# Open Threads – zlh-grind

This file tracks items that are unresolved, under investigation, or explicitly deferred.

---

## Backend/Infrastructure Threads

### Bastion public SSH access (BLOCKER)
- **Status:** ACTIVE - blocking external user access
- Public SSH to `zlh-bastion.zerolaghub.dev` fails with `kex_exchange_identification: Connection closed`
- TCP connection succeeds but SSH handshake never proceeds
- Internal SSH works perfectly; issue is specific to WAN→bastion path
- Action required:
  - tcpdump on bastion during external connection
  - OPNsense live log during attempt
  - Verify NAT reaching bastion sshd vs upstream termination
  - Check for ISP/modem interference

### zlh-cli bastion mode fixes
- **Status:** OPEN - built and deployed, but has bugs
- When running ON bastion, CLI incorrectly tries to jump via public hostname
- Should use localhost/direct connection when already on bastion
- User/host targeting logic needs correction (was targeting bastion instead of dev container)
- Goal: clean UX like `zlh ssh 6038` instead of full jump command

### Agent SSH provisioning automation
- **Status:** OPEN - manual workaround confirmed, needs agent integration
- Requirements:
  - Install and enable sshd in new containers
  - Generate SSH host keys if missing (add to bootstrap/common.sh)
  - Create `devuser` with sudo access
  - Configure authorized_keys for key-based auth (if applicable)
- Currently working internally via manual setup; needs to be automatic

### Devcontainer runtime provisioning
- **Status:** RESOLVED (design-level), agent patch pending
- Root cause: agent not concatenating scripts or exporting env vars
- Fix: concatenate `common.sh` + runtime installer into single bash invocation
- Deferred to agent implementation

### Version-aware markers for devcontainer runtimes
- **Status:** DEFERRED
- Current marker logic does not distinguish between installed runtime versions
- Consider writing version metadata to marker file for clean upgrades

---

## Frontend Threads

### Active
- UI refinement: remove gimmick effects, simplify styling
- New logo direction: Celtic-tech / sigil-based ZLH mark
- Terminal scaffolding (frontend only)
- WebSocket contract definition (pending backend)

### Pending
- systemd service for frontend
- Auth flow finalization
- Public vs dashboard styling split
- Final decision on Z vs ZLH mark usage

### Explicitly Closed
- PM2 usage
- React Router
- HUD/scanline UI experiments
- Neon accent palette