From 271852b47b15a172cba5e6f9f46156a0aade81d6 Mon Sep 17 00:00:00 2001 From: matthieugouel Date: Tue, 16 Jun 2026 16:10:43 +0200 Subject: [PATCH 1/2] docs: define alpha exit criteria for peering and probing Fill in the previously-TBD exit criteria for both platforms, derived from the current state of the code: - Peering: BGP discipline (max-prefix/MRAI/damping), inline RPKI ROV on imports, and config-reload safety. - Probing: destination blocklist filtering, maintenance/kill-switch, and admin per-user limit endpoints, alongside the existing >=10 servers goal. Keeps the alpha label; these are the criteria to reach beta. Co-Authored-By: Claude Opus 4.8 (1M context) --- content/docs/peering/_index.md | 8 +++++++- content/docs/probing/_index.md | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/content/docs/peering/_index.md b/content/docs/peering/_index.md index 6a5ab1f..2d6fdd9 100644 --- a/content/docs/peering/_index.md +++ b/content/docs/peering/_index.md @@ -13,7 +13,13 @@ PeerLab is currently in **alpha**. Core functionality is operational, and docume **Alpha Exit Criteria** -To be defined. +Before PeerLab exits alpha, we want every BGP session to be a safe, well-behaved IXP participant: + +- **BGP discipline** — enforce max-prefix / import limits, announcement rate-limiting (MRAI, aligned with the common norm of <= 10 announcements per hour), and route-flap damping on all sessions. +- **RPKI enforcement** — inline ROV (`roa_check`) on routes imported from the IXP. +- **Reload safety** — validate generated BIRD configuration before applying it. + +Origin-ASN and leased-prefix ownership filtering, and per-lease RPKI ROA management, are already in place. If you are interested in being an early adopter of PeerLab, please [sign up](https://nxthdr.dev) and access the [peering dashboard](https://nxthdr.dev/peering) to get started. Don't forget to give us your feedback and suggestions (see [contact](/docs/reference/contact/)). diff --git a/content/docs/probing/_index.md b/content/docs/probing/_index.md index b6eb087..63f5904 100644 --- a/content/docs/probing/_index.md +++ b/content/docs/probing/_index.md @@ -15,7 +15,13 @@ Saimiris is currently in **alpha**. Core functionality is operational and availa **Alpha Exit Criteria** -Deploy additional probing servers in more geographic locations (objective: >= 10 servers worldwide). +Before Saimiris exits alpha, we want the platform to be safe to operate unsupervised and at scale: + +- **Abuse controls** — destination blocklist filtering (reject probes to blocked targets regardless of TTL), and a maintenance / kill-switch to pause probing during incidents. +- **User management** — admin endpoints to view and set per-user probe limits, with proper authorization. +- **Scale** — deploy additional probing servers in more geographic locations (objective: >= 10 servers worldwide). + +Per-user quotas, usage statistics, and source-address validation are already in place. If you need specific vantage points or have capacity requirements, please [contact us](/docs/reference/contact/). From 24f6b46b73f1442980dd810773579c6cbe545682 Mon Sep 17 00:00:00 2001 From: matthieugouel Date: Tue, 16 Jun 2026 16:35:52 +0200 Subject: [PATCH 2/2] ci: pin Hugo to 0.155.0 to fix broken site build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit apk's unpinned `hugo` floated to 0.160, which removed the .Site.Author field still used by the hextra theme's RSS template — breaking the build on every commit since ~April (rendering /categories RSS). Pin Hugo extended to 0.155.0 (verified to build the site cleanly) via the official release binary on a glibc base, instead of the floating Alpine package. Co-Authored-By: Claude Opus 4.8 (1M context) --- docker/Dockerfile | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 5f58cbf..3b37eeb 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,10 +1,19 @@ -FROM alpine:latest AS build +FROM debian:bookworm-slim AS build -RUN apk add --update hugo +# Pin Hugo (extended). apk's `hugo` floats: it reached 0.160, which removed the +# .Site.Author field still referenced by the hextra theme's RSS template, breaking +# every build. Pin to a known-good version until the theme is bumped. +ARG HUGO_VERSION=0.155.0 +ARG TARGETARCH +RUN apt-get update \ + && apt-get install -y --no-install-recommends curl ca-certificates \ + && curl -sSL "https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_linux-${TARGETARCH}.tar.gz" \ + | tar -xz -C /usr/local/bin hugo \ + && rm -rf /var/lib/apt/lists/* WORKDIR /opt/hugo COPY . . -RUN hugo +RUN hugo FROM caddy:latest