Redflag/docs/3_BACKLOG/BLOCKERS-SUMMARY.md

Critical Blockers Summary - v0.2.x Release

Last Updated: 2025-12-13 Status: Multiple P0 issues blocking fresh installations

🚨 ACTIVE P0 BLOCKERS

1. P0-005: Setup Flow Broken (NEW - CRITICAL)

• Issue: Fresh installations show setup UI but all API calls fail with 502 Bad Gateway
• Impact: Cannot configure server, generate keys, or create admin user
• User Experience: Complete blocker for new adopters
• Root Causes Identified:
  1. Auto-created admin user prevents setup detection
  2. Setup API endpoints returning 502 errors
  3. Backend may not be running or accepting connections

Next Step: Debug why API calls get 502 errors

2. P0-004: Database Constraint Violation

• Issue: Timeout service can't write audit logs
• Impact: Breaks audit compliance for timeout events
• Fix: Add 'timed_out' to valid result values constraint
• Effort: 30 minutes

Next Step: Quick database schema fix

3. P0-001: Rate Limit First Request Bug

• Issue: Every agent registration gets 429 on first request
• Impact: Blocks new agent installations
• Fix: Namespace rate limiter keys by endpoint type
• Effort: 1 hour

Next Step: Quick rate limiter fix

4. P0-002: Session Loop Bug (UI)

• Issue: UI flashes rapidly after server restart
• Impact: Makes UI unusable, requires manual logout/login
• Status: Needs investigation

Next Step: Investigate React useEffect dependencies

⚠️ DOWNGRADED FROM P0

P0-003: Agent No Retry Logic → P1 (OUTDATED)

• Finding: Retry logic EXISTS (documentation was wrong)
• What Works: Agent retries every polling interval
• Enhancements Needed: Exponential backoff, circuit breaker for main connection
• Priority: P1 enhancement, not P0 blocker

Action: Documentation updated, downgrade to P1

🔒 SECURITY GAPS

Build Orchestrator Not Connected (CRITICAL)

• Issue: Signing service not integrated with build pipeline
• Impact: Update signing we implemented cannot work (no signed packages)
• Security.md Status: "Code is complete but Build Orchestrator is not yet connected"
• Effort: 1-2 days integration work

This blocks v0.2.x security features from functioning!

📊 PRIORITY ORDER FOR FIXES

Immediate (Next Session)

1. Debug P0-005: Why setup API returns 502 errors

   • Check if backend is running on :8080
   • Check setup handler for panics/errors
   • Verify proxy configuration

2. Fix P0-005 Flow: Stop auto-creating admin user

   • Remove EnsureAdminUser from main()
   • Detect zero users, redirect to setup
   • Create admin via setup UI

This Week

3. Fix P0-004: Database constraint (30 min)
4. Fix P0-001: Rate limiting bug (1 hour)
5. Connect Build Orchestrator: Enable update signing (1-2 days)

Next Week

6. Fix P0-002: Session loop bug
7. Update P0-003 docs: Already done, consider enhancements

🎯 USER IMPACT SUMMARY

Current State: Fresh installations are completely broken

User Flow:

1. Build RedFlag ✅
2. Start with docker compose ✅
3. Navigate to UI ✅
4. See setup page ✅
5. Try to configure: 502 errors ❌
6. Can't generate keys ❌
7. Don't know admin credentials ❌
8. Stuck ❌

Next Session Priority: Fix P0-005 (setup 502 errors and flow)

📝 NOTES

• P0-003 analysis saved to docs/3_BACKLOG/P0-003_Agent-Retry-Status-Analysis.md
• P0-005 issue documented in docs/3_BACKLOG/P0-005_Setup-Flow-Broken.md
• Blockers summary saved to docs/3_BACKLOG/BLOCKERS-SUMMARY.md

Critical Path: Fix setup flow → Fix database/rate limit → Connect build orchestrator → v0.2.x release ready