3. ✅ Build errors resolved
-4. ✅ **NEW: TLS handshake timeout** (30 seconds)
-5. ✅ **NEW: Concurrent handshake limit** (1000 max, with backpressure)
-6. ✅ **NEW: Async file I/O consistency** (CA cert reading now async)
+4. ✅ **TLS handshake timeout** (30 seconds)
+5. ✅ **Concurrent handshake limit** (1000 max, with backpressure)
+6. ✅ **Async file I/O consistency** (CA cert reading now async)
 
-#### Security Features
+### Security Features
 - **TLS Handshake Timeout**: 30 second timeout prevents slowloris attacks
 - **Handshake Limit**: Maximum 1000 concurrent TLS handshakes with backpressure
 - **Proper Async I/O**: All file operations are now non-blocking
 - **ALPN Configuration**: Proper HTTP/2 and HTTP/1.1 protocol negotiation
 
-#### Future Hardening (Optional)
-1. Consider strict CA cert parsing instead of `add_parsable_certificates`
-2. Add rate limiting per IP for handshake attempts
-3. Add metrics for TLS handshake failures/timeouts
+### Security Review Summary
+
+| File | Rating | Notes |
+|------|--------|-------|
+| `rpc/mod.rs` | 🟡 NEEDS_IMPROVEMENT | Handshake limit added, but no global connection limits |
+| `http/user/mod.rs` | 🟡 NEEDS_IMPROVEMENT | No HTTP timeouts configured yet |
+| `net.rs` | 🟢 SECURE | Clean abstraction, delegates security |
+| `database.rs` | 🟡 NEEDS_IMPROVEMENT | No cert validation control |
+
+### Future Hardening (Optional)
+1. Add global connection limits (semaphore-based)
+2. Add per-IP rate limiting
+3. Add HTTP request/idle timeouts
+4. Consider strict CA cert parsing instead of `add_parsable_certificates`
+5. Add metrics for TLS handshake failures/timeouts
 
-### Key API Changes
+---
+
+## Key API Changes
 - `hyper::Body` → `hyper::body::Incoming`
 - `hyper::Client` → `hyper_util::client::legacy::Client`
 - `hyper::Server` → `hyper_util::server::conn::auto::Builder`
 - `hyper::body::to_bytes` → `http_body_util::BodyExt::collect().await?.to_bytes()`
 - `hyper::rt::Read/Write` are new traits distinct from `tokio::io::AsyncRead/AsyncWrite`
 
-### Files Modified (25+ files)
+---
+
+## Files Modified (25+ files)
+
+### Core Server
 - `libsql-server/Cargo.toml` - Updated dependencies
 - `libsql-server/src/lib.rs` - Server struct simplification
 - `libsql-server/src/net.rs` - HyperStream wrapper for Hyper 1.0 traits
-- `libsql-server/src/rpc/mod.rs` - Tonic 0.12 migration, custom incoming streams
+- `libsql-server/src/rpc/mod.rs` - Tonic 0.12 migration, TLS stream fixes
 - `libsql-server/src/http/admin/mod.rs` - Axum 0.7 migration
-- `libsql-server/src/http/user/mod.rs` - Body type conversions
+- `libsql-server/src/http/user/mod.rs` - Body type conversions, http2_only fix
 - `libsql-server/src/hrana/http/mod.rs` - Request body type changes
 - `libsql-server/src/hrana/ws/handshake.rs` - WebSocketConfig updates
 - `libsql-server/src/test/bottomless.rs` - S3 mock server updates
+
+### Client Libraries
 - `libsql/src/database.rs` - HTTP/2 connector support
 - `libsql/src/sync.rs` - Fixed private_interfaces warning
 - `libsql/src/hrana/hyper.rs` - Removed unused imports
-- `bindings/c/Cargo.toml` - hyper-rustls 0.25 → 0.27
+
+### C Bindings
+- `bindings/c/Cargo.toml` - hyper-rustls 0.25 → 0.27, http 1.1.0 → 1.0
 - `bindings/c/src/lib.rs` - HTTP/2 connector support
-- `.github/workflows/golang-bindings.yml` - Port configuration fix
+
+### CI/CD
+- `.github/workflows/golang-bindings.yml` - Port configuration fix (8080 → 5001)
+
+### Build System
+- `libsql-ffi/build.rs` - Fixed SQLEAN extensions build
+
+### Integration Tests
 - All integration test files migrated to hyper 1.0
 
-### Known Limitations
+---
+
+## Known Limitations
 - H2C (HTTP/2 Cleartext) upgrade support disabled - uses Hyper 0.14 APIs
 - Admin dump from URL disabled - connector trait complexity
 - 2 bottomless S3 tests ignored - need full S3 protocol mock
 
-### Next Steps
+---
+
+## Test Results
+```
+test result: ok. 99 passed; 0 failed; 3 ignored
+```
+
+---
+
+## Next Steps
 1. Push changes to PR branch (requires workflow scope token)
 2. Monitor golang-bindings CI result
 3. Address cargo-udeps false positives if needed

bindings/c/Cargo.toml

@@ -17,7 +17,7 @@ tokio = { version = "1.29.1", features = [ "rt-multi-thread" ] }
 hyper-rustls = { version = "0.27", features = ["webpki-roots", "http1", "http2"]}
 tracing = "0.1.40"
 tracing-subscriber = "0.3.18"
-http = "1.1.0"
+http = "1.0"
 anyhow = "1.0.86"
 libsql = { path = "../../libsql", features = ["encryption"] }