# Open Threads – zlh-grind This file tracks active but unfinished work. Keep it short. --- ## Agent (zlh-agent) ### Dev Runtime System Completed: - catalog validation implemented - runtime installs artifact-backed - install guard implemented Outstanding: - runtime install verification improvements - catalog hash validation - runtime removal / upgrade handling --- ### Dev Environment Completed: - dev user creation - workspace root `/home/dev/workspace` - console runs as dev user Outstanding: - PATH normalization - shell profile consistency - runtime PATH injection --- ## Code Server Addon Status: ✅ Installed and running inside dev containers Confirmed: - compiled release artifact fixed on `zlh-artifacts` - install confirmed working - process confirmed running inside container - binds to `0.0.0.0:6000` - launched from `/opt/zlh/services/code-server` Port: `6000` --- ### Access Model (Updated) The previous approach using: - Cloudflare DNS - Technitium DNS - Traefik dynamic config per container has been **abandoned**. Reason: - too many moving pieces - TLS and proxy complexity - per-container DNS automation - unnecessary exposure of internal dev services --- ### New Access Strategy Dev containers will support **two access paths**. #### Path 1 — Browser IDE (Primary) ``` Browser ↓ Portal ↓ API proxy ↓ container:6000 ``` URL format: `/dev//ide` Implementation requirements: - API proxy using `http-proxy-middleware` - WebSocket support (`ws: true`) - `server.on('upgrade', proxy.upgrade)` - code-server launch args: `--base-path /dev//ide --auth none` Authentication handled by portal JWT. --- #### Path 2 — Local Dev Access (Advanced Users) Direct developer access via **Headscale/Tailscale**. Use cases: - SSH - VS Code Remote - local development tools Outstanding tasks: - confirm `zlh-ctl` Headscale server status - implement Tailscale addon install - API auth key generation - portal instructions Headscale constraints: - `magic_dns: false` - no exit nodes - no DNS takeover --- ## Agent Future Work (priority order) 1. Structured logging (slog) for Loki 2. Dev container provisioningComplete state 3. Crash recovery backoff 4. Graceful shutdown verification 5. Process reattachment on agent restart --- ## API (zpack-api) Completed: - dev provisioning payload - runtime/version fields - enable_code_server flag - API status endpoint for frontend state Outstanding: - `/dev/:id/ide` proxy route - websocket upgrade handling - ownership validation before proxy - Headscale auth key generation - dev runtime catalog endpoint --- ## Portal (zpack-portal) Completed: - dev runtime dropdown - dotnet runtime support - enable code-server checkbox - dev file browser support Outstanding: - "Open IDE" button - `/dev//ide` page - Headscale setup instructions --- ## Platform Active thread: - implement browser IDE proxy Future work: - Tailscale dev access - artifact version promotion - runtime rollback support --- ## Closed Threads - ✅ PTY console (dev + game) - ✅ Mod lifecycle - ✅ Upload pipeline - ✅ Runtime artifact installs - ✅ Dev container filesystem model - ✅ Code-server artifact fix - ✅ API status endpoint for frontend agent-state consumption