| Age | Commit message (Collapse) | Author |
|
- router-advert: reword base-interface description — the base interface
provides the network portion of the advertised RA prefix (radvd
Base6Interface), not the host bits; note the DHCPv6-PD use case
- route-map, ipsec_general: wrap five pre-existing overlong lines so the
doc linter (which scans whole modified files) passes on touched files
🤖 Generated by [robots](https://vyos.io)
|
|
64:ff9b::/96 is the RFC 6052 well-known NAT64 prefix — factually correct
in the PREF64 documentation, but flagged error-level by the doc linter's
documentation-address rule. Wrap the block in linter markers.
🤖 Generated by [robots](https://vyos.io)
|
|
Documents nine CLI features added to vyos-1x between Nov 2025 and May 2026
that were missing from the docs (gap-audit T8886, Phase 1 / T8887):
- system frr watchfrr-timeout (vyos-1x#5165, T8606)
- policy route-map match source-peer (vyos-1x#5149, T8588)
- high-availability vrrp snmp trap (vyos-1x#5108, T8448)
- protocols segment-routing traffic-engineering subtree (vyos-1x#4994, T6750)
- protocols bgp parameters as-notation (vyos-1x#5089, T7338)
- protocols bgp bmp target monitor pre-policy/post-policy/local-rib
(vyos-1x#4922, T8133)
- service router-advert prefix base-interface (vyos-1x#5007, T8302)
- firewall global-options geoip provider/maxmind-* (vyos-1x#4949, T7926/T8049)
- vpn ipsec childless IKE SA option (vyos-1x#4930, T8136)
Also wraps one pre-existing overlong line moved within router-advert.md.
🤖 Generated by [robots](https://vyos.io)
|
|
* docs: Add GeoIP ASN support (T5746)
* Small styling changes
---------
Co-authored-by: Daniil Baturin <daniil@baturin.org>
|
|
* ci: track Context7 LTS variants by branch instead of moved git tags
Switch the Context7 1.5/1.4 variants from tag-backed to branch-backed:
- context7.json: previousVersions entries `{tag:"1.5"}`/`{tag:"1.4"}` →
`{branch:"circinus"}`/`{branch:"sagitta"}`. Context7 now indexes the
LTS branch HEADs directly.
- Delete update-version-tags.yml. Its sole purpose was force-moving the
git tags 1.5/1.4 to circinus/sagitta HEAD so the tag-backed Context7
variants tracked the branches. With branch-backed variants Context7
tracks the HEAD natively, so the tag indirection — and its re-run
"moves the tag backward" footgun — is gone.
- context7-refresh.yml: trigger directly on push to rolling/circinus/
sagitta (docs/** + context7.json paths) instead of chaining off the
deleted tag-mover via workflow_run; refresh payload uses
`branch:"circinus"`/`branch:"sagitta"` for the non-default variants.
Operator follow-up (post-merge): the circinus/sagitta branch variants
must be registered in the Context7 dashboard (a refresh by branch 404s
until Context7 crawls the new config), and the now-unused git tags
1.5/1.4 can be deleted.
🤖 Generated by [robots](https://vyos.io)
* ci: harden jq repo interpolation in context7-refresh
Adversarial review (agy): use the $GITHUB_REPOSITORY runner env var
(mapped as REPO) instead of inlining ${{ github.repository }} into the
jq command string, matching the safe env-mapping pattern already used
for EVENT_NAME/REF_NAME. github.repository is validated and low-risk,
but this structurally removes the interpolation-into-shell surface.
🤖 Generated by [robots](https://vyos.io)
|
|
* docs: expand Context7 branch-to-version mapping rule
Rule 29 in context7.json only mapped circinus (1.5.x) and sagitta
(1.4.x). Expand it to the full branch-to-version table matching
AGENTS.md: rolling (1.5+), circinus (1.5.x LTS), sagitta (1.4.x LTS),
equuleus (1.3.x legacy), crux (1.2.x legacy).
