log.md
Scout — Operation Log
[2026-07-03] record | Hosted admin metric scope
Files touched: scout/api/routers/billing.py,
scripts/scout-vps-hosted-metrics,
tests/unit/api/test_billing_admin_metrics.py,
tests/unit/scripts/test_vps_admin_scripts.py,
docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md.
Notes: Added metric_scope to /v1/billing/admin/metrics and the VPS metrics
helper table output. Operators can now see that current totals, funnel, and
economics are recent-window monitoring values, not lifetime aggregate
accounting. The scope includes row limits, returned row counts, truncation
flags, and an explicit totals note.
Verification: Added RED endpoint/script expectations first. Focused metrics
tests reported 2 passed, 2 warnings.
[2026-07-03] record | Hosted funnel and economics monitoring
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Added and recorded derived hosted monitoring for protected billing admin
metrics. /v1/billing/admin/metrics now includes funnel and economics
sections, and scripts/scout-hosted-admin metrics --format table prints those
sections for operator review. This makes beta signup health, paid conversion,
revenue, estimated loaded cost, estimated gross profit, margin, and credit use
visible without direct database inspection.
Verification: TDD red showed missing funnel in the API response and missing
funnel/economics output in the VPS metrics helper. Focused green checks passed
after implementation.
[2026-07-03] record | Hosted economics admin command
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Added and recorded scripts/scout-hosted-admin economics, a local
operator command that prints Scout's canonical hosted package economics without
reading or printing secrets. It exposes the $10 / 1,000 standard credits
candidate, package rows, gross margin, break-even packages/month, and credit
policy in table or JSON form. Production fallback delegates into the running
scout Docker container when the VPS host Python cannot import Scout
dependencies.
Verification: TDD red showed the command and script were missing. Focused green verification passed for admin-script checks after adding Dockerized production fallback.
[2026-07-03] record | Card-backed beta setup with email queue fallback
Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-07-03-card-backed-beta-with-email-queue-fallback.md
Notes: Superseded the email-first beta ADR. The current product contract is
that /beta starts $0 Stripe beta setup when checkout/webhook/SMTP readiness
is true and falls back to queued email registration through
/v1/hosted/beta-key while checkout is paused. Raw API keys remain email-only
and are never displayed in the browser.
Verification: Focused repo verification for the implementation slice reported
61 passed; Pyright reported 0 errors; Ruff check and format check passed
for touched code/test files. Live readiness still reports health/package OK and
SMTP/Stripe blockers.
[2026-07-03] record | Auditable pricing assumptions in hosted packages API
Files touched: log.md, wiki/dev-log.md, wiki/syntheses/unit-economics-pricing-2026-06-29.md
Notes: Recorded the pricing transparency slice. GET /v1/billing/packages now
exposes unit_economics_assumptions alongside package economics, and the
pricing page renders assumption cards for standard-credit cost, payment fee,
and fixed monthly cost. This makes the $10 / 1,000 credits model inspectable
instead of a black-box marketing price.
[2026-07-03] record | Stripe paid-package price bootstrap helper
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Recorded the production-readiness slice that adds
scripts/scout-hosted-admin bootstrap-stripe-prices. The helper creates Stripe
one-time price IDs from Scout's canonical hosted credit packages for
standard_1000, standard_3000, and standard_15000, can dry-run without
secrets, can write returned price IDs to ignored secrets/scout-production.env,
and refuses to print Stripe secret-looking values. Remaining blockers are still
SMTP configuration, Stripe secret, actual price creation, webhook secret, VPS
env install, restart, and live E2E signup/checkout smoke.
[2026-07-03] record | Hosted pending beta key delivery drain and pricing state
Files touched: index.md, log.md, wiki/dev-log.md, wiki/syntheses/unit-economics-pricing-2026-06-29.md
Notes: Recorded commit a1ed9ec, the protected admin endpoint for draining
queued pending_delivery beta registrations, the corrected current behavior of
/v1/hosted/beta-key when SMTP is not configured, and the current code-backed
$10 / 1,000 standard credits economics plus remaining SMTP/Stripe blockers.
[2026-07-03] record | Hosted SMTP delivery smoke-test command
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Recorded the production-readiness slice that adds
scripts/scout-hosted-admin send-test-email. The command sends a smoke-test
email through the hosted SMTP API-key delivery path without creating a hosted
account, granting credits, issuing a real key, or printing SMTP secrets. This
gives operators a concrete way to verify SMTP delivery after configuring
production credentials and before inviting beta testers.
