Next release

[jokob-sk]

Summary by CodeRabbit

• New Features
  • Added a REST Import plugin to ingest device data from external APIs with configurable authentication, field mapping, scheduling, and deterministic fake MAC generation when MACs are missing.
• Bug Fixes
  • Improved modal form select fields to use the correct options source.
  • Enhanced modal responsiveness: wider-screen sizing and scrollable modal content when needed.
• Documentation
  • Added a plugin development guide and expanded REST Import setup/config documentation (including examples).
  • Updated related field-lock and plugin documentation links/tables.
• Tests
  • Added a pytest suite for REST Import and removed an outdated field-lock test summary file.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a new rest_import plugin that fetches device records from configurable REST endpoints, normalizes/validates MACs (or generates fake MACs from IPs), maps fields to CurrentScan, and writes plugin result files. Includes full config.json schema, a Python implementation with HTTP request handling and JSON path resolution, a pytest suite, and a README with examples. Also fixes modal dialog layout via CSS, PHP, and JS changes, adds a Gemini plugin-development skill document, and updates documentation cross-references.

Changes

REST Import Plugin

Layer / File(s)	Summary
Plugin identity, config schema, and README front/plugins/rest_import/config.json, front/plugins/rest_import/README.md	Defines plugin identity (RSTIMPRT), execution parameters with run scheduling, an imports popup form supporting endpoint URL/method, SSL verification, authentication modes (none/basic/bearer), custom headers, optional POST JSON body, dot-path device list location, and field mappings for MAC/IP/name/vendor/SSID/type/parent/site/VLAN. Includes SET_ALWAYS and SET_EMPTY overwrite policies and database column definitions tagging rows with RSTIMPRT. README documents the full configuration flow, field mapping, fake MAC generation with deterministic fa:ce: prefix, and an OPNsense Dnsmasq example.
Python entrypoint, orchestration, and HTTP pipeline front/plugins/rest_import/rest_import.py	Implements module constants, main() entrypoint that loads import configs and initializes Plugin_Objects, process_import() that validates configuration, builds headers and auth, performs HTTP requests with 30s timeout, parses JSON, resolves record lists via dot-separated paths, and writes result files. Includes build_headers(), build_auth() for basic and bearer authentication, make_request() with exception handling, and resolve_path() for JSON traversal.
Record mapping, MAC resolution, and validation front/plugins/rest_import/rest_import.py	Implements map_record() to extract and normalize record fields, _resolve_mac() to validate MACs or generate fake MACs from IPs when configured, _get_field() for config-driven field extraction, validate_mac() for normalization and pattern checking, and the __main__ entrypoint.
pytest suite test/plugins/test_rest_import.py	Tests build_headers parsing behavior, resolve_path dot-path resolution, validate_mac format validation and acceptance of multiple MAC formats, map_record field mapping including fake MAC generation and invalid MAC handling, and build_auth for basic and bearer auth header construction. Uses patched module-level imports to prevent live config reads and network interactions.

Modal UI Fixes and Developer Documentation

Layer / File(s)	Summary
Modal layout, scroll container, and popup form option selection front/css/app.css, front/php/templates/modals.php, front/js/modal.js, front/js/settings_utils.js	Adds a responsive CSS media rule constraining .modal-dialog to 750px width with centered margins on viewports ≥768px. Updates modal-form-plc placeholder with a 60vh height cap, vertical scroll, and horizontal padding. Adjusts fieldOptionsOverride logic to prefer field.options for select-type fields. Includes a debug console.log(setType) statement in generateFormHtml.
Gemini plugin-development skill document .gemini/skills/plugin-development/plugin-skill.md	Introduces a skill document describing the plugin development workflow (requirements assessment, documentation review, field mapping, clarifying questions, code placement under front/plugins/<name>). Specifies plugin prefix constraints: uppercase letters only, must be unique, and should be short/readable.

Documentation Cross-Reference Updates

Layer / File(s)

Summary

Documentation link refinements and plugin catalog update docs/PLUGINS.md, docs/DEVICE_FIELD_LOCK.md, docs/DEVICE_SOURCE_FIELDS.md, docs/API_DEVICE_FIELD_LOCK.md

Updates "See Also" sections to clarify "Authoritative updates" link wording and removes duplicated references across field-lock documentation. Revises the Plugin types table in PLUGINS.md and adds RSTIMPRT (rest_import) to the Available Plugins table with type icons. Updates type icon values across existing plugin rows. Adds explicit "(Important) Save the settings" instruction before optional plugin unload step.

