Merged
Conversation
… automated-wizard
…Guard/defguard into automated-wizard
moubctez
reviewed
Mar 3, 2026
| let wizard = Wizard::init(&pool, has_auto_adopt_flags).await?; | ||
|
|
||
| if !wizard.completed { | ||
| if wizard.active_wizard == ActiveWizard::AutoAdoption { |
moubctez
reviewed
Mar 3, 2026
moubctez
reviewed
Mar 3, 2026
moubctez
reviewed
Mar 3, 2026
moubctez
reviewed
Mar 3, 2026
moubctez
reviewed
Mar 3, 2026
moubctez
reviewed
Mar 3, 2026
moubctez
reviewed
Mar 3, 2026
moubctez
reviewed
Mar 3, 2026
| "initial_setup_auto_adoption_wizard_subtitle": "Complete the final three steps to fully configure DefGuard.", | ||
| "initial_setup_auto_adoption_welcome_title": "Welcome to Defguard.", | ||
| "initial_setup_auto_adoption_welcome_subtitle_failed": "Unfortunately, the automated setup for some components did not complete successfully. Find detailed errors below.", | ||
| "initial_setup_auto_adoption_welcome_subtitle_success": "We have successfully configured all the necessary components (gateway and edge) using Docker for this instance. Now, we need to configure some general settings.", |
Contributor
There was a problem hiding this comment.
Suggested change
| "initial_setup_auto_adoption_welcome_subtitle_success": "We have successfully configured all the necessary components (gateway and edge) using Docker for this instance. Now, we need to configure some general settings.", | |
| "initial_setup_auto_adoption_welcome_subtitle_success": "We have successfully configured all the necessary components (Gateway and Edge) using Docker for this instance. Now, we need to configure some general settings.", |
Contributor
There was a problem hiding this comment.
Who is we? Maybe it's better to rephrase: "All the necessary components (Gateway and Edge) have been successfully configured…"
moubctez
reviewed
Mar 3, 2026
| "initial_setup_auto_adoption_step_admin_user_label": "Create Admin User", | ||
| "initial_setup_auto_adoption_step_admin_user_description": "Manage core details and connection parameters for your VPN location.", | ||
| "initial_setup_auto_adoption_step_url_settings_label": "Internal and external URL settings", | ||
| "initial_setup_auto_adoption_step_url_settings_description": "Manage core details and connection parameters for your VPN location.", |
Contributor
There was a problem hiding this comment.
same as initial_setup_auto_adoption_step_admin_user_description
moubctez
reviewed
Mar 3, 2026
| "initial_setup_auto_adoption_step_url_settings_label": "Internal and external URL settings", | ||
| "initial_setup_auto_adoption_step_url_settings_description": "Manage core details and connection parameters for your VPN location.", | ||
| "initial_setup_auto_adoption_step_vpn_settings_label": "VPN Public and Internal Settings", | ||
| "initial_setup_auto_adoption_step_vpn_settings_description": "Manage core details and connection parameters for your VPN location.", |
Contributor
There was a problem hiding this comment.
Same as initial_setup_auto_adoption_step_admin_user_description
moubctez
reviewed
Mar 3, 2026
moubctez
reviewed
Mar 3, 2026
| "initial_setup_auto_adoption_summary_support_kicker": "Support Us", | ||
| "initial_setup_auto_adoption_summary_support_title": "Star us on GitHub", | ||
| "initial_setup_auto_adoption_summary_support_button": "Go to GitHub", | ||
| "initial_setup_auto_adoption_summary_submit": "Go to Defguard", |
Contributor
There was a problem hiding this comment.
But I am already in Defguard, no?
wojcik91
previously approved these changes
Mar 3, 2026
There was a problem hiding this comment.
Pull request overview
Implements an “automated adoption” post-setup wizard and introduces a new persisted backend wizard state to control which wizard is active and which step to resume.
Changes:
- Adds frontend auto-adoption wizard flow (new pages, store, steps, styles) and routes selection based on backend wizard state.
- Introduces backend
wizardsingleton model + DB migration to move wizard progress out ofsettings. - Changes
modified_byfields for gateway/proxy/edge from user ID + names to a single persisted name string across backend + frontend.
