root
1ad8de32f2
Adds a small, well-tested package that: - Queries /api/v1/repos/root/drover-go/releases/latest (404 = no updates, not an error). - Compares the published tag against the running Version using golang.org/x/mod/semver, so v0.1.0-rc.2 < v0.1.0. "dev" or any semver-invalid current version is treated as "always update". - Downloads the windows-amd64 asset + SHA256SUMS.txt, verifies the sha256 of the binary against its line in the sums file (tolerates the asterisk binary-mode prefix), and atomically swaps the running exe via github.com/minio/selfupdate. - Uses a 15s connect timeout with no overall request deadline, so large asset downloads aren't truncated. - Reports progress via an optional callback. Public surface: Source interface + ForgejoSource implementation, CheckForUpdate, ApplyUpdate, SetVersion. No GUI/cobra/Wails imports in the package, so the same code is reusable from the CLI, the Windows service, and the future tray UI. Wires the package into "drover update" / "drover update --check-only" in cmd/drover/main.go. --check-only exits 0 whether or not an update is available; only network/sha/apply errors are non-zero. Tests cover CheckForUpdate (table-driven incl. semver pre-release ordering, dev fallthrough, source errors), parseSHA256Sums (text and binary modes, CRLF, malformed lines, missing entries), ForgejoSource.Latest (httptest with canned JSON, 404, 500, missing asset, missing SHA256SUMS), and downloadAndVerify (success, sha mismatch, HTTP 404, context cancellation). All run with -race. Smoke-tested manually: built drover.exe and "drover update --check-only" against git.okcu.io prints "No updates available" and exits 0 (no releases yet). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Drover-Go
Discord proxy / DPI bypass tool. Routes Discord traffic through a SOCKS5 proxy via kernel-level packet capture (WinDivert), bypassing the limitations of in-app proxy settings and surviving Discord auto-updates.
What it solves
Discord doesn't support proxies for voice/video traffic. Existing DLL-injection tools (drover, discord-voice-proxy) modify Discord.exe, which:
- triggers antivirus heuristics (unsigned DLL injecting into a popular app),
- breaks every time Discord auto-updates,
- doesn't proxy
Update.exeitself, so the updater fails when Discord servers are blocked.
Drover-Go uses WinDivert — a Microsoft-signed kernel driver — to capture packets at the network stack level. No modification of Discord, works for any Discord variant (Stable/Canary/PTB/Vesktop), survives auto-updates, minimal AV detection.
Status
Pre-alpha. See implementation plan for details.
How it works
Discord.exe (unmodified)
↓ TCP/UDP
WinDivert.sys (kernel filter)
↓ matched packets
drover.exe (Go)
├── TCP redirect to local SOCKS5 listener → SOCKS5 CONNECT → upstream proxy
└── UDP encapsulation (RFC 1928) → SOCKS5 UDP ASSOCIATE → upstream proxy
For UDP voice that's blocked even via SOCKS5 (DPI on the proxy's TCP control channel), drover-go injects a fake QUIC initial packet (à la zapret-discord-youtube) before forwarding — DPI sees "QUIC to Google" instead of Discord media.
Requirements
- Windows 10 1903+ or Windows 11 (x64). ARM64 not supported by WinDivert.
- Administrator privileges for first run (driver install).
- Upstream SOCKS5 proxy with UDP ASSOCIATE support (e.g.
mihomo,sing-box).
Install
Download the latest release from releases:
drover-vX.Y.Z-setup.exe— installer with Start Menu shortcut, registers in Apps & Features for clean uninstall.drover-vX.Y.Z-windows-amd64.zip— portable, just unzip and run.
Verify SHA256 against SHA256SUMS.txt in the same release.
License
MIT for our code. WinDivert (embedded) is LGPL-3.0.
Acknowledgements
- imgk/divert-go — Go bindings for WinDivert
- imgk/shadow — transparent proxy reference architecture
- runetfreedom/force-proxy — SOCKS5 UDP ASSOCIATE flow reference
- Flowseal/zapret-discord-youtube — fake QUIC payload
- basil00/WinDivert — kernel packet capture driver