mirror of
https://github.com/affaan-m/everything-claude-code.git
synced 2026-05-20 11:19:58 +08:00
Sync Marketplace Pro readback release gate (#2019)
* docs: sync marketplace pro readback gate * docs: refresh operator dashboard after readback sync * docs: sanitize marketplace readback summary * docs: refresh operator dashboard after marketplace readback
This commit is contained in:
Affaan Mustafa
@@ -463,13 +463,20 @@ As of 2026-05-20:
|
||||
`brace-expansion@5.0.6` and fixed Dependabot alert 44 for CVE-2026-45149;
|
||||
GitHub API reported `state: fixed` at `2026-05-18T19:10:15Z` and current-head
|
||||
CI `26054671308` passed.
|
||||
- The latest ITO-61 readback retry narrowed the blocker: Wrangler OAuth now
|
||||
works, the safe aggregate readback has 0 parse failures and still reports 0
|
||||
Marketplace Pro records, and `billing:announcement-gate -- --preflight` is
|
||||
missing the target Marketplace account plus `INTERNAL_API_SECRET`.
|
||||
Native-payments copy remains blocked until the target Pro readback and live
|
||||
announcement gate pass. Linear comment
|
||||
`6904e4fb-bec7-4787-90e2-759f077a628c` records the redacted readback counts.
|
||||
- ECC-Tools PR #89 merged as `512bca6b99cdaa67058a6aa9a4e7e7f0b1d9873a`
|
||||
and adds
|
||||
`npm run billing:kv-readback -- --select-ready-target --require-ready` so
|
||||
operators can prove a ready Marketplace Pro account without passing or
|
||||
printing the login. The 2026-05-20 production Wrangler OAuth readback found
|
||||
ready-like Marketplace Pro records with webhook provenance and 0 parse
|
||||
failures. The selected target report printed only a stable fingerprint,
|
||||
confirmed both key families, `marketplace` source, `pro` tier, seat ready,
|
||||
webhook evidence ready, automatic overage disabled, and 0 blockers. The old
|
||||
"no Marketplace-managed Pro target billing-state" blocker is cleared.
|
||||
Native-payments copy remains blocked until the local/internal
|
||||
`INTERNAL_API_SECRET` bearer-token path is available and the live
|
||||
`billing:announcement-gate -- --account <target>` call passes. Linear comment
|
||||
`f14ed2fe-a219-470c-8119-63429e197027` records the redacted readback counts.
|
||||
- Handoff `ecc-supply-chain-audit-20260513-0645.md` under
|
||||
`~/.cluster-swarm/handoffs/`
|
||||
records the May 13 supply-chain sweep: no active lockfile/manifest hit for
|
||||
@@ -887,7 +894,7 @@ is not complete unless the evidence column exists and has been freshly verified.
|
||||
| Claude and Codex plugin publication | Contact/submission path with required artifacts and status | Publication readiness, naming matrix, and May 12 dry-run evidence document plugin validation, clean-checkout Claude tag/install smoke, and Codex marketplace CLI shape | Needs explicit approval for real tag/push and marketplace submission |
|
||||
| Articles, tweets, and announcements | X thread, LinkedIn copy, GitHub release copy, push checklist, partner/sponsor/talk pack | Draft launch collateral and approval-gated outreach copy exist under rc.1 release docs | Needs URL-backed refresh and human approval before posting or sending |
|
||||
| AgentShield enterprise iteration | Policy gates, SARIF, packs, provenance, corpus, HTML reports, exception lifecycle audit, baseline drift Action/CLI surfaces, evidence-pack redaction, harness adapter registry, editor-native Zed/VS Code adapter coverage, Dependabot alert closure, enterprise research roadmap, supply-chain hardened release path, CI-safe baseline fingerprints, corpus accuracy recommendations, remediation workflow phases, env proxy hijack corpus coverage, Mini Shai-Hulud full-campaign package IOCs, CI-provenance evidence packs, plugin-cache runtime-confidence triage, evidence-pack consumer readback, fleet-level evidence-pack routing, fleet review items, fleet review ticket payloads, checksum-backed policy export, checksum-verified policy promotion, policy promotion review items, package-manager hardening drift detection, npm age-gate guidance correction, workflow action-runtime pin refresh, package-manager hardening Action outputs, policy-promotion Action outputs, ECC-Tools hosted consumption of promotion Action outputs, ECC-Tools operator-visible promotion output values, and ECC-Tools hosted promotion judge audit traces | PRs #53, #55-#64, #67-#69, #78-#92, #94, and #95 landed with test evidence, ECC-Tools #76 consumes the fleet-summary output in hosted security review, #77 surfaces source evidence paths in hosted finding output, and #78 links fleet routes to harness owner review; AgentShield #91 adds `agentshield policy export` bundles for branch-protection review and downstream promotion; AgentShield #92 adds `agentshield policy promote` with digest verification, tamper rejection, explicit pack selection, dry-run review, and JSON output before writing active policy; AgentShield #94 adds Zed/VS Code adapter detection, `.zed/settings.json` and `.zed/tasks.json` scan discovery, and `.zed/setup.mjs` AI-tool persistence IOC coverage; AgentShield #95 clears the `brace-expansion` Dependabot alert with a patched lockfile and 0 open Dependabot alerts after merge; AgentShield commit `87aec47` adds `reviewItems` for digest evidence, owner review, protected rollout PR handoff, and runtime smoke testing with green local and remote CI; AgentShield commit `28d08c7` adds package-manager hardening drift detection for plaintext registry credentials, lifecycle-script enablement, and weak pnpm/Yarn release-age cooldowns with green local and remote CI; AgentShield commit `659f569` refreshes all workflow action runtime pins to SHA-pinned checkout v6.0.2 and setup-node v6.4.0 with green remote CI and no remaining action-runtime deprecation annotation; AgentShield commit `ee585cd` corrects npm release-age guidance by flagging unsupported npm age keys and keeping enforceable cooldown findings on pnpm/Yarn with green local and remote CI; AgentShield commit `1124535` exposes package-manager hardening status/count outputs and a redacted job-summary section for registry credentials, lifecycle scripts, and release-age gates with green local and remote CI; AgentShield commit `1593925` exposes policy-promotion status/count/digest outputs plus job-summary review items for owner approval, protected rollout, and runtime smoke, and marks runtime smoke verified when the same Action job scans with the promoted policy; AgentShield commit `840952a` adds Linear/operator-ready fleet review ticket payloads and expands current Mini Shai-Hulud IOC breadcrumbs with green local and remote CI; ECC-Tools commit `8658951` routes those policy-promotion Action outputs into hosted security review findings and Hosted Promotion Readiness scoring; ECC-Tools commit `16c537f` renders policy-promotion status, pack, review item count, action-required count, and digest in hosted security job comments/check-runs; ECC-Tools commit `05d4e82` renders hosted promotion judge request fingerprints and allowed-citation counts without raw provider output; native PDF export deferred in favor of self-contained HTML plus print-to-PDF until explicit enterprise demand appears; `docs/architecture/agentshield-enterprise-research-roadmap.md` now has baseline drift, evidence-pack bundle, redaction, adapter-registry, supply-chain hardening, hashed baseline fingerprints, corpus accuracy recommendation, remediation workflow, env proxy hijack corpus, Mini Shai-Hulud full-campaign package-table, `ci-context.json` provenance, `plugin-cache` confidence, `evidence-pack inspect` readback, `evidence-pack fleet` routing, fleet `reviewItems`, fleet review ticket payloads, policy export, policy promotion, policy promotion `reviewItems`, package-manager hardening Action outputs, policy-promotion Action outputs, hosted consumption of promotion Action outputs, operator-visible promotion output values, hosted promotion judge audit traces, editor-native adapter coverage, and Dependabot closure landed | Next workflow automation should deepen live operator approval/readback after Marketplace/payment gates |
|
||||
| ECC Tools next-level app | Billing audit, PR checks, deep analyzer, sync backlog, evaluator/RAG corpus, analysis-depth readiness, hosted execution planning, hosted CI diagnostics, hosted security evidence review, hosted harness compatibility audit, hosted reference-set evaluation, hosted AI routing/cost review, hosted team backlog routing, hosted depth-plan check-run, PR-comment hosted job dispatch, hosted job result history/check-runs, hosted result status command, status-aware depth-plan recommendations, hosted promotion readiness, hosted promotion output scoring, hosted promotion retrieval planning, hosted promotion judge contract, gated hosted promotion judge execution, hosted promotion judge audit trace, payment-announcement readiness, billing announcement preflight, aggregate production billing KV readback, Marketplace webhook provenance, target-account billing readback, Marketplace-source provenance counts, AgentShield fleet-summary hosted