From fc37b2d46bf8c835eeb03a7ef7daeaba605ba2d6 Mon Sep 17 00:00:00 2001 From: Keysat Date: Sat, 13 Jun 2026 07:00:08 -0500 Subject: [PATCH] Mark 0.2.0:55 shipped; record refund scrub; clear resolved StartOS-blocker debt Registry now publishes :55 (universal multi-arch, verified). Public docs scrubbed of refund copy (Keysat has no refund feature). All 4 StartOS submission blockers resolved and shipped. --- AGENTS.md | 61 +++++++++++++++++++++++-------------------------------- 1 file changed, 25 insertions(+), 36 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index 8ef420c..a2468dc 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -90,10 +90,8 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-licensi ## Open TODOs -- Verify the universal multi-arch publish end-to-end: `publish.sh` now runs - `make universal` (one `keysat.s9pk`, both arches) instead of x86-only; the first - real publish must confirm the registry index lists both arches. `riscv` target - unverified (not in the manifest, so `make universal` excludes it). +- `riscv` build target is unverified and not declared in the manifest (so + `make universal` excludes it); revisit only if a riscv StartOS target appears. - StartOS Community Registry submission criteria — Start9 hasn't published the checklist; reach out directly when ready. - Registry icon doesn't render in the StartOS marketplace (see `guides/startos-packaging.md`). @@ -105,36 +103,32 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-licensi ## Current state (2026-06-13) -- **Live**: server `immense-voyage.local` runs daemon `0.2.0:54` (migrations - 0020–0022). Registry `registry.keysat.xyz` publishes `:54`; four SDKs published; - `keysat.xyz` + `docs.keysat.xyz` deployed. **Prod is still `:54` — the prior - session's two P1 fixes are committed to source but NOT yet built/installed/ - published. Next release builds `:55`.** -- **This session (UNCOMMITTED across 4 repos; docs + StartOS packaging, no daemon - logic changed)** — doc-auditor + start9-spec-checker + 2 reviewer passes, all - approved/no blockers; `tsc` + `bash -n` clean. By repo: - - *root* (Gitea): `testing.md` api 47→54; `payments.md` FK confirmed - (`db/mod.rs:29`); `startos-packaging.md` + this block updated for universal - publish; `licensing-tiers.md` gained the "no enforce mode / Creator caps" note. - - *keysat-docs* (Gitea): `integrate.html` phantom `GET /v1/licenses/{id}/status` - → real `POST /v1/validate` w/ `key`. **Needs `deploy-sites.sh docs` to go live.** - - *keysat daemon* (GitHub+gitea): new `instructions.md` (Start9-required); - manifest `packageRepo` + `docsUrls[1]` dead-link fixes; `v0.2.0.ts` stale-header - removed; `activateLicense.ts`/`showCredentials.ts` enforce-mode drift cleaned - (enforce retired — `self_license.rs:15`). - - *go SDK* (Gitea): README v0.1→v0.2. - - *operator-local* `~/.keysat/publish.sh` (gitignored, NOT committed): x86-only → - `make universal` (one `keysat.s9pk`, both arches). **Pending a verification build.** - All 4 StartOS submission blockers now addressed. Left for operator decision: - `integrate.html` BTCPay-only prereq/refund copy (no Zaprite mention). Commit = - 4 per-repo commits (root, keysat-docs, go SDK are Gitea-only; daemon is - GitHub+gitea — also `git push gitea main`). +- **Live**: registry `registry.keysat.xyz` now publishes **`0.2.0:55`** — universal + multi-arch (x86_64 + aarch64, verified via the registry index + s9pk header), + GitHub release `v0.2.0-55`, canonical s9pk at `files.keysat.xyz/keysat.s9pk`. + Migrations 0020–0022; four SDKs published; `keysat.xyz` + `docs.keysat.xyz` + deployed (docs redeployed this session). **The live server `immense-voyage.local` + still runs `:54` until updated from the registry.** `:55` ships the two + prior-session P1s (scoped keys, settle-amount tripwire) + this session's packaging + work. +- **Shipped this session (`:55` published; all committed + pushed)** — doc-auditor + + start9-spec-checker + reviewer passes, all approved/no blockers; `tsc`/`bash -n` + clean. Landed: **all 4 StartOS submission blockers** (new `instructions.md`; + manifest `packageRepo`/`docsUrls` dead-link fixes; **universal multi-arch publish** + — `publish.sh` → `make universal`, registry entry carries both arches with no arch + restriction); enforce-mode drift cleaned from `activateLicense.ts`/`showCredentials.ts` + (enforce retired, `self_license.rs:15`); 5 doc-drift fixes (api 47→54; FK confirmed + `db/mod.rs:29`; `integrate.html` phantom `GET /v1/licenses/{id}/status` → `POST + /v1/validate`; `v0.2.0.ts` stale header; go README v0.2); **refunds scrubbed from + public docs** (Keysat has no refund feature — out-of-band only, v0.3 revoke-on-refund + hook is a no-op; admin-UI "handle out of band" disclaimers kept). Remotes: keysat-root + → gitea-only; keysat-docs, daemon, go SDK → GitHub `origin` + gitea backup. - **`:52`/`:53` = multi-provider/merchant-profile model**: data model + backend resolution shipped and audited sound; resolution/CRUD query surface has tests. Both `:54` P0s (provider-injection test seam; Zaprite webhook-forgery re-confirm) remain fixed; live purchase + settle paths sound. -- **Unshipped source work (awaiting `:55`)** — two P1s from the prior session: +- **Shipped in `:55` (was the prior session's unshipped P1s)**: 1. **Settle-amount tripwire.** `get_invoice_status` now returns `ProviderInvoiceSnapshot { status, amount }`; `audit_settle_amount` (shared by webhook + reconcile issue paths) WARNs + writes an `invoice.amount_mismatch` @@ -171,13 +165,8 @@ Operator-specific memories at `~/.claude/projects/-Users-macpro-Projects-licensi errors return plain-text not JSON (breaks SDK `JSON.parse`); product `slug` has no validation (empty/300-char/meta chars stored); `GET /v1/admin/products` returns 405 though OpenAPI documents it; dep advisories (`sqlx`→≥0.8.1 - RUSTSEC-2024-0363, `rustls-webpki`→≥0.103.12); **4 StartOS submission blockers** - (spec-checker-verified) all addressed and staged, pre-build — manifest - `packageRepo` (`…/keysat-startos`→`…/keysat`) and `docsUrls[1]` - (`docs/INTEGRATION.md`→`KEYSAT_INTEGRATION.md`, the real repo-root file) fixed; - `instructions.md` written (reviewer + doc-auditor signed off); aarch64 now shipped - via `publish.sh` `make universal` (one s9pk, both arches — pending a verification - build); no CI + fmt/clippy/prettier unenforced. + RUSTSEC-2024-0363, `rustls-webpki`→≥0.103.12); no CI + fmt/clippy/prettier + unenforced. (The 4 StartOS submission blockers are resolved and shipped in `:55`.) - **Deferred (P3+ — bulk or later decision)**: `/v1/purchase` 400 vs `/v1/btcpay/webhook` 503 for the same no-provider cause; undocumented required