grant/keysat-root
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Handoff: Go SDK v0.2.0 published + sites redeployed; Python PyPI upload pending

Browse Source
This commit is contained in:
Keysat
2026-06-19 14:04:43 -05:00
parent 1331de9c3e
commit 82a87276c9
2 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ROADMAP.md
+1 -1
View File
@@ -91,4 +91,4 @@ Longer-term backlog. Near-term state lives in `AGENTS.md` → Current state.
- Re-test `KEYSAT_INTEGRATION.md` against a fresh downstream app to confirm a clean one-shot SDK integration.
- **Add an automated regression test for multi-profile webhook routing** (adjudicated 2026-06-17 → DO, low blast radius — replaces the parked "manual Zaprite sandbox pass"). The routing is a deterministic provider-id→profile primary-key lookup with an anti-forgery re-fetch backstop, so the manual sandbox ceremony isn't worth it — but the path-keyed route (`/v1/{provider}/webhook/:provider_id``handle_for_provider`) currently has zero automated coverage on the money path. Plan: in `tests/api.rs`, reuse the two-provider fixture (~:3958), POST a Settled webhook to `/v1/zaprite/webhook/{provider-A-id}`, assert only profile A settles (B untouched; an unknown path-id 404s). Existing mock seam, no external account, runs in `cargo test`. Effort S.
- **Publish the Python + Go SDK releases carrying offline-expiry rejection.** Code landed 2026-06-19 (Python `Verifier.verify_with_time`, Go `ParseAndVerifyAt` + `ErrExpired`, both with tests, examples, and READMEs updated, mirroring Rust/TS `verify_with_time`/`verifyWithTime`) and is pushed to GitHub + gitea — but consumers won't get it until a release: bump `pyproject.toml` + build/twine-upload to PyPI (Python); push a new semver tag (Go, proxy.golang.org picks it up). Additive, non-breaking — minor bump. Consider matching the Rust/TS SDK versions if they're being cut too. (Online `/v1/validate` already enforces expiry for every SDK, so unupgraded offline integrators are the only exposure.)
- **Upload the Python SDK `0.3.0` to PyPI** (carries the offline-expiry `verify_with_time`). The Go SDK already shipped 2026-06-19 as tag `v0.2.0` (go-proxy serves it from GitHub); Python is ready in-repo but not on PyPI — `python -m build` + `twine upload` with the operator's PyPI token (no creds in-session). `keysat-licensing-client` is not yet on PyPI, so `0.3.0` is the first upload. Additive, non-breaking. (Online `/v1/validate` already enforces expiry for every SDK, so unupgraded offline integrators are the only exposure.)