feat(ZSTAC-79206): management network IPv6 support by zstack-robot-1 · Pull Request #3864 · MatheMatrix/zstack

zstack-robot-1 · 2026-04-27T06:56:48Z

Resolves ZSTAC-79206

sync from gitlab !9739

coderabbitai · 2026-04-27T06:57:13Z

Warning

Rate limit exceeded

@MatheMatrix has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 3 minutes and 55 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: http://open.zstack.ai:20001/code-reviews/zstack-cloud.yaml (via .coderabbit.yaml)

Review profile: CHILL

Plan: Pro

Run ID: 22a1142b-fa75-47dc-8ff1-08f7d8d29899

📥 Commits

Reviewing files that changed from the base of the PR and between cb27c4f and ef411d3.

📒 Files selected for processing (3)

plugin/sdnController/src/main/java/org/zstack/sdnController/SdnControllerManagerImpl.java
test/src/test/groovy/org/zstack/test/integration/core/MnIpv6Case.groovy
test/src/test/groovy/org/zstack/test/integration/core/MnIpv6M3Case.groovy

Walkthrough

此PR为系统引入全面的IPv6支持：新增IPv6工具、扩展管理节点IP/CIDR发现与验证以支持IPv6、调整多处组件的地址处理，并补充大量IPv6相关测试用例（管理节点、KVM、VXLAN、Ceph、NFS、控制台等）。

Changes

Cohort / File(s)	Summary
IPv6 工具与网络通用逻辑 `utils/src/main/java/org/zstack/utils/network/IPv6Utils.java`, `utils/src/main/java/org/zstack/utils/network/NetworkUtils.java`	新增 `IPv6Utils`（URL/地址括号化、规范化、构造、管理IP校验等）并在 `NetworkUtils` 新增 `isIpInCidr` 支持 IPv4/IPv6 的 CIDR 包含判断。
管理节点平台与配置 `core/src/main/java/org/zstack/core/Platform.java`, `core/src/main/java/org/zstack/core/config/NetworkGlobalConfig.java`	增强 Platform 的管理服务器 IP/CIDR 发现以支持 IPv6，重构 JGroups 初始主机字符串格式；新增 `NetworkGlobalConfig.PREFER_IPV6` 全局配置。
REST 回调与 URL 处理 `core/src/main/java/org/zstack/core/rest/RESTFacadeImpl.java`	使用 IPv6 工具构造 callback URL，新增 `sanitizeCallbackUrl` 用于检测并自动为裸 IPv6 地址加括号。
主机/控制台/引导相关改动 `compute/src/main/java/org/zstack/compute/host/HostApiInterceptor.java`, `console/src/main/java/org/zstack/console/ConsoleManagerImpl.java`, `plugin/applianceVm/src/main/java/org/zstack/appliancevm/ApplianceVmFacadeImpl.java`	Host API 验证放宽为 IPv4/IPv6/主机名并规范化管理 IP；控制台代理主机名在存储前用 IPv6 括号化；VM 引导改为从 VR CIDR 与接口枚举匹配 MN IP（支持 IPv6），失败回退 Platform。
KVM 与 VM 控制平面 `plugin/kvm/src/main/java/org/zstack/kvm/KVMHost.java`, `plugin/kvm/src/main/java/org/zstack/kvm/KVMAgentCommands.java`, `plugin/kvm/src/main/java/org/zstack/kvm/KvmHostIpmiPowerExecutor.java`	CIDR 匹配改为 IP-无关的 `isIpInCidr`，按 IP 家族设置 VNC 监听地址，`vdiCmd` 新增灰度字段 `vncListenAddress`，保留 IPMI 地址而不强制置空。
存储相关（Ceph / NFS） `plugin/ceph/.../CephBackupStorageMonBase.java`, `plugin/ceph/.../CephPrimaryStorageMonBase.java`, `plugin/nfsPrimaryStorage/src/main/java/org/zstack/storage/primary/nfs/NfsApiParamChecker.java`	Ceph mon 地址构建改用 `IPv6Utils.buildAddr`（对 IPv6 加括号）；NFS CIDR 验证改用 `isIpInCidr` 支持 IPv6。
VXLAN 与网络拦截 `plugin/vxlan/src/main/java/org/zstack/network/l2/vxlan/vxlanNetworkPool/VxlanPoolApiInterceptor.java`	远程 VTEP IP 验证扩展接受 IPv4 或 IPv6，错误信息由“非 IPv4”改为“非有效 IP 地址”。
ZSha2 与其他工具细微调整 `utils/src/main/java/org/zstack/utils/zsha2/ZSha2Helper.java`	调整 DBVIP 匹配正则为更精确的字符串查找（`" <vip>/"`）。
测试套件（大量新增） `test/src/test/groovy/...` (多个新增文件：`MnIpv6Case.groovy`, `MnIpv6M3Case.groovy`, `MnIpv6M4Case.groovy`, `IPv6UtilsCase.groovy`, `KvmHostIpv6Case.groovy`, `ApplianceVmIpv6Case.groovy`, `MnIpv6StorageMigrationCase.groovy`, `VxlanIpv6Case.groovy`, `ZSha2Ipv6Case.groovy` 等)	新增并扩展大量单元/集成测试以覆盖 IPv6 工具、URL 构造、管理节点发现、数据库列长度兼容、VTEP/主机添加校验、Ceph/NFS/迁移场景等 IPv6 行为。

代码审查工作量

🎯 4 (Complex) | ⏱️ ~75 分钟

诗歌

🐰 我是小兔，网路跃行忙，

从 :: 到 2001:db8 的光，
括号环绕，地址归一，
CIDR 匹配，测试齐唱，
IPv6 来了，世界更广。

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 21.70% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	PR title follows the required format with type[scope]: description pattern, is clearly related to the main changeset (IPv6 support for management networking), and is well within 72 characters.
Description check	✅ Passed	PR description references JIRA issue ZSTAC-79206 and indicates this is a sync from GitLab, which are directly related to the substantial IPv6 support changes across multiple modules in the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch sync/shixin.ruan/shixin.ruan-ZSTAC-79206@@4

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Add IPv6 support for ZStack management network (milestone M1). New files: - IPv6Utils: buildUrl/bracketIpv6/normalizeIpv6/isValidManagementIp - NetworkGlobalConfig: management.server.prefer.ipv6 (default false) Modified: - Platform: getManagementServerIp() prefer IPv4/IPv6 via GlobalConfig; getManagementServerCidr() IPv6 CIDR; jgroupsAddr() JGroups bracket fix; volatile fields for JMM correctness - RESTFacadeImpl: callbackUrl uses IPv6Utils.buildUrl(); Pattern static final - HostApiInterceptor: accept + normalize IPv6 management IP - ApplianceVmFacadeImpl: getMnIpForVr() CIDR matching for dual-stack MN Tests (TP-001~031): IPv6UtilsCase, MnIpv6Case, KvmHostIpv6Case, ApplianceVmIpv6Case Resolves: ZSTAC-79206 Change-Id: I3fec17c211d84c82a84e6711b7d09eea

