This repository was archived by the owner on Jul 4, 2026. It is now read-only.
v0.4.0 — Huawei config parsing + security acceptance audit
Source-traceable IR for Huawei VRP/USG configs, plus vrp-ir audit — a bilingual (zh/en) security acceptance report where every finding cites the exact config line.
Highlights (v0.1 → v0.4)
- Routing/switching: VLANs (batch ranges), VRF (RD/RT), interfaces (link-type, trunk allow-pass, Eth-Trunk, dot1q sub-if, secondary IPv4, VRF binding), ACLs, static routes — all with field-level
SourceRefprovenance. - USG firewall:
firewall zone,security-policy(rule namewith zones / addresses / services / profiles / action / logging),nat server,hrp. - Security acceptance audit (
vrp-ir audit): permit-any (policy default action + rule scope), session logging, one-interface-per-zone, HRP — each finding line-cited. Markdown (zh/en) or JSON;--strictfor CI gating. - Zero runtime dependencies · 41 tests · CI on Python 3.9 & 3.12 · Apache-2.0.
The gap it fills
Batfish marks Huawei VRP as unsupported; ntc-templates only parses show-command output; ciscoconfparse exposes a line number but not field-level provenance. No open-source tool gives Huawei config → field-level file:line provenance + acceptance verdicts.
vrp-ir is the open core of AegisTwin (Huawei security-integration acceptance). Commercial / support: see the README.