From b77f68688df8d911be74b5a3ca67557bca3f7caa Mon Sep 17 00:00:00 2001 From: jester Date: Sun, 3 May 2026 19:56:06 +0000 Subject: [PATCH] Refresh Portal open items after support async create billing validations --- Codex/Portal/OPEN_ITEMS.md | 126 ++++++++++++++++++++----------------- 1 file changed, 68 insertions(+), 58 deletions(-) diff --git a/Codex/Portal/OPEN_ITEMS.md b/Codex/Portal/OPEN_ITEMS.md index 83b94ef..9dc337d 100644 --- a/Codex/Portal/OPEN_ITEMS.md +++ b/Codex/Portal/OPEN_ITEMS.md @@ -2,75 +2,85 @@ Only keep unfinished Portal work here. -## Active -- Verify Portal compatibility after the API control-plane hardening pass: +## Launch active +- Harden terminal / console connection state: + - add WebSocket connect timeout in `TerminalView` + - on error, close/clear current socket refs and sender callback + - reset `isStreaming` on `closed`, `error`, and `idle` + - make the button recover from `Connecting...` to `Open Console` / `Reconnect` + - validate console still works for authenticated owner after the fix +- Verify Portal compatibility after API control-plane and billing hardening: - login / refresh / `/api/auth/me` - hosted IDE token and hosted URL entry flow - server list/status polling - - server create flow + - async server create flow with pending cards - user-safe server delete flow via `DELETE /api/servers/{id}` - - billing checkout/portal/upgrade/downgrade flows + - billing checkout/portal/upgrade/downgrade flows if Stripe is live - backup/restore/file/console flows that depend on owned server access -- Audit Portal API-client exports and usage for admin/internal endpoints after API route classification: - - `listAuditLogs()` must not be reachable from normal user UI unless an admin surface and admin auth model are intentionally implemented. - - `listInstances()` must not be used as a normal customer server-list path if `/api/instances` is now admin/internal-only or otherwise restricted. - - remove or quarantine unused admin/internal helpers rather than carrying accidental public-client affordances. +- Retest notepad/notes and general customer messaging surfaces: + - load/save + - persistence after reload/login + - permissions + - empty/error states + +## Validation follow-ups - Verify CPU/network metrics on live DEV and GAME servers after the frontend metrics normalizer change; if values still do not update, investigate API/agent metrics collection or rate calculation. -- Portal-owned email notification preferences/status UX once the API contract exists. -- checkpoint-specific backup metadata presentation once the API sends the final fields. +- Verify backup metadata rendering, including checkpoint-aware presentation, against current API fields. +- Verify restore accepted → status polling → completion UX against current async restore API behavior. +- Verify marketing CTA routing and SEO page internal links after public-site refresh. +- Check mobile behavior at 375px, 390px, 768px, and desktop widths after future UI changes. ## Cleanup / consolidation priorities -- fold repeated API-client/status-polling patterns and shared state-mapping logic where behavior is already the same -- fold repeated table/detail/action rendering helpers only where it reduces duplication without hiding page intent -- split oversized page/component/state files by responsibility without changing user-visible behavior -- keep restore/status wording explicit, but remove duplicate operation-label and status-reason mapping where possible -- centralize shared server-management action handling so files/backups/restore/restart flows do not re-implement the same request/toast/poll logic -- continue API client surface cleanup where overlapping wrappers or legacy paths still exist -- optional later: factor repeated SEO landing-page layout once copy stabilizes +- Fold repeated API-client/status-polling patterns and shared state-mapping logic where behavior is already the same. +- Fold repeated table/detail/action rendering helpers only where it reduces duplication without hiding page intent. +- Split oversized page/component/state files by responsibility without changing user-visible behavior. +- Keep restore/status wording explicit, but remove duplicate operation-label and status-reason mapping where possible. +- Centralize shared server-management action handling so files/backups/restore/restart flows do not re-implement the same request/toast/poll logic. +- Continue API client surface cleanup where overlapping wrappers or legacy paths still exist. +- Optional later: factor repeated SEO landing-page layout once copy stabilizes. ## Completed and moved out of active cleanup -- Node/runtime pin alignment is no longer an open cleanup-only item; Portal is now treated as being on the Node 24 baseline -- Next 16 lint-script migration is no longer an open item -- initial dead HUD wrapper cleanup is no longer an open item -- stale legacy CSS cleanup is no longer an open item -- baseline dependency pruning and audit cleanup are no longer open items -- current TypeScript / build breakage reported during the cleanup pass is no longer an open item -- the old Portal-side `/api/agent/{serverId}/{action}` bridge is no longer an open item; it has been removed -- dashboard spotlight placeholder data / broken manage-link cleanup is no longer an open item -- hub-nav and onboarding-tour billing mismatch is no longer an open item -- authenticated shell alignment for billing/profile/support is no longer an open item -- server card and console status labels no longer treat all non-connectable states as `Needs attention` -- host/container lifecycle states and async host action polling are represented in the server list -- DEV server status is separated from GAME connectability status in the server list -- DEV console now shows host, agent, and IDE indicators -- server-list and console IDE controls are