New utility methods: - IPv6Utils.buildAddr(ip, port): format Ceph monAddr with IPv6 brackets - NetworkUtils.isIpInCidr(ip, cidr): dual-stack CIDR matching F-010: KVMHost.getDataNetworkAddress() uses isIpInCidr for IPv6 storage CIDR F-011: CephBackupStorageMonBase/CephPrimaryStorageMonBase use IPv6Utils.buildAddr F-012: KVMHost.checkMigrateNetworkCidrOfHost() uses isIpInCidr for IPv6 migration F-013: VxlanPoolApiInterceptor accepts IPv6 VTEP addresses F-014a: ZSha2Helper.isMaster() grep pattern fixed for IPv6 VIP detection NFS: NfsApiParamChecker.isValidStorageCidr supports IPv6 CIDR format Resolves: ZSTAC-79206 Change-Id: Idc7022fbdfce429ca8795f3522df682b

MnIpv6StorageMigrationCase: TP-032~038 storage/migration CIDR dual-stack VxlanIpv6Case: TP-039~041 VXLAN vtep IPv6 support ZSha2Ipv6Case: TP-042~046 HA zsha2 IPv6 SSH/nginx/URL/grep Resolves: ZSTAC-79206 Change-Id: Ia4e1480db3514b9c9f9e0e24aff2310d

- KvmHostIpmiPowerExecutor: remove IPv4-only guard for IPMI (F-025) - ConsoleManagerImpl: bracketIpv6() for console proxy hostname (F-026) - KVMAgentCommands/KVMHost: vncListenAddress='::' for IPv6 host (F-027) Resolves: ZSTAC-79206 Change-Id: I3f8a901c7d2e4b6f5c1a8d3e9f2b7c0d1e4a5f6

Add MnIpv6M3Case and MnIpv6M4Case covering: - TP-062~069,076,077: IPMI IPv6, Console Proxy bracket, BM DPU callback, COLO qemu URL - TP-083~089: ZWatch InfluxDB/Prometheus/Grafana URL, License HTTPS URL, Keycloak container name, SSO CAS login URL Resolves: ZSTAC-79206 Change-Id: If19fdab6ef4f6a7f8d9a16fb97c1ee29365197b2

Resolves: ZSTAC-79206 Add TP number prefix to 59 Groovy test methods across 9 test case files so method names align with TP-001~096 traceability matrix in Func Spec. Change-Id: I9aee46759327162b1a0ed3da9277c9be695ae0d8

coderabbitai

Actionable comments posted: 15

Note

Due to the large number of review comments, Critical, Major severity comments were prioritized as inline comments.

🟡 Minor comments (13)

header/src/main/java/org/zstack/header/vm/AfterUpdateVmNicMacExtensionPoint.java-4-4 (1)

4-4: ⚠️ Potential issue | 🟡 Minor

请为接口方法补充 Javadoc。

Line [4] 的扩展点方法缺少注释，插件实现方很难准确理解参数语义与调用时机。

✍️ 建议修复

 public interface AfterUpdateVmNicMacExtensionPoint {
+    /**
+     * Invoked after a VM NIC MAC address is updated.
+     *
+     * `@param` nic VM NIC inventory after update
+     * `@param` oldMac previous MAC address
+     * `@param` newMac new MAC address
+     */
     void afterUpdateVmNicMac(VmNicInventory nic, String oldMac, String newMac);
 }

As per coding guidelines: **/*.java 中“接口方法不应有多余的修饰符（例如 public），且必须配有有效的 Javadoc 注释”。

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@header/src/main/java/org/zstack/header/vm/AfterUpdateVmNicMacExtensionPoint.java`
at line 4, 在 AfterUpdateVmNicMacExtensionPoint 接口的方法
afterUpdateVmNicMac(VmNicInventory nic, String oldMac, String newMac) 上补充完整的
Javadoc：描述该回调的调用时机（例如何时在 VM NIC MAC 更新后触发）、每个参数的语义（nic 为更新后的
VmNicInventory、oldMac 为更新前的 MAC、newMac 为更新后的
MAC）以及实现方应承担的行为/约束（比如是否允许抛出异常或仅做无阻塞的处理、是否可以修改 nic
等）；保持方法签名不加多余修饰符，确保注释清晰示例化调用场景并使用标准的 `@param/`@throws/@since 标记。

rest/src/main/resources/scripts/RestDocumentationGenerator.groovy-853-861 (1)

853-861: ⚠️ Potential issue | 🟡 Minor

必填字段校验可被“仅空白字符”绕过

Line [853]-Line [861] 目前用 isEmpty() 判断，" " 这类值会被当作已填写，导致校验漏过。建议改为判空白（trim 后为空也视为缺失）。

建议修改

-        if (markDown.desc_CN.isEmpty()) missingFields.add("desc_CN")
-        if (markDown.name_CN.isEmpty()) missingFields.add("name_CN")
-        if (markDown.valueRangeRemark.isEmpty()) missingFields.add("valueRangeRemark")
-        if (markDown.defaultValueRemark.isEmpty()) missingFields.add("defaultValueRemark")
-        if (markDown.resourcesGranularitiesRemark.isEmpty()) missingFields.add("resourcesGranularitiesRemark")
-        if (markDown.additionalRemark.isEmpty()) missingFields.add("additionalRemark")
-        if (markDown.backgroundInformation.isEmpty()) missingFields.add("backgroundInformation")
-        if (markDown.isUIExposed.isEmpty()) missingFields.add("isUIExposed")
-        if (markDown.isCLIExposed.isEmpty()) missingFields.add("isCLIExposed")
+        if (markDown.desc_CN == null || markDown.desc_CN.trim().isEmpty()) missingFields.add("desc_CN")
+        if (markDown.name_CN == null || markDown.name_CN.trim().isEmpty()) missingFields.add("name_CN")
+        if (markDown.valueRangeRemark == null || markDown.valueRangeRemark.trim().isEmpty()) missingFields.add("valueRangeRemark")
+        if (markDown.defaultValueRemark == null || markDown.defaultValueRemark.trim().isEmpty()) missingFields.add("defaultValueRemark")
+        if (markDown.resourcesGranularitiesRemark == null || markDown.resourcesGranularitiesRemark.trim().isEmpty()) missingFields.add("resourcesGranularitiesRemark")
+        if (markDown.additionalRemark == null || markDown.additionalRemark.trim().isEmpty()) missingFields.add("additionalRemark")
+        if (markDown.backgroundInformation == null || markDown.backgroundInformation.trim().isEmpty()) missingFields.add("backgroundInformation")
+        if (markDown.isUIExposed == null || markDown.isUIExposed.trim().isEmpty()) missingFields.add("isUIExposed")
+        if (markDown.isCLIExposed == null || markDown.isCLIExposed.trim().isEmpty()) missingFields.add("isCLIExposed")

