lab/TODOS.md

TODOS

P1 — Ship with Phase 1

v2.0 Architecture Document Update

Update bastion/docs/ARCHITECTURE.md to cover v2.0: driver model, fleet system, Pulumi integration, Vault secrets, Deno evaluator, new CLI grammar. The existing doc covers v1.0 comprehensively (432 lines). v2.0 adds 5+ major subsystems. Effort: M (human: 1 week / CC: 1-2 days) Depends on: Phase 1 complete Source: CEO review 2026-04-01

P2 — Post-v2.0 Core

SSH Emergency Mode (scoped)

SSH-based operations limited to: (1) earliest necessary box provisioning before agent is installed, and (2) emergency debugging/fixing operations that can't be done via agent. NOT a general-purpose DeploymentTarget alternative. The v1.0 recheck and fix-ssh-root.sh patterns are the model. Agent stays the primary management path. Effort: S (human: 1 week / CC: 1 day) Depends on: Phase 2 complete (DeploymentTarget interface exists) Source: CEO review 2026-04-01

Prometheus Metrics Endpoint

Add /metrics endpoint to labd: resource counts by status, apply duration histograms, driver operation latency, fleet pipeline completion rates. Standard Prometheus scraping for Grafana dashboards and alerting. Effort: S (human: 2-3 days / CC: 2-3 hours) Depends on: Phase 1 (labd exists with resource store) Source: CEO review 2026-04-01 (observability gap)

P3 — Future Enhancements

Infrastructure Graph Visualization

Visual representation of resource dependencies, environment topology, fleet status. Could be a web UI or terminal-based (like kubectl tree). Source: CEO review 2026-04-01

labctl import for Existing Cloud Resources

Discover and import existing AWS/GCP resources into the state store. Pulumi's import functionality could be leveraged. Source: CEO review 2026-04-01

Built-in Secrets Rotation

Automatic rotation of managed secrets (database passwords, API keys). Vault handles rotation but a labctl-native workflow could simplify. Source: CEO review 2026-04-01