[2026-07-03] deploy | Hosted SMTP delivery smoke-test command
Files touched: wiki/dev-log.md
Notes: Deployed Scout commit 7727814 to scout.chowmes.com. Docker reports
the scout container healthy and /health returns OK. Production smoke of
scripts/scout-hosted-admin send-test-email --email arijit.chowdhury@gmail.com
--name Arijit failed with the expected current blocker:
Hosted API key delivery is not configured.
[2026-07-03] record | Hosted signup event admin listing
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Recorded the production-readiness monitoring slice that adds
scripts/scout-hosted-admin list-signups. Operators can now list self-service
beta API-key signup requests, delivery outcomes, duplicate attempts, and failed
reasons from the hosted SQLite database without printing raw API keys or stored
key hashes. This answers who requested keys and what happened while SMTP/Stripe
production configuration is still pending.
[2026-07-03] deploy | Hosted signup event admin listing
Files touched: wiki/dev-log.md
Notes: Deployed Scout commit 0983cc0 to scout.chowmes.com. Docker reports
the scout container healthy and /health returns OK. Live smoke of
scripts/scout-hosted-admin list-signups --format json --limit 5 returned the
previous failed SMTP signup event for codex-smoke+20260703102619@chowmes.com
with no raw API key or key hash exposed.
[2026-06-30] record | Hosted-first quickstart and compact homepage proof
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Recorded the website correction after Arijit flagged that the homepage
proof block was taking too much visual space and the hosted quickstart was
leading with localhost examples. Homepage now uses a compact "Clean records
with evidence attached" card. Quickstart is hosted-first with
https://scout.chowmes.com examples and a visible warning not to use localhost
for hosted calls; localhost appears only under local install/Docker.
[2026-07-03] record | Paid checkout top-ups for existing hosted accounts
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Recorded the hosted billing correction that paid Stripe checkouts for
an email with an existing hosted tenant should top up that tenant's credits
instead of attempting a duplicate account. Existing-account top-ups record the
purchase against the existing tenant/key and do not email or expose a second
raw API key. Local verification passed with 737 passed, 8 warnings; live
Stripe/SMTP remains blocked until production credentials are configured.
[2026-07-03] deploy | Paid checkout top-up patch
Files touched: wiki/dev-log.md
Notes: Deployed Scout commit bac6eba to scout.chowmes.com. Docker reports
the scout container healthy. Public /health is OK. Public Stripe status
continues to show checkout, webhook, and key delivery as not configured, which
is the expected remaining production blocker.
[2026-07-03] record | Prevent repeated free beta-trial credit grants
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Recorded the hosted billing abuse-prevention correction. Existing-account
Stripe checkouts now add credits only for paid packages. Repeat $0
beta_trial checkout sessions are recorded for audit but do not grant another
100 free credits and do not send another raw API-key email. Verification passed
with 739 passed, 8 warnings; Ruff, format, and Pyright were clean.
[2026-07-03] deploy | Prevent repeated free beta-trial credit grants
Files touched: wiki/dev-log.md
Notes: Deployed Scout commit 3bf7bb1 to scout.chowmes.com. Docker reports
the scout container healthy. Public /health and /v1/billing/packages
work. Public Stripe status remains false for checkout, webhook, and key
delivery because production secrets are still not configured.
[2026-06-29] record | Service-first surface and old app UI removal
Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-06-29-service-first-no-app-ui.md
Notes: Recorded the product correction that Scout is a utility/service, not a
dashboard app. The old /app UI, /app/live-browser page, and /api/config
route were removed from the codebase; homepage copy was simplified around
features, demo, use cases, pricing, and beta; the hosted deployment at
https://scout.chowmes.com now serves the simplified site and returns 403 for
the removed app/config surfaces. Commit pushed: d27b24e.
[2026-06-29] record | Website logo, density, and scrollspy polish
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Recorded the launch website polish slice. Added a Scout SVG mark and wordmark, reduced homepage density by roughly 10% without redesigning the site, made homepage navigation section-aware, added scrollspy active-state behavior, and verified desktop/mobile browser behavior plus website tests.
[2026-06-29] record | Unit economics pricing gate
Files touched: index.md, log.md, wiki/dev-log.md, wiki/open-questions.md, wiki/syntheses/unit-economics-pricing-2026-06-29.md
Notes: Recorded Arijit's rejection of arbitrary $22 one-time and $9/month hosted pricing. Pricing must now be derived from unit economics: hosting, LLM, firewall/security, support, maintenance, payment fees, variable usage, target margin, and break-even volume. Current hypothesis is free local plus invite-only/metered hosted beta and pay-as-you-go or prepaid credits before subscriptions.