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@rest/src/main/resources/scripts/RestDocumentationGenerator.groovy` around
lines 853 - 861, The current required-field checks use isEmpty() on strings like
markDown.desc_CN, markDown.name_CN, markDown.valueRangeRemark, etc., which
treats strings of only whitespace as non-empty; change each check to treat null
or whitespace-only as missing by replacing isEmpty() with a null-safe trim check
(e.g., check that markDown.<field> is null or markDown.<field>.trim().isEmpty())
so fields containing only whitespace are added to missingFields; update all the
listed symbols (desc_CN, name_CN, valueRangeRemark, defaultValueRemark,
resourcesGranularitiesRemark, additionalRemark, backgroundInformation,
isUIExposed, isCLIExposed) accordingly.

utils/src/main/java/org/zstack/utils/network/NetworkUtils.java-561-563 (1)

561-563: ⚠️ Potential issue | 🟡 Minor

注释语言不符合仓库规范。

Line 562-563 的注释为中文，需改为英文注释。

As per coding guidelines: 代码里不应当有有中文，包括报错、注释等都应当使用正确的、无拼写错误的英文来写.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@utils/src/main/java/org/zstack/utils/network/NetworkUtils.java` around lines
561 - 563, Replace the Chinese comment above the IP/CIDR check with an
English-only comment; in the NetworkUtils class (the comment immediately
preceding the method that checks whether an IP (IPv4 or IPv6) belongs to a
specified CIDR), change the Chinese text to a clear English sentence such as:
"Determines whether an IP (IPv4 or IPv6) belongs to the specified CIDR." Ensure
there are no Chinese characters left in that comment.

docs/modules/network/pages/networkResource/ZStackL2NetworkType.adoc-451-453 (1)

451-453: ⚠️ Potential issue | 🟡 Minor

srcPath 规则前后矛盾，需统一口径

Line 451-453 写“OVN_DPDK 或 ZNS 会设置 srcPath”，但 Line 480 又写 “L2Geneve + ZNS 不设置”。两处描述冲突，容易导致实现/排障误判。

🛠 建议修订示例

-当 VSwitchType 为 OVN_DPDK 或 ZNS 时，`completeNicInformation()` 会设置
-`srcPath = "/var/run/openvswitch/" + nic.getInternalName()`，用于 DPDK vhost-user socket 连接。
+当网卡类型为 `dpdkvhostuserclient` 且走 NoVlan/Vlan backend 时，`completeNicInformation()` 会设置
+`srcPath = "/var/run/openvswitch/" + nic.getInternalName()`，用于 DPDK vhost-user socket 连接。

 | L2GeneveNetwork
 | ZNS
-| 否（仅 OVN_DPDK 设置）
+| 否（当前 Geneve backend 不设置）
 | KVMRealizeL2GeneveNetworkBackend

Also applies to: 478-481

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/modules/network/pages/networkResource/ZStackL2NetworkType.adoc` around
lines 451 - 453, The documentation contains contradictory rules about when
completeNicInformation() sets srcPath: lines say VSwitchType OVN_DPDK or ZNS set
srcPath = "/var/run/openvswitch/" + nic.getInternalName(), but later state
L2Geneve + ZNS does not set it; reconcile and make a single authoritative rule.
Update the text to consistently describe the srcPath behavior (e.g.,
"completeNicInformation() sets srcPath for OVN_DPDK and ZNS vSwitch types to
'/var/run/openvswitch/' + nic.getInternalName(), except when L2Geneve explicitly
overrides this behavior" or the opposite if the intent is that ZNS with L2Geneve
does not set srcPath), and ensure all mentions of VSwitchType, OVN_DPDK, ZNS,
L2Geneve, completeNicInformation(), and srcPath reflect that same rule.

test/src/test/groovy/org/zstack/test/integration/utils/IPv6UtilsCase.groovy-7-92 (1)

7-92: ⚠️ Potential issue | 🟡 Minor

请将测试注释统一为英文。

Line 7-92 的注释说明为中文，建议改为英文，避免与仓库统一规范冲突。

As per coding guidelines **/*.*: 代码里不应当有有中文，包括报错、注释等都应当使用正确的、无拼写错误的英文来写.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@test/src/test/groovy/org/zstack/test/integration/utils/IPv6UtilsCase.groovy`
around lines 7 - 92, The test file IPv6UtilsCase contains Chinese
comments/documentation (class header and all test method javadoc/comments such
as for testTP008_buildUrlIpv4, testTP009_buildUrlIpv6,
testTP010_bracketIpv6Idempotent, testTP011_normalizeIpv6,
testTP012_isValidMnIpLinkLocal, testTP013_isValidMnIpInvalid, and the TP-014
description); replace all Chinese text with clear, idiomatic English
descriptions and assertions messages (preserve existing identifiers and intent)
so comments and assertion messages follow the repository guideline of using
English only.

test/src/test/groovy/org/zstack/test/integration/network/vxlan/VxlanIpv6Case.groovy-12-104 (1)

12-104: ⚠️ Potential issue | 🟡 Minor

请将该测试文件中的中文注释与说明文案统一改为英文。

Line 12-104 出现了多处中文注释/说明（包括块注释与行内注释）。这会违反仓库的统一语言规范，建议统一替换为准确英文表述。

As per coding guidelines **/*.*: 代码里不应当有有中文，包括报错、注释等都应当使用正确的、无拼写错误的英文来写.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In
`@test/src/test/groovy/org/zstack/test/integration/network/vxlan/VxlanIpv6Case.groovy`
around lines 12 - 104, The file VxlanIpv6Case contains Chinese comments and
messages throughout (class VxlanIpv6Case, methods
testTP039_vxlanAcceptsIpv6VtepIp, testTP040_vtepVoColumnLength,
checkVtepIpColumnLength, testTP041_invalidVtepIpRejected); replace all Chinese
block and inline comments and any Chinese text in assertion messages or
logger.info calls with clear, correct English equivalents while preserving the
original meaning (e.g., describe tests TP-039/040/041, explain why IPv6/IPv4
checks are used, and note JPA `@Column` length expectation), keep identifiers and
logic unchanged, and run tests to ensure no string-sensitive behavior is
affected.

