refactor the code (#148)

* initial rework of setup task

* rework deploy task

* rework delete task

* rework sign task and add task for controller

* rework add task for validator

* rework cml connection to happen inside task

* optimize console connection

* combine add task for controller and validator

* minor enhancements to handle timeouts

* add integration tests

* update tests

* add tests for add task

* rework add task for edge

* fix ipv6 controller template

* rework add task for sdrouting

* bump version to 3.0.0b1 in pyproject.toml

* update readme

* update for 3.0.0b1

* add support for custom cpus/ram in add task

* rework backup task

* rework restore task

* optimize logging and error handling

* update tests

* fixes and code optimizations

* update docs

* formatting and minor enhancements

* add logout handling to CML connections in delete, images, and setup tasks

* add methods to enable MRF and create network hierarchy entry in ManagerClient

* refactor _patch_topology to use lambda for user substitution in configuration

* fix: improve backup loading by filtering extracted files for security

* refactor: simplify node extraction loop by using enumerate

* refactor: replace direct SSH handling with context manager for cleaner code

* refactor: replace ManagerClient instantiation with connect_manager for improved connection handling

* refactor: centralize node extraction logic with topology_nodes utility function

* refactor: extract manager mode validation logic into a separate function

* refactor: replace hardcoded node definitions with constants for improved maintainability

* refactor: replace custom topology dumping logic with utility function for consistency

* refactor: rename temporary directory variable for clarity in backup loading

* refactor: extract config group ID retrieval into a separate function for reusability

* minor fixes

* minor code simplifications and doc updates

* fix pipeline issues

* drop mypy

* minor fixes

* fix pipeline errors

* fix lint

* refactor: improve readability of SSH host key policy setting

* refactor: simplify comment on SSH host key policy setting

* updates based on PR review

* drop passlib dependency

Author: tzarski0

.flake8

@@ -1,4 +1,4 @@
-name: Publish to PyPi
+name: Publish to PyPI
 
 on:
   push:
@@ -9,26 +9,20 @@ permissions:
   contents: read
 
 jobs:
-  pypi-publish:
-    name: upload release to PyPI
+  publish:
+    name: Build and publish to PyPI
     runs-on: ubuntu-latest
-    defaults:
-      run:
-        shell: bash
     environment: release
     permissions:
       id-token: write
     steps:
-      - uses: actions/checkout@v4
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: 3.11
-      - name: Set up Poetry
-        uses: abatilo/actions-poetry@v2.0.0
-        with:
-          poetry-version: 1.7.1
-      - name: Build the package
-        run: poetry build
-      - name: Publish package distributions to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
+
+      - name: Build
+        run: uv build
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0

.github/workflows/release.yml

@@ -3,27 +3,20 @@ name: scorecard
 on:
   push:
     branches:
-      # Run on pushes to default branch
       - main
   schedule:
-    # Run weekly on Saturdays
     - cron: "30 1 * * 6"
-  # Run when branch protection rules change
   branch_protection_rule:
-  # Run the workflow manually
   workflow_dispatch:
 
-# Declare default permissions as read-only
 permissions: read-all
 
 jobs:
   run-scorecard:
-    # Call reusable workflow file
     uses: cisco-ospo/.github/.github/workflows/_scorecard.yml@main
     permissions:
       id-token: write
       security-events: write
     secrets: inherit
     with:
-      # Publish results of Scorecard analysis
       publish-results: true

.github/workflows/scorecard.yml

@@ -1,4 +1,5 @@
 name: Test
+
 on:
   workflow_dispatch:
   pull_request:
@@ -15,64 +16,32 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Python Setup
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.12"
+      - name: Install uv
+        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
 
-      - name: Lint Checks
-        run: |
-          pip install poetry
-          poetry install
-          poetry run flake8 catalyst_sdwan_lab
-          poetry run isort --check --diff --profile black catalyst_sdwan_lab
-          poetry run black --check catalyst_sdwan_lab
-          poetry run mypy --show-error-codes --show-error-context --pretty --install-types --non-interactive catalyst_sdwan_lab --cache-dir=.mypy_cache/
+      - name: Ruff
+        run: uv run ruff check src/
 
   test:
-    name: Tests
+    name: Tests (Python ${{ matrix.python }})
     runs-on: ubuntu-latest
     timeout-minutes: 10
     strategy:
       matrix:
         python:
-          - "3.9"
-          - "3.10"
           - "3.11"
           - "3.12"
           - "3.13"
+          - "3.14"
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Python Setup
-        uses: actions/setup-python@v5
+      - name: Install uv
+        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
         with:
           python-version: ${{ matrix.python }}
 
