### APK Install on OpenWrt Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/architect-orchestrator.md Workaround for installing packages on OpenWrt 25 to avoid service start hangs. Uses '--no-scripts' to skip post-install triggers and manually starts the service. ```shell apk add --no-scripts ``` -------------------------------- ### VLESS mKCP Configuration Example Source: https://github.com/yandexru45/netshift/blob/main/String-example.md Example for VLESS over mKCP with no encryption or security. ```text vless://72e201d7-7841-4a32-b266-4aa3eb776d51@127.0.0.1:17270?type=kcp&encryption=none&headerType=none&seed=AirziWi4ng&security=none#vless-mKCP ``` -------------------------------- ### VLESS XHTTP Configuration Example Source: https://github.com/yandexru45/netshift/blob/main/String-example.md Example for VLESS over XHTTP with no security. ```text vless://c2841505-ec32-4b8d-b6dd-3e19d648c321@127.0.0.1:45507?type=xhttp&encryption=none&path=%2Fxhttppath&host=xhttp&mode=auto&security=none#vless-xhttp ``` -------------------------------- ### SDK Dockerfile Setup Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/packaging-ci-engineer.md Base SDK images for building, requiring an initial setup script for the APK variant. ```dockerfile # sdk/Dockerfile-sdk-* are the base SDK images (feeds update + luci-base); # apk SDK requires running "./setup.sh" first. ``` -------------------------------- ### UCI Configuration Example Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/shell-backend-developer.md Example of how to configure the insecure subscription fetch option in UCI. Uncomment to enable. ```shell #option subscription_insecure '0' ``` -------------------------------- ### VLESS HTTP Upgrade Configuration Examples Source: https://github.com/yandexru45/netshift/blob/main/String-example.md Examples for VLESS over HTTP Upgrade with TLS and ECH, and a Trojan example. ```text vless://9d3f1c0a-2b4e-4f6a-8c1d-7e9a0b2c3d4e@127.0.0.1:23145?type=httpupgrade&encryption=none&path=%2Fhupath&host=google.com&security=tls&sni=google.com#vless-httpupgrade-tls trojan://trojanpass@127.0.0.1:23146?type=httpupgrade&security=tls&sni=google.com&path=%2Fhupath#trojan-httpupgrade-tls ``` -------------------------------- ### Opkg Install Command with Force Flags Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/shell-backend-developer.md Use `--force-downgrade` to handle transitions from version-prefixed to non-prefixed packages and `--force-reinstall` for cases where the package is already installed at the same version. This ensures the package is installed or reinstalled correctly. ```shell opkg install --force-downgrade --force-reinstall "$pkg_file" ``` -------------------------------- ### VLESS HTTP Upgrade (Non-TLS) Configuration Examples Source: https://github.com/yandexru45/netshift/blob/main/String-example.md Examples for VLESS over HTTP Upgrade with no security, TLS, and TLS with ECH. ```text vless://2b98f144-847f-42f7-8798-e1a32d27bdc7@127.0.0.1:47154?type=httpupgrade&encryption=none&path=%2Fhttpupgradepath&host=google.com&security=none#vless-httpupgrade-none vless://76dbd0ff-1a35-4f0c-a9ba-3c5890b7dea6@127.0.0.1:50639?type=httpupgrade&encryption=none&path=%2Fhttpupgradepath&host=google.com&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&sni=google.com#vless-httpupgrade-tls vless://6d229881-50ed-4f3f-995d-bd3e725fdbff@127.0.0.1:57616?type=httpupgrade&encryption=none&path=%2Fhttpupgradepath&host=google.com&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&allowInsecure=1&sni=google.com#vless-httpupgrade-tls-insecure vless://1897e9e4-6f5d-4a85-9512-9192e76c3f04@127.0.0.1:38658?type=httpupgrade&encryption=none&path=%2Fhttpupgradepath&host=google.com&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&sni=google.com&ech=AF3%2BDQBZAAAgACCmXTMzlrdcCk2FyINAWKZ4DBxq4%2BCgmJ69v%2BmH4EMlEQAkAAEAAQABAAIAAQADAAIAAQACAAIAAgADAAMAAQADAAIAAwADAApnb29nbGUuY29tAAA%3D#vless-httpupgrade-tls-ech ``` -------------------------------- ### Verify Installed Version Against Target Version Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/shell-backend-developer.md After an attempted package installation, this code re-reads the installed version, normalizes it, and compares it against the target version. It fails if the installed version does not match the target or is older than the target. ```shell [ "$inst_semver" != "$latest_semver" ] && ! is_min_package_version "$inst_semver" "$latest_semver" ``` -------------------------------- ### VLESS TCP Configuration Examples Source: https://github.com/yandexru45/netshift/blob/main/String-example.md Examples for VLESS over TCP with different security settings. Includes none, REALITY, and TLS with ECH. ```text vless://94792286-7bbe-4f33-8b36-18d1bbf70723@127.0.0.1:34520?type=tcp&encryption=none&security=none#vless-tcp-none vless://e95163dc-905e-480a-afe5-20b146288679@127.0.0.1:16399?type=tcp&encryption=none&security=reality&pbk=tqhSkeDR6jsqC-BYCnZWBrdL33g705ba8tV5-ZboWTM&fp=chrome&sni=google.com&sid=f6&spx=%2F#vless-tcp-reality vless://2e9e8288-060e-4da2-8b9f-a1c81826feb7@127.0.0.1:19316?type=tcp&encryption=none&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&sni=google.com#vless-tcp-tls vless://0235c833-dc29-4202-8a7b-1bbba5b516a2@127.0.0.1:22993?type=tcp&encryption=none&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&allowInsecure=1&sni=google.com#vless-tcp-tls-insecure vless://17776137-e747-4268-a84d-99fd798accac@127.0.0.1:48076?type=tcp&encryption=none&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&sni=google.com&ech=AFP%2BDQBPAAAgACDJXiKG5eoCHfd1MbMxgccxgrbGisBPPe3bz1KVIETUXQAkAAEAAQABAAIAAQADAAIAAQACAAIAAgADAAMAAQADAAIAAwADAAAAAA%3D%3D#vless-tcp-tls-ech ``` -------------------------------- ### Rollback Restore Guard Example Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/shell-backend-developer.md This demonstrates the guard condition for restoring a backup. It first checks if the backup is complete using `updates_backup_is_complete`. If the backup is corrupt or incomplete, it logs an error and avoids restoring, preventing a broken core from being installed. ```shell if updates_backup_is_complete "$backup" "$size"; then mv -f ...; else updates_log "...backup is corrupt/incomplete; NOT restoring to avoid installing a broken core" "error"; fi ``` -------------------------------- ### VLESS gRPC Configuration Examples Source: https://github.com/yandexru45/netshift/blob/main/String-example.md Examples for VLESS over gRPC with various security settings, including REALITY and TLS with ECH. ```text vless://974b39e3-f7bf-42b9-933c-16699c635e77@127.0.0.1:15633?type=grpc&encryption=none&serviceName=TunService&authority=&security=none#vless-gRPC-none vless://651e7eca-5152-46f1-baf2-d502e0af7b27@127.0.0.1:28535?type=grpc&encryption=none&serviceName=TunService&authority=authority&security=reality&pbk=nhZ7NiKfcqESa5ZeBFfsq9o18W-OWOAHLln9UmuVXSk&fp=chrome&sni=google.com&sid=11cbaeaa&spx=%2F#vless-gRPC-reality vless://221ff905-b783-41a0-a6a6-8089eaf3b34b@abc.def.xyz:443?security=reality&type=grpc&headerType=&authority=abc.def.xyz&serviceName=name&mode=gun&sni=abc.def.xyz&fp=chrome&pbk=C3nhDJw02ZU_rjx4GbC54Sp79-ysF5lWIQVWdY4FOnE&sid=#vless-gRPC-reality-mode vless://af1f8b5f-26c9-4fe8-8ce7-6d6366c5c9ce@127.0.0.1:47904?type=grpc&encryption=none&serviceName=TunService&authority=authority&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&sni=google.com#vless-gRPC-tls vless://95f2c4bb-abcb-47ba-bfad-e181c03e4659@127.0.0.1:34530?type=grpc&encryption=none&serviceName=TunService&authority=authority&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&allowInsecure=1&sni=google.com#vless-gRPC-tls-insecure vless://bd39490f-9a4f-49b2-96b6-824190cf89e9@127.0.0.1:27779?type=grpc&encryption=none&serviceName=TunService&authority=authority&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&sni=google.com&ech=AF3%2BDQBZAAAgACBc%2FiNdo4QkTt9eQCQgkOiJVSfA9G6UWAyipaBFtBD%2FVQAkAAEAAQABAAIAAQADAAIAAQACAAIAAgADAAMAAQADAAIAAwADAApnb29nbGUuY29tAAA%3D#vless-gRPC-tls-ech ``` -------------------------------- ### VLESS WebSocket Configuration Examples Source: https://github.com/yandexru45/netshift/blob/main/String-example.md Examples for VLESS over WebSocket with different security settings. Includes none, TLS, and TLS with ECH. ```text vless://d86daef7-565b-4ecd-a9ee-bac847ad38e6@127.0.0.1:12928?type=ws&encryption=none&path=%2Fwspath&host=google.com&security=none#vless-websocket-none vless://fe0f0941-09a9-4e46-bc69-e00190d7bb9c@127.0.0.1:10156?type=ws&encryption=none&path=%2Fwspath&host=google.com&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&sni=google.com#vless-websocket-tls vless://599e8659-e2ef-47d9-bf72-2f9b4b673474@127.0.0.1:36567?type=ws&encryption=none&path=%2Fwspath&host=google.com&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&allowInsecure=1&sni=google.com#vless-websocket-tls-insecure vless://4d21ce62-8723-4c4d-93e3-d586b107aa40@127.0.0.1:51394?type=ws&encryption=none&path=%2Fwspath&host=google.com&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&sni=google.com&ech=AF3%2BDQBZAAAgACD7fjrtDMlcigKXFBKoLn6UDB9%2BWR6HBZpY96DlBiD%2BIwAkAAEAAQABAAIAAQADAAIAAQACAAIAAgADAAMAAQADAAIAAwADAApnb29nbGUuY29tAAA%3D#vless-websocket-tls-ech ``` -------------------------------- ### Get Installed Package Version (Opkg) Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/shell-backend-developer.md Retrieves the currently installed version of a package using `opkg list-installed`, `grep`, `head`, and `awk`. This is a robust way to check the actual installed version, independent of the install command's exit code. ```shell opkg list-installed | grep "^ " | head -n1 | awk -F' - ' '{print $2}' ``` -------------------------------- ### Get Installed Package Version (Apk) Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/shell-backend-developer.md Retrieves the installed version of a package using `apk list --installed` and `awk`. The package name prefix is then stripped from the output. ```shell apk list --installed | awk '{print $1}' | head -n1 ${line#"$pkg"-} ``` -------------------------------- ### Start Sing-Box Monitor with Cleanup Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/shell-backend-developer.md Starts a new sing-box monitor process. It first kills any stale monitors using a helper function and removes the old PID file. This ensures that only one monitor is active and correctly bound to the new sing-box run. ```shell _kill_stale_sing_box_monitors rm -f pidfile exec /bin/ash "$0" __monitor ``` -------------------------------- ### Hysteria2 (hy2) URL Configurations Source: https://github.com/yandexru45/netshift/blob/main/String-example.md These examples show the alternative `hy2://` scheme for Hysteria2 configurations. Similar to the `hysteria2://` scheme, these cover password, insecure connections, SNI, obfuscation, and combined parameters for flexible connection setup. ```url hy2://password@example.com:443/#hysteria2-password ``` ```url hy2://password@example.com:443/?insecure=1#hysteria2-password-insecure ``` ```url hy2://password@example.com:443/?sni=example.com#hysteria2-password-sni ``` ```url hy2://password@example.com:443/?obfs=salamander&obfs-password=obfspassword#hysteria2-obfs ``` ```url hy2://mypassword@example.com:8443/?sni=example.com&obfs=salamander&obfs-password=obfspass&insecure=1#hysteria2-all-params ``` -------------------------------- ### Backup and Verify Copy Example Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/shell-backend-developer.md This snippet shows how to use `cp -p` followed by `updates_verify_copy` to ensure a file is copied correctly and its integrity is verified before proceeding. This is part of the backup gating mechanism. ```shell if ! cp -p ... || ! updates_verify_copy ...; then ``` -------------------------------- ### Install