utils/src/main/java/org/zstack/utils/network/IPv6Utils.java-16-118 (1)

16-118: ⚠️ Potential issue | 🟡 Minor

请将该工具类中的中文注释/Javadoc 统一改为英文。

Line 16-118 的注释与示例说明包含中文，建议统一改成英文以符合仓库规范并保持跨团队可读性。

As per coding guidelines **/*.*: 代码里不应当有有中文，包括报错、注释等都应当使用正确的、无拼写错误的英文来写.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@utils/src/main/java/org/zstack/utils/network/IPv6Utils.java` around lines 16
- 118, Replace all Chinese Javadoc/comments in the IPv6Utils class with clear
English equivalents while preserving examples and semantics; update the Javadoc
for the class and methods buildUrl, buildHttpsUrl, bracketIpv6, normalizeIpv6,
buildAddr (both overloads) so comments, examples, parameter descriptions and the
`@throws` text are all in correct, idiomatic English and mention behavior like
adding brackets for IPv6, idempotency, zone ID stripping, RFC 5952
normalization, and rejection conditions for validate methods; keep existing
example lines and formatting but translate their text and explanation to English
and ensure no Chinese remains in any comment or error message.

test/src/test/groovy/org/zstack/test/integration/appliancevm/ApplianceVmIpv6Case.groovy-87-91 (1)

87-91: ⚠️ Potential issue | 🟡 Minor

contains(":") 不能证明返回值是合法 IPv6。

任何带冒号的脏字符串都会让这个断言通过，TP-025 的覆盖会被高估。这里最好直接使用现有的 IPv4/IPv6 校验 helper。

Based on learnings 在 ZStack 的 NetworkUtils 类中，应使用 IPv6NetworkUtils 中的 isValidIpv4 和 isValidIpv6 方法来验证 IP 地址格式.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In
`@test/src/test/groovy/org/zstack/test/integration/appliancevm/ApplianceVmIpv6Case.groovy`
around lines 87 - 91, The current test uses selectedIp.contains(":") to detect
IPv6 which is unsafe; change the validation in the ApplianceVmIpv6Case test
(where callGetMnIpForVr(mnCidr) provides selectedIp) to use the proper
validators: replace NetworkUtils.isIpv4Address(selectedIp) ||
selectedIp.contains(":") with a call to IPv6NetworkUtils.isValidIpv4(selectedIp)
|| IPv6NetworkUtils.isValidIpv6(selectedIp) (or the equivalent
isValidIpv4/isValidIpv6 helpers available in the codebase) so the assertion only
passes for syntactically valid IPv4 or IPv6 addresses.

test/src/test/groovy/org/zstack/test/integration/appliancevm/ApplianceVmIpv6Case.groovy-110-118 (1)

110-118: ⚠️ Potential issue | 🟡 Minor

TP-027 对执行机的网卡布局有环境依赖。

10.99.88.0/24 并不是保证不存在的网段；如果 CI 节点刚好有这个网段，getMnIpForVr() 就可能返回匹配地址而不是 fallback，导致用例偶发失败。

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@test/src/test/groovy/org/zstack/test/integration/appliancevm/ApplianceVmIpv6Case.groovy`
around lines 110 - 118, The test testTP027_unmatchedCidrFallback relies on an
environment-specific CIDR ("10.99.88.0/24") that may exist on some CI nodes;
change the unmatchedCidr usage in testTP027_unmatchedCidrFallback (and where
callGetMnIpForVr is invoked) to use a guaranteed non-routable/test-only CIDR
(e.g. a TEST-NET block such as "192.0.2.0/24") or, even better, programmatically
generate/find a CIDR that does not match any local interface before calling
callGetMnIpForVr; update the unmatchedCidr assignment and any assertions
accordingly so the test deterministically falls back to
Platform.getManagementServerIp().

test/src/test/groovy/org/zstack/test/integration/core/MnIpv6Case.groovy-14-34 (1)

14-34: ⚠️ Potential issue | 🟡 Minor

请把新增测试说明改成英文。

这个类级注释是中文，和仓库约定不一致；同文件里后续新增的方法注释也建议一并统一为英文。

As per coding guidelines: **/*.*: 代码里不应当有有中文，包括报错、注释等都应当使用正确的、无拼写错误的英文来写
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@test/src/test/groovy/org/zstack/test/integration/core/MnIpv6Case.groovy`
around lines 14 - 34, Translate the class-level Groovy comment in MnIpv6Case
(and any other Chinese comments in the same file, including method-level
comments added later in this file) into clear, idiomatic English; ensure all
descriptions for the test cases (TP-001...TP-031) are converted, contain no
Chinese characters, and follow repository coding guidelines (no Chinese in code,
error messages, or comments), preserving the original meaning and references
like MnIpv6Case, sanitizeCallbackUrl, getManagementServerIp,
getManagementServerCidr, and jgroupsAddr so reviewers can map tests to behavior.

test/src/test/java/org/zstack/test/compute/vmnic/VmNicLifecycleManagerDispatchTest.java-377-398 (1)

377-398: ⚠️ Potential issue | 🟡 Minor

这个用例没有实际覆盖“注册顺序”。

这里创建了 seq，但 failedMigrate 路径并没有把它写入任何可断言的顺序字段；现有断言只能证明 A/B/C 都被调用过一次，无法发现顺序颠倒或并发执行。建议在 MockNicLifecycle.failedMigrate() 里也记录顺序，再断言 a < b < c。
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In
`@test/src/test/java/org/zstack/test/compute/vmnic/VmNicLifecycleManagerDispatchTest.java`
around lines 377 - 398, The test
multiImpl_invocation_order_follows_registration_order doesn’t assert invocation
order because MockNicLifecycle.failedMigrate() doesn’t record the seq; update
MockNicLifecycle.failedMigrate() to capture the invocation sequence by
incrementing/reading the provided AtomicInteger seq and storing that value in a
per-instance field or list (e.g., failedMigrateOrder or failedMigrateSeq), then
in the test after mgr.failedToMigrateVm(...) add assertions that
a.failedMigrateSeq < b.failedMigrateSeq < c.failedMigrateSeq (in addition to the
existing size checks) to verify registration order was preserved.

test/src/test/java/org/zstack/test/compute/vmnic/VmNicLifecycleManagerDispatchTest.java-136-151 (1)