routing, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output hosted telemetry, and operator-visible promotion output values | PRs #26-#43 plus #53-#78 landed with test evidence, including AgentShield evidence-pack gap routing, canonical bundle recognition, supply-chain signature gates, PR draft follow-up Linear tracking, evidence-backed/deep-ready repository classification, the `/api/analysis/depth-plan` hosted job plan, `/api/analysis/jobs/ci-diagnostics`, `/api/analysis/jobs/security-evidence-review`, `/api/analysis/jobs/harness-compatibility-audit`, `/api/analysis/jobs/reference-set-evaluation`, `/api/analysis/jobs/ai-routing-cost-review`, `/api/analysis/jobs/team-backlog-routing`, the `ECC Tools / Hosted Depth Plan` check-run, `/ecc-tools analyze --job ...` PR-comment dispatch, non-blocking per-hosted-job result check-runs backed by 30-day result cache records, `/ecc-tools analyze --job status` cache lookup, cache-aware next-job recommendations in the depth-plan check-run, the `ECC Tools / Hosted Promotion Readiness` corpus-backed PR check-run, deterministic hosted-output scoring against cached completed job artifacts/findings, ranked retrieval/model-prompt planning, the fail-closed `hosted-promotion-judge.v1` request contract, opt-in live model-judge execution behind hosted evidence, entitlement, budget, provider, executor, strict JSON, and citation gates, hosted promotion judge request fingerprints plus allowed-citation audit trails, a fail-closed `/api/billing/readiness` `announcementGate` for native GitHub payments claims, `npm run billing:announcement-gate` plus `--preflight` as the non-secret operator verifier, hosted security findings for AgentShield fleet summaries, an `Evidence` column in hosted finding comments/check-runs, hosted harness findings that route AgentShield fleet target paths to harness owners, ECC-Tools commit `8658951` routing AgentShield policy-promotion Action outputs into hosted security review and promotion-readiness scoring, ECC-Tools commit `16c537f` rendering policy-promotion status/pack/count/digest values directly in hosted security job comments/check-runs, ECC-Tools commit `05d4e82` rendering model-judge audit traces without exposing raw provider output, ECC-Tools commit `91a441b` adding the safe billing announcement preflight path, ECC-Tools commit `eb69412` recording the initial production readback state, ECC-Tools commit `95d0bec` adding `npm run billing:kv-readback` with aggregate account-billing and billing-state records but 0 Marketplace Pro billing-state records, ECC-Tools commit `2859678` requiring webhook-derived Marketplace provenance before announcement readiness, ECC-Tools commit `42653f9` adding Wrangler OAuth readback, ECC-Tools commit `632e059` adding sanitized target-account readback that requires both target key families before `--require-ready` can pass, and ECC-Tools commit `d5f60db` adding sanitized Marketplace plan/action provenance counts; the latest 2026-05-18 live Wrangler OAuth recheck found 256 account-billing records, 256 billing-state records, 197 Marketplace-source records, 4 Marketplace webhook-provenance records, all `Open Source`, and 0 Marketplace Pro records, then updated Linear ITO-61 with the data/provisioning blocker | Next work is create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure target account plus `INTERNAL_API_SECRET`, then run `billing:kv-readback -- --wrangler --wrangler-bin ./node_modules/.bin/wrangler --account <github-login> --require-ready`, followed by the live announcement gate |
|
||||
| ECC Tools next-level app | Billing audit, PR checks, deep analyzer, sync backlog, evaluator/RAG corpus, hosted promotion judge audit trace, native-payments readback, ready Marketplace Pro target selection, hosted observability, AgentShield fleet-summary hosted routing, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output hosted telemetry, and operator-visible promotion output values | PRs #26-#43 plus #53-#89 landed with test evidence across hosted analysis, hosted promotion readiness, model-judge execution, native-payments announcement gating, AgentShield evidence consumption, hosted remediation/Linear sync, hosted observability readback, and ready Marketplace Pro target selection; ECC-Tools #89 merged as `512bca6` after Verify, Security Audit, and Workers Builds passed, and the 2026-05-20 production Wrangler OAuth readback found ready-like Marketplace Pro records with webhook provenance, selected a target with both key families, and reported 0 blockers without printing the login | Next work is obtain or rotate the local/internal `INTERNAL_API_SECRET` bearer-token path, then run the live billing announcement gate for the selected Marketplace Pro target before publishing native-payments copy |
