[IGNORE] [CI] win-e2e bisect (44,46] id 45 check#4299
Draft
cristeigabriela wants to merge 45 commits into
Draft
Conversation
* Fix image_pull_secrets example in config docs The top-level example used "secret-key" but the field is "name", as shown correctly in the detailed docs further down. * Regenerate mirrord-schema.json
Co-authored-by: cubby-mb[bot] <273354325+cubby-mb[bot]@users.noreply.github.com>
…lbear-co#4117) * single session support for mc * add some explanation * clipy * schema * fix
* Bump bundled apple utils * vale
* More logging to help debug flaky test * changelog * bruh
Co-authored-by: cubby-mb[bot] <273354325+cubby-mb[bot]@users.noreply.github.com>
…bear-co#4238) * Free disk space before starting E2E tests to avoid running out * Switch to our fork of free-disk-space
* Bump github actions * .. * bump to ltest
* Integrate Linear release to CI * tag
* Add missing 'file' util in 'appleutils' * .. * ..
Co-authored-by: cubby-mb[bot] <273354325+cubby-mb[bot]@users.noreply.github.com>
* Set release name to version in linear-release-action * Make release name reasonable
* Bump hickory * Get rid of hickory from layer, go back to using system resolver * minor * Dont error out on EAI_AGAIN, to match pre-hickory code
* Use absolute paths in xtask * fmt
…etalbear-co#4245) * feat(cli): /api/me, enriched OperatorSessionSummary, session.user fallback - New `/api/me` endpoint backed by `SelfSubjectReview` so the local UI can show the current user. - Add `duration_secs`, `locked_ports`, `queue_splits` and the supporting `OperatorLockedPort` / `OperatorQueueSplits` types to `OperatorSessionSummary` so the UI can render richer cluster-side session info from the operator status. - `parse_session_owner` falls back to the raw `session.user` string when it doesn't match the standard `username/k8s_username@host` format. Standard operator-owned sessions still parse the same way, but non-standard ones (e.g. preview-env sessions) make it through instead of being dropped. * chore: ignore RUSTSEC-2026-0119 (hickory-proto DoS) hickory-proto 0.24 has a published DoS via name compression. Patched in 0.26.1, but our hickory-resolver 0.24 transitive pins ^0.24, so taking the fix needs a separate dependency upgrade PR. Our DNS path goes through the agent in a controlled cluster, not exposed to untrusted DNS messages, so the immediate risk to mirrord is low. Tracking the upgrade separately rather than blocking unrelated PRs on it. * chore: drop RUSTSEC-2026-0119 ignore now that hickory is bumped hickory-resolver/hickory-proto are at 0.26.1 on main (metalbear-co#4248), which includes the fix for the name-compression DoS. The ignore is no longer needed.
* Fix unix sockets * Add test * Fix windows
Co-authored-by: cubby-mb[bot] <273354325+cubby-mb[bot]@users.noreply.github.com>
) - Refresh description to include AI coding agents as first-class users - Replace stale KubeCon raffle teaser with an "Adopted by" line citing case-study customers, linking to ADOPTERS.md - Add "Using mirrord with AI coding agents" section pointing at metalbear-co/skills and the /mirrord/ai page - Remove the stale KubeCon Atlanta Raffle section - Append 6 case-study customers (monday.com, SurveyMonkey, Cadence, CoLab, Daylight Security, Zooplus) to ADOPTERS.md
…etalbear-co#4235) * rebind0 * port_mapping * self_connect * http_mirroring + attempt at adding go layer it for windows * towncrier * align more dependencies from test-integration * WIN-95 try to free port 80 on gh runner * add wsagle to bind failure to debug flaky * issue1123 * Update changelog.d/+layer-it-win-some-more.internal.md Co-authored-by: Gemma <58080601+gememma@users.noreply.github.com> --------- Co-authored-by: Gemma <58080601+gememma@users.noreply.github.com>
…hes (metalbear-co#4252) * Add ttl_secs to preview * Add ttl_mins to branch * Changelog and schema * Review
* Pass correct PID to TcpOutgoingTask to fix ephemeral container + unix socket flow * Remove Pid from UdpOutgoingTask it's not used anywhere * Changelog * RAAAAAAAAAAAAAAAAAAHHHHHHHH
* Fix sockaddr_in6 truncation * Fix dns errors
…bear-co#4262) * fix: improve windows feature.fs documentation * fix(changelog): wrap `fs` in code markers to satisfy vale spell check Vale's Vale.Spelling rule flagged the bare `fs` tokens as misspelled. Backtick-wrapping puts them in vale's ignored code scope, which is configured in .vale.ini. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(schema): regenerate mirrord-schema.json for windows fs docs The doc additions on feature.fs.{read_write,read_only,local,not_found,mapping} changed their schema descriptions, so the checked-in schema needed refreshing to satisfy mirrord-config's schema_file_is_up_to_date integration test. Generated via: cargo test -p mirrord-config check_schema_file_exists_and_is_valid_or_create_it -- --ignored Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: cubby-mb[bot] <273354325+cubby-mb[bot]@users.noreply.github.com>
* azure * changelog * changelog * lint * schema * test * test * cleanup
* Use connect-relative timeout for HTTP protocol detection Detection on redirected connections previously waited indefinitely for the client's first byte before the timeout started, which stalled server-first protocols like SMTP. The timer now starts when detection begins, and the value is configurable via `agent.http_detection_timeout` (default 2s; `0` skips detection entirely). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * address review comments --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…talbear-co#4270) * Added retrying API to the MirrordClient * Changelog * Added UTs * cluppy * Make retrying stream methods nicer by providing a concrete type * Fix doc
* Mirrord up init * Review
…-co#4273) * unified filters * changelog * changelog
* mysql iam auth * schema * lint
Co-authored-by: cubby-mb[bot] <273354325+cubby-mb[bot]@users.noreply.github.com>
…r.com (metalbear-co#4272) * docs(readme): rewrite intro and switch metalbear.co links to metalbear.com Two changes: 1. Rewrites the README intro to drop wishy-washy phrasing ("meant to provide the benefits of... without actually going through the hassle of...") in favor of a direct statement. The new intro names both audiences (developer in an IDE + AI coding agent: Claude Code, Cursor, Codex, Copilot, Windsurf) and both halves of the loop: reading live cluster context while writing code (real env vars, real service responses, real queue contents), then running code against those same services and data. 2. Switches all `metalbear.co` links to `metalbear.com` (the canonical domain). `metalbear.co` redirects to `.com` via Cloudflare Worker, but linking to the canonical form is cleaner and avoids the redirect hop. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(readme): fix Twitter handle and metalbear.comm typo - Twitter Follow badge and link: `metalbearco` → `metalbear` (the canonical handle on x.com). - Fix `metalbear.comm/mirrord/ai` typo introduced via the recent main merge. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Update README.md Co-authored-by: Arsh Sharma <56963264+RinkiyaKeDad@users.noreply.github.com> * Update README.md Co-authored-by: Arsh Sharma <56963264+RinkiyaKeDad@users.noreply.github.com> * Update README.md Co-authored-by: Arsh Sharma <56963264+RinkiyaKeDad@users.noreply.github.com> * Apply suggestion from @RinkiyaKeDad Co-authored-by: Arsh Sharma <56963264+RinkiyaKeDad@users.noreply.github.com> * Update README.md --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Arsh Sharma <56963264+RinkiyaKeDad@users.noreply.github.com>
…m+Sink` type (metalbear-co#4281) * Small style fix * Remove unnecessary Sync bound from ProtocolConnector * Add missing Clone derive for ClientConfig * Return named Stream+Sink from OperatorApi * Remove out message filter from mirrord-protocol-io * Adjust CLI and intproxy code * Changelog
* Fix install script broken pipe `grep -m 1` breaks the pipe and exit while curl still writing. Use `head -n 1` instead so curl can finish writing. * Add changelog
