* fix: merge version ranges when adding existing package signer (#3125)
* fix: merge version ranges when adding existing package signer
Previously, add_package_signer unconditionally inserted the new
version range, overwriting any existing authorization for that signer.
Now it OR-merges the new range with the existing one, so running
signer add multiple times accumulates permissions rather than
replacing them.
* add --merge flag to registry package signer add
Default behavior remains overwrite. When --merge is passed, the new
version range is OR-merged with the existing one, allowing admins to
accumulate permissions incrementally.
* add missing attribute to TS type
* make merge optional
* upsert instead of insert
* VersionRange::None on upsert
* fix: header color in zoom
---------
Co-authored-by: Dominion5254 <musashidisciple@proton.me>
Add getOutboundGateway effect across core, container-runtime, and SDK
to let services query their effective outbound gateway with callback
support. Remove preInstall/uninstall hooks from VersionGraph as they
are no longer needed.
- Add apt repo publish script (build/apt/publish-deb.sh) for S3-hosted repo
- Add apt source config and GPG key placeholder (apt/)
- Add tunnel.update.check and tunnel.update.apply RPC endpoints
- Wire up update API in tunnel frontend (api service + mock)
- Uses systemd-run --scope to survive service restart during update
- Add addKey() and add() builder methods to InputSpec with InputSpecTools
- Move OuterType to last generic param on Value, List, and all dynamic methods
- Plumb prefill through getActionInput end-to-end (core → container-runtime → SDK)
- Filter port_forwards to enabled addresses only
- Bump SDK to 0.4.0-beta.50
- Add URL plugin effects (register, export_url, clear_urls) in core
- Add PluginHostnameInfo, HostnameMetadata::Plugin, and plugin registration types
- Implement plugin URL table in web UI with tableAction button and rowAction overflow menus
- Thread urlPluginMetadata (packageId, hostId, interfaceId, internalPort) as prefill to actions
- Add prefill support to PackageActionData so metadata passes through form dialogs
- Add i18n translations for plugin error messages
- Clean up plugin URLs on package uninstall
Rename wrapperRepo→packageRepo, marketingSite→marketingUrl,
docsUrl→docsUrls (array), remove supportSite. Add display_src/display_dbg
helpers to Error. Fix DepInfo description type to LocaleString. Update
web UI, SDK bindings, tests, and fixtures to match. Clean up cli_attach
error handling and remove dead commented code.
- Run de/ser roundtrip in pre_init even when db version matches, ensuring
all #[serde(default)] fields are populated before any typed access
- Add patchdb.md documentation for TypedDbWatch patterns
- Update TS bindings for CheckPortParams, CheckPortRes, ifconfigUrl
- Update CLAUDE.md docs with patchdb and component-level references
- Add HostnameMetadata::Mdns variant to distinguish mDNS from private domains
- Mark mDNS addresses as private (public: false) since mDNS is local-only
- Fall back to null SNI entry when hostname not found in vhost mapping
- Simplify public detection in ProxyTarget filter
- Pass hostname to update_addresses for mDNS domain name generation
- NetService sync task now uses PatchDB DbWatch instead of being called
directly after DB mutations
- Read gateways from DB instead of network interface context when
updating host addresses
- gateway sync updates all host addresses in the DB
- Add Watch<u64> channel for callers to wait on sync completion
- Fix ts-rs codegen bug with #[ts(skip)] on flattened Plugin field
- Update SDK getServiceInterface.ts for new HostnameInfo shape
- Remove unnecessary HTTPS redirect in static_server.rs
- Fix tunnel/api.rs to filter for WAN IPv4 address
- Replace DynInterfaceFilter with ForwardRequirements for per-IP forward
precision with source-subnet iptables filtering for private forwards
- Add WildcardListener (binds [::]:port) to replace the per-gateway
NetworkInterfaceListener/SelfContainedNetworkInterfaceListener/
UpgradableListener infrastructure
- Update forward-port script with src_subnet and excluded_src env vars
- Remove unused filter types and listener infrastructure from gateway.rs
- Add availablePorts migration (IdPool -> BTreeMap<u16, bool>) to alpha.20
- Complete version bump to 0.4.0-alpha.20 in SDK and web
- Add AvailablePorts::try_alloc() with SSL tracking (BTreeMap<u16, bool>)
- Add DerivedAddressInfo on BindInfo with private_disabled/public_enabled/possible sets
- Add Bindings wrapper with Map impl for patchdb indexed access
- Flatten HostAddress from single-variant enum to struct
- Replace set-gateway-enabled RPC with set-address-enabled
- Remove hostname_info from Host; computed addresses now in BindInfo.addresses.possible
- Compute possible addresses inline in NetServiceData::update()
- Update DB migration, SDK types, frontend, and container-runtime
HostnameInfo only had one variant (Ip) after removing Tor. Flatten it
into a plain struct with fields gateway, public, hostname. Remove all
kind === 'ip' type guards and narrowing across SDK, frontend, and
container runtime. Update DB migration to strip the kind field.
Tor is being moved from a built-in OS feature to a service. This removes
the Arti-based Tor client, onion address management, hidden service
creation, and all related code from the core backend, frontend, and SDK.
- Delete core/src/net/tor/ module (~2060 lines)
- Remove OnionAddress, TorSecretKey, TorController from all consumers
- Remove HostnameInfo::Onion and HostAddress::Onion variants
- Remove onion CRUD RPC endpoints and tor subcommand
- Remove tor key handling from account and backup/restore
- Remove ~12 tor-related Cargo dependencies (arti-client, torut, etc.)
