Problem
The config page can write .env and mutate parts of h.cfg in internal/adminapi/mismatches.go:228. That makes the dashboard say the configuration changed, but several runtime objects were already built at startup.
Examples:
cmd/paystable/main.go:61 creates the PayU client from startup config.
cmd/paystable/main.go:72 starts the delivery worker with copied config values.
cmd/paystable/main.go:91 binds the server port once.
- Existing workers may keep using old callback and gateway settings even after
.env is updated.
Partial runtime mutation is worse than no mutation. Operators need to know what is actually active.
Scope
Choose one path and make it consistent:
- Make the dashboard config page read-only, except for secret rotation if that path is truly runtime-backed.
- Keep editing, but return a clear
restart_required response and show it in the UI.
- Implement real runtime reload for all affected components.
For now, option 1 or 2 is probably the right size.
Acceptance criteria
- The UI does not say runtime configuration was applied when the running process still uses old values.
- If config editing remains, the API response identifies which keys require restart.
- If config editing is removed,
POST /api/v1/admin/config is removed or returns a safe status such as 405 Method Not Allowed.
- Secret rotation remains separate from
.env editing and keeps its current runtime behavior.
- Tests cover the selected API behavior.
- The Config page reflects the selected behavior without editable fields that have no runtime effect.
Problem
The config page can write
.envand mutate parts ofh.cfgininternal/adminapi/mismatches.go:228. That makes the dashboard say the configuration changed, but several runtime objects were already built at startup.Examples:
cmd/paystable/main.go:61creates the PayU client from startup config.cmd/paystable/main.go:72starts the delivery worker with copied config values.cmd/paystable/main.go:91binds the server port once..envis updated.Partial runtime mutation is worse than no mutation. Operators need to know what is actually active.
Scope
Choose one path and make it consistent:
restart_requiredresponse and show it in the UI.For now, option 1 or 2 is probably the right size.
Acceptance criteria
POST /api/v1/admin/configis removed or returns a safe status such as405 Method Not Allowed..envediting and keeps its current runtime behavior.