Skip to content
This repository was archived by the owner on Jul 4, 2026. It is now read-only.

v0.4.0 — Huawei config parsing + security acceptance audit

Choose a tag to compare

@zynovex-support zynovex-support released this 16 Jun 00:51

Source-traceable IR for Huawei VRP/USG configs, plus vrp-ir audit — a bilingual (zh/en) security acceptance report where every finding cites the exact config line.

Highlights (v0.1 → v0.4)

  • Routing/switching: VLANs (batch ranges), VRF (RD/RT), interfaces (link-type, trunk allow-pass, Eth-Trunk, dot1q sub-if, secondary IPv4, VRF binding), ACLs, static routes — all with field-level SourceRef provenance.
  • USG firewall: firewall zone, security-policy (rule name with zones / addresses / services / profiles / action / logging), nat server, hrp.
  • Security acceptance audit (vrp-ir audit): permit-any (policy default action + rule scope), session logging, one-interface-per-zone, HRP — each finding line-cited. Markdown (zh/en) or JSON; --strict for CI gating.
  • Zero runtime dependencies · 41 tests · CI on Python 3.9 & 3.12 · Apache-2.0.

The gap it fills

Batfish marks Huawei VRP as unsupported; ntc-templates only parses show-command output; ciscoconfparse exposes a line number but not field-level provenance. No open-source tool gives Huawei config → field-level file:line provenance + acceptance verdicts.

vrp-ir is the open core of AegisTwin (Huawei security-integration acceptance). Commercial / support: see the README.