[2026-06-29] record | Private beta launch surface and downstream relationship map
Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-06-29-private-beta-launch-surface.md, wiki/syntheses/downstream-consumers-and-project-relationships-2026-06-29.md
Notes: Recorded current Scout repo/website/private-beta state in the MyOS Scout wiki. Added relationship map for PRISM, Competitive Intelligence, Algolia Search Audit, product/catalog workflows, job workflows, and the Scout website. Public launch remains blocked; private beta is ready with limits.
[2026-06-27] record | Scout 0.1.1 shared acquisition profile release
Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-06-27-shared-scrape-acquisition-profile.md
Notes: Recorded the Scout source-level release that removed /ci/scrape, kept /scrape as the shared acquisition primitive, added opt-in acquisition metadata, bumped Scout to 0.1.1, documented scout benchmark, and verified the live container with health, scrape, benchmark, and focused tests.
[2026-05-22] record | Browser Workbench recovery and current status
Files touched: index.md, log.md, wiki/dev-log.md, wiki/open-questions.md, wiki/decisions/2026-05-22-browser-workbench-session-modes.md, wiki/ux/browser-workbench-recovery-2026-05-22.md, wiki/syntheses/current-status-2026-05-22.md
Notes: Recorded latest app recovery build, technical/design decisions, architecture/session-mode change, verification status, pending work, and next build step.
[2026-05-21] record | UI interaction regression guardrail
Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-05-21-ui-interaction-contract.md
Notes: Captured the Browse/buttons/tabs regression lesson. New project rule: every visible enabled UI control must work, or it must be visibly disabled with a reason. Added regression-test expectations for native Browse, disabled unimplemented navigation, Crawl Settings restore, and fresh browser validation.
[2026-05-21] record | App-first validation checkpoint
Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-05-21-app-first-validation-gate.md, wiki/ux/workflows/, raw/assets/scout-app-first-ux-approved-mockup-2026-05-21.png, wiki/sources/legacy/
Notes: Normalized the Scout vault around the canonical wiki structure. Moved loose legacy design/spec files into wiki/sources/legacy/, mirrored app workflow specs into wiki/ux/workflows/, saved the approved mockup as an immutable asset, and recorded the validation gate that must precede GitHub checkpoints.
2026-05-21 — Architecture Home Frontend
Implemented the Generated Image 1 direction as the /app architecture home.
The screen now teaches Scout's front doors, mode routing, provider ladder,
evidence normalization, vertical processors, typed records, downstream
consumers, and cross-cutting operational concerns.
2026-05-20 — Frontend Product Workbench
Decision recorded: Scout's standalone HTTP app now includes a self-educating frontend direction with product record preview and Algolia preparation hooks. Algolia credentials remain session-only and ingestion is deferred behind a preview/stub contract.
2026-05-20 — Workdir And Local Config
Decision recorded: Scout now has a first-class working directory and
.env.local model. CLI can prompt for where to store run outputs and interim
state; HTTP/skill/scheduled usage should pass an output directory or configure
SCOUT_WORKDIR. Keys belong in .env.local, not the public repo.
2026-05-14 - wiki expansion
Files touched: index.md, AGENTS.md, wiki/overview.md, wiki/requirements.md, wiki/use-cases/index.md, wiki/syntheses/scout-platform-strategy.md, wiki/decisions/2026-05-14-scout-web-to-record-engine.md, wiki/open-questions.md, wiki/dev-log.md, wiki/sources/2026-05-14-scout-use-case-sources.md.
Notes: Captured the pivot from "Scout as Crawl4AI crawler" to "Scout as web-to-record intelligence engine." Added initial multi-use-case catalog, test scenarios, example websites, and strategic gaps.
2026-05-15 - validation roadmap
Files touched: index.md, log.md, wiki/use-cases/validation-roadmap.md.
Notes: Added a cross-use-case validation roadmap. Captured that products should not be the only first build target. Recommended pressure-testing three vertical slices together: product catalog extraction, careers/job monitoring, and PRISM company intelligence.
2026-05-15 - job hunter and PRISM refinements
Files touched: index.md, log.md, wiki/use-cases/validation-roadmap.md, wiki/use-cases/index.md, wiki/open-questions.md.
Notes: Added job hunter intake dialogue requirements, company discovery before job monitoring, target company approval, salary/title/location preference fields, and daily delta monitoring. Expanded PRISM source discovery to include canonical company website, company LinkedIn, official social channels, executives, executive bios, and executive LinkedIn/profile URLs.
2026-05-15 - platform build plan
Files touched: index.md, log.md, wiki/syntheses/build-plan-2026-05-15.md.
