- Run de/ser roundtrip in pre_init even when db version matches, ensuring
all #[serde(default)] fields are populated before any typed access
- Add patchdb.md documentation for TypedDbWatch patterns
- Update TS bindings for CheckPortParams, CheckPortRes, ifconfigUrl
- Update CLAUDE.md docs with patchdb and component-level references
The CONNMARK --restore-mark rule was only in PREROUTING, which handles
forwarded packets. Locally-bound listeners (e.g. vhost) generate replies
through the OUTPUT chain, where the fwmark was never restored. This
caused response packets to route via the default table instead of back
through the originating interface.
- Add HostnameMetadata::Mdns variant to distinguish mDNS from private domains
- Mark mDNS addresses as private (public: false) since mDNS is local-only
- Fall back to null SNI entry when hostname not found in vhost mapping
- Simplify public detection in ProxyTarget filter
- Pass hostname to update_addresses for mDNS domain name generation
- NetService sync task now uses PatchDB DbWatch instead of being called
directly after DB mutations
- Read gateways from DB instead of network interface context when
updating host addresses
- gateway sync updates all host addresses in the DB
- Add Watch<u64> channel for callers to wait on sync completion
- Fix ts-rs codegen bug with #[ts(skip)] on flattened Plugin field
- Update SDK getServiceInterface.ts for new HostnameInfo shape
- Remove unnecessary HTTPS redirect in static_server.rs
- Fix tunnel/api.rs to filter for WAN IPv4 address
* Multiple (#3111)
* fix alerts i18n, fix status display, better, remove usb media, hide shutdown for install complete
* trigger chnage detection for localize pipe and round out implementing localize pipe for consistency even though not needed
* Fix PackageInfoShort to handle LocaleString on releaseNotes (#3112)
* Fix PackageInfoShort to handle LocaleString on releaseNotes
* fix: filter by target_version in get_matching_models and pass otherVersions from install
* chore: add exver documentation for ai agents
* frontend plus some be types
---------
Co-authored-by: Aiden McClelland <3732071+dr-bonez@users.noreply.github.com>
- Replace DynInterfaceFilter with ForwardRequirements for per-IP forward
precision with source-subnet iptables filtering for private forwards
- Add WildcardListener (binds [::]:port) to replace the per-gateway
NetworkInterfaceListener/SelfContainedNetworkInterfaceListener/
UpgradableListener infrastructure
- Update forward-port script with src_subnet and excluded_src env vars
- Remove unused filter types and listener infrastructure from gateway.rs
- Add availablePorts migration (IdPool -> BTreeMap<u16, bool>) to alpha.20
- Complete version bump to 0.4.0-alpha.20 in SDK and web
- Add AvailablePorts::try_alloc() with SSL tracking (BTreeMap<u16, bool>)
- Add DerivedAddressInfo on BindInfo with private_disabled/public_enabled/possible sets
- Add Bindings wrapper with Map impl for patchdb indexed access
- Flatten HostAddress from single-variant enum to struct
- Replace set-gateway-enabled RPC with set-address-enabled
- Remove hostname_info from Host; computed addresses now in BindInfo.addresses.possible
- Compute possible addresses inline in NetServiceData::update()
- Update DB migration, SDK types, frontend, and container-runtime
HostnameInfo only had one variant (Ip) after removing Tor. Flatten it
into a plain struct with fields gateway, public, hostname. Remove all
kind === 'ip' type guards and narrowing across SDK, frontend, and
container runtime. Update DB migration to strip the kind field.
Tor is being moved from a built-in OS feature to a service. This removes
the Arti-based Tor client, onion address management, hidden service
creation, and all related code from the core backend, frontend, and SDK.
- Delete core/src/net/tor/ module (~2060 lines)
- Remove OnionAddress, TorSecretKey, TorController from all consumers
- Remove HostnameInfo::Onion and HostAddress::Onion variants
- Remove onion CRUD RPC endpoints and tor subcommand
- Remove tor key handling from account and backup/restore
- Remove ~12 tor-related Cargo dependencies (arti-client, torut, etc.)
