grant/keysat-root
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Drop Start9 submission from next-steps; mark it operator-owned

Browse Source
This commit is contained in:
Keysat
2026-06-19 15:42:21 -05:00
parent 0a6018598f
commit 1cecc885b3
2 changed files with 5 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
AGENTS.md
+2 -8
View File
@@ -98,11 +98,6 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-keysat/
- `riscv` build target is unverified and not declared in the manifest; the wrapper `Makefile`
now pins `ARCHES` to `x86 arm` so no target (even a bare `make`) attempts it. Revisit only if
a riscv StartOS target appears.
- StartOS Community Registry submission — `prepare.sh` shipped (2026-06-18). Submission is
**email-based** (no PR, no form): mail `submissions@start9labs.com` a link to the public wrapper
repo; Start9 builds-from-source on a clean box → Community Beta → production-on-reply. Resolve two
unknowns with Start9 *before* submitting: (1) source-available `LicenseRef-Keysat-1.0` acceptability,
(2) whether the 0.4.x build still invokes `prepare.sh`. On-box manual verification still pending. Detail in ROADMAP.
- Split `audit:read` out of the blanket `:read` scope into its own tier so a
Read-only scoped key can read dashboards/licenses but NOT the full audit log
(`api/api_keys.rs::Role::grants`). Deferred from the scoped-keys session.
@@ -124,8 +119,7 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-keysat/
`ParseAndVerifyAt`/`ErrExpired` now reject expired keys offline, matching Rust/TS (reviewer-approved). **Go
published** (tag `v0.2.0`, go-proxy) and **Python published** (`keysat-licensing-client 0.3.0` on PyPI). Both
public sites redeployed (landing + docs, 200).
- **Next (priority):** 1) email Start9 re: license + 0.4.x build flow (gates registry submission). 2) eval P2
hardening (XFF rate-limit, dep bumps, admin/public port split). 3) split `audit:read` scope. (Nice-to-have:
document the new SDK verify methods in keysat-docs.)
- **Next (priority):** 1) eval P2 hardening (XFF rate-limit, dep bumps, admin/public port split). 2) split
`audit:read` scope. (Nice-to-have: document the new SDK verify methods in keysat-docs.)
- **Tests/build:** daemon `cargo test` green (~125 / 8 suites, incl. 5 new self-license clamp tests); wrapper
`tsc` clean; Python SDK pytest 14 green + Go `go test` green (both incl. new expiry tests). No CI.