# RedFlag Project Backlog Index

**Last Updated:** 2025-12-16
**Total Tasks:** 33 (All priorities catalogued)

## Quick Statistics

| Priority | Count | Percentage |
|----------|-------|------------|
| P0 - Critical | 8 | 24.2% |
| P1 - Major | 4 | 12.1% |
| P2 - Moderate | 3 | 9.1% |
| P3 - Minor | 6 | 18.2% |
| P4 - Enhancement | 6 | 18.2% |
| P5 - Future | 2 | 6.1% |

## Task Categories

| Category | Count | Percentage |
|----------|-------|------------|
| Bug Fixes | 11 | 33.3% |
| Features | 12 | 36.4% |
| Documentation | 5 | 15.2% |
| Architecture | 5 | 15.2% |

---

## P0 - Critical Issues (Must Fix Before Production)

### [P0-001: Rate Limit First Request Bug](P0-001_Rate-Limit-First-Request-Bug.md)
**Description:** Every FIRST agent registration gets rate limited with HTTP 429, forcing 1-minute wait
**Component:** API Middleware / Rate Limiter
**Status:** ACTIVE

### [P0-002: Session Loop Bug (Returned)](P0-002_Session-Loop-Bug.md)
**Description:** UI flashing/rapid refresh loop after server restart following setup completion
**Component:** Frontend / React / SetupCompletionChecker
**Status:** ACTIVE

### [P0-003: Agent No Retry Logic](P0-003_Agent-No-Retry-Logic.md)
**Description:** Agent permanently stops checking in after server connection failure, no recovery mechanism
**Component:** Agent / Resilience / Error Handling
**Status:** ACTIVE

### [P0-004: Database Constraint Violation](P0-004_Database-Constraint-Violation.md)
**Description:** Timeout service fails to create audit logs due to missing 'timed_out' in database constraint
**Component:** Database / Migration / Timeout Service
**Status:** ACTIVE

### [P0-005: Build Syntax Error - Commands.go Duplicate Function](P0-005_Build-Syntax-Error.md)
**Description:** Docker build fails with syntax error during server compilation due to duplicate function in commands.go
**Component:** Database Layer / Query Package
**Status:** ✅ **FIXED** (2025-11-12)

### [P0-005: Setup Flow Broken - Critical Onboarding Issue](P0-005_Setup-Flow-Broken.md)
**Description:** Fresh installations show setup UI but all API calls fail with HTTP 502, preventing server configuration
**Component:** Server Initialization / Setup Flow
**Status:** ACTIVE

### [P0-006: Single-Admin Architecture Fundamental Decision](P0-006_Single-Admin-Architecture-Fundamental-Decision.md)
**Description:** RedFlag has multi-user scaffolding (users table, role system) despite being a single-admin homelab tool
**Component:** Architecture / Authentication
**Status:** INVESTIGATION_REQUIRED

---

## P1 - Major Issues (High Impact)

### [P1-001: Agent Install ID Parsing Issue](P1-001_Agent-Install-ID-Parsing-Issue.md)
**Description:** Install script always generates new UUIDs instead of preserving existing agent IDs for upgrades
**Component:** API Handler / Downloads / Agent Registration
**Status:** ACTIVE

### [P1-002: Scanner Timeout Configuration API](P1-002_Scanner-Timeout-Configuration-API.md)
**Description:** Adds configurable scanner timeouts to replace hardcoded 45-second limit causing false positives
**Component:** Configuration Management System
**Status:** ✅ **IMPLEMENTED** (2025-11-13)

---

## P2 - Moderate Issues (Important Features & Improvements)

### [P2-001: Binary URL Architecture Mismatch Fix](P2-001_Binary-URL-Architecture-Mismatch.md)
**Description:** Installation script uses generic URLs but server only provides architecture-specific URLs causing 404 errors
**Component:** API Handler / Downloads / Installation
**Status:** ACTIVE