|
||||
| GitGuardian/Dependabot/CodeRabbit-style checks | Non-blocking taxonomy, deterministic follow-up checks, and local supply-chain gates | ECC-Tools risk taxonomy check plus follow-up signals landed, including Skill Quality, Deep Analyzer Evidence, Analyzer Corpus Evidence, RAG/Evaluator Evidence, PR Review/Salvage Evidence, and AgentShield evidence-pack evidence; #1846 added npm registry signature gates; #1848 added the supply-chain incident-response playbook and `pull_request_target` cache-poisoning validator guard; #1851 added the privileged checkout credential-persistence guard; AgentShield #78, JARVIS #13, and ECC-Tools #53 applied the same hardening outside trunk | Current supply-chain gate complete; deeper hosted review features remain future |
|
||||
| Harness-agnostic learning system | Audit, adapter matrix, observability, traces, promotion loop | Audit/adapters/observability gates plus `docs/architecture/evaluator-rag-prototype.md`, `examples/evaluator-rag-prototype/`, and ECC-Tools PR #40 define read-only stale-salvage, billing-readiness, CI-failure-diagnosis, harness-config-quality, AgentShield policy-exception, skill-quality evidence, deep-analyzer evidence, and RAG/evaluator comparison scenarios with trace, report, playbook, verifier, and predictive-check artifacts; ECC-Tools PRs #68-#72 now turn that corpus into a deterministic PR check-run gate with cached hosted-output scoring, ranked retrieval candidates, a model prompt seed, a fail-closed hosted model-judge request contract, and opt-in live model execution behind strict hosted-evidence gates | Deterministic hosted PR check, cached output scoring, retrieval planning, judge contract, and gated model execution integrated |
|
||||
| Linear roadmap is detailed | Linear project document/comments plus repo mirror | Repo mirror exists and issue creation works again; the May 19 sync adds post-PR #2002 document `ecc-may-19-post-pr-2002-sync-64cef8f668e0`, project comment `a6411e3a-8c8e-4a58-adba-687e77d4c543`, ITO-44/47/48/49/51/54/56 issue comments, and In Progress state for ITO-47, ITO-48, ITO-49, ITO-51, ITO-54, and ITO-56; the late-pass batch adds document `ecc-may-19-late-queue-zero-and-release-gate-sync-1c26f65e6b3f`, project comment `d42bf0e2-7a8e-4934-9f3f-e281498ee805`, and ITO-44/50/54/56/61 comments for PR #2013, ECC-Tools #79, and JARVIS #15/#16 because project status updates are disabled in the workspace | Needs recurring document/comment updates after each significant merge batch |
|
||||
|
||||
@@ -71,7 +71,7 @@ Reason:
|
||||
| Codex repo marketplace | Local and GitHub-ref temp-home marketplace add smokes passed on Codex CLI `0.131.0` | `.codex-plugin/plugin.json`, `.agents/plugins/marketplace.json`, repo/personal marketplace evidence | Plugin owner | Official Plugin Directory listing requires OpenAI submission/listing evidence |
|
||||
| Codex official Plugin Directory | OpenAI docs describe the curated official directory; ECC has not submitted or received listing evidence | Directory submission link or OpenAI approval path once available | Plugin owner | Track as an ITO-56/ITO-46 follow-up; do not claim an official listing |
|
||||
| OpenCode package | `npm run build:opencode` passed | Built `.opencode` package metadata inside npm tarball | Package owner | No separate public plugin channel identified; follows npm |
|
||||
| Billing/native payments | Announcement remains blocked by ITO-61 | Marketplace Pro target readback, webhook provenance, `INTERNAL_API_SECRET`, announcement gate | ECC Tools owner | Do not include native-payments claim in rc.1 announcement |
|
||||
| Billing/native payments | Marketplace Pro target readback passed; announcement remains blocked by ITO-61 | 2026-05-20 selected-target readback, webhook provenance, `INTERNAL_API_SECRET`, live announcement gate | ECC Tools owner | Do not include native-payments claim in rc.1 announcement until the live gate passes |
|
||||
| Social/longform copy | Drafts exist | Final live GitHub, npm, Claude, Codex, billing URLs | Release owner | Publish only after release/package/plugin URLs exist |
|
||||
|
||||
## Package Rename After rc.1
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
This dashboard is generated by `npm run operator:dashboard`. It is an operator snapshot, not release approval.