Reviewed changes
Copilot reviewed 79 out of 97 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| web/src/shared/hooks/useApp.tsx | Adds wizardState to global Zustand app store for wizard routing decisions. |
| web/src/shared/defguard-ui | Updates UI submodule revision for new wizard UI components/props. |
| web/src/shared/components/wizard/types.ts | Adds displayDocs flag to allow hiding docs card on welcome page. |
| web/src/shared/components/wizard/WizardWelcomePage/style.scss | Tweaks welcome page layout/typography and footer spacing. |
| web/src/shared/components/wizard/WizardWelcomePage/WizardWelcomePage.tsx | Conditionally renders docs card via displayDocs. |
| web/src/shared/api/types.ts | Adds wizard + auto-adoption API types; changes initial setup step values to snake_case; changes modified_by types. |
| web/src/shared/api/api.ts | Adds endpoints for wizard state + auto-adoption wizard settings submission. |
| web/src/routes/_wizard/setup.tsx | Switches wizard routing to initial vs auto-adoption based on backend wizardState. |
| web/src/routes/_wizard/setup-login.tsx | Uses backend wizard state to decide whether setup-login is required. |
| web/src/pages/SetupPage/useSetupWizardStore.tsx | Fixes import path for EdgeAdoptionState after folder re-org. |
| web/src/pages/SetupPage/steps/SetupGeneralConfigStep.tsx | Updates import paths after initial wizard folder separation. |
| web/src/pages/SetupPage/steps/SetupEdgeComponentStep.tsx | Updates import paths after initial wizard folder separation. |
| web/src/pages/SetupPage/steps/SetupEdgeAdoptionStep.tsx | Updates import paths after initial wizard folder separation. |
| web/src/pages/SetupPage/steps/SetupConfirmationStep.tsx | Updates import paths and asset location after folder separation. |
| web/src/pages/SetupPage/steps/SetupCertificateAuthoritySummaryStep.tsx | Refactors CA summary UI into reusable CertificateAuthorityInfoCard. |
| web/src/pages/SetupPage/steps/SetupCertificateAuthorityStep.tsx | Updates import paths after initial wizard folder separation. |
| web/src/pages/SetupPage/steps/SetupAdminUserStep.tsx | Updates import paths after initial wizard folder separation. |
| web/src/pages/SetupPage/initial/components/CertificateAuthorityInfoCard.tsx | New reusable card component for CA summary info. |
| web/src/pages/SetupPage/autoAdoption/useAutoAdoptionSetupWizardStore.tsx | New persisted Zustand store for auto-adoption wizard fields and step state. |
| web/src/pages/SetupPage/autoAdoption/types.ts | Defines auto-adoption step enum + ordered steps list. |
| web/src/pages/SetupPage/autoAdoption/style.scss | Adds styles for auto-adoption welcome content and error summary. |
| web/src/pages/SetupPage/autoAdoption/steps/style.scss | Adds styles for auto-adoption steps, summary, and VPN layout. |
| web/src/pages/SetupPage/autoAdoption/steps/AutoAdoptionVpnSettingsStep.tsx | New VPN settings step posting to backend auto-wizard endpoint. |
| web/src/pages/SetupPage/autoAdoption/steps/AutoAdoptionUrlSettingsStep.tsx | New URL settings step posting to backend auto-wizard endpoint. |
| web/src/pages/SetupPage/autoAdoption/steps/AutoAdoptionSummaryStep.tsx | New final summary step finishing setup and redirecting into the app. |
| web/src/pages/SetupPage/autoAdoption/steps/AutoAdoptionMfaSetupStep.tsx | New MFA mode selection step posting to backend auto-wizard endpoint. |
| web/src/pages/SetupPage/autoAdoption/steps/AutoAdoptionAdminUserStep.tsx | New admin creation step with optional automatic admin group assignment. |
| web/src/pages/SetupPage/autoAdoption/AutoAdoptionSetupPage.tsx | New wizard container page for auto-adoption flow with status polling + welcome content variants. |
| web/src/pages/SetupPage/SetupPage.tsx | Updates imports after folder separation and adds missing alt on welcome image. |
| web/src/pages/LocationsPage/components/GatewaysTable.tsx | Updates “modified by” display for new string-based modified_by. |
| web/src/pages/EditGatewayPage/EditGatewayPage.tsx | Updates form schema modified_by to string. |
| web/src/pages/EditEdgePage/EditEdgePage.tsx | Updates form schema modified_by to string. |
| web/src/pages/EdgesPage/EdgesTable.tsx | Updates “modified by” display for new string-based modified_by. |
| web/messages/en/initial_wizard.json | Adds English strings for auto-adoption wizard screens and error summary. |
| migrations/20260225142454_[2.0.0]_migration_wizard.up.sql | Creates wizard singleton + migrates initial setup tracking + converts modified_by to name. |
| migrations/20260225142454_[2.0.0]_migration_wizard.down.sql | Reverts wizard migration and attempts to revert modified_by back to user ID FK. |
