jester/zlh-grind
1
0
Fork 0
Code Issues 14 Pull Requests Actions Packages Projects Releases Wiki Activity
2fd5a57239
zlh-grind/Codex/API/OPEN_ITEMS.md

2.5 KiB
Raw Blame History

API — Open Items

Only keep unfinished API work here.

Active

  • normalize backup response shape: define canonical success bodies for list/create/restore/delete and a stable error envelope that preserves agent details
  • service discovery migration: audit edge publish/DNS/Cloudflare/Technitium, Prometheus SD, dev IDE wildcard, and post-provision hot paths for direct host assumptions
  • provisioning validation follow-up where API behavior is involved
  • verify Portal compatibility after API JWT issuer/audience tightening, especially refresh flow and hosted IDE token flow
  • verify canonical and compatibility file routes still behave identically across list/stat/read/download/delete/put/revert/upload paths after helper extraction

Cleanup / consolidation priorities

  • fold repeated ownership/auth/IP-guard patterns into small concrete helpers without hiding route intent
  • split oversized route/service files by responsibility without changing route contracts
  • keep backup/restore status shaping and async-dispatch logic explicit, but remove duplicated mapping/normalization paths where possible
  • keep stream-vs-JSON forwarding rules centralized in one place and avoid route-local reimplementation

Completed and moved out of active cleanup

  • Node/runtime pinning is no longer an open cleanup-only item; Node 24 pinning is now treated as current repo state
  • node-fetch removal and built-in fetch migration are no longer open items
  • initial file-proxy route deduplication has been completed; only compatibility verification and follow-on cleanup remain open
  • Prisma config migration is no longer an open item
  • baseline proxy cookie/log hardening is no longer an open item

Cleanup rule

  • prefer behavior-preserving folding over broad refactors
  • merge repeated flows, not concepts
  • keep helpers small and concrete
  • reduce route-local duplication before introducing new abstractions
  • treat security/runtime changes as contract-sensitive validation work once they affect auth, cookies, or route compatibility

Verify before re-opening

  • hosted IDE token + hosted URL flow
  • backup forwarding semantics
  • readiness polling/cache behavior
  • quota enforcement on create flow
  • restore async-start contract + status polling semantics
  • streamed file edit/revert forwarding through both canonical and compatibility routes
  • older-session re-login behavior after JWT tightening

Not API-owned

  • agent-local backup implementation details
  • portal-only UX/polish
  • PBS / infra backup strategy