ROADMAP: remove the resolved Design (contract conformance) section — the three
blockers shipped (admin SPA in :59, landing buy button on keysat.xyz) and the
structural + token tiers were dropped during adjudication. Current state: live
is now :59, blockers done; the Zaprite auto-charge silent-lapse bug is the top
remaining payments item.
Owner confirmed the lean-DROP verdict without the sandbox check: the harm is
cosmetic (duplicate rows in the operator's Zaprite contact list) and the fix is
HIGH blast radius on the money path. Recoverable from git history if real
recurring revenue ever makes it worth it.
Ran the investigate→debate→judge pipeline over 4 parked ROADMAP items.
DROP:
- Design "structural" tier (palette consolidation): the rust-embedded admin
SPA can't @import a shared file, so consolidation is a verbatim re-copy that
doesn't remove the duplication it targets; the drift it guards is hypothetical.
- Design "token gaps" tier: manual churn across untested public surfaces, and
the audit was partly mis-specified (#d4b985/#a6b7cf are token values, not
hardcoded literals).
DO (low blast radius):
- Reframe the manual "Zaprite sandbox pass" for multi-profile webhook routing
into an automated regression test — routing is a deterministic provider-id
PK lookup with an anti-forgery backstop, but the path-keyed route has zero
automated coverage on the money path.
ESCALATE:
- Zaprite contact dedup cache → lean DROP: cosmetic, unverified harm (Zaprite
dedup-on-email is undocumented); fix is HIGH blast radius on the money path.
Gated on one cheap sandbox check.
- Design "blocker" tier (3 gold-fill / pill-radius one-liners) → lean DO,
pending an owner glance since they alter public/admin visuals.
Replaces the "harden Zaprite failure-body shapes" item (already satisfied for
non-2xx) with a bug the investigation surfaced: try_auto_charge_zaprite returns
Ok(true) on any 2xx, so a 200 carrying a FAILED/DECLINED/EXPIRED status
silently lapses the subscription. Elevated above the other parked payments
items; safe fail-safe fix needs no prod data.
Record the cross-repo documentation fixes, registry-landing removal, and the
Start9 submission blockers. A plain GET to registry.keysat.xyz 404s by design
(StartOS registry protocol only), not an outage.
Current state: the onboarding doc-harness and its Stage 1 completed-clean
result. ROADMAP: spell out Stage 2 (regtest buyer-pays) under the
agent-payment-connect item. Drop the resolved GET /v1/admin/products 405
debt item.
Agent-onboarding doc for the workspace: stack, build/test/run commands,
directory layout, conventions, and always/never gotchas, plus a Current
state section. CLAUDE.md symlinks to AGENTS.md so Claude Code auto-loads
it. Longer-term backlog lives in ROADMAP.md.
Keysat