- Remove tor UI components, API methods, mock data, and routes
- Remove OnionHostname and tor patterns/regexes from SDK
- Add v0_4_0_alpha_20 database migration to strip onion data
- Bump version to 0.4.0-alpha.20
* add documentation for ai agents
* docs: consolidate CLAUDE.md and CONTRIBUTING.md, add style guidelines
- Refactor CLAUDE.md to reference CONTRIBUTING.md for build/test/format info
- Expand CONTRIBUTING.md with comprehensive build targets, env vars, and testing
- Add code style guidelines section with conventional commits
- Standardize SDK prettier config to use single quotes (matching web)
- Add project-level Claude Code settings to disable co-author attribution
* style(sdk): apply prettier with single quotes
Run prettier across sdk/base and sdk/package to apply the
standardized quote style (single quotes matching web).
* docs: add USER.md for per-developer TODO filtering
- Add agents/USER.md to .gitignore (contains user identifier)
- Document session startup flow in CLAUDE.md:
- Create USER.md if missing, prompting for identifier
- Filter TODOs by @username tags
- Offer relevant TODOs on session start
* docs: add i18n documentation task to agent TODOs
* docs: document i18n ID patterns in core/
Add agents/i18n-patterns.md covering rust-i18n setup, translation file
format, t!() macro usage, key naming conventions, and locale selection.
Remove completed TODO item and add reference in CLAUDE.md.
* chore: clarify that all builds work on any OS with Docker
* fix --arch flag to fall back to emulation when native image unavailable, always infer hardware requirement for arch
* better handling of arch filter
* dont cancel in-progress commit workflows and abstract common setup
* cli improvements
fix group handling
* fix cli publish
* alpha.19
---------
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* start consolidating
* add start-cli flash-os
* combine install and setup and refactor all
* use http
* undo mock
* fix translation
* translations
* use dialogservice wrapper
* better ST messaging on setup
* only warn on update if breakages (#3097)
* finish setup wizard and ui language-keyboard feature
* fix typo
* wip: localization
* remove start-tunnel readme
* switch to posix strings for language internal
* revert mock
* translate backend strings
* fix missing about text
* help text for args
* feat: add "Add new gateway" option (#3098)
* feat: add "Add new gateway" option
* Update web/projects/ui/src/app/routes/portal/components/form/controls/select.component.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* add translation
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* fix dns selection
* keyboard keymap also
* ability to shutdown after install
* revert mock
* working setup flow + manifest localization
* (mostly) redundant localization on frontend
* version bump
* omit live medium from disk list and better space management
* ignore missing package archive on 035 migration
* fix device migration
* add i18n helper to sdk
* fix install over 0.3.5.1
* fix grub config
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
Co-authored-by: Matt Hill <MattDHill@users.noreply.github.com>
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* port misc fixes from feature/nvidia
* switch back to official tor proxy on 9050
* refactor OpenUI
* fix typo
* fixes, plus getServiceManifest
* fix EffectCreator, bump to beta.47
* fixes
* help ios downlaod .crt and add begin add masked for addresses
* only require and show CA for public domain if addSsl
* fix type and revert i18n const
* feat: add address masking and adjust design (#3088)
* feat: add address masking and adjust design
* update lockfile
* chore: move eye button to actions
* chore: refresh notifications and handle action error
* static width for health check name
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* hide certificate authorities tab
* alpha.17
* add waiting health check status
* remove "on" from waiting message
* reject on abort in `.watch`
* id migration: nostr -> nostr-rs-relay
* health check waiting state
* use interface type for launch button
* better wording for masked
* cleaner
* sdk improvements
* fix type error
* fix notification badge issue
---------
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* fix: race condition in Daemon.stop()
* fix: do not stop Daemon on context leave
* fix: remove duplicate Daemons.term calls
* feat: honor dependency order when shutting terminating Daemons
* fixes, and remove started
---------
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* add support for idmapped mounts to start-sdk
* misc fixes
* misc fixes
* add default to textarea
* fix iptables masquerade rule
* fix textarea types
* more fixes
* better logging for rsync
* fix tty size
* fix wg conf generation for android
* disable file mounts on dependencies
* mostly there, some styling issues (#3069)
* mostly there, some styling issues
* fix: address comments (#3070)
* fix: address comments
* fix: fix
* show SSL for any address with secure protocol and ssl added
* better sorting and messaging
---------
Co-authored-by: Alex Inkin <alexander@inkin.ru>
* fixes for nextcloud
* allow sidebar navigation during service state traansitions
* wip: x-forwarded headers
* implement x-forwarded-for proxy
* lowercase domain names and fix warning popover bug
* fix http2 websockets
* fix websocket retry behavior
* add arch filters to s9pk pack
* use docker for start-cli install
* add version range to package signer on registry
* fix rcs < 0
* fix user information parsing
* refactor service interface getters
* disable idmaps
* build fixes
* update docker login action
* streamline build
* add start-cli workflow
* rename
* riscv64gc
* fix ui packing
* no default features on cli
* make cli depend on GIT_HASH
* more build fixes
* more build fixes
* interpolate arch within dockerfile
* fix tests
* add launch ui to service page plus other small improvements (#3075)
* add launch ui to service page plus other small improvements
* revert translation disable
* add spinner to service list if service is health and loading
* chore: some visual tune up
* chore: update Taiga UI
---------
Co-authored-by: waterplea <alexander@inkin.ru>
* fix backups
* feat: use arm hosted runners and don't fail when apt package does not exist (#3076)
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
Co-authored-by: Shadowy Super Coder <musashidisciple@proton.me>
Co-authored-by: Matt Hill <MattDHill@users.noreply.github.com>
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Remco Ros <remcoros@live.nl>
* overwrite AllowedIPs in wg config
mute UnknownCA errors
* fix upgrade issues
* allow start9 user to access journal
* alpha.15
* sort actions lexicographically and show desc in marketplace details
* add registry package download cli command
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
