Drop Start9 submission from next-steps; mark it operator-owned
This commit is contained in:
Keysat
@@ -98,11 +98,6 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-keysat/
|
|||||||
- `riscv` build target is unverified and not declared in the manifest; the wrapper `Makefile`
|
- `riscv` build target is unverified and not declared in the manifest; the wrapper `Makefile`
|
||||||
now pins `ARCHES` to `x86 arm` so no target (even a bare `make`) attempts it. Revisit only if
|
now pins `ARCHES` to `x86 arm` so no target (even a bare `make`) attempts it. Revisit only if
|
||||||
a riscv StartOS target appears.
|
a riscv StartOS target appears.
|
||||||
- StartOS Community Registry submission — `prepare.sh` shipped (2026-06-18). Submission is
|
|
||||||
**email-based** (no PR, no form): mail `submissions@start9labs.com` a link to the public wrapper
|
|
||||||
repo; Start9 builds-from-source on a clean box → Community Beta → production-on-reply. Resolve two
|
|
||||||
unknowns with Start9 *before* submitting: (1) source-available `LicenseRef-Keysat-1.0` acceptability,
|
|
||||||
(2) whether the 0.4.x build still invokes `prepare.sh`. On-box manual verification still pending. Detail in ROADMAP.
|
|
||||||
- Split `audit:read` out of the blanket `:read` scope into its own tier so a
|
- Split `audit:read` out of the blanket `:read` scope into its own tier so a
|
||||||
Read-only scoped key can read dashboards/licenses but NOT the full audit log
|
Read-only scoped key can read dashboards/licenses but NOT the full audit log
|
||||||
(`api/api_keys.rs::Role::grants`). Deferred from the scoped-keys session.
|
(`api/api_keys.rs::Role::grants`). Deferred from the scoped-keys session.
|
||||||
@@ -124,8 +119,7 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-keysat/
|
|||||||
`ParseAndVerifyAt`/`ErrExpired` now reject expired keys offline, matching Rust/TS (reviewer-approved). **Go
|
`ParseAndVerifyAt`/`ErrExpired` now reject expired keys offline, matching Rust/TS (reviewer-approved). **Go
|
||||||
published** (tag `v0.2.0`, go-proxy) and **Python published** (`keysat-licensing-client 0.3.0` on PyPI). Both
|
published** (tag `v0.2.0`, go-proxy) and **Python published** (`keysat-licensing-client 0.3.0` on PyPI). Both
|
||||||
public sites redeployed (landing + docs, 200).
|
public sites redeployed (landing + docs, 200).
|
||||||
- **Next (priority):** 1) email Start9 re: license + 0.4.x build flow (gates registry submission). 2) eval P2
|
- **Next (priority):** 1) eval P2 hardening (XFF rate-limit, dep bumps, admin/public port split). 2) split
|
||||||
hardening (XFF rate-limit, dep bumps, admin/public port split). 3) split `audit:read` scope. (Nice-to-have:
|
`audit:read` scope. (Nice-to-have: document the new SDK verify methods in keysat-docs.)
|
||||||
document the new SDK verify methods in keysat-docs.)
|
|
||||||
- **Tests/build:** daemon `cargo test` green (~125 / 8 suites, incl. 5 new self-license clamp tests); wrapper
|
- **Tests/build:** daemon `cargo test` green (~125 / 8 suites, incl. 5 new self-license clamp tests); wrapper
|
||||||
`tsc` clean; Python SDK pytest 14 green + Go `go test` green (both incl. new expiry tests). No CI.
|
`tsc` clean; Python SDK pytest 14 green + Go `go test` green (both incl. new expiry tests). No CI.
|
||||||
|
|||||||
+3
-2
@@ -28,8 +28,9 @@ Longer-term backlog. Near-term state lives in `AGENTS.md` → Current state.
|
|||||||
|
|
||||||
## Packaging & distribution
|
## Packaging & distribution
|
||||||
|
|
||||||
- **Start9 Community Registry submission.** Mechanism (researched 2026-06-18): **email-based, not a PR or
|
- **Start9 Community Registry submission** — **operator-owned** (Grant handles the Start9 communication
|
||||||
form.** Mail `submissions@start9labs.com` (the 0.3.5.x docs say `submissions@start9.com` — addresses are
|
directly; not an agent task; kept here as reference only). Mechanism (researched 2026-06-18): **email-based,
|
||||||
|
not a PR or form.** Mail `submissions@start9labs.com` (the 0.3.5.x docs say `submissions@start9.com` — addresses are
|
||||||
inconsistent) a link to the public wrapper repo (+ detailed README); both wrapper and upstream source must
|
inconsistent) a link to the public wrapper repo (+ detailed README); both wrapper and upstream source must
|
||||||
be public. Start9 snapshots the repo, **builds from source on a clean Debian box** (`prepare.sh` + `make`; a
|
be public. Start9 snapshots the repo, **builds from source on a clean Debian box** (`prepare.sh` + `make`; a
|
||||||
failed first build bounces the submission), installs + tests on real hardware (metadata, install/uninstall,
|
failed first build bounces the submission), installs + tests on real hardware (metadata, install/uninstall,
|
||||||
|
|||||||
Reference in New Issue
Block a user