grant/keysat-root
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Handoff: Go SDK v0.2.0 published + sites redeployed; Python PyPI upload pending

Browse Source
This commit is contained in:
Keysat
2026-06-19 14:04:43 -05:00
parent 1331de9c3e
commit 82a87276c9
2 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
AGENTS.md
+13 -8
View File
@@ -73,6 +73,9 @@ Run `git remote -v` (full) and check what the branch tracks before pushing.
Keysat (Grant), not Claude** — git user is `Keysat`.
- Direct push to `main` + run `~/.keysat/publish.sh` is the authorized release flow
until launch.
- **SDK releases are independent + manual** (no `publish.sh` equivalent): Go via a pushed
git tag (go-proxy serves from GitHub); Python via `pyproject.toml` + twine→PyPI; TS via
npm; Rust via crates.io — the operator runs each with their own registry credentials.
- Never rewrite user-facing copy outside the explicit scope of a request.
## Never
@@ -117,11 +120,13 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-keysat/
(DB narrows, never widens; `clamp_to_signed_ceiling`). (2) An expired/tampered self-license lingered until
restart; now re-verified each refresh and demoted like revoked/suspended. Crypto + offline master key
confirmed sound (no signature-forgery path). Commit messages kept **generic** per operator request.
- **Also this session — SDK offline-expiry parity resolved (source).** Python (`Verifier.verify_with_time`) + Go
(`ParseAndVerifyAt` + `ErrExpired`) now reject expired keys offline, matching Rust/TS; tests + examples +
READMEs updated, all green, pushed to GitHub + gitea. **Not yet published** to PyPI / go-proxy (→ ROADMAP).
- **Next (priority):** 1) publish Python + Go SDK releases (PyPI bump + Go semver tag) so the expiry fix reaches
consumers. 2) email Start9 re: license + 0.4.x build flow (gates registry submission). 3) eval P2 hardening
(XFF rate-limit, dep bumps, admin/public port split). 4) split `audit:read` scope.
- **Tests/build:** daemon `cargo test` green (~125 across 8 suites, incl. 5 new self-license clamp unit tests);
wrapper `tsc` clean; Python SDK pytest 14 green + Go SDK `go test` green (both incl. new expiry tests). No CI.
- **SDK offline-expiry parity resolved + Go published.** Python `Verifier.verify_with_time` + Go
`ParseAndVerifyAt`/`ErrExpired` now reject expired keys offline, matching Rust/TS (reviewer-approved). **Go
published** as tag `v0.2.0` (go-proxy). **Python `0.3.0` is ready in-repo but NOT on PyPI** — upload needs the
operator's token (no twine/creds in-session). Both public sites redeployed (landing + docs, 200).
- **Next (priority):** 1) operator uploads Python SDK `0.3.0` to PyPI (`python -m build` + `twine upload`, your
token). 2) email Start9 re: license + 0.4.x build flow (registry submission). 3) eval P2 hardening (XFF
rate-limit, dep bumps, admin/public port split). 4) split `audit:read` scope. (Nice-to-have: document the new
SDK verify methods in keysat-docs.)
- **Tests/build:** daemon `cargo test` green (~125 / 8 suites, incl. 5 new self-license clamp tests); wrapper
`tsc` clean; Python SDK pytest 14 green + Go `go test` green (both incl. new expiry tests). No CI.