Replace OPEN_THREADS.md - Portal v2 focused threads, System View, Resource Schema, intentional deferrals
This commit is contained in:
parent
e7f91b8152
commit
8074909c06
110
OPEN_THREADS.md
110
OPEN_THREADS.md
@ -1,88 +1,52 @@
|
|||||||
# Open Threads — zlh-grind
|
# Open Threads — ZeroLagHub
|
||||||
|
|
||||||
This file tracks items that are unresolved, under investigation, or explicitly deferred.
|
This document tracks **known open questions and deferred decisions**.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Backend/Infrastructure Threads
|
## High Priority
|
||||||
|
|
||||||
### Bastion public SSH access (BLOCKER)
|
### Server Detail / System View
|
||||||
- **Status:** ACTIVE - blocking external user access
|
- Define System View layout
|
||||||
- External SSH to bastion (both IP and hostname) fails with `kex_exchange_identification: Connection closed`
|
- Decide runtime vs metadata sections
|
||||||
- TCP connection succeeds but SSH handshake never proceeds
|
- Determine console availability per server type (GAME vs DEV)
|
||||||
- Internal SSH works perfectly; issue is specific to WAN→bastion path
|
|
||||||
- Action required:
|
|
||||||
- tcpdump on bastion during external connection
|
|
||||||
- OPNsense live log during attempt
|
|
||||||
- Verify NAT reaching bastion sshd vs upstream termination
|
|
||||||
- Check for ISP/modem interference
|
|
||||||
|
|
||||||
### zlh-cli bastion mode fixes
|
|
||||||
- **Status:** OPEN - built and deployed, but has bugs
|
|
||||||
- When running ON bastion, CLI incorrectly tries to jump via public hostname
|
|
||||||
- Should use localhost/direct connection when already on bastion
|
|
||||||
- User/host targeting logic needs correction (was targeting bastion instead of dev container)
|
|
||||||
- Goal: clean UX like `zlh ssh 6038` instead of full jump command
|
|
||||||
|
|
||||||
### Agent SSH provisioning automation
|
|
||||||
- **Status:** OPEN - manual workaround confirmed, needs agent integration
|
|
||||||
- Requirements:
|
|
||||||
- Install and enable sshd in new containers
|
|
||||||
- Generate SSH host keys if missing (add to bootstrap/common.sh)
|
|
||||||
- Create `devuser` with sudo access
|
|
||||||
- Configure authorized_keys for key-based auth (if applicable)
|
|
||||||
- Currently working internally via manual setup; needs to be automatic
|
|
||||||
|
|
||||||
### Devcontainer runtime provisioning
|
|
||||||
- **Status:** RESOLVED (design-level), agent patch pending
|
|
||||||
- Root cause: agent not concatenating scripts or exporting env vars
|
|
||||||
- Fix: concatenate `common.sh` + runtime installer into single bash invocation
|
|
||||||
- Deferred to agent implementation
|
|
||||||
|
|
||||||
### Version-aware markers for devcontainer runtimes
|
|
||||||
- **Status:** DEFERRED
|
|
||||||
- Current marker logic does not distinguish between installed runtime versions
|
|
||||||
- Consider writing version metadata to marker file for clean upgrades
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Frontend Threads
|
### Resource Schema
|
||||||
|
- Finalize Resource / Server model
|
||||||
### Active
|
- Define capability flags
|
||||||
- UI refinement: remove gimmick effects, simplify styling
|
- Map agent-reported state → UI state
|
||||||
- New logo direction: Celtic-tech / sigil-based ZLH mark
|
|
||||||
- Terminal scaffolding (frontend only)
|
|
||||||
- WebSocket contract definition (pending backend)
|
|
||||||
|
|
||||||
### Pending
|
|
||||||
- systemd service for frontend
|
|
||||||
- Auth flow finalization
|
|
||||||
- Public vs dashboard styling split
|
|
||||||
- Final decision on Z vs ZLH mark usage
|
|
||||||
|
|
||||||
### Explicitly Closed
|
|
||||||
- PM2 usage
|
|
||||||
- React Router
|
|
||||||
- HUD/scanline UI experiments
|
|
||||||
- Neon accent palette
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Portal Migration to APIv2 Auth (Open)
|
## Medium Priority
|
||||||
|
|
||||||
### Context
|
### Notices System
|
||||||
- Portal was originally built against APIv1 + Pterodactyl
|
- Wire notices to real events
|
||||||
- APIv2 auth is now live and verified
|
- Define severity levels
|
||||||
- Portal login + data access must be realigned
|
- Persist "since last login" state
|
||||||
|
|
||||||
### Open Questions
|
---
|
||||||
- Which API routes should be protected first by auth?
|
|
||||||
- When should refresh-token or session renewal be added (if ever)?
|
|
||||||
- Should roles/scopes be enforced now or deferred?
|
|
||||||
|
|
||||||
### Blocking Items
|
### System Health Logic
|
||||||
- Portal login page still assumes CSRF + legacy flows
|
- Replace mocked connectivity check
|
||||||
- Legacy API abstractions still present in portal repo
|
- Define degraded vs critical thresholds
|
||||||
|
- Decide when yellow state is shown
|
||||||
|
|
||||||
### Owner
|
---
|
||||||
- Portal Team
|
|
||||||
|
## Deferred (Intentional)
|
||||||
|
|
||||||
|
### Billing
|
||||||
|
- Plan structure exists
|
||||||
|
- UX hooks reserved
|
||||||
|
- No implementation until platform stabilizes
|
||||||
|
|
||||||
|
### Bulk Operations
|
||||||
|
- Explicitly removed
|
||||||
|
- Will not return unless a future use case demands it
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
This file is intentionally opinionated.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user