From db8e524437241348d9b298f089b40af068b77617 Mon Sep 17 00:00:00 2001
From: Benjamin Leonard <hello@benleonard.co.uk>
Date: Fri, 17 May 2024 15:45:28 +0100
Subject: [PATCH 01/22] Switch param to route tabs: VPC firewall rules and
 subnets

---
 app/api/path-params.ts                        |  1 +
 app/forms/firewall-rules-create.tsx           | 41 ++++++--
 app/forms/firewall-rules-edit.tsx             | 48 +++++++---
 app/forms/subnet-create.tsx                   | 12 ++-
 app/forms/subnet-edit.tsx                     | 44 +++++++--
 app/hooks/use-params.ts                       |  5 +
 app/pages/project/vpcs/VpcPage/VpcPage.tsx    | 40 +++-----
 .../vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx | 74 ++++++++------
 .../vpcs/VpcPage/tabs/VpcSubnetsTab.tsx       | 96 +++++++++++++------
 app/routes.tsx                                | 46 +++++++--
 app/util/path-builder.spec.ts                 |  2 +
 app/util/path-builder.ts                      | 13 +++
 12 files changed, 299 insertions(+), 123 deletions(-)

diff --git a/app/api/path-params.ts b/app/api/path-params.ts
index dc5c30a9af..e0be7474ab 100644
--- a/app/api/path-params.ts
+++ b/app/api/path-params.ts
@@ -16,6 +16,7 @@ export type NetworkInterface = Merge<Instance, { interface?: string }>
 export type Snapshot = Merge<Project, { snapshot?: string }>
 export type Vpc = Merge<Project, { vpc?: string }>
 export type VpcSubnet = Merge<Vpc, { subnet?: string }>
+export type VpcFirewallRule = Merge<Vpc, { firewallRule?: string }>
 export type Silo = { silo?: string }
 export type IdentityProvider = Merge<Silo, { provider: string }>
 export type SystemUpdate = { version: string }
diff --git a/app/forms/firewall-rules-create.tsx b/app/forms/firewall-rules-create.tsx
index 88d009bbc1..53a9e48db4 100644
--- a/app/forms/firewall-rules-create.tsx
+++ b/app/forms/firewall-rules-create.tsx
@@ -5,13 +5,17 @@
  *
  * Copyright Oxide Computer Company
  */
+import { useMemo } from 'react'
 import { useController, type Control } from 'react-hook-form'
+import { useNavigate, type LoaderFunctionArgs } from 'react-router-dom'
 
 import {
+  apiQueryClient,
   firewallRuleGetToPut,
   parsePortRange,
   useApiMutation,
   useApiQueryClient,
+  usePrefetchedApiQuery,
   type ApiError,
   type VpcFirewallRule,
   type VpcFirewallRuleHostFilter,
@@ -28,7 +32,8 @@ import { NumberField } from '~/components/form/fields/NumberField'
 import { RadioField } from '~/components/form/fields/RadioField'
 import { TextField, TextFieldInner } from '~/components/form/fields/TextField'
 import { SideModalForm } from '~/components/form/SideModalForm'
-import { useForm, useVpcSelector } from '~/hooks'
+import { getVpcSelector, useForm, useVpcSelector } from '~/hooks'
+import { addToast } from '~/stores/toast'
 import { Badge } from '~/ui/lib/Badge'
 import { Button } from '~/ui/lib/Button'
 import { FormDivider } from '~/ui/lib/Divider'
@@ -36,7 +41,9 @@ import { Message } from '~/ui/lib/Message'
 import * as MiniTable from '~/ui/lib/MiniTable'
 import { TextInputHint } from '~/ui/lib/TextInput'
 import { KEYS } from '~/ui/util/keys'
+import { sortBy } from '~/util/array'
 import { links } from '~/util/links'
+import { pb } from '~/util/path-builder'
 
 export type FirewallRuleValues = {
   enabled: boolean
@@ -536,25 +543,41 @@ export const CommonFields = ({ error, control }: CommonFieldsProps) => {
 //   priority: Yup.number().integer().min(0).max(65535).required('Required'),
 // })
 
-type CreateFirewallRuleFormProps = {
-  onDismiss: () => void
-  existingRules: VpcFirewallRule[]
+CreateFirewallRuleForm.loader = async ({ params }: LoaderFunctionArgs) => {
+  const vpcSelector = getVpcSelector(params)
+
+  await Promise.all([
+    apiQueryClient.prefetchQuery('vpcFirewallRulesView', {
+      query: vpcSelector,
+    }),
+    apiQueryClient.prefetchQuery('vpcView', {
+      path: { vpc: vpcSelector.vpc },
+      query: { project: vpcSelector.project },
+    }),
+  ])
+  return null
 }
 
-export function CreateFirewallRuleForm({
-  onDismiss,
-  existingRules,
-}: CreateFirewallRuleFormProps) {
+export function CreateFirewallRuleForm() {
   const vpcSelector = useVpcSelector()
   const queryClient = useApiQueryClient()
 
+  const navigate = useNavigate()
+  const onDismiss = () => navigate(pb.vpcFirewallRules(vpcSelector))
+
   const updateRules = useApiMutation('vpcFirewallRulesUpdate', {
     onSuccess() {
       queryClient.invalidateQueries('vpcFirewallRulesView')
-      onDismiss()
+      addToast({ content: 'Your firewall rule has been created' })
+      navigate(pb.vpcFirewallRules(vpcSelector))
     },
   })
 
+  const { data } = usePrefetchedApiQuery('vpcFirewallRulesView', {
+    query: vpcSelector,
+  })
+  const existingRules = useMemo(() => sortBy(data.rules, (r) => r.priority), [data])
+
   const form = useForm({ defaultValues })
 
   return (
diff --git a/app/forms/firewall-rules-edit.tsx b/app/forms/firewall-rules-edit.tsx
index e23428bdc2..0657268da9 100644
--- a/app/forms/firewall-rules-edit.tsx
+++ b/app/forms/firewall-rules-edit.tsx
@@ -5,15 +5,25 @@
  *
  * Copyright Oxide Computer Company
  */
+import { useNavigate, type LoaderFunctionArgs } from 'react-router-dom'
+
 import {
+  apiQueryClient,
   firewallRuleGetToPut,
   useApiMutation,
   useApiQueryClient,
-  type VpcFirewallRule,
+  usePrefetchedApiQuery,
 } from '@oxide/api'
 
 import { SideModalForm } from '~/components/form/SideModalForm'
-import { useForm, useVpcSelector } from '~/hooks'
+import {
+  getVpcSelector,
+  useForm,
+  useVpcFirewallRuleSelector,
+  useVpcSelector,
+} from '~/hooks'
+import { invariant } from '~/util/invariant'
+import { pb } from '~/util/path-builder'
 
 import {
   CommonFields,
@@ -21,20 +31,35 @@ import {
   type FirewallRuleValues,
 } from './firewall-rules-create'
 
-type EditFirewallRuleFormProps = {
-  onDismiss: () => void
-  existingRules: VpcFirewallRule[]
-  originalRule: VpcFirewallRule
+EditFirewallRuleForm.loader = async ({ params }: LoaderFunctionArgs) => {
+  const vpcSelector = getVpcSelector(params)
+
+  await apiQueryClient.prefetchQuery('vpcFirewallRulesView', {
+    query: vpcSelector,
+  })
+
+  return null
 }
 
-export function EditFirewallRuleForm({
-  onDismiss,
-  existingRules,
-  originalRule,
-}: EditFirewallRuleFormProps) {
+export function EditFirewallRuleForm() {
+  const vpcFirewallRuleSelector = useVpcFirewallRuleSelector()
   const vpcSelector = useVpcSelector()
   const queryClient = useApiQueryClient()
 
+  const { data } = usePrefetchedApiQuery('vpcFirewallRulesView', {
+    query: { project: vpcFirewallRuleSelector.project, vpc: vpcFirewallRuleSelector.vpc },
+  })
+
+  const existingRules = data.rules
+  const originalRule = existingRules.find(
+    (rule) => rule.name === vpcFirewallRuleSelector.firewallRule
+  )
+
+  invariant(originalRule, 'Firewall rule must exist')
+
+  const navigate = useNavigate()
+  const onDismiss = () => navigate(pb.vpcFirewallRules(vpcSelector))
+
   const updateRules = useApiMutation('vpcFirewallRulesUpdate', {
     onSuccess() {
       queryClient.invalidateQueries('vpcFirewallRulesView')
@@ -75,6 +100,7 @@ export function EditFirewallRuleForm({
         const otherRules = existingRules
           .filter((r) => r.name !== originalRule.name)
           .map(firewallRuleGetToPut)
+
         updateRules.mutate({
           query: vpcSelector,
           body: {
diff --git a/app/forms/subnet-create.tsx b/app/forms/subnet-create.tsx
index a240c61544..0ae3de8696 100644
--- a/app/forms/subnet-create.tsx
+++ b/app/forms/subnet-create.tsx
@@ -5,6 +5,8 @@
  *
  * Copyright Oxide Computer Company
  */
+import { useNavigate } from 'react-router-dom'
+
 import { useApiMutation, useApiQueryClient, type VpcSubnetCreate } from '@oxide/api'
 
 import { DescriptionField } from '~/components/form/fields/DescriptionField'
@@ -13,6 +15,7 @@ import { TextField } from '~/components/form/fields/TextField'
 import { SideModalForm } from '~/components/form/SideModalForm'
 import { useForm, useVpcSelector } from '~/hooks'
 import { FormDivider } from '~/ui/lib/Divider'
+import { pb } from '~/util/path-builder'
 
 const defaultValues: VpcSubnetCreate = {
   name: '',
@@ -20,14 +23,13 @@ const defaultValues: VpcSubnetCreate = {
   ipv4Block: '',
 }
 
-type CreateSubnetFormProps = {
-  onDismiss: () => void
-}
-
-export function CreateSubnetForm({ onDismiss }: CreateSubnetFormProps) {
+export function CreateSubnetForm() {
   const vpcSelector = useVpcSelector()
   const queryClient = useApiQueryClient()
 
+  const navigate = useNavigate()
+  const onDismiss = () => navigate(pb.vpcSubnets(vpcSelector))
+
   const createSubnet = useApiMutation('vpcSubnetCreate', {
     onSuccess() {
       queryClient.invalidateQueries('vpcSubnetList')
diff --git a/app/forms/subnet-edit.tsx b/app/forms/subnet-edit.tsx
index ed93841a54..28a2ada297 100644
--- a/app/forms/subnet-edit.tsx
+++ b/app/forms/subnet-edit.tsx
@@ -5,23 +5,51 @@
  *
  * Copyright Oxide Computer Company
  */
-import { useApiMutation, useApiQueryClient, type VpcSubnet } from '@oxide/api'
+import { useNavigate, type LoaderFunctionArgs } from 'react-router-dom'
+
+import {
+  apiQueryClient,
+  useApiMutation,
+  useApiQueryClient,
+  usePrefetchedApiQuery,
+} from '@oxide/api'
 
 import { DescriptionField } from '~/components/form/fields/DescriptionField'
 import { NameField } from '~/components/form/fields/NameField'
 import { SideModalForm } from '~/components/form/SideModalForm'
-import { useForm, useVpcSelector } from '~/hooks'
+import {
+  getVpcSubnetSelector,
+  useForm,
+  useVpcSelector,
+  useVpcSubnetSelector,
+} from '~/hooks'
 import { pick } from '~/util/object'
+import { pb } from '~/util/path-builder'
+
+EditSubnetForm.loader = async ({ params }: LoaderFunctionArgs) => {
+  const vpcSubnetSelector = getVpcSubnetSelector(params)
+
+  await apiQueryClient.prefetchQuery('vpcSubnetView', {
+    query: { project: vpcSubnetSelector.project, vpc: vpcSubnetSelector.vpc },
+    path: { subnet: vpcSubnetSelector.subnet },
+  })
 
-type EditSubnetFormProps = {
-  onDismiss: () => void
-  editing: VpcSubnet
+  return null
 }
 
-export function EditSubnetForm({ onDismiss, editing }: EditSubnetFormProps) {
+export function EditSubnetForm() {
   const vpcSelector = useVpcSelector()
+  const vpcSubnetSelector = useVpcSubnetSelector()
   const queryClient = useApiQueryClient()
 
+  const navigate = useNavigate()
+  const onDismiss = () => navigate(pb.vpcSubnets(vpcSelector))
+
+  const { data: subnet } = usePrefetchedApiQuery('vpcSubnetView', {
+    query: vpcSelector,
+    path: { subnet: vpcSubnetSelector.subnet },
+  })
+
   const updateSubnet = useApiMutation('vpcSubnetUpdate', {
     onSuccess() {
       queryClient.invalidateQueries('vpcSubnetList')
@@ -29,7 +57,7 @@ export function EditSubnetForm({ onDismiss, editing }: EditSubnetFormProps) {
     },
   })
 
-  const defaultValues = pick(editing, 'name', 'description') /* satisfies VpcSubnetUpdate */
+  const defaultValues = pick(subnet, 'name', 'description') /* satisfies VpcSubnetUpdate */
 
   const form = useForm({ defaultValues })
 
@@ -41,7 +69,7 @@ export function EditSubnetForm({ onDismiss, editing }: EditSubnetFormProps) {
       onDismiss={onDismiss}
       onSubmit={(body) => {
         updateSubnet.mutate({
-          path: { subnet: editing.name },
+          path: { subnet: subnet.name },
           query: vpcSelector,
           body,
         })
diff --git a/app/hooks/use-params.ts b/app/hooks/use-params.ts
index 8cca1c39de..f4f44fa117 100644
--- a/app/hooks/use-params.ts
+++ b/app/hooks/use-params.ts
@@ -36,6 +36,8 @@ export const getProjectSelector = requireParams('project')
 export const getFloatingIpSelector = requireParams('project', 'floatingIp')
 export const getInstanceSelector = requireParams('project', 'instance')
 export const getVpcSelector = requireParams('project', 'vpc')
+export const getVpcFirewallRuleSelector = requireParams('project', 'vpc', 'firewallRule')
+export const getVpcSubnetSelector = requireParams('project', 'vpc', 'subnet')
 export const getSiloSelector = requireParams('silo')
 export const getSiloImageSelector = requireParams('image')
 export const getIdpSelector = requireParams('silo', 'provider')
@@ -77,6 +79,9 @@ export const useProjectSnapshotSelector = () =>
   useSelectedParams(getProjectSnapshotSelector)
 export const useInstanceSelector = () => useSelectedParams(getInstanceSelector)
 export const useVpcSelector = () => useSelectedParams(getVpcSelector)
+export const useVpcSubnetSelector = () => useSelectedParams(getVpcSubnetSelector)
+export const useVpcFirewallRuleSelector = () =>
+  useSelectedParams(getVpcFirewallRuleSelector)
 export const useSiloSelector = () => useSelectedParams(getSiloSelector)
 export const useSiloImageSelector = () => useSelectedParams(getSiloImageSelector)
 export const useIdpSelector = () => useSelectedParams(getIdpSelector)
diff --git a/app/pages/project/vpcs/VpcPage/VpcPage.tsx b/app/pages/project/vpcs/VpcPage/VpcPage.tsx
index 662810f99e..17f539b1df 100644
--- a/app/pages/project/vpcs/VpcPage/VpcPage.tsx
+++ b/app/pages/project/vpcs/VpcPage/VpcPage.tsx
@@ -10,38 +10,28 @@ import type { LoaderFunctionArgs } from 'react-router-dom'
 import { apiQueryClient, usePrefetchedApiQuery } from '@oxide/api'
 import { Networking24Icon } from '@oxide/design-system/icons/react'
 
-import { QueryParamTabs } from '~/components/QueryParamTabs'
+import { RouteTabs, Tab } from '~/components/RouteTabs'
 import { getVpcSelector, useVpcSelector } from '~/hooks'
 import { EmptyCell } from '~/table/cells/EmptyCell'
-import { PAGE_SIZE } from '~/table/QueryTable'
 import { DateTime } from '~/ui/lib/DateTime'
 import { PageHeader, PageTitle } from '~/ui/lib/PageHeader'
 import { PropertiesTable } from '~/ui/lib/PropertiesTable'
-import { Tabs } from '~/ui/lib/Tabs'
+import { pb } from '~/util/path-builder'
 
 import { VpcDocsPopover } from '../VpcsPage'
-import { VpcFirewallRulesTab } from './tabs/VpcFirewallRulesTab'
-import { VpcSubnetsTab } from './tabs/VpcSubnetsTab'
 
 VpcPage.loader = async ({ params }: LoaderFunctionArgs) => {
   const { project, vpc } = getVpcSelector(params)
-  await Promise.all([
-    apiQueryClient.prefetchQuery('vpcView', { path: { vpc }, query: { project } }),
-    apiQueryClient.prefetchQuery('vpcFirewallRulesView', {
-      query: { project, vpc },
-    }),
-    apiQueryClient.prefetchQuery('vpcSubnetList', {
-      query: { project, vpc, limit: PAGE_SIZE },
-    }),
-  ])
+  apiQueryClient.prefetchQuery('vpcView', { path: { vpc }, query: { project } })
+
   return null
 }
 
 export function VpcPage() {
-  const { project, vpc: vpcName } = useVpcSelector()
+  const vpcSelector = useVpcSelector()
   const { data: vpc } = usePrefetchedApiQuery('vpcView', {
-    path: { vpc: vpcName },
-    query: { project },
+    path: { vpc: vpcSelector.vpc },
+    query: { project: vpcSelector.project },
   })
 
   return (
@@ -67,18 +57,10 @@ export function VpcPage() {
         </PropertiesTable>
       </PropertiesTable.Group>
 
-      <QueryParamTabs className="full-width" defaultValue="firewall-rules">
-        <Tabs.List>
-          <Tabs.Trigger value="firewall-rules">Firewall Rules</Tabs.Trigger>
-          <Tabs.Trigger value="subnets">Subnets</Tabs.Trigger>
-        </Tabs.List>
-        <Tabs.Content value="firewall-rules">
-          <VpcFirewallRulesTab />
-        </Tabs.Content>
-        <Tabs.Content value="subnets">
-          <VpcSubnetsTab />
-        </Tabs.Content>
-      </QueryParamTabs>
+      <RouteTabs fullWidth>
+        <Tab to={pb.vpcFirewallRules(vpcSelector)}>Firewall Rules</Tab>
+        <Tab to={pb.vpcSubnets(vpcSelector)}>Subnets</Tab>
+      </RouteTabs>
     </>
   )
 }
diff --git a/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx b/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
index c70a6b0e7d..312c186fd8 100644
--- a/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
+++ b/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
@@ -6,9 +6,11 @@
  * Copyright Oxide Computer Company
  */
 import { createColumnHelper, getCoreRowModel, useReactTable } from '@tanstack/react-table'
-import { useMemo, useState } from 'react'
+import { useMemo } from 'react'
+import { Outlet, useNavigate, type LoaderFunctionArgs } from 'react-router-dom'
 
 import {
+  apiQueryClient,
   useApiMutation,
   useApiQueryClient,
   usePrefetchedApiQuery,
@@ -16,21 +18,20 @@ import {
 } from '@oxide/api'
 
 import { ListPlusCell } from '~/components/ListPlusCell'
-import { CreateFirewallRuleForm } from '~/forms/firewall-rules-create'
-import { EditFirewallRuleForm } from '~/forms/firewall-rules-edit'
-import { useVpcSelector } from '~/hooks'
+import { getVpcSelector, useVpcSelector } from '~/hooks'
 import { confirmDelete } from '~/stores/confirm-delete'
 import { EnabledCell } from '~/table/cells/EnabledCell'
-import { ButtonCell } from '~/table/cells/LinkCell'
+import { LinkCell } from '~/table/cells/LinkCell'
 import { TypeValueCell } from '~/table/cells/TypeValueCell'
 import { getActionsCol } from '~/table/columns/action-col'
 import { Columns } from '~/table/columns/common'
 import { Table } from '~/table/Table'
 import { Badge } from '~/ui/lib/Badge'
-import { CreateButton } from '~/ui/lib/CreateButton'
+import { CreateLink } from '~/ui/lib/CreateButton'
 import { EmptyMessage } from '~/ui/lib/EmptyMessage'
 import { TableEmptyBox } from '~/ui/lib/Table'
 import { sortBy } from '~/util/array'
+import { pb } from '~/util/path-builder'
 import { titleCase } from '~/util/str'
 
 const colHelper = createColumnHelper<VpcFirewallRule>()
@@ -94,7 +95,22 @@ const staticColumns = [
   colHelper.accessor('timeCreated', Columns.timeCreated),
 ]
 
-export const VpcFirewallRulesTab = () => {
+VpcFirewallRulesTab.loader = async ({ params }: LoaderFunctionArgs) => {
+  const vpcSelector = getVpcSelector(params)
+
+  await Promise.all([
+    apiQueryClient.prefetchQuery('vpcFirewallRulesView', {
+      query: vpcSelector,
+    }),
+    apiQueryClient.prefetchQuery('vpcView', {
+      path: { vpc: vpcSelector.vpc },
+      query: { project: vpcSelector.project },
+    }),
+  ])
+  return null
+}
+
+export function VpcFirewallRulesTab() {
   const queryClient = useApiQueryClient()
   const vpcSelector = useVpcSelector()
 
@@ -103,8 +119,7 @@ export const VpcFirewallRulesTab = () => {
   })
   const rules = useMemo(() => sortBy(data.rules, (r) => r.priority), [data])
 
-  const [createModalOpen, setCreateModalOpen] = useState(false)
-  const [editing, setEditing] = useState<VpcFirewallRule | null>(null)
+  const navigate = useNavigate()
 
   const updateRules = useApiMutation('vpcFirewallRulesUpdate', {
     onSuccess() {
@@ -118,14 +133,29 @@ export const VpcFirewallRulesTab = () => {
       colHelper.accessor('name', {
         header: 'Name',
         cell: (info) => (
-          <ButtonCell onClick={() => setEditing(info.row.original)}>
+          <LinkCell
+            to={pb.vpcFirewallRuleEdit({
+              ...vpcSelector,
+              firewallRule: info.row.original.name,
+            })}
+          >
             {info.getValue()}
-          </ButtonCell>
+          </LinkCell>
         ),
       }),
       ...staticColumns,
       getActionsCol((rule: VpcFirewallRule) => [
-        { label: 'Edit', onActivate: () => setEditing(rule) },
+        {
+          label: 'Edit',
+          onActivate() {
+            navigate(
+              pb.vpcFirewallRuleEdit({
+                ...vpcSelector,
+                firewallRule: rule.name,
+              })
+            )
+          },
+        },
         {
           label: 'Delete',
           onActivate: confirmDelete({
@@ -141,7 +171,7 @@ export const VpcFirewallRulesTab = () => {
         },
       ]),
     ]
-  }, [setEditing, rules, updateRules, vpcSelector])
+  }, [navigate, rules, updateRules, vpcSelector])
 
   const table = useReactTable({ columns, data: rules, getCoreRowModel: getCoreRowModel() })
 
@@ -151,7 +181,7 @@ export const VpcFirewallRulesTab = () => {
         title="No firewall rules"
         body="You need to create a rule to be able to see it here"
         buttonText="New rule"
-        onClick={() => setCreateModalOpen(true)}
+        buttonTo={pb.vpcFirewallRulesNew(vpcSelector)}
       />
     </TableEmptyBox>
   )
@@ -159,22 +189,10 @@ export const VpcFirewallRulesTab = () => {
   return (
     <>
       <div className="mb-3 flex justify-end space-x-2">
-        <CreateButton onClick={() => setCreateModalOpen(true)}>New rule</CreateButton>
-        {createModalOpen && (
-          <CreateFirewallRuleForm
-            existingRules={rules}
-            onDismiss={() => setCreateModalOpen(false)}
-          />
-        )}
-        {editing && (
-          <EditFirewallRuleForm
-            existingRules={rules}
-            originalRule={editing}
-            onDismiss={() => setEditing(null)}
-          />
-        )}
+        <CreateLink to={pb.vpcFirewallRulesNew(vpcSelector)}>New rule</CreateLink>
       </div>
       {rules.length > 0 ? <Table table={table} /> : emptyState}
+      <Outlet />
     </>
   )
 }
diff --git a/app/pages/project/vpcs/VpcPage/tabs/VpcSubnetsTab.tsx b/app/pages/project/vpcs/VpcPage/tabs/VpcSubnetsTab.tsx
index 6c121c3479..e25ed0ed95 100644
--- a/app/pages/project/vpcs/VpcPage/tabs/VpcSubnetsTab.tsx
+++ b/app/pages/project/vpcs/VpcPage/tabs/VpcSubnetsTab.tsx
@@ -6,38 +6,51 @@
  * Copyright Oxide Computer Company
  */
 import { createColumnHelper } from '@tanstack/react-table'
-import { useCallback, useState } from 'react'
+import { useCallback, useMemo } from 'react'
+import { Outlet, useNavigate, type LoaderFunctionArgs } from 'react-router-dom'
 
-import { useApiMutation, useApiQueryClient, type VpcSubnet } from '@oxide/api'
+import {
+  apiQueryClient,
+  useApiMutation,
+  useApiQueryClient,
+  type VpcSubnet,
+} from '@oxide/api'
 
-import { CreateSubnetForm } from '~/forms/subnet-create'
-import { EditSubnetForm } from '~/forms/subnet-edit'
-import { useVpcSelector } from '~/hooks'
+import { getVpcSelector, useVpcSelector } from '~/hooks'
 import { confirmDelete } from '~/stores/confirm-delete'
+import { makeLinkCell } from '~/table/cells/LinkCell'
 import { TwoLineCell } from '~/table/cells/TwoLineCell'
-import { useColsWithActions, type MenuAction } from '~/table/columns/action-col'
+import { getActionsCol, type MenuAction } from '~/table/columns/action-col'
 import { Columns } from '~/table/columns/common'
-import { useQueryTable } from '~/table/QueryTable'
-import { CreateButton } from '~/ui/lib/CreateButton'
+import { PAGE_SIZE, useQueryTable } from '~/table/QueryTable'
+import { CreateLink } from '~/ui/lib/CreateButton'
 import { EmptyMessage } from '~/ui/lib/EmptyMessage'
+import { pb } from '~/util/path-builder'
 
 const colHelper = createColumnHelper<VpcSubnet>()
-const staticCols = [
-  colHelper.accessor('name', {}),
-  colHelper.accessor((vpc) => [vpc.ipv4Block, vpc.ipv6Block] as const, {
-    header: 'IP Block',
-    cell: (info) => <TwoLineCell value={[...info.getValue()]} />,
-  }),
-  colHelper.accessor('timeCreated', Columns.timeCreated),
-]
-
-export const VpcSubnetsTab = () => {
+
+VpcSubnetsTab.loader = async ({ params }: LoaderFunctionArgs) => {
+  const { project, vpc } = getVpcSelector(params)
+
+  const vpcSelector = getVpcSelector(params)
+
+  await Promise.all([
+    apiQueryClient.prefetchQuery('vpcSubnetList', {
+      query: { project, vpc, limit: PAGE_SIZE },
+    }),
+    apiQueryClient.prefetchQuery('vpcView', {
+      path: { vpc: vpcSelector.vpc },
+      query: { project: vpcSelector.project },
+    }),
+  ])
+  return null
+}
+
+export function VpcSubnetsTab() {
   const vpcSelector = useVpcSelector()
   const queryClient = useApiQueryClient()
 
   const { Table } = useQueryTable('vpcSubnetList', { query: vpcSelector })
-  const [creating, setCreating] = useState(false)
-  const [editing, setEditing] = useState<VpcSubnet | null>(null)
 
   const deleteSubnet = useApiMutation('vpcSubnetDelete', {
     onSuccess() {
@@ -45,11 +58,20 @@ export const VpcSubnetsTab = () => {
     },
   })
 
