Chore/bisect #3
Open
Chore/bisect #3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add complete TypeScript/Zod schema definitions for all API models - Implement OpenAPI 3.1 specification generation with Swagger UI - Set up Bun runtime environment with TypeScript support - Add comprehensive API documentation and integration guides - Configure ESLint for TypeScript with strict validation rules - Create example validation scripts and development workflows - Establish schema compatibility between Rust backend and TypeScript API - Add documentation index with complete guide references - Implement automated OpenAPI schema generation from Zod schemas
Restores the full 1,241 lines of critical infrastructure documentation that was accidentally truncated to just the header section. Content includes: - Complete architecture overview with mermaid diagrams - Network addressing schemas - Physical infrastructure setup procedures - Hypervisor layer configuration (NIC, SR-IOV, LACP, OVS) - VyOS VM deployment using mkosi and systemd-vmspawn - WireGuard control plane configuration - Complete bash scripts for infrastructure automation Restored from commit 8467274 which has correct markdown formatting (```bash without spaces) instead of the bad formatting introduced in later commits (``` bash with spaces). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Restores README.md from commit 8467274 which has correct markdown formatting (```bash without spaces) instead of the bad formatting introduced in later commits (``` bash with spaces). All documentation sections are preserved: - Testing with VyOS Lab Environment - Complete Documentation section with all guide links - Examples section for TypeScript validation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Adds back Rust/Cargo-specific comments and patterns from the initial commit while maintaining the clean, deduplicated structure: - Rust/Cargo section with explanatory comments about Cargo.lock - Rust-specific patterns: debug/, target/, **/*.rs.bk, *.pdb - Maintains comprehensive coverage of Bun, Node.js, TypeScript, IDE, OS-specific files, environment variables, debug, testing, and logs Removes duplicate entries that were present in the main branch. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Restores PLAN.md and docs/vyos-test-lab-setup.md from commit 8467274 which has correct markdown formatting: - Single space after bullets (- item) instead of triple (-) - Single space after numbered lists (1. item) instead of double (1. ) - No extra blank lines after headers All substantive content is preserved, only formatting corrected. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
There was a problem hiding this comment.
Pull Request Overview
This PR adds a comprehensive VyOS test lab infrastructure with Docker-based deployment scripts, network configuration, and integration documentation for the bbctl CLI. The changes primarily introduce new test infrastructure files and documentation to support multi-tenant networking scenarios.
Key Changes
- Added Docker-based VyOS test lab setup with automated provisioning scripts
- Introduced network configuration files for L3VPN/EVPN, WireGuard, and OSPF
- Added comprehensive documentation for VyOS networking and test lab setup
- Created TypeScript schema definitions and OpenAPI integration files
Reviewed Changes
Copilot reviewed 57 out of 61 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| tests/vyos-lab/setup-lab.sh | Main orchestration script for VyOS lab deployment with router configuration |
| tests/vyos-lab/scripts/*.sh | Individual setup scripts for base infrastructure, containers, L3VPN, and WireGuard |
| tests/vyos-lab/README.md | Documentation for the VyOS test lab environment |
| docs/vyos-*.md | Comprehensive networking architecture and test lab documentation |
| src/main.rs | Added TestVyOS command for connectivity testing |
| schema.ts | TypeScript/Zod schemas for API validation |
| package.json | Added npm scripts and dependencies for TypeScript tooling |
Comments suppressed due to low confidence (6)
src/main.rs:1
- The TestVyOS command destructuring pattern is missing several fields that are defined in the command struct (password, key_path, api_key). This will cause a compilation error. Include all fields in the destructuring pattern or use
..to ignore unused fields.
src/main.rs:1 - [nitpick] The default host IP '5.254.54.3' appears to be a public IP address that may not be appropriate as a default value. Consider using 'localhost' or a more generic local IP address as the default.
tests/vyos-lab/setup-lab.sh:1 - The script references ${SCRIPT_DIR}/scripts/ but SCRIPT_DIR is defined relative to the current script location. The scripts directory should exist at ${SCRIPT_DIR}/scripts/, but the actual scripts are in a sibling 'scripts' directory based on the file structure. This path should be verified or corrected.
tests/vyos-lab/scripts/setup-base.sh:1 - Hardcoded interface name 'eth0' may not exist on all systems. Consider detecting the default route interface dynamically using
ip route show default | awk '{print $5}'or making it configurable.
tests/vyos-lab/scripts/configure-wireguard.sh:1 - The regex pattern for extracting the WireGuard private key expects exactly 43 characters, but WireGuard keys are base64-encoded 32-byte values resulting in 44 characters (including padding). The pattern should be
[A-Za-z0-9+/=]\{44\}to correctly match WireGuard keys.
tests/vyos-lab/scripts/setup-vyos-container.sh:1 - The encrypted password hash is exposed in plain text in the configuration script. While this is a test environment, it's better practice to generate unique passwords per deployment or document that this is the hash for the default 'vyos' password.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
schema.ts
Outdated
| provider: ProviderTypeEnum, | ||
| providerId: z.string(), | ||
| region: z.string(), | ||
| cidr: z.string().regex(/^([0-9]{1,3}\.){3}[0-9]{1,3}\/[0-9]{1,2}$/), |
There was a problem hiding this comment.
