GXWF_WEB_SYNC_1_PLAN

Plan: Sync Python gxwf-web with TS styling Branch

Reference branches:

Findings (current divergence)

API endpoints: identical at the verb level. All endpoints (/workflows, /workflows/{path}/{validate,clean,export,convert,roundtrip,lint}, /api/contents/*) exist on both sides with matching params (strict_structure, strict_encoding, connections, mode, clean_first, allow[], deny[], dry_run, preserve[], strip[]).

Report models: Python is fine. The TS packages/schema/src/workflow/report-models.ts actually has a stale removed_keys: string[] on CleanStepResult, while both OpenAPI specs and Python use removed_state_keys + removed_step_keys. Fix is on the TS side, not here. lint_error_messages / lint_warning_messages already present in Python.

Recent TS work (since GXWF_AGENT.md was written):

Python gaps:

  1. No CSP headers at all (Monaco-enabled UI build will be blocked).
  2. No /monaco/* or /ext/* static routes for the extension-host iframe + staged .vsix.
  3. No E2E tests; TS has a full Playwright harness in packages/gxwf-e2e/.

Plan

Step 1 — Confirm OpenAPI parity (sanity check)

Step 2 — CSP middleware

Step 3 — Stage and serve the VS Code extension

Step 4 — Build/serve the Monaco-enabled UI

Step 5 — Wire E2E harness against Python server

Step 6 — VS Code mode runnable from Python

Step 7 — Run E2E in VS Code mode against Python

Test strategy summary

Unresolved questions