+  const navigate = useNavigate()
+
   const makeActions = useCallback(
     (subnet: VpcSubnet): MenuAction[] => [
       {
         label: 'Edit',
-        onActivate: () => setEditing(subnet),
+        onActivate: () => {
+          navigate(
+            pb.vpcSubnetsEdit({
+              ...vpcSelector,
+              subnet: subnet.name,
+            })
+          )
+        },
       },
       // TODO: only show if you have permission to do this
       {
@@ -60,28 +82,48 @@ export const VpcSubnetsTab = () => {
         }),
       },
     ],
-    [deleteSubnet]
+    [navigate, deleteSubnet, vpcSelector]
   )
 
-  const columns = useColsWithActions(staticCols, makeActions)
+  const columns = useMemo(
+    () => [
+      colHelper.accessor('name', {
+        cell: makeLinkCell((subnet) =>
+          pb.vpcSubnetsEdit({
+            ...vpcSelector,
+            subnet: subnet,
+          })
+        ),
+      }),
+      colHelper.accessor((vpc) => [vpc.ipv4Block, vpc.ipv6Block] as const, {
+        header: 'IP Block',
+        cell: (info) => <TwoLineCell value={[...info.getValue()]} />,
+      }),
+      colHelper.accessor('timeCreated', Columns.timeCreated),
+      getActionsCol(makeActions),
+    ],
+    [vpcSelector, makeActions]
+  )
+
+  // const columns = useColsWithActions(staticCols, makeActions)
 
   const emptyState = (
     <EmptyMessage
       title="No VPC subnets"
       body="You need to create a subnet to be able to see it here"
       buttonText="New subnet"
-      onClick={() => setCreating(true)}
+      buttonTo={pb.vpcSubnetsNew(vpcSelector)}
     />
   )
 
   return (
     <>
       <div className="mb-3 flex justify-end space-x-2">
-        <CreateButton onClick={() => setCreating(true)}>New subnet</CreateButton>
-        {creating && <CreateSubnetForm onDismiss={() => setCreating(false)} />}
-        {editing && <EditSubnetForm editing={editing} onDismiss={() => setEditing(null)} />}
+        <CreateLink to={pb.vpcSubnetsNew(vpcSelector)}>New subnet</CreateLink>
       </div>
+
       <Table columns={columns} emptyState={emptyState} rowHeight="large" />
+      <Outlet />
     </>
   )
 }
diff --git a/app/routes.tsx b/app/routes.tsx
index 16b6239e79..9c558733a7 100644
--- a/app/routes.tsx
+++ b/app/routes.tsx
@@ -10,6 +10,8 @@ import { createRoutesFromElements, Navigate, Route } from 'react-router-dom'
 import { RouterDataErrorBoundary } from './components/ErrorBoundary'
 import { NotFound } from './components/ErrorPage'
 import { CreateDiskSideModalForm } from './forms/disk-create'
+import { CreateFirewallRuleForm } from './forms/firewall-rules-create'
+import { EditFirewallRuleForm } from './forms/firewall-rules-edit'
 import { CreateFloatingIpSideModalForm } from './forms/floating-ip-create'
 import { EditFloatingIpSideModalForm } from './forms/floating-ip-edit'
 import { CreateIdpSideModalForm } from './forms/idp/create'
@@ -29,6 +31,8 @@ import { EditProjectSideModalForm } from './forms/project-edit'
 import { CreateSiloSideModalForm } from './forms/silo-create'
 import { CreateSnapshotSideModalForm } from './forms/snapshot-create'
 import { CreateSSHKeySideModalForm } from './forms/ssh-key-create'
+import { CreateSubnetForm } from './forms/subnet-create'
+import { EditSubnetForm } from './forms/subnet-edit'
 import { CreateVpcSideModalForm } from './forms/vpc-create'
 import { EditVpcSideModalForm } from './forms/vpc-edit'
 import type { CrumbFunc } from './hooks/use-title'
@@ -58,6 +62,8 @@ import { NetworkingTab } from './pages/project/instances/instance/tabs/Networkin
 import { StorageTab } from './pages/project/instances/instance/tabs/StorageTab'
 import { InstancesPage } from './pages/project/instances/InstancesPage'
 import { SnapshotsPage } from './pages/project/snapshots/SnapshotsPage'
+import { VpcFirewallRulesTab } from './pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab'
+import { VpcSubnetsTab } from './pages/project/vpcs/VpcPage/tabs/VpcSubnetsTab'
 import { VpcPage } from './pages/project/vpcs/VpcPage/VpcPage'
 import { VpcsPage } from './pages/project/vpcs/VpcsPage'
 import { ProjectsPage } from './pages/ProjectsPage'
@@ -343,12 +349,40 @@ export const routes = createRoutesFromElements(
         </Route>
 
         <Route path="vpcs" handle={{ crumb: 'VPCs' }}>
-          <Route
-            path=":vpc"
-            element={<VpcPage />}
-            loader={VpcPage.loader}
-            handle={{ crumb: vpcCrumb }}
-          />
+          <Route path=":vpc" handle={{ crumb: vpcCrumb }}>
+            <Route index element={<Navigate to="firewall-rules" replace />} />
+            <Route element={<VpcPage />} loader={VpcPage.loader}>
+              <Route element={<VpcFirewallRulesTab />} loader={VpcFirewallRulesTab.loader}>
+                <Route path="firewall-rules" handle={{ crumb: 'Firewall Rules' }} />
+                <Route
+                  path="firewall-rules-new"
+                  element={<CreateFirewallRuleForm />}
+                  loader={CreateFirewallRuleForm.loader}
+                  handle={{ crumb: 'New Firewall Rule' }}
+                />
+                <Route
+                  path="firewall-rules/:firewallRule/edit"
+                  element={<EditFirewallRuleForm />}
+                  loader={EditFirewallRuleForm.loader}
+                  handle={{ crumb: 'Edit Firewall Rule' }}
+                />
+              </Route>
+              <Route element={<VpcSubnetsTab />} loader={VpcSubnetsTab.loader}>
+                <Route path="subnets" handle={{ crumb: 'Subnets' }} />
+                <Route
+                  path="subnets-new"
+                  element={<CreateSubnetForm />}
+                  handle={{ crumb: 'New Subnet' }}
+                />
+                <Route
+                  path="subnets/:subnet/edit"
+                  element={<EditSubnetForm />}
+                  loader={EditSubnetForm.loader}
+                  handle={{ crumb: 'Edit Subnet' }}
+                />
+              </Route>
+            </Route>
+          </Route>
         </Route>
 
         <Route element={<FloatingIpsPage />} loader={FloatingIpsPage.loader}>
diff --git a/app/util/path-builder.spec.ts b/app/util/path-builder.spec.ts
index c08f072473..46bb65295c 100644
--- a/app/util/path-builder.spec.ts
+++ b/app/util/path-builder.spec.ts
@@ -22,6 +22,8 @@ const params = {
   image: 'im',
   snapshot: 'sn',
   pool: 'pl',
+  firewallRule: 'fr',
+  subnet: 'su',
 }
 
 test('path builder', () => {
diff --git a/app/util/path-builder.ts b/app/util/path-builder.ts
index bb1de149d7..dc2bfb345a 100644
--- a/app/util/path-builder.ts
+++ b/app/util/path-builder.ts
@@ -21,6 +21,8 @@ type Snapshot = Required<PP.Snapshot>
 type SiloImage = Required<PP.SiloImage>
 type IpPool = Required<PP.IpPool>
 type FloatingIp = Required<PP.FloatingIp>
+type VpcFirewallRule = Required<PP.VpcFirewallRule>
+type VpcSubnet = Required<PP.VpcSubnet>
 
 // this is used as the basis for many routes, but is itself not a route we ever
 // want to link directly to. so we use this to build the routes but pb.project()
@@ -72,6 +74,17 @@ export const pb = {
   vpcs: (params: Project) => `${projectBase(params)}/vpcs`,
   vpc: (params: Vpc) => `${pb.vpcs(params)}/${params.vpc}`,
   vpcEdit: (params: Vpc) => `${pb.vpc(params)}/edit`,
+
+  vpcFirewallRules: (params: Vpc) => `${pb.vpcs(params)}/${params.vpc}/firewall-rules`,
+  vpcFirewallRulesNew: (params: Vpc) =>
+    `${pb.vpcs(params)}/${params.vpc}/firewall-rules-new`,
+  vpcFirewallRuleEdit: (params: VpcFirewallRule) =>
+    `${pb.vpcs(params)}/${params.vpc}/firewall-rules/${params.firewallRule}/edit`,
+  vpcSubnets: (params: Vpc) => `${pb.vpcs(params)}/${params.vpc}/subnets`,
+  vpcSubnetsNew: (params: Vpc) => `${pb.vpcs(params)}/${params.vpc}/subnets-new`,
+  vpcSubnetsEdit: (params: VpcSubnet) =>
+    `${pb.vpcs(params)}/${params.vpc}/subnets/${params.subnet}/edit`,
+
   floatingIps: (params: Project) => `${projectBase(params)}/floating-ips`,
   floatingIpsNew: (params: Project) => `${projectBase(params)}/floating-ips-new`,
   floatingIp: (params: FloatingIp) => `${pb.floatingIps(params)}/${params.floatingIp}`,

From d5ef769b8f0c3b1eeb330fbd84cac04caf3cac26 Mon Sep 17 00:00:00 2001
From: Benjamin Leonard <hello@benleonard.co.uk>
Date: Fri, 17 May 2024 16:05:57 +0100
Subject: [PATCH 02/22] Test fixes

---
 test/e2e/firewall-rules.e2e.ts | 8 ++++----
 test/e2e/networking.e2e.ts     | 2 +-
 test/e2e/vpcs.e2e.ts           | 6 ++++--
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/test/e2e/firewall-rules.e2e.ts b/test/e2e/firewall-rules.e2e.ts
index 7287a598e9..1ee0d1c116 100644
--- a/test/e2e/firewall-rules.e2e.ts
+++ b/test/e2e/firewall-rules.e2e.ts
@@ -25,7 +25,7 @@ test('can create firewall rule', async ({ page }) => {
   await expect(modal).toBeHidden()
 
   // open modal
-  await page.getByRole('button', { name: 'New rule' }).click()
+  await page.getByRole('link', { name: 'New rule' }).click()
 
   // modal is now open
   await expect(modal).toBeVisible()
@@ -141,7 +141,7 @@ test('firewall rule form targets table', async ({ page }) => {
   await page.getByRole('tab', { name: 'Firewall Rules' }).click()
 
   // open modal
-  await page.getByRole('button', { name: 'New rule' }).click()
+  await page.getByRole('link', { name: 'New rule' }).click()
 
   const targets = page.getByRole('table', { name: 'Targets' })
   const addButton = page.getByRole('button', { name: 'Add target' })
@@ -191,7 +191,7 @@ test('firewall rule form hosts table', async ({ page }) => {
   await page.getByRole('tab', { name: 'Firewall Rules' }).click()
 
   // open modal
-  await page.getByRole('button', { name: 'New rule' }).click()
+  await page.getByRole('link', { name: 'New rule' }).click()
 
   const hosts = page.getByRole('table', { name: 'Host filters' })
   const addButton = page.getByRole('button', { name: 'Add host filter' })
@@ -254,7 +254,7 @@ test('can update firewall rule', async ({ page }) => {
   await expect(modal).toBeHidden()
 
   // can click name cell to edit
-  await page.getByRole('button', { name: 'allow-icmp' }).click()
+  await page.getByRole('link', { name: 'allow-icmp' }).click()
 
   // modal is now open
   await expect(modal).toBeVisible()
diff --git a/test/e2e/networking.e2e.ts b/test/e2e/networking.e2e.ts
index 9d3760ff4c..7b975dea61 100644
--- a/test/e2e/networking.e2e.ts
+++ b/test/e2e/networking.e2e.ts
@@ -64,7 +64,7 @@ test('Create and edit subnet', async ({ page }) => {
   await page.getByRole('tab', { name: 'Subnets' }).click()
 
   // Create subnet
-  await page.click('role=button[name="New subnet"]')
+  await page.click('role=link[name="New subnet"]')
   await expectVisible(page, [
     'role=heading[name="Create subnet"]',
     'role=button[name="Create subnet"]',
diff --git a/test/e2e/vpcs.e2e.ts b/test/e2e/vpcs.e2e.ts
index 2fa7d57e39..b8e87fe35f 100644
--- a/test/e2e/vpcs.e2e.ts
+++ b/test/e2e/vpcs.e2e.ts
@@ -27,8 +27,10 @@ test('can nav to VpcPage from /', async ({ page }) => {
   await expect(page.getByRole('heading', { name: 'mock-vpc' })).toBeVisible()
   await expect(page.getByRole('tab', { name: 'Firewall rules' })).toBeVisible()
   await expect(page.getByRole('cell', { name: 'allow-icmp' })).toBeVisible()
-  await expect(page).toHaveURL('/projects/mock-project/vpcs/mock-vpc')
-  await expect(page).toHaveTitle('mock-vpc / VPCs / mock-project / Oxide Console')
+  await expect(page).toHaveURL('/projects/mock-project/vpcs/mock-vpc/firewall-rules')
+  await expect(page).toHaveTitle(
+    'Firewall Rules / mock-vpc / VPCs / mock-project / Oxide Console'
+  )
 
   // we can also click the firewall rules cell to get to the VPC detail
   await page.goBack()

From a5ddc631d6d18f46351573530cf7e18fd2865f81 Mon Sep 17 00:00:00 2001
From: Benjamin Leonard <hello@benleonard.co.uk>
Date: Fri, 17 May 2024 16:11:30 +0100
Subject: [PATCH 03/22] Add missing paths to test

---
 app/util/path-builder.spec.ts | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/util/path-builder.spec.ts b/app/util/path-builder.spec.ts
index 46bb65295c..4a514a5187 100644
--- a/app/util/path-builder.spec.ts
+++ b/app/util/path-builder.spec.ts
@@ -89,6 +89,12 @@ test('path builder', () => {
         "systemUtilization": "/system/utilization",
         "vpc": "/projects/p/vpcs/v",
         "vpcEdit": "/projects/p/vpcs/v/edit",
+        "vpcFirewallRuleEdit": "/projects/p/vpcs/v/firewall-rules/fr/edit",
+        "vpcFirewallRules": "/projects/p/vpcs/v/firewall-rules",
+        "vpcFirewallRulesNew": "/projects/p/vpcs/v/firewall-rules-new",
+        "vpcSubnets": "/projects/p/vpcs/v/subnets",
+        "vpcSubnetsEdit": "/projects/p/vpcs/v/subnets/su/edit",
+        "vpcSubnetsNew": "/projects/p/vpcs/v/subnets-new",
         "vpcs": "/projects/p/vpcs",
         "vpcsNew": "/projects/p/vpcs-new",
       }

From 45c7f4104cf783a23b6dd95605c3fd71dbd7bd3a Mon Sep 17 00:00:00 2001
From: Benjamin Leonard <hello@benleonard.co.uk>
Date: Fri, 17 May 2024 16:33:18 +0100
Subject: [PATCH 04/22] Create firewall from template

---
 app/forms/firewall-rules-create.tsx           | 43 +++++++++++--------
 .../vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx | 11 +++++
 app/routes.tsx                                |  2 +-
 app/util/path-builder.ts                      |  2 +
 app/util/template.ts                          | 14 ++++++
 5 files changed, 52 insertions(+), 20 deletions(-)
 create mode 100644 app/util/template.ts

diff --git a/app/forms/firewall-rules-create.tsx b/app/forms/firewall-rules-create.tsx
index 53a9e48db4..57c74f2357 100644
--- a/app/forms/firewall-rules-create.tsx
+++ b/app/forms/firewall-rules-create.tsx
@@ -7,7 +7,7 @@
  */
 import { useMemo } from 'react'
 import { useController, type Control } from 'react-hook-form'
-import { useNavigate, type LoaderFunctionArgs } from 'react-router-dom'
+import { useNavigate, useParams, type LoaderFunctionArgs } from 'react-router-dom'
 
 import {
   apiQueryClient,
@@ -44,6 +44,7 @@ import { KEYS } from '~/ui/util/keys'
 import { sortBy } from '~/util/array'
 import { links } from '~/util/links'
 import { pb } from '~/util/path-builder'
+import { incrementName } from '~/util/template'
 
 export type FirewallRuleValues = {
   enabled: boolean
@@ -75,24 +76,6 @@ export const valuesToRuleUpdate = (values: FirewallRuleValues): VpcFirewallRuleU
   targets: values.targets,
 })
 
-const defaultValues: FirewallRuleValues = {
-  enabled: true,
-  name: '',
-  description: '',
-
-  priority: 0,
-  action: 'allow',
-  direction: 'inbound',
-
-  // in the request body, these go in a `filters` object. we probably don't
-  // need such nesting here though. not even sure how to do it
-  protocols: [],
-
-  ports: [],
-  hosts: [],
-  targets: [],
-}
-
 type PortRangeFormValues = {
   portRange: string
 }
@@ -562,6 +545,9 @@ export function CreateFirewallRuleForm() {
   const vpcSelector = useVpcSelector()
   const queryClient = useApiQueryClient()
 
+  // To use as a template to base a new rule off
+  const { firewallRule } = useParams()
+
   const navigate = useNavigate()
   const onDismiss = () => navigate(pb.vpcFirewallRules(vpcSelector))
 
@@ -577,6 +563,25 @@ export function CreateFirewallRuleForm() {
     query: vpcSelector,
   })
   const existingRules = useMemo(() => sortBy(data.rules, (r) => r.priority), [data])
+  const originalRule = existingRules.find((rule) => rule.name === firewallRule)
+
+  const defaultValues: FirewallRuleValues = {
+    enabled: originalRule ? originalRule.status === 'enabled' : true,
+    name: originalRule ? incrementName(originalRule.name) : '',
+    description: originalRule ? originalRule.description : '',
+
+    priority: originalRule ? originalRule.priority : 0,
+    action: originalRule ? originalRule.action : 'allow',
+    direction: originalRule ? originalRule.direction : 'inbound',
+
+    // in the request body, these go in a `filters` object. we probably don't
+    // need such nesting here though. not even sure how to do it
+    protocols: originalRule ? originalRule.filters.protocols || [] : [],
+
+    ports: originalRule ? originalRule.filters.ports || [] : [],
+    hosts: originalRule ? originalRule.filters.hosts || [] : [],
+    targets: originalRule ? originalRule.targets : [],
+  }
 
   const form = useForm({ defaultValues })
 
diff --git a/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx b/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
index 312c186fd8..ba0117e8ba 100644
--- a/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
+++ b/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
@@ -156,6 +156,17 @@ export function VpcFirewallRulesTab() {
             )
           },
         },
+        {
+          label: 'New similar rule',
+          onActivate() {
+            navigate(
+              pb.vpcFirewallRulesNewFromTemplate({
+                ...vpcSelector,
+                firewallRule: rule.name,
+              })
+            )
+          },
+        },
         {
           label: 'Delete',
           onActivate: confirmDelete({
diff --git a/app/routes.tsx b/app/routes.tsx
index 9c558733a7..2c513dade4 100644
--- a/app/routes.tsx
+++ b/app/routes.tsx
@@ -355,7 +355,7 @@ export const routes = createRoutesFromElements(
               <Route element={<VpcFirewallRulesTab />} loader={VpcFirewallRulesTab.loader}>
                 <Route path="firewall-rules" handle={{ crumb: 'Firewall Rules' }} />
                 <Route
-                  path="firewall-rules-new"
+                  path="firewall-rules-new/:firewallRule?"
                   element={<CreateFirewallRuleForm />}
                   loader={CreateFirewallRuleForm.loader}
                   handle={{ crumb: 'New Firewall Rule' }}
diff --git a/app/util/path-builder.ts b/app/util/path-builder.ts
index dc2bfb345a..1da9117c08 100644
--- a/app/util/path-builder.ts
+++ b/app/util/path-builder.ts
@@ -78,6 +78,8 @@ export const pb = {
   vpcFirewallRules: (params: Vpc) => `${pb.vpcs(params)}/${params.vpc}/firewall-rules`,
   vpcFirewallRulesNew: (params: Vpc) =>
     `${pb.vpcs(params)}/${params.vpc}/firewall-rules-new`,
+  vpcFirewallRulesNewFromTemplate: (params: VpcFirewallRule) =>
+    `${pb.vpcs(params)}/${params.vpc}/firewall-rules-new/${params.firewallRule}`,
   vpcFirewallRuleEdit: (params: VpcFirewallRule) =>
     `${pb.vpcs(params)}/${params.vpc}/firewall-rules/${params.firewallRule}/edit`,
   vpcSubnets: (params: Vpc) => `${pb.vpcs(params)}/${params.vpc}/subnets`,
diff --git a/app/util/template.ts b/app/util/template.ts
new file mode 100644
index 0000000000..f7eeeb8525
--- /dev/null
+++ b/app/util/template.ts
@@ -0,0 +1,14 @@
+export const incrementName = (str: string) => {
+  let name = str
+  const match = name.match(/(.*)-(\d+)$/)
+
+  if (match) {
+    const base = match[1]
+    const num = parseInt(match[2], 10)
+    name = `${base}-${num + 1}`
+  } else {
+    name = `${name}-1`
+  }
+
+  return name
+}

From 19c664499facaad48996fe16932b6efc6ae305ea Mon Sep 17 00:00:00 2001
From: Benjamin Leonard <hello@benleonard.co.uk>
Date: Fri, 17 May 2024 16:35:40 +0100
Subject: [PATCH 05/22] Update path-builder.spec.ts

---
 app/util/path-builder.spec.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/util/path-builder.spec.ts b/app/util/path-builder.spec.ts
index 4a514a5187..c243d10cd4 100644
--- a/app/util/path-builder.spec.ts
+++ b/app/util/path-builder.spec.ts
@@ -92,6 +92,7 @@ test('path builder', () => {
         "vpcFirewallRuleEdit": "/projects/p/vpcs/v/firewall-rules/fr/edit",
         "vpcFirewallRules": "/projects/p/vpcs/v/firewall-rules",
         "vpcFirewallRulesNew": "/projects/p/vpcs/v/firewall-rules-new",
+        "vpcFirewallRulesNewFromTemplate": "/projects/p/vpcs/v/firewall-rules-new/fr",
         "vpcSubnets": "/projects/p/vpcs/v/subnets",
         "vpcSubnetsEdit": "/projects/p/vpcs/v/subnets/su/edit",
         "vpcSubnetsNew": "/projects/p/vpcs/v/subnets-new",

From 428aedbb7f8b4031f004539f9202bbc9e95ef515 Mon Sep 17 00:00:00 2001
From: Benjamin Leonard <hello@benleonard.co.uk>
Date: Fri, 17 May 2024 16:42:00 +0100
Subject: [PATCH 06/22] Add missing license

---
 app/util/template.ts | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/util/template.ts b/app/util/template.ts
index f7eeeb8525..4c2f2fff9e 100644
--- a/app/util/template.ts
+++ b/app/util/template.ts
@@ -1,3 +1,10 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * Copyright Oxide Computer Company
+ */
 export const incrementName = (str: string) => {
   let name = str
   const match = name.match(/(.*)-(\d+)$/)

From ecd5967c559c891cb3644f1384394d40160b9e88 Mon Sep 17 00:00:00 2001
From: Benjamin Leonard <hello@benleonard.co.uk>
Date: Fri, 17 May 2024 16:44:08 +0100
Subject: [PATCH 07/22] Move `incrementName` into `str` and add test

---
 app/util/str.spec.ts | 18 +++++++++++++++++-
 app/util/str.ts      | 15 +++++++++++++++
 app/util/template.ts | 21 ---------------------
 3 files changed, 32 insertions(+), 22 deletions(-)
 delete mode 100644 app/util/template.ts

diff --git a/app/util/str.spec.ts b/app/util/str.spec.ts
index 37115bd02e..b7670d6a6c 100644
--- a/app/util/str.spec.ts
+++ b/app/util/str.spec.ts
@@ -7,7 +7,15 @@
  */
 import { describe, expect, it, test } from 'vitest'
 
-import { camelCase, capitalize, commaSeries, kebabCase, titleCase, validateIp } from './str'
+import {
+  camelCase,
+  capitalize,
+  commaSeries,
+  incrementName,
+  kebabCase,
+  titleCase,
+  validateIp,
+} from './str'
 
 describe('capitalize', () => {
   it('capitalizes the first letter', () => {
@@ -140,3 +148,11 @@ test.each([
 ])('validateIp catches invalid IP: %s', (s) => {
   expect(validateIp(s)).toStrictEqual({ isv4: false, isv6: false, valid: false })
 })
+
+describe('incrementName', () => {
+  it('increments the name', () => {
+    expect(incrementName('increment-name')).toBe('increment-name-1')
+    expect(incrementName('increment-name-1')).toBe('increment-name-2')
+    expect(incrementName('increment-name-99')).toBe('increment-name-100')
+  })
+})
diff --git a/app/util/str.ts b/app/util/str.ts
index 55cde1f7bb..3f8bd2f91f 100644
--- a/app/util/str.ts
+++ b/app/util/str.ts
@@ -65,3 +65,18 @@ export const validateIp = (ip: string) => {
   const isv6 = !isv4 && IPV6_REGEX.test(ip)
   return { isv4, isv6, valid: isv4 || isv6 }
 }
+
+export const incrementName = (str: string) => {
+  let name = str
+  const match = name.match(/(.*)-(\d+)$/)
+
+  if (match) {
+    const base = match[1]
+    const num = parseInt(match[2], 10)
+    name = `${base}-${num + 1}`
+  } else {
+    name = `${name}-1`
+  }
+
+  return name
+}
diff --git a/app/util/template.ts b/app/util/template.ts
deleted file mode 100644
index 4c2f2fff9e..0000000000
--- a/app/util/template.ts
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * Copyright Oxide Computer Company
- */
-export const incrementName = (str: string) => {
-  let name = str
-  const match = name.match(/(.*)-(\d+)$/)
-
-  if (match) {
-    const base = match[1]
-    const num = parseInt(match[2], 10)
-    name = `${base}-${num + 1}`
-  } else {
-    name = `${name}-1`
-  }
-
-  return name
-}

From b291892e87937cd752812c9a8e4a5815ec318b61 Mon Sep 17 00:00:00 2001
From: Benjamin Leonard <hello@benleonard.co.uk>
Date: Fri, 17 May 2024 16:46:35 +0100
Subject: [PATCH 08/22] Update import

---
 app/forms/firewall-rules-create.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/forms/firewall-rules-create.tsx b/app/forms/firewall-rules-create.tsx
index 57c74f2357..761916bd67 100644
--- a/app/forms/firewall-rules-create.tsx
+++ b/app/forms/firewall-rules-create.tsx
@@ -44,7 +44,7 @@ import { KEYS } from '~/ui/util/keys'
 import { sortBy } from '~/util/array'
 import { links } from '~/util/links'
 import { pb } from '~/util/path-builder'
-import { incrementName } from '~/util/template'
+import { incrementName } from '~/util/str'
 
 export type FirewallRuleValues = {
   enabled: boolean

From 1c2fd0cf29c2d2e65a79b384ae704bc20ad760f3 Mon Sep 17 00:00:00 2001
From: David Crespo <david.crespo@oxidecomputer.com>
Date: Thu, 23 May 2024 14:03:43 -0500
Subject: [PATCH 09/22] refactor rule to form values logic

