You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs(roadmap): track Go tray OAuth config-file read as tray-api-purity debt (#806)
Found during the PR #805 architecture review: the tray must use only
the socket/REST API, but the OAuth login path still parses
mcp_config.json directly (pre-existing). Swift tray audited clean.
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: ROADMAP.md
+6-1Lines changed: 6 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -113,6 +113,10 @@ graph TD
113
113
telemetry_machineid_dash["Dashboard identityExpr prefers machine_id; exclude %-dev versions from human cohort; fix launch_source 79% unknown (repo mcpproxy-dash)"]
114
114
telemetry_snapshot_alerting["Alerting on external-downloads snapshot cron (34-day outage went unnoticed)"]
115
115
end
116
+
subgraph sg_tray_api_purity["Tray↔core decoupling: socket/REST API only, no config-file reads"]
117
+
tray_api_purity["Tray↔core decoupling: socket/REST API only, no config-file reads"]
118
+
tray_oauth_config_read["Go tray OAuth login path loads mcp_config.json directly (internal/tray/tray.go:~1734 config.LoadFromFile via GetConfigPath) — replace with REST (server config / OAuth endpoints), then remove GetConfigPath from the tray server interface if no consumers remain"]
119
+
end
116
120
subgraph sg_planning_hygiene["Planning/docs truth automation"]
117
121
planning_hygiene["Planning/docs truth automation"]
118
122
hygiene_roadmap_github_check["gen-roadmap --check-github: cross-check roadmap.yaml statuses vs gh PR state + dangling spec links"]
@@ -171,7 +175,7 @@ graph TD
171
175
class upgrade_nudge,connect_trust,telemetry_identity in_progress;
172
176
class windows_tray,windows_tray_window in_review;
173
177
class mcp_2026_upgrade blocked;
174
-
class windows_tray_funnel_qa,ux_audit,ux_audit_webui_sweep,ux_audit_macos_sweep,action_log_transparency,action_log_glance_view,action_log_retention_tie_in,analytics_dashboard,analytics_token_drain_graphs,analytics_default_landing,registries_search_add,registries_search_ux,upgrade_nudge_surfacing,upgrade_nudge_channel,upgrade_nudge_quiet,connect_trust_undo,connect_trust_tcc_copy,telemetry_machineid_worker,telemetry_machineid_dash,telemetry_snapshot_alerting,planning_hygiene,hygiene_tasks_reconcile,hygiene_docs_facts,hygiene_quickstart_contract,security_gateway_cd,discovery_eval_harness todo;
178
+
class windows_tray_funnel_qa,ux_audit,ux_audit_webui_sweep,ux_audit_macos_sweep,action_log_transparency,action_log_glance_view,action_log_retention_tie_in,analytics_dashboard,analytics_token_drain_graphs,analytics_default_landing,registries_search_add,registries_search_ux,upgrade_nudge_surfacing,upgrade_nudge_channel,upgrade_nudge_quiet,connect_trust_undo,connect_trust_tcc_copy,telemetry_machineid_worker,telemetry_machineid_dash,telemetry_snapshot_alerting,tray_api_purity,tray_oauth_config_read,planning_hygiene,hygiene_tasks_reconcile,hygiene_docs_facts,hygiene_quickstart_contract,security_gateway_cd,discovery_eval_harness todo;
175
179
class marketplace,siem,paid_tier,sdk_v1_migration,sso parked;
176
180
```
177
181
@@ -188,6 +192,7 @@ graph TD
188
192
| Action log / transparency — info at a glance | Todo | unassigned | P0 | — |||
189
193
| Analytics dashboard as default page | Todo | unassigned | P1 | 16/26 (62%) |[069-observability-usage-graphs](./specs/069-observability-usage-graphs/)||
Copy file name to clipboardExpand all lines: roadmap.yaml
+14Lines changed: 14 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -412,6 +412,20 @@ epics:
412
412
status: todo
413
413
depends_on: []
414
414
415
+
- id: tray-api-purity
416
+
title: "Tray↔core decoupling: socket/REST API only, no config-file reads"
417
+
status: todo
418
+
assignee: unassigned
419
+
priority: P2
420
+
depends_on: []
421
+
note: "Architecture rule (CLAUDE.md): the tray holds no state and talks to the core only via socket/REST + SSE. 2026-07-03 audit: Swift tray clean (opens config in editor only, never parses); Go tray's update-check gate was caught reading mcp_config.json in PR #805 review and reworked to core-API gating — but one pre-existing violation remains."
422
+
tasks:
423
+
- id: tray-oauth-config-read
424
+
title: "Go tray OAuth login path loads mcp_config.json directly (internal/tray/tray.go:~1734 config.LoadFromFile via GetConfigPath) — replace with REST (server config / OAuth endpoints), then remove GetConfigPath from the tray server interface if no consumers remain"
0 commit comments