136-151: ⚠️ Potential issue | 🟡 Minor

这个用例没有真正验证“只传递匹配的 NIC”。

当前断言只检查了 preMigrate 被调用一次且目标 host 是 h-dst，并没有验证传给扩展的 NIC 集合是否只包含 l3-a 的那两张卡。即使 manager 把 3 张 NIC 全量传下去，这个测试也会通过。建议让 MockNicLifecycle 记录 preMigrate 的 NIC 参数，并在这里断言只收到 n1/n3。
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In
`@test/src/test/java/org/zstack/test/compute/vmnic/VmNicLifecycleManagerDispatchTest.java`
around lines 136 - 151, The test currently only checks that
MockNicLifecycle.preMigrate was called once with target "h-dst" but doesn't
assert which NICs were passed; update MockNicLifecycle to record the NIC
collection passed into its preMigrate method (e.g., add a field like
preMigrateNics or extend preMigrateCalls to store a Pair/struct of target and
nic list) and then in preMigrate_only_passes_matching_nics_to_setup assert that
the recorded NIC list equals the two matching NICs (n1 and n3) — locate the
MockNicLifecycle class and its preMigrate method and the test method
preMigrate_only_passes_matching_nics_to_setup to add the recording and the
assertion.

test/src/test/java/org/zstack/test/compute/vmnic/MockNicLifecycle.java-124-132 (1)

124-132: ⚠️ Potential issue | 🟡 Minor

reconcileDelayed 分支现在无法被测试代码“稍后完成”。

这里在延迟模式下只是跳过了 completion.done()，但没有把 completion 保存出来；一旦某个用例真要验证“延迟后成功”，这个 stub 只能一直挂起，做不到注释里说的“test should drive completion explicitly”。建议把 pending completion 缓存到字段里，并提供显式的 finishReconcile() 辅助方法。

可参考的修改方向

+    private volatile NoErrorCompletion pendingReconcileCompletion;
+
     `@Override`
     public void reconcileOnHost(String hostUuid, List<VmNicInventory> expectedNics,
                                 NoErrorCompletion completion) {
         reconcileCalls.add(hostUuid);
         if (!reconcileDelayed) {
             completion.done();
+            return;
         }
-        // if delayed, test should drive completion explicitly
+        pendingReconcileCompletion = completion;
     }
+
+    public void finishReconcile() {
+        NoErrorCompletion c = pendingReconcileCompletion;
+        pendingReconcileCompletion = null;
+        if (c != null) {
+            c.done();
+        }
+    }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/src/test/java/org/zstack/test/compute/vmnic/MockNicLifecycle.java`
around lines 124 - 132, The reconcileOnHost method currently ignores the
completion when reconcileDelayed is true, causing tests to hang; change it to
save the incoming NoErrorCompletion into a new field (e.g.,
pendingReconcileCompletion) and only call completion.done() immediately when
reconcileDelayed is false, and add a public helper method finishReconcile() that
invokes pendingReconcileCompletion.done() (and clears the field) so tests can
drive the delayed completion explicitly; update the class-level fields
(reconcileDelayed, reconcileCalls) accordingly and handle the case where
finishReconcile is called with no pending completion (no-op).

🧹 Nitpick comments (27)

network/src/main/java/org/zstack/network/l3/L3NetworkManagerImpl.java (1)

197-197: 建议添加空值检查。

dbf.findByUuid(msg.getL3NetworkUuid(), L3NetworkVO.class) 在极端情况下（如并发删除）可能返回 null，导致 L3NetworkInventory.valueOf(null) 抛出 NPE。

♻️ 建议的防御性检查

+                L3NetworkVO l3Vo = dbf.findByUuid(msg.getL3NetworkUuid(), L3NetworkVO.class);
+                if (l3Vo == null) {
+                    trigger.fail(err(SysErrors.RESOURCE_NOT_FOUND,
+                            "L3Network[uuid:%s] not found", msg.getL3NetworkUuid()));
+                    return;
+                }
-                L3NetworkInventory l3Inv = L3NetworkInventory.valueOf(dbf.findByUuid(msg.getL3NetworkUuid(), L3NetworkVO.class));
+                L3NetworkInventory l3Inv = L3NetworkInventory.valueOf(l3Vo);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@network/src/main/java/org/zstack/network/l3/L3NetworkManagerImpl.java` at
line 197, The call to
L3NetworkInventory.valueOf(dbf.findByUuid(msg.getL3NetworkUuid(),
L3NetworkVO.class)) can NPE if dbf.findByUuid(...) returns null; add a defensive
null-check after calling dbf.findByUuid(msg.getL3NetworkUuid(),
L3NetworkVO.class) (use the returned L3NetworkVO reference) and handle the
missing resource by returning/failing with a clear error (e.g., throw a
CloudRuntimeException/ApiMessageInterceptionException or populate an error
reply) instead of passing null into L3NetworkInventory.valueOf; update the code
around L3NetworkInventory.valueOf and dbf.findByUuid to first test for null and
include msg.getL3NetworkUuid in the error message.

core/src/main/java/org/zstack/core/rest/webhook/WebhookCallbackClient.java (2)

5-5: 建议：避免直接依赖实现类 ThreadFacadeImpl

当前代码导入了 ThreadFacadeImpl 仅为使用其内部类 TimeoutTaskReceipt。这违反了面向接口编程原则，增加了与具体实现的耦合。

建议将 TimeoutTaskReceipt 提取为独立的顶层接口或类，或通过 ThreadFacade 接口暴露，以保持代码的松耦合。

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@core/src/main/java/org/zstack/core/rest/webhook/WebhookCallbackClient.java`
at line 5, The import of the concrete class ThreadFacadeImpl in
WebhookCallbackClient to access TimeoutTaskReceipt couples this class to an
implementation; replace that by depending on an abstraction: add or expose a
top-level TimeoutTaskReceipt type via the ThreadFacade interface (or create a
standalone interface/class TimeoutTaskReceipt), update references in
WebhookCallbackClient to use ThreadFacade.TimeoutTaskReceipt or the new
TimeoutTaskReceipt type, and remove the import of ThreadFacadeImpl so
WebhookCallbackClient only depends on the interface ThreadFacade (or the new
top-level type).