---
 app/forms/firewall-rules-create.tsx | 48 +++++++++++++++++++----------
 1 file changed, 31 insertions(+), 17 deletions(-)

diff --git a/app/forms/firewall-rules-create.tsx b/app/forms/firewall-rules-create.tsx
index 761916bd67..4421791faa 100644
--- a/app/forms/firewall-rules-create.tsx
+++ b/app/forms/firewall-rules-create.tsx
@@ -76,6 +76,34 @@ export const valuesToRuleUpdate = (values: FirewallRuleValues): VpcFirewallRuleU
   targets: values.targets,
 })
 
+/** convert in the opposite direction for when we're creating from existing rule */
+const ruleToValues = (rule: VpcFirewallRule): FirewallRuleValues => ({
+  ...rule,
+  enabled: rule.status === 'enabled',
+  protocols: rule.filters.protocols || [],
+  ports: rule.filters.ports || [],
+  hosts: rule.filters.hosts || [],
+})
+
+/** Empty form for when we're not creating from an existing rule */
+const defaultValuesEmpty: FirewallRuleValues = {
+  enabled: true,
+  name: '',
+  description: '',
+
+  priority: 0,
+  action: 'allow',
+  direction: 'inbound',
+
+  // in the request body, these go in a `filters` object. we probably don't
+  // need such nesting here though. not even sure how to do it
+  protocols: [],
+
+  ports: [],
+  hosts: [],
+  targets: [],
+}
+
 type PortRangeFormValues = {
   portRange: string
 }
@@ -565,23 +593,9 @@ export function CreateFirewallRuleForm() {
   const existingRules = useMemo(() => sortBy(data.rules, (r) => r.priority), [data])
   const originalRule = existingRules.find((rule) => rule.name === firewallRule)
 
-  const defaultValues: FirewallRuleValues = {
-    enabled: originalRule ? originalRule.status === 'enabled' : true,
-    name: originalRule ? incrementName(originalRule.name) : '',
-    description: originalRule ? originalRule.description : '',
-
-    priority: originalRule ? originalRule.priority : 0,
-    action: originalRule ? originalRule.action : 'allow',
-    direction: originalRule ? originalRule.direction : 'inbound',
-
-    // in the request body, these go in a `filters` object. we probably don't
-    // need such nesting here though. not even sure how to do it
-    protocols: originalRule ? originalRule.filters.protocols || [] : [],
-
-    ports: originalRule ? originalRule.filters.ports || [] : [],
-    hosts: originalRule ? originalRule.filters.hosts || [] : [],
-    targets: originalRule ? originalRule.targets : [],
-  }
+  const defaultValues: FirewallRuleValues = originalRule
+    ? ruleToValues({ ...originalRule, name: incrementName(originalRule.name) })
+    : defaultValuesEmpty
 
   const form = useForm({ defaultValues })
 

From aa31af4468383d7828c11ded0aa28f1f00c66493 Mon Sep 17 00:00:00 2001
From: David Crespo <david.crespo@oxidecomputer.com>
Date: Thu, 23 May 2024 14:46:20 -0500
Subject: [PATCH 10/22] basic test

---
 test/e2e/firewall-rules.e2e.ts | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/test/e2e/firewall-rules.e2e.ts b/test/e2e/firewall-rules.e2e.ts
index 1ee0d1c116..bd28553ea2 100644
--- a/test/e2e/firewall-rules.e2e.ts
+++ b/test/e2e/firewall-rules.e2e.ts
@@ -6,7 +6,7 @@
  * Copyright Oxide Computer Company
  */
 
-import { expect, expectRowVisible, test } from './utils'
+import { clickRowAction, expect, expectRowVisible, test } from './utils'
 
 const defaultRules = ['allow-internal-inbound', 'allow-ssh', 'allow-icmp', 'allow-rdp']
 
@@ -309,3 +309,21 @@ test('can update firewall rule', async ({ page }) => {
     await expect(page.locator(`text="${name}"`)).toBeVisible()
   }
 })
+
+test('create from existing rule', async ({ page }) => {
+  const url = '/projects/mock-project/vpcs/mock-vpc/firewall-rules'
+  await page.goto(url)
+
+  const modal = page.getByRole('dialog', { name: 'Add firewall rule' })
+  await expect(modal).toBeHidden()
+
+  await clickRowAction(page, 'allow-rdp', 'New similar rule')
+
+  await expect(page).toHaveURL(url + '-new/allow-rdp')
+  await expect(modal).toBeVisible()
+  await expect(page.getByRole('textbox', { name: 'Name', exact: true })).toHaveValue(
+    'allow-rdp-1'
+  )
+
+  // TODO: should assert all the values, really
+})

From 5ed3c68714bca7a5927abc95d25f78fbab2b488a Mon Sep 17 00:00:00 2001
From: David Crespo <david.crespo@oxidecomputer.com>
Date: Thu, 23 May 2024 15:06:03 -0500
Subject: [PATCH 11/22] clean up vpc and instance detail in path builder

---
 app/forms/instance-create.tsx                 |  2 +-
 app/pages/project/instances/InstancesPage.tsx |  4 +--
 app/routes.tsx                                |  6 +++-
 app/table/cells/InstanceLinkCell.tsx          |  2 +-
 app/util/path-builder.spec.ts                 |  5 ++--
 app/util/path-builder.ts                      | 29 +++++++++++--------
 test/e2e/instance-networking.e2e.ts           |  4 +--
 7 files changed, 30 insertions(+), 22 deletions(-)

diff --git a/app/forms/instance-create.tsx b/app/forms/instance-create.tsx
index 5bbffa4cb9..bfb25d21fa 100644
--- a/app/forms/instance-create.tsx
+++ b/app/forms/instance-create.tsx
@@ -174,7 +174,7 @@ export function CreateInstanceForm() {
         instance
       )
       addToast({ content: 'Your instance has been created' })
-      navigate(pb.instancePage({ project, instance: instance.name }))
+      navigate(pb.instance({ project, instance: instance.name }))
     },
   })
 
diff --git a/app/pages/project/instances/InstancesPage.tsx b/app/pages/project/instances/InstancesPage.tsx
index aae82e939d..e0e6c55887 100644
--- a/app/pages/project/instances/InstancesPage.tsx
+++ b/app/pages/project/instances/InstancesPage.tsx
@@ -80,7 +80,7 @@ export function InstancesPage() {
         },
         ...(instances?.items || []).map((i) => ({
           value: i.name,
-          onSelect: () => navigate(pb.instancePage({ project, instance: i.name })),
+          onSelect: () => navigate(pb.instance({ project, instance: i.name })),
           navGroup: 'Go to instance',
         })),
       ],
@@ -97,7 +97,7 @@ export function InstancesPage() {
   const columns = useMemo(
     () => [
       colHelper.accessor('name', {
-        cell: makeLinkCell((instance) => pb.instancePage({ project, instance })),
+        cell: makeLinkCell((instance) => pb.instance({ project, instance })),
       }),
       colHelper.accessor((i) => ({ ncpus: i.ncpus, memory: i.memory }), {
         header: 'CPU, RAM',
diff --git a/app/routes.tsx b/app/routes.tsx
index 9c558733a7..f3dcdf2ebb 100644
--- a/app/routes.tsx
+++ b/app/routes.tsx
@@ -350,8 +350,12 @@ export const routes = createRoutesFromElements(
 
         <Route path="vpcs" handle={{ crumb: 'VPCs' }}>
           <Route path=":vpc" handle={{ crumb: vpcCrumb }}>
-            <Route index element={<Navigate to="firewall-rules" replace />} />
             <Route element={<VpcPage />} loader={VpcPage.loader}>
+              <Route
+                index
+                element={<Navigate to="firewall-rules" replace />}
+                loader={VpcFirewallRulesTab.loader}
+              />
               <Route element={<VpcFirewallRulesTab />} loader={VpcFirewallRulesTab.loader}>
                 <Route path="firewall-rules" handle={{ crumb: 'Firewall Rules' }} />
                 <Route
diff --git a/app/table/cells/InstanceLinkCell.tsx b/app/table/cells/InstanceLinkCell.tsx
index ed144b8629..f0502b756b 100644
--- a/app/table/cells/InstanceLinkCell.tsx
+++ b/app/table/cells/InstanceLinkCell.tsx
@@ -27,7 +27,7 @@ export const InstanceLinkCell = ({ instanceId }: { instanceId?: string }) => {
   if (!instance) return <SkeletonCell />
 
   return (
-    <LinkCell to={pb.instancePage({ project, instance: instance.name })}>
+    <LinkCell to={pb.instance({ project, instance: instance.name })}>
       {instance.name}
     </LinkCell>
   )
diff --git a/app/util/path-builder.spec.ts b/app/util/path-builder.spec.ts
index 4a514a5187..7244193d8a 100644
--- a/app/util/path-builder.spec.ts
+++ b/app/util/path-builder.spec.ts
@@ -38,10 +38,9 @@ test('path builder', () => {
         "floatingIpEdit": "/projects/p/floating-ips/f/edit",
         "floatingIps": "/projects/p/floating-ips",
         "floatingIpsNew": "/projects/p/floating-ips-new",
-        "instance": "/projects/p/instances/i",
+        "instance": "/projects/p/instances/i/storage",
         "instanceConnect": "/projects/p/instances/i/connect",
         "instanceMetrics": "/projects/p/instances/i/metrics",
-        "instancePage": "/projects/p/instances/i/storage",
         "instanceStorage": "/projects/p/instances/i/storage",
         "instances": "/projects/p/instances",
         "instancesNew": "/projects/p/instances-new",
@@ -87,7 +86,7 @@ test('path builder', () => {
         "systemHealth": "/system/health",
         "systemIssues": "/system/issues",
         "systemUtilization": "/system/utilization",
-        "vpc": "/projects/p/vpcs/v",
+        "vpc": "/projects/p/vpcs/v/firewall-rules",
         "vpcEdit": "/projects/p/vpcs/v/edit",
         "vpcFirewallRuleEdit": "/projects/p/vpcs/v/firewall-rules/fr/edit",
         "vpcFirewallRules": "/projects/p/vpcs/v/firewall-rules",
diff --git a/app/util/path-builder.ts b/app/util/path-builder.ts
index dc2bfb345a..853e9d7698 100644
--- a/app/util/path-builder.ts
+++ b/app/util/path-builder.ts
@@ -24,10 +24,13 @@ type FloatingIp = Required<PP.FloatingIp>
 type VpcFirewallRule = Required<PP.VpcFirewallRule>
 type VpcSubnet = Required<PP.VpcSubnet>
 
-// this is used as the basis for many routes, but is itself not a route we ever
-// want to link directly to. so we use this to build the routes but pb.project()
-// is different (includes /instances)
+// these are used as the basis for many routes but are not themselves routes we
+// ever want to link to. so we use this to build the routes but pb.project() is
+// different (includes /instances)
 const projectBase = ({ project }: Project) => `${pb.projects()}/${project}`
+const instanceBase = ({ project, instance }: Instance) =>
+  `${pb.instances({ project })}/${instance}`
+const vpcBase = ({ project, vpc }: Vpc) => `${pb.vpcs({ project })}/${vpc}`
 
 export const pb = {
   projects: () => `/projects`,
@@ -43,7 +46,6 @@ export const pb = {
 
   instances: (params: Project) => `${projectBase(params)}/instances`,
   instancesNew: (params: Project) => `${projectBase(params)}/instances-new`,
-  instance: (params: Instance) => `${pb.instances(params)}/${params.instance}`,
 
   /**
    * This route exists as a direct link to the default tab of the instance page. Unfortunately
@@ -52,15 +54,15 @@ export const pb = {
    *
    * @see https://github.com/oxidecomputer/console/pull/1267#discussion_r1016766205
    */
-  instancePage: (params: Instance) => pb.instanceStorage(params),
+  instance: (params: Instance) => pb.instanceStorage(params),
 
-  instanceMetrics: (params: Instance) => `${pb.instance(params)}/metrics`,
-  instanceStorage: (params: Instance) => `${pb.instance(params)}/storage`,
-  instanceConnect: (params: Instance) => `${pb.instance(params)}/connect`,
+  instanceMetrics: (params: Instance) => `${instanceBase(params)}/metrics`,
+  instanceStorage: (params: Instance) => `${instanceBase(params)}/storage`,
+  instanceConnect: (params: Instance) => `${instanceBase(params)}/connect`,
 
-  nics: (params: Instance) => `${pb.instance(params)}/network-interfaces`,
+  nics: (params: Instance) => `${instanceBase(params)}/network-interfaces`,
 
-  serialConsole: (params: Instance) => `${pb.instance(params)}/serial-console`,
+  serialConsole: (params: Instance) => `${instanceBase(params)}/serial-console`,
 
   disksNew: (params: Project) => `${projectBase(params)}/disks-new`,
   disks: (params: Project) => `${projectBase(params)}/disks`,
@@ -72,8 +74,11 @@ export const pb = {
 
   vpcsNew: (params: Project) => `${projectBase(params)}/vpcs-new`,
   vpcs: (params: Project) => `${projectBase(params)}/vpcs`,
-  vpc: (params: Vpc) => `${pb.vpcs(params)}/${params.vpc}`,
-  vpcEdit: (params: Vpc) => `${pb.vpc(params)}/edit`,
+
+  // same deal as instance detail: go straight to first tab
+  vpc: (params: Vpc) => pb.vpcFirewallRules(params),
+
+  vpcEdit: (params: Vpc) => `${vpcBase(params)}/edit`,
 
   vpcFirewallRules: (params: Vpc) => `${pb.vpcs(params)}/${params.vpc}/firewall-rules`,
   vpcFirewallRulesNew: (params: Vpc) =>
diff --git a/test/e2e/instance-networking.e2e.ts b/test/e2e/instance-networking.e2e.ts
index 11e9695ef0..a18c692a57 100644
--- a/test/e2e/instance-networking.e2e.ts
+++ b/test/e2e/instance-networking.e2e.ts
@@ -30,9 +30,9 @@ test('Instance networking tab — NIC table', async ({ page }) => {
   await expectRowVisible(nicTable, { name: 'my-nicprimary' })
 
   // check VPC link in table points to the right page
-  await expect(page.locator('role=cell >> role=link[name="mock-vpc"]')).toHaveAttribute(
+  await expect(nicTable.getByRole('link', { name: 'mock-vpc' })).toHaveAttribute(
     'href',
-    '/projects/mock-project/vpcs/mock-vpc'
+    '/projects/mock-project/vpcs/mock-vpc/firewall-rules'
   )
 
   const addNicButton = page.getByRole('button', { name: 'Add network interface' })

From 373fedaf6f551f1485b527f1371cd164e27b2655 Mon Sep 17 00:00:00 2001
From: David Crespo <david.crespo@oxidecomputer.com>
Date: Thu, 23 May 2024 15:30:17 -0500
Subject: [PATCH 12/22] fix warning on firewall rules leaf route without
 element

---
 app/routes.tsx | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/routes.tsx b/app/routes.tsx
index f3dcdf2ebb..33179cf425 100644
--- a/app/routes.tsx
+++ b/app/routes.tsx
@@ -357,7 +357,11 @@ export const routes = createRoutesFromElements(
                 loader={VpcFirewallRulesTab.loader}
               />
               <Route element={<VpcFirewallRulesTab />} loader={VpcFirewallRulesTab.loader}>
-                <Route path="firewall-rules" handle={{ crumb: 'Firewall Rules' }} />
+                <Route
+                  path="firewall-rules"
+                  handle={{ crumb: 'Firewall Rules' }}
+                  element={null}
+                />
                 <Route
                   path="firewall-rules-new"
                   element={<CreateFirewallRuleForm />}

From 2ddf55dd48d53ce2b4f7ca9c1f3cb7d29d8bc0f2 Mon Sep 17 00:00:00 2001
From: David Crespo <david.crespo@oxidecomputer.com>
Date: Fri, 24 May 2024 15:41:05 -0500
Subject: [PATCH 13/22] clean up path params and path builder stuff a bit

---
 app/api/path-params.ts                         |  2 +-
 app/forms/firewall-rules-edit.tsx              | 18 +++++-------------
 app/hooks/use-params.ts                        |  5 ++---
 .../vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx  |  4 ++--
 app/routes.tsx                                 |  2 +-
 app/util/path-builder.spec.ts                  |  2 +-
 app/util/path-builder.ts                       | 18 ++++++++----------
 7 files changed, 20 insertions(+), 31 deletions(-)

diff --git a/app/api/path-params.ts b/app/api/path-params.ts
index e0be7474ab..a14c1c38c2 100644
--- a/app/api/path-params.ts
+++ b/app/api/path-params.ts
@@ -16,7 +16,7 @@ export type NetworkInterface = Merge<Instance, { interface?: string }>
 export type Snapshot = Merge<Project, { snapshot?: string }>
 export type Vpc = Merge<Project, { vpc?: string }>
 export type VpcSubnet = Merge<Vpc, { subnet?: string }>
-export type VpcFirewallRule = Merge<Vpc, { firewallRule?: string }>
+export type FirewallRule = Merge<Vpc, { rule?: string }>
 export type Silo = { silo?: string }
 export type IdentityProvider = Merge<Silo, { provider: string }>
 export type SystemUpdate = { version: string }
diff --git a/app/forms/firewall-rules-edit.tsx b/app/forms/firewall-rules-edit.tsx
index 0657268da9..6bd64ccd95 100644
--- a/app/forms/firewall-rules-edit.tsx
+++ b/app/forms/firewall-rules-edit.tsx
@@ -16,12 +16,7 @@ import {
 } from '@oxide/api'
 
 import { SideModalForm } from '~/components/form/SideModalForm'
-import {
-  getVpcSelector,
-  useForm,
-  useVpcFirewallRuleSelector,
-  useVpcSelector,
-} from '~/hooks'
+import { getVpcSelector, useFirewallRuleSelector, useForm, useVpcSelector } from '~/hooks'
 import { invariant } from '~/util/invariant'
 import { pb } from '~/util/path-builder'
 
@@ -42,18 +37,15 @@ EditFirewallRuleForm.loader = async ({ params }: LoaderFunctionArgs) => {
 }
 
 export function EditFirewallRuleForm() {
-  const vpcFirewallRuleSelector = useVpcFirewallRuleSelector()
+  const { vpc, project, rule } = useFirewallRuleSelector()
   const vpcSelector = useVpcSelector()
   const queryClient = useApiQueryClient()
 
   const { data } = usePrefetchedApiQuery('vpcFirewallRulesView', {
-    query: { project: vpcFirewallRuleSelector.project, vpc: vpcFirewallRuleSelector.vpc },
+    query: { project, vpc },
   })
 
-  const existingRules = data.rules
-  const originalRule = existingRules.find(
-    (rule) => rule.name === vpcFirewallRuleSelector.firewallRule
-  )
+  const originalRule = data.rules.find((r) => r.name === rule)
 
   invariant(originalRule, 'Firewall rule must exist')
 
@@ -97,7 +89,7 @@ export function EditFirewallRuleForm() {
       onSubmit={(values) => {
         // note different filter logic from create: filter out the rule with the
         // *original* name because we need to overwrite that rule
-        const otherRules = existingRules
+        const otherRules = data.rules
           .filter((r) => r.name !== originalRule.name)
           .map(firewallRuleGetToPut)
 
diff --git a/app/hooks/use-params.ts b/app/hooks/use-params.ts
index f4f44fa117..35932cce8d 100644
--- a/app/hooks/use-params.ts
+++ b/app/hooks/use-params.ts
@@ -36,7 +36,7 @@ export const getProjectSelector = requireParams('project')
 export const getFloatingIpSelector = requireParams('project', 'floatingIp')
 export const getInstanceSelector = requireParams('project', 'instance')
 export const getVpcSelector = requireParams('project', 'vpc')
-export const getVpcFirewallRuleSelector = requireParams('project', 'vpc', 'firewallRule')
+export const getFirewallRuleSelector = requireParams('project', 'vpc', 'rule')
 export const getVpcSubnetSelector = requireParams('project', 'vpc', 'subnet')
 export const getSiloSelector = requireParams('silo')
 export const getSiloImageSelector = requireParams('image')
@@ -80,8 +80,7 @@ export const useProjectSnapshotSelector = () =>
 export const useInstanceSelector = () => useSelectedParams(getInstanceSelector)
 export const useVpcSelector = () => useSelectedParams(getVpcSelector)
 export const useVpcSubnetSelector = () => useSelectedParams(getVpcSubnetSelector)
-export const useVpcFirewallRuleSelector = () =>
-  useSelectedParams(getVpcFirewallRuleSelector)
+export const useFirewallRuleSelector = () => useSelectedParams(getFirewallRuleSelector)
 export const useSiloSelector = () => useSelectedParams(getSiloSelector)
 export const useSiloImageSelector = () => useSelectedParams(getSiloImageSelector)
 export const useIdpSelector = () => useSelectedParams(getIdpSelector)
diff --git a/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx b/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
index 312c186fd8..6c155a3b78 100644
--- a/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
+++ b/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
@@ -136,7 +136,7 @@ export function VpcFirewallRulesTab() {
           <LinkCell
             to={pb.vpcFirewallRuleEdit({
               ...vpcSelector,
-              firewallRule: info.row.original.name,
+              rule: info.row.original.name,
             })}
           >
             {info.getValue()}
@@ -151,7 +151,7 @@ export function VpcFirewallRulesTab() {
             navigate(
               pb.vpcFirewallRuleEdit({
                 ...vpcSelector,
-                firewallRule: rule.name,
+                rule: rule.name,
               })
             )
           },
diff --git a/app/routes.tsx b/app/routes.tsx
index 33179cf425..b958fee844 100644
--- a/app/routes.tsx
+++ b/app/routes.tsx
@@ -369,7 +369,7 @@ export const routes = createRoutesFromElements(
                   handle={{ crumb: 'New Firewall Rule' }}
                 />
                 <Route
-                  path="firewall-rules/:firewallRule/edit"
+                  path="firewall-rules/:rule/edit"
                   element={<EditFirewallRuleForm />}
                   loader={EditFirewallRuleForm.loader}
                   handle={{ crumb: 'Edit Firewall Rule' }}
diff --git a/app/util/path-builder.spec.ts b/app/util/path-builder.spec.ts
index 7244193d8a..627aa0187e 100644
--- a/app/util/path-builder.spec.ts
+++ b/app/util/path-builder.spec.ts
@@ -22,7 +22,7 @@ const params = {
   image: 'im',
   snapshot: 'sn',
   pool: 'pl',
-  firewallRule: 'fr',
+  rule: 'fr',
   subnet: 'su',
 }
 
diff --git a/app/util/path-builder.ts b/app/util/path-builder.ts
index 853e9d7698..875b6ae4ef 100644
--- a/app/util/path-builder.ts
+++ b/app/util/path-builder.ts
@@ -21,7 +21,7 @@ type Snapshot = Required<PP.Snapshot>
 type SiloImage = Required<PP.SiloImage>
 type IpPool = Required<PP.IpPool>
 type FloatingIp = Required<PP.FloatingIp>
-type VpcFirewallRule = Required<PP.VpcFirewallRule>
+type FirewallRule = Required<PP.FirewallRule>
 type VpcSubnet = Required<PP.VpcSubnet>
 
 // these are used as the basis for many routes but are not themselves routes we
@@ -80,15 +80,13 @@ export const pb = {
 
   vpcEdit: (params: Vpc) => `${vpcBase(params)}/edit`,
 
-  vpcFirewallRules: (params: Vpc) => `${pb.vpcs(params)}/${params.vpc}/firewall-rules`,
-  vpcFirewallRulesNew: (params: Vpc) =>
-    `${pb.vpcs(params)}/${params.vpc}/firewall-rules-new`,
-  vpcFirewallRuleEdit: (params: VpcFirewallRule) =>
-    `${pb.vpcs(params)}/${params.vpc}/firewall-rules/${params.firewallRule}/edit`,
-  vpcSubnets: (params: Vpc) => `${pb.vpcs(params)}/${params.vpc}/subnets`,
-  vpcSubnetsNew: (params: Vpc) => `${pb.vpcs(params)}/${params.vpc}/subnets-new`,
-  vpcSubnetsEdit: (params: VpcSubnet) =>
-    `${pb.vpcs(params)}/${params.vpc}/subnets/${params.subnet}/edit`,
+  vpcFirewallRules: (params: Vpc) => `${vpcBase(params)}/firewall-rules`,
+  vpcFirewallRulesNew: (params: Vpc) => `${vpcBase(params)}/firewall-rules-new`,
+  vpcFirewallRuleEdit: (params: FirewallRule) =>
+    `${pb.vpcFirewallRules(params)}/${params.rule}/edit`,
+  vpcSubnets: (params: Vpc) => `${vpcBase(params)}/subnets`,
+  vpcSubnetsNew: (params: Vpc) => `${vpcBase(params)}/subnets-new`,
+  vpcSubnetsEdit: (params: VpcSubnet) => `${pb.vpcSubnets(params)}/${params.subnet}/edit`,
 
   floatingIps: (params: Project) => `${projectBase(params)}/floating-ips`,
   floatingIpsNew: (params: Project) => `${projectBase(params)}/floating-ips-new`,

From 24a9b561d22ee66f4f4b70a3f9fc4bcf9e121f99 Mon Sep 17 00:00:00 2001
From: David Crespo <david.crespo@oxidecomputer.com>
Date: Fri, 7 Jun 2024 16:58:28 -0500
Subject: [PATCH 14/22] merge vpc-routes into firewall-template