…bear-co#4246) * feat(packages/monitor): operator-sessions view in the local UI Brings the local mirrord UI to feature parity with the design handoff for the operator-sessions panel: - Sidebar splits into a YOURS section (your local mirrord exec sessions, grouped by session key) and a TEAM section (cluster-wide operator sessions). Funnel hero replaces the empty state when the operator isn't installed. - Session key grouping mirrors the operator's status.sessions[] layout, with a JOINED pill for the key the browser extension is currently routing to. - Per-session detail pane: events stream + config side-by-side with a draggable splitter, metadata strip with target / port / mode / processes, JoinBar that talks to the browser extension over the externally_connectable bridge. - ConnectOperator modal mirrors the app.metalbear.com onboarding wizard structure (header + Stepper -> separator -> body -> separator -> footer) and uses the same three helm commands. - Header chip shows the user's k8s identity from /api/me, opens a menu with Settings (theme + analytics). - Grayscale palette: --primary, --muted, --accent, --ring overridden so the UI reads as monochrome instead of leaning on brand purple. Backend bits this consumes (/api/me, /api/operator-sessions, OperatorLockedPort/OperatorQueueSplits, duration_secs) ship in their own Rust-only PR. * fix: vale-clean changelog wording * Bump hickory (metalbear-co#4248) * Bump hickory * Get rid of hickory from layer, go back to using system resolver * minor * Dont error out on EAI_AGAIN, to match pre-hickory code * Use absolute paths in xtask (metalbear-co#4253) * Use absolute paths in xtask * fmt * feat(cli): /api/me and enriched OperatorSessionSummary in mirrord ui (metalbear-co#4245) * feat(cli): /api/me, enriched OperatorSessionSummary, session.user fallback - New `/api/me` endpoint backed by `SelfSubjectReview` so the local UI can show the current user. - Add `duration_secs`, `locked_ports`, `queue_splits` and the supporting `OperatorLockedPort` / `OperatorQueueSplits` types to `OperatorSessionSummary` so the UI can render richer cluster-side session info from the operator status. - `parse_session_owner` falls back to the raw `session.user` string when it doesn't match the standard `username/k8s_username@host` format. Standard operator-owned sessions still parse the same way, but non-standard ones (e.g. preview-env sessions) make it through instead of being dropped. * chore: ignore RUSTSEC-2026-0119 (hickory-proto DoS) hickory-proto 0.24 has a published DoS via name compression. Patched in 0.26.1, but our hickory-resolver 0.24 transitive pins ^0.24, so taking the fix needs a separate dependency upgrade PR. Our DNS path goes through the agent in a controlled cluster, not exposed to untrusted DNS messages, so the immediate risk to mirrord is low. Tracking the upgrade separately rather than blocking unrelated PRs on it. * chore: drop RUSTSEC-2026-0119 ignore now that hickory is bumped hickory-resolver/hickory-proto are at 0.26.1 on main (metalbear-co#4248), which includes the fix for the name-compression DoS. The ignore is no longer needed. * Fix unix sockets (metalbear-co#4255) * Fix unix sockets * Add test * Fix windows * Prepare release 3.209.2 (metalbear-co#4254) Co-authored-by: cubby-mb[bot] <273354325+cubby-mb[bot]@users.noreply.github.com> * README: surface adopters and AI coding agents section (metalbear-co#4251) - Refresh description to include AI coding agents as first-class users - Replace stale KubeCon raffle teaser with an "Adopted by" line citing case-study customers, linking to ADOPTERS.md - Add "Using mirrord with AI coding agents" section pointing at metalbear-co/skills and the /mirrord/ai page - Remove the stale KubeCon Atlanta Raffle section - Append 6 case-study customers (monday.com, SurveyMonkey, Cadence, CoLab, Daylight Security, Zooplus) to ADOPTERS.md * WIN-111 Layer IT - Make some more integration tests run on windows (metalbear-co#4235) * rebind0 * port_mapping * self_connect * http_mirroring + attempt at adding go layer it for windows * towncrier * align more dependencies from test-integration * WIN-95 try to