docs: channel feature-parity principle + pool-parity/token-host follow-up plan#45
Merged
Merged
Conversation
… follow-up plan Pools shipped CLI-only (no REST endpoints, no Telegram commands) while every other store-backed surface (policy/cred/binding/mcp) is reachable from all channels. Adds: - docs/plans/20260518-channel-feature-parity.md: follow-up plan to (1) lift pool ops into a channel-agnostic package, (2) add /api/pools REST endpoints (spec-first), (3) add Telegram /pool commands, (4) scope pool token-host phantom expansion to grant_type=refresh_token so a fresh in-container codex device_code login is no longer corrupted into a 400. - CLAUDE.md / CONTRIBUTING.md: a general channel-feature-parity principle — store-backed features land on CLI + REST + Telegram in the same PR via channel-agnostic logic; single-channel only with a documented rationale, else reviewers block for parity.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Operating the credential-pool feature live exposed that pools are CLI-only — no
/api/poolsREST endpoints, no Telegram/poolcommands — while every other store-backed surface (policy, credentials, bindings, MCP upstreams, default-verdict) is reachable from CLI + REST + Telegram. It also confirmed a real defect: pooled token-host phantom expansion rewrites every request to the shared OAuth token host, so a fresh in-containercodex login --device-auth(device_codegrant) is corrupted into400 token_exchange_user_error.What this PR adds (docs/plan only — no code)
docs/plans/20260518-channel-feature-parity.md— follow-up implementation plan:internal/poolopspackage (root cause of the gap: rotate/status logic was written inline incmd/sluice/pool.go)./api/poolsREST endpoints, spec-first (api/openapi.yaml→make generate)./pool create|list|status|rotate|remove.grant_type=refresh_tokenso non-refresh grants (device-code/auth-code) pass through untouched.Includes context, testing strategy, per-task checklists, and out-of-scope notes.
CLAUDE.md/CONTRIBUTING.md— a general channel feature-parity principle: store-backed management features must land on CLI + REST + Telegram in the same PR via channel-agnostic logic; single-channel is allowed only with a documented rationale (e.g. local operator tools, CLI-stdin-only OAuth entry), otherwise reviewers should block the PR for parity.Scope / notes
v0.17.0follow-up flagged in thev0.16.0release notes' "Known limitation".internal/poolopsonce it exists).