|
||||
|
||||
Generated: 2026-05-19T17:37:31.630Z
|
||||
Commit: 14d88e517b0c56a80c1a6392b1cde2474948d29f
|
||||
Generated: 2026-05-20T01:28:52.541Z
|
||||
Commit: a2bbc45504ff55f09e9e06be0e253d72f3c54f90
|
||||
Status: work remaining
|
||||
|
||||
## Current Status
|
||||
@@ -42,7 +42,7 @@ Growth lanes: GitHub Sponsors and OSS partner sponsors; ECC Tools Pro subscripti
|
||||
| Produce the ECC 2.0 release video suite | docs/releases/2.0.0-rc.1/video-suite-production.md and npm run release:video-suite | current | video-suite gate is ready with 15/15 source assets, 13/13 suite artifacts, 12/12 publish candidates, primary self-eval, and zero detected black-frame segments recorded in May 19 evidence | final owner approval, upload, and public video URLs remain approval-gated |
|
||||
| Prepare sponsor, partner, consulting, podcast, talk, and Discussion copy | docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md | in_progress | sponsor outbound, platform partner DM, consulting intro, talk/podcast pitch, GitHub Discussion announcement, CTA hooks, and do-not-send gate are drafted | replace final URLs after publication gates, then get explicit approval before outbound or personal-account posts |
|
||||
| Advance AgentShield enterprise iteration | AgentShield PR evidence plus enterprise roadmap | in_progress | AgentShield policy promotion `reviewItems` landed in `87aec47`; package-manager hardening drift detection landed in `28d08c7`; workflow action runtime pins were refreshed in `659f569`; npm age-gate guidance was corrected in `ee585cd`; package-manager hardening Action outputs landed in `1124535`; policy-promotion Action outputs and runtime-smoke job-summary evidence landed in `1593925`; fleet review ticket payloads and current Mini Shai-Hulud IOC breadcrumbs landed in `840952a`; ECC-Tools consumes those outputs in `8658951`, surfaces operator-readable status/pack/count/digest telemetry in `16c537f`, and renders hosted promotion judge audit traces in `05d4e82`; all are mirrored in the GA roadmap | deepen live operator approval/readback after Marketplace/payment gates |
|
||||
| Advance ECC Tools native payments and AI-native harness-agnostic app | ECC Tools PR evidence, billing gate, hosted analysis lanes | in_progress | billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap | create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and INTERNAL_API_SECRET, then rerun target readback and the live announcement gate |
|
||||
| Advance ECC Tools native payments and AI-native harness-agnostic app | ECC Tools PR evidence, billing gate, hosted analysis lanes | in_progress | billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, ready Marketplace Pro target selection, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap | obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, then run the live billing announcement gate for the selected Marketplace Pro target before publishing native-payments copy |
|
||||
| Audit, prune, or attach legacy work | docs/stale-pr-salvage-ledger.md and legacy inventory | current | legacy salvage ledger and inventory are current; all localization tails are attached to Linear ITO-55 for manual language-owner review | repeat legacy scan before release |
|
||||
| Keep Linear roadmap detailed and progress tracking synchronized | Linear project mirror plus progress-sync contract | current | Linear live sync is current with the May 19 post-PR #2002 sync document, project comment, and active issue-lane updates; progress-sync contract defines the file-backed work-items/status path | repeat Linear/project status update and local work-items sync after each significant merge batch |
|
||||