compact and colocated with IDE readiness indicators -- server creation progress is tracked on the Servers page and now begins immediately after submit rather than waiting for the create response -- the server-list creation-progress hydration loop that caused maximum update depth errors is no longer an open item -- stopping or stopped hosts no longer make server setup badges read as `creating`/`installing` -- server deletion has migrated to `DELETE /api/servers/{id}` with the normal user JWT client path -- Portal does not add `INTERNAL_API_TOKEN` to browser code -- dashboard spotlight now recognizes DEV containers and mirrors server-list IDE/readiness/host badges -- public marketing site now has hybrid conversion + SEO structure -- pricing tiers have been repositioned as Starter / Pro / Performance workload tiers -- root metadata and homepage hero copy have been corrected to match browser dev + managed hosting positioning -- fake `zlh` CLI command was removed from the homepage visual -- SEO landing pages have been added for Minecraft hosting, modded Minecraft hosting, and browser dev environments -- public marketing/auth/dashboard mobile responsiveness pass is no longer a from-zero open item -- mobile public nav/menu behavior has been fixed with a working mobile menu and corrected desktop breakpoint -- SSH config snippet for power users has been moved to Phase 2 / platform future rather than active launch Portal work -- stray root binary `testdameon` is not present in the current Portal root listing and is no longer tracked as an active Portal cleanup item +- Node/runtime pin alignment is current Portal state. +- Next 16 lint-script migration is complete. +- Initial dead HUD wrapper cleanup is complete. +- Stale legacy CSS cleanup is complete. +- Baseline dependency pruning and audit cleanup are complete. +- The old Portal-side `/api/agent/{serverId}/{action}` bridge has been removed. +- Dashboard spotlight placeholder data / broken manage-link cleanup is complete. +- Hub-nav and onboarding-tour billing mismatch is complete. +- Authenticated shell alignment for billing/profile/support is complete. +- Server card and console status labels no longer treat all non-connectable states as `Needs attention`. +- Host/container lifecycle states and async host action polling are represented in the server list. +- DEV server status is separated from GAME connectability status in the server list. +- DEV console shows host, agent, and IDE indicators. +- Server-list and console IDE controls are compact and colocated with IDE readiness indicators. +- Async server creation is tracked on the Servers page with inline pending cards and operation polling. +- The previous creation-progress hydration loop that caused maximum update depth errors is resolved. +- Multi-create modal overlap/confusion is resolved by async inline pending cards. +- Server deletion has migrated to `DELETE /api/servers/{id}` with the normal user JWT client path. +- Portal does not add `INTERNAL_API_TOKEN` to browser code. +- Dashboard spotlight recognizes DEV containers and mirrors server-list IDE/readiness/host badges. +- Public marketing site now has hybrid conversion + SEO structure. +- Pricing tiers are Starter / Pro / Performance workload tiers. +- Root metadata and homepage hero copy match browser dev + managed hosting positioning. +- Fake `zlh` CLI command was removed from the homepage visual. +- SEO landing pages exist for Minecraft hosting, modded Minecraft hosting, and browser dev environments. +- Public marketing/auth/dashboard mobile responsiveness pass is no longer a from-zero open item. +- Mobile public nav/menu behavior has been fixed with a working mobile menu and corrected desktop breakpoint. +- Billing suspended/customer messaging is visible through announcements for launch. +- Support form submit works end-to-end through `/api/support/create`; customer acknowledgement email and Discord support alert were validated. ## Cleanup rule -- prefer behavior-preserving folding over broad refactors -- merge repeated flows, not concepts -- keep helpers small and concrete -- reduce page-local duplication before introducing new abstractions -- treat runtime/tooling cleanup as contract-sensitive once it touches auth, API integration, or user-visible route behavior +- Prefer behavior-preserving folding over broad refactors. +- Merge repeated flows, not concepts. +- Keep helpers small and concrete. +- Reduce page-local duplication before introducing new abstractions. +- Treat runtime/tooling cleanup as contract-sensitive once it touches auth, API integration, or user-visible route behavior. ## Verify before re-opening -- restore accepted -> status polling -> completion UX -- backup metadata rendering, including checkpoint-aware presentation - console reconnect/state behavior during restart/restore transitions +- restore accepted → status polling → completion UX +- backup metadata rendering, including checkpoint-aware presentation - server management flows that share action/polling/toast logic - login/refresh/hosted-IDE flows after API token tightening or route-boundary changes - marketing CTA routing and SEO page internal links after public-site refresh @@ -78,7 +88,7 @@ Only keep unfinished Portal work here. - live CPU/network metric movement for DEV and GAME servers once API/agent metrics are confirmed healthy ## Not Portal-owned -- agent-local backup implementation details. -- API transport semantics. -- API route authorization enforcement, except for Portal compatibility validation and avoiding admin/internal route usage from browser code. -- PBS / infra backup strategy. +- agent-local backup implementation details +- API transport semantics +- API route authorization enforcement, except for Portal compatibility validation and avoiding admin/internal route usage from browser code +- PBS / infra backup strategy