jester/zlh-grind
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity
d128d92d15
zlh-grind/OPEN_THREADS.md

201 lines
3.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Open Threads zlh-grind
This file tracks active but unfinished work.
Keep it short.
---
## Agent (zlh-agent)
### Dev Runtime System
Completed:
- catalog validation implemented
- runtime installs artifact-backed
- install guard implemented
Outstanding:
- runtime install verification improvements
- catalog hash validation
- runtime removal / upgrade handling
---
### Dev Environment
Completed:
- dev user creation
- workspace root `/home/dev/workspace`
- console runs as dev user
Outstanding:
- PATH normalization
- shell profile consistency
- runtime PATH injection
---
## Code Server Addon
Status: ✅ Installed and running inside dev containers
Confirmed:
- compiled release artifact fixed on `zlh-artifacts`
- install confirmed working
- process confirmed running inside container
- binds to `0.0.0.0:6000`
- launched from `/opt/zlh/services/code-server`
Port: `6000`
---
### Access Model (Updated)
The previous approach using:
- Cloudflare DNS
- Technitium DNS
- Traefik dynamic config per container
has been **abandoned**.
Reason:
- too many moving pieces
- TLS and proxy complexity
- per-container DNS automation
- unnecessary exposure of internal dev services
---
### New Access Strategy
Dev containers will support **two access paths**.
#### Path 1 — Browser IDE (Primary)
```
Browser
Portal
API proxy
container:6000
```
URL format: `/dev/<vmid>/ide`
Implementation requirements:
- API proxy using `http-proxy-middleware`
- WebSocket support (`ws: true`)
- `server.on('upgrade', proxy.upgrade)`
- code-server launch args: `--base-path /dev/<vmid>/ide --auth none`
Authentication handled by portal JWT.
---
#### Path 2 — Local Dev Access (Advanced Users)
Direct developer access via **Headscale/Tailscale**.
Use cases:
- SSH
- VS Code Remote
- local development tools
Outstanding tasks:
- confirm `zlh-ctl` Headscale server status
- implement Tailscale addon install
- API auth key generation
- portal instructions
Headscale constraints:
- `magic_dns: false`
- no exit nodes
- no DNS takeover
---
## Agent Future Work (priority order)
1. Structured logging (slog) for Loki
2. Dev container provisioningComplete state
3. Crash recovery backoff
4. Graceful shutdown verification
5. Process reattachment on agent restart
---
## API (zpack-api)
Completed:
- dev provisioning payload
- runtime/version fields
- enable_code_server flag
- API status endpoint for frontend state
Outstanding:
- `/dev/:id/ide` proxy route
- websocket upgrade handling
- ownership validation before proxy
- Headscale auth key generation
- dev runtime catalog endpoint
---
## Portal (zpack-portal)
Completed:
- dev runtime dropdown
- dotnet runtime support
- enable code-server checkbox
- dev file browser support
Outstanding:
- "Open IDE" button
- `/dev/<vmid>/ide` page
- Headscale setup instructions
---
## Platform
Active thread:
- implement browser IDE proxy
Future work:
- Tailscale dev access
- artifact version promotion
- runtime rollback support
---
## Closed Threads
- ✅ PTY console (dev + game)
- ✅ Mod lifecycle
- ✅ Upload pipeline
- ✅ Runtime artifact installs
- ✅ Dev container filesystem model
- ✅ Code-server artifact fix
- ✅ API status endpoint for frontend agent-state consumption
Reference in New Issue View Git Blame Copy Permalink