81-87: 建议添加幂等性保护

start() 方法当前没有防止重复调用的保护。如果被多次调用，会重复注册 HTTP 回调处理器，可能导致不可预期的行为。

♻️ 建议的修改

+    private volatile boolean started = false;
+
     public void start() {
+        if (started) {
+            return;
+        }
+        started = true;
         this.callbackUrl = restf.getSendCommandUrl();
         restf.registerSyncHttpCallHandler(
                 protocol.getCallbackPath(),
                 protocol.getCallbackClass(),
                 this::onCallback);
     }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@core/src/main/java/org/zstack/core/rest/webhook/WebhookCallbackClient.java`
around lines 81 - 87, The start() method registers an HTTP handler
unconditionally, so repeated calls double-register the handler; add an
idempotency guard (e.g., a private AtomicBoolean started or a volatile boolean
with synchronized start) and check-and-set at the beginning of start() to return
immediately if already started, then proceed to set callbackUrl and call
restf.registerSyncHttpCallHandler(protocol.getCallbackPath(),
protocol.getCallbackClass(), this::onCallback) only once; ensure the check is
thread-safe to prevent race conditions.

header/src/main/java/org/zstack/header/network/l3/AfterUpdateIpRangeExtensionPoint.java (1)

3-4: 请为扩展点方法补充 Javadoc 契约说明。

Line [3-4] 当前缺少方法级文档，建议明确调用阶段、参数语义（old/new 是否为持久化前后快照）和异常处理约定，避免插件实现出现歧义。

As per coding guidelines, “接口方法不应有多余的修饰符（例如 public），且必须配有有效的 Javadoc 注释。”

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@header/src/main/java/org/zstack/header/network/l3/AfterUpdateIpRangeExtensionPoint.java`
around lines 3 - 4, 为 AfterUpdateIpRangeExtensionPoint 接口和其方法 afterUpdateIpRange
添加规范性 Javadoc：说明该扩展点何时被调用（例如在 IP 范围更新完成并持久化后触发或在事务 commit
之后/之前），明确参数含义（oldIpRange 为更新前的持久化快照，newIpRange 为更新后的持久化快照，均为 IpRangeInventory
实例且不可变假设），约定实现的异常处理（不应抛出受检异常；若抛出运行时异常，平台将记录并可能回滚/忽略），并补充并发/事务上下文说明（是否在同一线程、是否在数据库事务内执行）。同时移除接口方法上的多余修饰符（不要在接口方法上使用
public 修饰符），保证 Javadoc 覆盖 AfterUpdateIpRangeExtensionPoint 和 afterUpdateIpRange
的行为契约与参数语义。

rest/src/main/resources/scripts/RestDocumentationGenerator.groovy (1)

827-831: 避免在一致性检查中原地修改资源列表

Line [827] 直接对 md.globalConfig.resources.sort() 会修改 md 对象状态。建议在副本上排序，减少后续逻辑的隐式副作用。

建议修改

-            List<String> oldClasses = md.globalConfig.resources.sort()
+            List<String> oldClasses = new ArrayList<>(md.globalConfig.resources ?: []).sort()

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@rest/src/main/resources/scripts/RestDocumentationGenerator.groovy` around
lines 827 - 831, The code calls md.globalConfig.resources.sort() which mutates
md's state; change it to sort a copy instead so md isn't modified in place—for
example, create a new list from md.globalConfig.resources (e.g., via
toList()/collect() or new ArrayList(md.globalConfig.resources)) and sort that
into oldClasses, then compare oldClasses to newClasses; ensure you only read
from md and never call sort() directly on md.globalConfig.resources.

header/src/main/java/org/zstack/header/vm/AfterReleaseVmNicExtensionPoint.java (1)

10-11: 建议补充方法级契约说明（Completion 调用约束）。

建议在方法上明确“实现方必须且只能回调一次 completion（success/fail）”，避免扩展实现导致流程悬挂。

✍️ 建议修改

 public interface AfterReleaseVmNicExtensionPoint {
+    /**
+     * Implementations must invoke {`@code` completion.success()} or
+     * {`@code` completion.fail(...)} exactly once.
+     */
     void afterReleaseVmNic(VmNicInventory nic, Completion completion);
 }

As per coding guidelines: 接口方法不应有多余的修饰符（例如 public），且必须配有有效的 Javadoc 注释.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@header/src/main/java/org/zstack/header/vm/AfterReleaseVmNicExtensionPoint.java`
around lines 10 - 11, 为接口 AfterReleaseVmNicExtensionPoint 和其方法
afterReleaseVmNic(VmNicInventory nic, Completion completion) 添加
Javadoc，明确规定实现者必须且只能回调一次 completion（要么 completion.success(...) 要么
completion.fail(...)）且不得多次或遗漏回调；同时确保接口方法没有冗余的修饰符（不要在方法上显式声明 public
等）。在注释中给出简短示例语义（“调用完成后不应再访问流程” 或类似约束）以避免实现导致流程悬挂。

header/src/main/java/org/zstack/header/vm/BeforeAllocateVmNicExtensionPoint.java (1)

12-13: 建议在方法签名处补充 Completion 回调语义。

当前接口描述已很清晰，但建议把“必须且仅一次回调 completion”的约束直接落在方法 Javadoc 上，降低扩展点误用成本。

✍️ 建议修改

 public interface BeforeAllocateVmNicExtensionPoint {
+    /**
+     * Implementations must invoke {`@code` completion.success()} or
+     * {`@code` completion.fail(...)} exactly once.
+     */
     void beforeAllocateVmNic(VmNicInventory nic, VmInstanceSpec spec, Completion completion);
 }

As per coding guidelines: 接口方法不应有多余的修饰符（例如 public），且必须配有有效的 Javadoc 注释.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@header/src/main/java/org/zstack/header/vm/BeforeAllocateVmNicExtensionPoint.java`
around lines 12 - 13, Add a Javadoc to the
BeforeAllocateVmNicExtensionPoint.beforeAllocateVmNic method that documents the
Completion callback semantics: state that implementors must invoke the provided
Completion exactly once (either success or failure), thread/context expectations
(if any), and what happens if the callback is not invoked; also remove any
redundant access modifier from the interface method signature so it uses the
implicit public visibility for interface methods; reference the
BeforeAllocateVmNicExtensionPoint interface and the
beforeAllocateVmNic(VmNicInventory nic, VmInstanceSpec spec, Completion
completion) method when making these changes.

utils/src/main/java/org/zstack/utils/network/IPv6Utils.java (1)

34-40: 建议规范化 buildHttpsUrl 的 path 前缀，避免生成不规范 URL。

Line 39 直接 base + path，当调用方传入 "api" 时会得到 https://host:443api。建议统一补齐前导 /。

可参考修改

 public static String buildHttpsUrl(String ip, int port, String path) {
     String base = "https://" + bracketIpv6(ip) + ":" + port;
     if (path == null || path.isEmpty()) {
         return base;
     }
-    return base + path;
+    String normalizedPath = path.startsWith("/") ? path : "/" + path;
+    return base + normalizedPath;
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@utils/src/main/java/org/zstack/utils/network/IPv6Utils.java` around lines 34
- 40, The buildHttpsUrl method concatenates base and path without ensuring a
leading slash, producing malformed URLs like "https://host:443api"; update
buildHttpsUrl to normalize the path by checking if path is non-null/non-empty
and, if it does not start with '/', prepend a '/' before concatenation (use the
existing bracketIpv6 logic for the host portion), so return base +
normalizedPath; leave behavior for null/empty path unchanged.

compute/src/main/java/org/zstack/compute/host/HostApiInterceptor.java (1)

125-132: 建议先对 managementIp 做 trim() 再执行校验与规范化。

Line 125-132 目前直接使用原始输入；若用户粘贴包含前后空白，体验会变差且不利于数据规范化落库。

As per coding guidelines **/*Interceptor.java: 注意检查来自 Message 的参数是否做过 trim，用户可能在浏览器上复制粘贴的数据带有空格、换行符等.