| crates/defguard_setup/tests/initial_setup.rs | Updates setup tests to use new wizard model and adds test for automatic admin group assignment. |
| crates/defguard_setup/src/setup.rs | Adds setup-server routes for wizard state + auto-adoption wizard endpoints. |
| crates/defguard_setup/src/lib.rs | Exposes auto-adoption module; switches public setup module to setup_server. |
| crates/defguard_setup/src/handlers/mod.rs | Introduces handler module split between auto-wizard and initial wizard. |
| crates/defguard_setup/src/handlers/auto_wizard.rs | Adds handlers for auto-adoption wizard settings (URL/VPN/MFA) + result retrieval. |
| crates/defguard_setup/src/handlers.rs | Updates setup handlers to read/write wizard state and supports automatic admin group assignment. |
| crates/defguard_setup/src/auto_adoption.rs | Implements startup-time component auto-adoption and stores results in wizard state. |
| crates/defguard_setup/Cargo.toml | Adds defguard_proto, tonic, and ipnetwork dependencies for adoption RPC and networking parsing. |
| crates/defguard_session_manager/tests/session_manager/stats.rs | Updates gateway creation calls for new string-based modified_by. |
| crates/defguard_session_manager/tests/session_manager/sessions.rs | Updates gateway creation calls for new string-based modified_by. |
| crates/defguard_session_manager/tests/session_manager/event_flow.rs | Updates gateway creation calls for new string-based modified_by. |
| crates/defguard_session_manager/tests/common/mod.rs | Updates test helper gateway factory to accept modified_by: String. |
| crates/defguard_core/tests/integration/api/proxy.rs | Updates proxy creation to use string-based modified_by. |
| crates/defguard_core/tests/integration/api/location_stats.rs | Updates gateway creation to use string-based modified_by. |
| crates/defguard_core/tests/integration/api/gateway.rs | Updates gateway creation to use string-based modified_by. |
| crates/defguard_core/src/lib.rs | Adds /wizard* + /session-info routes and updates dev env wizard completion. |
| crates/defguard_core/src/handlers/wizard.rs | Adds admin-only wizard flags + migration wizard state endpoints. |
| crates/defguard_core/src/handlers/session_info.rs | Adds session-info endpoint returning authorized + wizard flags. |
| crates/defguard_core/src/handlers/proxy.rs | Updates proxy modification to store modified_by as user full name string. |
| crates/defguard_core/src/handlers/mod.rs | Registers new wizard and session_info modules. |
| crates/defguard_core/src/handlers/gateway.rs | Removes user join for modified_by name fields and uses persisted string. |
| crates/defguard_core/src/handlers/component_setup.rs | Updates proxy/gateway setup flows to persist modified_by as user full name and advance wizard state. |
| crates/defguard_core/src/handlers/app_info.rs | Removes initial_setup_completed from app info response. |
| crates/defguard_core/src/enterprise/firewall/tests/destination.rs | Minor import organization cleanup. |
| crates/defguard_core/src/auth/mod.rs | Switches setup-auth gating from settings step to wizard state (wizard.requires_auth()). |
| crates/defguard_common/src/types/proxy.rs | Updates proxy info type to hold modified_by: String only. |
| crates/defguard_common/src/db/models/wizard.rs | Adds persisted wizard singleton model with init logic and auth gating helper. |
| crates/defguard_common/src/db/models/user.rs | Adds fullname() helper used for string-based modified_by. |
| crates/defguard_common/src/db/models/setup_auto_adoption.rs | Adds auto-adoption component/step/result state models. |
| crates/defguard_common/src/db/models/settings.rs | Removes initial-setup fields from settings; derives step serde snake_case; updates essentials query to join wizard completion. |
| crates/defguard_common/src/db/models/proxy.rs | Changes proxy modified_by to string and simplifies list query. |
| crates/defguard_common/src/db/models/mod.rs | Exposes new wizard + migration/auto-adoption model modules and re-exports Wizard types. |
| crates/defguard_common/src/db/models/migration_wizard.rs | Adds migration wizard state types stored in wizard JSONB. |
| crates/defguard_common/src/db/models/gateway.rs | Changes gateway modified_by to string. |
| crates/defguard_common/src/config.rs | Adds CLI/env flags for startup auto-adoption endpoints. |
| crates/defguard_common/Cargo.toml | Adds serde_json dependency required by wizard persistence. |
| crates/defguard/src/main.rs | Initializes wizard, runs startup auto-adoption, and starts setup server based on wizard completion. |