- Remove tor UI components, API methods, mock data, and routes
- Remove OnionHostname and tor patterns/regexes from SDK
- Add v0_4_0_alpha_20 database migration to strip onion data
- Bump version to 0.4.0-alpha.20
* fix --arch flag to fall back to emulation when native image unavailable, always infer hardware requirement for arch
* better handling of arch filter
* dont cancel in-progress commit workflows and abstract common setup
* cli improvements
fix group handling
* fix cli publish
* alpha.19
---------
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* start consolidating
* add start-cli flash-os
* combine install and setup and refactor all
* use http
* undo mock
* fix translation
* translations
* use dialogservice wrapper
* better ST messaging on setup
* only warn on update if breakages (#3097)
* finish setup wizard and ui language-keyboard feature
* fix typo
* wip: localization
* remove start-tunnel readme
* switch to posix strings for language internal
* revert mock
* translate backend strings
* fix missing about text
* help text for args
* feat: add "Add new gateway" option (#3098)
* feat: add "Add new gateway" option
* Update web/projects/ui/src/app/routes/portal/components/form/controls/select.component.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* add translation
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* fix dns selection
* keyboard keymap also
* ability to shutdown after install
* revert mock
* working setup flow + manifest localization
* (mostly) redundant localization on frontend
* version bump
* omit live medium from disk list and better space management
* ignore missing package archive on 035 migration
* fix device migration
* add i18n helper to sdk
* fix install over 0.3.5.1
* fix grub config
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
Co-authored-by: Matt Hill <MattDHill@users.noreply.github.com>
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* port misc fixes from feature/nvidia
* switch back to official tor proxy on 9050
* refactor OpenUI
* fix typo
* fixes, plus getServiceManifest
* fix EffectCreator, bump to beta.47
* fixes
* help ios downlaod .crt and add begin add masked for addresses
* only require and show CA for public domain if addSsl
* fix type and revert i18n const
* feat: add address masking and adjust design (#3088)
* feat: add address masking and adjust design
* update lockfile
* chore: move eye button to actions
* chore: refresh notifications and handle action error
* static width for health check name
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* hide certificate authorities tab
* alpha.17
* add waiting health check status
* remove "on" from waiting message
* reject on abort in `.watch`
* id migration: nostr -> nostr-rs-relay
* health check waiting state
* use interface type for launch button
* better wording for masked
* cleaner
* sdk improvements
* fix type error
* fix notification badge issue
---------
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* fix: refactor dns to handle tcp connections:
- do not use long-lived tcp connections to upstream dns servers
- when incoming request is over tcp, force a tcp lookup instead of udp
this solves cases where large dns records were not being resolved due to udp->tcp switch-over.
* use forwarding resolver for fallback
---------
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* fix: race condition in Daemon.stop()
* fix: do not stop Daemon on context leave
* fix: remove duplicate Daemons.term calls
* feat: honor dependency order when shutting terminating Daemons
* fixes, and remove started
---------
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* add support for idmapped mounts to start-sdk
* misc fixes
* misc fixes
* add default to textarea
* fix iptables masquerade rule
* fix textarea types
* more fixes
* better logging for rsync
* fix tty size
* fix wg conf generation for android
* disable file mounts on dependencies
* mostly there, some styling issues (#3069)
* mostly there, some styling issues
* fix: address comments (#3070)
* fix: address comments
* fix: fix
* show SSL for any address with secure protocol and ssl added
* better sorting and messaging
---------
Co-authored-by: Alex Inkin <alexander@inkin.ru>
* fixes for nextcloud
* allow sidebar navigation during service state traansitions
* wip: x-forwarded headers
* implement x-forwarded-for proxy
* lowercase domain names and fix warning popover bug
* fix http2 websockets
* fix websocket retry behavior
* add arch filters to s9pk pack
* use docker for start-cli install
* add version range to package signer on registry
* fix rcs < 0
* fix user information parsing
* refactor service interface getters
* disable idmaps
* build fixes
* update docker login action
* streamline build
* add start-cli workflow
* rename
* riscv64gc
* fix ui packing
* no default features on cli
* make cli depend on GIT_HASH
* more build fixes
* more build fixes
* interpolate arch within dockerfile
* fix tests
* add launch ui to service page plus other small improvements (#3075)
* add launch ui to service page plus other small improvements
* revert translation disable
* add spinner to service list if service is health and loading
* chore: some visual tune up
* chore: update Taiga UI
---------
Co-authored-by: waterplea <alexander@inkin.ru>
* fix backups
* feat: use arm hosted runners and don't fail when apt package does not exist (#3076)
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
Co-authored-by: Shadowy Super Coder <musashidisciple@proton.me>
Co-authored-by: Matt Hill <MattDHill@users.noreply.github.com>
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Remco Ros <remcoros@live.nl>
* overwrite AllowedIPs in wg config
mute UnknownCA errors
* fix upgrade issues
* allow start9 user to access journal
* alpha.15
* sort actions lexicographically and show desc in marketplace details
* add registry package download cli command
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
