jester/zlh-grind
1
0
Fork 0
Code Issues 14 Pull Requests Actions Packages Projects Releases Wiki Activity

Record API route boundary and retired legacy flow decisions

Browse Source
This commit is contained in:
jester 2026-04-24 18:16:17 +00:00
parent ada24e1edf
commit 13f0560b47
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Codex/API/DECISIONS.md
View File

@ -5,6 +5,8 @@
- Agent does not push heartbeat/state into API.
- Semantic readiness uses `/ready`, not plain HTTP 200.
- Portal should consume API-normalized state, not call agents directly for normal state/actions.
- `/api/instances` and `/api/containers` are distinct contracts: instances is the active list/create surface, while containers is the cleanup/delete/orphan-remediation surface.
- there is no API-native `/api/agent/:serverId/:action` route in `zpack-api`; any route with that shape is Portal-owned compatibility behavior rather than an API feature.
- streaming upload proxy behavior should remain separate from generic non-streaming `agentClient.js` transport.
- websocket console proxy behavior should remain separate from generic non-streaming `agentClient.js` transport.
- API is now tracked on a Node 24 baseline with repo-local version pinning.
@ -14,6 +16,8 @@
- JWT verification hardening is allowed to be contract-sensitive; access, refresh, and IDE proxy tokens may use distinct audience expectations.
- hosted IDE proxy cookies should default to hardened behavior appropriate for public HTTPS deployments.
- proxy logging should avoid exposing cookies or detailed forwarded-header values in routine logs.
- legacy worker-based provisioning is no longer a live API path and should stay archived unless intentionally revived.
- legacy port allocation / slot reservation is no longer part of the active provisioning model and should stay retired unless intentionally revived end to end.
## Tracking rule
- when API work completes, remove it from `OPEN_ITEMS.md`