Keep the N always-on tunnel slots fixed but let each slot's WireGuard config
rotate through a larger pool, so a 10-concurrent provider cap (e.g. Proton) can
still cycle 50-100 profiles.
- lxc/rotate.sh + weircon-rotate.{service,timer}: round-robin one slot at a
time through wg-pool/, repointing a symlink and restarting only that slot.
- service: proxyManager tracks per-slot in-flight + drain/undrain state; a
localhost admin server (WEIRCON_ADMIN_LISTEN) lets rotate.sh drain a slot
before teardown and warm it back in after, so no request is routed to a
tunnel mid-rotation. Slots self-heal if undrain never arrives.
- GET /status: poll-friendly JSON of per-slot egress IP/state plus inferred
next-rotation slot + ETA, fed by a background egress-IP prober.
- docs + env examples for all new knobs.
The release step created releases with no body. Read the tag's annotation
into RELEASE_NOTES.md and pass it via body_path so each release carries
purpose-written notes. Fetch full history so the annotated tag object is
available to the build.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The fetch service only stripped the four X-Weircon-* control headers, so
any forwarding header injected upstream (X-Forwarded-For, X-Real-IP, Via,
CDN client-IP headers, …) passed straight through to the target — leaking
the caller's IP and proxy chain.
- Replace stripWeircon with stripIdentifying: removes the control headers
plus all standard forwarding/origin-IP headers, with a prefix sweep for
any vendor-specific X-Forwarded-* variant.
- NPM advanced.conf clears the same headers (defense in depth).
- Add TestStripIdentifying covering removal + survival of legit headers.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
When downloading a release asset over HTTP the executable bit is lost,
so checking '-x' would always fail. Check existence instead and chmod
unconditionally. Update the error message to cover the three common
install paths.
Asger Weirsøe