---
 .eslintrc.cjs                                 |  17 ++
 app/api/path-params.ts                        |   2 +-
 app/api/roles.spec.ts                         |   5 +
 app/api/roles.ts                              |  12 +-
 app/api/util.ts                               |  96 ++++-----
 app/components/MswBanner.tsx                  |   1 +
 app/components/RefetchIntervalPicker.tsx      |   1 +
 app/components/Terminal.tsx                   |  12 +-
 app/components/form/SideModalForm.tsx         |   4 +-
 .../form/fields/DateTimeRangePicker.spec.tsx  |   4 +-
 .../form/fields/DisksTableField.tsx           |  13 +-
 .../form/fields/ImageSelectField.tsx          |   5 +-
 app/components/form/fields/ListboxField.tsx   |   2 +-
 .../form/fields/NetworkInterfaceField.tsx     |  22 +--
 app/components/form/fields/TlsCertsField.tsx  |  12 +-
 app/forms/disk-attach.tsx                     |   4 +-
 app/forms/disk-create.tsx                     |   6 +-
 app/forms/firewall-rules-create.tsx           |  58 +++---
 app/forms/firewall-rules-edit.tsx             |  18 +-
 app/forms/image-upload.tsx                    |   2 +-
 app/forms/instance-create.tsx                 | 182 ++++++++++++++++++
 app/forms/network-interface-edit.tsx          |   9 +-
 app/forms/subnet-edit.tsx                     |   5 +-
 app/forms/vpc-edit.tsx                        |   2 +-
 app/hooks/use-params.ts                       |   5 +-
 app/pages/SiloAccessPage.tsx                  |   6 +-
 .../project/access/ProjectAccessPage.tsx      |   9 +-
 .../floating-ips/AttachFloatingIpModal.tsx    |   3 +-
 app/pages/project/instances/actions.tsx       |  12 +-
 .../instances/instance/SerialConsolePage.tsx  | 113 ++++++++---
 app/pages/project/vpcs/VpcPage/VpcPage.tsx    |   3 +-
 .../vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx |  12 +-
 .../inventory/sled/SledInstancesTab.tsx       |   6 +-
 app/routes.tsx                                |   9 +-
 app/table/cells/LinkCell.tsx                  |   2 +-
 app/ui/lib/ActionMenu.tsx                     |   2 +
 app/ui/lib/Button.tsx                         |   3 +-
 app/ui/lib/FileInput.tsx                      |   1 +
 app/ui/lib/Listbox.tsx                        |   4 +-
 app/ui/lib/MiniTable.tsx                      |  12 ++
 app/ui/lib/NumberInput.tsx                    |   1 +
 app/ui/lib/Pagination.tsx                     |   2 +
 app/ui/lib/RangeCalendar.tsx                  |   1 +
 app/ui/lib/Slash.tsx                          |  10 +
 app/ui/lib/Toast.tsx                          |   1 +
 app/ui/lib/Tooltip.stories.tsx                |   2 +-
 app/ui/styles/index.css                       |   2 +-
 app/util/array.spec.tsx                       |  45 +----
 app/util/array.ts                             |  76 +-------
 app/util/file.spec.ts                         |   2 +-
 app/util/math.ts                              |   6 +-
 app/util/object.spec.ts                       |  18 --
 app/util/object.ts                            |  32 ---
 app/util/path-builder.spec.ts                 |   2 +-
 app/util/path-builder.ts                      |  22 +--
 mock-api/msw/db.ts                            |  18 +-
 mock-api/msw/handlers.ts                      |  65 +++++--
 mock-api/msw/util.ts                          |  13 +-
 mock-api/silo.ts                              |   5 +-
 package-lock.json                             |  72 +++++--
 package.json                                  |  14 +-
 test/e2e/images.e2e.ts                        |   4 +-
 test/e2e/instance-create.e2e.ts               | 103 +++++++++-
 test/e2e/instance-disks.e2e.ts                |   2 +
 test/e2e/silos.e2e.ts                         |   2 +-
 test/e2e/utils.ts                             |   5 +-
 66 files changed, 758 insertions(+), 463 deletions(-)
 create mode 100644 app/ui/lib/Slash.tsx
 delete mode 100644 app/util/object.spec.ts
 delete mode 100644 app/util/object.ts

diff --git a/.eslintrc.cjs b/.eslintrc.cjs
index dc12fdcd89..2aef4ef7f4 100644
--- a/.eslintrc.cjs
+++ b/.eslintrc.cjs
@@ -6,9 +6,13 @@ module.exports = {
   parser: '@typescript-eslint/parser',
   parserOptions: {
     warnOnUnsupportedTypeScriptVersion: false,
+    // this config is needed for type aware lint rules
+    project: true,
+    tsconfigRootDir: __dirname,
   },
   extends: [
     'eslint:recommended',
+    'plugin:@typescript-eslint/recommended-type-checked',
     'plugin:@typescript-eslint/strict',
     'plugin:@typescript-eslint/stylistic',
     'plugin:jsx-a11y/recommended',
@@ -45,6 +49,18 @@ module.exports = {
       'error',
       { argsIgnorePattern: '^_', varsIgnorePattern: '^_' },
     ],
+
+    // disabling the type-aware rules we don't like
+    // https://typescript-eslint.io/getting-started/typed-linting/
+    '@typescript-eslint/no-floating-promises': 'off',
+    '@typescript-eslint/no-misused-promises': 'off',
+    '@typescript-eslint/unbound-method': 'off',
+    '@typescript-eslint/no-unsafe-argument': 'off',
+    '@typescript-eslint/no-unsafe-assignment': 'off',
+    '@typescript-eslint/no-unsafe-call': 'off',
+    '@typescript-eslint/no-unsafe-member-access': 'off',
+    '@typescript-eslint/no-unsafe-return': 'off',
+
     eqeqeq: ['error', 'always', { null: 'ignore' }],
     'import/no-default-export': 'error',
     'import/no-unresolved': 'off', // plugin doesn't know anything
@@ -70,6 +86,7 @@ module.exports = {
     radix: 'error',
     'react-hooks/exhaustive-deps': 'error',
     'react-hooks/rules-of-hooks': 'error',
+    'react/button-has-type': 'error',
     'react/jsx-boolean-value': 'error',
     'react/display-name': 'off',
     'react/react-in-jsx-scope': 'off',
diff --git a/app/api/path-params.ts b/app/api/path-params.ts
index e0be7474ab..a14c1c38c2 100644
--- a/app/api/path-params.ts
+++ b/app/api/path-params.ts
@@ -16,7 +16,7 @@ export type NetworkInterface = Merge<Instance, { interface?: string }>
 export type Snapshot = Merge<Project, { snapshot?: string }>
 export type Vpc = Merge<Project, { vpc?: string }>
 export type VpcSubnet = Merge<Vpc, { subnet?: string }>
-export type VpcFirewallRule = Merge<Vpc, { firewallRule?: string }>
+export type FirewallRule = Merge<Vpc, { rule?: string }>
 export type Silo = { silo?: string }
 export type IdentityProvider = Merge<Silo, { provider: string }>
 export type SystemUpdate = { version: string }
diff --git a/app/api/roles.spec.ts b/app/api/roles.spec.ts
index 984d76d240..81b6418f4f 100644
--- a/app/api/roles.spec.ts
+++ b/app/api/roles.spec.ts
@@ -8,6 +8,7 @@
 import { describe, expect, it, test } from 'vitest'
 
 import {
+  allRoles,
   byGroupThenName,
   deleteRole,
   getEffectiveRole,
@@ -154,3 +155,7 @@ test('byGroupThenName sorts as expected', () => {
 
   expect([c, e, b, d, a].sort(byGroupThenName)).toEqual([a, b, c, d, e])
 })
+
+test('allRoles', () => {
+  expect(allRoles).toEqual(['admin', 'collaborator', 'viewer'])
+})
diff --git a/app/api/roles.ts b/app/api/roles.ts
index bdd1cf97da..e5c9125382 100644
--- a/app/api/roles.ts
+++ b/app/api/roles.ts
@@ -12,8 +12,7 @@
  * it belongs in the API proper.
  */
 import { useMemo } from 'react'
-
-import { lowestBy, sortBy } from '~/util/array'
+import * as R from 'remeda'
 
 import type { FleetRole, IdentityType, ProjectRole, SiloRole } from './__generated__/Api'
 import { usePrefetchedApiQuery } from './client'
@@ -27,12 +26,13 @@ export type RoleKey = FleetRole | SiloRole | ProjectRole
 /** Turn a role order record into a sorted array of strings. */
 // used for displaying lists of roles, like in a <select>
 const flatRoles = (roleOrder: Record<RoleKey, number>): RoleKey[] =>
-  sortBy(Object.keys(roleOrder) as RoleKey[], (role) => roleOrder[role])
+  R.sortBy(Object.keys(roleOrder) as RoleKey[], (role) => roleOrder[role])
 
-// This is a record only to ensure that all RoleKey are covered
+// This is a record only to ensure that all RoleKey are covered. weird order
+// on purpose so allRoles test can confirm sorting works
 export const roleOrder: Record<RoleKey, number> = {
-  admin: 0,
   collaborator: 1,
+  admin: 0,
   viewer: 2,
 }
 
@@ -41,7 +41,7 @@ export const allRoles = flatRoles(roleOrder)
 
 /** Given a list of roles, get the most permissive one */
 export const getEffectiveRole = (roles: RoleKey[]): RoleKey | undefined =>
-  lowestBy(roles, (role) => roleOrder[role])
+  R.firstBy(roles, (role) => roleOrder[role])
 
 ////////////////////////////
 // Policy helpers
diff --git a/app/api/util.ts b/app/api/util.ts
index 352455c161..54dbb58e7d 100644
--- a/app/api/util.ts
+++ b/app/api/util.ts
@@ -5,9 +5,9 @@
  *
  * Copyright Oxide Computer Company
  */
-/// Helpers for working with API objects
-import { sumBy } from '~/util/array'
-import { mapValues, pick } from '~/util/object'
+
+import * as R from 'remeda'
+
 import { bytesToGiB } from '~/util/units'
 
 import type {
@@ -60,8 +60,7 @@ export function parsePortRange(portRange: string): PortRange | null {
 export const firewallRuleGetToPut = (
   rule: VpcFirewallRule
 ): NoExtraKeys<VpcFirewallRuleUpdate, VpcFirewallRule> =>
-  pick(
-    rule,
+  R.pick(rule, [
     'name',
     'action',
     'description',
@@ -69,8 +68,8 @@ export const firewallRuleGetToPut = (
     'filters',
     'priority',
     'status',
-    'targets'
-  )
+    'targets',
+  ])
 
 /**
  * Generates a valid name given a list of strings. Must be given at least
@@ -90,45 +89,46 @@ export const genName = (...parts: [string, ...string[]]) => {
   )
 }
 
-export const instanceCan = mapValues(
-  {
-    start: ['stopped'],
-    reboot: ['running'],
-    stop: ['running', 'starting'],
-    delete: ['stopped', 'failed'],
-    // https://github.com/oxidecomputer/omicron/blob/9eff6a4/nexus/db-queries/src/db/datastore/disk.rs#L310-L314
-    detachDisk: ['creating', 'stopped', 'failed'],
-    // https://github.com/oxidecomputer/omicron/blob/a7c7a67/nexus/db-queries/src/db/datastore/disk.rs#L183-L184
-    attachDisk: ['creating', 'stopped'],
-    // https://github.com/oxidecomputer/omicron/blob/8f0cbf0/nexus/db-queries/src/db/datastore/network_interface.rs#L482
-    updateNic: ['stopped'],
-  },
-  // cute way to make it ergonomic to call the test while also making the states
-  // available directly
-  (states: InstanceState[]) => {
-    const test = (i: Instance) => states.includes(i.runState)
-    test.states = states
-    return test
-  }
-)
-
-export const diskCan = mapValues(
-  {
-    // https://github.com/oxidecomputer/omicron/blob/4970c71e/nexus/db-queries/src/db/datastore/disk.rs#L578-L582.
-    delete: ['detached', 'creating', 'faulted'],
-    // TODO: link to API source
-    snapshot: ['attached', 'detached'],
-    // https://github.com/oxidecomputer/omicron/blob/4970c71e/nexus/db-queries/src/db/datastore/disk.rs#L169-L172
-    attach: ['creating', 'detached'],
-  },
-  (states: DiskState['state'][]) => {
-    // only have to Pick because we want this to work for both Disk and
-    // Json<Disk>, which we pass to it in the MSW handlers
-    const test = (d: Pick<Disk, 'state'>) => states.includes(d.state.state)
-    test.states = states
-    return test
-  }
-)
+const instanceActions: Record<string, InstanceState[]> = {
+  start: ['stopped'],
+  reboot: ['running'],
+  stop: ['running', 'starting'],
+  delete: ['stopped', 'failed'],
+  // https://github.com/oxidecomputer/omicron/blob/9eff6a4/nexus/db-queries/src/db/datastore/disk.rs#L310-L314
+  detachDisk: ['creating', 'stopped', 'failed'],
+  // https://github.com/oxidecomputer/omicron/blob/a7c7a67/nexus/db-queries/src/db/datastore/disk.rs#L183-L184
+  attachDisk: ['creating', 'stopped'],
+  // https://github.com/oxidecomputer/omicron/blob/8f0cbf0/nexus/db-queries/src/db/datastore/network_interface.rs#L482
+  updateNic: ['stopped'],
+  // https://github.com/oxidecomputer/omicron/blob/ebcc2acd/nexus/src/app/instance.rs#L1648-L1676
+  serialConsole: ['running', 'rebooting', 'migrating', 'repairing'],
+}
+
+// setting .states is a cute way to make it ergonomic to call the test function
+// while also making the states available directly
+
+export const instanceCan = R.mapValues(instanceActions, (states) => {
+  const test = (i: Instance) => states.includes(i.runState)
+  test.states = states
+  return test
+})
+
+const diskActions: Record<string, DiskState['state'][]> = {
+  // https://github.com/oxidecomputer/omicron/blob/4970c71e/nexus/db-queries/src/db/datastore/disk.rs#L578-L582.
+  delete: ['detached', 'creating', 'faulted'],
+  // TODO: link to API source
+  snapshot: ['attached', 'detached'],
+  // https://github.com/oxidecomputer/omicron/blob/4970c71e/nexus/db-queries/src/db/datastore/disk.rs#L169-L172
+  attach: ['creating', 'detached'],
+}
+
+export const diskCan = R.mapValues(diskActions, (states) => {
+  // only have to Pick because we want this to work for both Disk and
+  // Json<Disk>, which we pass to it in the MSW handlers
+  const test = (d: Pick<Disk, 'state'>) => states.includes(d.state.state)
+  test.states = states
+  return test
+})
 
 /** Hard coded in the API, so we can hard code it here. */
 export const FLEET_ID = '001de000-1334-4000-8000-000000000000'
@@ -141,8 +141,8 @@ export function totalCapacity(
 ) {
   return {
     disk_tib: Math.ceil(FUDGE * sleds.length * 32 * TBtoTiB), // TODO: make more real
-    ram_gib: Math.ceil(bytesToGiB(FUDGE * sumBy(sleds, (s) => s.usablePhysicalRam))),
-    cpu: Math.ceil(FUDGE * sumBy(sleds, (s) => s.usableHardwareThreads)),
+    ram_gib: Math.ceil(bytesToGiB(FUDGE * R.sumBy(sleds, (s) => s.usablePhysicalRam))),
+    cpu: Math.ceil(FUDGE * R.sumBy(sleds, (s) => s.usableHardwareThreads)),
   }
 }
 
diff --git a/app/components/MswBanner.tsx b/app/components/MswBanner.tsx
index 82b943d95e..a22f9bd7a5 100644
--- a/app/components/MswBanner.tsx
+++ b/app/components/MswBanner.tsx
@@ -35,6 +35,7 @@ export function MswBanner() {
       <label className="absolute z-topBar flex h-10 w-full items-center justify-center text-sans-md text-info-secondary bg-info-secondary [&+*]:pt-10">
         <Info16Icon className="mr-2" /> This is a technical preview.
         <button
+          type="button"
           className="ml-2 flex items-center gap-0.5 text-sans-md hover:text-info"
           onClick={() => setIsOpen(true)}
         >
diff --git a/app/components/RefetchIntervalPicker.tsx b/app/components/RefetchIntervalPicker.tsx
index 200189a737..5f68213bf3 100644
--- a/app/components/RefetchIntervalPicker.tsx
+++ b/app/components/RefetchIntervalPicker.tsx
@@ -60,6 +60,7 @@ export function useIntervalPicker({ enabled, isLoading, fn }: Props) {
         </div>
         <div className="flex">
           <button
+            type="button"
             className={cn(
               'flex w-10 items-center justify-center rounded-l border-b border-l border-t border-default disabled:cursor-default',
               isLoading && 'hover:bg-hover',
diff --git a/app/components/Terminal.tsx b/app/components/Terminal.tsx
index 3f27e80dad..0a1e7b1fe4 100644
--- a/app/components/Terminal.tsx
+++ b/app/components/Terminal.tsx
@@ -5,9 +5,9 @@
  *
  * Copyright Oxide Computer Company
  */
+import { FitAddon } from '@xterm/addon-fit'
+import { Terminal as XTerm, type ITerminalOptions } from '@xterm/xterm'
 import { useEffect, useRef, useState } from 'react'
-import { Terminal as XTerm, type ITerminalOptions } from 'xterm'
-import { FitAddon } from 'xterm-addon-fit'
 
 import { DirectionDownIcon, DirectionUpIcon } from '@oxide/design-system/icons/react'
 
@@ -106,11 +106,11 @@ export default function Terminal({ ws }: TerminalProps) {
     <>
       <div className="h-full w-[calc(100%-3rem)] text-mono-code" ref={terminalRef} />
       <div className="absolute right-0 top-0 space-y-2 text-secondary">
-        <ScrollButton onClick={() => term?.scrollToTop()}>
-          <DirectionUpIcon />
+        <ScrollButton onClick={() => term?.scrollToTop()} aria-label="Scroll to top">
+          <DirectionUpIcon aria-hidden />
         </ScrollButton>
-        <ScrollButton onClick={() => term?.scrollToBottom()}>
-          <DirectionDownIcon />
+        <ScrollButton onClick={() => term?.scrollToBottom()} aria-label="Scroll to bottom">
+          <DirectionDownIcon aria-hidden />
         </ScrollButton>
       </div>
     </>
diff --git a/app/components/form/SideModalForm.tsx b/app/components/form/SideModalForm.tsx
index e066f1bd3f..e0e02b7cbe 100644
--- a/app/components/form/SideModalForm.tsx
+++ b/app/components/form/SideModalForm.tsx
@@ -7,7 +7,7 @@
  */
 import { useEffect, useId, type ReactNode } from 'react'
 import type { FieldValues, UseFormReturn } from 'react-hook-form'
-import { useNavigationType } from 'react-router-dom'
+import { NavigationType, useNavigationType } from 'react-router-dom'
 
 import type { ApiError } from '@oxide/api'
 
@@ -57,7 +57,7 @@ type SideModalFormProps<TFieldValues extends FieldValues> = {
  * any way to distinguish between fresh pageload and back/forward.
  */
 export function useShouldAnimateModal() {
-  return useNavigationType() === 'PUSH'
+  return useNavigationType() === NavigationType.Push
 }
 
 export function SideModalForm<TFieldValues extends FieldValues>({
diff --git a/app/components/form/fields/DateTimeRangePicker.spec.tsx b/app/components/form/fields/DateTimeRangePicker.spec.tsx
index 0d9e37ec27..12c7274754 100644
--- a/app/components/form/fields/DateTimeRangePicker.spec.tsx
+++ b/app/components/form/fields/DateTimeRangePicker.spec.tsx
@@ -97,7 +97,7 @@ describe.skip('custom mode', () => {
     expect(screen.getByRole('button', { name: 'Load' })).toHaveClass('visually-disabled')
   })
 
-  it('clicking load after changing date changes range', async () => {
+  it('clicking load after changing date changes range', () => {
     const { setRange } = renderLastDay()
 
     // expect(screen.getByLabelText('Start time')).toHaveValue(dateForInput(subDays(now, 1)))
@@ -125,7 +125,7 @@ describe.skip('custom mode', () => {
     })
   })
 
-  it('clicking reset after changing inputs resets inputs', async () => {
+  it('clicking reset after changing inputs resets inputs', () => {
     const { setRange } = renderLastDay()
 
     // expect(screen.getByLabelText('Start time')).toHaveValue(dateForInput(subDays(now, 1)))
diff --git a/app/components/form/fields/DisksTableField.tsx b/app/components/form/fields/DisksTableField.tsx
index ac0f0fe4c8..f8389ee650 100644
--- a/app/components/form/fields/DisksTableField.tsx
+++ b/app/components/form/fields/DisksTableField.tsx
@@ -9,7 +9,6 @@ import { useState } from 'react'
 import { useController, type Control } from 'react-hook-form'
 
 import type { DiskCreate } from '@oxide/api'
-import { Error16Icon } from '@oxide/design-system/icons/react'
 
 import { AttachDiskSideModalForm } from '~/forms/disk-attach'
 import { CreateDiskSideModalForm } from '~/forms/disk-create'
@@ -77,13 +76,10 @@ export function DisksTableField({
                       </>
                     )}
                   </MiniTable.Cell>
-                  <MiniTable.Cell>
-                    <button
-                      onClick={() => onChange(items.filter((i) => i.name !== item.name))}
-                    >
-                      <Error16Icon title={`remove ${item.name}`} />
-                    </button>
-                  </MiniTable.Cell>
+                  <MiniTable.RemoveCell
+                    onClick={() => onChange(items.filter((i) => i.name !== item.name))}
+                    label={`remove disk ${item.name}`}
+                  />
                 </MiniTable.Row>
               ))}
             </MiniTable.Body>
@@ -121,6 +117,7 @@ export function DisksTableField({
             onChange([...items, { type: 'attach', ...values }])
             setShowDiskAttach(false)
           }}
+          diskNamesToExclude={items.filter((i) => i.type === 'attach').map((i) => i.name)}
         />
       )}
     </>
diff --git a/app/components/form/fields/ImageSelectField.tsx b/app/components/form/fields/ImageSelectField.tsx
index cf311cbd6f..ea4aa0be4b 100644
--- a/app/components/form/fields/ImageSelectField.tsx
+++ b/app/components/form/fields/ImageSelectField.tsx
@@ -11,6 +11,7 @@ import type { Image } from '@oxide/api'
 
 import type { InstanceCreateInput } from '~/forms/instance-create'
 import type { ListboxItem } from '~/ui/lib/Listbox'
+import { Slash } from '~/ui/lib/Slash'
 import { nearest10 } from '~/util/math'
 import { bytesToGiB, GiB } from '~/util/units'
 
@@ -50,10 +51,6 @@ export function BootDiskImageSelectField({
   )
 }
 
-const Slash = () => (
-  <span className="mx-1 text-quinary selected:text-accent-disabled">/</span>
-)
-
 export function toListboxItem(i: Image, includeProjectSiloIndicator = false): ListboxItem {
   const { name, os, projectId, size, version } = i
   const formattedSize = `${bytesToGiB(size, 1)} GiB`
diff --git a/app/components/form/fields/ListboxField.tsx b/app/components/form/fields/ListboxField.tsx
index 09241ffc09..20f3da2b5d 100644
--- a/app/components/form/fields/ListboxField.tsx
+++ b/app/components/form/fields/ListboxField.tsx
@@ -27,7 +27,7 @@ export type ListboxFieldProps<
   className?: string
   label?: string
   required?: boolean
-  description?: string | React.ReactNode | React.ReactNode
+  description?: string | React.ReactNode
   tooltipText?: string
   control: Control<TFieldValues>
   disabled?: boolean
diff --git a/app/components/form/fields/NetworkInterfaceField.tsx b/app/components/form/fields/NetworkInterfaceField.tsx
index a436dfea75..68c1a6b880 100644
--- a/app/components/form/fields/NetworkInterfaceField.tsx
+++ b/app/components/form/fields/NetworkInterfaceField.tsx
@@ -12,7 +12,6 @@ import type {
   InstanceNetworkInterfaceAttachment,
   InstanceNetworkInterfaceCreate,
 } from '@oxide/api'
-import { Error16Icon } from '@oxide/design-system/icons/react'
 
 import type { InstanceCreateInput } from '~/forms/instance-create'
 import { CreateNetworkInterfaceForm } from '~/forms/network-interface-create'
@@ -94,18 +93,15 @@ export function NetworkInterfaceField({
                       <MiniTable.Cell>{item.name}</MiniTable.Cell>
                       <MiniTable.Cell>{item.vpcName}</MiniTable.Cell>
                       <MiniTable.Cell>{item.subnetName}</MiniTable.Cell>
-                      <MiniTable.Cell>
-                        <button
-                          onClick={() =>
-                            onChange({
-                              type: 'create',
-                              params: value.params.filter((i) => i.name !== item.name),
-                            })
-                          }
-                        >
-                          <Error16Icon title={`remove ${item.name}`} />
-                        </button>
-                      </MiniTable.Cell>
+                      <MiniTable.RemoveCell
+                        onClick={() =>
+                          onChange({
+                            type: 'create',
+                            params: value.params.filter((i) => i.name !== item.name),
+                          })
+                        }
+                        label={`remove network interface ${item.name}`}
+                      />
                     </MiniTable.Row>
                   ))}
                 </MiniTable.Body>
diff --git a/app/components/form/fields/TlsCertsField.tsx b/app/components/form/fields/TlsCertsField.tsx
index b73af64f07..29188be002 100644
--- a/app/components/form/fields/TlsCertsField.tsx
+++ b/app/components/form/fields/TlsCertsField.tsx
@@ -10,7 +10,6 @@ import { useController, type Control } from 'react-hook-form'
 import type { Merge } from 'type-fest'
 
 import type { CertificateCreate } from '@oxide/api'
-import { Error16Icon } from '@oxide/design-system/icons/react'
 
 import type { SiloCreateFormValues } from '~/forms/silo-create'
 import { useForm } from '~/hooks'
@@ -53,13 +52,10 @@ export function TlsCertsField({ control }: { control: Control<SiloCreateFormValu
                   key={item.name}
                 >
                   <MiniTable.Cell>{item.name}</MiniTable.Cell>
-                  <MiniTable.Cell>
-                    <button
-                      onClick={() => onChange(items.filter((i) => i.name !== item.name))}
-                    >
-                      <Error16Icon title={`remove ${item.name}`} />
-                    </button>
-                  </MiniTable.Cell>
+                  <MiniTable.RemoveCell
+                    onClick={() => onChange(items.filter((i) => i.name !== item.name))}
+                    label={`remove cert ${item.name}`}
+                  />
                 </MiniTable.Row>
               ))}
             </MiniTable.Body>
diff --git a/app/forms/disk-attach.tsx b/app/forms/disk-attach.tsx
index f7995fd307..931346f574 100644
--- a/app/forms/disk-attach.tsx
+++ b/app/forms/disk-attach.tsx
@@ -17,6 +17,7 @@ type AttachDiskProps = {
   /** If defined, this overrides the usual mutation */
   onSubmit: (diskAttach: { name: string }) => void
   onDismiss: () => void
+  diskNamesToExclude?: string[]
   loading?: boolean
   submitError?: ApiError | null
 }
@@ -28,6 +29,7 @@ type AttachDiskProps = {
 export function AttachDiskSideModalForm({
   onSubmit,
   onDismiss,
+  diskNamesToExclude = [],
   loading,
   submitError = null,
 }: AttachDiskProps) {
@@ -39,7 +41,7 @@ export function AttachDiskSideModalForm({
   // TODO: error handling
   const detachedDisks =
     useApiQuery('diskList', { query: projectSelector }).data?.items.filter(
-      (d) => d.state.state === 'detached'
+      (d) => d.state.state === 'detached' && !diskNamesToExclude.includes(d.name)
     ) || []
 
   const form = useForm({ defaultValues })
diff --git a/app/forms/disk-create.tsx b/app/forms/disk-create.tsx
index e70ccb8a3f..ae4d88d2be 100644
--- a/app/forms/disk-create.tsx
+++ b/app/forms/disk-create.tsx
@@ -34,6 +34,7 @@ import { FormDivider } from '~/ui/lib/Divider'
 import { FieldLabel } from '~/ui/lib/FieldLabel'
 import { Radio } from '~/ui/lib/Radio'
 import { RadioGroup } from '~/ui/lib/RadioGroup'
+import { Slash } from '~/ui/lib/Slash'
 import { toLocaleDateString } from '~/util/date'
 import { bytesToGiB, GiB } from '~/util/units'
 