Notes: Captured the full multi-use-case build model, including UX commands, input contracts, validation expectations, output artifacts, and foundation-first execution plan.
[2026-05-16] record | Platform Architecture and Job Hunter V1
Files touched: wiki/decisions/2026-05-16-provider-agnostic-run-architecture.md, wiki/architecture/scout-platform-architecture.md, wiki/dev-log.md, index.md, log.md Notes: Captured architecture decision, architecture diagram source, provider strategy, artifact contract, and current Job Hunter V1 build status.
[2026-05-17] record | Arijit Job Hunter Profile And Seed URLs
Files touched: wiki/entities/arijit-job-hunter-profile.md, wiki/sources/2026-05-17-job-hunter-seed-links-and-resumes.md, wiki/use-cases/job-hunter/arijit-ai-transition-test-scenario.md, log.md, index.md Notes: Captured resume-derived matching profile, target roles, compensation filters, company preferences, seed job URLs, and parser/matcher acceptance criteria for Job Hunter Live V1.
[2026-05-19] record | Job Hunter URL-Seeded V1 Build Completed
Files touched: wiki/dev-log.md, log.md, index.md Notes: Captured completed URL-seeded Job Hunter build, verification evidence, CLI smoke output summary, privacy boundary, and next build slices.
2026-05-20 — Scout Platform Foundation Build
Implemented the foundation of the full Scout intelligence platform plan: execution modes, provider ladder, high-level CLI/HTTP run surface, typed vertical records for company/careers/investor/news/research/products, updated skill playbook, repo docs, architecture docs, and vault ADRs. Browser verification and final validation remain the next gate before claiming the slice complete.
2026-05-20 — Browser Verification Pass
Internal browser verification completed across Adobe about/careers/investor, Ashby/Kong job, Lacoste product category, and Estée Lauder product page. Browser evidence worked for Adobe, Ashby, and partially for Lacoste; Estée Lauder remained blocked with Access Denied. This validates browser fallback as a secondary channel, not a default or guaranteed bypass.
2026-05-20 — Verification Gate
Verification completed for the platform foundation slice: focused tests passed (17/17), unit suite passed (164/164), full suite passed (170 passed, 2 skipped), pyright passed with zero errors, ruff check passed, ruff format check passed, CLI smoke passed for company/careers/investor/products/jobs profile mode, HTTP smoke passed for /health and /run/company. Live seed job URL smoke returned blocked evidence rather than records, which is expected until live acquisition/provider adapters are expanded.
2026-05-20 — Citation-Grade Source Evidence
Implemented citation-grade provenance for Scout. Added deterministic source_id, record-level citations[], source registry output in source_pages.json, missing_citations validation warnings, and source/citation coverage summaries in extraction_report.md. Updated repo docs and skill guidance to distinguish source registry from record citations.
2026-05-20 — Citation Verification Complete
Citation-grade source evidence verification completed: focused citation suite passed (19/19), unit suite passed (169/169), full suite passed (175 passed, 2 skipped), pyright passed with zero errors, ruff check passed, ruff format check passed. CLI smoke for company and jobs confirmed record citations point to source_pages.json; HTTP smoke for /run/company confirmed the same.
2026-05-20 — Balanced Target Matrix
Implemented a balanced validation target matrix for Scout with executable registry support. Primary targets now cover private B2B SaaS, private retail commerce, public companies, hard-site retail, and travel/airline scenarios: Algolia, Constructor, L.L.Bean, Patagonia, Adobe, Home Depot, Estée Lauder, and British Airways. Secondary targets are Nike, Amplience, Salesforce, and Intuit.
[2026-06-29] record | Apache-2.0 local/core license implemented
Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-06-29-apache-2-local-core-license.md
Notes: Recorded the release-hardening checkpoint. Scout local/core is now
Apache-2.0; hosted/service terms remain separate. Private beta remains
ready_with_limits; public launch remains blocked with 9 blockers.
[2026-06-29] record | scout.chowmes.com redeployed
Files touched: log.md, wiki/dev-log.md
Notes: Recorded VPS redeploy from codex/scout-platform-foundation. Production
now serves the 9-blocker status page, Apache-2.0 legal page, and dynamic health
metadata showing Crawl4AI 0.9.0. Hosted-only route protection remains active.
[2026-07-03] record | self-service beta registration and Stripe credit packages
Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-07-03-self-service-beta-and-stripe-credit-packages.md, wiki/syntheses/unit-economics-pricing-2026-06-29.md
Notes: Captured the hosted access decision. Shared beta passwords are rejected.
Beta key registration uses name/email, hosted account registration, one-time
API-key email delivery, and /account lookup. Stripe checkout remains the
path for $0 beta-trial payment-method verification and paid credit packages.