🤖 Generated by [robots](https://vyos.io)
* docs: correct rolling branch version in Context7 mapping
CodeRabbit review: `rolling` was described as "1.5+", but circinus is
already the 1.5 LTS line, so rolling tracks the next major (1.6+), not
1.5. Fix the rolling entry accordingly.
🤖 Generated by [robots](https://vyos.io)
|
|
* docs: Update UDP broadcast relay page to VyOS 1.5 standards
* Remove the implication that something other than IPv4 supports broadcast
---------
Co-authored-by: Daniil Baturin <daniil@baturin.org>
|
|
bgp: T6573: add input/output queue limit CLI commands
|
|
|
|
* docs: Update TFTP server page to VyOS 1.5 standards
* Update tftp-server.md
|
|
* docs: Update Console server page to VyOS 1.5 standards
* Minor corrections
* Minor corrections
* Apply suggestions from code review
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* Update console-server.md
* Apply suggestions from code review
Co-authored-by: Daniil Baturin <daniil@baturin.org>
* Remove the mention of long-EOL'd VyOS 1.3
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Daniil Baturin <daniil@baturin.org>
|
|
pseudo-ethernet: T8540: Add anycast-gateway support for EVPN
|
|
* docs: Update Config sync page to VyOS 1.5 standards
* Minor corrections
* Update config-sync.md
* Apply suggestion from @github-actions[bot]
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* Apply suggestion from @github-actions[bot]
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
|
|
On a fresh (no-consent) load the consent banner could render completely
unstyled and expand to full page height. Cookiebot delivers its dialog CSS as
a constructed stylesheet on document.adoptedStyleSheets; ReadTheDocs'
readthedocs-addons.js reassigns that whole-array property with a destructive
replace, and when that lands after Cookiebot's network-gated adoption it drops
Cookiebot's sheet, leaving #CybotCookiebotDialog at position:static expanded to
~6700px. It is a race, so it is intermittent and clears once consent is given
(the dialog then never renders).
- layout.html: a small adoptedStyleSheets shim, installed before any page
script, that preserves Cookiebot's sheet so another library cannot drop it.
- custom.css: a leak-safe safety net that keeps the dialog contained even if
its adopted sheet is ever absent. It uses only properties Cookiebot itself
sets, so it has verifiably no effect on the normal, styled banner.
🤖 Generated by [robots](https://vyos.io)
|
|
* dhcp: Update documentation to sync with DHCPv4/v6 options
Sync up with Kea DHCPv4 and DHCPv6 options documentation,
and clarify some of the options.
* Remove mentions of specific DHCP server implementations
Co-authored-by: Daniil Baturin <daniil@baturin.org>
---------
Co-authored-by: Daniil Baturin <daniil@baturin.org>
|
|
* docs: Update IS-IS page to VyOS 1.5 standards
* Apply suggestions from code review
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* Update isis.md
* Update isis.md
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
|
|
Removes the eps1lon `check-open-prs-conflict.yml` caller (which ran
`eps1lon/actions-label-merge-conflict` on push to base branches to label
conflicting PRs + comment) and replaces it with Mergify:
- Conflict LABEL (`conflicts`): already handled by the inherited central
`Label conflicting pull requests` rule (predicate `conflict`, toggle).
Mergify re-evaluates continuously, so the GHA's push-triggered re-scan
is covered natively — no local rule needed for the label.
- Conflict COMMENT: a local additive rule `Comment on conflicting pull
requests` (distinct name → does not replace the inherited label rule)
posts the contributor-facing "please resolve" notice once when a PR
enters conflict (Mergify dedupes the comment per rule+message).
The GHA's clean-side "conflicts resolved" comment is intentionally NOT
replicated — Mergify has no "was-conflicting-now-clean" predicate, and
keying on `-conflict` would match every non-conflicting PR.
This is the final piece of the T8937 Mergify-GHA retirement (the central
`check-pr-conflict.yml` reusable was preserved pending this consumer; it
is deleted in a follow-up vyos/.github PR once this merges).
