wg-wrap.git - wg-wrap runs commands in network namespaces configured with userspace wireguard tunnels.

Age	Commit message (Collapse)	Author
2 days	feat: implement system preflight checks and health diagnostics	James O'Doherty
	Introduced a tiered system verification mechanism to improve reliability and provide actionable feedback to users, avoiding false positives in the critical execution path. Key changes: - Implement `CheckSystemRequirements` for critical, non-ambiguous requirements (e.g., TUN device availability) to ensure fatal environment issues are caught immediately during bootstrap. - Implement a user-facing `healthcheck` command that provides comprehensive diagnostics and actionable configuration hints for common misconfigurations (e.g., unprivileged user namespaces, subuid/subgid mappings, and kernel sysctls). - Refactor the `FileSystem` interface to support full mockability, allowing for exhaustive unit testing of diagnostic logic. - Add comprehensive unit tests in `internal/namespace/preflight_test.go` covering various Linux distributions, privilege levels, and hardware availability scenarios. - Ensure code quality through formatting, static analysis (golangci-lint), and validation of all existing unit, integration, and E2E tests.
3 days	refactor: implement dependency injection and enable parallel testing	James O'Doherty
	This commit refactors the core system operations to use a manager-based dependency injection pattern, eliminating global state and resolving data races in the test suite. Architecture: - Introduced NetworkManager and NetworkOps interface in internal/network to abstract netlink calls. - Introduced MountOps and FileSystem interfaces in internal/namespace to abstract mount and filesystem operations. - Introduced TunnelManager in internal/wireguard to coordinate tunnel lifecycle using the new abstractions. - Updated internal/cli and internal/manager to use these managers. Testing: - Restored t.Parallel() to unit tests in internal/network and internal/wireguard. - Implemented setupParallelEnv and an enhanced mockFS in wireguard_unit_test.go to ensure complete test isolation. - Added bootstrap_test.go to verify launcher preparation logic in internal/namespace without requiring syscall.Exec. - Resolved data races in internal/network tests. CLI: - Added support for -h, --help, and -help flags for the main command. Verification: - Passed all tests (unit, integration, E2E). - Verified zero data races with 'go test -race'. - Passed golangci-lint and go vet.