diff --git a/Codex/Portal/CURRENT_STATE.md b/Codex/Portal/CURRENT_STATE.md index a05bcad..d77a62b 100644 --- a/Codex/Portal/CURRENT_STATE.md +++ b/Codex/Portal/CURRENT_STATE.md @@ -1,15 +1,15 @@ # Portal — Current State -Verified against local Portal repo plus the reported Node 24 / Next 16 cleanup pass. +Verified against the local Portal repo after the dashboard/nav cleanup pass, fresh API and Agent repo review, and the server status/host lifecycle/IDE UX pass. This file records what is implemented now. ## Runtime / tooling baseline - Portal is now aligned to the Node 24 runtime line used by the API repo. -- `.nvmrc`, `package.json` engines, and `package-lock.json` are expected to be synchronized on the current Node 24 baseline. +- `.nvmrc`, `package.json` engines, and `package-lock.json` are synchronized on the current Node 24 baseline. - Lint no longer relies on removed `next lint`; the repo uses `eslint .` with the Next 16 flat-config path. - The lint configuration has been adjusted so current project patterns lint cleanly without forcing a broad React-compiler-style refactor. -- `npm run lint` reportedly passes with only existing React hook dependency warnings. +- `npm run lint` passes with only existing React hook dependency warnings. - `npm run build` reportedly passes on Next 16.2.4 with Turbopack. - npm audit is reported clean at moderate-or-higher severity. @@ -30,6 +30,12 @@ This file records what is implemented now. - `operationStartedAt` - `operationMessage` - targeted `409` and `503` UX messaging exists for operation conflicts and not-ready states. +- server card and game console readiness labels now share explicit mapping for ready, stopped, starting, stopping, restarting, maintenance, provisioning/network-pending, plan-limit, and true error states. +- `connectable === false` no longer automatically maps to `Needs attention`; expected non-connectable states such as stopped servers, host lifecycle actions, backup/restore maintenance, and provisioning use specific user-facing labels. +- game server readiness and dev container readiness are separated in the server list so DEV cards use host/agent/IDE state instead of game `connectable` semantics. +- host/container lifecycle status is surfaced from the LXC host layer, including `Online`, `Offline`, `Starting`, `Stopping`, and `Restarting`, plus active host-operation polling. +- server list refresh waits for per-server status enrichment before committing the merged state, preventing transient IDE/readiness badge flips during polling or page remount. +- server creation redirects back to `/servers` after the create response and tracks setup progress there with user-facing steps such as host creation, install/runtime setup, network/dev-tool finalization, and ready. ## Backup UI - game backup UI exists for: @@ -48,40 +54,29 @@ This file records what is implemented now. ## Billing / auth / onboarding - billing UI alignment exists with the newer billing state model. -- profile save now sends the backend-supported account fields to authenticated `PATCH /api/auth/me`: - - `email` normalized to lowercase after trim - - `username` trimmed - - `firstName`, `lastName`, and `displayName` trimmed - - `409` responses surface a duplicate email/username message -- forgot/reset password flow exists: - - login includes a `Forgot password?` link to `/forgot-password` - - `/forgot-password` posts `{ email }` to `POST /api/auth/password-reset/request` - - the Portal always shows `If the account exists, a reset link has been sent.` for account-lookup-style responses - - `/reset-password?token=...` reads `token` from query params, trims it, and requires it to be a 64-character hex token before submit - - valid reset submissions post `{ token, password }` to `POST /api/auth/password-reset/confirm` - - client validation requires an 8+ character password and confirmation match - - missing, malformed, invalid, or expired reset tokens show `This reset link is invalid or has expired.` - - successful reset does not auto-login; Portal leaves the user with login navigation -- profile change-password UI exists: - - profile includes current password, new password, and confirm new password fields - - client validation requires an 8+ character new password and matching confirmation - - submit uses authenticated `POST /api/auth/change-password` with `{ currentPassword, newPassword }` - - successful change clears the password fields and reports success without changing login/session state +- forgot/reset password flow exists. - first-login onboarding flow exists. - Next 16 / current TypeScript cleanup included fixes around nullable normalization and search-param/Suspense usage in affected pages/components. ## Hosted IDE - console and server-list `Open IDE` actions request `/api/dev/{serverId}/ide-token`. - Portal opens the hosted URL returned by the API, falling back to the configured API base for relative URLs. -- DEV server console and server-list rows show code-server `start`, `restart`, and `stop` controls directly under the `Open IDE` button. +- DEV server console and server-list rows show compact IDE indicators and inline `Open`, `Start`, `Restart`, and `Stop` controls instead of large stacked action blocks. - code-server service actions call `/api/dev/{serverId}/codeserver/start`, `/api/dev/{serverId}/codeserver/restart`, and `/api/dev/{serverId}/codeserver/stop`. +- Portal preserves last-known IDE state when a polling response omits code-server fields, avoiding UI blips between list and status responses. +- API owns the IDE bootstrap, hosted proxy, and tunnel flow. Portal is not expected to proxy IDE traffic itself. ## API client layer -- Portal still uses API-mediated transport rather than direct agent calls. +- Portal uses API-mediated transport rather than direct agent calls. +- the old Portal-internal `/api/agent/{serverId}/{action}` bridge has been removed from the frontend repo. - Project cleanup has reportedly removed dead weight around unused wrappers/dependencies, but API-client/status-polling consolidation is not yet considered fully complete. ## Dashboard / IA -- spotlight server card/dashboard refresh landed. +- the dashboard spotlight server card now uses API-backed server data instead of placeholder entries. +- the spotlight card no longer links to a non-existent `/servers/{id}` route; it routes users back into the supported `/servers` surface. +- the spotlight card now recognizes DEV containers across API field aliases and mirrors server-list badges, including the IDE indicator, readiness badge, and host status. +- hub navigation now includes Billing and Profile so onboarding tour targets match the actual menu. +- the hub shell now covers authenticated account/control-surface pages including billing, profile, and support instead of only dashboard/servers. ## Still true - Portal should track API auth / JWT behavior closely because API-side token hardening can require Portal compatibility verification.