Add ssh policy info for peers

[heisbrot]

Summary by CodeRabbit

• New Features
  • Added default system announcements displayed at app startup
  • Redesigned SSH enablement workflow with tabbed CLI and Desktop Client options
  • Integrated SSH policy creation directly into peer configuration interface
  • Enhanced access control modal with intelligent pre-filled values for protocol, ports, and destination resources

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Added SSH policy management UI components and hooks for peer SSH access control. Enhanced AccessControlModal to accept pre-filled initial values for protocol, ports, and destination resource. Updated AnnouncementProvider with non-empty initial announcements array. Extended PeerProvider to pass peer data to SSH instructions component.

Changes

Cohort / File(s)	Summary
Announcement Initialization src/contexts/AnnouncementProvider.tsx	Introduced non-empty initialAnnouncements array with metadata; changed initialization path to derive AnnouncementInfo objects with hash-based open/closed state determination instead of starting empty.
Peer SSH Policy Components src/modules/peer/PeerSSHInstructions.tsx, src/modules/peer/PeerSSHPolicyInfo.tsx, src/modules/peer/PeerSSHPolicyModal.tsx	Added tabbed CLI vs Desktop Client UI to SSH flow; introduced new components for SSH policy info display and policy creation modal; added optional peer prop to receive current peer data; extended step content with policy requirement notices and creation triggers.
Peer SSH Policy Hook src/modules/peer/usePeerSSHPolicyCheck.ts	New hook to fetch policies and derive peer-specific SSH policy visibility; filters policies by protocol/ports, validates SSH port 22 availability, computes hasSSHPolicy and showSSHPolicyInfo states.
Peer Component Integration src/modules/peer/PeerSSHToggle.tsx, src/contexts/PeerProvider.tsx	Rendered PeerSSHPolicyInfo component in PeerSSHToggle; passed peer prop to PeerSSHInstructions in PeerProvider.
Access Control Modal Enhancement src/modules/access-control/AccessControlModal.tsx, src/modules/access-control/useAccessControl.ts	Added three new optional props to both modal and hook: initialProtocol, initialPorts, initialDestinationResource; extended initialization logic to use initial values as fallbacks; imported PolicyRuleResource from Policy interface.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant PeerSSHToggle
    participant PeerSSHPolicyInfo
    participant usePeerSSHPolicyCheck
    participant PeerSSHPolicyModal
    participant AccessControlModal

    User->>PeerSSHToggle: View peer SSH options
    PeerSSHToggle->>usePeerSSHPolicyCheck: Check SSH policy status
    usePeerSSHPolicyCheck->>usePeerSSHPolicyCheck: Fetch policies & filter<br/>for peer SSH access
    alt SSH policy exists
        usePeerSSHPolicyCheck-->>PeerSSHToggle: showSSHPolicyInfo = false
    else No SSH policy
        usePeerSSHPolicyCheck-->>PeerSSHToggle: showSSHPolicyInfo = true
        PeerSSHToggle->>PeerSSHPolicyInfo: Render policy info callout
        User->>PeerSSHPolicyInfo: Click "Create SSH Policy"
        PeerSSHPolicyInfo->>PeerSSHPolicyModal: Open with peer data
        PeerSSHPolicyModal->>AccessControlModal: Initialize with<br/>ports=[22], protocol="tcp",<br/>destinationResource=peer
        User->>AccessControlModal: Create SSH policy
        AccessControlModal-->>PeerSSHPolicyModal: Policy created
        PeerSSHPolicyModal-->>PeerSSHPolicyInfo: Close modal
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Areas requiring extra attention:
  • usePeerSSHPolicyCheck.ts: Complex policy filtering logic with multiple conditions (disabled status, protocol/port validation, port range checking) needs careful verification of filter correctness
  • PeerSSHInstructions.tsx: Significant UI restructuring with conditional rendering based on client type; verify step content completeness and user flow coherence
  • useAccessControl.ts prop threading: Ensure initial value precedence chain (firstRule → initial prop → default) is correctly implemented across all three new props

Possibly related PRs

• Bump browser ssh versions for ssh rewrite #510: Modifies the same PeerSSHInstructions.tsx file with description and command changes; may require conflict resolution or coordinated merging.

Suggested reviewers

• lixmal

Poem

🐰 A rabbit hops through SSH gates,
With policies that seal the fates,
Pre-filled forms and modals bright,
Access flows now feel just right! 🔐✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add ssh policy info for peers' accurately describes the main changes—introducing SSH policy visibility and info components throughout the peer modules.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/add-ssh-info

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

src/modules/access-control/AccessControlModal.tsx (1)

48-48: Initial protocol/ports/destination resource are wired through correctly

The additions of initialProtocol, initialPorts, and initialDestinationResource to ModalProps, their destructuring in AccessControlModalContent, and forwarding into useAccessControl are consistent and backward‑compatible (all optional). Consider updating any API docs/usages to mention these new prefill options.