Sequence Diagram(s)

sequenceDiagram
  participant main as main()
  participant process_import as process_import()
  participant make_request as make_request()
  participant resolve_path as resolve_path()
  participant map_record as map_record()
  participant Plugin_Objects as Plugin_Objects

  main->>process_import: decoded import cfg (url, auth, field mappings)
  process_import->>make_request: url, method, ssl_verify, auth, headers, post_body
  make_request-->>process_import: parsed JSON response or None
  process_import->>resolve_path: response data, device_list_path
  resolve_path-->>process_import: records list or None
  loop for each record in records list
    process_import->>map_record: record, cfg, mac_field, ip_field, fake_mac
    map_record-->>process_import: mapped fields dict or None
    process_import->>Plugin_Objects: add_object(mapped fields)
  end
  main->>Plugin_Objects: write_result_file()

Loading

Poem

A rabbit hops to REST endpoints with glee,
Fetching devices from each JSON tree.
If MACs are missing, a fake one's derived—
fa:ce: prefixed so nothing's deprived.
The modal scrolls, the dialog is neat,
A new plugin skill makes the workflow complete! 🐇

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 2.27% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'Next release' is vague and generic; it does not clearly describe the specific changes in the changeset.	Provide a more descriptive title that summarizes the main feature or change (e.g., 'Add REST import plugin and modal improvements' or similar).

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch next_release

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

front/plugins/rest_import/README.md (1)

79-85: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Use the standard ### Other info section format.

The README currently uses ### Notes; plugin READMEs in this repo should use the standardized ### Other info section and fields for consistency.

📝 Suggested patch

-### Notes
-
-- Version: 1.0.0
-- Author: `jokob-sk`
-- Records with missing or invalid MAC addresses are skipped unless **Generate Fake MAC** is enabled
-- Each import definition executes independently; failed imports do not block others
+### Notes
+
+- Records with missing or invalid MAC addresses are skipped unless **Generate Fake MAC** is enabled
+- Each import definition executes independently; failed imports do not block others
+
+### Other info
+
+- Version: 1.0.0
+- Author: [jokob-sk](https://github.com/jokob-sk)
+- Release Date: 17-Jun-2026

Based on learnings: plugin READMEs under front/plugins/**/README.md should include a ### Other info section with standardized labels.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@front/plugins/rest_import/README.md` around lines 79 - 85, Replace the `###
Notes` section header with `### Other info` to align with the standardized
plugin README format used across the repository. Keep all the content (Version,
Author, and the behavioral notes about MAC addresses and import definitions)
exactly as is, only changing the section header name.

Source: Learnings

🧹 Nitpick comments (3)

.gemini/skills/plugin-development/plugin-skill.md (1)

7-7: ⚡ Quick win

Align step 5 with imperative verb pattern for consistency.

Steps 1–4 use imperative verbs ("Assess," "Read," "Confirm," "Ask"), but step 5 uses passive phrasing ("code placed in"). For consistency and clarity, rephrase as an imperative statement.

✨ Proposed fix for consistency

-5. code placed in `front/plugins/<new plugin name>`
+5. Place code in `front/plugins/<new plugin name>`

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.gemini/skills/plugin-development/plugin-skill.md at line 7, In the
plugin-skill.md file at step 5, the phrasing "code placed in" uses passive voice
which is inconsistent with the imperative verb pattern used in steps 1-4
("Assess," "Read," "Confirm," "Ask"). Rephrase step 5 to use an imperative verb
form that matches the pattern of the previous steps, such as starting with an
action verb like "Place" or "Create" instead of the passive construction.

front/js/settings_utils.js (1)

1178-1178: ⚡ Quick win

Remove debug console.log statement.

This debug log will execute on every form field generation, creating unnecessary console output. Please remove or comment it out before merging.

🧹 Proposed cleanup

-  console.log(setType);

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@front/js/settings_utils.js` at line 1178, Remove the console.log(setType)
debug statement from the code. This statement is executing on every form field
generation and creating unnecessary console output. Simply delete the line
containing console.log(setType) to clean up the debug code before merging.

front/php/templates/modals.php (1)

132-132: 💤 Low value

Consider moving inline styles to a CSS class.

The inline styles work correctly for enabling scroll behavior, but extracting them to a CSS class in app.css would improve maintainability and reusability.

♻️ Proposed refactor

In front/css/app.css, add:

`#modal-form-plc` {
  overflow-y: auto;
  max-height: 60vh;
  padding: 0 15px;
}

Then update this line to:

-<div id="modal-form-plc" style="overflow-y: auto; max-height: 60vh; padding: 0 15px;"></div>
+<div id="modal-form-plc"></div>

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@front/php/templates/modals.php` at line 132, The div element with
id="modal-form-plc" contains inline styles for overflow-y, max-height, and
padding that should be externalized for better maintainability and reusability.
Remove the style attribute from the modal-form-plc div element in the modals.php
file and add a corresponding CSS rule in front/css/app.css targeting the
`#modal-form-plc` selector with the three style properties (overflow-y: auto,
max-height: 60vh, and padding: 0 15px).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@front/plugins/rest_import/config.json`:
- Around line 470-485: The RSTIMPRT_password and RSTIMPRT_bearer_token input
fields in the configuration are currently rendering as plain text inputs, which
exposes sensitive values during editing. Modify the elementOptions for both the
RSTIMPRT_password function (around line 470) and the RSTIMPRT_bearer_token
function (around line 508) to add an input type property set to "password" in
their respective elementOptions arrays to mask the input values on screen.

In `@front/plugins/rest_import/README.md`:
- Around line 66-77: Add a language identifier to the fenced code block that
contains the OPNsense DHCP configuration example. Change the opening triple
backticks (```) to include a language identifier (```text) to comply with
markdownlint rule MD040, which requires all fenced code blocks to have a
specified language for proper syntax highlighting and linting compliance.

In `@front/plugins/rest_import/rest_import.py`:
- Around line 117-118: Before calling map_record() in the loop that iterates
through records at line 117-118, add a guard check to ensure each record is a
dictionary object. If the record is not a dict (e.g., it's a scalar or list),
skip processing that record or handle it appropriately. Apply the same guard
check to the other location mentioned in the comment around lines 232-235 where
map_record() is also called.
- Around line 59-61: The `decode_settings_base64()` function's return value is
not validated before being passed to `process_import()`, which will cause
failures when cfg.get() is called on malformed or non-dict data. Add validation
after decoding the raw_config in the loop to ensure cfg is a valid dictionary
with expected structure, then either skip invalid configs with appropriate
logging or raise an informative error before calling process_import(cfg,
plugin_objects). Apply this validation consistently to all occurrences mentioned
in the comment including the loop at lines 59-61 and the related code at lines
67-82.
- Around line 206-208: The exception handler catching
requests.exceptions.RequestException is logging the raw exception object `e`
which can leak sensitive endpoint data like URLs and query strings. Replace the
direct logging of the exception in the mylog call with a generic error message
that does not include the exception details, ensuring only safe context
information is logged without exposing the actual request exception content.

---

Outside diff comments:
In `@front/plugins/rest_import/README.md`:
- Around line 79-85: Replace the `### Notes` section header with `### Other
info` to align with the standardized plugin README format used across the
repository. Keep all the content (Version, Author, and the behavioral notes
about MAC addresses and import definitions) exactly as is, only changing the
section header name.

---

Nitpick comments:
In @.gemini/skills/plugin-development/plugin-skill.md:
- Line 7: In the plugin-skill.md file at step 5, the phrasing "code placed in"
uses passive voice which is inconsistent with the imperative verb pattern used
in steps 1-4 ("Assess," "Read," "Confirm," "Ask"). Rephrase step 5 to use an
imperative verb form that matches the pattern of the previous steps, such as
starting with an action verb like "Place" or "Create" instead of the passive
construction.

In `@front/js/settings_utils.js`:
- Line 1178: Remove the console.log(setType) debug statement from the code. This
statement is executing on every form field generation and creating unnecessary
console output. Simply delete the line containing console.log(setType) to clean
up the debug code before merging.

In `@front/php/templates/modals.php`:
- Line 132: The div element with id="modal-form-plc" contains inline styles for
overflow-y, max-height, and padding that should be externalized for better
maintainability and reusability. Remove the style attribute from the
modal-form-plc div element in the modals.php file and add a corresponding CSS
rule in front/css/app.css targeting the `#modal-form-plc` selector with the three
style properties (overflow-y: auto, max-height: 60vh, and padding: 0 15px).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9d6408b1-c7ba-4825-862e-f4950dab9ea4

📥 Commits

Reviewing files that changed from the base of the PR and between 3752d74 and bb29824.

📒 Files selected for processing (9)

• .gemini/skills/plugin-development/plugin-skill.md
• front/css/app.css
• front/js/modal.js
• front/js/settings_utils.js
• front/php/templates/modals.php
• front/plugins/rest_import/README.md
• front/plugins/rest_import/config.json
• front/plugins/rest_import/rest_import.py
• test/plugins/test_rest_import.py

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Mask secret fields in the popup form.

RSTIMPRT_password and RSTIMPRT_bearer_token are currently plain text inputs, which exposes sensitive values during editing.

