fix: UAT-driven parity — role commands, info output, -H dispatch#101
Merged
fix: UAT-driven parity — role commands, info output, -H dispatch#101
Conversation
The log "Role resolved: name=X role=entry" was confusing because it displayed the local node's resolved role next to the peer's name, reading as if the peer's role was entry. Changed to "Role resolved: peer=X local_role=entry" to prevent misreading. Also: route display uses "via" instead of arrow, stale subcommand reference removed from help text. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1. When --role is set with Fixed hint, info now shows the configured role immediately instead of "indeterminate" until a peer connects. With a fixed hint there is no negotiation — the role is decided. 2. -H/--host flag no longer triggers daemon dispatch. The heuristic "first arg starts with dash = daemon mode" incorrectly routed wallhack -H /path route list to the daemon CLI instead of the control client. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Every UAT session flagged hint_set as confusing — "hints" is protocol jargon. The REPL and CLI already use "role" (role entry, role prefer exit, role auto). This aligns MCP and REST to match: - MCP: hint_set → role, hint_set_auto → role_auto - REST: PUT/DELETE /hints → PUT/DELETE /role - OpenAPI: HintSetRequest → RoleSetRequest, operationIds updated - level parameter now defaults to "fixed" (matches REPL: "role entry" means "role fixed entry") Also: removed confusing connect=false/listen=false from info output capabilities — the address fields already show this information. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
maxholman
force-pushed
the
fix/uat-parity
branch
from
0b457e2 to
de38762
Compare
Three daemon startup flags consolidated into one: --role entry (fixed, shorthand) --role prefer:entry (soft preference) --role exclude:relay (avoid) --role auto (clear) Colon syntax follows the level:role pattern (like RUST_LOG's module=level). Bare role name defaults to fixed. AGENTS.md updated with strict interface parity rule. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- ssh-leaked-key: SSH with ed25519 deploy key on gateway-perimeter - ftp-loot: private key + README on FTP server anon root - vuln-upload: Flask file upload + /exec on gateway-office :8080 - vuln-cron: writable /opt/tasks with 15s cron on gateway-datacenter - Intranet page links to gateway upload portal - API server leaks monitoring SSH creds and task runner location - Pontoon config: allow_tools/allow_binaries per-VM restrictions Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
vsftpd stdlib uses /ftp/ as anon root, not /srv/ftp/. Moved ftp-loot configs to match. Also fixed key permissions (644). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- ssh-leaked-key: remove stale /etc/initrd/ copy, unlock deploy account, fix setgid on home dir - vuln-upload: fix server.py path (/app/ not /etc/initrd/app/) - attacker: add openssh-client package and /home/pontoon/.ssh dir - corp-proxy: add wallhack layer for platinum side-path - UAT report from session 2026-03-21-2 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Four commits driven by 5 UAT sessions. Establishes interface parity across REPL, CLI, MCP, REST, and OpenAPI.
Commits:
fix: disambiguate "Role resolved" log line and route display— log showslocal_role=entry peer_role=exit, route display usesviafix: show fixed role immediately in info, fix -H flag dispatch—--role entryshowsrole: entrybefore peer connects;-Hflag no longer routes to daemon moderefactor: rename hint_set → role across MCP, REST, and OpenAPI— singleroletool/endpoint,leveldefaults tofixed, removed confusingconnect=falsefrom inforefactor(cli): unify --prefer-role/--exclude-role/--role into --role— one flag with colon syntax:--role entry,--role prefer:entry,--role exclude:relay,--role autoHow to verify
wallhack --role prefer:entry --listen :443wallhackctl role prefer entry/wallhackctl role autorole(role="entry")/role(role="auto")PUT /role {"role":"entry"}/PUT /role {"role":"auto"}wallhack -H /path infodispatches to control clientRole resolved: peer=X local_role=entry peer_role=exit🤖 Generated with Claude Code