Files not reviewed (13)
- .sqlx/query-0fc80b6949eaaeda77dabad7093bca70bd327c14eea4b8db1c9f11c722a00bf4.json: Language not supported
- .sqlx/query-2ce93887379d80ff03753caaf94ec1ab4c6f0ead212fc74bb881e1d5c0d96080.json: Language not supported
- .sqlx/query-3c6a119f2f10046bd9e42314df953a0a0b3b44d0a87d43f69425729c15e1a400.json: Language not supported
- .sqlx/query-4d9c4562a138038ba054b5b83b646341ee18e24f0d32399e6ce2ebaedef64cea.json: Language not supported
- .sqlx/query-638da4de4db75b1175ae814a9b993c06006c792af9cda1b1221e5c3640c2a9a3.json: Language not supported
- .sqlx/query-6b1506441fd24aff832ee8ee9edb6d8423cfc61bf59ceaf0364c07ddde47127e.json: Language not supported
- .sqlx/query-780d66e4628d13c6c2f489cc87c7358945b93628104ac57aac207b8ec74be08a.json: Language not supported
- .sqlx/query-8d21a38672059e820d355590df83c1c9c5f75956f8b7c2a1a235189e1583a599.json: Language not supported
- .sqlx/query-938c250b35e5b2b46cff9efbe41fce3100fe0ff1a86be48b7a22b58ef3da5bf1.json: Language not supported
- .sqlx/query-a41787c8c8307414165ab23ef96d82a34d3bfa4364cbe9b8368e71445bc20877.json: Language not supported
- .sqlx/query-bcb405dc3159cd72c5ccebf29bf4b6163ee0e324cd95cbf3e32d025b5ba7fcbb.json: Language not supported
- .sqlx/query-beffd1aad66ce9d9a179f14e224d9ca63f0c0aa378460bd344f7a7daa8985bad.json: Language not supported
- .sqlx/query-f14171d837b8ac91e765e9b86153186ac78bf78ce3cfc5af7441d84be52749d2.json: Language not supported
Comments suppressed due to low confidence (7)
crates/defguard_setup/src/handlers/auto_wizard.rs:1
get_auto_adoption_resultcan returnnullwhenwizard.auto_adoption_stateisNone, but the frontend types always expect an object withstepandadoption_result. Return a default state instead (e.g.,wizard.auto_adoption_state.unwrap_or_default()), or ensureWizard::initseedsauto_adoption_statewhenactive_wizard == AutoAdoption.
migrations/20260225142454_[2.0.0]_migration_wizard.down.sql:1- The down migration forces
modified_bytoNULLviaUSING NULLbut does not drop theNOT NULLconstraint that was added in the up migration; this will fail ifmodified_byis stillNOT NULL. Consider explicitlyALTER COLUMN modified_by DROP NOT NULLbefore the type change (or provide a reversible mapping strategy), then re-apply constraints as appropriate.
web/src/routes/_wizard/setup.tsx:1 - TypeScript
///comments are typically reserved for triple-slash directives and can be confusing in React/TS code. Use standard//comments (or/** ... */JSDoc if you want typed tooling support) to avoid accidental misuse.
web/messages/en/initial_wizard.json:1 - Correct the capitalization of 'Github' to 'GitHub' in user-facing copy.
crates/defguard_setup/src/auto_adoption.rs:1 - The function name
attemp_auto_adoptionappears to be a typo and reduces API clarity. Rename it toattempt_auto_adoptionand update call sites accordingly.
web/src/pages/SetupPage/autoAdoption/steps/AutoAdoptionSummaryStep.tsx:1 window.open(..., '_blank')withoutnoopener/noreferrercan enable reverse-tabnabbing in some browsers. Preferwindow.open(url, '_blank', 'noopener,noreferrer')(or use an<a target="_blank" rel="noreferrer noopener">pattern) to prevent the opened page from being able to controlwindow.opener.
crates/defguard_setup/src/handlers/auto_wizard.rs:1- New auto-adoption wizard endpoints (
set_url_settings,set_vpn_settings,set_mfa_settings,get_auto_adoption_result) introduce new state transitions and validation paths without corresponding tests incrates/defguard_setup/tests. Adding integration tests similar to the existing initial setup flow tests would help prevent regressions (e.g., step advancement, validation failures, persisted wizard state).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+559
to
+565
| "SELECT s.instance_name, s.main_logo_url, s.nav_logo_url, s.wireguard_enabled, \ | ||
| s.webhooks_enabled, s.worker_enabled, s.openid_enabled, \ | ||
| COALESCE(w.completed, TRUE) AS \"initial_setup_completed!\" \ | ||
| FROM settings s \ | ||
| LEFT JOIN wizard w ON TRUE \ | ||
| WHERE s.id = 1 \ | ||
| LIMIT 1" |
There was a problem hiding this comment.
Defaulting initial_setup_completed to TRUE when the wizard row is missing (COALESCE(w.completed, TRUE)) will hide the setup flow in scenarios where wizard is uninitialized or unavailable. A safer default is typically FALSE (or to treat missing wizard state as “setup not completed”), especially when this flag determines whether setup routes are reachable.
Closed
wojcik91
approved these changes
Mar 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements wizard that is run after an automatic adoption process completes.