Skip to content

feat(cli): detect network location and adapt connection method per profile#3304

Open
pengpeng wants to merge 1 commit into
mainfrom
cli/profile-location-detection
Open

feat(cli): detect network location and adapt connection method per profile#3304
pengpeng wants to merge 1 commit into
mainfrom
cli/profile-location-detection

Conversation

@pengpeng

@pengpeng pengpeng commented Jun 8, 2026
edited by cursor Bot
Loading

Copy link
Copy Markdown
Member

Summary

Teaches olares-cli where it sits on the network relative to an Olares instance and makes every command use the fastest reachable connection method automatically.

  • Probe on login/import: detect the CLI's position — lan (http://...olares.local), host (public host via the in-cluster DNS 10.233.0.3), cluster (in-pod), or external (public) — persist it on the profile, and derive scheme + host + DNS resolver from it at runtime.
  • Probe order: lan -> host/cluster (intranet via 10.233.0.3, host vs cluster decided by whether the connection source IP falls in 100.64.0.0/10) -> external. Any HTTP response counts as reachable; all-fail yields a friendly UnreachableError.
  • Runtime adaptivity: on a switchable mid-request transport error (DNS / refused / net-down / timeout, replayable body only) the location is re-probed and the request retried against the new method. A 30s outage cooldown makes back-to-back commands fail fast during sustained outages, and the friendly unreachable message is surfaced (raw cause kept via Unwrap).
  • Unified detect: profile whoami (and the post-login eager pass) detect location + role + backend version together and persist them in a single locked config.json write.
  • Cross-process safety: all config.json writers (login/import, use, remove, location/role/version) go through a flock-guarded read-modify-write.
  • profile list: new LOCATION column; --refresh re-detects the current profile.

Notable files

  • cli/pkg/olares/location.goLocation type + per-location URL/endpoint derivation
  • cli/pkg/access/ProbeLocation, location-aware transports, net-error classification, UnreachableError
  • cli/pkg/cmdutil/factory.go — location-aware refreshing transport, re-probe/switch, cooldown
  • cli/pkg/whoami/detect.go — unified detect with one batched write
  • cli/pkg/cliconfig/Location fields + lock.go cross-process locking

Test plan

  • go build ./...
  • go vet + go test for pkg/access, pkg/cliconfig, pkg/cmdutil, pkg/olares, pkg/credential, cmd/ctl/profile
  • New unit coverage: probe ordering/short-circuit/source-IP (via an injectable probe seam), config locking, outage cooldown re-arm, UnreachableError surfacing
  • Manual matrix (reviewer): exercise each location (LAN, on-host, in-pod, public) and confirm the probed location and the connection method used
  • Manual: drop connectivity mid-command, confirm re-probe/switch and the friendly unreachable message + cooldown

Made with Cursor

Note

Medium Risk
Touches all authenticated HTTP traffic (transport, refresh, login) and concurrent config writes; behavior changes when LAN/intranet paths exist, though external-only setups should largely match prior public-URL behavior.

Overview
Adds per-profile network location (external / lan / host / cluster) so the CLI picks the fastest reachable path (LAN HTTP, intranet via cluster DNS, in-pod, or public HTTPS) instead of always using public URLs.

Login/import probe before auth, persist Location on the profile, and pass Location into auth.Login / auth.Refresh. Post-login eager detect is unified (eagerDetect via whoami.DetectAndCache) for role + backend version at the probed location. profile whoami and profile list --refresh re-detect location, role, and version together; list gains a LOCATION column. --refresh-version is removed in favor of those refresh paths.

New pkg/access implements ProbeLocation, location-aware Transport, switchable net-error classification, and UnreachableError. pkg/olares adds Location, Endpoints, and RebaseURL; service URLs derive from location. cmdutil.Factory backfills unknown locations, shares a mutable locationState, and on switchable transport errors re-probes, retries once, persists switches, and applies a 30s outage cooldown with friendly errors.

config.json gains location fields plus UpdateLocked / SetDetectResults (single locked write for detect). Profile use/remove/persist mutate config under the same lock to avoid races with background location updates.

Reviewed by Cursor Bugbot for commit 3ef6e0c. Bugbot is set up for automated code reviews on this repo. Configure here.

@pengpeng @cursoragent
feat(cli): detect network location and adapt connection method per pr…
3ef6e0c 
…ofile

Probe where the CLI sits relative to an Olares instance (lan / host /
cluster / external) during profile login & import, persist it, and select
the fastest reachable connection method (URL scheme + host + DNS resolver)
on every command. On a mid-request transport error the location is
re-probed and the request retried against the new method, with a short
outage cooldown to fail fast during sustained outages.

- pkg/olares: Location type + per-location URL/endpoint derivation
- pkg/access: ProbeLocation (lan -> host/cluster via 10.233.0.3 + source-IP
  discrimination -> external), location-aware transports, net-error
  classification, and a friendly UnreachableError surfaced on outage
- pkg/cmdutil: location-aware refreshing transport, re-probe/switch on
  switchable net errors, outage cooldown
- pkg/whoami: unified detect (location + role + backend version) with a
  single locked config write
- pkg/cliconfig: Location fields + cross-process config.json file locking
- profile commands: probe on login/import, LOCATION column in `list`,
  `whoami`/`list --refresh` re-detect

Adds unit coverage across access/cliconfig/cmdutil and a probe injection
seam for deterministic ordering/short-circuit tests.

Co-authored-by: Cursor <cursoragent@cursor.com>
@vercel

vercel Bot commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
olares Ready Ready Preview, Comment Jun 9, 2026 3:10am
1 Skipped Deployment
Project Deployment Actions Updated (UTC)
olares-docs Ignored Ignored Jun 9, 2026 3:10am

cursor[bot]
cursor Bot reviewed Jun 8, 2026
View reviewed changes

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 3ef6e0c. Configure here.

Comment thread cli/cmd/ctl/profile/login.go
OlaresID: olaresID,
Password: password,
TOTP: o.totp,
Location: loc,

@cursor cursor Bot Jun 8, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probe and auth TLS mismatch

Medium Severity

On profile login and profile import, probeProfileLocation uses the merged profile’s InsecureSkipVerify, but auth.Login / auth.Refresh still use the CLI flag o.insecureSkipVerify. Re-auth on a profile that already has TLS verification disabled in config (without passing the flag again) can pass the probe then fail authentication with certificate errors.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 3ef6e0c. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pengpeng