Features & Capabilities

list[Network] in effective_depth() and owned_subnetworks evaluated the bare Network name at class-definition time, raising NameError on import under Python 3.11 and breaking the test-during-build (pybuild --test). Quote them as string forward references so they resolve lazily.

update_client() never read the notify form field, so editing a tunnel and ticking "send config email" silently did nothing. Mirror the existing block from create_client() so the same notify_new_client() call runs on edit.

This modifies the new comment email notices:

Adds hybrid_property sort columns on Client and enables new sortable columns on Client / Asn / Tunnel / Interface lists.

The data-column attributes on sortable headers were originally chosen for client-side sort matching against row data-* attrs. With the new server-side sort flow they need to map to real DB column names so the framework can resolve them.

Adds polymorphic-aware server-side search and sort to the generic admin list view, with PG16-compatible nocase handling via COLLATE("C") override. Models opt in via SEARCHABLE_COLUMNS class attribute.

Prevents the error about session being unavailable on request.

- Correctly indent networks based on the visual hierarchy - Remove disabling of parent networks on routed subnet selection screen

- Adds a flag on the model to indicate the list view uses pagination, enabling first-load pagination support - Performs pagination at the database level, removing the need to load all resources in memory before pagination - Adds pagination to the Requests list view

Pull authoritative ASN registration from RDAP and surface match indicators (email match, callsign match) against the requesting user so ticket handlers have decision-support when reviewing ASN requests.

The comments relationship had no order_by clause so SQLAlchemy returned comments in UUID primary-key order, which is effectively random. Sort by created_at so the conversation reads oldest-first (newest comment closest to the Add Comment box).

The request header linked the username to the admin user view, which ticket handlers can't access. Wrap the link in a role check so only administrators and superadmins see the clickable link; ticket handlers see plain text instead of a link that 404s.

Tunnels show each tunnel's status and attached networks (direct addresses vs. subnets routed via static or BGP, with the ASN highlighted). Summary badges are now the collapse toggles for the detail tables, with a rotating chevron to signal state.

Swap the top-right toast for the top-center Bootstrap alert pattern already used elsewhere in the app so the success/error notification is not hidden behind the timezone select's own dropdown.

The profile form's timezone select had no change handler, so picking a different timezone did nothing until the form was submitted (and there is no dedicated save button for it). Wire the existing TimezoneManager.changeTimezone() into a change listener on #timezone so the new value is POSTed to /account/api/timezone as soon as the user picks an option, matching the "save on change" behaviour intended by the API endpoint.

Route all quota and resource counting through User.resource_count so consumers never special-case network vs other kinds, and apply the same filter to the Networks list header, dashboard stats, admin user menu counts, request creation handlers, and the quota_impact macro so users and handlers see a consistent allocation count everywhere.

Add a "User Resources" card to the request view page summarising the requester's existing networks, ASNs, tunnels, and pending requests with quota-aware badges, so administrators and ticket handlers can see what the requester already has before approving. Adds Network.is_top_level and User.top_level_networks/resource_count so the card excludes sub-allocations the user carved out of their own top-level allocations from both counts and the displayed list.

Add a Download button next to Copy to Clipboard on the tunnel view page so users can save text configs directly as files.

- Add VERSION file (semver, manual bump) as single source of truth - Add pyproject.toml with full PEP 621 metadata, simplify setup.py to shim - Move CHANGELOG_DATA.txt install from /etc/ to /usr/share/pop-controld/ - Use absolute path in features.py for reliable changelog reading - Update generate_changelog.py: group by month+author with branch creator attribution - Update debian/control with proper Maintainer/Uploaders format - Update debian/rules to read version from VERSION file - Add MANIFEST.in to include VERSION in sdist builds - Add .git check in Makefile before running changelog generation

- Add LIMIT_REQUEST_CREATION constant (10 per hour, configurable) - Add get_current_user_id() for per-user rate limiting (fairer for shared IPs) - Apply rate limiting to UI routes: network_allocate, network_existing, asn - Apply rate limiting to API routes: request_asn, request_network_existing, request_network_allocation

Add [security] section to config with auth_token_expiry_hours setting. Centralize default in __init__.py using read_dict(). Templates read from config to display correct expiry time.

- Fixed IPv6 allocation back to /128 (was incorrectly changed to /64) - Added skip_ssl_verification config option for OIDC - SSL verification only skipped when BOTH debug=True AND skip_ssl_verification=True - Set debug=False in example config (production default)

- Simplify debian package dependencies (remove -dev packages) - Add ExecReload to systemd service for graceful worker reload - Use HUP signal to reload without dropping connections

Backend improvements for better development experience and error handling:

Enhancements to model forms and list views: