diff --git a/OPEN_THREADS.md b/OPEN_THREADS.md index 0d58594..23bce2d 100644 --- a/OPEN_THREADS.md +++ b/OPEN_THREADS.md @@ -1,88 +1,52 @@ -# Open Threads — zlh-grind +# Open Threads — ZeroLagHub -This file tracks items that are unresolved, under investigation, or explicitly deferred. +This document tracks **known open questions and deferred decisions**. --- -## Backend/Infrastructure Threads +## High Priority -### Bastion public SSH access (BLOCKER) -- **Status:** ACTIVE - blocking external user access -- External SSH to bastion (both IP and hostname) fails with `kex_exchange_identification: Connection closed` -- TCP connection succeeds but SSH handshake never proceeds -- Internal SSH works perfectly; issue is specific to WAN→bastion path -- Action required: - - tcpdump on bastion during external connection - - OPNsense live log during attempt - - Verify NAT reaching bastion sshd vs upstream termination - - Check for ISP/modem interference - -### zlh-cli bastion mode fixes -- **Status:** OPEN - built and deployed, but has bugs -- When running ON bastion, CLI incorrectly tries to jump via public hostname -- Should use localhost/direct connection when already on bastion -- User/host targeting logic needs correction (was targeting bastion instead of dev container) -- Goal: clean UX like `zlh ssh 6038` instead of full jump command - -### Agent SSH provisioning automation -- **Status:** OPEN - manual workaround confirmed, needs agent integration -- Requirements: - - Install and enable sshd in new containers - - Generate SSH host keys if missing (add to bootstrap/common.sh) - - Create `devuser` with sudo access - - Configure authorized_keys for key-based auth (if applicable) -- Currently working internally via manual setup; needs to be automatic - -### Devcontainer runtime provisioning -- **Status:** RESOLVED (design-level), agent patch pending -- Root cause: agent not concatenating scripts or exporting env vars -- Fix: concatenate `common.sh` + runtime installer into single bash invocation -- Deferred to agent implementation - -### Version-aware markers for devcontainer runtimes -- **Status:** DEFERRED -- Current marker logic does not distinguish between installed runtime versions -- Consider writing version metadata to marker file for clean upgrades +### Server Detail / System View +- Define System View layout +- Decide runtime vs metadata sections +- Determine console availability per server type (GAME vs DEV) --- -## Frontend Threads - -### Active -- UI refinement: remove gimmick effects, simplify styling -- New logo direction: Celtic-tech / sigil-based ZLH mark -- Terminal scaffolding (frontend only) -- WebSocket contract definition (pending backend) - -### Pending -- systemd service for frontend -- Auth flow finalization -- Public vs dashboard styling split -- Final decision on Z vs ZLH mark usage - -### Explicitly Closed -- PM2 usage -- React Router -- HUD/scanline UI experiments -- Neon accent palette +### Resource Schema +- Finalize Resource / Server model +- Define capability flags +- Map agent-reported state → UI state --- -## Portal Migration to APIv2 Auth (Open) +## Medium Priority -### Context -- Portal was originally built against APIv1 + Pterodactyl -- APIv2 auth is now live and verified -- Portal login + data access must be realigned +### Notices System +- Wire notices to real events +- Define severity levels +- Persist "since last login" state -### Open Questions -- Which API routes should be protected first by auth? -- When should refresh-token or session renewal be added (if ever)? -- Should roles/scopes be enforced now or deferred? +--- -### Blocking Items -- Portal login page still assumes CSRF + legacy flows -- Legacy API abstractions still present in portal repo +### System Health Logic +- Replace mocked connectivity check +- Define degraded vs critical thresholds +- Decide when yellow state is shown -### Owner -- Portal Team +--- + +## Deferred (Intentional) + +### Billing +- Plan structure exists +- UX hooks reserved +- No implementation until platform stabilizes + +### Bulk Operations +- Explicitly removed +- Will not return unless a future use case demands it + +--- + +This file is intentionally opinionated.