| Provide ECC 2.0 observability for self-use | observability readiness gate | complete | observability:ready command and readiness doc exist | runtime/dashboard implementation can continue after release gates |
|
||||
@@ -54,7 +54,7 @@ Growth lanes: GitHub Sponsors and OSS partner sponsors; ECC Tools Pro subscripti
|
||||
- `release-notes-and-notifications`: final live release/npm/plugin/billing URLs and publish approval still pending
|
||||
- `partner-sponsor-talks-pack`: replace final URLs after publication gates, then get explicit approval before outbound or personal-account posts
|
||||
- `agentshield-enterprise-iteration`: deepen live operator approval/readback after Marketplace/payment gates
|
||||
- `ecc-tools-next-level`: create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and INTERNAL_API_SECRET, then rerun target readback and the live announcement gate
|
||||
- `ecc-tools-next-level`: obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, then run the live billing announcement gate for the selected Marketplace Pro target before publishing native-payments copy
|
||||
|
||||
## Next Work Order
|
||||
|
||||
@@ -63,4 +63,4 @@ Growth lanes: GitHub Sponsors and OSS partner sponsors; ECC Tools Pro subscripti
|
||||
3. Review the owner-approved primary launch video candidates, choose the final cuts, upload after approval, and attach public video URLs to the release pack.
|
||||
4. Replace final release, npm, plugin, billing, and video URLs in the partner/sponsor/talk pack, then get explicit approval before outbound.
|
||||
5. Repeat ITO-57 Linear/project status sync after the next significant merge batch or advisory-source refresh.
|
||||
6. Create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and INTERNAL_API_SECRET, then rerun target readback and the live announcement gate before publishing native-payments copy.
|
||||
6. Obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, then run the live billing announcement gate for the selected Marketplace Pro target before publishing native-payments copy.
|
||||
|
||||
@@ -110,8 +110,9 @@ surfaces exist and are recorded in a final evidence file:
|
||||
- Codex repo-marketplace distribution evidence plus official Plugin Directory
|
||||
availability status;
|
||||
- final announcement URLs in X, LinkedIn, GitHub release, and longform copy;
|
||||
- ECC Tools billing/product readiness evidence before any native-payments
|
||||
announcement copy is published.
|
||||
- ECC Tools billing/product readiness evidence, the local/internal announcement
|
||||
bearer-token path, and a live announcement gate pass before any
|
||||
native-payments announcement copy is published.
|
||||
|
||||
## Result
|
||||
|
||||
|
||||
@@ -138,9 +138,12 @@ Tracked repositories in the platform audit were:
|
||||
- Codex repo-marketplace distribution is verified by prior evidence, but
|
||||
official Plugin Directory publishing remains blocked on OpenAI submission or
|
||||
listing evidence.
|
||||
- ECC Tools billing/native-payments copy remains blocked until a Marketplace
|
||||
Pro purchase/webhook path writes ready production billing state for a target
|
||||
Marketplace test account and the billing announcement gate passes.
|
||||
- ECC Tools billing/native-payments copy remains blocked until the
|
||||
local/internal `INTERNAL_API_SECRET` bearer-token path is available and the
|
||||
billing announcement gate passes for the ready Marketplace Pro target.
|
||||
ECC-Tools PR #89 (`512bca6`) added `billing:kv-readback --
|
||||
--select-ready-target --require-ready`; its 2026-05-20 production run cleared
|
||||
the old missing-target-state blocker without printing the account login.