The CIDR regex validation only checks the format but doesn't validate that octets are in the valid range (0-255) or that the prefix length is valid (0-32 for IPv4). Consider using a more robust validation or IP validation library to prevent invalid CIDR blocks like '999.999.999.999/99'.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 57 out of 61 changed files in this pull request and generated 2 comments.
Comments suppressed due to low confidence (8)
vyos-lab/setup-network.sh:1
- The hardcoded absolute path
/home/bodnar/vyos-labmakes this script non-portable. Use$(dirname "$0")or a relative path to make the script work for other users and environments.
vyos-lab/mkosi.default:1 - Hardcoded path contains a specific username 'bodnar'. This should use a relative path or environment variable to ensure portability across different user environments.
tests/vyos-lab/setup-lab.sh:1 - The default host IP
5.254.54.3appears to be a public IP address. For a test lab, consider using private IP ranges (e.g., 192.168.x.x or 10.x.x.x) to avoid potential conflicts with real public IPs.
tests/vyos-lab/scripts/setup-base.sh:1 - The script assumes network interface
eth0exists. Modern systems may use different interface naming schemes (e.g., ens33, enp0s3). Consider detecting the default interface dynamically or documenting this assumption.
tests/vyos-lab/scripts/setup-vyos-container.sh:1 - Using a hardcoded password hash in test scripts is a security concern if these scripts are ever used in non-test environments. Add a prominent comment warning that this is for testing only, or better yet, generate unique passwords per deployment.
src/main.rs:1 - The error message refers to implementation details ('tokio runtime') that may confuse users. This appears to be a placeholder that returns an error, but the actual implementation exists later in main(). Consider removing this unreachable code path or updating the comment to clarify the control flow.
src/network.rs:1 - The code accesses
config.portwithunwrap_or(), but theWireguardConfigstruct definesportas a non-optionalu16field. This suggests either the struct definition is incorrect or this code is outdated. The struct should haveport: Option<u16>if this fallback is intended.
src/services/instance.rs:1 - The hardcoded node name 'pve' is a placeholder that could cause issues in production. This should either retrieve the actual node name from the instance metadata or be documented as a limitation that requires configuration.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "typescript": "^5.2.2" | ||
| }, | ||
| "engines": { | ||
| "bun": ">=1.0.0" |
There was a problem hiding this comment.
The package requires Bun >=1.0.0 but doesn't document this requirement prominently in the README or installation instructions. Users following the installation guide might not realize they need Bun installed.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Daniel Bodnar <1790726+danielbodnar@users.noreply.github.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| if self.http_client.is_none() { | ||
| let client = Client::builder() | ||
| .timeout(Duration::from_secs(self.config.timeout)) | ||
| .danger_accept_invalid_certs(true) // VyOS might use self-signed certs |
Check failure
Code scanning / CodeQL
Disabled TLS certificate check High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 days ago
In general, the fix is to stop disabling TLS certificate verification. With reqwest::Client::builder, certificate and hostname verification are enabled by default, so the most direct fix is to either remove the danger_accept_invalid_certs call or set it to false. This preserves all other behavior (timeouts, headers, API logic) while restoring secure TLS handling.
The best targeted fix here is to edit init_http_client in src/api/vyos.rs so that the Client::builder() no longer calls .danger_accept_invalid_certs(true). We can simply remove that method call entirely, allowing the default secure behavior. No other logic in this file depends on certificates being invalid or on that option’s return value, so this change does not affect functionality beyond enforcing proper TLS verification. No new imports or helper methods are needed.
Concretely:
- In
src/api/vyos.rs, withinfn init_http_client(&mut self) -> Result<()>, locate theClient::builder()chain. - Remove the line
.danger_accept_invalid_certs(true) // VyOS might use self-signed certs. - Optionally keep the comment adjusted if you want to document that a proper certificate (or trust anchor configuration) is now required, but that is not strictly necessary for the fix.
Suggested changeset
1
src/api/vyos.rs
| @@ -101,7 +101,6 @@ | ||
| if self.http_client.is_none() { | ||
| let client = Client::builder() | ||
| .timeout(Duration::from_secs(self.config.timeout)) | ||
| .danger_accept_invalid_certs(true) // VyOS might use self-signed certs | ||
| .build() | ||
| .context("Failed to build HTTP client")?; | ||
|
|
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces several foundational improvements to the BitBuilder Cloud CLI (bbctl) project, focusing on documentation, configuration, code quality, and initial planning. The changes establish a clear project structure, add configuration and linting for both Rust and TypeScript development, and provide comprehensive guides and plans for future development.
Project Planning and Documentation:
PLAN.md.docs/api-readme.md, including instructions for schema validation, type safety, and client generation.docs/configuration-guide.md, covering all aspects of bbctl configuration, provider and credential management, and best practices.README.mdwith instructions for testing against a VyOS lab environment.Development Environment and Tooling:
.eslintrc.jsonfor TypeScript linting with recommended rules and project-specific overrides.bunfig.tomlto configure Bun for dependency management, testing, and building TypeScript code.Cargo.tomlto include theuuidcrate for networking and security features, preparing for future API and RPC additions.Developer Experience and Guidelines:
CLAUDE.mdwith more detailed build, test, and style guidelines, including project structure, code formatting, and naming conventions. [1] [2] [3] [4]These changes lay the groundwork for robust development practices, clear documentation, and a maintainable codebase as bbctl evolves.