可参考修改

-        String ip = msg.getManagementIp();
+        String ip = msg.getManagementIp() == null ? null : msg.getManagementIp().trim();
         if (!NetworkUtils.isHostname(ip) && !IPv6Utils.isValidManagementIp(ip)) {
             throw new ApiMessageInterceptionException(argerr(ORG_ZSTACK_COMPUTE_HOST_10113,
                     "managementIp[%s] is not a valid IPv4/IPv6 address or hostname", ip));
         }
         // Normalize IPv6 to RFC 5952 compressed form; IPv4/hostname returned as-is
         msg.setManagementIp(IPv6Utils.normalizeIpv6(ip));

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@compute/src/main/java/org/zstack/compute/host/HostApiInterceptor.java` around
lines 125 - 132, Trim the managementIp string before validation and
normalization: obtain the value from msg.getManagementIp(), call trim() (and
handle null/empty appropriately), then run
NetworkUtils.isHostname/IPv6Utils.isValidManagementIp checks and finally set the
normalized value via IPv6Utils.normalizeIpv6 on the trimmed input; update the
logic in HostApiInterceptor (the block handling managementIp
validation/normalization) so stored/validated values use the trimmed string.

plugin/applianceVm/src/main/java/org/zstack/appliancevm/ApplianceVmFacadeImpl.java (4)

530-531: 行内注释应使用英文

♻️ 建议修改

-        // F-009: 根据 VR 管理网 CIDR 选取与其同子网的 MN IP，支持多 IP/双栈主机
+        // F-009: Select MN IP matching VR management CIDR, supports multi-IP/dual-stack hosts

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@plugin/applianceVm/src/main/java/org/zstack/appliancevm/ApplianceVmFacadeImpl.java`
around lines 530 - 531, The inline comment above the declaration of vrMgmtCidr
in ApplianceVmFacadeImpl is written in Chinese; replace it with an English
comment describing the same behavior (e.g., "Select MN IP(s) in the same subnet
as the VR management network CIDR; support multi-IP/dual-stack hosts") so the
codebase uses English inline comments consistently and the meaning is preserved.

405-407: 内部注释应使用英文

♻️ 建议修改

                         } catch (Exception ignore) {
-                            // CIDR 类型与 IP 类型不匹配时忽略
+                            // ignore when CIDR type doesn't match IP type (e.g., IPv4 vs IPv6)
                         }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@plugin/applianceVm/src/main/java/org/zstack/appliancevm/ApplianceVmFacadeImpl.java`
around lines 405 - 407, Replace the Chinese inline comment in the catch block
inside ApplianceVmFacadeImpl (the catch (Exception ignore) { // CIDR 类型与 IP
类型不匹配时忽略 }) with an English comment, e.g. "// Ignore when CIDR and IP types do
not match", keeping the behavior unchanged and leaving the exception suppression
as-is; update only the comment text in the catch block to use English.

545-548: 日志消息应使用英文

♻️ 建议修改

             } catch (Exception ignored) {
-                logger.warn(String.format("failed to parse IPv6 netmask [%s] for VR nic IP [%s], using default prefix /64",
+                logger.warn(String.format("failed to parse IPv6 netmask [%s] for VR NIC IP [%s], using default prefix /64",
                         mgmtNic.getNetmask(), mgmtNic.getIp()));
             }

注意：这条日志消息本身是英文的，但变量名 mgmtNic 和字段引用是正确的。仅将 "nic" 改为 "NIC" 以保持一致性（可选）。

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@plugin/applianceVm/src/main/java/org/zstack/appliancevm/ApplianceVmFacadeImpl.java`
around lines 545 - 548, The log message in ApplianceVmFacadeImpl's catch block
uses "nic" lowercase; update the logger.warn call that formats
mgmtNic.getNetmask() and mgmtNic.getIp() so the message reads "NIC" (uppercase)
for consistency and remains English, e.g., change "VR nic IP" to "VR NIC IP" in
the logger.warn format string that surrounds mgmtNic.getNetmask() and
mgmtNic.getIp().

365-371: 方法注释应使用英文

根据编码规范，代码中不应包含中文，包括注释。请将方法文档注释改为英文。

♻️ 建议修改

-    /**
-     * F-009: 从本机网卡中选取与 VR 管理网 CIDR 同子网的 MN IP。
-     * 支持 IPv4/IPv6 双栈；若无匹配则回退到 Platform.getManagementServerIp()。
-     *
-     * `@param` vrManagementCidr VR 管理网的网络 CIDR，例如 "192.168.1.0/24" 或 "2001:db8::/64"
-     * `@return` 选定的 MN IP（裸地址，无括号）
-     */
+    /**
+     * F-009: Select a local MN IP that matches the VR management network CIDR.
+     * Supports IPv4/IPv6 dual-stack; falls back to Platform.getManagementServerIp() if no match.
+     *
+     * `@param` vrManagementCidr VR management network CIDR, e.g., "192.168.1.0/24" or "2001:db8::/64"
+     * `@return` selected MN IP (bare address, no brackets)
+     */

As per coding guidelines: "代码里不应当有有中文，包括报错、注释等都应当使用正确的、无拼写错误的英文来写"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@plugin/applianceVm/src/main/java/org/zstack/appliancevm/ApplianceVmFacadeImpl.java`
around lines 365 - 371, Update the JavaDoc comment in ApplianceVmFacadeImpl for
the method that takes parameter vrManagementCidr and returns a management node
IP so that the entire comment is written in English; replace the Chinese
description and annotations (including the summary, IPv4/IPv6 explanation,
fallback behavior and `@param/`@return text) with a clear English JavaDoc
explaining: purpose (select MN IP from local interfaces matching VR management
CIDR), dual-stack support and fallback to Platform.getManagementServerIp(),
examples of vrManagementCidr formats, and that the return is a plain IP address.
Ensure the JavaDoc tags reference vrManagementCidr and the return value exactly
as in the current signature.

core/src/main/java/org/zstack/core/rest/RESTFacadeImpl.java (2)

