grant/keysat-root
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Mark 0.2.0:62 published/canonical; note install-version check

Browse Source 
Current state: 0.2.0:62 published via publish.sh (files.keysat.xyz byte-verified,
GitHub release v0.2.0-62, registry-registered, installed on the box). Add an
install-verification note to the packaging guide: use start-cli package
installed-version keysat; the daemon /info version reports CARGO_PKG_VERSION,
not the s9pk revision.
This commit is contained in:
Keysat
2026-06-20 06:09:20 -05:00
parent 1f6fcac596
commit 6f32651404
2 changed files with 23 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
AGENTS.md
+17 -20
View File
@@ -105,24 +105,21 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-keysat/
Read-only scoped key can read dashboards/licenses but NOT the full audit log Read-only scoped key can read dashboards/licenses but NOT the full audit log
(`api/api_keys.rs::Role::grants`). Deferred from the scoped-keys session. (`api/api_keys.rs::Role::grants`). Deferred from the scoped-keys session.
## Current state (2026-06-19) ## Current state (2026-06-20)
- **Live / canonical: `0.2.0:61`** — universal s9pk (x86_64 + aarch64) at `files.keysat.xyz/keysat.s9pk` - **Live / canonical: `0.2.0:62`** — universal s9pk (x86_64 + aarch64) published this session via `publish.sh`:
(byte-verified) + GitHub release `v0.2.0-61` + registry-registered; installed on `immense-voyage.local`, byte-verified at `files.keysat.xyz/keysat.s9pk` (63001063 bytes) + GitHub release `v0.2.0-62` + registry-registered
master `licensing.keysat.xyz` returns 200. Migrations through 0025; four SDKs + two public sites (git `cc08230`); installed on `immense-voyage.local` (`start-cli package installed-version keysat``0.2.0:62`),
(keysat.xyz, docs.keysat.xyz) live. All repos on **GitHub + gitea**. master `licensing.keysat.xyz` `/healthz` 200. `:62` is the buy-page single-quote-escape fix (forked `html_escape`
- **This session — adversarial self-license pressure-test (security-auditor → exerciser → reviewer) → two deduped onto the canonical `api::mod.rs` impl + unit test). Migrations through 0025.
fixes shipped in `:61`.** Both in `refresh_self_tier_from_db` (see guides/licensing-tiers.md): (1) the - **This session — keysat inbox triage, buy-page fix, `:62` release.** Routed captured items into ROADMAP (new
unsigned `licenses.entitlements_json` column could *widen* the daemon's own tier past its signed key — any sections): design-contract cleanup, registry version-retention research, reorder-entitlements UI, refactor-scout
box-owner with any valid key could self-upgrade to Patron via a DB edit; now clamped to a signed **ceiling** code-health cluster. Fixed + shipped the buy-page HTML under-escape. Discarded 4 done/duplicate items. Added the
(DB narrows, never widens; `clamp_to_signed_ceiling`). (2) An expired/tampered self-license lingered until portable inbox-check line to AGENTS.md.
restart; now re-verified each refresh and demoted like revoked/suspended. Crypto + offline master key - **Shipped earlier in `:61` (still true):** self-license tier clamp + re-verify-on-refresh hardening; all four
confirmed sound (no signature-forgery path). Commit messages kept **generic** per operator request. SDKs at offline-expiry parity (Python 0.3.0 PyPI, Go v0.2.0). Four SDKs + two public sites (keysat.xyz,
- **SDK offline-expiry parity resolved + published (all four).** Python `Verifier.verify_with_time` + Go docs.keysat.xyz) live. All repos on **GitHub + gitea**.
`ParseAndVerifyAt`/`ErrExpired` now reject expired keys offline, matching Rust/TS (reviewer-approved). **Go - **Next (priority):** 1) eval P2 hardening (XFF rate-limit, dep bumps, admin/public port split — see ROADMAP).
published** (tag `v0.2.0`, go-proxy) and **Python published** (`keysat-licensing-client 0.3.0` on PyPI). Both 2) split `audit:read` scope. 3) work the newly-routed ROADMAP items (design-contract cleanup, etc.).
public sites redeployed (landing + docs, 200). - **Tests/build:** daemon `cargo check` + `cargo test --lib` green (new `html_escape` single-quote test passes);
- **Next (priority):** 1) eval P2 hardening (XFF rate-limit, dep bumps, admin/public port split). 2) split wrapper `tsc` clean; universal s9pk published clean. No CI.
`audit:read` scope. (Nice-to-have: document the new SDK verify methods in keysat-docs.)
- **Tests/build:** daemon `cargo test` green (~125 / 8 suites, incl. 5 new self-license clamp tests); wrapper
`tsc` clean; Python SDK pytest 14 green + Go `go test` green (both incl. new expiry tests). No CI.
docs/guides/startos-packaging.md
+6
View File
@@ -28,6 +28,12 @@ npm run prettier # prettier --write startos (NOT enforced; see testing.md)
Auth for `make install` is the developer key at `~/.startos/developer.key.pem` Auth for `make install` is the developer key at `~/.startos/developer.key.pem`
(private — never commit/share). (private — never commit/share).
`make install` prints only "🚀 Installing …" and is otherwise silent on success.
Verify it landed with `start-cli package installed-version keysat` (returns the
box's `0.2.0:N` ExVer revision) plus `GET /healthz` on the public URL. The
daemon's `/info` `version` field reports `CARGO_PKG_VERSION` (`0.1.0`), **not** the
s9pk revision, so it can't tell you which `:N` is running.
## Clean-box build bootstrap (`prepare.sh`) ## Clean-box build bootstrap (`prepare.sh`)
`prepare.sh` (in `licensing-service-startos/`) installs every HOST prerequisite a `prepare.sh` (in `licensing-service-startos/`) installs every HOST prerequisite a