🔐 Suggested patch

                   {
                     "function": "RSTIMPRT_password",
                     "type": {
                       "dataType": "string",
                       "elements": [
                         {
                           "elementType": "input",
                           "elementOptions": [
+                            {
+                              "type": "password"
+                            },
                             {
                               "placeholder": "Password or API Secret"
                             },
                             {
                               "cssClasses": "col-sm-10"
                             }
                           ],
                           "transformers": []
                         }
                       ]
                     },
@@
                   {
                     "function": "RSTIMPRT_bearer_token",
                     "type": {
                       "dataType": "string",
                       "elements": [
                         {
                           "elementType": "input",
                           "elementOptions": [
+                            {
+                              "type": "password"
+                            },
                             {
                               "placeholder": "Bearer token"
                             },
                             {
                               "cssClasses": "col-sm-10"
                             }
                           ],
                           "transformers": []
                         }
                       ]
                     },

Also applies to: 508-523

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@front/plugins/rest_import/config.json` around lines 470 - 485, The
RSTIMPRT_password and RSTIMPRT_bearer_token input fields in the configuration
are currently rendering as plain text inputs, which exposes sensitive values
during editing. Modify the elementOptions for both the RSTIMPRT_password
function (around line 470) and the RSTIMPRT_bearer_token function (around line
508) to add an input type property set to "password" in their respective
elementOptions arrays to mask the input values on screen.

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/PLUGINS.md`:
- Line 117: In the PLUGINS.md file, the word "(Opptional)" on line 117 contains
a typo with an extra 'p'. Replace "(Opptional)" with the correct spelling
"(Optional)" in the plugin unloading instructions section.
- Line 28: In the dev scanner row description, there is a typo where "witout" is
misspelled. Correct this to "without" in the table entry for the dev scanner
description to fix the grammar error.
- Line 68: In the PLUGINS.md file, the MQTT plugin description row uses
"synching" but the codebase maintains consistency by using "sync" or "syncing".
Replace "synching" with "syncing" in the description text of the MQTT plugin
entry to align with the preferred terminology used throughout the codebase.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 2a87abaa-916f-4b73-a1af-d91b87fd90f2

📥 Commits

Reviewing files that changed from the base of the PR and between bb29824 and 7630608.

📒 Files selected for processing (6)

• docs/API_DEVICE_FIELD_LOCK.md
• docs/DEVICE_FIELD_LOCK.md
• docs/DEVICE_SOURCE_FIELDS.md
• docs/PLUGINS.md
• front/plugins/rest_import/README.md
• test/scan/FIELD_LOCK_TEST_SUMMARY.md

💤 Files with no reviewable changes (1)

• test/scan/FIELD_LOCK_TEST_SUMMARY.md

✅ Files skipped from review due to trivial changes (4)

• docs/DEVICE_FIELD_LOCK.md
• docs/API_DEVICE_FIELD_LOCK.md
• front/plugins/rest_import/README.md
• docs/DEVICE_SOURCE_FIELDS.md

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/PLUGINS.md`:
- Around line 116-117: The ordered list in the plugin disabling instructions has
incorrect numbering - both the "(Important) Save the settings" and "(Optional)
If you want to speed up the application..." items are numbered as "1." when the
second item should be numbered "2." to maintain proper ordered list structure.
Change the number prefix on the line starting with "(Optional) If you want to
speed up the application..." from "1." to "2."

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1a801b44-3533-42a3-a33f-538a96ce82d7

📥 Commits

Reviewing files that changed from the base of the PR and between 7630608 and e7f0be3.

📒 Files selected for processing (1)

• docs/PLUGINS.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fix list numbering in plugin disabling instructions.

Both lines 116 and 117 are numbered 1. — line 117 should be numbered 2. to maintain proper ordered list structure.

✏️ Proposed fix

 1. Change the `<prefix>_RUN` Setting to `disabled` if you want to disable the plugin, but keep the settings
 1. (Important) Save the settings
-1. (Optional) If you want to speed up the application, you can unload the plugin by unselecting it in the `LOADED_PLUGINS` setting (plugins have to be disabled first - see above steps).
+2. (Optional) If you want to speed up the application, you can unload the plugin by unselecting it in the `LOADED_PLUGINS` setting (plugins have to be disabled first - see above steps).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	1. (Important) Save the settings
	1. (Optional) If you want to speed up the application, you can unload the plugin by unselecting it in the `LOADED_PLUGINS` setting (plugins have to be disabled first - see above steps).
	1. Change the `<prefix>_RUN` Setting to `disabled` if you want to disable the plugin, but keep the settings
	1. (Important) Save the settings
	2. (Optional) If you want to speed up the application, you can unload the plugin by unselecting it in the `LOADED_PLUGINS` setting (plugins have to be disabled first - see above steps).

🧰 Tools

🪛 LanguageTool

[style] ~117-~117: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ... Save the settings 1. (Optional) If you want to speed up the application, you can unloa...

(REP_WANT_TO_VB)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/PLUGINS.md` around lines 116 - 117, The ordered list in the plugin
disabling instructions has incorrect numbering - both the "(Important) Save the
settings" and "(Optional) If you want to speed up the application..." items are
numbered as "1." when the second item should be numbered "2." to maintain proper
ordered list structure. Change the number prefix on the line starting with
"(Optional) If you want to speed up the application..." from "1." to "2."