Advances: T8937
🤖 Generated by [robots](https://vyos.io)
|
|
T8973: remove salt from documentation - feature removed
|
|
|
|
docs: Use the 'rolling' branch in install.md
|
|
Replace mentions of the 'current' Git branch with 'rolling'
|
|
docs: Remove stale CLI output examples from build-vyos.md
|
|
|
|
Update the default Git branch in build-vyos.md from 'current' to 'rolling'
|
|
* docs: Update OpenFabric page to VyOS 1.5 standards
* Update openfabric.md
* Update openfabric.md
* Update openfabric.md
|
|
* docs: Update RPKI page to VyOS 1.5 standards
* Update rpki.md
* Update rpki.md
|
|
* docs: Update Traffic Engineering page to VyOS 1.5 standards
* Update traffic-engineering.md
* Update traffic-engineering.md
|
|
* docs: Update Segment Routing page to VyOS 1.5 standards
* docs: Minor corrections
* docs: Minor formatting corrections
* Update segment-routing.md
|
|
* docs: Update RIP page to VyOS 1.5 standards
* Update rip.md
|
|
* docs: Update PIM page to VyOS 1.5 standards
* Update pim.md
|
|
* docs: Update MPLS page to VyOS 1.5 standards
* Update mpls.md
|
|
T8967: Fix update-check URL for rolling
|
|
|
|
centrally) (#2083)
|
|
conntrack: T8308: Enhancements to the `show conntrack table` op-mode command
|
|
T8960: ai-validation — consolidate cross-repo auth onto vyos-bot App
|
|
Swap the cross-repo-checkout token from the dedicated vyos-docs-reviewer
App (VYOS_APP_ID/_PRIVATE_KEY) to the shared vyos-bot App via the fleet
get-token composite, scoped contents:read. Skip-check now gates on
APP_CLIENT_ID + APP_PRIVATE_KEY + ANTHROPIC_API_KEY (org-level vyos-bot
creds); reword the stale token comment. PR-comment posting still uses
the default GITHUB_TOKEN. Byte-identical to the paired reference copy in
VyOS-Networks/vyos-docs-opus-reviewer (scripts/ai-validation.yml).
🤖 Generated by [robots](https://vyos.io)
|
|
Rewrites uses: pins to the three HIGH-fanout producers (vyos/.github,
vyos/vyos-cla-signatures, VyOS-Networks/vyos-reusable-workflows) from their
old default branch to the new production compat branch staged in Task 1.
No functional change; pin-ref rewrite only.
Tracking: T8943
|
|
|
|
Replaces 5 caller workflows now superseded by central Mergify rules.
See https://vyos.dev/T8937 for the design + spec + plan.
Advances: T8937
🤖 Generated by [robots](https://vyos.io)
|
|
ci(ai-validation): allow Pass 2 review on external-contributor PRs
|
|
The upstream `anthropics/claude-code-action` performs a write-permission
check on `github.actor` before our skip logic runs. On `pull_request_target`
the actor is the PR author; external contributors resolve to `read` and the
action exits 1 with `Actor does not have write permissions to the repository`.
Net effect: AI validation has been failing on every external-contributor PR
(LiudmylaNad, teslazonda, scottlaird in the last 4 weeks) while succeeding
on maintainer PRs. Failure reproduced on run 26541079685 (PR #2061).
Fix: set `allowed_non_write_users: '*'` on the Pass 2 step. The action
bypasses the actor check when this input is set and `github_token` is
provided (already the case). The action also auto-scrubs Anthropic / cloud
/ GHA secrets from subprocess envs when this input is set.
Safe in THIS workflow because the existing defense-in-depth bounds what
Pass 2 can do with untrusted PR content:
- `allowedTools` restricted to inline-comment + read-only surfaces
- `github_token` is the PR-scoped default (not the broader VYOS_APP_ID)
- prompt marks PR content as untrusted via `<UNTRUSTED-PR-CONTENT>`
- workspace-wipe removes `CLAUDE.md` / `.claude/` before Pass 2
- prepare bundles MD via `git show HEAD:<path>` (blob, not `cp`)
Full rationale inlined as a comment block above the new input.
🤖 Generated by [robots](https://vyos.io)
|
|
ci: remove PR mirror workflow
|
|
The mirror caller has been disabled and the target mirror repo at
VyOS-Networks/vyos-documentation has been removed. Drop the workflow
file so the repo state reflects "this repo does not mirror" without
relying on a dangling disabled workflow.
|
|
* docs: Update Static page to VyOS 1.5 standards
* Update static.md
* Remove needless words
* Fix an incorrect fact about RIB not preserving routes after interface state changes
---------
Co-authored-by: Daniil Baturin <daniil@baturin.org>
|
|
(#2047)
|
|
* docs: Update BFD page to VyOS 1.5 standards
* Update bfd.md
* Remove mentions of security from the minimum-ttl section
---------
Co-authored-by: Daniil Baturin <daniil@baturin.org>
|
|
* docs: Update IGMP Proxy page to VyOS 1.5 standards
* Minor formatting corrections
* docs: use RFC 5737 IP range
* Apply suggestions from code review
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Update igmp-proxy.md
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
|
|
|
|
|