From 84f942d16890e7ab522d140d626055926c00a0e0 Mon Sep 17 00:00:00 2001 From: Joshua Date: Wed, 18 Feb 2026 07:14:00 -0800 Subject: [PATCH] Update roadmap status with strict secretapi hardening and split-repo blocker --- docs/roadmap-status.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/roadmap-status.md b/docs/roadmap-status.md index 2c18d40..7cebdc9 100644 --- a/docs/roadmap-status.md +++ b/docs/roadmap-status.md @@ -54,12 +54,16 @@ Implemented now: 25. Owner-gated admin/support model documented in API contracts, terms, and conformance vectors. 26. Local backend implementation (`web/backend/secretapi`) now serves membership endpoints, governance install/lease endpoints, sponsor-aware payer flow, and deterministic integration tests. 27. Local backend member app channel endpoints now serve deterministic register/unregister, poll, idempotent ack, and owner-only support ticket flows with sqlite-backed event/audit state. +28. Membership confirm now supports strict fail-closed mode (`SECRET_API_REQUIRE_ONCHAIN_TX_VERIFICATION`) that requires chain receipt verification when enabled. +29. `secretapi` now validates critical config at startup and fails fast on invalid deploy combinations. +30. `secretapi` now ships an explicit `.env.example` deployment template aligned to current endpoint/runtime requirements. Remaining in this repo: 1. Wire live store checkout flow to production marketplace APIs when available. 2. Replace deployment templates with real contract addresses after chain deployment. 3. Add launcher/governance install UI that consumes governance installer APIs. +4. Publish `launcher`, `governance`, and `contracts` split repos to Gitea once PAT/credential-helper auth is available in this environment. Cross-repo dependencies (kernel/backend/contracts):