HIGH PRIORITY:
1. Pool allocation race condition
- Add file locking around entire pool allocation in haproxy_add_domain
- Prevents concurrent calls from getting same pool
2. haproxy_remove_server - disk-first pattern
- Remove from config FIRST, then update HAProxy
- Rollback config on HAProxy failure
3. Wildcard domain prefix validation
- Reject domains starting with '.'
- Prevents double-prefix like '..domain.com'
MEDIUM PRIORITY:
4. Variable shadowing fix
- Rename state_output to servers_state in haproxy_set_domain_state
5. JSON size limit
- Add MAX_SERVERS_JSON_SIZE = 10000 limit for haproxy_add_servers
6. Remove get_server_suffixes
- Delete unused abstraction layer
- Inline logic in restore_servers_from_config and haproxy_add_domain
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
913ba0fdca