Replace OPEN_THREADS.md - Portal v2 focused threads, System View, Resource Schema, intentional deferrals
This commit is contained in:
parent
e7f91b8152
commit
8074909c06
110
OPEN_THREADS.md
110
OPEN_THREADS.md
@ -1,88 +1,52 @@
|
||||
# Open Threads — zlh-grind
|
||||
# Open Threads — ZeroLagHub
|
||||
|
||||
This file tracks items that are unresolved, under investigation, or explicitly deferred.
|
||||
This document tracks **known open questions and deferred decisions**.
|
||||
|
||||
---
|
||||
|
||||
## Backend/Infrastructure Threads
|
||||
## High Priority
|
||||
|
||||
### Bastion public SSH access (BLOCKER)
|
||||
- **Status:** ACTIVE - blocking external user access
|
||||
- External SSH to bastion (both IP and hostname) fails with `kex_exchange_identification: Connection closed`
|
||||
- TCP connection succeeds but SSH handshake never proceeds
|
||||
- Internal SSH works perfectly; issue is specific to WAN→bastion path
|
||||
- Action required:
|
||||
- tcpdump on bastion during external connection
|
||||
- OPNsense live log during attempt
|
||||
- Verify NAT reaching bastion sshd vs upstream termination
|
||||
- Check for ISP/modem interference
|
||||
|
||||
### zlh-cli bastion mode fixes
|
||||
- **Status:** OPEN - built and deployed, but has bugs
|
||||
- When running ON bastion, CLI incorrectly tries to jump via public hostname
|
||||
- Should use localhost/direct connection when already on bastion
|
||||
- User/host targeting logic needs correction (was targeting bastion instead of dev container)
|
||||
- Goal: clean UX like `zlh ssh 6038` instead of full jump command
|
||||
|
||||
### Agent SSH provisioning automation
|
||||
- **Status:** OPEN - manual workaround confirmed, needs agent integration
|
||||
- Requirements:
|
||||
- Install and enable sshd in new containers
|
||||
- Generate SSH host keys if missing (add to bootstrap/common.sh)
|
||||
- Create `devuser` with sudo access
|
||||
- Configure authorized_keys for key-based auth (if applicable)
|
||||
- Currently working internally via manual setup; needs to be automatic
|
||||
|
||||
### Devcontainer runtime provisioning
|
||||
- **Status:** RESOLVED (design-level), agent patch pending
|
||||
- Root cause: agent not concatenating scripts or exporting env vars
|
||||
- Fix: concatenate `common.sh` + runtime installer into single bash invocation
|
||||
- Deferred to agent implementation
|
||||
|
||||
### Version-aware markers for devcontainer runtimes
|
||||
- **Status:** DEFERRED
|
||||
- Current marker logic does not distinguish between installed runtime versions
|
||||
- Consider writing version metadata to marker file for clean upgrades
|
||||
### Server Detail / System View
|
||||
- Define System View layout
|
||||
- Decide runtime vs metadata sections
|
||||
- Determine console availability per server type (GAME vs DEV)
|
||||
|
||||
---
|
||||
|
||||
## Frontend Threads
|
||||
|
||||
### Active
|
||||
- UI refinement: remove gimmick effects, simplify styling
|
||||
- New logo direction: Celtic-tech / sigil-based ZLH mark
|
||||
- Terminal scaffolding (frontend only)
|
||||
- WebSocket contract definition (pending backend)
|
||||
|
||||
### Pending
|
||||
- systemd service for frontend
|
||||
- Auth flow finalization
|
||||
- Public vs dashboard styling split
|
||||
- Final decision on Z vs ZLH mark usage
|
||||
|
||||
### Explicitly Closed
|
||||
- PM2 usage
|
||||
- React Router
|
||||
- HUD/scanline UI experiments
|
||||
- Neon accent palette
|
||||
### Resource Schema
|
||||
- Finalize Resource / Server model
|
||||
- Define capability flags
|
||||
- Map agent-reported state → UI state
|
||||
|
||||
---
|
||||
|
||||
## Portal Migration to APIv2 Auth (Open)
|
||||
## Medium Priority
|
||||
|
||||
### Context
|
||||
- Portal was originally built against APIv1 + Pterodactyl
|
||||
- APIv2 auth is now live and verified
|
||||
- Portal login + data access must be realigned
|
||||
### Notices System
|
||||
- Wire notices to real events
|
||||
- Define severity levels
|
||||
- Persist "since last login" state
|
||||
|
||||
### Open Questions
|
||||
- Which API routes should be protected first by auth?
|
||||
- When should refresh-token or session renewal be added (if ever)?
|
||||
- Should roles/scopes be enforced now or deferred?
|
||||
---
|
||||
|
||||
### Blocking Items
|
||||
- Portal login page still assumes CSRF + legacy flows
|
||||
- Legacy API abstractions still present in portal repo
|
||||
### System Health Logic
|
||||
- Replace mocked connectivity check
|
||||
- Define degraded vs critical thresholds
|
||||
- Decide when yellow state is shown
|
||||
|
||||
### Owner
|
||||
- Portal Team
|
||||
---
|
||||
|
||||
## Deferred (Intentional)
|
||||
|
||||
### Billing
|
||||
- Plan structure exists
|
||||
- UX hooks reserved
|
||||
- No implementation until platform stabilizes
|
||||
|
||||
### Bulk Operations
|
||||
- Explicitly removed
|
||||
- Will not return unless a future use case demands it
|
||||
|
||||
---
|
||||
|
||||
This file is intentionally opinionated.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user