@@ -259,9 +260,8 @@ const SnapshotSelectField = ({ control }: { control: Control<DiskCreate> }) => {
               <div>{i.name}</div>
               <div className="text-tertiary selected:text-accent-secondary">
                 Created on {toLocaleDateString(i.timeCreated)}
-                <DiskNameFromId disk={i.diskId} />{' '}
-                <span className="mx-1 text-quinary selected:text-accent-disabled">/</span>{' '}
-                {formattedSize.value} {formattedSize.unit}
+                <DiskNameFromId disk={i.diskId} /> <Slash /> {formattedSize.value}{' '}
+                {formattedSize.unit}
               </div>
             </>
           ),
diff --git a/app/forms/firewall-rules-create.tsx b/app/forms/firewall-rules-create.tsx
index 4421791faa..e682e4446d 100644
--- a/app/forms/firewall-rules-create.tsx
+++ b/app/forms/firewall-rules-create.tsx
@@ -8,6 +8,7 @@
 import { useMemo } from 'react'
 import { useController, type Control } from 'react-hook-form'
 import { useNavigate, useParams, type LoaderFunctionArgs } from 'react-router-dom'
+import * as R from 'remeda'
 
 import {
   apiQueryClient,
@@ -22,7 +23,6 @@ import {
   type VpcFirewallRuleTarget,
   type VpcFirewallRuleUpdate,
 } from '@oxide/api'
-import { Error16Icon } from '@oxide/design-system/icons/react'
 
 import { CheckboxField } from '~/components/form/fields/CheckboxField'
 import { DescriptionField } from '~/components/form/fields/DescriptionField'
@@ -41,7 +41,6 @@ import { Message } from '~/ui/lib/Message'
 import * as MiniTable from '~/ui/lib/MiniTable'
 import { TextInputHint } from '~/ui/lib/TextInput'
 import { KEYS } from '~/ui/util/keys'
-import { sortBy } from '~/util/array'
 import { links } from '~/util/links'
 import { pb } from '~/util/path-builder'
 import { incrementName } from '~/util/str'
@@ -335,19 +334,16 @@ export const CommonFields = ({ error, control }: CommonFieldsProps) => {
                   <Badge variant="solid">{t.type}</Badge>
                 </MiniTable.Cell>
                 <MiniTable.Cell>{t.value}</MiniTable.Cell>
-                <MiniTable.Cell>
-                  <button
-                    onClick={() =>
-                      targets.onChange(
-                        targets.value.filter(
-                          (i) => !(i.value === t.value && i.type === t.type)
-                        )
+                <MiniTable.RemoveCell
+                  onClick={() =>
+                    targets.onChange(
+                      targets.value.filter(
+                        (i) => !(i.value === t.value && i.type === t.type)
                       )
-                    }
-                  >
-                    <Error16Icon title={`remove ${t.value}`} />
-                  </button>
-                </MiniTable.Cell>
+                    )
+                  }
+                  label={`remove target ${t.value}`}
+                />
               </MiniTable.Row>
             ))}
           </MiniTable.Body>
@@ -417,13 +413,10 @@ export const CommonFields = ({ error, control }: CommonFieldsProps) => {
             {ports.value.map((p) => (
               <MiniTable.Row tabIndex={0} aria-label={p} key={p}>
                 <MiniTable.Cell>{p}</MiniTable.Cell>
-                <MiniTable.Cell>
-                  <button
-                    onClick={() => ports.onChange(ports.value.filter((p1) => p1 !== p))}
-                  >
-                    <Error16Icon title={`remove ${p}`} />
-                  </button>
-                </MiniTable.Cell>
+                <MiniTable.RemoveCell
+                  onClick={() => ports.onChange(ports.value.filter((p1) => p1 !== p))}
+                  label={`remove port ${p}`}
+                />
               </MiniTable.Row>
             ))}
           </MiniTable.Body>
@@ -519,19 +512,16 @@ export const CommonFields = ({ error, control }: CommonFieldsProps) => {
                     <Badge variant="solid">{h.type}</Badge>
                   </MiniTable.Cell>
                   <MiniTable.Cell>{h.value}</MiniTable.Cell>
-                  <MiniTable.Cell>
-                    <button
-                      onClick={() =>
-                        hosts.onChange(
-                          hosts.value.filter(
-                            (i) => !(i.value === h.value && i.type === h.type)
-                          )
+                  <MiniTable.RemoveCell
+                    onClick={() =>
+                      hosts.onChange(
+                        hosts.value.filter(
+                          (i) => !(i.value === h.value && i.type === h.type)
                         )
-                      }
-                    >
-                      <Error16Icon title={`remove ${h.value}`} />
-                    </button>
-                  </MiniTable.Cell>
+                      )
+                    }
+                    label={`remove host ${h.value}`}
+                  />
                 </MiniTable.Row>
               ))}
             </MiniTable.Body>
@@ -590,7 +580,7 @@ export function CreateFirewallRuleForm() {
   const { data } = usePrefetchedApiQuery('vpcFirewallRulesView', {
     query: vpcSelector,
   })
-  const existingRules = useMemo(() => sortBy(data.rules, (r) => r.priority), [data])
+  const existingRules = useMemo(() => R.sortBy(data.rules, (r) => r.priority), [data])
   const originalRule = existingRules.find((rule) => rule.name === firewallRule)
 
   const defaultValues: FirewallRuleValues = originalRule
diff --git a/app/forms/firewall-rules-edit.tsx b/app/forms/firewall-rules-edit.tsx
index 0657268da9..6bd64ccd95 100644
--- a/app/forms/firewall-rules-edit.tsx
+++ b/app/forms/firewall-rules-edit.tsx
@@ -16,12 +16,7 @@ import {
 } from '@oxide/api'
 
 import { SideModalForm } from '~/components/form/SideModalForm'
-import {
-  getVpcSelector,
-  useForm,
-  useVpcFirewallRuleSelector,
-  useVpcSelector,
-} from '~/hooks'
+import { getVpcSelector, useFirewallRuleSelector, useForm, useVpcSelector } from '~/hooks'
 import { invariant } from '~/util/invariant'
 import { pb } from '~/util/path-builder'
 
@@ -42,18 +37,15 @@ EditFirewallRuleForm.loader = async ({ params }: LoaderFunctionArgs) => {
 }
 
 export function EditFirewallRuleForm() {
-  const vpcFirewallRuleSelector = useVpcFirewallRuleSelector()
+  const { vpc, project, rule } = useFirewallRuleSelector()
   const vpcSelector = useVpcSelector()
   const queryClient = useApiQueryClient()
 
   const { data } = usePrefetchedApiQuery('vpcFirewallRulesView', {
-    query: { project: vpcFirewallRuleSelector.project, vpc: vpcFirewallRuleSelector.vpc },
+    query: { project, vpc },
   })
 
-  const existingRules = data.rules
-  const originalRule = existingRules.find(
-    (rule) => rule.name === vpcFirewallRuleSelector.firewallRule
-  )
+  const originalRule = data.rules.find((r) => r.name === rule)
 
   invariant(originalRule, 'Firewall rule must exist')
 
@@ -97,7 +89,7 @@ export function EditFirewallRuleForm() {
       onSubmit={(values) => {
         // note different filter logic from create: filter out the rule with the
         // *original* name because we need to overwrite that rule
-        const otherRules = existingRules
+        const otherRules = data.rules
           .filter((r) => r.name !== originalRule.name)
           .map(firewallRuleGetToPut)
 
diff --git a/app/forms/image-upload.tsx b/app/forms/image-upload.tsx
index b3be957b9c..6d7f5edaf8 100644
--- a/app/forms/image-upload.tsx
+++ b/app/forms/image-upload.tsx
@@ -273,7 +273,7 @@ export function CreateImageSideModalForm() {
   // coordinating when to cleanup, we make cleanup idempotent by having it check
   // whether it has already been run, or more concretely before each action,
   // check whether it needs to be done
-  async function closeModal() {
+  function closeModal() {
     if (allDone) {
       backToImages()
       return
diff --git a/app/forms/instance-create.tsx b/app/forms/instance-create.tsx
index bfb25d21fa..42d0e77182 100644
--- a/app/forms/instance-create.tsx
+++ b/app/forms/instance-create.tsx
@@ -9,6 +9,7 @@ import * as Accordion from '@radix-ui/react-accordion'
 import { useEffect, useMemo, useState } from 'react'
 import { useController, useWatch, type Control } from 'react-hook-form'
 import { useNavigate, type LoaderFunctionArgs } from 'react-router-dom'
+import * as R from 'remeda'
 import type { SetRequired } from 'type-fest'
 
 import {
@@ -20,13 +21,17 @@ import {
   useApiMutation,
   useApiQueryClient,
   usePrefetchedApiQuery,
+  type ExternalIpCreate,
+  type FloatingIp,
   type InstanceCreate,
   type InstanceDiskAttachment,
+  type NameOrId,
 } from '@oxide/api'
 import {
   Images16Icon,
   Instances16Icon,
   Instances24Icon,
+  IpGlobal16Icon,
   Storage16Icon,
 } from '@oxide/design-system/icons/react'
 
@@ -50,16 +55,21 @@ import { SshKeysField } from '~/components/form/fields/SshKeysField'
 import { TextField } from '~/components/form/fields/TextField'
 import { Form } from '~/components/form/Form'
 import { FullPageForm } from '~/components/form/FullPageForm'
+import { HL } from '~/components/HL'
 import { getProjectSelector, useForm, useProjectSelector } from '~/hooks'
 import { addToast } from '~/stores/toast'
 import { Badge } from '~/ui/lib/Badge'
+import { Button } from '~/ui/lib/Button'
 import { Checkbox } from '~/ui/lib/Checkbox'
 import { FormDivider } from '~/ui/lib/Divider'
 import { EmptyMessage } from '~/ui/lib/EmptyMessage'
 import { Listbox } from '~/ui/lib/Listbox'
 import { Message } from '~/ui/lib/Message'
+import * as MiniTable from '~/ui/lib/MiniTable'
+import { Modal } from '~/ui/lib/Modal'
 import { PageHeader, PageTitle } from '~/ui/lib/PageHeader'
 import { RadioCard } from '~/ui/lib/Radio'
+import { Slash } from '~/ui/lib/Slash'
 import { Tabs } from '~/ui/lib/Tabs'
 import { TextInputHint } from '~/ui/lib/TextInput'
 import { TipIcon } from '~/ui/lib/TipIcon'
@@ -153,6 +163,7 @@ CreateInstanceForm.loader = async ({ params }: LoaderFunctionArgs) => {
     }),
     apiQueryClient.prefetchQuery('currentUserSshKeyList', {}),
     apiQueryClient.prefetchQuery('projectIpPoolList', { query: { limit: 1000 } }),
+    apiQueryClient.prefetchQuery('floatingIpList', { query: { project, limit: 1000 } }),
   ])
   return null
 }
@@ -573,6 +584,28 @@ export function CreateInstanceForm() {
   )
 }
 
+// `ip is …` guard is necessary until we upgrade to 5.5, which handles this automatically
+const isFloating = (
+  ip: ExternalIpCreate
+): ip is { type: 'floating'; floatingIp: NameOrId } => ip.type === 'floating'
+
+const FloatingIpLabel = ({ ip }: { ip: FloatingIp }) => (
+  <div>
+    <div>{ip.name}</div>
+    <div className="flex gap-0.5 text-tertiary selected:text-accent-secondary">
+      <div>{ip.ip}</div>
+      {ip.description && (
+        <>
+          <Slash />
+          <div className="grow overflow-hidden overflow-ellipsis whitespace-pre text-left">
+            {ip.description}
+          </div>
+        </>
+      )}
+    </div>
+  </div>
+)
+
 const AdvancedAccordion = ({
   control,
   isSubmitting,
@@ -586,11 +619,65 @@ const AdvancedAccordion = ({
   // tell, inside AccordionItem, when an accordion is opened so we can scroll its
   // contents into view
   const [openItems, setOpenItems] = useState<string[]>([])
+  const [floatingIpModalOpen, setFloatingIpModalOpen] = useState(false)
+  const [selectedFloatingIp, setSelectedFloatingIp] = useState<FloatingIp | undefined>()
   const externalIps = useController({ control, name: 'externalIps' })
   const ephemeralIp = externalIps.field.value?.find((ip) => ip.type === 'ephemeral')
   const assignEphemeralIp = !!ephemeralIp
   const selectedPool = ephemeralIp && 'pool' in ephemeralIp ? ephemeralIp.pool : undefined
   const defaultPool = siloPools.find((pool) => pool.isDefault)?.name
+  const attachedFloatingIps = (externalIps.field.value || []).filter(isFloating)
+
+  const { project } = useProjectSelector()
+  const { data: floatingIpList } = usePrefetchedApiQuery('floatingIpList', {
+    query: { project, limit: 1000 },
+  })
+
+  // Filter out the IPs that are already attached to an instance
+  const attachableFloatingIps = useMemo(
+    () => floatingIpList.items.filter((ip) => !ip.instanceId),
+    [floatingIpList]
+  )
+
+  // To find available floating IPs, we remove the ones that are already committed to this instance
+  const availableFloatingIps = attachableFloatingIps.filter(
+    (ip) => !attachedFloatingIps.find((attachedIp) => attachedIp.floatingIp === ip.name)
+  )
+  const attachedFloatingIpsData = attachedFloatingIps
+    .map((ip) => attachableFloatingIps.find((fip) => fip.name === ip.floatingIp))
+    .filter(R.isTruthy)
+
+  const closeFloatingIpModal = () => {
+    setFloatingIpModalOpen(false)
+    setSelectedFloatingIp(undefined)
+  }
+
+  const attachFloatingIp = () => {
+    if (selectedFloatingIp) {
+      externalIps.field.onChange([
+        ...(externalIps.field.value || []),
+        { type: 'floating', floatingIp: selectedFloatingIp.name },
+      ])
+    }
+    closeFloatingIpModal()
+  }
+
+  const detachFloatingIp = (name: string) => {
+    externalIps.field.onChange(
+      externalIps.field.value?.filter(
+        (ip) => !(ip.type === 'floating' && ip.floatingIp === name)
+      )
+    )
+  }
+
+  const isFloatingIpAttached = attachedFloatingIps.some((ip) => ip.floatingIp !== '')
+
+  const selectedFloatingIpMessage = (
+    <>
+      This instance will be reachable at{' '}
+      {selectedFloatingIp ? <HL>{selectedFloatingIp.ip}</HL> : 'the selected IP'}
+    </>
+  )
 
   return (
     <Accordion.Root
@@ -669,6 +756,101 @@ const AdvancedAccordion = ({
             />
           )}
         </div>
+
+        <div className="flex flex-1 flex-col gap-4">
+          <h2 className="text-sans-md">
+            Floating IPs{' '}
+            <TipIcon>
+              Floating IPs exist independently of instances and can be attached to and
+              detached from them as needed.
+            </TipIcon>
+          </h2>
+          {isFloatingIpAttached && (
+            <MiniTable.Table>
+              <MiniTable.Header>
+                <MiniTable.HeadCell>Name</MiniTable.HeadCell>
+                <MiniTable.HeadCell>IP</MiniTable.HeadCell>
+                {/* For remove button */}
+                <MiniTable.HeadCell className="w-12" />
+              </MiniTable.Header>
+              <MiniTable.Body>
+                {attachedFloatingIpsData.map((item, index) => (
+                  <MiniTable.Row
+                    tabIndex={0}
+                    aria-rowindex={index + 1}
+                    aria-label={`Name: ${item.name}, IP: ${item.ip}`}
+                    key={item.name}
+                  >
+                    <MiniTable.Cell>{item.name}</MiniTable.Cell>
+                    <MiniTable.Cell>{item.ip}</MiniTable.Cell>
+                    <MiniTable.RemoveCell
+                      onClick={() => detachFloatingIp(item.name)}
+                      label={`remove floating IP ${item.name}`}
+                    />
+                  </MiniTable.Row>
+                ))}
+              </MiniTable.Body>
+            </MiniTable.Table>
+          )}
+          {floatingIpList.items.length === 0 ? (
+            <div className="flex max-w-lg items-center justify-center rounded-lg border p-6 border-default">
+              <EmptyMessage
+                icon={<IpGlobal16Icon />}
+                title="No floating IPs found"
+                body="Create a floating IP to attach it to this instance"
+              />
+            </div>
+          ) : (
+            <div>
+              <Button
+                size="sm"
+                className="shrink-0"
+                disabled={availableFloatingIps.length === 0}
+                disabledReason="No floating IPs available"
+                onClick={() => setFloatingIpModalOpen(true)}
+              >
+                Attach floating IP
+              </Button>
+            </div>
+          )}
+
+          <Modal
+            isOpen={floatingIpModalOpen}
+            onDismiss={closeFloatingIpModal}
+            title="Attach floating IP"
+          >
+            <Modal.Body>
+              <Modal.Section>
+                <Message variant="info" content={selectedFloatingIpMessage} />
+                <form>
+                  <Listbox
+                    name="floatingIp"
+                    items={availableFloatingIps.map((i) => ({
+                      value: i.name,
+                      label: <FloatingIpLabel ip={i} />,
+                      selectedLabel: `${i.name} (${i.ip})`,
+                    }))}
+                    label="Floating IP"
+                    onChange={(name) => {
+                      setSelectedFloatingIp(
+                        availableFloatingIps.find((i) => i.name === name)
+                      )
+                    }}
+                    required
+                    placeholder="Select floating IP"
+                    selected={selectedFloatingIp?.name || ''}
+                  />
+                </form>
+              </Modal.Section>
+            </Modal.Body>
+            <Modal.Footer
+              actionText="Attach"
+              disabled={!selectedFloatingIp}
+              onAction={attachFloatingIp}
+              onDismiss={closeFloatingIpModal}
+            ></Modal.Footer>
+          </Modal>
+        </div>
       </AccordionItem>
       <AccordionItem
         value="configuration"
diff --git a/app/forms/network-interface-edit.tsx b/app/forms/network-interface-edit.tsx
index 264f0b6c79..d274bab439 100644
--- a/app/forms/network-interface-edit.tsx
+++ b/app/forms/network-interface-edit.tsx
@@ -5,17 +5,19 @@
  *
  * Copyright Oxide Computer Company
  */
+import * as R from 'remeda'
+
 import {
   useApiMutation,
   useApiQueryClient,
   type InstanceNetworkInterface,
+  type InstanceNetworkInterfaceUpdate,
 } from '@oxide/api'
 
 import { DescriptionField } from '~/components/form/fields/DescriptionField'
 import { NameField } from '~/components/form/fields/NameField'
 import { SideModalForm } from '~/components/form/SideModalForm'
 import { useForm, useInstanceSelector } from '~/hooks'
-import { pick } from '~/util/object'
 
 type EditNetworkInterfaceFormProps = {
   editing: InstanceNetworkInterface
@@ -36,7 +38,10 @@ export function EditNetworkInterfaceForm({
     },
   })
 
-  const defaultValues = pick(editing, 'name', 'description') // satisfies NetworkInterfaceUpdate
+  const defaultValues = R.pick(editing, [
+    'name',
+    'description',
+  ]) satisfies InstanceNetworkInterfaceUpdate
 
   const form = useForm({ defaultValues })
 
diff --git a/app/forms/subnet-edit.tsx b/app/forms/subnet-edit.tsx
index 28a2ada297..48ca501d4d 100644
--- a/app/forms/subnet-edit.tsx
+++ b/app/forms/subnet-edit.tsx
@@ -6,12 +6,14 @@
  * Copyright Oxide Computer Company
  */
 import { useNavigate, type LoaderFunctionArgs } from 'react-router-dom'
+import * as R from 'remeda'
 
 import {
   apiQueryClient,
   useApiMutation,
   useApiQueryClient,
   usePrefetchedApiQuery,
+  type VpcSubnetUpdate,
 } from '@oxide/api'
 
 import { DescriptionField } from '~/components/form/fields/DescriptionField'
@@ -23,7 +25,6 @@ import {
   useVpcSelector,
   useVpcSubnetSelector,
 } from '~/hooks'
-import { pick } from '~/util/object'
 import { pb } from '~/util/path-builder'
 
 EditSubnetForm.loader = async ({ params }: LoaderFunctionArgs) => {
@@ -57,7 +58,7 @@ export function EditSubnetForm() {
     },
   })
 
-  const defaultValues = pick(subnet, 'name', 'description') /* satisfies VpcSubnetUpdate */
+  const defaultValues = R.pick(subnet, ['name', 'description']) satisfies VpcSubnetUpdate
 
   const form = useForm({ defaultValues })
 
diff --git a/app/forms/vpc-edit.tsx b/app/forms/vpc-edit.tsx
index 87859b5521..b50a73ab40 100644
--- a/app/forms/vpc-edit.tsx
+++ b/app/forms/vpc-edit.tsx
@@ -40,7 +40,7 @@ export function EditVpcSideModalForm() {
   const onDismiss = () => navigate(pb.vpcs({ project }))
 
   const editVpc = useApiMutation('vpcUpdate', {
-    async onSuccess(vpc) {
+    onSuccess(vpc) {
       queryClient.invalidateQueries('vpcList')
       queryClient.setQueryData(
         'vpcView',
diff --git a/app/hooks/use-params.ts b/app/hooks/use-params.ts
index f4f44fa117..35932cce8d 100644
--- a/app/hooks/use-params.ts
+++ b/app/hooks/use-params.ts
@@ -36,7 +36,7 @@ export const getProjectSelector = requireParams('project')
 export const getFloatingIpSelector = requireParams('project', 'floatingIp')
 export const getInstanceSelector = requireParams('project', 'instance')
 export const getVpcSelector = requireParams('project', 'vpc')
-export const getVpcFirewallRuleSelector = requireParams('project', 'vpc', 'firewallRule')
+export const getFirewallRuleSelector = requireParams('project', 'vpc', 'rule')
 export const getVpcSubnetSelector = requireParams('project', 'vpc', 'subnet')
 export const getSiloSelector = requireParams('silo')
 export const getSiloImageSelector = requireParams('image')
@@ -80,8 +80,7 @@ export const useProjectSnapshotSelector = () =>
 export const useInstanceSelector = () => useSelectedParams(getInstanceSelector)
 export const useVpcSelector = () => useSelectedParams(getVpcSelector)
 export const useVpcSubnetSelector = () => useSelectedParams(getVpcSubnetSelector)
-export const useVpcFirewallRuleSelector = () =>
-  useSelectedParams(getVpcFirewallRuleSelector)
+export const useFirewallRuleSelector = () => useSelectedParams(getFirewallRuleSelector)
 export const useSiloSelector = () => useSelectedParams(getSiloSelector)
 export const useSiloImageSelector = () => useSelectedParams(getSiloImageSelector)
 export const useIdpSelector = () => useSelectedParams(getIdpSelector)
diff --git a/app/pages/SiloAccessPage.tsx b/app/pages/SiloAccessPage.tsx
index c83cf198d4..08383f7545 100644
--- a/app/pages/SiloAccessPage.tsx
+++ b/app/pages/SiloAccessPage.tsx
@@ -37,7 +37,7 @@ import { EmptyMessage } from '~/ui/lib/EmptyMessage'
 import { PageHeader, PageTitle } from '~/ui/lib/PageHeader'
 import { TableActions, TableEmptyBox } from '~/ui/lib/Table'
 import { identityTypeLabel, roleColor } from '~/util/access'
-import { groupBy, isTruthy } from '~/util/array'
+import { groupBy } from '~/util/array'
 import { docLinks } from '~/util/links'
 
 const EmptyState = ({ onClick }: { onClick: () => void }) => (
@@ -84,7 +84,7 @@ export function SiloAccessPage() {
       .map(([userId, userAssignments]) => {
         const siloRole = userAssignments.find((a) => a.roleSource === 'silo')?.roleName
 
-        const roles = [siloRole].filter(isTruthy)
+        const roles = siloRole ? [siloRole] : []
 
         const { name, identityType } = userAssignments[0]
 
@@ -139,7 +139,7 @@ export function SiloAccessPage() {
             doDelete: () =>
               updatePolicy.mutateAsync({
                 // we know policy is there, otherwise there's no row to display
-                body: deleteRole(row.id, siloPolicy!),
+                body: deleteRole(row.id, siloPolicy),
               }),
             label: (
               <span>
diff --git a/app/pages/project/access/ProjectAccessPage.tsx b/app/pages/project/access/ProjectAccessPage.tsx
index 1e20984980..521a530eb8 100644
--- a/app/pages/project/access/ProjectAccessPage.tsx
+++ b/app/pages/project/access/ProjectAccessPage.tsx
@@ -9,6 +9,7 @@
 import { createColumnHelper, getCoreRowModel, useReactTable } from '@tanstack/react-table'
 import { useMemo, useState } from 'react'
 import type { LoaderFunctionArgs } from 'react-router-dom'
+import * as R from 'remeda'
 
 import {
   apiQueryClient,
@@ -42,7 +43,7 @@ import { PageHeader, PageTitle } from '~/ui/lib/PageHeader'
 import { TableActions, TableEmptyBox } from '~/ui/lib/Table'
 import { TipIcon } from '~/ui/lib/TipIcon'
 import { identityTypeLabel, roleColor } from '~/util/access'
-import { groupBy, isTruthy, sortBy } from '~/util/array'
+import { groupBy } from '~/util/array'
 import { docLinks } from '~/util/links'
 
 const EmptyState = ({ onClick }: { onClick: () => void }) => (
@@ -100,8 +101,8 @@ export function ProjectAccessPage() {
         const siloAccessRow = userAssignments.find((a) => a.roleSource === 'silo')
         const projectAccessRow = userAssignments.find((a) => a.roleSource === 'project')
 
-        const roleBadges = sortBy(
-          [siloAccessRow, projectAccessRow].filter(isTruthy),
+        const roleBadges = R.sortBy(
+          [siloAccessRow, projectAccessRow].filter(R.isTruthy),
           (r) => roleOrder[r.roleName] // sorts strongest role first
         )
 
@@ -169,7 +170,7 @@ export function ProjectAccessPage() {
               updatePolicy.mutateAsync({
                 path: { project },
                 // we know policy is there, otherwise there's no row to display
-                body: deleteRole(row.id, projectPolicy!),
+                body: deleteRole(row.id, projectPolicy),
               }),
             // TODO: explain that this will not affect the role inherited from
             // the silo or roles inherited from group membership. Ideally we'd
diff --git a/app/pages/project/floating-ips/AttachFloatingIpModal.tsx b/app/pages/project/floating-ips/AttachFloatingIpModal.tsx
index 7d28afffd4..1430a72ea3 100644
--- a/app/pages/project/floating-ips/AttachFloatingIpModal.tsx
+++ b/app/pages/project/floating-ips/AttachFloatingIpModal.tsx
@@ -13,6 +13,7 @@ import { ListboxField } from '~/components/form/fields/ListboxField'
 import { addToast } from '~/stores/toast'
 import { Message } from '~/ui/lib/Message'
 import { Modal } from '~/ui/lib/Modal'
+import { Slash } from '~/ui/lib/Slash'
 
 function FloatingIpLabel({ fip }: { fip: FloatingIp }) {
   return (
@@ -22,7 +23,7 @@ function FloatingIpLabel({ fip }: { fip: FloatingIp }) {
         <div>{fip.ip}</div>
         {fip.description && (
           <>
-            <span className="mx-1 text-quinary selected:text-accent-disabled">/</span>
+            <Slash />
             <div className="grow overflow-hidden overflow-ellipsis whitespace-pre text-left">
               {fip.description}
             </div>
diff --git a/app/pages/project/instances/actions.tsx b/app/pages/project/instances/actions.tsx
index 5a1650aa69..f0c91316fd 100644
--- a/app/pages/project/instances/actions.tsx
+++ b/app/pages/project/instances/actions.tsx
@@ -70,16 +70,10 @@ export const useMakeInstanceActions = (
           onActivate() {
             confirmAction({
               actionType: 'danger',
-              doAction: async () =>
-                stopInstance.mutate(instanceParams, {
+              doAction: () =>
+                stopInstance.mutateAsync(instanceParams, {
                   onSuccess: () =>
                     addToast({ title: `Stopping instance '${instance.name}'` }),
-                  onError: (error) =>
-                    addToast({
-                      variant: 'error',
-                      title: `Error stopping instance '${instance.name}'`,
-                      content: error.message,
-                    }),
                 }),
               modalTitle: 'Confirm stop instance',
               modalContent: (
@@ -89,7 +83,7 @@ export const useMakeInstanceActions = (
                   freed.
                 </p>
               ),
-              errorTitle: `Could not stop ${instance.name}`,
+              errorTitle: `Error stopping ${instance.name}`,
             })
           },
           disabled: !instanceCan.stop(instance) && (
diff --git a/app/pages/project/instances/instance/SerialConsolePage.tsx b/app/pages/project/instances/instance/SerialConsolePage.tsx
index 793d9eb654..f8f083e55f 100644
--- a/app/pages/project/instances/instance/SerialConsolePage.tsx
+++ b/app/pages/project/instances/instance/SerialConsolePage.tsx
@@ -5,14 +5,22 @@
  *
  * Copyright Oxide Computer Company
  */
+import cn from 'classnames'
 import { lazy, Suspense, useEffect, useRef, useState } from 'react'
-import { Link } from 'react-router-dom'
-
-import { api } from '@oxide/api'
+import { Link, type LoaderFunctionArgs } from 'react-router-dom'
+
+import {
+  api,
+  apiQueryClient,
+  instanceCan,
+  usePrefetchedApiQuery,
+  type InstanceState,
+} from '@oxide/api'
 import { PrevArrow12Icon } from '@oxide/design-system/icons/react'
 
 import { EquivalentCliCommand } from '~/components/EquivalentCliCommand'
-import { useInstanceSelector } from '~/hooks'
+import { InstanceStatusBadge } from '~/components/StatusBadge'
+import { getInstanceSelector, useInstanceSelector } from '~/hooks/use-params'
 import { Badge, type BadgeColor } from '~/ui/lib/Badge'
 import { Spinner } from '~/ui/lib/Spinner'
 import { cliCmd } from '~/util/cli-cmd'
@@ -36,13 +44,29 @@ const statusMessage: Record<WsState, string> = {
   error: 'error',
 }
 
