grant/keysat-root
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Current state and ROADMAP after the doc-audit sweep

Browse Source 
Record the cross-repo documentation fixes, registry-landing removal, and the
Start9 submission blockers. A plain GET to registry.keysat.xyz 404s by design
(StartOS registry protocol only), not an outage.
This commit is contained in:
Keysat
2026-06-17 16:27:40 -05:00
parent 391cf68b91
commit 34f0783519
2 changed files with 33 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
AGENTS.md
+24 -28
View File
@@ -92,10 +92,12 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-keysat/
## Open TODOs ## Open TODOs
- `riscv` build target is unverified and not declared in the manifest (so - `riscv` build target is unverified and not declared in the manifest; the wrapper `Makefile`
`make universal` excludes it); revisit only if a riscv StartOS target appears. now pins `ARCHES` to `x86 arm` so no target (even a bare `make`) attempts it. Revisit only if
- StartOS Community Registry submission criteria — Start9 hasn't published the a riscv StartOS target appears.
checklist; reach out directly when ready. - StartOS Community Registry submission is **BLOCKED** (needs a `prepare.sh`; plus icon-render
and source-available-license questions to confirm with Start9) — detail in ROADMAP. Criteria
themselves still unpublished; reach out when ready.
- Registry icon doesn't render in the StartOS marketplace (see `guides/startos-packaging.md`). - Registry icon doesn't render in the StartOS marketplace (see `guides/startos-packaging.md`).
- Split `audit:read` out of the blanket `:read` scope into its own tier so a - Split `audit:read` out of the blanket `:read` scope into its own tier so a
Read-only scoped key can read dashboards/licenses but NOT the full audit log Read-only scoped key can read dashboards/licenses but NOT the full audit log
@@ -111,31 +113,25 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-keysat/
## Current state (2026-06-17) ## Current state (2026-06-17)
- **Live / canonical: `0.2.0:58`** — registry + `files.keysat.xyz/keysat.s9pk`, GitHub `v0.2.0-58`, - **Live / canonical: `0.2.0:58`** — universal s9pk at `files.keysat.xyz/keysat.s9pk` + GitHub `v0.2.0-58`;
universal (x86_64 + aarch64); live box `immense-voyage.local` confirmed on `:58`. Migrations live box `immense-voyage.local` on `:58`. Migrations through 0025; four SDKs published; two public sites
through 0025; four SDKs published. Both public sites deployed (keysat.xyz, docs.keysat.xyz). (keysat.xyz, docs.keysat.xyz) live. `keysat-registry-landing` deleted this session — local + all refs gone;
the GitHub + Gitea remote repos still need operator deletion (gh needs `delete_repo` scope).
- **agent-payment-connect (slices 15) shipped in `:58`.** A `payment_providers:write` scoped key - **This session — documentation audit + fix sweep across every public repo and both sites** (all committed +
connects BTCPay over the API, but only on a sandbox daemon for a non-mainnet store (fail-closed); pushed to GitHub + gitea; sites redeployed and verified live): daemon docs → 0.2.0 (admin-UI replaces the
master/mainnet/production + disconnect stay master-only. Detail: `docs/guides/payments.md`. removed StartOS actions, Zaprite shipped, roles, runtime image, validate reasons); SDK READMEs fixed (the
Rust crate name/version was a copy-paste blocker) and expanded (TS/Python tiers, seats, free-license);
landing SDK snippets + tier-card fallback prices; docs change-tier example + install-step resequence;
Makefile pins `ARCHES=x86 arm`. No daemon source touched.
- **Onboarding doc-harness — all `completed-clean`.** Stage 1 (SDK integration), Stage 2 (regtest - **Start9 Community Registry: BLOCKED** — functional criteria pass; needs `prepare.sh` + icon-render +
buyer-pays), and the **combined operator-order journey** (gate a paid product → buyer pays → source-available-license sign-off from Start9 (ROADMAP). (Note: `registry.keysat.xyz` works as a marketplace
purchased license unlocks the gate) all pass docs-only under a scoped key. Rig: on a Start9 box; a plain browser/curl GET 404s **by design** — no HTML page is served there. Not an outage.)
