Fix doc drift; document no-enforce-mode and universal publish
Corrections surfaced by doc-auditor + start9-spec-checker: - testing.md: api suite 47 -> 54 - payments.md: FK enforcement confirmed at db/mod.rs:29 - startos-packaging.md: publish.sh now ships a universal s9pk - licensing-tiers.md: record enforce-mode retirement and Creator caps Refresh Current state for the StartOS submission-blocker work.
This commit is contained in:
Keysat
@@ -12,6 +12,17 @@ paths:
|
||||
The daemon licenses **itself** via its own licensing scheme — the operator runs a
|
||||
master Keysat that issues the license this instance validates.
|
||||
|
||||
## Always boots — no enforce mode
|
||||
|
||||
Enforce mode was **retired**: there is no `KEYSAT_LICENSE_ENFORCE` build flag and
|
||||
`check_at_boot` (`license_self.rs`) always returns `Ok`. A missing/invalid
|
||||
self-license logs a warning and the daemon runs at the free **Creator** tier
|
||||
(`Tier::Unlicensed`, surfaced as "Creator" in the admin UI) with Creator caps —
|
||||
**5 products, 5 policies per product, 10 active discount codes**. Activating a
|
||||
license lifts those caps and unlocks `recurring_billing` + `zaprite_payments`.
|
||||
Treat any "marketplace build refuses to start without a license" wording in code
|
||||
comments or copy as stale.
|
||||
|
||||
## Live entitlements
|
||||
|
||||
Tier gates must read **LIVE** entitlements from `licenses.entitlements` (refreshed
|
||||
|
||||
@@ -111,9 +111,11 @@ response carries no parseable positive amount. Regression tests in `tests/api.rs
|
||||
`get_merchant_profile_for_product` bug; prefer a subquery or qualify columns.
|
||||
`tests/api.rs::merchant_profile_provider_resolution_queries_round_trip` exercises
|
||||
the resolution surface — keep it green when touching these queries.
|
||||
- FK enforcement is **not** guaranteed at runtime: `PRAGMA foreign_keys = ON` in a
|
||||
migration is connection-scoped. Confirm the pool sets it per-connection before
|
||||
relying on cascade/constraint behavior (e.g. deleting a profile with products).
|
||||
- FK enforcement is **ON**: the sqlx pool sets `.foreign_keys(true)` per
|
||||
connection (`db/mod.rs:29`), so cascade/constraint behavior is safe to rely on
|
||||
(e.g. deleting a profile with products). A bare `PRAGMA foreign_keys = ON` in a
|
||||
migration would be connection-scoped and is not what guarantees this — the pool
|
||||
option is.
|
||||
- Known: after a `:52`+ install the master Zaprite webhook still points at the
|
||||
legacy URL — works via back-compat, needs re-register for per-provider isolation.
|
||||
- `unlimited_merchant_profiles` entitlement gates profile count (Creator = 1,
|
||||
|
||||
@@ -38,7 +38,7 @@ silently no-ops an install whose version equals what's already installed. Run
|
||||
## Release (operator-local scripts, in `~/.keysat/`, gitignored)
|
||||
|
||||
```
|
||||
~/.keysat/publish.sh # version-gate → make x86 → FileBrowser upload → registry register → GitHub mirror
|
||||
~/.keysat/publish.sh # version-gate → make universal → FileBrowser upload → registry register → GitHub mirror
|
||||
~/.keysat/deploy-sites.sh landing docs # push static sites; accepts: landing | docs | registry-landing
|
||||
```
|
||||
|
||||
@@ -49,10 +49,13 @@ Credentials: `~/.keysat/filebrowser.env` (`chmod 600`); env `KEYSAT_FB_USER`,
|
||||
|
||||
## Arch & manifest
|
||||
|
||||
- Both `x86_64` and `aarch64` build cleanly (arm verified 2026-06-12). The
|
||||
manifest declares `['x86_64', 'aarch64']` but `publish.sh` only uploads x86_64 —
|
||||
**don't claim multi-arch as shipped** until publish handles both. (`riscv` target
|
||||
exists, unverified.)
|
||||
- Both `x86_64` and `aarch64` build cleanly (arm verified 2026-06-12). `publish.sh`
|
||||
now builds a single universal `keysat.s9pk` via `make universal` (both arches in
|
||||
one package — the registry holds one s9pk per version, so a per-arch split won't
|
||||
work), matching the manifest's `['x86_64', 'aarch64']` claim. **Pending a
|
||||
verification build**: the combined universal pack hasn't been run end-to-end yet;
|
||||
confirm the registry index lists both arches on the first publish. (`riscv` target
|
||||
exists, unverified; not in the manifest, so `make universal` excludes it.)
|
||||
- Manifest `license` is `LicenseRef-Keysat-1.0`, matching the package-root
|
||||
`LICENSE` SPDX id.
|
||||
|
||||
|
||||
@@ -54,7 +54,9 @@ webhook settle-confirmation guard (see [payments](payments.md)).
|
||||
|
||||
The 3 `:52`-era known-failing tests are **resolved**: the two `paid_purchase_*`
|
||||
greened via the seam, the dead `payment_provider_preference_round_trip` deleted.
|
||||
api suite is now **47 pass / 0 fail**; all other suites green.
|
||||
api suite is now **54 pass / 0 fail** (47 after the `:52` fixes, plus the
|
||||
post-`:54` scoped-key role-boundary and settle-tripwire tests); all other
|
||||
suites green.
|
||||
|
||||
## Cross-language wire-format tests
|
||||
|
||||
|
||||
Reference in New Issue
Block a user