+SerialConsolePage.loader = async ({ params }: LoaderFunctionArgs) => {
+  const { project, instance } = getInstanceSelector(params)
+  await apiQueryClient.prefetchQuery('instanceView', {
+    path: { instance },
+    query: { project },
+  })
+  return null
+}
+
 export function SerialConsolePage() {
   const instanceSelector = useInstanceSelector()
   const { project, instance } = instanceSelector
 
+  const { data: instanceData } = usePrefetchedApiQuery('instanceView', {
+    query: { project },
+    path: { instance },
+  })
+
   const ws = useRef<WebSocket | null>(null)
 
-  const [connectionStatus, setConnectionStatus] = useState<WsState>('connecting')
+  const canConnect = instanceCan.serialConsole(instanceData)
+  const initialState = canConnect ? 'connecting' : 'closed'
+  const [connectionStatus, setConnectionStatus] = useState<WsState>(initialState)
 
   // In dev, React 18 strict mode fires all effects twice for lulz, even ones
   // with no dependencies. In order to prevent the websocket from being killed
@@ -54,6 +78,8 @@ export function SerialConsolePage() {
   // 1a. cleanup runs, nothing happens because socket was not open yet
   // 2.  effect runs, but `ws.current` is truthy, so nothing happens
   useEffect(() => {
+    if (!canConnect) return
+
     // TODO: error handling if this connection fails
     if (!ws.current) {
       const { project, instance } = instanceSelector
@@ -70,7 +96,7 @@ export function SerialConsolePage() {
         ws.current.close()
       }
     }
-  }, [instanceSelector])
+  }, [instanceSelector, canConnect])
 
   // Because this one does not look at ready state, just whether the thing is
   // defined, it will remove the event listeners before the spurious second
@@ -81,20 +107,22 @@ export function SerialConsolePage() {
   // 1a. cleanup runs, event listeners removed
   // 2.  effect runs again, event listeners attached again
   useEffect(() => {
+    if (!canConnect) return // don't bother if instance is not running
+
     const setOpen = () => setConnectionStatus('open')
     const setClosed = () => setConnectionStatus('closed')
     const setError = () => setConnectionStatus('error')
 
     ws.current?.addEventListener('open', setOpen)
-    ws.current?.addEventListener('closed', setClosed)
+    ws.current?.addEventListener('close', setClosed)
     ws.current?.addEventListener('error', setError)
 
     return () => {
       ws.current?.removeEventListener('open', setOpen)
-      ws.current?.removeEventListener('closed', setClosed)
+      ws.current?.removeEventListener('close', setClosed)
       ws.current?.removeEventListener('error', setError)
     }
-  }, [])
+  }, [canConnect])
 
   return (
     <div className="!mx-0 flex h-full max-h-[calc(100vh-60px)] !w-full flex-col">
@@ -109,7 +137,13 @@ export function SerialConsolePage() {
       </Link>
 
       <div className="gutter relative w-full shrink grow overflow-hidden">
-        {connectionStatus !== 'open' && <SerialSkeleton />}
+        {connectionStatus === 'connecting' && <ConnectingSkeleton />}
+        {connectionStatus === 'error' && <ErrorSkeleton />}
+        {connectionStatus === 'closed' && !canConnect && (
+          <CannotConnect instanceState={instanceData.runState} />
+        )}
+        {/* closed && canConnect shouldn't be possible because there's no way to
+         * close an open connection other than leaving the page */}
         <Suspense fallback={null}>{ws.current && <Terminal ws={ws.current} />}</Suspense>
       </div>
       <div className="shrink-0 justify-between overflow-hidden border-t bg-default border-secondary empty:border-t-0">
@@ -127,16 +161,22 @@ export function SerialConsolePage() {
   )
 }
 
-function SerialSkeleton() {
-  const instanceSelector = useInstanceSelector()
-
+function SerialSkeleton({
+  children,
+  connecting,
+}: {
+  children: React.ReactNode
+  connecting?: boolean
+}) {
   return (
     <div className="relative h-full shrink grow overflow-hidden">
       <div className="h-full space-y-2 overflow-hidden">
         {[...Array(200)].map((_e, i) => (
           <div
             key={i}
-            className="h-4 rounded bg-tertiary motion-safe:animate-pulse"
+            className={cn('h-4 rounded bg-tertiary', {
+              'motion-safe:animate-pulse': connecting,
+            })}
             style={{
               width: `${Math.sin(Math.sin(i)) * 20 + 40}%`,
             }} /* this is silly deterministic way to get random looking lengths */
@@ -150,18 +190,41 @@ function SerialSkeleton() {
           background: 'linear-gradient(180deg, rgba(8, 15, 17, 0) 0%, #080F11 100%)',
         }}
       />
-      <div className="absolute left-1/2 top-1/2 flex w-96 -translate-x-1/2 -translate-y-1/2 flex-col items-center justify-center space-y-4 rounded-lg border p-12 !bg-raise border-secondary elevation-3">
-        <Spinner size="lg" />
-
-        <div className="space-y-2">
-          <p className="text-center text-sans-xl text-default">
-            Connecting to{' '}
-            <Link to={pb.instance(instanceSelector)} className="text-accent-secondary">
-              {instanceSelector.instance}
-            </Link>
-          </p>
-        </div>
+      <div className="absolute left-1/2 top-1/2 flex w-96 -translate-x-1/2 -translate-y-1/2 flex-col items-center justify-center rounded-lg border p-12 !bg-raise border-secondary elevation-3">
+        {children}
       </div>
     </div>
   )
 }
+
+const ConnectingSkeleton = () => (
+  <SerialSkeleton connecting>
+    <Spinner size="lg" />
+    <div className="mt-4 text-center">
+      <p className="text-sans-xl">Connecting to serial console</p>
+    </div>
+  </SerialSkeleton>
+)
+
+const CannotConnect = ({ instanceState }: { instanceState: InstanceState }) => (
+  <SerialSkeleton>
+    <p className="flex items-center justify-center text-sans-xl">
+      <span>The instance is</span>
+      <InstanceStatusBadge className="ml-1" status={instanceState} />
+    </p>
+    <p className="mt-2 text-center text-secondary">
+      You can only connect to the serial console on a running instance.
+    </p>
+  </SerialSkeleton>
+)
+
+// TODO: sure would be nice to say something useful about the error, but
+// we don't know what kind of thing we might pull off the error event
+const ErrorSkeleton = () => (
+  <SerialSkeleton>
+    <p className="flex items-center justify-center text-center text-sans-xl">
+      Serial console connection failed
+    </p>
+    <p className="mt-2 text-center text-secondary">Please try again.</p>
+  </SerialSkeleton>
+)
diff --git a/app/pages/project/vpcs/VpcPage/VpcPage.tsx b/app/pages/project/vpcs/VpcPage/VpcPage.tsx
index 17f539b1df..514401bc25 100644
--- a/app/pages/project/vpcs/VpcPage/VpcPage.tsx
+++ b/app/pages/project/vpcs/VpcPage/VpcPage.tsx
@@ -22,8 +22,7 @@ import { VpcDocsPopover } from '../VpcsPage'
 
 VpcPage.loader = async ({ params }: LoaderFunctionArgs) => {
   const { project, vpc } = getVpcSelector(params)
-  apiQueryClient.prefetchQuery('vpcView', { path: { vpc }, query: { project } })
-
+  await apiQueryClient.prefetchQuery('vpcView', { path: { vpc }, query: { project } })
   return null
 }
 
diff --git a/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx b/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
index ba0117e8ba..f1a58e5245 100644
--- a/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
+++ b/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
@@ -8,6 +8,7 @@
 import { createColumnHelper, getCoreRowModel, useReactTable } from '@tanstack/react-table'
 import { useMemo } from 'react'
 import { Outlet, useNavigate, type LoaderFunctionArgs } from 'react-router-dom'
+import * as R from 'remeda'
 
 import {
   apiQueryClient,
@@ -30,7 +31,6 @@ import { Badge } from '~/ui/lib/Badge'
 import { CreateLink } from '~/ui/lib/CreateButton'
 import { EmptyMessage } from '~/ui/lib/EmptyMessage'
 import { TableEmptyBox } from '~/ui/lib/Table'
-import { sortBy } from '~/util/array'
 import { pb } from '~/util/path-builder'
 import { titleCase } from '~/util/str'
 
@@ -73,7 +73,9 @@ const staticColumns = [
     cell: (info) => {
       const { hosts, ports, protocols } = info.getValue()
       const children = [
-        ...(hosts || []).map((tv, i) => <TypeValueCell key={`${tv}-${i}`} {...tv} />),
+        ...(hosts || []).map((tv, i) => (
+          <TypeValueCell key={`host-${tv.type}-${tv.value}-${i}`} {...tv} />
+        )),
         ...(protocols || []).map((p, i) => <Badge key={`${p}-${i}`}>{p}</Badge>),
         ...(ports || []).map((p, i) => (
           <TypeValueCell key={`port-${p}-${i}`} type="Port" value={p} />
@@ -117,7 +119,7 @@ export function VpcFirewallRulesTab() {
   const { data } = usePrefetchedApiQuery('vpcFirewallRulesView', {
     query: vpcSelector,
   })
-  const rules = useMemo(() => sortBy(data.rules, (r) => r.priority), [data])
+  const rules = useMemo(() => R.sortBy(data.rules, (r) => r.priority), [data])
 
   const navigate = useNavigate()
 
@@ -136,7 +138,7 @@ export function VpcFirewallRulesTab() {
           <LinkCell
             to={pb.vpcFirewallRuleEdit({
               ...vpcSelector,
-              firewallRule: info.row.original.name,
+              rule: info.row.original.name,
             })}
           >
             {info.getValue()}
@@ -151,7 +153,7 @@ export function VpcFirewallRulesTab() {
             navigate(
               pb.vpcFirewallRuleEdit({
                 ...vpcSelector,
-                firewallRule: rule.name,
+                rule: rule.name,
               })
             )
           },
diff --git a/app/pages/system/inventory/sled/SledInstancesTab.tsx b/app/pages/system/inventory/sled/SledInstancesTab.tsx
index 4af4856f1c..18117d37d9 100644
--- a/app/pages/system/inventory/sled/SledInstancesTab.tsx
+++ b/app/pages/system/inventory/sled/SledInstancesTab.tsx
@@ -7,6 +7,7 @@
  */
 import { createColumnHelper } from '@tanstack/react-table'
 import type { LoaderFunctionArgs } from 'react-router-dom'
+import * as R from 'remeda'
 
 import { apiQueryClient, type SledInstance } from '@oxide/api'
 import { Instances24Icon } from '@oxide/design-system/icons/react'
@@ -18,7 +19,6 @@ import { useColsWithActions, type MenuAction } from '~/table/columns/action-col'
 import { Columns } from '~/table/columns/common'
 import { PAGE_SIZE, useQueryTable } from '~/table/QueryTable'
 import { EmptyMessage } from '~/ui/lib/EmptyMessage'
-import { pick } from '~/util/object'
 
 const EmptyState = () => {
   return (
@@ -44,7 +44,7 @@ const makeActions = (): MenuAction[] => []
 
 const colHelper = createColumnHelper<SledInstance>()
 const staticCols = [
-  colHelper.accessor((i) => pick(i, 'name', 'siloName', 'projectName'), {
+  colHelper.accessor((i) => R.pick(i, ['name', 'siloName', 'projectName']), {
     header: 'name',
     cell: (info) => {
       const value = info.getValue()
@@ -60,7 +60,7 @@ const staticCols = [
     header: 'status',
     cell: (info) => <InstanceStatusBadge key="run-state" status={info.getValue()} />,
   }),
-  colHelper.accessor((i) => pick(i, 'memory', 'ncpus'), {
+  colHelper.accessor((i) => R.pick(i, ['memory', 'ncpus']), {
     header: 'specs',
     cell: (info) => <InstanceResourceCell value={info.getValue()} />,
   }),
diff --git a/app/routes.tsx b/app/routes.tsx
index e170cf6afd..a61d8f631a 100644
--- a/app/routes.tsx
+++ b/app/routes.tsx
@@ -282,6 +282,7 @@ export const routes = createRoutesFromElements(
           <Route path=":instance" handle={{ crumb: instanceCrumb }}>
             <Route
               path="serial-console"
+              loader={SerialConsolePage.loader}
               element={<SerialConsolePage />}
               handle={{ crumb: 'Serial Console' }}
             />
@@ -357,7 +358,11 @@ export const routes = createRoutesFromElements(
                 loader={VpcFirewallRulesTab.loader}
               />
               <Route element={<VpcFirewallRulesTab />} loader={VpcFirewallRulesTab.loader}>
-                <Route path="firewall-rules" handle={{ crumb: 'Firewall Rules' }} />
+                <Route
+                  path="firewall-rules"
+                  handle={{ crumb: 'Firewall Rules' }}
+                  element={null}
+                />
                 <Route
                   path="firewall-rules-new/:firewallRule?"
                   element={<CreateFirewallRuleForm />}
@@ -365,7 +370,7 @@ export const routes = createRoutesFromElements(
                   handle={{ crumb: 'New Firewall Rule' }}
                 />
                 <Route
-                  path="firewall-rules/:firewallRule/edit"
+                  path="firewall-rules/:rule/edit"
                   element={<EditFirewallRuleForm />}
                   loader={EditFirewallRuleForm.loader}
                   handle={{ crumb: 'Edit Firewall Rule' }}
diff --git a/app/table/cells/LinkCell.tsx b/app/table/cells/LinkCell.tsx
index 7a13b548ab..13e059663f 100644
--- a/app/table/cells/LinkCell.tsx
+++ b/app/table/cells/LinkCell.tsx
@@ -40,7 +40,7 @@ export function LinkCell({ to, children }: { to: string; children: React.ReactNo
 
 export const ButtonCell = ({ children, ...props }: React.ComponentProps<'button'>) => {
   return (
-    <button className={linkClass} {...props}>
+    <button type="button" className={linkClass} {...props}>
       <Pusher />
       <div className="relative">{children}</div>
     </button>
diff --git a/app/ui/lib/ActionMenu.tsx b/app/ui/lib/ActionMenu.tsx
index 175e0fdafb..806e8bf77a 100644
--- a/app/ui/lib/ActionMenu.tsx
+++ b/app/ui/lib/ActionMenu.tsx
@@ -136,6 +136,7 @@ export function ActionMenu(props: ActionMenuProps) {
 
               {input.length > 0 && (
                 <button
+                  type="button"
                   className="flex items-center py-6 pl-6 pr-4 text-secondary"
                   onClick={() => {
                     setInput('')
@@ -147,6 +148,7 @@ export function ActionMenu(props: ActionMenuProps) {
               )}
 
               <button
+                type="button"
                 onClick={onDismiss}
                 className="flex h-full items-center border-l px-6 align-middle text-mono-sm text-secondary border-secondary"
               >
diff --git a/app/ui/lib/Button.tsx b/app/ui/lib/Button.tsx
index ae972219b0..417e3e52a1 100644
--- a/app/ui/lib/Button.tsx
+++ b/app/ui/lib/Button.tsx
@@ -87,13 +87,14 @@ export const Button = forwardRef<HTMLButtonElement, ButtonProps>(
     return (
       <Wrap
         when={isDisabled && disabledReason}
-        with={<Tooltip content={disabledReason!} ref={ref} />}
+        with={<Tooltip content={disabledReason} ref={ref} />}
       >
         <button
           className={cn(buttonStyle({ size, variant }), className, {
             'visually-disabled': isDisabled,
           })}
           ref={ref}
+          /* eslint-disable-next-line react/button-has-type */
           type={type}
           onMouseDown={isDisabled ? noop : undefined}
           onClick={isDisabled ? noop : onClick}
diff --git a/app/ui/lib/FileInput.tsx b/app/ui/lib/FileInput.tsx
index 0f3ad3b4c7..7774ff2afd 100644
--- a/app/ui/lib/FileInput.tsx
+++ b/app/ui/lib/FileInput.tsx
@@ -96,6 +96,7 @@ export const FileInput = forwardRef(
                   ({filesize(file.size, { base: 2, pad: true })})
                 </span>
                 <button
+                  type="button"
                   onClick={handleResetInput}
                   className="pointer-events-auto ml-1 inline-flex rounded p-1 hover:children:text-tertiary"
                   aria-label="Clear file"
diff --git a/app/ui/lib/Listbox.tsx b/app/ui/lib/Listbox.tsx
index 04caef4e95..8350d92601 100644
--- a/app/ui/lib/Listbox.tsx
+++ b/app/ui/lib/Listbox.tsx
@@ -32,6 +32,7 @@ export interface ListboxProps<Value extends string = string> {
   onChange: (value: Value) => void
   items: ListboxItem<Value>[]
   placeholder?: string
+  noItemsPlaceholder?: string
   className?: string
   disabled?: boolean
   hasError?: boolean
@@ -48,6 +49,7 @@ export const Listbox = <Value extends string = string>({
   selected,
   items,
   placeholder = 'Select an option',
+  noItemsPlaceholder = 'No items',
   className,
   onChange,
   hasError = false,
@@ -107,7 +109,7 @@ export const Listbox = <Value extends string = string>({
                   selectedItem.selectedLabel || selectedItem.label
                 ) : (
                   <span className="text-quaternary">
-                    {noItems ? 'No items' : placeholder}
+                    {noItems ? noItemsPlaceholder : placeholder}
                   </span>
                 )}
               </div>
diff --git a/app/ui/lib/MiniTable.tsx b/app/ui/lib/MiniTable.tsx
index c50ba0e0b6..0f0499792f 100644
--- a/app/ui/lib/MiniTable.tsx
+++ b/app/ui/lib/MiniTable.tsx
@@ -5,6 +5,8 @@
  *
  * Copyright Oxide Computer Company
  */
+import Error16Icon from '@oxide/design-system/icons/react/Error16Icon'
+
 import { classed } from '~/util/classed'
 
 import { Table as BigTable } from './Table'
@@ -32,3 +34,13 @@ export const Cell = ({ children }: Children) => {
     </td>
   )
 }
+
+// followed this for icon in button best practices
+// https://www.sarasoueidan.com/blog/accessible-icon-buttons/
+export const RemoveCell = ({ onClick, label }: { onClick: () => void; label: string }) => (
+  <Cell>
+    <button type="button" onClick={onClick} aria-label={label}>
+      <Error16Icon aria-hidden focusable="false" />
+    </button>
+  </Cell>
+)
diff --git a/app/ui/lib/NumberInput.tsx b/app/ui/lib/NumberInput.tsx
index a1c0bc356a..54b10c1185 100644
--- a/app/ui/lib/NumberInput.tsx
+++ b/app/ui/lib/NumberInput.tsx
@@ -76,6 +76,7 @@ function IncrementButton(props: AriaButtonProps<'button'> & { className?: string
 
   return (
     <button
+      type="button"
       {...buttonProps}
       className={cn(
         'flex h-1/2 w-8 items-center justify-center hover:bg-hover',
diff --git a/app/ui/lib/Pagination.tsx b/app/ui/lib/Pagination.tsx
index b52452c516..3badef005f 100644
--- a/app/ui/lib/Pagination.tsx
+++ b/app/ui/lib/Pagination.tsx
@@ -60,6 +60,7 @@ export const Pagination = ({
         </span>
         <span className="flex space-x-3">
           <button
+            type="button"
             className={cn(
               hasPrev ? 'text-secondary hover:text-default' : 'text-disabled',
               'flex items-center text-mono-sm'
@@ -73,6 +74,7 @@ export const Pagination = ({
             prev
           </button>
           <button
+            type="button"
             className={cn(
               hasNext ? 'text-secondary hover:text-default' : 'text-disabled',
               'flex items-center text-mono-sm'
diff --git a/app/ui/lib/RangeCalendar.tsx b/app/ui/lib/RangeCalendar.tsx
index 12d491a941..c90e51f031 100644
--- a/app/ui/lib/RangeCalendar.tsx
+++ b/app/ui/lib/RangeCalendar.tsx
@@ -63,6 +63,7 @@ export const CalendarButton = ({
   isDisabled: boolean
 }) => (
   <button
+    type="button"
     onClick={handleClick}
     disabled={isDisabled}
     className={cn(
diff --git a/app/ui/lib/Slash.tsx b/app/ui/lib/Slash.tsx
new file mode 100644
index 0000000000..5d4324ff7a
--- /dev/null
+++ b/app/ui/lib/Slash.tsx
@@ -0,0 +1,10 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * Copyright Oxide Computer Company
+ */
+export const Slash = () => (
+  <span className="mx-1 text-quinary selected:text-accent-disabled">/</span>
+)
diff --git a/app/ui/lib/Toast.tsx b/app/ui/lib/Toast.tsx
index 29b4251cca..a1a8030b7f 100644
--- a/app/ui/lib/Toast.tsx
+++ b/app/ui/lib/Toast.tsx
@@ -108,6 +108,7 @@ export const Toast = ({
         )}
       </div>
       <button
+        type="button"
         aria-label="Dismiss notification"
         className={cn('-m-2 flex h-auto !border-transparent p-2', textColor[variant])}
         onClick={onClose}
diff --git a/app/ui/lib/Tooltip.stories.tsx b/app/ui/lib/Tooltip.stories.tsx
index 418c4e59dd..81c2bdf304 100644
--- a/app/ui/lib/Tooltip.stories.tsx
+++ b/app/ui/lib/Tooltip.stories.tsx
@@ -12,7 +12,7 @@ import { Tooltip } from './Tooltip'
 export const Default = () => (
   <>
     <Tooltip content="Filter">
-      <button>
+      <button type="button">
         <Filter12Icon />
       </button>
     </Tooltip>
diff --git a/app/ui/styles/index.css b/app/ui/styles/index.css
index 3c15338f2a..5746fa8af6 100644
--- a/app/ui/styles/index.css
+++ b/app/ui/styles/index.css
@@ -40,7 +40,7 @@
 
 @import './themes/selection.css';
 
-@import 'xterm/css/xterm.css';
+@import '@xterm/xterm/css/xterm.css';
 
 :root {
   --content-gutter: 2.5rem;
diff --git a/app/util/array.spec.tsx b/app/util/array.spec.tsx
index cf6226a6e9..ad46d4c964 100644
--- a/app/util/array.spec.tsx
+++ b/app/util/array.spec.tsx
@@ -8,38 +8,7 @@
 import { type ReactElement } from 'react'
 import { expect, test } from 'vitest'
 
-import { groupBy, intersperse, lowestBy, sortBy, splitOnceBy, sumBy } from './array'
-
-test('sortBy', () => {
-  expect(sortBy(['d', 'b', 'c', 'a'])).toEqual(['a', 'b', 'c', 'd'])
-
-  expect(sortBy([{ x: 'd' }, { x: 'b' }, { x: 'c' }, { x: 'a' }], (o) => o.x)).toEqual([
-    { x: 'a' },
-    { x: 'b' },
-    { x: 'c' },
-    { x: 'd' },
-  ])
-
-  expect(
-    sortBy(
-      [{ x: [0, 0, 0, 0] }, { x: [0, 0, 0] }, { x: [0] }, { x: [0, 0] }],
-      (o) => o.x.length
-    )
-  ).toEqual([{ x: [0] }, { x: [0, 0] }, { x: [0, 0, 0] }, { x: [0, 0, 0, 0] }])
-})
-
-test('lowestBy', () => {
-  expect(lowestBy([{ x: 'd' }, { x: 'b' }, { x: 'c' }, { x: 'a' }], (o) => o.x)).toEqual({
-    x: 'a',
-  })
-
-  expect(
-    lowestBy(
-      [{ x: [0, 0, 0, 0] }, { x: [0, 0, 0] }, { x: [0] }, { x: [0, 0] }],
-      (o) => o.x.length
-    )
-  ).toEqual({ x: [0] })
-})
+import { groupBy, intersperse } from './array'
 
 test('groupBy', () => {
   expect(
@@ -63,11 +32,6 @@ test('groupBy', () => {
   ])
 })
 
-test('sumBy', () => {
-  expect(sumBy([], (x) => x)).toEqual(0)
-  expect(sumBy([{ a: 1 }, { a: 2 }], (x) => x.a)).toEqual(3)
-})
-
 test('intersperse', () => {
   expect(intersperse([], <>,</>)).toEqual([])
 
@@ -97,10 +61,3 @@ test('intersperse', () => {
   expect(result.map(getText)).toEqual(['a', ',', 'b', ',', 'or', 'c'])
   expect(result.map(getKey)).toEqual(['a', 'sep-1', 'b', 'sep-2', 'conj', 'c'])
 })
-
-test('splitOnceBy', () => {
-  expect(splitOnceBy([], () => false)).toEqual([[], []])
-  expect(splitOnceBy([1, 2, 3], () => false)).toEqual([[1, 2, 3], []])
-  expect(splitOnceBy([1, 2, 3], () => true)).toEqual([[], [1, 2, 3]])
-  expect(splitOnceBy([1, 2, 3], (x) => x % 2 === 0)).toEqual([[1], [2, 3]])
-})
diff --git a/app/util/array.ts b/app/util/array.ts
index bc2de39634..2b28eed4b5 100644
--- a/app/util/array.ts
+++ b/app/util/array.ts
@@ -7,76 +7,12 @@
  */
 
 import { cloneElement, type ReactElement } from 'react'
-
-/* eslint-disable @typescript-eslint/no-explicit-any */
-const identity = (x: any) => x
-
-/** Returns a new array sorted by `by`. Assumes return value of `by` is
- * comparable. Default value of `by` is the identity function. */
-export function sortBy<T>(arr: T[], by: (t: T) => any = identity): T[] {
-  const copy = [...arr]
-  copy.sort((a, b) => (by(a) < by(b) ? -1 : by(a) > by(b) ? 1 : 0))
-  return copy
-}
-
-/** Equivalent to `sortBy(...)[0]` but O(N) */
-export function lowestBy<T>(arr: T[], by: (t: T) => any = identity): T | undefined {
-  if (arr.length === 0) return undefined
-
-  let lowest = arr[0]
-  let lowestScore = by(arr[0])
-  for (let i = 1; i < arr.length; i++) {
-    const score = by(arr[i])
-    if (score < lowestScore) {
-      lowest = arr[i]
-      lowestScore = score
-    }
-  }
-  return lowest
-}
-/* eslint-enable @typescript-eslint/no-explicit-any */
+import * as R from 'remeda'
 
 type GroupKey = string | number | symbol
 
 export function groupBy<T>(arr: T[], by: (t: T) => GroupKey) {
-  const groups: Record<GroupKey, T[]> = {}
-  for (const item of arr) {
-    const key = by(item)
-    if (!(key in groups)) {
-      groups[key] = []
-    }
-    groups[key].push(item)
-  }
-  return Object.entries(groups)
-}
-
-/**
- * Split a list into two, one with `by(item)` true, the other with `by(item)`
- * false
- */
-export function partitionBy<T>(arr: T[], by: (t: T) => boolean): [T[], T[]] {
-  const yes: T[] = []
-  const no: T[] = []
-  for (const item of arr) {
-    const target = by(item) ? yes : no
-    target.push(item)
-  }
-  return [yes, no]
-}
-
-type Truthy<T> = T extends false | '' | 0 | null | undefined ? never : T
-
-/**
- * TS-friendly version of `Boolean` for when you want to filter for truthy
- * values. Use `.filter(isTruthy)` instead of `.filter(Boolean)`. See
- * [StackOverflow](https://stackoverflow.com/a/58110124/604986).
- */
-export function isTruthy<T>(value: T): value is Truthy<T> {
-  return !!value
-}
-
-export function sumBy<T>(items: T[], fn: (item: T) => number): number {
-  return items.map(fn).reduce((a, b) => a + b, 0)
+  return Object.entries(R.groupBy(arr, by))
 }
 