Netshift APK Package on OpenWrt Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/architect-orchestrator.md Installs the Netshift APK package on an OpenWrt device. Requires the APK package to be present in /tmp/. ```bash apk update apk add --allow-untrusted /tmp/netshift-*.apk ``` -------------------------------- ### Install Backend Version Stamp Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/packaging.md Stamps the compiled version into the backend constants file. This operation must succeed. ```makefile Package/netshift/install stamp sed -i -e 's/__COMPILED_VERSION_VARIABLE__/$(PKG_VERSION)/g' $(1)/usr/lib/netshift/constants.sh ``` -------------------------------- ### Idempotent Sing-Box Installation Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/shell-backend-developer.md Ensures that the installation process is idempotent. If the existing sing-box binary is not executable or fails a version check, it is removed before re-extraction and chmod. ```shell updates_install_sing_box_extended ``` -------------------------------- ### Monitor Process Leak Test Setup Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/shell-backend-developer.md This test setup models the condition for a process leak by simulating a scenario where the PID file points to a dead process. It then verifies that the fix correctly identifies and cleans up stale monitors, ensuring only one monitor remains active. ```shell echo 999999 > pidfile # ... then launch the monitor ``` -------------------------------- ### Smoke Test Entrypoint Dispatch Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/packaging.md The `entrypoint.sh` script dispatches smoke tests by category. This example shows the `all` target, which runs a predefined sequence of tests, and lists the available test categories. ```bash exec /entrypoint.sh main "$@" main() { # ... other logic ... case "$1" in all) run_all_tests ;; deps) test_deps ;; syntax) test_syntax ;; config) test_config ;; helpers) test_helpers ;; jq) test_jq_helpers ;; cm) test_config_manager ;; sb) test_sing_box_config ;; nft) test_nft ;; diagnostics) test_diagnostics ;; subscription) test_subscription ;; *) echo "Available: all deps syntax config helpers jq cm sb nft diagnostics subscription" exit 1 ;; esac } run_all_tests() { test_deps test_syntax test_config test_helpers test_jq_helpers test_config_manager test_sing_box_config test_nft test_diagnostics test_subscription } # ... individual test functions ... ``` -------------------------------- ### Shadowsocks Proxy Connection Strings Source: https://github.com/yandexru45/netshift/blob/main/String-example.md Examples of Shadowsocks proxy strings, demonstrating various encryption methods, base64 encoded credentials, and transport types. ```string ss://MjAyMi1ibGFrZTMtYWVzLTI1Ni1nY206ZG1DbHkvWmgxNVd3OStzK0dGWGlGVElrcHc3Yy9xQ0lTYUJyYWk3V2hoWT0@127.0.0.1:25144?type=tcp#shadowsocks-no-client ``` ```string ss://MjAyMi1ibGFrZTMtYWVzLTI1Ni1nY206S3FiWXZiNkhwb1RmTUt0N2VGcUZQSmJNNXBXaHlFU0ZKTXY2dEp1Ym1Fdz06dzRNMEx5RU9OTGQ5SWlkSGc0endTbzN2R3h4NS9aQ3hId0FpaWlxck5hcz0@127.0.0.1:26627?type=tcp#shadowsocks-client ``` ```string ss://2022-blake3-aes-256-gcm:dmCly/Zh15Ww9+s+GFXiFTIkpw7c/qCISaBrai7WhhY=@127.0.0.1:27214?type=tcp#shadowsocks-plain-user ``` -------------------------------- ### jq Mutation Example Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/shell-backend-developer.md Demonstrates how to perform a single jq mutation on a JSON string. The caller is responsible for updating the config variable with the mutated JSON. ```shell config=$(sing_box_cm_... "$config" ...) ``` -------------------------------- ### Install UI Version Stamp Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/packaging.md Stamps the compiled version into the UI constants file. This operation is best-effort and may fail. ```makefile Package/netshift/install stamp sed -i -e 