feat: ship HTTP dashboard and harden daemon/API flows
Add the static HTTP dashboard example and wire in the recent daemon/API polish: CORS-aware API routing, service-install behavior cleanup, safer systemd unit ExecStart quoting, and friendly-name validation for path-safe targeting. Also refresh README/API/roadmap docs, remove the temporary claude observations file, and include the related tests for API/status and daemon validation.
This commit is contained in:
44r0n7
+11
@@ -5,6 +5,8 @@
|
||||
This file captures the v1 surface promised by the design bundle so the
|
||||
repository has a dedicated API spec from day one.
|
||||
|
||||
For browser-based tools, CORS is opt-in via daemon config.
|
||||
|
||||
## Base URL
|
||||
|
||||
`http://127.0.0.1:7272/v1`
|
||||
@@ -57,4 +59,13 @@ Error responses:
|
||||
- `error.code` values are stable machine contracts.
|
||||
- `error.hint` is optional but recommended for user-actionable failures.
|
||||
- Devices may be addressed by UUID or friendly name.
|
||||
- Path targets must be URL-encoded by clients (for example `Living Room TV` -> `Living%20Room%20TV`).
|
||||
- User-supplied friendly names are trimmed; `/` and `%` are rejected (`invalid_device_name`).
|
||||
- Platform-specific field names must not leak past the adapter layer.
|
||||
- Browser clients require `daemon.cors_enabled = true` and explicit `daemon.cors_allowed_origins`.
|
||||
|
||||
## Dashboard Example
|
||||
|
||||
An endpoint coverage dashboard is included at:
|
||||
|
||||
`examples/http-dashboard/`
|
||||
|
||||
Reference in New Issue
Block a user