45 lines
2.5 KiB
Markdown
45 lines
2.5 KiB
Markdown
# API — Open Items
|
|
|
|
Only keep unfinished API work here.
|
|
|
|
## Active
|
|
- normalize backup response shape: define canonical success bodies for list/create/restore/delete and a stable error envelope that preserves agent details
|
|
- service discovery migration: audit edge publish/DNS/Cloudflare/Technitium, Prometheus SD, dev IDE wildcard, and post-provision hot paths for direct host assumptions
|
|
- provisioning validation follow-up where API behavior is involved
|
|
- verify Portal compatibility after API JWT issuer/audience tightening, especially refresh flow and hosted IDE token flow
|
|
- verify canonical and compatibility file routes still behave identically across list/stat/read/download/delete/put/revert/upload paths after helper extraction
|
|
|
|
## Cleanup / consolidation priorities
|
|
- fold repeated ownership/auth/IP-guard patterns into small concrete helpers without hiding route intent
|
|
- split oversized route/service files by responsibility without changing route contracts
|
|
- keep backup/restore status shaping and async-dispatch logic explicit, but remove duplicated mapping/normalization paths where possible
|
|
- keep stream-vs-JSON forwarding rules centralized in one place and avoid route-local reimplementation
|
|
|
|
## Completed and moved out of active cleanup
|
|
- Node/runtime pinning is no longer an open cleanup-only item; Node 24 pinning is now treated as current repo state
|
|
- `node-fetch` removal and built-in `fetch` migration are no longer open items
|
|
- initial file-proxy route deduplication has been completed; only compatibility verification and follow-on cleanup remain open
|
|
- Prisma config migration is no longer an open item
|
|
- baseline proxy cookie/log hardening is no longer an open item
|
|
|
|
## Cleanup rule
|
|
- prefer behavior-preserving folding over broad refactors
|
|
- merge repeated flows, not concepts
|
|
- keep helpers small and concrete
|
|
- reduce route-local duplication before introducing new abstractions
|
|
- treat security/runtime changes as contract-sensitive validation work once they affect auth, cookies, or route compatibility
|
|
|
|
## Verify before re-opening
|
|
- hosted IDE token + hosted URL flow
|
|
- backup forwarding semantics
|
|
- readiness polling/cache behavior
|
|
- quota enforcement on create flow
|
|
- restore async-start contract + status polling semantics
|
|
- streamed file edit/revert forwarding through both canonical and compatibility routes
|
|
- older-session re-login behavior after JWT tightening
|
|
|
|
## Not API-owned
|
|
- agent-local backup implementation details
|
|
- portal-only UX/polish
|
|
- PBS / infra backup strategy
|