Record API Codex decisions from Node 24 modernization and hardening pass
This commit is contained in:
parent
b7c95086b5
commit
1773bc89b3
@ -7,6 +7,13 @@
|
|||||||
- Portal should consume API-normalized state, not call agents directly for normal state/actions.
|
- Portal should consume API-normalized state, not call agents directly for normal state/actions.
|
||||||
- streaming upload proxy behavior should remain separate from generic non-streaming `agentClient.js` transport.
|
- streaming upload proxy behavior should remain separate from generic non-streaming `agentClient.js` transport.
|
||||||
- websocket console proxy behavior should remain separate from generic non-streaming `agentClient.js` transport.
|
- websocket console proxy behavior should remain separate from generic non-streaming `agentClient.js` transport.
|
||||||
|
- API is now tracked on a Node 24 baseline with repo-local version pinning.
|
||||||
|
- built-in global `fetch` is the intended fetch implementation; direct `node-fetch` dependency is no longer the preferred pattern.
|
||||||
|
- duplicated game file proxy behavior should be folded into shared helper paths while preserving compatibility for both canonical and compatibility routes.
|
||||||
|
- Prisma config should live in dedicated Prisma config, not deprecated `package.json#prisma` config.
|
||||||
|
- JWT verification hardening is allowed to be contract-sensitive; access, refresh, and IDE proxy tokens may use distinct audience expectations.
|
||||||
|
- hosted IDE proxy cookies should default to hardened behavior appropriate for public HTTPS deployments.
|
||||||
|
- proxy logging should avoid exposing cookies or detailed forwarded-header values in routine logs.
|
||||||
|
|
||||||
## Tracking rule
|
## Tracking rule
|
||||||
- when API work completes, remove it from `OPEN_ITEMS.md`
|
- when API work completes, remove it from `OPEN_ITEMS.md`
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user