 /**
@@ -102,11 +38,3 @@ export function intersperse(
     return [sep0, item]
   })
 }
-
-/**
- * Split array at first element where `by` is true. That element lands in the second array.
- */
-export function splitOnceBy<T>(array: T[], by: (t: T) => boolean) {
-  const i = array.findIndex(by)
-  return i === -1 ? [array, []] : [array.slice(0, i), array.slice(i)]
-}
diff --git a/app/util/file.spec.ts b/app/util/file.spec.ts
index 738c1866ba..0c98ad30a4 100644
--- a/app/util/file.spec.ts
+++ b/app/util/file.spec.ts
@@ -9,7 +9,7 @@ import { describe, expect, test } from 'vitest'
 
 import { readBlobAsBase64 } from './file'
 
-describe('readBlobAsBase64', async () => {
+describe('readBlobAsBase64', () => {
   test('works with zeros', async () => {
     const blob = new Blob([Buffer.alloc(10)])
     const text = await readBlobAsBase64(blob)
diff --git a/app/util/math.ts b/app/util/math.ts
index 34b4cf034d..a0834f100a 100644
--- a/app/util/math.ts
+++ b/app/util/math.ts
@@ -6,7 +6,7 @@
  * Copyright Oxide Computer Company
  */
 
-import { splitOnceBy } from './array'
+import * as R from 'remeda'
 
 /**
  * Get the two parts of a number (before decimal and after-and-including
@@ -20,7 +20,7 @@ export function splitDecimal(value: number, locale?: string): [string, string] {
   const nf = Intl.NumberFormat(locale, { maximumFractionDigits: 2 })
   const parts = nf.formatToParts(value)
 
-  const [wholeParts, decimalParts] = splitOnceBy(parts, (p) => p.type === 'decimal')
+  const [wholeParts, decimalParts] = R.splitWhen(parts, (p) => p.type === 'decimal')
 
   return [
     wholeParts.map((p) => p.value).join(''),
@@ -43,6 +43,8 @@ export function percentage<T extends number | bigint>(top: T, bottom: T): number
   // be like 10^20 bigger than bottom. In any case, the nice thing is it seems
   // JS runtimes will not overflow when Number is given a huge arg, they just
   // convert to a huge number with reduced precision.
+  // type assertion is necessary according to TS. bug in ts-eslint
+  /* eslint-disable @typescript-eslint/no-unnecessary-type-assertion */
   return Number(((top as bigint) * 10_000n) / (bottom as bigint)) / 100
 }
 
diff --git a/app/util/object.spec.ts b/app/util/object.spec.ts
deleted file mode 100644
index 5a2158b1d3..0000000000
--- a/app/util/object.spec.ts
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * Copyright Oxide Computer Company
- */
-import { expect, test } from 'vitest'
-
-import { exclude, pick } from './object'
-
-test('pick', () => {
-  expect(pick({ a: 1, b: '2', c: { d: false } }, 'a', 'b')).toEqual({ a: 1, b: '2' })
-})
-
-test('exclude', () => {
-  expect(exclude({ a: 1, b: '2', c: { d: false } }, 'a', 'c')).toEqual({ b: '2' })
-})
diff --git a/app/util/object.ts b/app/util/object.ts
deleted file mode 100644
index 24655d1436..0000000000
--- a/app/util/object.ts
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * Copyright Oxide Computer Company
- */
-
-export const pick = <T extends Record<string, unknown>, K extends keyof T>(
-  obj: T,
-  ...keys: K[]
-) =>
-  Object.fromEntries(
-    Object.entries(obj).filter(([key]) => keys.includes(key as never))
-  ) as Pick<T, K>
-
-export const exclude = <T extends Record<string, unknown>, K extends keyof T>(
-  obj: T,
-  ...keys: K[]
-) =>
-  Object.fromEntries(
-    Object.entries(obj).filter(([key]) => !keys.includes(key as never))
-  ) as Exclude<T, K>
-
-export function mapValues<K extends string, V0, V>(
-  obj: Record<K, V0>,
-  fn: (value: V0, key: K) => V
-) {
-  return Object.fromEntries(
-    Object.entries<V0>(obj).map(([key, value]) => [key, fn(value, key as K)])
-  ) as Record<K, V>
-}
diff --git a/app/util/path-builder.spec.ts b/app/util/path-builder.spec.ts
index 6194593c7b..3a40896ec6 100644
--- a/app/util/path-builder.spec.ts
+++ b/app/util/path-builder.spec.ts
@@ -22,7 +22,7 @@ const params = {
   image: 'im',
   snapshot: 'sn',
   pool: 'pl',
-  firewallRule: 'fr',
+  rule: 'fr',
   subnet: 'su',
 }
 
diff --git a/app/util/path-builder.ts b/app/util/path-builder.ts
index 1f659dbba6..bf8250cc7c 100644
--- a/app/util/path-builder.ts
+++ b/app/util/path-builder.ts
@@ -21,7 +21,7 @@ type Snapshot = Required<PP.Snapshot>
 type SiloImage = Required<PP.SiloImage>
 type IpPool = Required<PP.IpPool>
 type FloatingIp = Required<PP.FloatingIp>
-type VpcFirewallRule = Required<PP.VpcFirewallRule>
+type FirewallRule = Required<PP.FirewallRule>
 type VpcSubnet = Required<PP.VpcSubnet>
 
 // these are used as the basis for many routes but are not themselves routes we
@@ -80,17 +80,15 @@ export const pb = {
 
   vpcEdit: (params: Vpc) => `${vpcBase(params)}/edit`,
 
-  vpcFirewallRules: (params: Vpc) => `${pb.vpcs(params)}/${params.vpc}/firewall-rules`,
-  vpcFirewallRulesNew: (params: Vpc) =>
-    `${pb.vpcs(params)}/${params.vpc}/firewall-rules-new`,
-  vpcFirewallRulesNewFromTemplate: (params: VpcFirewallRule) =>
-    `${pb.vpcs(params)}/${params.vpc}/firewall-rules-new/${params.firewallRule}`,
-  vpcFirewallRuleEdit: (params: VpcFirewallRule) =>
-    `${pb.vpcs(params)}/${params.vpc}/firewall-rules/${params.firewallRule}/edit`,
-  vpcSubnets: (params: Vpc) => `${pb.vpcs(params)}/${params.vpc}/subnets`,
-  vpcSubnetsNew: (params: Vpc) => `${pb.vpcs(params)}/${params.vpc}/subnets-new`,
-  vpcSubnetsEdit: (params: VpcSubnet) =>
-    `${pb.vpcs(params)}/${params.vpc}/subnets/${params.subnet}/edit`,
+  vpcFirewallRules: (params: Vpc) => `${vpcBase(params)}/firewall-rules`,
+  vpcFirewallRulesNew: (params: Vpc) => `${vpcBase(params)}/firewall-rules-new`,
+  vpcFirewallRulesNewFromTemplate: (params: FirewallRule) =>
+    `${pb.vpcFirewallRulesNew(params)}/${params.rule}`,
+  vpcFirewallRuleEdit: (params: FirewallRule) =>
+    `${pb.vpcFirewallRules(params)}/${params.rule}/edit`,
+  vpcSubnets: (params: Vpc) => `${vpcBase(params)}/subnets`,
+  vpcSubnetsNew: (params: Vpc) => `${vpcBase(params)}/subnets-new`,
+  vpcSubnetsEdit: (params: VpcSubnet) => `${pb.vpcSubnets(params)}/${params.subnet}/edit`,
 
   floatingIps: (params: Project) => `${projectBase(params)}/floating-ips`,
   floatingIpsNew: (params: Project) => `${projectBase(params)}/floating-ips-new`,
diff --git a/mock-api/msw/db.ts b/mock-api/msw/db.ts
index 7c4139c74a..04325c1b1e 100644
--- a/mock-api/msw/db.ts
+++ b/mock-api/msw/db.ts
@@ -7,13 +7,13 @@
  */
 // note that isUuid checks for any kind of UUID. strictly speaking, we should
 // only be checking for v4
+import * as R from 'remeda'
 import { validate as isUuid } from 'uuid'
 
 import type { ApiTypes as Api, PathParams as PP } from '@oxide/api'
 import * as mock from '@oxide/api-mocks'
 
 import { json } from '~/api/__generated__/msw-handlers'
-import { pick } from '~/util/object'
 import { commaSeries } from '~/util/str'
 
 import type { Json } from '../json-type'
@@ -37,6 +37,18 @@ export const lookupById = <T extends { id: string }>(table: T[], id: string) =>
   return item
 }
 
+export const getIpFromPool = (poolName: string | undefined) => {
+  const pool = lookup.ipPool({ pool: poolName })
+  const ipPoolRange = db.ipPoolRanges.find((range) => range.ip_pool_id === pool.id)
+  if (!ipPoolRange) throw notFoundErr
+
+  // right now, we're just using the first address in the range, but we'll
+  // want to filter the list of available IPs for the first unused address
+  // also: think through how calling code might want to handle various issues
+  // and what appropriate error codes would be: no ranges? pool is exhausted? etc.
+  return ipPoolRange.range.first
+}
+
 export const lookup = {
   project({ project: id }: PP.Project): Json<Api.Project> {
     if (!id) throw notFoundErr
@@ -275,8 +287,8 @@ export function utilizationForSilo(silo: Json<Api.Silo>) {
   }
 
   return {
-    allocated: pick(quotas, 'cpus', 'storage', 'memory'),
-    provisioned: pick(provisioned, 'cpus', 'storage', 'memory'),
+    allocated: R.pick(quotas, ['cpus', 'storage', 'memory']),
+    provisioned: R.pick(provisioned, ['cpus', 'storage', 'memory']),
     silo_id: silo.id,
     silo_name: silo.name,
   }
diff --git a/mock-api/msw/handlers.ts b/mock-api/msw/handlers.ts
index 016a4e958d..28736e37c6 100644
--- a/mock-api/msw/handlers.ts
+++ b/mock-api/msw/handlers.ts
@@ -6,6 +6,7 @@
  * Copyright Oxide Computer Company
  */
 import { delay } from 'msw'
+import * as R from 'remeda'
 import { v4 as uuid } from 'uuid'
 
 import {
@@ -20,15 +21,20 @@ import {
 } from '@oxide/api'
 
 import { json, makeHandlers, type Json } from '~/api/__generated__/msw-handlers'
-import { partitionBy, sortBy } from '~/util/array'
-import { pick } from '~/util/object'
 import { validateIp } from '~/util/str'
 import { GiB } from '~/util/units'
 
 import { genCumulativeI64Data } from '../metrics'
 import { serial } from '../serial'
 import { defaultSilo, toIdp } from '../silo'
-import { db, lookup, lookupById, notFoundErr, utilizationForSilo } from './db'
+import {
+  db,
+  getIpFromPool,
+  lookup,
+  lookupById,
+  notFoundErr,
+  utilizationForSilo,
+} from './db'
 import {
   currentUser,
   errIfExists,
@@ -362,7 +368,7 @@ export const handlers = makeHandlers({
     const instances = db.instances.filter((i) => i.project_id === project.id)
     return paginated(query, instances)
   },
-  async instanceCreate({ body, query }) {
+  instanceCreate({ body, query }) {
     const project = lookup.project(query)
 
     if (body.name === 'no-default-pool') {
@@ -480,12 +486,34 @@ export const handlers = makeHandlers({
     const newInstance: Json<Api.Instance> = {
       id: instanceId,
       project_id: project.id,
-      ...pick(body, 'name', 'description', 'hostname', 'memory', 'ncpus'),
+      ...R.pick(body, ['name', 'description', 'hostname', 'memory', 'ncpus']),
       ...getTimestamps(),
       run_state: 'creating',
       time_run_state_updated: new Date().toISOString(),
     }
 
+    body.external_ips?.forEach((ip) => {
+      if (ip.type === 'floating') {
+        const floatingIp = lookup.floatingIp({
+          project: project.id,
+          floatingIp: ip.floating_ip,
+        })
+        if (floatingIp.instance_id) {
+          throw 'floating IP cannot be attached to one instance while still attached to another'
+        }
+        floatingIp.instance_id = instanceId
+      } else if (ip.type === 'ephemeral') {
+        const firstAvailableAddress = getIpFromPool(ip.pool)
+        db.ephemeralIps.push({
+          instance_id: instanceId,
+          external_ip: {
+            ip: firstAvailableAddress,
+            kind: 'ephemeral',
+          },
+        })
+      }
+    })
+
     setTimeout(() => {
       newInstance.run_state = 'starting'
     }, 1000)
@@ -646,12 +674,12 @@ export const handlers = makeHandlers({
     return json(instance, { status: 202 })
   },
   ipPoolList: ({ query }) => paginated(query, db.ipPools),
-  async ipPoolUtilizationView({ path }) {
+  ipPoolUtilizationView({ path }) {
     const pool = lookup.ipPool(path)
     const ranges = db.ipPoolRanges
       .filter((r) => r.ip_pool_id === pool.id)
       .map((r) => r.range)
-    const [ipv4Ranges, ipv6Ranges] = partitionBy(ranges, (r) => validateIp(r.first).isv4)
+    const [ipv4Ranges, ipv6Ranges] = R.partition(ranges, (r) => validateIp(r.first).isv4)
 
     // in the real backend there are also SNAT IPs, but we don't currently
     // represent those because they are not exposed through the API (except
@@ -835,7 +863,7 @@ export const handlers = makeHandlers({
 
     const role_assignments = db.roleAssignments
       .filter((r) => r.resource_type === 'project' && r.resource_id === project.id)
-      .map((r) => pick(r, 'identity_id', 'identity_type', 'role_name'))
+      .map((r) => R.pick(r, ['identity_id', 'identity_type', 'role_name']))
 
     return { role_assignments }
   },
@@ -845,7 +873,7 @@ export const handlers = makeHandlers({
     const newAssignments = body.role_assignments.map((r) => ({
       resource_type: 'project' as const,
       resource_id: project.id,
-      ...pick(r, 'identity_id', 'identity_type', 'role_name'),
+      ...R.pick(r, ['identity_id', 'identity_type', 'role_name']),
     }))
 
     const unrelatedAssignments = db.roleAssignments.filter(
@@ -976,7 +1004,7 @@ export const handlers = makeHandlers({
     const vpc = lookup.vpc(query)
     const rules = db.vpcFirewallRules.filter((r) => r.vpc_id === vpc.id)
 
-    return { rules: sortBy(rules, (r) => r.name) }
+    return { rules: R.sortBy(rules, (r) => r.name) }
   },
   vpcFirewallRulesUpdate({ body, query }) {
     const vpc = lookup.vpc(query)
@@ -994,7 +1022,7 @@ export const handlers = makeHandlers({
       ...rules,
     ]
 
-    return { rules: sortBy(rules, (r) => r.name) }
+    return { rules: R.sortBy(rules, (r) => r.name) }
   },
   vpcSubnetList({ query }) {
     const vpc = lookup.vpc(query)
@@ -1058,7 +1086,7 @@ export const handlers = makeHandlers({
     const siloId = defaultSilo.id
     const role_assignments = db.roleAssignments
       .filter((r) => r.resource_type === 'silo' && r.resource_id === siloId)
-      .map((r) => pick(r, 'identity_id', 'identity_type', 'role_name'))
+      .map((r) => R.pick(r, ['identity_id', 'identity_type', 'role_name']))
 
     return { role_assignments }
   },
@@ -1067,7 +1095,7 @@ export const handlers = makeHandlers({
     const newAssignments = body.role_assignments.map((r) => ({
       resource_type: 'silo' as const,
       resource_id: siloId,
-      ...pick(r, 'identity_id', 'identity_type', 'role_name'),
+      ...R.pick(r, ['identity_id', 'identity_type', 'role_name']),
     }))
 
     const unrelatedAssignments = db.roleAssignments.filter(
@@ -1132,7 +1160,7 @@ export const handlers = makeHandlers({
       db.instances.map((i) => {
         const project = lookupById(db.projects, i.project_id)
         return {
-          ...pick(i, 'id', 'name', 'time_created', 'time_modified', 'memory', 'ncpus'),
+          ...R.pick(i, ['id', 'name', 'time_created', 'time_modified', 'memory', 'ncpus']),
           state: 'running',
           active_sled_id: sled.id,
           project_name: project.name,
@@ -1202,16 +1230,15 @@ export const handlers = makeHandlers({
 
     const provider: Json<SamlIdentityProvider> = {
       id: uuid(),
-      ...pick(
-        body,
+      ...R.pick(body, [
         'name',
         'acs_url',
         'description',
         'idp_entity_id',
         'slo_url',
         'sp_client_id',
-        'technical_contact_email'
-      ),
+        'technical_contact_email',
+      ]),
       public_cert,
       ...getTimestamps(),
     }
@@ -1239,7 +1266,7 @@ export const handlers = makeHandlers({
 
     const role_assignments = db.roleAssignments
       .filter((r) => r.resource_type === 'fleet' && r.resource_id === FLEET_ID)
-      .map((r) => pick(r, 'identity_id', 'identity_type', 'role_name'))
+      .map((r) => R.pick(r, ['identity_id', 'identity_type', 'role_name']))
 
     return { role_assignments }
   },
diff --git a/mock-api/msw/util.ts b/mock-api/msw/util.ts
index 7731af26c2..58cb518c99 100644
--- a/mock-api/msw/util.ts
+++ b/mock-api/msw/util.ts
@@ -9,6 +9,7 @@ import { differenceInSeconds, subHours } from 'date-fns'
 // Works without the .js for dev server and prod build in MSW mode, but
 // playwright wants the .js. No idea why, let's just add the .js.
 import { IPv4, IPv6 } from 'ip-num/IPNumber.js'
+import * as R from 'remeda'
 
 import {
   FLEET_ID,
@@ -25,7 +26,6 @@ import {
 } from '@oxide/api'
 
 import { json, type Json } from '~/api/__generated__/msw-handlers'
-import { isTruthy } from '~/util/array'
 import { validateIp } from '~/util/str'
 import { GiB, TiB } from '~/util/units'
 
@@ -117,11 +117,16 @@ export const errIfExists = <T extends Record<string, unknown>>(
       Object.entries(match).every(([key, value]) => item[key] === value)
     )
   ) {
-    const name = 'name' in match ? match.name : 'id' in match ? match.id : '<resource>'
+    const name =
+      'name' in match && match.name
+        ? match.name
+        : 'id' in match && match.id
+          ? match.id
+          : '<resource>'
     throw json(
       {
         error_code: 'ObjectAlreadyExists',
-        message: `already exists: ${resourceLabel} "${name}"`,
+        message: `already exists: ${resourceLabel} "${name.toString()}"`,
       },
       { status: 400 }
     )
@@ -338,7 +343,7 @@ export function userHasRole(
   const userGroupIds = db.groupMemberships
     .filter((gm) => gm.userId === user.id)
     .map((gm) => db.userGroups.find((g) => g.id === gm.groupId))
-    .filter(isTruthy)
+    .filter(R.isTruthy)
     .map((g) => g.id)
 
   /** All actors with *at least* the specified role on the resource */
diff --git a/mock-api/silo.ts b/mock-api/silo.ts
index 39df9e4947..fb14ccd4c3 100644
--- a/mock-api/silo.ts
+++ b/mock-api/silo.ts
@@ -5,9 +5,10 @@
  *
  * Copyright Oxide Computer Company
  */
+import * as R from 'remeda'
+
 import type { IdentityProvider, SamlIdentityProvider, Silo, SiloQuotas } from '@oxide/api'
 
-import { pick } from '~/util/object'
 import { GiB, TiB } from '~/util/units'
 
 import type { Json } from './json-type'
@@ -107,5 +108,5 @@ export const identityProviders: DbIdp[] = [
  */
 export const toIdp = ({ provider, type }: DbIdp): Json<IdentityProvider> => ({
   provider_type: type,
-  ...pick(provider, 'id', 'name', 'description', 'time_created', 'time_modified'),
+  ...R.pick(provider, ['id', 'name', 'description', 'time_created', 'time_modified']),
 })
diff --git a/package-lock.json b/package-lock.json
index 94fd5795d8..3cac3de286 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -22,6 +22,8 @@
         "@tanstack/react-query": "^5.35.1",
         "@tanstack/react-query-devtools": "^5.35.1",
         "@tanstack/react-table": "^8.16.0",
+        "@xterm/addon-fit": "^0.10.0",
+        "@xterm/xterm": "^5.5.0",
         "classnames": "^2.5.1",
         "date-fns": "^3.6.0",
         "filesize": "^10.1.1",
@@ -41,12 +43,11 @@
         "react-router-dom": "^6.23.0",
         "react-stately": "^3.31.0",
         "recharts": "^2.12.6",
+        "remeda": "^2.0.3",
         "simplebar-react": "^3.2.5",
         "tslib": "^2.6.2",
         "tunnel-rat": "0.0.4",
         "uuid": "^9.0.1",
-        "xterm": "^5.3.0",
-        "xterm-addon-attach": "^0.9.0",
         "xterm-addon-fit": "^0.8.0",
         "zod": "^3.23.7",
         "zustand": "^4.5.2"
@@ -6291,6 +6292,21 @@
         "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
       }
     },
+    "node_modules/@xterm/addon-fit": {
+      "version": "0.10.0",
+      "resolved": "https://registry.npmjs.org/@xterm/addon-fit/-/addon-fit-0.10.0.tgz",
+      "integrity": "sha512-UFYkDm4HUahf2lnEyHvio51TNGiLK66mqP2JoATy7hRZeXaGMRDr00JiSF7m63vR5WKATF605yEggJKsw0JpMQ==",
+      "license": "MIT",
+      "peerDependencies": {
+        "@xterm/xterm": "^5.0.0"
+      }
+    },
+    "node_modules/@xterm/xterm": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/@xterm/xterm/-/xterm-5.5.0.tgz",
+      "integrity": "sha512-hqJHYaQb5OptNunnyAnkHyM8aCjZ1MEIDTQu1iIbbTD/xops91NB5yq1ZK/dC2JDbVWtF23zUtl9JE2NqwT87A==",
+      "license": "MIT"
+    },
     "node_modules/@yarnpkg/lockfile": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/@yarnpkg/lockfile/-/lockfile-1.1.0.tgz",
@@ -16717,6 +16733,15 @@
         "url": "https://opencollective.com/unified"
       }
     },
+    "node_modules/remeda": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/remeda/-/remeda-2.0.3.tgz",
+      "integrity": "sha512-3OtBvbFnhPJPNDxrP4dQ+Y7ghIErMeTy7KQ2vkC6XzrQHbFdlD0tT6mYaJ2S96lUu3umNnhkqni2lhVOdL9UOQ==",
+      "license": "MIT",
+      "dependencies": {
+        "type-fest": "^4.18.2"
+      }
+    },
     "node_modules/remove-accents": {
       "version": "0.5.0",
       "resolved": "https://registry.npmjs.org/remove-accents/-/remove-accents-0.5.0.tgz",
@@ -18291,7 +18316,6 @@
       "version": "4.18.2",
       "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.18.2.tgz",
       "integrity": "sha512-+suCYpfJLAe4OXS6+PPXjW3urOS4IoP9waSiLuXfLgqZODKw/aWwASvzqE886wA0kQgGy0mIWyhd87VpqIy6Xg==",
-      "dev": true,
       "engines": {
         "node": ">=16"
       },
@@ -19566,15 +19590,8 @@
     "node_modules/xterm": {
       "version": "5.3.0",
       "resolved": "https://registry.npmjs.org/xterm/-/xterm-5.3.0.tgz",
-      "integrity": "sha512-8QqjlekLUFTrU6x7xck1MsPzPA571K5zNqWm0M0oroYEWVOptZ0+ubQSkQ3uxIEhcIHRujJy6emDWX4A7qyFzg=="
-    },
-    "node_modules/xterm-addon-attach": {
-      "version": "0.9.0",
-      "resolved": "https://registry.npmjs.org/xterm-addon-attach/-/xterm-addon-attach-0.9.0.tgz",
-      "integrity": "sha512-NykWWOsobVZPPK3P9eFkItrnBK9Lw0f94uey5zhqIVB1bhswdVBfl+uziEzSOhe2h0rT9wD0wOeAYsdSXeavPw==",
-      "peerDependencies": {
-        "xterm": "^5.0.0"
-      }
+      "integrity": "sha512-8QqjlekLUFTrU6x7xck1MsPzPA571K5zNqWm0M0oroYEWVOptZ0+ubQSkQ3uxIEhcIHRujJy6emDWX4A7qyFzg==",
+      "peer": true
     },
     "node_modules/xterm-addon-fit": {
       "version": "0.8.0",
@@ -23981,6 +23998,17 @@
         }
       }
     },
+    "@xterm/addon-fit": {
+      "version": "0.10.0",
+      "resolved": "https://registry.npmjs.org/@xterm/addon-fit/-/addon-fit-0.10.0.tgz",
+      "integrity": "sha512-UFYkDm4HUahf2lnEyHvio51TNGiLK66mqP2JoATy7hRZeXaGMRDr00JiSF7m63vR5WKATF605yEggJKsw0JpMQ==",
+      "requires": {}
+    },
+    "@xterm/xterm": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/@xterm/xterm/-/xterm-5.5.0.tgz",
+      "integrity": "sha512-hqJHYaQb5OptNunnyAnkHyM8aCjZ1MEIDTQu1iIbbTD/xops91NB5yq1ZK/dC2JDbVWtF23zUtl9JE2NqwT87A=="
+    },
     "@yarnpkg/lockfile": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/@yarnpkg/lockfile/-/lockfile-1.1.0.tgz",
@@ -31363,6 +31391,14 @@
         }
       }
     },
+    "remeda": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/remeda/-/remeda-2.0.3.tgz",
+      "integrity": "sha512-3OtBvbFnhPJPNDxrP4dQ+Y7ghIErMeTy7KQ2vkC6XzrQHbFdlD0tT6mYaJ2S96lUu3umNnhkqni2lhVOdL9UOQ==",
+      "requires": {
+        "type-fest": "^4.18.2"
+      }
+    },
     "remove-accents": {
       "version": "0.5.0",
       "resolved": "https://registry.npmjs.org/remove-accents/-/remove-accents-0.5.0.tgz",
@@ -32518,8 +32554,7 @@
     "type-fest": {
       "version": "4.18.2",
       "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.18.2.tgz",
-      "integrity": "sha512-+suCYpfJLAe4OXS6+PPXjW3urOS4IoP9waSiLuXfLgqZODKw/aWwASvzqE886wA0kQgGy0mIWyhd87VpqIy6Xg==",
-      "dev": true
+      "integrity": "sha512-+suCYpfJLAe4OXS6+PPXjW3urOS4IoP9waSiLuXfLgqZODKw/aWwASvzqE886wA0kQgGy0mIWyhd87VpqIy6Xg=="
     },
     "type-is": {
       "version": "1.6.18",
@@ -33361,13 +33396,8 @@
     "xterm": {
       "version": "5.3.0",
       "resolved": "https://registry.npmjs.org/xterm/-/xterm-5.3.0.tgz",
-      "integrity": "sha512-8QqjlekLUFTrU6x7xck1MsPzPA571K5zNqWm0M0oroYEWVOptZ0+ubQSkQ3uxIEhcIHRujJy6emDWX4A7qyFzg=="
-    },
-    "xterm-addon-attach": {
-      "version": "0.9.0",
-      "resolved": "https://registry.npmjs.org/xterm-addon-attach/-/xterm-addon-attach-0.9.0.tgz",
-      "integrity": "sha512-NykWWOsobVZPPK3P9eFkItrnBK9Lw0f94uey5zhqIVB1bhswdVBfl+uziEzSOhe2h0rT9wD0wOeAYsdSXeavPw==",
-      "requires": {}
+      "integrity": "sha512-8QqjlekLUFTrU6x7xck1MsPzPA571K5zNqWm0M0oroYEWVOptZ0+ubQSkQ3uxIEhcIHRujJy6emDWX4A7qyFzg==",
+      "peer": true
     },
     "xterm-addon-fit": {
       "version": "0.8.0",
diff --git a/package.json b/package.json
index a542aef807..d75b01b360 100644
--- a/package.json
+++ b/package.json
@@ -20,8 +20,8 @@
     "test": "vitest",
     "e2e": "playwright test",
     "e2ec": "playwright test --project=chrome",
-    "lint": "eslint --ext .js,.ts,.tsx,.json .",
-    "lint-fast": "eslint --cache --fix --ext .js,.ts,.tsx,.json .",
+    "lint": "eslint --ext .js,.ts,.tsx app test mock-api",
+    "lint-fast": "npm run lint -- --cache",
     "fmt": "prettier --cache --write . && npm run lint -- --fix",
     "openapi-gen-ts": "openapi-gen-ts",
     "prettier": "prettier",
@@ -45,6 +45,8 @@
     "@tanstack/react-query": "^5.35.1",
     "@tanstack/react-query-devtools": "^5.35.1",
     "@tanstack/react-table": "^8.16.0",
+    "@xterm/addon-fit": "^0.10.0",
+    "@xterm/xterm": "^5.5.0",
     "classnames": "^2.5.1",
     "date-fns": "^3.6.0",
     "filesize": "^10.1.1",
@@ -64,12 +66,11 @@
     "react-router-dom": "^6.23.0",
     "react-stately": "^3.31.0",
     "recharts": "^2.12.6",
+    "remeda": "^2.0.3",
     "simplebar-react": "^3.2.5",
     "tslib": "^2.6.2",
     "tunnel-rat": "0.0.4",
     "uuid": "^9.0.1",
-    "xterm": "^5.3.0",
-    "xterm-addon-attach": "^0.9.0",
     "xterm-addon-fit": "^0.8.0",
     "zod": "^3.23.7",
     "zustand": "^4.5.2"
@@ -132,8 +133,7 @@
     "vitest": "^1.6.0"
   },
   "browserslist": [
-    "defaults",
-    "not IE 11"
+    "defaults"
   ],
   "msw": {
     "workerDirectory": [
@@ -141,6 +141,6 @@
     ]
   },
   "lint-staged": {
-    "*.{js,ts,tsx,json}": "eslint --cache --fix"
+    "*.{js,ts,tsx}": "eslint --cache --fix"
   }
 }
diff --git a/test/e2e/images.e2e.ts b/test/e2e/images.e2e.ts
index d1aebf32e5..a86c86640f 100644
--- a/test/e2e/images.e2e.ts
+++ b/test/e2e/images.e2e.ts
@@ -83,11 +83,11 @@ test('can copy an image ID to clipboard', async ({ page, browserName }) => {
 