`onboarding-harness/` (`stage2/run-stage2.sh` four-step brief; `probe.sh` mints `.live-env`);
walkthroughs in `stage2/STAGE2-RESULT.md`. Live docs now cover the case: `agent.html#connect-btcpay`
buyer-pays money path; landing got an "Example prompt" card + a two-path Install section
(Start9 one-click / sideload `keysat.s9pk`, vs. run-from-source on any Linux box — both
self-hosting, free at Creator tier, license to expand).
- **Next (priority order):** - **Next (priority):** 1) Operator data action (master key): grant `unlimited_merchant_profiles` to Pro/Patron
1. Operator data action (needs master key): grant `unlimited_merchant_profiles` to Pro/Patron on on live master (steps in Open TODOs). 2) Delete registry-landing GitHub + Gitea remotes. 3) 3 multi-profile
the live master (confirmed-absent; steps in Open TODOs). UIs + split `audit:read`.
2. 3 multi-profile UIs + split `audit:read` (ROADMAP / Open TODOs).
- **Debt (P2/P3, see ROADMAP):** rate-limit purchase/redeem; `422`/`415` JSON; `slug` validation; - **Tests/build:** docs-only session, no code touched; last full suite green (lib/api/subscriptions/upgrades/
`set_product_entitlements_catalog` `rows_affected` guard; dep advisories (`sqlx`≥0.8.1, worker/crosscheck/migrations through 0025), `cargo check` + `npm run check` clean. Debt (P2/P3) in ROADMAP.
`rustls-webpki`≥0.103.12); no CI / fmt-clippy unenforced; webhook SSRF; design-contract conformance.
- **Tests/build:** full suite green (lib 18, api 65, subscriptions 7, upgrades 9, worker 3,
crosscheck 4, migrations 9 through 0025); `cargo check` + `npm run check` clean.
ROADMAP.md
+9 -5
View File
@@ -31,7 +31,12 @@ Longer-term backlog. Near-term state lives in `AGENTS.md` → Current state.
## Packaging & distribution ## Packaging & distribution
- Start9 Community Registry submission — criteria are unpublished; contact Start9 directly when ready. - Start9 Community Registry submission — a 2026-06-17 spec check found the wrapper passes the functional
criteria (manifest, interfaces, health check, backup/restore, BTCPay dep, actions) but submission is BLOCKED
on three items: (1) no `prepare.sh` to set up a clean Debian box for the first build (copy the one from
`hello-world-startos`); (2) the registry icon not rendering in the marketplace (may be operator-hosted-only —
confirm with Start9); (3) `LicenseRef-Keysat-1.0` is source-available but more restrictive than OSI — confirm
Start9 accepts it. Email Start9 on (2)+(3) before investing in (1). Submission criteria remain unpublished.
## Licensing model ## Licensing model
@@ -58,10 +63,9 @@ The brand contract now lives in `design/DESIGN.md` + `design/tokens.tokens.json`
badges-only) — `keysat-xyz-landing/index.html:384-385`. Set to 8px. badges-only) — `keysat-xyz-landing/index.html:384-385`. Set to 8px.
**Structural (headline):** **Structural (headline):**
- All four surfaces inline their own copy of the CSS variables instead of importing the - All three surfaces inline their own copy of the CSS variables instead of importing the
canonical `design/brand/palette.css` (landing :33-56, registry :11-22, docs.css :7-21, canonical `design/brand/palette.css` (landing :33-56, docs.css :7-21, admin :9-25). Copies
admin :9-25). Copies are currently exact but one edit from drift. Consolidate onto are currently exact but one edit from drift. Consolidate onto `palette.css`.
`palette.css`.
**Token gaps / drift (decide: tokenize the as-built value, or snap to an existing token):** **Token gaps / drift (decide: tokenize the as-built value, or snap to an existing token):**
- `14px` card radius used throughout the marketing landing — not a token (between `r-lg` 12 - `14px` card radius used throughout the marketing landing — not a token (between `r-lg` 12