From 1cecc885b3949579c8d4363ad39e0cfb6d8aec38 Mon Sep 17 00:00:00 2001 From: Keysat Date: Fri, 19 Jun 2026 15:42:21 -0500 Subject: [PATCH] Drop Start9 submission from next-steps; mark it operator-owned --- AGENTS.md | 10 ++-------- ROADMAP.md | 5 +++-- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index ad39a12..23b2ef5 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -98,11 +98,6 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-keysat/ - `riscv` build target is unverified and not declared in the manifest; the wrapper `Makefile` now pins `ARCHES` to `x86 arm` so no target (even a bare `make`) attempts it. Revisit only if a riscv StartOS target appears. -- StartOS Community Registry submission — `prepare.sh` shipped (2026-06-18). Submission is - **email-based** (no PR, no form): mail `submissions@start9labs.com` a link to the public wrapper - repo; Start9 builds-from-source on a clean box → Community Beta → production-on-reply. Resolve two - unknowns with Start9 *before* submitting: (1) source-available `LicenseRef-Keysat-1.0` acceptability, - (2) whether the 0.4.x build still invokes `prepare.sh`. On-box manual verification still pending. Detail in ROADMAP. - Split `audit:read` out of the blanket `:read` scope into its own tier so a Read-only scoped key can read dashboards/licenses but NOT the full audit log (`api/api_keys.rs::Role::grants`). Deferred from the scoped-keys session. @@ -124,8 +119,7 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-keysat/ `ParseAndVerifyAt`/`ErrExpired` now reject expired keys offline, matching Rust/TS (reviewer-approved). **Go published** (tag `v0.2.0`, go-proxy) and **Python published** (`keysat-licensing-client 0.3.0` on PyPI). Both public sites redeployed (landing + docs, 200). -- **Next (priority):** 1) email Start9 re: license + 0.4.x build flow (gates registry submission). 2) eval P2 - hardening (XFF rate-limit, dep bumps, admin/public port split). 3) split `audit:read` scope. (Nice-to-have: - document the new SDK verify methods in keysat-docs.) +- **Next (priority):** 1) eval P2 hardening (XFF rate-limit, dep bumps, admin/public port split). 2) split + `audit:read` scope. (Nice-to-have: document the new SDK verify methods in keysat-docs.) - **Tests/build:** daemon `cargo test` green (~125 / 8 suites, incl. 5 new self-license clamp tests); wrapper `tsc` clean; Python SDK pytest 14 green + Go `go test` green (both incl. new expiry tests). No CI. diff --git a/ROADMAP.md b/ROADMAP.md index a59affe..9286f1c 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -28,8 +28,9 @@ Longer-term backlog. Near-term state lives in `AGENTS.md` → Current state. ## Packaging & distribution -- **Start9 Community Registry submission.** Mechanism (researched 2026-06-18): **email-based, not a PR or - form.** Mail `submissions@start9labs.com` (the 0.3.5.x docs say `submissions@start9.com` — addresses are +- **Start9 Community Registry submission** — **operator-owned** (Grant handles the Start9 communication + directly; not an agent task; kept here as reference only). Mechanism (researched 2026-06-18): **email-based, + not a PR or form.** Mail `submissions@start9labs.com` (the 0.3.5.x docs say `submissions@start9.com` — addresses are inconsistent) a link to the public wrapper repo (+ detailed README); both wrapper and upstream source must be public. Start9 snapshots the repo, **builds from source on a clean Debian box** (`prepare.sh` + `make`; a failed first build bounces the submission), installs + tests on real hardware (metadata, install/uninstall,