jester/zlh-grind
1
0
Fork 0
Code Issues 14 Pull Requests Actions Packages Projects Releases Wiki Activity
8f7a4bf5ba
zlh-grind/OPEN_THREADS.md

203 lines
5.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Open Threads zlh-grind
This file tracks active but unfinished work.
Keep it short.
---
## Agent (zlh-agent)
### Dev Runtime System
Completed:
- catalog validation implemented
- runtime installs artifact-backed
- install guard implemented
- all installs now fetch from artifact server (no local artifact assumption)
Outstanding:
- runtime install verification improvements
- catalog hash validation
- runtime removal / upgrade handling
---
### Dev Environment
Completed:
- dev user creation
- workspace root `/home/dev/workspace`
- console runs as dev user
- `HOME`, `USER`, `LOGNAME`, `TERM` env vars set correctly
Outstanding:
- PATH normalization
- shell profile consistency
- runtime PATH injection
---
### Code Server Addon
Status: ✅ Installed, running, and reachable through API proxy
Confirmed:
- pulled from artifact server (tar.gz)
- installed to `/opt/zlh/services/code-server`
- binds to `0.0.0.0:6000`
- lifecycle endpoints: `POST /dev/codeserver/start|stop|restart`
- detection via `/proc/*/cmdline` scan
- hosted browser IDE flow verified with curl end-to-end through Traefik + API proxy
---
### Game Server Supervision
Completed:
- crash recovery with backoff: 30s → 60s → 120s
- backoff resets if uptime ≥ 30s
- transitions to `error` state after repeated failures
- crash observability: time, exit code, signal, uptime, log tail, classification
- classifications: `oom`, `mod_or_plugin_error`, `missing_dependency`, `nonzero_exit`, `unexpected_exit`
---
### Agent Future Work (priority order)
1. Structured logging (slog) for Loki
2. Dev container `provisioningComplete` state in `/status`
3. Graceful shutdown verification (SIGTERM + wait for Minecraft)
4. Process reattachment on agent restart
---
## Dev IDE Access
### Browser IDE ✅ Working (host-based through Traefik + API)
```
Browser → dev-<vmid>.zerolaghub.dev → Traefik → API → container:6000
```
Verified flow:
1. frontend calls `POST /api/dev/:id/ide-token`
2. API returns `https://dev-<vmid>.zerolaghub.dev/?token=...`
3. browser opens hosted URL
4. Traefik wildcard router forwards to API at `http://10.60.0.245:4000`
5. API validates token, sets `zlh_dev_ide_token`, redirects to clean host URL
6. subsequent cookie-backed request redirects to `/?folder=/home/dev/workspace`
7. final response is `200` with code-server HTML
8. API remains HTTP + WS proxy boundary to the container
Curl-verified response chain:
- `GET /?token=...``302` + `Set-Cookie: zlh_dev_ide_token`
- `GET /` with cookie → `302` to `/?folder=/home/dev/workspace`
- `GET /?folder=/home/dev/workspace``200` code-server HTML
### Remaining Work
- verify full browser behavior beyond curl
- verify WebSocket behavior in-browser under hosted flow
- reduce legacy `/__ide/:id` compatibility paths once host-based is fully canonical
- confirm "Open IDE" button in portal uses hosted URL in production path
### Wildcard Edge (Traefik)
- Traefik on `zlh-zpack-proxy` (10.70.0.242) handles wildcard TLS via DNS challenge
- wildcard cert `*.zerolaghub.dev` issued via Let's Encrypt + Cloudflare DNS-01
- Traefik routes `dev-*.zerolaghub.dev` → API at `http://10.60.0.245:4000`
- `passHostHeader: true` preserves original hostname through to API
- no Caddy, no `:8081`, no per-container DNS/Traefik side effects from API
### Local Dev Access (Headscale/Tailscale — Future)
Outstanding:
- confirm `zlh-ctl` Headscale server status
- implement Tailscale addon install in agent
- API auth key generation
- portal setup instructions
Constraints: `magic_dns: false`, no exit nodes, no DNS takeover
---
## API (zpack-api)
Completed:
- dev provisioning payload
- runtime/version fields
- enable_code_server flag
- `GET /api/servers/:id/status` — server status endpoint
- `POST /api/dev/:id/ide-token` — IDE token generation + hosted URL
- `GET /api/dev/:id/ide` — bootstrap route (validates token, sets cookie, redirects)
- `/__ide/:id/*` — live tunnel proxy (HTTP + WS, target-bound)
- dev routing experiment removed (`devRouting.js`, `devDePublisher.js` deleted)
- host-based URL generation (`DEV_IDE_HOST_SUFFIX`, `DEV_IDE_RETURN_HOSTED_URL`)
- `handleHostedProxy` — host-based routing via `Host` header vmid extraction
- token bootstrap → cookie handoff working under hosted flow
- hosted flow proxies to container successfully
Outstanding:
- simplify and harden host-native `devProxy` — remove stale path-based assumptions
- dev runtime catalog endpoint for portal
- Headscale auth key generation
---
## Portal (zpack-portal)
Completed:
- dev runtime dropdown
- dotnet runtime support
- enable code-server checkbox
- dev file browser support
Outstanding:
- confirm "Open IDE" button fully uses hosted URL flow
- browser validation against hosted wildcard model
- Headscale setup instructions
---
## Platform
Future work:
- Tailscale dev access
- artifact version promotion
- runtime rollback support
---
## Closed Threads
- ✅ PTY console (dev + game)
- ✅ Mod lifecycle
- ✅ Upload pipeline
- ✅ Runtime artifact installs
- ✅ Dev container filesystem model
- ✅ Code-server artifact fix
- ✅ API status endpoint for frontend agent-state consumption
- ✅ Game server crash recovery with backoff
- ✅ Crash observability (classification, log tail, exit metadata)
- ✅ Code-server lifecycle endpoints (start/stop/restart)
- ✅ Code-server process detection via /proc scan
- ✅ Dev IDE proxy — path-based browser IDE working end-to-end
- ✅ Hosted wildcard Traefik → API → container dev IDE flow (curl-verified)
- ✅ Per-container dev IDE edge publish/unpublish removed from API
- ✅ Wildcard TLS cert `*.zerolaghub.dev` via Let's Encrypt + Cloudflare DNS-01
Reference in New Issue View Git Blame Copy Permalink