Update PROJECT_CONTEXT — IDE proxy + token system implemented, API routes documented
This commit is contained in:
parent
36b3645c74
commit
a7b93e5e83
@ -49,7 +49,7 @@ System posture: stable, controlled expansion phase.
|
|||||||
## Stack
|
## Stack
|
||||||
|
|
||||||
**API (zpack-api, VM 1005):** Node.js ESM, Express 5, Prisma 6, MariaDB,
|
**API (zpack-api, VM 1005):** Node.js ESM, Express 5, Prisma 6, MariaDB,
|
||||||
Redis, BullMQ, JWT, Stripe, argon2, ssh2, WebSocket
|
Redis, BullMQ, JWT, Stripe, argon2, ssh2, WebSocket, http-proxy-middleware
|
||||||
|
|
||||||
**Portal (zpack-portal, VM 1100):** Next.js 15, TypeScript, TailwindCSS,
|
**Portal (zpack-portal, VM 1100):** Next.js 15, TypeScript, TailwindCSS,
|
||||||
Axios, WebSocket console. Sci-fi HUD aesthetic (steel textures, neon
|
Axios, WebSocket console. Sci-fi HUD aesthetic (steel textures, neon
|
||||||
@ -94,69 +94,59 @@ Confirmed:
|
|||||||
- code-server process launches and binds to `0.0.0.0:6000`
|
- code-server process launches and binds to `0.0.0.0:6000`
|
||||||
- frontend host/console state updates correctly via API status endpoint
|
- frontend host/console state updates correctly via API status endpoint
|
||||||
|
|
||||||
|
**Pending agent change:** code-server must be relaunched with `--auth none --base-path /api/dev/<vmid>/ide`
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Dev Container Access Model
|
## Dev Container Access Model
|
||||||
|
|
||||||
Dev containers provide two access methods.
|
### Browser IDE (Implemented)
|
||||||
|
|
||||||
### Browser IDE (Primary)
|
|
||||||
|
|
||||||
```
|
```
|
||||||
Browser
|
Browser
|
||||||
↓
|
↓
|
||||||
Portal
|
Portal
|
||||||
↓
|
↓
|
||||||
API proxy
|
API proxy (/api/dev/:id/ide)
|
||||||
↓
|
↓
|
||||||
container:6000
|
container:6000
|
||||||
```
|
```
|
||||||
|
|
||||||
URL format: `/dev/<vmid>/ide`
|
Portal calls `POST /api/dev/:id/ide-token` first, then opens the returned URL in a new tab. Token is short-lived (300s), signed by API. Proxy accepts token via `Authorization: Bearer` or `?token=` query param. WebSocket upgrades validated with same token.
|
||||||
|
|
||||||
Benefits:
|
Containers are never publicly exposed.
|
||||||
|
|
||||||
- no DNS automation
|
### Local Developer Access (Future)
|
||||||
- no Traefik routing
|
|
||||||
- no TLS per container
|
|
||||||
- portal JWT controls access
|
|
||||||
- ownership validated by API before proxying
|
|
||||||
|
|
||||||
### Local Developer Access (Advanced)
|
Headscale/Tailscale for SSH, VS Code Remote, local tools.
|
||||||
|
Headscale server: `zlh-ctl` (status to be confirmed).
|
||||||
|
Constraints: no exit nodes, `magic_dns: false`.
|
||||||
|
|
||||||
Advanced users connect via **Tailscale / Headscale**.
|
### Removed
|
||||||
|
|
||||||
Benefits:
|
DNS-per-container + Traefik dynamic routing approach was abandoned.
|
||||||
|
Code removed from API: `devRouting.js`, `devDePublisher.js`, Traefik file writes.
|
||||||
|
`proxyClient.js` retained — still used by game edge publish path.
|
||||||
|
|
||||||
- SSH
|
---
|
||||||
- VS Code Remote
|
|
||||||
- local tooling
|
|
||||||
|
|
||||||
Headscale server: `zlh-ctl` (status to be confirmed)
|
## API Routes — Dev IDE
|
||||||
|
|
||||||
Constraints:
|
```
|
||||||
|
POST /api/dev/:id/ide-token — generate short-lived IDE token
|
||||||
- no exit nodes
|
GET /api/dev/:id/ide — proxy to container:6000
|
||||||
- `magic_dns: false`
|
GET /api/dev/:id/ide/* — proxy to container:6000
|
||||||
- no DNS takeover on customer machine
|
GET /api/servers/:id/status — expose polled agent state to frontend
|
||||||
|
```
|
||||||
### Removed Approach
|
|
||||||
|
|
||||||
The previous model used DNS record per container, Traefik dynamic routes,
|
|
||||||
and subdomain IDE access. This was removed due to operational complexity,
|
|
||||||
TLS issues, and per-container DNS automation overhead.
|
|
||||||
|
|
||||||
Code paths to remove from API: `createDevRouting()`, proxy SSH writes,
|
|
||||||
Traefik dynamic file creation.
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## API / Frontend Status
|
## API / Frontend Status
|
||||||
|
|
||||||
- API polls agent `/status`
|
- API polls agent `/status`
|
||||||
- API exposes polled state back to frontend via server status endpoint
|
- API exposes polled state back to frontend via `GET /api/servers/:id/status`
|
||||||
- Portal no longer relies on stale DB-only state for console availability
|
- Portal no longer relies on stale DB-only state for console availability
|
||||||
- Game publish flow remains untouched — dev routing changes are additive only
|
- Game publish flow remains untouched
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -186,10 +176,10 @@ Revenue multiplier: 1 developer → ~10 players → $147.50/mo total.
|
|||||||
|
|
||||||
## Open Threads
|
## Open Threads
|
||||||
|
|
||||||
1. Implement browser IDE proxy (`/dev/:id/ide`) in API
|
1. Agent: update code-server launch args (`--auth none`, `--base-path /api/dev/<vmid>/ide`)
|
||||||
2. Confirm Headscale `zlh-ctl` VM status
|
2. Portal: "Open IDE" button calling `/api/dev/:id/ide-token`
|
||||||
3. Curated provenance — tracking install origin
|
3. Confirm Headscale `zlh-ctl` VM status
|
||||||
4. Optional future: config diff viewer, upload progress UI, log search
|
4. Curated provenance — tracking install origin
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -218,3 +208,4 @@ All at `git.zerolaghub.com/jester/<repo>`
|
|||||||
- VMs 100, 101, 103, 1000 are legacy/unused — not active production
|
- VMs 100, 101, 103, 1000 are legacy/unused — not active production
|
||||||
- Do not mark unimplemented work as complete
|
- Do not mark unimplemented work as complete
|
||||||
- Game publish flow must never be modified by dev routing changes
|
- Game publish flow must never be modified by dev routing changes
|
||||||
|
- `proxyClient.js` must not be deleted — used by game edge publish path
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user