free port 80 on gh runner * add wsagle to bind failure to debug flaky * issue1123 * Update changelog.d/+layer-it-win-some-more.internal.md Co-authored-by: Gemma <58080601+gememma@users.noreply.github.com> --------- Co-authored-by: Gemma <58080601+gememma@users.noreply.github.com> * Add ttl_secs setting to preview environments and ttl_mins to db branches (metalbear-co#4252) * Add ttl_secs to preview * Add ttl_mins to branch * Changelog and schema * Review * Ephemeral unix sock fix (metalbear-co#4260) * Pass correct PID to TcpOutgoingTask to fix ephemeral container + unix socket flow * Remove Pid from UdpOutgoingTask it's not used anywhere * Changelog * RAAAAAAAAAAAAAAAAAAHHHHHHHH * Ipv6 outgoing fix (metalbear-co#4263) * Fix sockaddr_in6 truncation * Fix dns errors * 🇧🇷 win-117 🇧🇷 ﹏ improve `feature.fs` documentation for windows (metalbear-co#4262) * fix: improve windows feature.fs documentation * fix(changelog): wrap `fs` in code markers to satisfy vale spell check Vale's Vale.Spelling rule flagged the bare `fs` tokens as misspelled. Backtick-wrapping puts them in vale's ignored code scope, which is configured in .vale.ini. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(schema): regenerate mirrord-schema.json for windows fs docs The doc additions on feature.fs.{read_write,read_only,local,not_found,mapping} changed their schema descriptions, so the checked-in schema needed refreshing to satisfy mirrord-config's schema_file_is_up_to_date integration test. Generated via: cargo test -p mirrord-config check_schema_file_exists_and_is_valid_or_create_it -- --ignored Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * document jq support for GCP Pub/Sub in config docs (metalbear-co#4261) * Bind agent to IPv6 dual stack, fallback to IPv4 if fails (metalbear-co#4266) * mirrord-up: rename mode to default_mode, add CLI arg to set it (metalbear-co#4247) * Prepare release 3.210.0 (metalbear-co#4267) Co-authored-by: cubby-mb[bot] <273354325+cubby-mb[bot]@users.noreply.github.com> * INT-273 Queue Splitting - Azure Servicebus Support (metalbear-co#4259) * azure * changelog * changelog * lint * schema * test * test * cleanup * HTTP detection timeout improvements (metalbear-co#4250) * Use connect-relative timeout for HTTP protocol detection Detection on redirected connections previously waited indefinitely for the client's first byte before the timeout started, which stalled server-first protocols like SMTP. The timer now starts when detection begins, and the value is configurable via `agent.http_detection_timeout` (default 2s; `0` skips detection entirely). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * address review comments --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Added retrying methods to `MirrordClient` from `mirrord-protocol` (metalbear-co#4270) * Added retrying API to the MirrordClient * Changelog * Added UTs * cluppy * Make retrying stream methods nicer by providing a concrete type * Fix doc * Bump toml (metalbear-co#4269) * Mirrord up init (metalbear-co#4268) * Mirrord up init * Review * INT-415 Support Service Bus queue splitting in Preview env (metalbear-co#4273) * unified filters * changelog * changelog * INT-420 Add MySQL IAM auth support (metalbear-co#4278) * mysql iam auth * schema * lint * Prepare release 3.211.0 (metalbear-co#4279) Co-authored-by: cubby-mb[bot] <273354325+cubby-mb[bot]@users.noreply.github.com> * docs(readme): rewrite intro and switch metalbear.co links to metalbear.com (metalbear-co#4272) * docs(readme): rewrite intro and switch metalbear.co links to metalbear.com Two changes: 1. Rewrites the README intro to drop wishy-washy phrasing ("meant to provide the benefits of... without actually going through the hassle of...") in favor of a direct statement. The new intro names both audiences (developer in an IDE + AI coding agent: Claude Code, Cursor, Codex, Copilot, Windsurf) and both halves of the loop: reading live cluster context while writing code (real env vars, real service responses, real queue contents), then running code against those same services and data. 2. Switches all `metalbear.co` links to `metalbear.com` (the canonical domain). `metalbear.co` redirects to `.com` via Cloudflare Worker, but linking to the canonical form is cleaner and avoids the redirect hop. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(readme): fix Twitter handle and metalbear.comm typo - Twitter Follow badge and link: `metalbearco` → `metalbear` (the canonical handle on x.com). - Fix `metalbear.comm/mirrord/ai` typo introduced via the recent main merge. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Update README.md Co-authored-by: Arsh Sharma <56963264+RinkiyaKeDad@users.noreply.github.com> * Update README.md Co-authored-by: Arsh Sharma <56963264+RinkiyaKeDad@users.noreply.github.com> * Update README.md Co-authored-by: Arsh Sharma <56963264+RinkiyaKeDad@users.noreply.github.com> * Apply suggestion from @RinkiyaKeDad Co-authored-by: Arsh Sharma <56963264+RinkiyaKeDad@users.noreply.github.com> * Update README.md --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Arsh Sharma <56963264+RinkiyaKeDad@users.noreply.github.com> * Make `OperatorApi` return an established connection as a plain `Stream+Sink` type (metalbear-co#4281) * Small style fix * Remove unnecessary Sync bound from ProtocolConnector * Add missing Clone derive for ClientConfig * Return named Stream+Sink from OperatorApi * Remove out message filter from mirrord-protocol-io * Adjust CLI and intproxy code * Changelog * feat(packages/monitor): instrument session monitor with umbrella good/bad events * feat(packages/monitor): drop preview-environments chip from funnel hero * refactor(packages/monitor): address self-review feedback - ResizableSplit: rename pct → widthPercent (props, state, setter) - EventFilterChips: drop inline fontSize, use text-caps token - JoinBar: extract legacyExtension copy into strings - AppHeader: extract Search placeholder into strings.app - index.css: drop Apple HIG / SF Pro from typography comment --------- Co-authored-by: MintSoup <aregak2005@gmail.com> Co-authored-by: cubby-mb[bot] <273354325+cubby-mb[bot]@users.noreply.github.com> Co-authored-by: Eyal Bukchin <eyal@metalbear.co> Co-authored-by: Daniel Graf <59334873+itsamegraf@users.noreply.github.com> Co-authored-by: Gemma <58080601+gememma@users.noreply.github.com> Co-authored-by: gabriela cristei <cristei.g772@gmail.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: t4lz <t4lz.git@gmail.com> Co-authored-by: vladrbg <vladr@metalbear.com> Co-authored-by: Sean Ferguson <fergusean@gmail.com> Co-authored-by: Michał Smolarek <34063647+Razz4780@users.noreply.github.com> Co-authored-by: Arsh Sharma <56963264+RinkiyaKeDad@users.noreply.github.com>
* implement windows file filter test * fix win filter code, fix and relocate home util this change moves the homedir util out of layer-lib so that it can be used across all mirrord crates. moreover, we fix windows file filter code by escaping homedir for regex. * towncrier, cargo.lock --------- Co-authored-by: Aviram Hassan <aviram@metalbear.co>
* Reflect outgoing filter into DNS filters * Tests * Update docs * Changelog * Address comments
* Housekeeping * Update PreviewSession CRD * Read config from config file and populate PreviewSession * Config verification 1. Make sure inline supplied base64 strings are valid 2. Make sure conflicting combinations of `payload` + `type` / `from_file` are rejected Also had to make `ConfigError::InvalidValue::name` into a `Cow<'static, str>` to allow reporting precise location of malformed `config_mount` entry * Config tests
…ar-co#4264) * Preview: Make `preview status` only show active sessions by default * Preview: Don't use "pod" terminology for progress reports * Intproxy: Support hostname-based subscriptions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Final windows-e2e bisect tiebreaker. Do not review/merge. Tests commit
3817ef2cba(#4264 Make preview environments resilient to crashes and evictions). id 44 passed and id 46/main failed, so this isolates the culprit to #4264 (if this fails) or #4287 (if this passes).