's/__COMPILED_VERSION_VARIABLE__/$(PKG_VERSION)/g' $(1)/usr/lib/netshift/view/netshift/main.js || true ``` -------------------------------- ### Check Sing-box Status via Component Action Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/architect-orchestrator.md Asynchronously installs extended components for Sing-box. The status is retrieved using component_action_status, which returns a JSON object with keys like success, running, exit_code, and message, but not a 'status' key. ```bash component_action_async sing_box install_extended component_action_status ``` -------------------------------- ### Configuring and Compiling Packages in Dockerfile Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/packaging.md After copying the application files, these commands configure the OpenWrt build system with `make defconfig` and then compile the specified package using `make package//compile`. ```dockerfile make defconfig make package//compile ``` -------------------------------- ### Copying Application Files in Dockerfile Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/packaging.md This snippet shows how application source files are copied into the Docker build context. It ensures that both the main application and its LuCI interface are placed in the correct directories within the OpenWrt SDK. ```dockerfile COPY ./netshift feeds/utilities/netshift COPY ./luci-app-netshift feeds/luci/luci-app-netshift ``` -------------------------------- ### Run CI Steps via Local Bins Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/luci-frontend-developer.md Avoid running 'yarn install' as it migrates the yarn.lock file and creates .yarn/ and .yarnrc.yml. Instead, execute CI steps using local binaries found in node_modules/.bin/. Ensure no .yarn or .yarnrc.yml files exist and the yarn.lock file has no pending changes before proceeding. ```bash node_modules/.bin/{prettier --write src, eslint src --ext .ts,.tsx --max-warnings=0, vitest run, tsup src/main.ts} ``` -------------------------------- ### Example of Incorrect JSON Parsing Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/architect-orchestrator.md This example shows the original, flawed method of parsing JSON using grep and cut, which fails on minified JSON. ```bash grep '"tag_name":' | head -n1 | cut -d'"' -f4 ``` -------------------------------- ### Luci-App-Netshift Makefile Configuration Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/packaging-ci-engineer.md Configures the luci-app-netshift package, specifying dependencies and how it stamps a placeholder into main.js. Note the use of '|| true' for softer failure. ```makefile uses "luci.mk" LUCI_DEPENDS += "luci-base netshift" # Stamps the same placeholder into main.js (WITH "|| true", so a missing main.js silently won't stamp). # Asymmetric on purpose — note it. ``` -------------------------------- ### Handling Command Substitution Failures in `set -e` Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/shell-backend-developer.md Demonstrates how to handle commands that are expected to fail under `set -e` without aborting the script. Instead of direct command substitution, output is redirected to a temporary file, and the exit code is captured manually. ```shell x="$(cmd-that-returns-nonzero)" ``` ```shell cmd > tmpfile 2>/dev/null || rc=$? ``` -------------------------------- ### Trojan gRPC Configurations Source: https://github.com/yandexru45/netshift/blob/main/String-example.md Examples of Trojan configurations using the gRPC transport with various security settings, including none, TLS, and Reality. Some TLS examples include insecure options or ECH. ```plaintext trojan://WMR7qkKhsV@127.0.0.1:27897?type=grpc&serviceName=TunService&authority=authority&security=none#trojan-gRPC-none trojan://KVuRNsu6KG@127.0.0.1:46077?type=grpc&serviceName=TunService&authority=authority&security=reality&pbk=Xn59i4gum3ppCICS6-_NuywrhHIVVAH54b2mjd5CFkE&fp=chrome&sni=google.com&sid=e5be&spx=%2F#trojan-gRPC-reality