# Critical Blockers Summary - v0.2.x Release

**Last Updated:** 2025-12-13
**Status:** Multiple P0 issues blocking fresh installations

## 🚨 ACTIVE P0 BLOCKERS

### 1. P0-005: Setup Flow Broken (NEW - CRITICAL)
- **Issue**: Fresh installations show setup UI but all API calls fail with 502 Bad Gateway
- **Impact**: Cannot configure server, generate keys, or create admin user
- **User Experience**: Complete blocker for new adopters
- **Root Causes Identified**:
  1. Auto-created admin user prevents setup detection
  2. Setup API endpoints returning 502 errors
  3. Backend may not be running or accepting connections

**Next Step**: Debug why API calls get 502 errors

### 2. P0-004: Database Constraint Violation
- **Issue**: Timeout service can't write audit logs
- **Impact**: Breaks audit compliance for timeout events
- **Fix**: Add 'timed_out' to valid result values constraint
- **Effort**: 30 minutes

**Next Step**: Quick database schema fix

### 3. P0-001: Rate Limit First Request Bug
- **Issue**: Every agent registration gets 429 on first request
- **Impact**: Blocks new agent installations
- **Fix**: Namespace rate limiter keys by endpoint type
- **Effort**: 1 hour

**Next Step**: Quick rate limiter fix

### 4. P0-002: Session Loop Bug (UI)
- **Issue**: UI flashes rapidly after server restart
- **Impact**: Makes UI unusable, requires manual logout/login
- **Status**: Needs investigation

**Next Step**: Investigate React useEffect dependencies

## ⚠️ DOWNGRADED FROM P0

### P0-003: Agent No Retry Logic → P1 (OUTDATED)
- **Finding**: Retry logic EXISTS (documentation was wrong)
- **What Works**: Agent retries every polling interval
- **Enhancements Needed**: Exponential backoff, circuit breaker for main connection
- **Priority**: P1 enhancement, not P0 blocker

**Action**: Documentation updated, downgrade to P1

## 🔒 SECURITY GAPS

### Build Orchestrator Not Connected (CRITICAL)
- **Issue**: Signing service not integrated with build pipeline
- **Impact**: Update signing we implemented cannot work (no signed packages)
- **Security.md Status**: "Code is complete but Build Orchestrator is not yet connected"
- **Effort**: 1-2 days integration work

**This blocks v0.2.x security features from functioning!**

## 📊 PRIORITY ORDER FOR FIXES

### Immediate (Next Session)
1. **Debug P0-005**: Why setup API returns 502 errors
   - Check if backend is running on :8080
   - Check setup handler for panics/errors
   - Verify proxy configuration
   
2. **Fix P0-005 Flow**: Stop auto-creating admin user
   - Remove EnsureAdminUser from main()
   - Detect zero users, redirect to setup
   - Create admin via setup UI

### This Week
3. **Fix P0-004**: Database constraint (30 min)
4. **Fix P0-001**: Rate limiting bug (1 hour)
5. **Connect Build Orchestrator**: Enable update signing (1-2 days)

### Next Week
6. **Fix P0-002**: Session loop bug
7. **Update P0-003 docs**: Already done, consider enhancements

## 🎯 USER IMPACT SUMMARY

**Current State**: Fresh installations are completely broken

**User Flow**:
1. Build RedFlag ✅
2. Start with docker compose ✅
3. Navigate to UI ✅
4. See setup page ✅
5. **Try to configure: 502 errors** ❌
6. **Can't generate keys** ❌
7. **Don't know admin credentials** ❌
8. **Stuck** ❌

**Next Session Priority**: Fix P0-005 (setup 502 errors and flow)

## 📝 NOTES

- P0-003 analysis saved to docs/3_BACKLOG/P0-003_Agent-Retry-Status-Analysis.md
- P0-005 issue documented in docs/3_BACKLOG/P0-005_Setup-Flow-Broken.md
- Blockers summary saved to docs/3_BACKLOG/BLOCKERS-SUMMARY.md

**Critical Path**: Fix setup flow → Fix database/rate limit → Connect build orchestrator → v0.2.x release ready