zlh-grind/Codex/Portal/OPEN_ITEMS.md

Portal - Open Items

Only keep unfinished Portal work here.

Launch active

• Harden terminal / console connection state:
  • add WebSocket connect timeout in TerminalView
  • on error, close/clear current socket refs and sender callback
  • reset isStreaming on closed, error, and idle
  • make the button recover from Connecting... to Open Console / Reconnect
  • validate console still works for authenticated owner after the fix
• Verify Portal compatibility after API control-plane and billing hardening:
  • login / refresh / /api/auth/me
  • hosted IDE token and hosted URL entry flow
  • server list/status polling
  • async server create flow with pending cards
  • user-safe server delete flow via DELETE /api/servers/{id}
  • billing checkout/portal/upgrade/downgrade flows if Stripe is live
  • backup/restore/file/console flows that depend on owned server access
• Retest notepad/notes and general customer messaging surfaces:
  • load/save
  • persistence after reload/login
  • permissions
  • empty/error states

Validation follow-ups

• Verify CPU/network metrics on live DEV and GAME servers after the frontend metrics normalizer change; if values still do not update, investigate API/agent metrics collection or rate calculation.
• Verify backup metadata rendering, including checkpoint-aware presentation, against current API fields.
• Verify restore accepted → status polling → completion UX against current async restore API behavior.
• Verify marketing CTA routing and SEO page internal links after public-site refresh.
• Check mobile behavior at 375px, 390px, 768px, and desktop widths after future UI changes.

Cleanup / consolidation priorities

• Fold repeated API-client/status-polling patterns and shared state-mapping logic where behavior is already the same.
• Fold repeated table/detail/action rendering helpers only where it reduces duplication without hiding page intent.
• Split oversized page/component/state files by responsibility without changing user-visible behavior.
• Keep restore/status wording explicit, but remove duplicate operation-label and status-reason mapping where possible.
• Centralize shared server-management action handling so files/backups/restore/restart flows do not re-implement the same request/toast/poll logic.
• Continue API client surface cleanup where overlapping wrappers or legacy paths still exist.
• Optional later: factor repeated SEO landing-page layout once copy stabilizes.

Completed and moved out of active cleanup

• Node/runtime pin alignment is current Portal state.
• Next 16 lint-script migration is complete.
• Initial dead HUD wrapper cleanup is complete.
• Stale legacy CSS cleanup is complete.
• Baseline dependency pruning and audit cleanup are complete.
• The old Portal-side /api/agent/{serverId}/{action} bridge has been removed.
• Dashboard spotlight placeholder data / broken manage-link cleanup is complete.
• Hub-nav and onboarding-tour billing mismatch is complete.
• Authenticated shell alignment for billing/profile/support is complete.
• Server card and console status labels no longer treat all non-connectable states as Needs attention.
• Host/container lifecycle states and async host action polling are represented in the server list.
• DEV server status is separated from GAME connectability status in the server list.
• DEV console shows host, agent, and IDE indicators.
• Server-list and console IDE controls are compact and colocated with IDE readiness indicators.
• Async server creation is tracked on the Servers page with inline pending cards and operation polling.
• The previous creation-progress hydration loop that caused maximum update depth errors is resolved.
• Multi-create modal overlap/confusion is resolved by async inline pending cards.
• Server deletion has migrated to DELETE /api/servers/{id} with the normal user JWT client path.
• Portal does not add INTERNAL_API_TOKEN to browser code.
• Dashboard spotlight recognizes DEV containers and mirrors server-list IDE/readiness/host badges.
• Public marketing site now has hybrid conversion + SEO structure.
• Pricing tiers are Starter / Pro / Performance workload tiers.
• Root metadata and homepage hero copy match browser dev + managed hosting positioning.
• Fake zlh CLI command was removed from the homepage visual.
• SEO landing pages exist for Minecraft hosting, modded Minecraft hosting, and browser dev environments.
• Public marketing/auth/dashboard mobile responsiveness pass is no longer a from-zero open item.
• Mobile public nav/menu behavior has been fixed with a working mobile menu and corrected desktop breakpoint.
• Billing suspended/customer messaging is visible through announcements for launch.
• Support form submit works end-to-end through /api/support/create; customer acknowledgement email and Discord support alert were validated.

Cleanup rule

• Prefer behavior-preserving folding over broad refactors.
• Merge repeated flows, not concepts.
• Keep helpers small and concrete.
• Reduce page-local duplication before introducing new abstractions.
• Treat runtime/tooling cleanup as contract-sensitive once it touches auth, API integration, or user-visible route behavior.

Verify before re-opening

• console reconnect/state behavior during restart/restore transitions
• restore accepted → status polling → completion UX
• backup metadata rendering, including checkpoint-aware presentation
• server management flows that share action/polling/toast logic
• login/refresh/hosted-IDE flows after API token tightening or route-boundary changes
• marketing CTA routing and SEO page internal links after public-site refresh
• mobile behavior at 375px, 390px, 768px, and desktop widths after future UI changes
• live CPU/network metric movement for DEV and GAME servers once API/agent metrics are confirmed healthy

Not Portal-owned

• agent-local backup implementation details
• API transport semantics
• API route authorization enforcement, except for Portal compatibility validation and avoiding admin/internal route usage from browser code
• PBS / infra backup strategy