Refresh Portal open items after support async create billing validations

2026-05-03 19:56:06 +00:00 · 2026-05-03 19:56:06 +00:00 · b77f68688d
commit b77f68688d
parent aa8a1356dc
1 changed files with 68 additions and 58 deletions
--- a/Codex/Portal/OPEN_ITEMS.md
+++ b/Codex/Portal/OPEN_ITEMS.md
@ -2,75 +2,85 @@
 Only keep unfinished Portal work here.
-## Active
+## Launch active
- Verify Portal compatibility after the API control-plane hardening pass:
+- Harden terminal / console connection state:
  - add WebSocket connect timeout in `TerminalView`
  - on error, close/clear current socket refs and sender callback
  - reset `isStreaming` on `closed`, `error`, and `idle`
  - make the button recover from `Connecting...` to `Open Console` / `Reconnect`
  - validate console still works for authenticated owner after the fix
 - Verify Portal compatibility after API control-plane and billing hardening:
  - login / refresh / `/api/auth/me`
  - hosted IDE token and hosted URL entry flow
  - server list/status polling
-  - server create flow
+  - async server create flow with pending cards
  - user-safe server delete flow via `DELETE /api/servers/{id}`
-  - billing checkout/portal/upgrade/downgrade flows
+  - billing checkout/portal/upgrade/downgrade flows if Stripe is live
  - backup/restore/file/console flows that depend on owned server access
- Audit Portal API-client exports and usage for admin/internal endpoints after API route classification:
+- Retest notepad/notes and general customer messaging surfaces:
-  - `listAuditLogs()` must not be reachable from normal user UI unless an admin surface and admin auth model are intentionally implemented.
+  - load/save
-  - `listInstances()` must not be used as a normal customer server-list path if `/api/instances` is now admin/internal-only or otherwise restricted.
+  - persistence after reload/login
-  - remove or quarantine unused admin/internal helpers rather than carrying accidental public-client affordances.
+  - permissions
  - empty/error states
 ## Validation follow-ups
 - Verify CPU/network metrics on live DEV and GAME servers after the frontend metrics normalizer change; if values still do not update, investigate API/agent metrics collection or rate calculation.
- Portal-owned email notification preferences/status UX once the API contract exists.
+- Verify backup metadata rendering, including checkpoint-aware presentation, against current API fields.
- checkpoint-specific backup metadata presentation once the API sends the final fields.
+- Verify restore accepted → status polling → completion UX against current async restore API behavior.
 - Verify marketing CTA routing and SEO page internal links after public-site refresh.
 - Check mobile behavior at 375px, 390px, 768px, and desktop widths after future UI changes.
 ## Cleanup / consolidation priorities
- fold repeated API-client/status-polling patterns and shared state-mapping logic where behavior is already the same
+- Fold repeated API-client/status-polling patterns and shared state-mapping logic where behavior is already the same.
- fold repeated table/detail/action rendering helpers only where it reduces duplication without hiding page intent
+- Fold repeated table/detail/action rendering helpers only where it reduces duplication without hiding page intent.
- split oversized page/component/state files by responsibility without changing user-visible behavior
+- Split oversized page/component/state files by responsibility without changing user-visible behavior.
- keep restore/status wording explicit, but remove duplicate operation-label and status-reason mapping where possible
+- Keep restore/status wording explicit, but remove duplicate operation-label and status-reason mapping where possible.
- centralize shared server-management action handling so files/backups/restore/restart flows do not re-implement the same request/toast/poll logic
+- Centralize shared server-management action handling so files/backups/restore/restart flows do not re-implement the same request/toast/poll logic.
- continue API client surface cleanup where overlapping wrappers or legacy paths still exist
+- Continue API client surface cleanup where overlapping wrappers or legacy paths still exist.
- optional later: factor repeated SEO landing-page layout once copy stabilizes
+- Optional later: factor repeated SEO landing-page layout once copy stabilizes.
 ## Completed and moved out of active cleanup
- Node/runtime pin alignment is no longer an open cleanup-only item; Portal is now treated as being on the Node 24 baseline
+- Node/runtime pin alignment is current Portal state.
- Next 16 lint-script migration is no longer an open item
+- Next 16 lint-script migration is complete.
- initial dead HUD wrapper cleanup is no longer an open item
+- Initial dead HUD wrapper cleanup is complete.
- stale legacy CSS cleanup is no longer an open item
+- Stale legacy CSS cleanup is complete.
- baseline dependency pruning and audit cleanup are no longer open items
+- Baseline dependency pruning and audit cleanup are complete.
- current TypeScript / build breakage reported during the cleanup pass is no longer an open item
+- The old Portal-side `/api/agent/{serverId}/{action}` bridge has been removed.
- the old Portal-side `/api/agent/{serverId}/{action}` bridge is no longer an open item; it has been removed
+- Dashboard spotlight placeholder data / broken manage-link cleanup is complete.
- dashboard spotlight placeholder data / broken manage-link cleanup is no longer an open item
+- Hub-nav and onboarding-tour billing mismatch is complete.