   await page.goto('/images')
   await clickRowAction(page, 'ubuntu-22-04', 'Copy ID')
-  await expect(await clipboardText(page)).toEqual('ae46ddf5-a8d5-40fa-bcda-fcac606e3f9b')
+  expect(await clipboardText(page)).toEqual('ae46ddf5-a8d5-40fa-bcda-fcac606e3f9b')
 
   await page.goto('/projects/mock-project/images')
   await clickRowAction(page, 'image-4', 'Copy ID')
-  await expect(await clipboardText(page)).toEqual('d150b87d-eb20-49d2-8b56-ff5564670e8c')
+  expect(await clipboardText(page)).toEqual('d150b87d-eb20-49d2-8b56-ff5564670e8c')
 })
 
 test('can demote an image from silo', async ({ page }) => {
diff --git a/test/e2e/instance-create.e2e.ts b/test/e2e/instance-create.e2e.ts
index 4ff6a7b5ed..bdeb21b8f2 100644
--- a/test/e2e/instance-create.e2e.ts
+++ b/test/e2e/instance-create.e2e.ts
@@ -5,7 +5,7 @@
  *
  * Copyright Oxide Computer Company
  */
-import { images } from '@oxide/api-mocks'
+import { floatingIp, images } from '@oxide/api-mocks'
 
 import { expect, expectNotVisible, expectRowVisible, expectVisible, test } from './utils'
 
@@ -291,6 +291,38 @@ test('start with an existing disk, but then switch to a silo image', async ({ pa
   await expectNotVisible(page, ['text=disk-7'])
 })
 
+test('additional disks do not list committed disks as available', async ({ page }) => {
+  await page.goto('/projects/mock-project/instances-new')
+
+  const attachExistingDiskButton = page.getByRole('button', {
+    name: 'Attach existing disk',
+  })
+  const selectAnOption = page.getByRole('button', { name: 'Select an option' })
+  const disk2 = page.getByRole('option', { name: 'disk-2' })
+  const disk3 = page.getByRole('option', { name: 'disk-3' })
+  const disk4 = page.getByRole('option', { name: 'disk-4' })
+
+  await attachExistingDiskButton.click()
+  await selectAnOption.click()
+  // disk-2 is already attached, so should not be visible in the list
+  await expect(disk2).toBeHidden()
+  // disk-3, though, should be present
+  await expect(disk3).toBeVisible()
+  await expect(disk4).toBeVisible()
+
+  // select disk-3 and "attach" it to the instance that will be created
+  await disk3.click()
+  await page.getByRole('button', { name: 'Attach disk' }).click()
+
+  await attachExistingDiskButton.click()
+  await selectAnOption.click()
+  // disk-2 should still be hidden
+  await expect(disk2).toBeHidden()
+  // now disk-3 should be hidden as well
+  await expect(disk3).toBeHidden()
+  await expect(disk4).toBeVisible()
+})
+
 test('maintains selected values even when changing tabs', async ({ page }) => {
   const instanceName = 'arch-based-instance'
   await page.goto('/projects/mock-project/instances-new')
@@ -327,3 +359,72 @@ test('does not attach an ephemeral IP when the checkbox is unchecked', async ({
   await expect(page).toHaveURL('/projects/mock-project/instances/no-ephemeral-ip/storage')
   await expect(page.getByText('External IPs—')).toBeVisible()
 })
+
+test('attaches a floating IP; disables button when no IPs available', async ({ page }) => {
+  const attachFloatingIpButton = page.getByRole('button', { name: 'Attach floating IP' })
+  const selectFloatingIpButton = page.getByRole('button', { name: 'Select floating ip' })
+  const rootbeerFloatOption = page.getByRole('option', { name: 'rootbeer-float' })
+  const attachButton = page.getByRole('button', { name: 'Attach', exact: true })
+
+  const instanceName = 'with-floating-ip'
+  await page.goto('/projects/mock-project/instances-new')
+  await page.getByRole('textbox', { name: 'Name', exact: true }).fill(instanceName)
+  await page.getByRole('button', { name: 'Networking' }).click()
+
+  await attachFloatingIpButton.click()
+  await expect(
+    page.getByText('This instance will be reachable at the selected IP')
+  ).toBeVisible()
+  await selectFloatingIpButton.click()
+  await rootbeerFloatOption.click()
+  await expect(
+    page.getByText('This instance will be reachable at 123.4.56.4')
+  ).toBeVisible()
+  await attachButton.click()
+  await expect(page.getByText('This instance will be reachable at')).toBeHidden()
+  await expectRowVisible(page.getByRole('table'), {
+    Name: floatingIp.name,
+    IP: floatingIp.ip,
+  })
+  await expect(attachFloatingIpButton).toBeDisabled()
+
+  // removing the floating IP row should work, and should re-enable the "attach" button
+  await page.getByRole('button', { name: 'remove floating IP rootbeer-float' }).click()
+  await expect(page.getByText(floatingIp.name)).toBeHidden()
+  await expect(attachFloatingIpButton).toBeEnabled()
+
+  // re-attach the floating IP
+  await attachFloatingIpButton.click()
+  await selectFloatingIpButton.click()
+  await rootbeerFloatOption.click()
+  await attachButton.click()
+
+  await page.getByRole('button', { name: 'Create instance' }).click()
+
+  await expect(page).toHaveURL(`/projects/mock-project/instances/${instanceName}/storage`)
+  await expectVisible(page, [`h1:has-text("${instanceName}")`])
+  await page.getByRole('tab', { name: 'Networking' }).click()
+
+  // ensure External IPs table has rows for the Ephemeral IP and the Floating IP
+  await expectRowVisible(page.getByRole('table'), {
+    ip: '123.4.56.0',
+    Kind: 'ephemeral',
+    name: '—',
+  })
+  await expectRowVisible(page.getByRole('table'), {
+    ip: floatingIp.ip,
+    Kind: 'floating',
+    name: floatingIp.name,
+  })
+})
+
+test('attach a floating IP section has Empty version when no floating IPs exist on the project', async ({
+  page,
+}) => {
+  await page.goto('/projects/other-project/instances-new')
+  await page.getByRole('button', { name: 'Networking' }).click()
+  await expect(page.getByRole('button', { name: 'Attach floating IP' })).toBeHidden()
+  await expect(
+    page.getByText('Create a floating IP to attach it to this instance')
+  ).toBeVisible()
+})
diff --git a/test/e2e/instance-disks.e2e.ts b/test/e2e/instance-disks.e2e.ts
index 59d1651d1e..373ebbb5ad 100644
--- a/test/e2e/instance-disks.e2e.ts
+++ b/test/e2e/instance-disks.e2e.ts
@@ -58,6 +58,8 @@ test('Attach disk', async ({ page }) => {
   await expectVisible(page, ['role=dialog >> text="Disk name is required"'])
 
   await page.click('role=button[name*="Disk name"]')
+  // disk-1 is already attached, so should not be visible in the list
+  await expectNotVisible(page, ['role=option[name="disk-1"]'])
   await expectVisible(page, ['role=option[name="disk-3"]', 'role=option[name="disk-4"]'])
   await page.click('role=option[name="disk-3"]')
 
diff --git a/test/e2e/silos.e2e.ts b/test/e2e/silos.e2e.ts
index 9d08ef2e8a..0a2504ecee 100644
--- a/test/e2e/silos.e2e.ts
+++ b/test/e2e/silos.e2e.ts
@@ -89,7 +89,7 @@ test('Create silo', async ({ page }) => {
   await expect(page.getByRole('cell', { name: 'test-cert-2', exact: true })).toBeVisible()
 
   // now delete the first
-  await page.getByRole('button', { name: 'remove test-cert', exact: true }).click()
+  await page.getByRole('button', { name: 'remove cert test-cert', exact: true }).click()
   // Cert should not appear after it has been deleted
   await expect(certCell).toBeHidden()
 
diff --git a/test/e2e/utils.ts b/test/e2e/utils.ts
index 13f7e6beda..a1800ef735 100644
--- a/test/e2e/utils.ts
+++ b/test/e2e/utils.ts
@@ -13,7 +13,10 @@ import { MSW_USER_COOKIE } from '../../mock-api/msw/util'
 
 export * from '@playwright/test'
 
-export async function forEach(loc: Locator, fn: (loc0: Locator, i: number) => void) {
+export async function forEach(
+  loc: Locator,
+  fn: (loc0: Locator, i: number) => Promise<void>
+) {
   const count = await loc.count()
   for (let i = 0; i < count; i++) {
     await fn(loc.nth(i), i)

From 21b2a069feafadb51bf583165d03e7ff14a30ece Mon Sep 17 00:00:00 2001
From: David Crespo <david.crespo@oxidecomputer.com>
Date: Fri, 7 Jun 2024 17:19:21 -0500
Subject: [PATCH 15/22] whoops

---
 app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx b/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
index f1a58e5245..037ea7435a 100644
--- a/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
+++ b/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
@@ -162,10 +162,7 @@ export function VpcFirewallRulesTab() {
           label: 'New similar rule',
           onActivate() {
             navigate(
-              pb.vpcFirewallRulesNewFromTemplate({
-                ...vpcSelector,
-                firewallRule: rule.name,
-              })
+              pb.vpcFirewallRulesNewFromTemplate({ ...vpcSelector, rule: rule.name })
             )
           },
         },

From ca5f05f43f5f35d845e2cab303f2403c186734eb Mon Sep 17 00:00:00 2001
From: David Crespo <david.crespo@oxidecomputer.com>
Date: Tue, 16 Jul 2024 11:19:30 -0500
Subject: [PATCH 16/22] let's go with clone

---
 app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx b/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
index 7738ba7b86..157a4d0378 100644
--- a/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
+++ b/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
@@ -140,7 +140,7 @@ export function VpcFirewallRulesTab() {
           },
         },
         {
-          label: 'New similar rule',
+          label: 'Clone',
           onActivate() {
             navigate(
               pb.vpcFirewallRulesNewFromTemplate({ ...vpcSelector, rule: rule.name })

From 922da5516799384c0ab6e1e40f938bec70ac4d54 Mon Sep 17 00:00:00 2001
From: David Crespo <david.crespo@oxidecomputer.com>
Date: Tue, 16 Jul 2024 11:24:31 -0500
Subject: [PATCH 17/22] make the min-width for more actions menus smaller

---
 app/ui/styles/components/menu-button.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/ui/styles/components/menu-button.css b/app/ui/styles/components/menu-button.css
index d362cae7b2..386fd7e67e 100644
--- a/app/ui/styles/components/menu-button.css
+++ b/app/ui/styles/components/menu-button.css
@@ -7,7 +7,7 @@
  */
 
 .DropdownMenuContent {
-  @apply z-30 min-w-[14rem] rounded border p-0 bg-raise border-secondary;
+  @apply z-30 min-w-36 rounded border p-0 bg-raise border-secondary;
 
   & .DropdownMenuItem {
     @apply block cursor-pointer select-none border-b py-2 pl-3 pr-6 text-left text-sans-md text-secondary border-secondary last-of-type:border-b-0;

From e10a8a2d6e2bb60be63e02048da85df01447a42e Mon Sep 17 00:00:00 2001
From: David Crespo <david.crespo@oxidecomputer.com>
Date: Tue, 16 Jul 2024 11:31:15 -0500
Subject: [PATCH 18/22] remove special min width on top bar dropdown menu that
 wasn't working anyway

---
 app/components/TopBar.tsx | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/app/components/TopBar.tsx b/app/components/TopBar.tsx
index c119712917..dc1d3287fd 100644
--- a/app/components/TopBar.tsx
+++ b/app/components/TopBar.tsx
@@ -62,11 +62,7 @@ export function TopBar({ children }: { children: React.ReactNode }) {
                   <DirectionDownIcon className="!w-2.5" />
                 </Button>
               </DropdownMenu.Trigger>
-              <DropdownMenu.Content
-                align="end"
-                sideOffset={8}
-                className="min-w-[12.8125rem]"
-              >
+              <DropdownMenu.Content align="end" sideOffset={8}>
                 <DropdownMenu.Item onSelect={() => navigate(pb.profile())}>
                   Settings
                 </DropdownMenu.Item>

From 21c3b2d67f2d0d4b8ea94f2a456f94a23bb28c3a Mon Sep 17 00:00:00 2001
From: David Crespo <david.crespo@oxidecomputer.com>
Date: Tue, 16 Jul 2024 11:44:06 -0500
Subject: [PATCH 19/22] fix e2e test and assert more stuff about the form

---
 test/e2e/firewall-rules.e2e.ts | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/test/e2e/firewall-rules.e2e.ts b/test/e2e/firewall-rules.e2e.ts
index 42884c19b4..06b6a988b4 100644
--- a/test/e2e/firewall-rules.e2e.ts
+++ b/test/e2e/firewall-rules.e2e.ts
@@ -317,15 +317,28 @@ test('create from existing rule', async ({ page }) => {
   const modal = page.getByRole('dialog', { name: 'Add firewall rule' })
   await expect(modal).toBeHidden()
 
-  await clickRowAction(page, 'allow-rdp', 'New similar rule')
+  await clickRowAction(page, 'allow-rdp', 'Clone')
 
   await expect(page).toHaveURL(url + '-new/allow-rdp')
   await expect(modal).toBeVisible()
-  await expect(page.getByRole('textbox', { name: 'Name', exact: true })).toHaveValue(
+  await expect(modal.getByRole('textbox', { name: 'Name', exact: true })).toHaveValue(
     'allow-rdp-1'
   )
 
-  // TODO: should assert all the values, really
+  await expect(modal.getByRole('checkbox', { name: 'TCP' })).toBeChecked()
+  await expect(modal.getByRole('checkbox', { name: 'UDP' })).not.toBeChecked()
+  await expect(modal.getByRole('checkbox', { name: 'ICMP' })).not.toBeChecked()
+
+  await expect(
+    modal
+      .getByRole('table', { name: 'Port filters' })
+      .getByRole('cell', { name: '3389', exact: true })
+  ).toBeVisible()
+  await expect(
+    modal
+      .getByRole('table', { name: 'Targets' })
+      .getByRole('row', { name: 'Name: default, Type: vpc' })
+  ).toBeVisible()
 })
 
 const rulePath = '/projects/mock-project/vpcs/mock-vpc/firewall-rules/allow-icmp/edit'

From 332b26e7be6767be1f41c841ef8154b0951e07e4 Mon Sep 17 00:00:00 2001
From: David Crespo <david.crespo@oxidecomputer.com>
Date: Tue, 16 Jul 2024 11:54:35 -0500
Subject: [PATCH 20/22] be less smart about copied name, just add -copy

---
 app/forms/firewall-rules-create.tsx |  3 +--
 app/util/str.spec.ts                | 18 +-----------------
 app/util/str.ts                     | 15 ---------------
 test/e2e/firewall-rules.e2e.ts      |  2 +-
 4 files changed, 3 insertions(+), 35 deletions(-)

diff --git a/app/forms/firewall-rules-create.tsx b/app/forms/firewall-rules-create.tsx
index 89a0b2b775..619a52e851 100644
--- a/app/forms/firewall-rules-create.tsx
+++ b/app/forms/firewall-rules-create.tsx
@@ -43,7 +43,6 @@ import { TextInputHint } from '~/ui/lib/TextInput'
 import { KEYS } from '~/ui/util/keys'
 import { links } from '~/util/links'
 import { pb } from '~/util/path-builder'
-import { incrementName } from '~/util/str'
 
 export type FirewallRuleValues = {
   enabled: boolean
@@ -602,7 +601,7 @@ export function CreateFirewallRuleForm() {
   const originalRule = existingRules.find((rule) => rule.name === firewallRule)
 
   const defaultValues: FirewallRuleValues = originalRule
-    ? ruleToValues({ ...originalRule, name: incrementName(originalRule.name) })
+    ? ruleToValues({ ...originalRule, name: originalRule.name + '-copy' })
     : defaultValuesEmpty
 
   const form = useForm({ defaultValues })
diff --git a/app/util/str.spec.ts b/app/util/str.spec.ts
index b7670d6a6c..37115bd02e 100644
--- a/app/util/str.spec.ts
+++ b/app/util/str.spec.ts
@@ -7,15 +7,7 @@
  */
 import { describe, expect, it, test } from 'vitest'
 
-import {
-  camelCase,
-  capitalize,
-  commaSeries,
-  incrementName,
-  kebabCase,
-  titleCase,
-  validateIp,
-} from './str'
+import { camelCase, capitalize, commaSeries, kebabCase, titleCase, validateIp } from './str'
 
 describe('capitalize', () => {
   it('capitalizes the first letter', () => {
@@ -148,11 +140,3 @@ test.each([
 ])('validateIp catches invalid IP: %s', (s) => {
   expect(validateIp(s)).toStrictEqual({ isv4: false, isv6: false, valid: false })
 })
-
-describe('incrementName', () => {
-  it('increments the name', () => {
-    expect(incrementName('increment-name')).toBe('increment-name-1')
-    expect(incrementName('increment-name-1')).toBe('increment-name-2')
-    expect(incrementName('increment-name-99')).toBe('increment-name-100')
-  })
-})
diff --git a/app/util/str.ts b/app/util/str.ts
index 3f8bd2f91f..55cde1f7bb 100644
--- a/app/util/str.ts
+++ b/app/util/str.ts
@@ -65,18 +65,3 @@ export const validateIp = (ip: string) => {
   const isv6 = !isv4 && IPV6_REGEX.test(ip)
   return { isv4, isv6, valid: isv4 || isv6 }
 }
-
-export const incrementName = (str: string) => {
-  let name = str
-  const match = name.match(/(.*)-(\d+)$/)
-
-  if (match) {
-    const base = match[1]
-    const num = parseInt(match[2], 10)
-    name = `${base}-${num + 1}`
-  } else {
-    name = `${name}-1`
-  }
-
-  return name
-}
diff --git a/test/e2e/firewall-rules.e2e.ts b/test/e2e/firewall-rules.e2e.ts
index 06b6a988b4..3cbe630900 100644
--- a/test/e2e/firewall-rules.e2e.ts
+++ b/test/e2e/firewall-rules.e2e.ts
@@ -322,7 +322,7 @@ test('create from existing rule', async ({ page }) => {
   await expect(page).toHaveURL(url + '-new/allow-rdp')
   await expect(modal).toBeVisible()
   await expect(modal.getByRole('textbox', { name: 'Name', exact: true })).toHaveValue(
-    'allow-rdp-1'
+    'allow-rdp-copy'
   )
 
   await expect(modal.getByRole('checkbox', { name: 'TCP' })).toBeChecked()

From f2f508b0c4ca0abd5de40b359f256a4584568ac8 Mon Sep 17 00:00:00 2001
From: David Crespo <david.crespo@oxidecomputer.com>
Date: Tue, 16 Jul 2024 11:59:10 -0500
Subject: [PATCH 21/22] rename path builder function

---
 app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx | 4 +---
 app/util/path-builder.spec.ts                               | 2 +-
 app/util/path-builder.ts                                    | 2 +-
 3 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx b/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
index 157a4d0378..36566dd09d 100644
--- a/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
+++ b/app/pages/project/vpcs/VpcPage/tabs/VpcFirewallRulesTab.tsx
@@ -142,9 +142,7 @@ export function VpcFirewallRulesTab() {
         {
           label: 'Clone',
           onActivate() {
-            navigate(
-              pb.vpcFirewallRulesNewFromTemplate({ ...vpcSelector, rule: rule.name })
-            )
+            navigate(pb.vpcFirewallRuleClone({ ...vpcSelector, rule: rule.name }))
           },
         },
         {
diff --git a/app/util/path-builder.spec.ts b/app/util/path-builder.spec.ts
index 866d4ddd5c..68b0197014 100644
--- a/app/util/path-builder.spec.ts
+++ b/app/util/path-builder.spec.ts
@@ -88,10 +88,10 @@ test('path builder', () => {
         "systemUtilization": "/system/utilization",
         "vpc": "/projects/p/vpcs/v/firewall-rules",
         "vpcEdit": "/projects/p/vpcs/v/edit",
+        "vpcFirewallRuleClone": "/projects/p/vpcs/v/firewall-rules-new/fr",
         "vpcFirewallRuleEdit": "/projects/p/vpcs/v/firewall-rules/fr/edit",
         "vpcFirewallRules": "/projects/p/vpcs/v/firewall-rules",
         "vpcFirewallRulesNew": "/projects/p/vpcs/v/firewall-rules-new",
-        "vpcFirewallRulesNewFromTemplate": "/projects/p/vpcs/v/firewall-rules-new/fr",
         "vpcSubnets": "/projects/p/vpcs/v/subnets",
         "vpcSubnetsEdit": "/projects/p/vpcs/v/subnets/su/edit",
         "vpcSubnetsNew": "/projects/p/vpcs/v/subnets-new",
diff --git a/app/util/path-builder.ts b/app/util/path-builder.ts
index e0052a4669..ce59f1d358 100644
--- a/app/util/path-builder.ts
+++ b/app/util/path-builder.ts
@@ -79,7 +79,7 @@ export const pb = {
 
   vpcFirewallRules: (params: Vpc) => `${vpcBase(params)}/firewall-rules`,
   vpcFirewallRulesNew: (params: Vpc) => `${vpcBase(params)}/firewall-rules-new`,
-  vpcFirewallRulesNewFromTemplate: (params: FirewallRule) =>
+  vpcFirewallRuleClone: (params: FirewallRule) =>
     `${pb.vpcFirewallRulesNew(params)}/${params.rule}`,
   vpcFirewallRuleEdit: (params: FirewallRule) =>
     `${pb.vpcFirewallRules(params)}/${params.rule}/edit`,

From 18cc2990f0614a282769ec0b4d7057a7c26085df Mon Sep 17 00:00:00 2001
From: David Crespo <david.crespo@oxidecomputer.com>
Date: Tue, 16 Jul 2024 12:25:23 -0500
Subject: [PATCH 22/22] we're doing comments. we love comments

---
 app/forms/firewall-rules-create.tsx | 12 ++++++++----
 app/routes.tsx                      |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/app/forms/firewall-rules-create.tsx b/app/forms/firewall-rules-create.tsx
index 619a52e851..f936ca4389 100644
--- a/app/forms/firewall-rules-create.tsx
+++ b/app/forms/firewall-rules-create.tsx
@@ -580,9 +580,6 @@ export function CreateFirewallRuleForm() {
   const vpcSelector = useVpcSelector()
   const queryClient = useApiQueryClient()
 
-  // To use as a template to base a new rule off
-  const { firewallRule } = useParams()
-
   const navigate = useNavigate()
   const onDismiss = () => navigate(pb.vpcFirewallRules(vpcSelector))
 
@@ -598,7 +595,14 @@ export function CreateFirewallRuleForm() {
     query: vpcSelector,
   })
   const existingRules = useMemo(() => R.sortBy(data.rules, (r) => r.priority), [data])
-  const originalRule = existingRules.find((rule) => rule.name === firewallRule)
+
+  // The :rule path param is optional. If it is present, we are creating a
+  // rule from an existing one, so we find that rule and copy it into the form
+  // values. Note that if we fail to find the rule by name (which should be
+  // very unlikely) we just pretend we never saw a name in the path and start
+  // from scratch.
+  const { rule: ruleName } = useParams()
+  const originalRule = existingRules.find((rule) => rule.name === ruleName)
 
   const defaultValues: FirewallRuleValues = originalRule
     ? ruleToValues({ ...originalRule, name: originalRule.name + '-copy' })
diff --git a/app/routes.tsx b/app/routes.tsx
index 5bb7eb9295..22e27ccb36 100644
--- a/app/routes.tsx
+++ b/app/routes.tsx
@@ -364,7 +364,7 @@ export const routes = createRoutesFromElements(
                   element={null}
                 />
                 <Route
-                  path="firewall-rules-new/:firewallRule?"
+                  path="firewall-rules-new/:rule?"
                   element={<CreateFirewallRuleForm />}
                   loader={CreateFirewallRuleForm.loader}
                   handle={{ crumb: 'New Firewall Rule' }}