Portal — Current State

Verified against local Portal repo plus the reported Node 24 / Next 16 cleanup pass.

This file records what is implemented now.

Runtime / tooling baseline

Portal is now aligned to the Node 24 runtime line used by the API repo.
.nvmrc, package.json engines, and package-lock.json are expected to be synchronized on the current Node 24 baseline.
Lint no longer relies on removed next lint; the repo uses eslint . with the Next 16 flat-config path.
The lint configuration has been adjusted so current project patterns lint cleanly without forcing a broad React-compiler-style refactor.
npm run lint reportedly passes with only existing React hook dependency warnings.
npm run build reportedly passes on Next 16.2.4 with Turbopack.
npm audit is reported clean at moderate-or-higher severity.

Confirmed-unused HUD wrapper components have been removed.
Stale src/styles.old/* legacy CSS has been removed.
Unused js-cookie type shim has been removed.
Unused dependencies and Tailwind plugins have reportedly been pruned from the Portal repo.
The Portal cleanup pass reports net line-count reduction rather than growth.

Portal consumes API-normalized state.
Portal understands:
- ready
- operationInProgress
- operationType
- maintenance
- operationStartedAt
- operationMessage
targeted 409 and 503 UX messaging exists for operation conflicts and not-ready states.

game backup UI exists for:
- list
- create
- restore
- delete
Portal uses API routes, not direct agent calls.
backup metadata is normalized and displayed when the API includes metadata fields.

console command transport uses POST JSON through API.
previous blanket ready === false gating bug for game actions was fixed.
Start is not blocked merely because a stopped server is not ready.
backup actions are not blocked purely by ready === false; backend validity decides.

billing UI alignment exists with the newer billing state model.
forgot/reset password flow exists:
- login includes a Forgot password? link to /forgot-password
- /forgot-password posts { email } to POST /api/auth/password-reset/request
- the Portal always shows If the account exists, a reset link has been sent. for account-lookup-style responses
- /reset-password?token=... reads token, validates 8+ character password and confirmation match, then posts { token, password } to POST /api/auth/password-reset/confirm
- missing, invalid, or expired reset tokens show This reset link is invalid or has expired.
- successful reset does not auto-login; Portal leaves the user with login navigation
profile change-password UI exists:
- profile includes current password, new password, and confirm new password fields
- client validation requires an 8+ character new password and matching confirmation
- submit uses authenticated POST /api/auth/change-password with { currentPassword, newPassword }
- successful change clears the password fields and reports success without changing login/session state
first-login onboarding flow exists.
Next 16 / current TypeScript cleanup included fixes around nullable normalization and search-param/Suspense usage in affected pages/components.

console and server-list Open IDE actions request /api/dev/{serverId}/ide-token.
Portal opens the hosted URL returned by the API, falling back to the configured API base for relative URLs.
DEV server console and server-list rows show code-server start, restart, and stop controls directly under the Open IDE button.
code-server service actions call /api/dev/{serverId}/codeserver/start, /api/dev/{serverId}/codeserver/restart, and /api/dev/{serverId}/codeserver/stop.

Portal still uses API-mediated transport rather than direct agent calls.
Project cleanup has reportedly removed dead weight around unused wrappers/dependencies, but API-client/status-polling consolidation is not yet considered fully complete.

Portal should track API auth / JWT behavior closely because API-side token hardening can require Portal compatibility verification.
Portal cleanup should remain behavior-preserving; build/lint green status is part of the current baseline.