Drop Start9 submission from next-steps; mark it operator-owned
This commit is contained in:
Keysat
@@ -98,11 +98,6 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-keysat/
|
||||
- `riscv` build target is unverified and not declared in the manifest; the wrapper `Makefile`
|
||||
now pins `ARCHES` to `x86 arm` so no target (even a bare `make`) attempts it. Revisit only if
|
||||
a riscv StartOS target appears.
|
||||
- StartOS Community Registry submission — `prepare.sh` shipped (2026-06-18). Submission is
|
||||
**email-based** (no PR, no form): mail `submissions@start9labs.com` a link to the public wrapper
|
||||
repo; Start9 builds-from-source on a clean box → Community Beta → production-on-reply. Resolve two
|
||||
unknowns with Start9 *before* submitting: (1) source-available `LicenseRef-Keysat-1.0` acceptability,
|
||||
(2) whether the 0.4.x build still invokes `prepare.sh`. On-box manual verification still pending. Detail in ROADMAP.
|
||||
- Split `audit:read` out of the blanket `:read` scope into its own tier so a
|
||||
Read-only scoped key can read dashboards/licenses but NOT the full audit log
|
||||
(`api/api_keys.rs::Role::grants`). Deferred from the scoped-keys session.
|
||||
@@ -124,8 +119,7 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-keysat/
|
||||
`ParseAndVerifyAt`/`ErrExpired` now reject expired keys offline, matching Rust/TS (reviewer-approved). **Go
|
||||
published** (tag `v0.2.0`, go-proxy) and **Python published** (`keysat-licensing-client 0.3.0` on PyPI). Both
|
||||
public sites redeployed (landing + docs, 200).
|
||||
- **Next (priority):** 1) email Start9 re: license + 0.4.x build flow (gates registry submission). 2) eval P2
|
||||
hardening (XFF rate-limit, dep bumps, admin/public port split). 3) split `audit:read` scope. (Nice-to-have:
|
||||
document the new SDK verify methods in keysat-docs.)
|
||||
- **Next (priority):** 1) eval P2 hardening (XFF rate-limit, dep bumps, admin/public port split). 2) split
|
||||
`audit:read` scope. (Nice-to-have: document the new SDK verify methods in keysat-docs.)
|
||||
- **Tests/build:** daemon `cargo test` green (~125 / 8 suites, incl. 5 new self-license clamp tests); wrapper
|
||||
`tsc` clean; Python SDK pytest 14 green + Go `go test` green (both incl. new expiry tests). No CI.
|
||||
|
||||
+3
-2
@@ -28,8 +28,9 @@ Longer-term backlog. Near-term state lives in `AGENTS.md` → Current state.
|
||||
|
||||
## Packaging & distribution
|
||||
|
||||
- **Start9 Community Registry submission.** Mechanism (researched 2026-06-18): **email-based, not a PR or
|
||||
form.** Mail `submissions@start9labs.com` (the 0.3.5.x docs say `submissions@start9.com` — addresses are
|
||||
- **Start9 Community Registry submission** — **operator-owned** (Grant handles the Start9 communication
|
||||
directly; not an agent task; kept here as reference only). Mechanism (researched 2026-06-18): **email-based,
|
||||
not a PR or form.** Mail `submissions@start9labs.com` (the 0.3.5.x docs say `submissions@start9.com` — addresses are
|
||||
inconsistent) a link to the public wrapper repo (+ detailed README); both wrapper and upstream source must
|
||||
be public. Start9 snapshots the repo, **builds from source on a clean Debian box** (`prepare.sh` + `make`; a
|
||||
failed first build bounces the submission), installs + tests on real hardware (metadata, install/uninstall,
|
||||
|
||||
Reference in New Issue
Block a user