Skip to content

feat: Hecate: Tunnel & Pathway Manager#975

Merged
Wikid82 merged 44 commits intodevelopmentfrom
feature/hecate
Apr 27, 2026
Merged

feat: Hecate: Tunnel & Pathway Manager#975
Wikid82 merged 44 commits intodevelopmentfrom
feature/hecate

Conversation

@Wikid82
Copy link
Copy Markdown
Owner

@Wikid82 Wikid82 commented Apr 26, 2026

placeholder...

@Wikid82 Wikid82 self-assigned this Apr 26, 2026
@Wikid82 Wikid82 added enhancement New feature or request beta Part of beta release backend Server-side code frontend UI/UX code feature New functionality security Security-related ui User interface deployment Docker, installation ux manual-testing labels Apr 26, 2026
@Wikid82 Wikid82 added this to Charon Apr 26, 2026
@github-project-automation github-project-automation Bot moved this to Backlog in Charon Apr 26, 2026
@Wikid82 Wikid82 moved this from Backlog to In Progress in Charon Apr 26, 2026
This was linked to issues Apr 26, 2026
Tailscale Network Integration for Server Discovery #44
Closed
[Tailscale] Implement API Client & Node Discovery #45
Closed
[Tailscale] Connection Wizard & Server List UI #46
Closed
Cloudflare Tunnel Integration for Secure Remote Access #47
Closed
[Cloudflare] API Client & Tunnel Management #48
Closed
[Cloudflare] Config Generator & Setup Wizard UI #49
Closed
ZeroTier Network Integration for Overlay Networking #50
Closed
Hecate: Tunnel & Pathway Manager #368
Open
Orthrus: Remote Socket Proxy Agent #369
Closed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 26, 2026
edited
Loading

✅ Supply Chain Verification Results

PASSED

📦 SBOM Summary

  • Components: 1487

🔍 Vulnerability Scan

Severity Count
🔴 Critical 0
🟠 High 0
🟡 Medium 5
🟢 Low 2
Total 7

📎 Artifacts

  • SBOM (CycloneDX JSON) and Grype results available in workflow artifacts

Generated by Supply Chain Verification workflow • View Details

@github-advanced-security
Copy link
Copy Markdown
Contributor

github-advanced-security AI commented Apr 26, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 26, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 75.06173% with 404 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
backend/internal/api/handlers/hecate_handler.go 51.50% 106 Missing and 7 partials ⚠️
backend/internal/api/handlers/hecate_ws_handler.go 0.00% 50 Missing ⚠️
backend/internal/hecate/manager.go 79.88% 36 Missing ⚠️
backend/internal/services/hecate_service.go 52.30% 17 Missing and 14 partials ⚠️
backend/internal/services/orthrus_service.go 76.19% 19 Missing and 6 partials ⚠️
backend/internal/orthrus/ca.go 73.03% 12 Missing and 12 partials ⚠️
...d/internal/hecate/providers/zerotier/api_client.go 80.55% 7 Missing and 7 partials ⚠️
...d/internal/hecate/providers/cloudflare/provider.go 87.25% 10 Missing and 3 partials ⚠️
backend/internal/orthrus/server.go 85.22% 8 Missing and 5 partials ⚠️
backend/internal/orthrus/session.go 78.68% 9 Missing and 4 partials ⚠️
... and 13 more

📢 Thoughts on this report? Let us know!

actions-user and others added 17 commits April 27, 2026 02:39
@actions-user
chore: add backend/providers_coverage.txt to .gitignore
b202ed1
@actions-user
feat: implement Cloudflare tunnel provider and API client
52a3533
@actions-user
test: add comprehensive tests for Cloudflare tunnel provider function…
237c18d 
…ality
@actions-user
feat: add Tailscale provider and API client implementation with devic…
45b3bcd 
…e listing functionality
@actions-user
feat: implement ZeroTier provider with API client and network/member …
6a4438b 
…management
@actions-user
chore: update .gitignore to generalize coverage file patterns
effe378
@actions-user
feat: add NetBird provider implementation with API client and tests
87b9e5f
@Wikid82
Merge branch 'development' into feature/hecate
f957b37
@Wikid82
Merge branch 'development' into feature/hecate
53ce1ff
@actions-user
feat(hecate): wire Hecate/Orthrus routes and Caddy upstream integration
ed2d380 
- Register Hecate TunnelManager with all provider factories in routes
- Add Orthrus CA initialization and WebSocket endpoint registration
- Introduce OrthrusAddrResolver interface to break caddy to orthrus import cycle
- Implement resolveOrthrusHosts for dynamic orthrus:<uuid> upstream resolution
- Add SetOrthrusServer to caddy.Manager for live agent proxy addr injection
- Fix race condition in Orthrus WebSocket session registration test
@actions-user
feat(hecate): implement Hecate REST handler and WebSocket streaming f…
bb6e60a 
…or tunnel logs

