Record registry-submission process + start-cli/prepare.sh; capture eval P2 backlog
Refresh AGENTS Current state for the full-eval session; document the email-based community-registry submission flow and the start-cli installer in the packaging guide; add a ROADMAP Security & hardening section so the eval P2s survive EVALUATION.md overwrites.
This commit is contained in:
Keysat
@@ -95,9 +95,11 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-keysat/
|
||||
- `riscv` build target is unverified and not declared in the manifest; the wrapper `Makefile`
|
||||
now pins `ARCHES` to `x86 arm` so no target (even a bare `make`) attempts it. Revisit only if
|
||||
a riscv StartOS target appears.
|
||||
- StartOS Community Registry submission — remaining gap is a `prepare.sh` for the clean-Debian
|
||||
first build (plus the on-box manual verification); functional criteria otherwise pass. Detail
|
||||
in ROADMAP. Submission criteria themselves still unpublished; reach out when ready.
|
||||
- StartOS Community Registry submission — `prepare.sh` shipped (2026-06-18). Submission is
|
||||
**email-based** (no PR, no form): mail `submissions@start9labs.com` a link to the public wrapper
|
||||
repo; Start9 builds-from-source on a clean box → Community Beta → production-on-reply. Resolve two
|
||||
unknowns with Start9 *before* submitting: (1) source-available `LicenseRef-Keysat-1.0` acceptability,
|
||||
(2) whether the 0.4.x build still invokes `prepare.sh`. On-box manual verification still pending. Detail in ROADMAP.
|
||||
- Split `audit:read` out of the blanket `:read` scope into its own tier so a
|
||||
Read-only scoped key can read dashboards/licenses but NOT the full audit log
|
||||
(`api/api_keys.rs::Role::grants`). Deferred from the scoped-keys session.
|
||||
@@ -110,17 +112,19 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-keysat/
|
||||
public sites (keysat.xyz, docs.keysat.xyz) live. All repos synced to **both** GitHub + gitea.
|
||||
`keysat-registry-landing` remotes deleted by the operator.
|
||||
|
||||
- **Shipped `:60` — Zaprite auto-charge silent-lapse fix.** `try_auto_charge_zaprite` suppresses manual-pay
|
||||
only for a settled status (`PAID`/`COMPLETE`/`OVERPAID`, via the new `zaprite_charge_settled` helper + unit
|
||||
test); any other/unknown status falls through to the manual-pay pay link. Allowlist by design. No schema/SDK change.
|
||||
- **Decided — Keysat sends no buyer email.** Buyer email + the per-profile SMTP send path are dropped
|
||||
(`plans/keysat-smtp-emails.md` superseded; dormant `merchant_profiles.smtp_*` flagged in code). The surviving
|
||||
kernel, operator failure alerts, is reframed onto StartOS notifications/health (ROADMAP "Operability & alerts").
|
||||
- **Docs reconciled:** false "Keysat emails the license" claim removed from docs.keysat.xyz; `HOW_IT_WORKS.md`
|
||||
corrected (subscriptions + merchant profiles shipped, no email); new design-checker-clean Merchant profiles
|
||||
docs section. `unlimited_merchant_profiles` confirmed live on Pro + Patron policies (Creator excluded).
|
||||
- **Next (priority):** 1) automated multi-profile webhook routing test (ROADMAP, Effort S). 2) split `audit:read`
|
||||
from the blanket `:read` scope. 3) operator-alerts-via-StartOS (verify the start-sdk 1.3.2 API first).
|
||||
4) registry-submission `prepare.sh` + on-box verification.
|
||||
- **Tests/build:** `cargo check` + wrapper `tsc` clean; `zaprite_charge_settled` unit test green; full suite
|
||||
through 0025 last green. Pre-existing docs.css radius drift (10px vs 12px `r-lg`, 3 spots) noted; not blocking.
|
||||
- **This session — full eval + three P1 fixes (all committed & pushed).** Ran the five-agent `/full-eval`
|
||||
(evaluator, security-auditor, exerciser, doc-auditor, start9-spec-checker); report in `EVALUATION.md`
|
||||
(no P0s; strong crypto/auth/webhook posture). Fixed all three P1s: (1) crosscheck harness `run_ts.mjs`
|
||||
hardcoded `/sessions/...` path → resolves relative to repo (keysat-root); (2) Rust SDK + `keysat-docs`
|
||||
imported `licensing_client` not `keysat_licensing_client` — fixed, plus two latent bugs it masked (example's
|
||||
undeclared `anyhow` → stdlib; doctest `include_str!` of a missing file → inline PEM); (3) added
|
||||
`licensing-service-startos/prepare.sh` clean-Debian build bootstrap. Reviewer-approved; verified green.
|
||||
- **Registry submission mechanism researched.** Email-based (no PR/form) — see Open TODOs + ROADMAP. Two
|
||||
blocking unknowns to clear with Start9 first: license acceptability + whether 0.4.x still uses `prepare.sh`.
|
||||
- **Prior context still current:** `:60` Zaprite silent-lapse fix shipped; Keysat sends no buyer email
|
||||
(SMTP path dormant); docs reconciled; `unlimited_merchant_profiles` live on Pro+Patron (not Creator).
|
||||
- **Next (priority):** 1) email Start9 re: license + 0.4.x build flow (gates the whole submission). 2) eval
|
||||
P2 hardening — XFF rate-limit bypass, dep-advisory bumps, admin/public port split (ROADMAP "Security &
|
||||
hardening"). 3) automated multi-profile webhook routing test (Effort S). 4) split `audit:read` scope.
|
||||
- **Tests/build:** daemon `cargo test` ~117–131 green across 8 suites; wrapper `tsc` clean; Rust SDK
|
||||
`cargo build --examples` + doctest now green; crosscheck harness passes end-to-end. No CI enforces any of it.
|
||||
|
||||
Reference in New Issue
Block a user