Update API open items after hardening and teardown validation
This commit is contained in:
parent
ba01b5c5d1
commit
1e5a02dfe5
@ -7,21 +7,27 @@ Only keep unfinished API work here.
|
|||||||
- service discovery migration: audit edge publish/DNS/Cloudflare/Technitium, Prometheus SD, dev IDE wildcard, and post-provision hot paths for direct host assumptions
|
- service discovery migration: audit edge publish/DNS/Cloudflare/Technitium, Prometheus SD, dev IDE wildcard, and post-provision hot paths for direct host assumptions
|
||||||
- provisioning validation follow-up where API behavior is involved
|
- provisioning validation follow-up where API behavior is involved
|
||||||
- verify Portal compatibility after API JWT issuer/audience tightening, especially refresh flow and hosted IDE token flow
|
- verify Portal compatibility after API JWT issuer/audience tightening, especially refresh flow and hosted IDE token flow
|
||||||
|
- migrate Portal delete calls to `DELETE /api/servers/:id`; `DELETE /api/containers/:vmid` currently remains as owned-user compatibility plus internal-token automation, but should return to internal-only once Portal is updated
|
||||||
- verify canonical and compatibility file routes still behave identically across list/stat/read/download/delete/put/revert/upload paths after helper extraction
|
- verify canonical and compatibility file routes still behave identically across list/stat/read/download/delete/put/revert/upload paths after helper extraction
|
||||||
- align merged live-status readiness fields so Portal-facing `agentReady` semantics fully match semantic `/ready`
|
- align merged live-status readiness fields so Portal-facing `agentReady` semantics fully match semantic `/ready`
|
||||||
- verify orphan/manual delete behavior after retirement of legacy PortPool release logic
|
|
||||||
- decide whether the remaining Portal-side `/api/agent/:serverId/:action` bridge should be deleted outright or formally kept as compatibility-only Portal-owned behavior
|
- decide whether the remaining Portal-side `/api/agent/:serverId/:action` bridge should be deleted outright or formally kept as compatibility-only Portal-owned behavior
|
||||||
- live-verify Velocity bridge lifecycle callbacks after `ZPACK_PROXY_STATUS_ENDPOINT` is set: confirm `registered_with_proxy`, `proxy_ping_ok`, and `proxy_ping_failed` land in `ContainerInstance.payload.proxy` and surface through `GET /api/servers/:id/status`
|
- live-verify Velocity bridge lifecycle callbacks after `ZPACK_PROXY_STATUS_ENDPOINT` is set: confirm `registered_with_proxy`, `proxy_ping_ok`, and `proxy_ping_failed` land in `ContainerInstance.payload.proxy` and surface through `GET /api/servers/:id/status`
|
||||||
- Portal integration follow-up for host/LXC lifecycle state: consume `GET /api/servers/:id/host/status`, list-level `hostStatus` / `powerState` / `hostOperation`, and `202` host action responses for game and dev containers
|
- Portal integration follow-up for host/LXC lifecycle state: consume `GET /api/servers/:id/host/status`, list-level `hostStatus` / `powerState` / `hostOperation`, and `202` host action responses for game and dev containers
|
||||||
- remove or downgrade the temporary `MaxListenersExceededWarning` tracer in `src/app.js` after outbound Axios socket listener warnings are confirmed quiet in runtime logs
|
- remove or downgrade the temporary `MaxListenersExceededWarning` tracer in `src/app.js` after outbound Axios socket listener warnings are confirmed quiet in runtime logs
|
||||||
- verify Proxmox node resolution against all active container ranges; recent local smoke checks showed some DB VMIDs not present in `/cluster/resources` or on the configured node
|
- verify Proxmox node resolution against all active container ranges; recent local smoke checks showed some DB VMIDs not present in `/cluster/resources` or on the configured node
|
||||||
|
- add minimal test/CI coverage for auth boundaries and teardown behavior:
|
||||||
|
- normal users cannot reach admin-only routes
|
||||||
|
- missing internal token fails closed for internal-only routes
|
||||||
|
- owned-user delete archives then removes the active instance
|
||||||
|
- non-owner delete fails
|
||||||
|
- Stripe webhook raw-body handling remains intact
|
||||||
|
|
||||||
## Cleanup / consolidation priorities
|
## Cleanup / consolidation priorities
|
||||||
- fold repeated ownership/auth/IP-guard patterns into small concrete helpers without hiding route intent
|
- fold repeated ownership/auth/IP-guard patterns into small concrete helpers without hiding route intent
|
||||||
- split oversized route/service files by responsibility without changing route contracts
|
- split oversized route/service files by responsibility without changing route contracts
|
||||||
- keep backup/restore status shaping and async-dispatch logic explicit, but remove duplicated mapping/normalization paths where possible
|
- keep backup/restore status shaping and async-dispatch logic explicit, but remove duplicated mapping/normalization paths where possible
|
||||||
- keep stream-vs-JSON forwarding rules centralized in one place and avoid route-local reimplementation
|
- keep stream-vs-JSON forwarding rules centralized in one place and avoid route-local reimplementation
|
||||||
- keep archived legacy flows out of the live tree unless they are intentionally revived and revalidated against the current schema/contracts
|
- keep legacy flows out of the live tree unless they are intentionally revived and revalidated against the current schema/contracts
|
||||||
|
|
||||||
## Completed and moved out of active cleanup
|
## Completed and moved out of active cleanup
|
||||||
- Node/runtime pinning is no longer an open cleanup-only item; Node 24 pinning is now treated as current repo state
|
- Node/runtime pinning is no longer an open cleanup-only item; Node 24 pinning is now treated as current repo state
|
||||||
@ -29,7 +35,10 @@ Only keep unfinished API work here.
|
|||||||
- initial file-proxy route deduplication has been completed; only compatibility verification and follow-on cleanup remain open
|
- initial file-proxy route deduplication has been completed; only compatibility verification and follow-on cleanup remain open
|
||||||
- Prisma config migration is no longer an open item
|
- Prisma config migration is no longer an open item
|
||||||
- baseline proxy cookie/log hardening is no longer an open item
|
- baseline proxy cookie/log hardening is no longer an open item
|
||||||
- worker-era provisioning and detached legacy port reservation have been archived rather than treated as active API surfaces
|
- worker-era provisioning and detached legacy port reservation have been removed from the live tree rather than treated as active API surfaces
|
||||||
|
- initial control-plane hardening has landed: shared admin/internal-token middleware, admin-only audit/global instance list, internal-token guards on raw control-plane routes, and fail-closed monitoring/SD token behavior outside explicit development/test
|
||||||
|
- teardown workflow has been extracted into a service and live-verified against one game VMID and one dev VMID; both archived with `reason=user_delete` and active rows were removed
|
||||||
|
- repo hygiene pass removed checked-in key/token/artifact/legacy clutter and tightened ignore rules
|
||||||
|
|
||||||
## Cleanup rule
|
## Cleanup rule
|
||||||
- prefer behavior-preserving folding over broad refactors
|
- prefer behavior-preserving folding over broad refactors
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user