Co-authored-by: Copilot <copilot@github.com>
@actions-user
feat(hecate): add OrthrusHandler and associated REST routes for agent…
8cb9fcb 
… management
@actions-user
test(crowdsec): update TestGetAcquisitionConfigNotPresent to check fo…
9a56719 
…r 404 status
@actions-user
feat(hecate): add Hecate CA certificate and improve Orthrus server in…
206b7c7 
…itialization error handling
@actions-user
feat(cloudflare): add GetClient method to retrieve CloudflareClient i…
542b0c7 
…nstance
@actions-user
feat(hecate): add GetProviderByType method to retrieve active tunnel …
a9840f2 
…provider by type
@actions-user
feat(hecate): add GetManager method to provide access to the TunnelMa…
c43c90a 
…nager
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 27, 2026
View reviewed changes
Comment thread backend/internal/hecate/manager.go
Comment on lines +161 to +164
logger.Log().WithFields(logrus.Fields{
"uuid": uuid,
"provider": string(cfg.Provider),
}).Warn("hecate: no factory registered for provider type, skipping")
Comment thread backend/internal/hecate/manager.go
Comment on lines +296 to +300
logger.Log().WithFields(logrus.Fields{
"uuid": uuid,
"state": string(state),
"delay": delay.String(),
}).Warn("hecate: tunnel in error/stopped state, scheduling restart")
Comment thread backend/internal/hecate/manager.go
Comment on lines +316 to +319
logger.Log().WithFields(logrus.Fields{
"uuid": uuid,
"error": err.Error(),
}).Error("hecate: failed to restart tunnel")
actions-user and others added 9 commits April 27, 2026 06:10
@actions-user
fix(go.mod): update go-isatty to v0.0.22 for improved compatibility
27d1a72
@actions-user
feat(docker): add Dockerfile for building and running orthrus-agent
905e41e
@actions-user
feat(go.mod): initialize go.mod and go.sum for dependency management
ff57020
@actions-user
feat(cert): implement LoadOrGenerate function for TLS certificate man…
366a14c 
…agement
@actions-user
fix(go.work): format use directives for better readability and add go…
85a2a6a 
…lang.org/x/sys v0.33.0 to go.work.sum

Co-authored-by: Copilot <copilot@github.com>
@actions-user
feat(protocol): add message framing types and structure for Orthrus L…
f24b8ce 
…eash protocol
@actions-user
feat(agent): add initial implementation of orthrus-agent with WebSock…
8edc3c5 
…et support and CLI flags
@actions-user
feat(muzzle): implement HTTP allowlist filter for Docker socket proxy…
103fd37 
… traffic
@actions-user
feat(leash): implement Leash package for reverse WebSocket tunnel and…
8b6d8fe 
… session management
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 27, 2026
View reviewed changes
Comment thread agent/leash/leash.go
// handleDockerStream proxies the stream to the local Docker socket through the Muzzle filter.
func (l *Leash) handleDockerStream(stream *yamux.Stream) {
if err := l.filter.ServeProxy(l.dockerSock, stream, stream); err != nil {
l.log.WithError(err).Debug("leash: docker proxy stream closed")
@Wikid82 Wikid82 merged commit 31914fc into development Apr 27, 2026
38 of 39 checks passed
@github-project-automation github-project-automation Bot moved this from In Progress to Done in Charon Apr 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@Wikid82 Wikid82

Labels

backend Server-side code beta Part of beta release deployment Docker, installation enhancement New feature or request feature New functionality frontend UI/UX code manual-testing security Security-related ui User interface ux

Projects

Charon
Status: Done

Milestone

No milestone

3 participants

@Wikid82 @github-advanced-security @actions-user