KLKLine FrontendDashboard · Preview · Embed shell

F027 backend endpoint map

Object Tree Backend Readiness Map

این صفحه از روی ZIP بک‌اند ارسالی، endpointهای واقعاً موجود برای overlay/indicator/object-tree را از persistence endpointهای هنوز برنامه‌ریزی‌شده جدا می‌کند. نتیجه مهم F027: server write هنوز نباید روشن شود.

Checked

۰۶:۳۳:۰۷

Source-map deterministic audit؛ بدون نیاز به token یا اجرای بک‌اند.

Pass

6

contractهای موجود در بک‌اند.

Warning

2

endpointهای admin-token protected.

Blocked

3

write/restore endpointهای هنوز پیاده‌سازی‌نشده.

Server writes

blocked

تا وقتی blocked داریم، persist واقعی امن نیست.
F027 عمداً backend write را فعال نکرد. بک‌اند فعلی registry/config/contractهای لازم را دارد، اما endpoint واقعی برای object-tree-drafts/preflight، persist و runtime restore در source scan پیدا نشد؛ پس فرانت فقط handshake/QA را نگه می‌دارد.
PASS

Overlay/drawing registry contract

GET /api/admin/widget-types/klinecharts-runtime/overlays/contract

auth: none

Backend exposes a backend-only overlay/drawing registry contract. Object Tree overlay rows must stay sourced from this registry plus runtime getOverlays snapshots.

  • src/control-plane/widget-type-registry/widget-type-registry.controller.ts -> @Controller("admin/widget-types") + @Get("klinecharts-runtime/overlays/contract")
PASS

Overlay interaction / object-tree contract

GET /api/admin/widget-types/klinecharts-runtime/overlays/interaction/contract

auth: none

Backend documents drawing mode, overlay events, object-tree sync and trusted plugin policy without exposing executable custom code.

  • src/control-plane/widget-type-registry/klinecharts-overlay-interaction.contract.ts -> object_tree_get_overlays
  • Runtime bootstrap handoff mentions object-tree sync and trusted registerOverlay policy
PASS

Built-in overlay restore test contract

GET /api/admin/widget-types/klinecharts-runtime/overlays/built-in-tests/part-1/contract

auth: none

Backend has a built-in overlay test/restore handoff. Server persistence must honor restore-after-refresh and symbol-switch semantics before live writes are enabled.

  • src/control-plane/widget-type-registry/widget-type-registry.controller.ts -> @Get("klinecharts-runtime/overlays/built-in-tests/part-1/contract")
PASS

Indicator registry contract

GET /api/admin/widget-types/klinecharts-runtime/indicators/contract

auth: none

Backend exposes indicator lifecycle/registry contract. Object Tree indicator rows must remain registry-driven and JSON-safe.

  • src/control-plane/widget-type-registry/widget-type-registry.controller.ts -> @Get("klinecharts-runtime/indicators/contract")
PASS

Chart instance Object Tree snapshot contract

GET /api/admin/widget-types/klinecharts-runtime/chart-instance-api/part1/contract

auth: none

Backend handoff says getIndicators/getOverlays are safe redacted snapshots for Object Tree/Admin Preview; raw chart instance must stay inside chart-runtime.

  • src/control-plane/widget-type-registry/klinecharts-chart-instance-api-part1.contract.ts -> getIndicators/getOverlays productDecision
PASS

Chart instance pixel/pane helper contract

GET /api/admin/widget-types/klinecharts-runtime/chart-instance-api/part2/contract

auth: none

Backend handoff covers getSize, convertToPixel and convertFromPixel for safe pane/object-tree selection without exposing DOM or chart instance to backend.

  • src/control-plane/widget-type-registry/klinecharts-chart-instance-api-part2.contract.ts -> getDom/getSize/convertToPixel/convertFromPixel handoff
WARNING

Admin overlay registry endpoint

GET /api/admin/kline/overlay-registry

auth: admin-token

Backend exposes an admin overlay registry endpoint, but it is admin-token protected. Frontend QA must not require manual admin token input or render token values.

  • src/control-plane/admin-api/admin-api.controller.ts -> @ApiBearerAuth() + @Get("kline/overlay-registry")
WARNING

Admin indicator registry endpoint

GET /api/admin/kline/indicator-registry

auth: admin-token

Backend exposes an admin indicator registry endpoint, but it is admin-token protected. Dashboard must use controlled admin flows and never expose token evidence.

  • src/control-plane/admin-api/admin-api.controller.ts -> @ApiBearerAuth() + @Get("kline/indicator-registry")
BLOCKED

Planned Object Tree preflight endpoint

POST /api/admin/chart-runtime-config/object-tree-drafts/preflight

auth: admin-token

No matching backend controller was found in the uploaded backend ZIP. F026 preflight remains a frontend contract until backend implements this route with tenant/auth/audit/revision enforcement.

  • No @Post("object-tree-drafts/preflight") or runtime object-tree draft controller found in backend source scan
BLOCKED

Planned Object Tree persist endpoint

POST /api/admin/chart-runtime-config/object-tree-drafts

auth: admin-token

Server-side Object Tree writes are still blocked. Persist must not be enabled until backend has idempotency replay, optimistic revision locking and audit-log enforcement.

  • Backend currently has registry/config contracts, not tenant-owned Object Tree draft persistence
BLOCKED

Planned runtime Object Tree restore endpoint

GET /api/v1/widget/object-tree

auth: runtime-token

No runtime restore endpoint was found. Iframe runtime must keep using local/contract restore paths until backend adds a runtime-token protected restore API.

  • Runtime widget controller exposes /api/v1/widget/bootstrap and /api/v1/widget/bootstrap/contract only; no /api/v1/widget/object-tree route found