From 1f6fcac5965194c4ba769ca7e3a5d6daf40844aa Mon Sep 17 00:00:00 2001 From: Keysat Date: Fri, 19 Jun 2026 23:15:16 -0500 Subject: [PATCH] Triage keysat inbox items into ROADMAP; add inbox-check line Route captured items into ROADMAP: design-contract cleanup, registry version-retention research, reorder-entitlements UI, and the refactor-scout code-health cluster. Add the portable inbox-check line to AGENTS.md. --- AGENTS.md | 3 +++ ROADMAP.md | 35 ++++++++++++++++++++++++++++++++++- 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/AGENTS.md b/AGENTS.md index 23b2ef5..6296965 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -8,6 +8,9 @@ guides under `docs/guides/` (symlinked to `.claude/rules/` so Claude Code auto-loads each when you edit matching files). **Before editing a subsystem, read its guide** — see the index below. +**Inbox check:** At session start, if `~/Projects/standards/INBOX.md` exists, scan it for items tagged +`(keysat)` and surface them before proposing next steps; triage with `/triage`. + ## Stack - **Daemon**: Rust 1.88, `axum`, `sqlx` + SQLite, Ed25519 signing. diff --git a/ROADMAP.md b/ROADMAP.md index 9286f1c..7d05099 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -41,6 +41,9 @@ Longer-term backlog. Near-term state lives in `AGENTS.md` → Current state. (docs conflict: "source available" vs "Open Source License") — highest-leverage; a hard No blocks regardless of build-readiness; (2) does the 0.4.x build flow still invoke `prepare.sh` (a 0.3.5.x concept, absent from 0.4.x docs). Then the on-box manual verification. Functional criteria otherwise pass (2026-06-17 spec check). +- **Registry version retention** — does the self-hosted registry need to keep every prior version of the keysat + s9pk as we upgrade, or can superseded versions be pruned? Research-agent to investigate StartOS registry + version-retention semantics + storage implications. (Captured 2026-06-16.) ## Operability & alerts @@ -91,4 +94,34 @@ Longer-term backlog. Near-term state lives in `AGENTS.md` → Current state. ## Validation - Re-test `KEYSAT_INTEGRATION.md` against a fresh downstream app to confirm a clean one-shot SDK integration. -- **Add an automated regression test for multi-profile webhook routing** (adjudicated 2026-06-17 → DO, low blast radius — replaces the parked "manual Zaprite sandbox pass"). The routing is a deterministic provider-id→profile primary-key lookup with an anti-forgery re-fetch backstop, so the manual sandbox ceremony isn't worth it — but the path-keyed route (`/v1/{provider}/webhook/:provider_id` → `handle_for_provider`) currently has zero automated coverage on the money path. Plan: in `tests/api.rs`, reuse the two-provider fixture (~:3958), POST a Settled webhook to `/v1/zaprite/webhook/{provider-A-id}`, assert only profile A settles (B untouched; an unknown path-id 404s). Existing mock seam, no external account, runs in `cargo test`. Effort S. \ No newline at end of file +- **Add an automated regression test for multi-profile webhook routing** (adjudicated 2026-06-17 → DO, low blast radius — replaces the parked "manual Zaprite sandbox pass"). The routing is a deterministic provider-id→profile primary-key lookup with an anti-forgery re-fetch backstop, so the manual sandbox ceremony isn't worth it — but the path-keyed route (`/v1/{provider}/webhook/:provider_id` → `handle_for_provider`) currently has zero automated coverage on the money path. Plan: in `tests/api.rs`, reuse the two-provider fixture (~:3958), POST a Settled webhook to `/v1/zaprite/webhook/{provider-A-id}`, assert only profile A settles (B untouched; an unknown path-id 404s). Existing mock seam, no external account, runs in `cargo test`. Effort S. + +## Design (contract conformance) + +- **Design-contract cleanup from the 2026-06-16 design-checker audit** (re-run design-checker after to confirm). + Detail also in `design/DESIGN.md`. + - **3 blockers** — code violates the contract's named "never" rules on live CTAs: (a) gold-as-fill on admin + `.featured-pill-toggle.on` (`licensing-service-startos/licensing-service/web/index.html:418`) → navy fill or + gold border+text; (b) gold-as-fill on admin `#tier-banner-cta` upgrade button (`web/index.html:537-542`) → + navy primary; (c) primary buy CTA pill radius `999px` (`keysat-xyz-landing/index.html:384-385`) → `r-md` 8px. + - **Structural** — consolidate the 4 surfaces' inlined CSS-variable copies onto canonical + `design/brand/palette.css` (import it, drop the private copies). + - **Token gaps** (tokenize-vs-snap) — 14px landing card radius; wordmark letter-spacing 0.30 vs 0.28em (add a + `letterSpacing.wordmark` token); semantic badge text one-offs (`#205c47`/`#7a5814`/`#8a2828`); hardcoded + syntax-highlight hex → `var()`; admin `#f6f1e7` off-token. + +## Admin UI + +- **Reorder the entitlements catalog** from the edit-products view (admin SPA). (Captured 2026-06-18.) + +## Code health / refactoring (from the 2026-06-19 refactor-scout test drive) + +- **Delete 3 confirmed-dead functions** (clippy + grep confirm zero callers): deprecated payment shims + `read_/write_active_provider_preference` (`src/payment/mod.rs:59-102`), unwired `_audit_payload` + (`src/upgrades.rs:607`), unused `BtcpayClient::store_id` (`src/btcpay/client.rs:172`). +- **`db/repo.rs` column consts** — extract `PRODUCT_COLS` (lines 17-46, repeated 4×) and `INVOICE_COLS` + (516-518, 2×) named consts to match the `*_COLS` convention every other entity already uses; test-covered by + `tests/api.rs` so low risk. +- **Large-function splits — DEFER, each gated on writing characterization tests FIRST:** `buy_page::render()` + (~1070 lines, `src/api/buy_page.rs:35`), `subscriptions::renew_one()` (~370 lines, money-critical worker), + and the `db/repo.rs` god module (~3422 lines, split along its existing section-comment headers). \ No newline at end of file