Also applies to: 119-122, 134-137, 179-182

src/modules/access-control/useAccessControl.ts (1)

9-14: Access‑control prefill and peer destination handling are consistent

The new initialProtocol, initialPorts, and initialDestinationResource props are correctly threaded into state initialization, and the isDestinationPeer checks ensure peer destinations don’t get treated as generic “resources only” for warnings or direction forcing. If you ever need to support an explicit “no ports” override, you might tighten the initialPorts check to if (initialPorts && initialPorts.length > 0); for the current SSH use case ([22]), the existing logic is fine.

Also applies to: 19-29, 33-43, 88-90, 107-109, 141-147, 294-297, 299-337

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d81b75a and 46fd136.

📒 Files selected for processing (9)

• src/contexts/AnnouncementProvider.tsx (1 hunks)
• src/contexts/PeerProvider.tsx (1 hunks)
• src/modules/access-control/AccessControlModal.tsx (4 hunks)
• src/modules/access-control/useAccessControl.ts (6 hunks)
• src/modules/peer/PeerSSHInstructions.tsx (3 hunks)
• src/modules/peer/PeerSSHPolicyInfo.tsx (1 hunks)
• src/modules/peer/PeerSSHPolicyModal.tsx (1 hunks)
• src/modules/peer/PeerSSHToggle.tsx (2 hunks)
• src/modules/peer/usePeerSSHPolicyCheck.ts (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (7)

src/modules/access-control/AccessControlModal.tsx (1)

src/interfaces/Policy.ts (2)

• Protocol (40-40)
• PolicyRuleResource (35-38)

src/modules/peer/PeerSSHPolicyInfo.tsx (6)

src/interfaces/Peer.ts (1)

• Peer (4-32)

src/modules/peer/usePeerSSHPolicyCheck.ts (1)

• usePeerSSHPolicyCheck (6-77)

src/components/Callout.tsx (1)

• Callout (27-39)

src/utils/helpers.ts (1)

• cn (6-8)

src/components/InlineLink.tsx (1)

• InlineButtonLink (43-55)

src/modules/peer/PeerSSHPolicyModal.tsx (1)

• PeerSSHPolicyModal (13-35)

src/modules/peer/usePeerSSHPolicyCheck.ts (4)

src/interfaces/Peer.ts (1)

• Peer (4-32)

src/utils/api.tsx (1)

• useFetchApi (120-167)

src/interfaces/Policy.ts (1)

• Policy (4-12)

src/utils/version.ts (1)

• isNativeSSHSupported (83-86)

src/modules/peer/PeerSSHPolicyModal.tsx (3)

src/interfaces/Peer.ts (1)

• Peer (4-32)

src/modules/access-control/AccessControlModal.tsx (1)

• AccessControlModalContent (124-550)

src/interfaces/Policy.ts (1)

• PolicyRuleResource (35-38)

src/modules/peer/PeerSSHInstructions.tsx (2)

src/interfaces/Peer.ts (1)

• Peer (4-32)

src/modules/peer/PeerSSHPolicyModal.tsx (1)

• PeerSSHPolicyModal (13-35)

src/modules/peer/PeerSSHToggle.tsx (1)

src/modules/peer/PeerSSHPolicyInfo.tsx (1)

• PeerSSHPolicyInfo (15-38)

src/modules/access-control/useAccessControl.ts (1)

src/interfaces/Policy.ts (2)

• Protocol (40-40)
• PolicyRuleResource (35-38)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build_n_push

🔇 Additional comments (5)

src/contexts/AnnouncementProvider.tsx (1)

7-18: Documentation link and variant value verified—no changes needed.

The documentation link (https://docs.netbird.io/how-to/ssh) is accessible and returns HTTP 200. The variant value "default" is valid—it's one of two options defined in the variants object in src/components/ui/AnnouncementBanner.tsx (lines 13-14), alongside "important". The announcement structure is correct and aligns with the AnnouncementVariant type.

src/contexts/PeerProvider.tsx (1)

138-143: Passing peer into PeerSSHInstructions is correct and consistent

The new peer={peer} prop cleanly wires the current peer into the SSH instructions modal and matches the updated PeerSSHInstructions signature without changing existing behavior.

src/modules/peer/PeerSSHToggle.tsx (1)

7-8: SSH policy info integration under the toggle looks good

<PeerSSHPolicyInfo peer={peer} /> is correctly placed near the SSH toggle and relies on internal visibility logic, so it won’t show unless relevant. This cleanly surfaces policy requirements without affecting existing toggle behavior.

Also applies to: 46-47

src/modules/peer/PeerSSHPolicyInfo.tsx (1)

10-37: Policy info callout and modal wiring are sound

The component cleanly gates rendering on showSSHPolicyInfo, uses local state to control PeerSSHPolicyModal, and composes styling via cn("max-w-xl", className). This gives a clear, contextual prompt to create an SSH policy without affecting peers that are already covered.

src/modules/peer/PeerSSHInstructions.tsx (1)

12-22: Segmented client instructions and SSH policy modal flow look solid

The CLI/Desktop segmented tabs, updated step copy, and the “Create SSH Policy” button backed by PeerSSHPolicyModal provide a clear, guided flow. State (client, policyModal) is minimal and correctly wired, and the optional peer prop matches how PeerProvider invokes this component.

Also applies to: 27-32, 34-39, 40-42, 60-73, 75-99, 101-115, 144-146, 150-154