68-69: IPv6 URL 正则表达式的边界情况

正则表达式 BARE_IPV6_URL_PATTERN 用于检测裸 IPv6 地址。当前实现配合 isIpv6Address() 二次校验是安全的，但有几点值得注意：

IPv6 地址长度范围 {2,37} 可能略窄（完整 IPv6 如 2001:0db8:0000:0000:0000:0000:0000:0001 为 39 字符）
双冒号压缩形式（如 ::1）仅 3 字符

由于有 IPv6NetworkUtils.isIpv6Address() 作为二次校验，当前实现是安全的，这只是一个可选的改进建议。

♻️ 可选：放宽正则范围

-    private static final java.util.regex.Pattern BARE_IPV6_URL_PATTERN = java.util.regex.Pattern.compile(
-            "^(https?)://([0-9a-fA-F][0-9a-fA-F:]{2,37}[0-9a-fA-F]):(\\d+)(/.*)?");
+    private static final java.util.regex.Pattern BARE_IPV6_URL_PATTERN = java.util.regex.Pattern.compile(
+            "^(https?)://([0-9a-fA-F:]{2,39}):(\\d+)(/.*)?");

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@core/src/main/java/org/zstack/core/rest/RESTFacadeImpl.java` around lines 68
- 69, BARE_IPV6_URL_PATTERN currently limits the IPv6 host part with
[0-9a-fA-F:]{2,37} which can exclude valid full-length addresses and compressed
forms like ::1; update the pattern in RESTFacadeImpl (BARE_IPV6_URL_PATTERN) to
broaden the allowed host length (for example use {2,39} or simply + instead of
{2,37}) so legitimate IPv6 literals pass this initial regex and continue to be
validated by IPv6NetworkUtils.isIpv6Address(); keep the rest of the pattern
(scheme, port, optional path) unchanged.

984-989: 方法注释应使用英文

根据编码规范，代码中不应包含中文。

♻️ 建议修改

-    /**
-     * 检测并修复裸 IPv6（无方括号）的 callbackUrl。
-     * 正常路径下 URL 应由 {`@link` IPv6Utils#buildUrl} 生成，此方法作为兜底防御层。
-     * <p>
-     * 示例：http://2001:db8::1:8080/path → http://[2001:db8::1]:8080/path
-     */
+    /**
+     * Detect and fix bare IPv6 (unbracketed) callbackUrl.
+     * Normally URLs should be generated by {`@link` IPv6Utils#buildUrl}; this method serves as a fallback defense layer.
+     * <p>
+     * Example: http://2001:db8::1:8080/path → http://[2001:db8::1]:8080/path
+     */

As per coding guidelines: "代码里不应当有有中文，包括报错、注释等都应当使用正确的、无拼写错误的英文来写"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@core/src/main/java/org/zstack/core/rest/RESTFacadeImpl.java` around lines 984
- 989, Replace the Chinese Javadoc block above the method that detects and fixes
bare IPv6 callback URLs in RESTFacadeImpl (referencing IPv6Utils#buildUrl and
the callbackUrl handling) with an English Javadoc: describe the purpose ("Detect
and fix bare IPv6 (no brackets) callbackUrl as a defensive fallback when URLs
should be generated by IPv6Utils.buildUrl"), include the same example in English
("e.g. http://2001:db8::1:8080/path → http://[2001:db8::1]:8080/path"), and keep
any `@see` or links intact; ensure no Chinese text remains in the comment or
example.

compute/src/main/java/org/zstack/compute/vm/VmReturnReleaseNicFlow.java (2)

40-43: vmMgr 字段已注入但未使用。

与 VmDetachNicFlow 相同，VmInstanceManager vmMgr 被注入但未使用，应移除。

♻️ 建议修改

     `@Autowired`
-    protected VmInstanceManager vmMgr;
-    `@Autowired`
     protected PluginRegistry pluginRgty;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@compute/src/main/java/org/zstack/compute/vm/VmReturnReleaseNicFlow.java`
around lines 40 - 43, 字段 vmMgr (类型 VmInstanceManager) 在类 VmReturnReleaseNicFlow
中已被 `@Autowired` 注入但未使用；请从 VmReturnReleaseNicFlow 中移除该字段及其 `@Autowired`
注解（同时清理可能因此不再使用的导入），保持 PluginRegistry pluginRgty 等其他注入不变；参考 VmDetachNicFlow
中相同的清理做法以确保没有残留未使用符号或警告。

120-146: callReleaseSdnNics 与 VmDetachNicFlow 中的实现重复。

此方法与 VmDetachNicFlow.callReleaseSdnNics() 代码几乎相同。建议考虑提取为共享工具类（如 VmNicHelper 或 SdnNicReleaseHelper）以减少重复。

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@compute/src/main/java/org/zstack/compute/vm/VmReturnReleaseNicFlow.java`
around lines 120 - 146, Extract the duplicated logic in
VmReturnReleaseNicFlow.callReleaseSdnNics and VmDetachNicFlow.callReleaseSdnNics
into a single helper (e.g., VmNicHelper.releaseSdnNics or
SdnNicReleaseHelper.releaseSdnNics) that accepts the List<VmNicInventory>, a
Completion callback, and any dependencies needed (pluginRgty and logger or have
the helper obtain pluginRgty). Move the While/WhileDoneCompletion orchestration
and the AfterAllocateSdnNicExtensionPoint invocation into that helper, then
replace both original implementations to call the new helper method so both use
the same shared code path.

compute/src/main/java/org/zstack/compute/vm/VmDetachNicFlow.java (1)

44-47: vmMgr 字段已注入但未使用。

VmInstanceManager vmMgr 被注入但在此类中从未使用，应移除以避免死代码。

♻️ 建议修改

     `@Autowired`
-    private VmInstanceManager vmMgr;
-    `@Autowired`
     private PluginRegistry pluginRgty;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@compute/src/main/java/org/zstack/compute/vm/VmDetachNicFlow.java` around
lines 44 - 47, The VmInstanceManager field vmMgr in class VmDetachNicFlow is
injected but never used; remove the unused field declaration (`@Autowired` private
VmInstanceManager vmMgr;) from VmDetachNicFlow and clean any unused imports
related to VmInstanceManager to eliminate dead code while leaving PluginRegistry
pluginRgty intact; if vmMgr was intended for future use, replace with a TODO
comment or add usage where appropriate, otherwise delete the field declaration.

test/src/test/groovy/org/zstack/test/integration/network/ipv6/MnIpv6StorageMigrationCase.groovy (1)

7-135: 请将该文件里的新增注释统一改成英文。

这次新增的类注释、方法注释和行内注释都用了中文。