diff --git a/AGENTS.md b/AGENTS.md index 3241cbf..8e512d6 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -111,48 +111,32 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-keysat/ ## Current state (2026-06-17) -- **Live / canonical**: **`0.2.0:58`** published — registry + `files.keysat.xyz/keysat.s9pk`, - GitHub `v0.2.0-58`, universal multi-arch (x86_64 + aarch64). Live box - `immense-voyage.local` **confirmed on `:58`** (operator-verified in the StartOS UI). All - three public sites deployed (`keysat.xyz`, `docs.keysat.xyz`, `registry.keysat.xyz`). - Migrations through 0025; four SDKs published. +- **Live / canonical: `0.2.0:58`** — registry + `files.keysat.xyz/keysat.s9pk`, GitHub `v0.2.0-58`, + universal (x86_64 + aarch64); live box `immense-voyage.local` confirmed on `:58`. Migrations + through 0025; four SDKs published. All three public sites deployed (keysat.xyz, docs.keysat.xyz, + registry.keysat.xyz). -- **Shipped in `:58` — agent-payment-connect complete (slices 1–5).** A scoped key with the - à-la-carte `payment_providers:write` scope connects a BTCPay provider over the API, but - ONLY on a sandbox daemon (`KEYSAT_SANDBOX_MODE`) for a non-mainnet store; - master/mainnet/production + disconnect stay master-only. The gate fails closed: the store's - network is resolved from its on-chain receive address at callback, anything not provably - non-mainnet is denied. Migrations 0024–0025. Three reviewer passes; live gate - `validate-gate.sh` 10/10. Detail: `docs/guides/payments.md`, `plans/agent-payment-connect-scope.md`. +- **agent-payment-connect (slices 1–5) shipped in `:58`.** A `payment_providers:write` scoped key + connects BTCPay over the API, but only on a sandbox daemon for a non-mainnet store (fail-closed); + master/mainnet/production + disconnect stay master-only. Detail: `docs/guides/payments.md`. -- **Onboarding doc-harness — BOTH stages `completed-clean`, AND validated as ONE combined run.** - Stage 1 (SDK integration) + Stage 2 (regtest buyer-pays) prior sessions; **the combined - operator-order journey (gate a paid product, then a buyer pays to unlock the gated feature) - ran `completed-clean` on the first pass this session** and was independently re-verified end to - end (gate shut 401/403 → BTCPay regtest connected by scoped key → 50k-sat regtest payment - settled → purchased license opened the gate live, 200 + CSV). Rig: `onboarding-harness/stage2/` - (`run-stage2.sh` now carries the four-step combined brief; `probe.sh` now actually mints - `.live-env`). Walkthrough: `onboarding-harness/stage2/STAGE2-RESULT.md`. Doc fixes live on - `keysat-docs` (agent.html/install.html); the served `openapi.rs` BTCPay paths reached the live - spec as of `:58`. +- **Onboarding doc-harness — all `completed-clean`.** Stage 1 (SDK integration), Stage 2 (regtest + buyer-pays), and the **combined operator-order journey** (gate a paid product → buyer pays → + purchased license unlocks the gate) all pass docs-only under a scoped key. Rig: + `onboarding-harness/` (`stage2/run-stage2.sh` four-step brief; `probe.sh` mints `.live-env`); + walkthroughs in `stage2/STAGE2-RESULT.md`. Live docs now cover the case: `agent.html#connect-btcpay` + buyer-pays money path; landing got an "Example prompt" card + a two-path Install section + (Start9 one-click / sideload `keysat.s9pk`, vs. run-from-source on any Linux box — both + self-hosting, free at Creator tier, license to expand). -- **Public sites refreshed this session** (via `~/.keysat/deploy-sites.sh`): `agent.html#connect-btcpay` - gained the buyer-pays money path (`POST /v1/purchase` → poll → `license_key`, tied to the - worked-example gate); `keysat-xyz-landing` agent section gained an "Example prompt" card (the - one-liner an operator hands an agent). Note: `publish.sh` ships the **s9pk only** and is gated on - a version bump — it does NOT touch the HTML sites; `deploy-sites.sh` is the tool for those. - -- **Next (priority order)**: - 1. Operator data action (needs the master key): grant `unlimited_merchant_profiles` to - Pro/Patron on the live master (confirmed-absent details in Open TODOs). +- **Next (priority order):** + 1. Operator data action (needs master key): grant `unlimited_merchant_profiles` to Pro/Patron on + the live master (confirmed-absent; steps in Open TODOs). 2. 3 multi-profile UIs + split `audit:read` (ROADMAP / Open TODOs). -- **P2/P3 debt (unchanged, see ROADMAP)**: `set_product_entitlements_catalog` missing - `rows_affected` guard; no rate-limit on purchase/redeem (spoofable XFF); `422`/`415` - plain-text not JSON; `slug` unvalidated; dep advisories (`sqlx`→≥0.8.1, - `rustls-webpki`→≥0.103.12); no CI / fmt-clippy unenforced; outbound webhook SSRF; - design-contract conformance. +- **Debt (P2/P3, see ROADMAP):** rate-limit purchase/redeem; `422`/`415` JSON; `slug` validation; + `set_product_entitlements_catalog` `rows_affected` guard; dep advisories (`sqlx`≥0.8.1, + `rustls-webpki`≥0.103.12); no CI / fmt-clippy unenforced; webhook SSRF; design-contract conformance. -- **Tests/build**: full suite green — lib **18**, api **65**, subscriptions 7, upgrades 9, - worker 3, crosscheck 4, migrations 9 (through **0025**); `cargo check` + `npm run check` - clean (1 intentional deprecation warning); new code clippy-clean. +- **Tests/build:** full suite green (lib 18, api 65, subscriptions 7, upgrades 9, worker 3, + crosscheck 4, migrations 9 through 0025); `cargo check` + `npm run check` clean.