-      - name: Test
-        run: |
-          pip install poetry
-          poetry install
-          poetry run sdwan-lab -h
-
-  notification:
-    name: Notification
-    if: always() && github.event_name != 'pull_request'
-    needs: [lint, test]
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    steps:
-      - name: Check Job Success
-        run: |
-          if [ ${{ needs.lint.result }} == 'success' ] && [ ${{ needs.test.result }} == 'success' ]; then
-            echo "All jobs succeeded"
-            echo "jobSuccess=success" >> $GITHUB_ENV
-          else
-            echo "Not all jobs succeeded"
-            echo "jobSuccess=fail" >> $GITHUB_ENV
-          fi
-        id: print_status
+      - name: Run tests
+        run: uv run pytest tests/ -v

.github/workflows/test.yml

@@ -197,4 +197,7 @@ cython_debug/
 catalyst_sdwan_lab/data/certs/rootCA.key
 vsdwan.sh
 lab.env
-backup/
+old/
+.claude/
+CLAUDE.md
+*.qcow2

.gitignore

@@ -1,8 +1,27 @@
-# Catalyst SD-WAN Lab 2.2.0 [unreleased]
-
+# Catalyst SD-WAN Lab 3.0.0b1 [2026-06-02]
+
+Complete rewrite. The tool is now dependency-minimal with no catalystwan SDK, no pyATS, and no pyOpenSSL.
+
+- Drop `catalystwan` SDK — replaced with a thin `requests`-based Manager HTTP client
+- Drop `pyats` / `unicon` — replaced with `paramiko` for SSH access to CML nodes
+- Drop `pyOpenSSL` — replaced with direct use of `cryptography`
+- Migrate packaging from Poetry to `uv`
+- Raise minimum Python version to 3.11
+- Raise minimum SD-WAN Manager version to 20.15
+- Raise minimum CML version to 2.7
+- Add `images` subcommand with `list`, `upload`, and `delete` — moves image management out of `setup`
+- Add SD-Routing Edge onboarding via config-group-based flow
+- Add `--manager-port` option to `deploy` and `restore` for PATty mode (replaces `pat:<port>` syntax)
+- Add `--serial-file` option to `deploy` and `restore` for custom `.viptela` serial files and org name
+- Add `--output / -o` option to `sign` to write the signed certificate to a file
+- Add `--debug` global flag for HTTP-level request/response logging
+- Add `--directory` flag to `backup` to save as an unpacked directory instead of a zip archive
 - Add support for Catalyst SD-WAN release 26.1.1
-- In deploy and restore tasks, add progress status for SD-WAN Manager boot (>26.1.1)
-- In deploy and restore tasks, skip initial setup workflow on first UI login (>26.1.1)
+- Add progress status for SD-WAN Manager boot in `deploy` and `restore` (Manager >= 26.1.1)
+- Skip initial setup workflow on first UI login in `deploy` and `restore` (Manager >= 26.1.1)
+- Accept un-padded software versions (`26.1.1` resolved to `26.01.01` automatically)
+- Move `setup --list` to `images list` and `setup --delete` to `images delete`
+- Rename `--manager` → `--manager-ip`, `--muser` → `--manager-user`, `--mpassword` → `--manager-pass`, `--mmask` → `--manager-mask`, `--mgateway` → `--manager-gateway`, `--ip_type` → `--ip-type`, `--deleteexisting` → `--delete-existing`, `--contr_version` → `--contr-version`, `--edge_version` → `--edge-version`
 
 # Catalyst SD-WAN Lab 2.1.8 [Mar 5, 2026]
 

.mypy.ini

@@ -3,60 +3,78 @@
 Thank you for your interest in contributing to Catalyst SD-WAN Lab! Please take a moment to review this document **before submitting a pull request**:
 