trojan://7BJtbywy8h@127.0.0.1:10627?type=grpc&serviceName=TunService&authority=authority&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&sni=google.com#trojan-gRPC-tls trojan://TI3PakvtP4@127.0.0.1:10435?type=grpc&serviceName=TunService&authority=authority&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&allowInsecure=1&sni=google.com#trojan-gRPC-tls-insecure trojan://mbzoVKL27h@127.0.0.1:38681?type=grpc&serviceName=TunService&authority=authority&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&ech=AF3%BDQBZAAAgACCq72Ru3VbFlDpKttl3LccmInu8R2oAsCr8wzyxB0vZZQAkAAEAAQABAAIAAQADAAIAAQACAAIAAgADAAMAAQADAAIAAwADAApnb29nbGUuY29tAAA%3D&sni=google.com#trojan-gRPC-tls-ech ``` -------------------------------- ### Importing Custom jq Helpers Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/backend-shell.md Demonstrates how to import a local jq helper file into your script. This allows for modularity and reuse of common jq logic. ```jq import "helpers" as h {"search": "/usr/lib/netshift"}; ``` -------------------------------- ### Trojan TCP Configurations Source: https://github.com/yandexru45/netshift/blob/main/String-example.md Examples of Trojan configurations using the TCP transport with various security settings including none, TLS, and Reality. Some TLS examples include insecure options or ECH. ```plaintext trojan://04agAQapcl@127.0.0.1:33641?type=tcp&security=none#trojan-tcp-none trojan://cME3ZlUrYF@127.0.0.1:43772?type=tcp&security=reality&pbk=DckTwU6p6pTX9QxFXOi6vH4Vzt_RCE1vMCnj2c6hvjw&fp=chrome&sni=google.com&sid=221a80cf94&spx=%2F#trojan-tcp-reality trojan://EJjpAj02lg@127.0.0.1:11381?type=tcp&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&sni=google.com#trojan-tcp-tls trojan://ZP2Ik5sxN3@127.0.0.1:16247?type=tcp&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&allowInsecure=1&sni=google.com#trojan-tcp-tls-insecure trojan://90caP481ay@127.0.0.1:59708?type=tcp&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&ech=AF3%BDQBZAAAgACC2y%2BAe4dqthLNpfvmtE6g%2BnaJ%2FciK6P%2BREbRLkR%2Fg%2FEgAkAAEAAQABAAIAAQADAAIAAQACAAIAAgADAAMAAQADAAIAAwADAApnb29nbGUuY29tAAA%3D&sni=google.com#trojan-tcp-tls-ech ``` -------------------------------- ### Fake Opkg Stub for Testing Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/shell-backend-developer.md A modified opkg stub used in smoke tests. It parses install commands to extract the package file path, even with extra flags. It simulates successful installs by updating a list file, but can be configured via `$SU_NOOP` to simulate no-operation scenarios. ```shell while ...; case --*) shift;; *) break;; esac $1 ``` ```shell if [ "$SU_NOOP" = "1" ]; then # Keep old version in installed.list else # Rewrite netshift line to target version fi ``` -------------------------------- ### Build Netshift APK Package Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/architect-orchestrator.md Builds the Netshift agent package using Docker for an APK-based OpenWrt system. Replace `` with the desired Netshift version. ```bash docker build -f Dockerfile-apk --build-arg NETSHIFT_VERSION= -t netshift-apk:test . ``` -------------------------------- ### Build Agent Packages with Docker Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/packaging.md This snippet demonstrates building agent packages using Dockerfiles. It specifies the build matrix for `ipk` and `apk` types, passes the derived `NETSHIFT_VERSION`, and extracts the built packages from the Docker container. ```yaml build: needs: preparation strategy: matrix: type: ["ipk", "apk"] runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Build packages run: | docker compose -f Dockerfile-${{ matrix.type }} build docker create --name netshift-builder netshift-builder docker cp netshift-builder:/builder/bin/packages/x86_64/utilities/. ./built-packages/ docker cp netshift-builder:/builder/bin/packages/x86_64/luci/. ./built-packages/ docker rm netshift-builder - uses: actions/upload-artifact@v4 with: name: packages-${{ matrix.type }} path: ./built-packages/ ``` -------------------------------- ### Trojan XHTTP Configuration Source: https://github.com/yandexru45/netshift/blob/main/String-example.md An example of a Trojan configuration using the XHTTP transport with no security. ```plaintext trojan://VEetltxLtw@127.0.0.1:59072?type=xhttp&path=%2Fxhttppath&host=google.com&mode=auto&security=none#trojan-xhttp ``` -------------------------------- ### Trojan mKCP Configuration Source: https://github.com/yandexru45/netshift/blob/main/String-example.md An example of a Trojan configuration using the mKCP transport with no security. ```plaintext trojan://N5v7iIOe9G@127.0.0.1:36319?type=kcp&headerType=none&seed=P91wFIfjzZ&security=none#trojan-mKCP ``` -------------------------------- ### Test Backup Integrity - Fixture Creation Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/shell-backend-developer.md This snippet shows how to create fixture files for testing backup integrity. It uses `dd` to generate complete and truncated versions of a source file, which are then used to test the backup and rollback helper functions. ```shell builds 64-byte src + complete + 10-byte truncated fixtures via `dd` ``` -------------------------------- ### jq Import with Custom Search Path Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/shell-backend-developer.md Shows how to import a jq module ('helpers') and specify a custom search path for it. This is useful for organizing jq logic into reusable modules. ```jq import "helpers" as h {"search":"/usr/lib/netshift"} ``` -------------------------------- ### Test Backup Integrity - Helper Function Driving Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/shell-backend-developer.md This demonstrates driving the backup integrity test by invoking the helper functions (`updates_verify_copy`, `updates_backup_is_complete`, `updates_stable_rollback`) with both truncated and complete backup fixtures. It asserts that the live marker survives truncated rollbacks and is overwritten by complete ones. ```shell drives the 3 helpers + `updates_stable_rollback` with truncated vs complete backups ``` -------------------------------- ### Rendering a Button Component Source: https://github.com/yandexru45/netshift/blob/main/docs/agent-rules/memory/luci-frontend-developer.md Example of using a reusable renderButton function to create a button element with specific text, an onClick handler, and custom class names. ```typescript import { renderButton } from '../../../../partials'; // ... inside a component render function ... renderButton({ text: _('Test latency'), onClick: () => testLatency(), classNames: ['dashboard-sections-grid-item-test-latency'], }); ``` -------------------------------- ### Trojan HTTPUpgrade Configurations Source: https://github.com/yandexru45/netshift/blob/main/String-example.md Examples of Trojan configurations using the HTTPUpgrade transport with different security settings, including none, TLS, and TLS with insecure options or ECH. ```plaintext trojan://uc44gBwOKQ@127.0.0.1:29085?type=httpupgrade&path=%2Fhttpupgradepath&host=google.com&security=none#trojan-httpupgrade-none trojan://MhNxbcVB14@127.0.0.1:32700?type=httpupgrade&path=%2Fhttpupgradepath&host=google.com&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&sni=google.com#trojan-httpupgrade-tls trojan://7SOQFUpLob@127.0.0.1:28474?type=httpupgrade&path=%2Fhttpupgradepath&host=google.com&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&allowInsecure=1&sni=google.com#trojan-httpupgrade-tls-insecure trojan://ou8pLSyx9N@127.0.0.1:17737?type=httpupgrade&path=%2Fhttpupgradepath&host=google.com&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&ech=AF3%BDQBZAAAgACB%2FlkIkit%2BblFzE7PtbYDVF3NXK8olXJ5a7YwY%2Biy9QQwAkAAEAAQABAAIAAQADAAIAAQACAAIAAgADAAMAAQADAAIAAwADAApnb29nbGUuY29tAAA%3D&sni=google.com#trojan-httpupgrade-tls-ech ```