89 lines
3.0 KiB
Markdown
89 lines
3.0 KiB
Markdown
# Open Threads — zlh-grind
|
|
|
|
This file tracks items that are unresolved, under investigation, or explicitly deferred.
|
|
|
|
---
|
|
|
|
## Backend/Infrastructure Threads
|
|
|
|
### Bastion public SSH access (BLOCKER)
|
|
- **Status:** ACTIVE - blocking external user access
|
|
- External SSH to bastion (both IP and hostname) fails with `kex_exchange_identification: Connection closed`
|
|
- TCP connection succeeds but SSH handshake never proceeds
|
|
- Internal SSH works perfectly; issue is specific to WAN→bastion path
|
|
- Action required:
|
|
- tcpdump on bastion during external connection
|
|
- OPNsense live log during attempt
|
|
- Verify NAT reaching bastion sshd vs upstream termination
|
|
- Check for ISP/modem interference
|
|
|
|
### zlh-cli bastion mode fixes
|
|
- **Status:** OPEN - built and deployed, but has bugs
|
|
- When running ON bastion, CLI incorrectly tries to jump via public hostname
|
|
- Should use localhost/direct connection when already on bastion
|
|
- User/host targeting logic needs correction (was targeting bastion instead of dev container)
|
|
- Goal: clean UX like `zlh ssh 6038` instead of full jump command
|
|
|
|
### Agent SSH provisioning automation
|
|
- **Status:** OPEN - manual workaround confirmed, needs agent integration
|
|
- Requirements:
|
|
- Install and enable sshd in new containers
|
|
- Generate SSH host keys if missing (add to bootstrap/common.sh)
|
|
- Create `devuser` with sudo access
|
|
- Configure authorized_keys for key-based auth (if applicable)
|
|
- Currently working internally via manual setup; needs to be automatic
|
|
|
|
### Devcontainer runtime provisioning
|
|
- **Status:** RESOLVED (design-level), agent patch pending
|
|
- Root cause: agent not concatenating scripts or exporting env vars
|
|
- Fix: concatenate `common.sh` + runtime installer into single bash invocation
|
|
- Deferred to agent implementation
|
|
|
|
### Version-aware markers for devcontainer runtimes
|
|
- **Status:** DEFERRED
|
|
- Current marker logic does not distinguish between installed runtime versions
|
|
- Consider writing version metadata to marker file for clean upgrades
|
|
|
|
---
|
|
|
|
## Frontend Threads
|
|
|
|
### Active
|
|
- UI refinement: remove gimmick effects, simplify styling
|
|
- New logo direction: Celtic-tech / sigil-based ZLH mark
|
|
- Terminal scaffolding (frontend only)
|
|
- WebSocket contract definition (pending backend)
|
|
|
|
### Pending
|
|
- systemd service for frontend
|
|
- Auth flow finalization
|
|
- Public vs dashboard styling split
|
|
- Final decision on Z vs ZLH mark usage
|
|
|
|
### Explicitly Closed
|
|
- PM2 usage
|
|
- React Router
|
|
- HUD/scanline UI experiments
|
|
- Neon accent palette
|
|
|
|
---
|
|
|
|
## Portal Migration to APIv2 Auth (Open)
|
|
|
|
### Context
|
|
- Portal was originally built against APIv1 + Pterodactyl
|
|
- APIv2 auth is now live and verified
|
|
- Portal login + data access must be realigned
|
|
|
|
### Open Questions
|
|
- Which API routes should be protected first by auth?
|
|
- When should refresh-token or session renewal be added (if ever)?
|
|
- Should roles/scopes be enforced now or deferred?
|
|
|
|
### Blocking Items
|
|
- Portal login page still assumes CSRF + legacy flows
|
|
- Legacy API abstractions still present in portal repo
|
|
|
|
### Owner
|
|
- Portal Team
|