### [P2-002: Migration Error Reporting System](P2-002_Migration-Error-Reporting.md)
**Description:** No mechanism to report migration failures to server for visibility in History table
**Component:** Agent Migration / Event Reporting / API
**Status:** ACTIVE

### [P2-003: Agent Auto-Update System](P2-003_Agent-Auto-Update-System.md)
**Description:** No automated mechanism for agents to self-update when new versions are available
**Component:** Agent Self-Update / Binary Signing / Update Orchestration
**Status:** ACTIVE

---

## P3-P5 Tasks Available

The following additional tasks are catalogued and available for future sprints:

### P3 - Minor Issues (6 total)
- Duplicate Command Prevention
- Security Status Dashboard Indicators
- Update Metrics Dashboard
- Token Management UI Enhancement
- Server Health Dashboard
- Structured Logging System

### P4 - Enhancement Tasks (6 total)
- Agent Retry Logic Resilience (Advanced)
- Scanner Timeout Optimization (Advanced)
- Agent File Management Migration
- Directory Path Standardization
- Testing Infrastructure Gaps
- Architecture Documentation Gaps

### P5 - Future Tasks (2 total)
- Security Audit Documentation Gaps
- Development Workflow Documentation

---

## Implementation Sequence Recommendation

### Phase 1: Critical Infrastructure (Week 1)
1. **P0-004** (Database Constraint) - Enables proper audit trails
2. **P0-005** (Setup Flow) - Critical onboarding for new installations
3. **P0-001** (Rate Limit Bug) - Unblocks agent registration
4. **P0-006** (Architecture Decision) - Fundamental design fix

### Phase 2: Architecture & Reliability (Week 2)
5. **P0-003** (Agent Retry Logic) - Critical for production stability
6. **P0-002** (Session Loop Bug) - Fixes post-setup user experience

### Phase 3: Agent Management (Week 3)
7. **P1-001** (Install ID Parsing) - Enables proper agent upgrades
8. **P2-001** (Binary URL Fix) - Fixes installation script downloads
9. **P2-002** (Migration Error Reporting) - Enables migration visibility

### Phase 4: Feature Enhancement (Week 4-5)
10. **P2-003** (Agent Auto-Update System) - Major feature for fleet management
11. **P3-P5** tasks based on capacity and priorities

---

## Impact Assessment

### Production Blockers (P0)
- **P0-001:** Prevents new agent installations
- **P0-002:** Makes UI unusable after server restart
- **P0-003:** Agents never recover from server issues
- **P0-004:** Breaks audit compliance for timeout events
- **P0-005:** Blocks all fresh installations
- **P0-006:** Fundamental architectural complexity threatening single-admin model

### Operational Impact (P1)
- **P1-001:** Prevents seamless agent upgrades/reinstallation
- **P1-002:** Scanner optimization reduces false positive rates substantially (RESOLVED)

### Feature Enhancement (P2)
- **P2-001:** Installation script failures for various architectures
- **P2-002:** No visibility into migration failures across agent fleet
- **P2-003:** Manual agent updates required for fleet management

---

## Dependency Map

```mermaid
graph TD
    P0_001[Rate Limit Bug] --> P1_001[Install ID Parsing]
    P0_003[Agent Retry Logic] --> P0_001[Rate Limit Bug]
    P0_004[DB Constraint] --> P0_003[Agent Retry Logic]
    P0_002[Session Loop] -.-> P0_001[Rate Limit Bug]
    P0_005[Setup Flow] -.-> P0_006[Single-Admin Arch]
    P2_001[Binary URL Fix] -.-> P1_001[Install ID Parsing]
    P2_002[Migration Reporting] --> P2_003[Auto Update]
    P2_003[Auto Update] --> P0_003[Agent Retry Logic]
```

**Legend:**
- `-->` : Strong dependency (must complete first)
- `-.->` : Weak dependency (recommended to complete first)

---

**Next Review Date:** 2025-12-23 (1 week from now)
**Current Focus:** Complete all P0 tasks, update P0-022 before any production deployment
**Next Actions:** Ensure all P0 tasks have clear progress markers and completion criteria