diff --git a/OPEN_THREADS.md b/OPEN_THREADS.md index cb06eb1..c3f3e69 100644 --- a/OPEN_THREADS.md +++ b/OPEN_THREADS.md @@ -15,41 +15,53 @@ This document tracks **known open questions and deferred decisions**. - ✅ Agent Phase 1 mod management endpoints - ✅ Agent process metrics endpoint - ✅ Minecraft readiness probe + restart race mitigation (initial) +- ✅ Modrinth resolver + full mod lifecycle (install / enable / disable / delete) --- ## Still Open (Phase 1 / Go-to-market) -### API: proxy the new agent capabilities -- Add game-mod endpoints behind auth + ownership: - - `GET /api/game/servers/:vmid/mods` - - `POST /api/game/servers/:vmid/mods/install` - - `PATCH /api/game/servers/:vmid/mods/:mod_id` - - `DELETE /api/game/servers/:vmid/mods/:mod_id` -- Add process metrics proxy: - - `GET /api/game/servers/:vmid/metrics/process` -- Decide caching shape (Redis keys + TTLs) for: - - mods list (agent already caches 5m internally) - - process metrics (likely low TTL, e.g. 5–10s) +### File Browser (Next Major Feature) -### Artifacts: Modrinth / NeoForge supply-chain workflow -- Define a **local-first** artifact ingestion workflow: - - detect → pending → verified → active → deprecated -- Decide Phase 1 scope: - - curated mod list vs modpack-first - - whether to ingest only Modrinth + NeoForge initially -- Standardize loader naming contracts: - - `minecraft/neoforge//neoforge-installer.jar` (Phase 1) - - confirm similar conventions for Forge/Fabric installers +Planned endpoints: -### Frontend: Mods UI (Phase 1) -- Add "Mods" surface for game servers: - - installed mods list (enabled/disabled) - - enable/disable toggle - - remove mod - - curated install flow (no arbitrary URLs) -- Decide if "upload custom mods" is Phase 1 or Phase 2: - - Phase 2 is preferred unless there is sandboxing/scanning/allowlist. +**Agent:** +- `GET /game/files?path=` +- `GET /game/files/download?path=` +- `POST /game/files/upload?path=` +- `DELETE /game/files?path=` +- `PATCH /game/files` (rename) + +**API:** +- Mirror under `/api/game/servers/:id/files` + +**Frontend:** +- Directory tree +- Upload +- Delete +- Download +- Restore deleted mods from `/mods-removed` + +**Security requirements:** +- Hard-root to `serverRoot` — no escaping +- Prevent path traversal +- Enforce size limits on upload +- Auth + ownership required on all endpoints + +### API: Error mapping refinement +- `"mod already exists"` → `409 Conflict` (currently returns `502`) + +### API: Response corruption verification +- One early `curl` output appeared corrupted during mod install testing +- Reproduce cleanly with `curl -sS -D headers.txt -o body.txt ...` before portal wiring + +### API: Process metrics proxy +- `GET /api/game/servers/:vmid/metrics/process` +- Decide caching shape (Redis keys + TTLs): likely low TTL (5–10s) + +### Artifacts: Vanilla MC versions +- Currently at 1.21.7; need to add 1.21.8 through 1.21.11 +- Source: `piston-meta.mojang.com/mc/game/version_manifest_v2.json` ### Provisioning & scale validation - Validate concurrent provisioning (multi-user, parallel creates) @@ -68,10 +80,20 @@ This document tracks **known open questions and deferred decisions**. - Rollback behavior if a new agent fails health checks after update - Optional manifest signing (minisign/GPG) +### Mod system hardening +- Deterministic Modrinth project ID persistence (replace heuristic installed-detection) +- Install queue for concurrent requests +- Auto-update detection logic +- Retention policy for `/mods-removed` + ### Game platform roadmap - Modpack-first install flow (server files + manifests) - Engine abstraction for additional games (Rust/Terraria/Valheim) +### Dev → Game pipeline +- See `docs/architecture/dev-to-game-artifact-pipeline.md` +- Blocked on: file browser complete + mod system stable + --- ## Explicit Non-Goals (for now)