 - Want to add something yourself? [Make a PR](https://github.com/cisco-open/sdwan-lab-deployment-tool/pulls).
-  - To make a PR, fork the repository, make your changes, and submit the pull request. Then, wait for review and feedback from our developers.
-  - Write a clear PR description and include docstrings in your code to make it easily understandable.
-  - Always write clear log messages for your commits.
-  - Before submitting a PR, verify that the existing SD-WAN Lab tasks work without any issues (see [Testing Before Pull Requests](#testing-before-pull-requests)).
+  - Fork the repository, make your changes, and submit the pull request. Then wait for review and feedback.
+  - Write a clear PR description explaining what changed and why.
+  - Always write clear commit messages.
+  - Before submitting a PR, make sure unit tests pass and, where possible, verify that the affected tasks work end-to-end (see [Testing](#testing)).
   - For CML interactions, use the official [CML SDK](https://github.com/CiscoDevNet/virl2-client).
-  - For SD-WAN interactions, use the official [Catalyst WAN SDK](https://github.com/CiscoDevNet/catalystwan).
-- Found a bug or have a feature request? [Report it here](https://github.com/cisco-open/sdwan-lab-deployment-tool/issues) and provide as much information as possible.
+  - For SD-WAN Manager interactions, use the thin `manager_client.py` HTTP client in this repo (direct `requests` calls — no external SDK).
+- Found a bug or have a feature request? [Report it here](https://github.com/cisco-open/sdwan-lab-deployment-tool/issues) and provide as much detail as possible.
 
-## Testing Before Pull Requests
+## Development Setup
 
-Before opening a pull request, please ensure all tests pass:
+This project uses [uv](https://docs.astral.sh/uv/) for packaging and dependency management.
 
-1. Create a virtual environment:
+1. Install `uv` if you don't have it:
 
-   ```
-   python3 -m venv venv
+   ```sh
+   curl -LsSf https://astral.sh/uv/install.sh | sh
    ```
 
-2. Activate the virtual environment:
+2. Clone the repository and install dependencies (including dev extras):
 
+   ```sh
+   git clone https://github.com/cisco-open/sdwan-lab-deployment-tool.git
+   cd sdwan-lab-deployment-tool
+   uv sync
    ```
-   source venv/bin/activate
+
+3. Verify the installation:
+
+   ```sh
+   uv run csdwan --version
    ```
 
-   The prompt will update with the virtual environment name (`venv`), indicating that it is active.
+## Testing
 
-3. Upgrade initial virtual environment packages:
+### Unit tests
 
-   ```
-   pip install --upgrade pip setuptools pytest
-   ```
+Run the unit test suite:
 
-4. Install the tool from your local repository:
+```sh
+uv run pytest
+```
 
-   ```
-   pip install --upgrade .
-   ```
+### Integration tests
 
-   Alternatively, you can install the tool from your branch, for example:
+Integration tests run the full CLI against a live CML environment. They are excluded from the default `pytest` run and must be invoked explicitly.
 
-   ```
-   pip install git+https://github.com/cisco-open/sdwan-lab-deployment-tool.git@restore_version_change
-   ```
+Set the required environment variables (the same ones used in `lab.env`, plus `SDWAN_VERSION`):
 
-5. Load the environment variables used to deploy a test lab:
+```sh
+export CML_IP='cml.example.com'
+export CML_USER='admin'
+export CML_PASSWORD='your-password'
+export LAB_NAME='sdwan-lab'
+export MANAGER_PORT=2000          # PATty mode, or use MANAGER_IP/MANAGER_MASK/MANAGER_GATEWAY
+export MANAGER_USER='sdwan'
+export MANAGER_PASSWORD='your-manager-password'
+export SDWAN_VERSION='20.15.1'
+```
 
-   ```
-   source lab.env
-   ```
+Or simply source your existing `lab.env` and export `SDWAN_VERSION`:
 
-6. Run tests:
+```sh
+source lab.env
+export SDWAN_VERSION=20.15.1
+```
 
-   ```
-   pytest -s test_csdwan.py
-   ```
+Then run all integration tests:
+
+```sh
+uv run pytest tests/integration/ -v -s
+```
+
+The `-s` flag disables output capture so you can watch the progress of each `csdwan` step in real time. The full workflow test (deploy → add → backup → restore → delete) takes 30–60 minutes depending on your environment.
 
-   This will run all tasks and display real-time output. Make sure to resolve any test failures before submitting your PR. If needed, you can modify the control components and edge versions in the test_csdwan.py file.
+If any required environment variable is missing, the tests are automatically skipped rather than failing.