- hub-nav and onboarding-tour billing mismatch is no longer an open item
+- Authenticated shell alignment for billing/profile/support is complete.
- authenticated shell alignment for billing/profile/support is no longer an open item
+- Server card and console status labels no longer treat all non-connectable states as `Needs attention`.
- server card and console status labels no longer treat all non-connectable states as `Needs attention`
+- Host/container lifecycle states and async host action polling are represented in the server list.
- host/container lifecycle states and async host action polling are represented in the server list
+- DEV server status is separated from GAME connectability status in the server list.
- DEV server status is separated from GAME connectability status in the server list
+- DEV console shows host, agent, and IDE indicators.
- DEV console now shows host, agent, and IDE indicators
+- Server-list and console IDE controls are compact and colocated with IDE readiness indicators.
- server-list and console IDE controls are compact and colocated with IDE readiness indicators
+- Async server creation is tracked on the Servers page with inline pending cards and operation polling.
- server creation progress is tracked on the Servers page and now begins immediately after submit rather than waiting for the create response
+- The previous creation-progress hydration loop that caused maximum update depth errors is resolved.
- the server-list creation-progress hydration loop that caused maximum update depth errors is no longer an open item
+- Multi-create modal overlap/confusion is resolved by async inline pending cards.
- stopping or stopped hosts no longer make server setup badges read as `creating`/`installing`
+- Server deletion has migrated to `DELETE /api/servers/{id}` with the normal user JWT client path.
- server deletion has migrated to `DELETE /api/servers/{id}` with the normal user JWT client path
+- Portal does not add `INTERNAL_API_TOKEN` to browser code.
- Portal does not add `INTERNAL_API_TOKEN` to browser code
+- Dashboard spotlight recognizes DEV containers and mirrors server-list IDE/readiness/host badges.
- dashboard spotlight now recognizes DEV containers and mirrors server-list IDE/readiness/host badges
+- Public marketing site now has hybrid conversion + SEO structure.
- public marketing site now has hybrid conversion + SEO structure
+- Pricing tiers are Starter / Pro / Performance workload tiers.
- pricing tiers have been repositioned as Starter / Pro / Performance workload tiers
+- Root metadata and homepage hero copy match browser dev + managed hosting positioning.
- root metadata and homepage hero copy have been corrected to match browser dev + managed hosting positioning
+- Fake `zlh` CLI command was removed from the homepage visual.
- fake `zlh` CLI command was removed from the homepage visual
+- SEO landing pages exist for Minecraft hosting, modded Minecraft hosting, and browser dev environments.
- SEO landing pages have been added for Minecraft hosting, modded Minecraft hosting, and browser dev environments
+- Public marketing/auth/dashboard mobile responsiveness pass is no longer a from-zero open item.
- public marketing/auth/dashboard mobile responsiveness pass is no longer a from-zero open item
+- Mobile public nav/menu behavior has been fixed with a working mobile menu and corrected desktop breakpoint.
- mobile public nav/menu behavior has been fixed with a working mobile menu and corrected desktop breakpoint
+- Billing suspended/customer messaging is visible through announcements for launch.
- SSH config snippet for power users has been moved to Phase 2 / platform future rather than active launch Portal work
+- Support form submit works end-to-end through `/api/support/create`; customer acknowledgement email and Discord support alert were validated.
 - stray root binary `testdameon` is not present in the current Portal root listing and is no longer tracked as an active Portal cleanup item
 ## Cleanup rule
- prefer behavior-preserving folding over broad refactors
+- Prefer behavior-preserving folding over broad refactors.
- merge repeated flows, not concepts
+- Merge repeated flows, not concepts.
- keep helpers small and concrete
+- Keep helpers small and concrete.
- reduce page-local duplication before introducing new abstractions
+- Reduce page-local duplication before introducing new abstractions.
- treat runtime/tooling cleanup as contract-sensitive once it touches auth, API integration, or user-visible route behavior
+- Treat runtime/tooling cleanup as contract-sensitive once it touches auth, API integration, or user-visible route behavior.
 ## Verify before re-opening
 - restore accepted -> status polling -> completion UX
 - backup metadata rendering, including checkpoint-aware presentation
 - console reconnect/state behavior during restart/restore transitions
 - restore accepted → status polling → completion UX
 - backup metadata rendering, including checkpoint-aware presentation
 - server management flows that share action/polling/toast logic
 - login/refresh/hosted-IDE flows after API token tightening or route-boundary changes
 - marketing CTA routing and SEO page internal links after public-site refresh
@ -78,7 +88,7 @@ Only keep unfinished Portal work here.
 - live CPU/network metric movement for DEV and GAME servers once API/agent metrics are confirmed healthy
 ## Not Portal-owned
- agent-local backup implementation details.
+- agent-local backup implementation details
- API transport semantics.
+- API transport semantics
- API route authorization enforcement, except for Portal compatibility validation and avoiding admin/internal route usage from browser code.
+- API route authorization enforcement, except for Portal compatibility validation and avoiding admin/internal route usage from browser code
- PBS / infra backup strategy.
+- PBS / infra backup strategy