|
||||
- Release notes, X, LinkedIn, GitHub release, GitHub Discussion, longform copy,
|
||||
sponsor outreach, partner outreach, consulting copy, conference pitches, and
|
||||
podcast pitches still need final live URLs plus human approval before posting
|
||||
|
||||
@@ -342,6 +342,11 @@ function agentShieldEnterpriseEvidence(roadmap) {
|
||||
}
|
||||
|
||||
function eccToolsNextLevelEvidence(roadmap) {
|
||||
if (roadmap.includes('select-ready-target')
|
||||
|| roadmap.includes('f14ed2fe-a219-470c-8119-63429e197027')) {
|
||||
return 'billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, ready Marketplace Pro target selection, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap';
|
||||
}
|
||||
|
||||
if (roadmap.includes('69ca535')
|
||||
|| roadmap.includes('team feedback controls')
|
||||
|| roadmap.includes('e56fc1a')) {
|
||||
@@ -387,6 +392,12 @@ function eccToolsNextLevelEvidence(roadmap) {
|
||||
}
|
||||
|
||||
function eccToolsNextLevelGap(roadmap) {
|
||||
if (roadmap.includes('select-ready-target')
|
||||
|| roadmap.includes('f14ed2fe-a219-470c-8119-63429e197027')
|
||||
|| roadmap.includes('old "no Marketplace-managed Pro target billing-state" blocker is cleared')) {
|
||||
return 'obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, then run the live billing announcement gate for the selected Marketplace Pro target before publishing native-payments copy';
|
||||
}
|
||||
|
||||
if (roadmap.includes('1Password CLI authorization timed out')
|
||||
|| roadmap.includes('Cloudflare API auth returned `Authentication error [code: 10000]`')) {
|
||||
return 'authorize Cloudflare API or 1Password CLI access, configure the target Marketplace Pro account and INTERNAL_API_SECRET, create or replay Marketplace Pro webhook state, then rerun target readback and the live announcement gate';
|
||||
@@ -989,7 +1000,7 @@ function buildReport(options) {
|
||||
releaseVideoWorkOrder,
|
||||
'Replace final release, npm, plugin, billing, and video URLs in the partner/sponsor/talk pack, then get explicit approval before outbound.',
|
||||
'Repeat ITO-57 Linear/project status sync after the next significant merge batch or advisory-source refresh.',
|
||||
'Create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and INTERNAL_API_SECRET, then rerun target readback and the live announcement gate before publishing native-payments copy.',
|
||||
'Obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, then run the live billing announcement gate for the selected Marketplace Pro target before publishing native-payments copy.',
|
||||
],
|
||||
};
|
||||
}
|
||||
|
||||
@@ -77,6 +77,9 @@ function seedRepo(rootDir, overrides = {}) {
|
||||
'42653f9',
|
||||
'target account billing readback',
|
||||
'632e059',
|
||||
'select-ready-target',
|
||||
'f14ed2fe-a219-470c-8119-63429e197027',
|
||||
'old "no Marketplace-managed Pro target billing-state" blocker is cleared',
|
||||
'69ca535',
|
||||
'team feedback controls',
|
||||
'e56fc1a',
|
||||
@@ -347,7 +350,7 @@ function runTests() {
|
||||
)));
|
||||
assert.ok(report.requirements.some(item => (
|
||||
item.id === 'ecc-tools-next-level'
|
||||
&& item.gap === 'authorize Cloudflare API or 1Password CLI access, configure the target Marketplace Pro account and INTERNAL_API_SECRET, create or replay Marketplace Pro webhook state, then rerun target readback and the live announcement gate'
|
||||
&& item.gap === 'obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, then run the live billing announcement gate for the selected Marketplace Pro target before publishing native-payments copy'
|
||||
&& item.evidence.includes('operator-visible promotion output details')
|
||||
&& item.evidence.includes('hosted promotion judge audit traces')
|
||||
&& item.evidence.includes('billing announcement preflight')
|
||||
@@ -355,6 +358,7 @@ function runTests() {
|
||||
&& item.evidence.includes('Wrangler OAuth readback')
|
||||
&& item.evidence.includes('target-account billing readback')
|
||||
&& item.evidence.includes('provenance-aware Marketplace billing-state gates')
|
||||
&& item.evidence.includes('ready Marketplace Pro target selection')
|
||||
&& item.evidence.includes('hosted team-learning feedback controls')
|
||||
&& item.evidence.includes('ECC-Tools Dependabot alert remediation')
|
||||
)));
|
||||
|
||||
Reference in New Issue
Block a user