diff --git a/Codex/API/CURRENT_STATE.md b/Codex/API/CURRENT_STATE.md index 962ec29..6eda76f 100644 --- a/Codex/API/CURRENT_STATE.md +++ b/Codex/API/CURRENT_STATE.md @@ -26,13 +26,30 @@ This file records what is believed to be implemented now. - `POST /api/game/servers/:id/backups` - `POST /api/game/servers/:id/backups/restore?id=` - `DELETE /api/game/servers/:id/backups/:backupId` -- API preserves useful agent semantics such as `404`, `409`, and readiness-oriented failures where possible. +- API forwards agent HTTP status codes for backup responses. +- Successful backup responses currently pass through the agent body. +- Non-OK backup responses currently use the shared agent response envelope: `{ error: , details: }`. +- Backup response shape normalization remains open. ## Agent contract alignment already done - `/start`, `/stop`, `/restart` forwarded as POST. - `/console/command` forwarded as POST JSON. - `/ready` is part of poller/readiness logic. +## Billing / auth lifecycle +- API issues access tokens and refresh tokens. +- Password reset tokens are stored hashed and exchanged through API routes. +- Stripe billing routes cover checkout, upgrade, downgrade, portal, and current billing state. +- Stripe webhooks are mounted with raw body parsing before normal JSON middleware. +- Billing scheduler starts in-process and performs limited reminder/reconciliation work. +- Admin users are billing-exempt in billing flows. + +## Hosted IDE proxy +- `POST /api/dev/:id/ide-token` issues short-lived IDE proxy tokens. +- IDE proxy supports both tunnel paths under `/__ide/:id` and hosted `dev-.` hosts. +- Hosted IDE tokens can be delivered by query parameter and then persisted as the IDE proxy cookie. +- Hosted URL return is controlled by `DEV_IDE_RETURN_HOSTED_URL`. + ## Still true - websocket console proxy wiring remains outside `agentClient.js` - raw streaming upload proxy behavior remains outside `agentClient.js`