Definitely AI generated. But the project is interesting, because that space felt a bit dry to me. netboot.xyz and iventoy are cool, but for most basic use cases I always felt these things could be yet further simplified. So I guess I'll go and review the code when I find some time.

EDIT: Found the disclosure in the repo: >I've used Claude CLI to help with some parts of this project - mostly making the web UI pretty, as I'm NOT a frontend developer. I also used it to generate the docs, but I review them manually - no automatically-generated AI code goes into the project without review from myself.

I guess that's fair.

There is a note on there around AI coding which gives a little more hope. But what i would expect from such a component is also a clear indication of how its security is being vetter, tested and attempted to be assured.

When using such a server, its of critical importance its secure. If someone can enter it, they can change your images, knock over a machine and get it to boot a rogue image etc.

Id be interested what thread models are taken into account. If there is any fuzzing.

Perhaps a clear list of all the third party packages it pulls in and assessment of those packages.

It sounds like a lot but actually AI can help set up a lot of tooling around this stuff to make it more managable to do a lot of thorough testing / vetting of things.

I do think its also interesting project, and ofc it might be somehting that matures over time in this regard. (i am super biassed about security also as its my domain and i've litterally seen colleagues root servers which hosted images for entire infras of companies. thats a scary vector. if you can tamper with 1 PXE boot you can overwrite firmware.

(this is not saying anything about secure boot ofc, my experiences with PXE predate that being actively deployed)

It's the staccato sentences

Yes, this observation has been expressed like a million times here.