[2026-07-03] record | production beta readiness preflight
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Recorded production verification at Scout commit d6fc212. Hosted
metering/package metadata is deployed, but SMTP delivery and Stripe settings are
not configured. The beta page was patched to preflight key-delivery readiness
and pause registration rather than submitting into a known email-delivery
failure.
[2026-07-03] record | hosted admin usage monitoring
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Recorded the new scripts/scout-hosted-admin list-usage and
list-usage --summary operations for monitoring hosted credit usage from the
VPS ledger without exposing raw keys or key hashes.
[2026-07-03] record | Stripe setup-mode beta card collection hardening
Files touched: wiki/dev-log.md, log.md
Notes: Recorded the production-readiness delta that $0 hosted beta checkout now explicitly asks Stripe Checkout setup mode to collect card payment methods. SMTP and Stripe secrets remain the live blockers before hosted self-service can be called fully operational.
[2026-07-03] record | hosted beta Stripe setup deployed
Files touched: log.md, wiki/dev-log.md
Notes: Production scout.chowmes.com is now deployed at Scout commit ea9b1d8. Stripe setup-mode beta checkout explicitly collects card payment methods, while direct beta registration remains email-delivery-only and paused until SMTP is configured. Stripe status still reports checkout, webhook, and key-delivery readiness as false.
[2026-07-03] record | Stripe Customer creation for hosted beta and credit packs
Files touched: log.md, wiki/dev-log.md
Notes: Recorded the checkout hardening step that forces Stripe Checkout to create Customer records for setup-mode beta trials and paid credit packs. This keeps card/payment-method custody in Stripe while Scout stores only customer/session references, tenants, credit balances, and usage ledger entries.
[2026-07-03] record | hosted deploy and PRISM API key provisioning
Files touched: log.md, wiki/dev-log.md
Notes: Deployed Scout commit 291655f to scout.chowmes.com and verified the container health/public health endpoint. Hosted self-service remains blocked by missing SMTP and Stripe secrets, so /beta stays paused. Generated a live operator-provisioned PRISM hosted beta key, validated it through /v1/hosted/me, and kept the one-time raw key in an ignored local secrets/ file.
[2026-07-03] record | hosted screenshot endpoint and async queue correction
Files touched: log.md, wiki/dev-log.md
Notes: Added/deployed /v1/hosted/screenshot, found production async-first was enabled with zero workers, switched production back to inline hosted execution, and verified the screenshot endpoint through scout.chowmes.com with the PRISM hosted key. The smoke returned 200, charged 3 standard credits, produced screenshot evidence, and did not echo the raw API key.
[2026-07-03] record | self-service beta key contract tightened
Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-07-03-self-service-beta-and-stripe-credit-packages.md
Notes: Recorded the safety correction that public beta registration is email-delivery-only. /v1/hosted/beta-key now fails closed when SMTP delivery is not configured, does not create an account in that state, and does not advertise raw_api_key in its OpenAPI response schema. Admin CLI provisioning remains the only approved one-time raw-key display path.
[2026-07-03] record | hosted readiness checker and email-only enforcement
Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-07-03-self-service-beta-and-stripe-credit-packages.md
Notes: Recorded the hosted SaaS readiness slice. The public self-service path
remains email-only and fails closed without SMTP; scripts/hosted_readiness_check.py
now verifies live health, package metadata, beta signup readiness, and paid
checkout readiness without exposing secrets. Live production currently has
health/packages ready and SMTP/Stripe blockers still open.
[2026-07-03] record | hosted billing admin metrics API
Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-07-03-service-key-billing-admin-metrics.md
Notes: Recorded the new service-key protected /v1/billing/admin/metrics
operator endpoint. It summarizes hosted account, credit, usage, purchase, and
revenue state without exposing raw API keys, key hashes, Stripe secrets, SMTP
secrets, or payment details.
[2026-07-03] deploy | hosted billing admin metrics API
Files touched: wiki/dev-log.md
Notes: Deployed Scout commit ac80f29 to scout.chowmes.com and verified the
new admin metrics endpoint. Missing-key requests return 403; service-key
requests work through the public domain and returned live non-secret totals:
100 accounts, 442 usage events, and 0 purchases. Stripe and SMTP readiness
blockers remain unchanged.
[2026-07-03] record | direct email beta key registration
Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-07-03-direct-email-beta-key-registration.md
Notes: Recorded the product decision that /beta should collect name/email and
post to /v1/hosted/beta-key, with SMTP email delivery of the generated API
key. Stripe remains separate for paid/card-backed checkout; direct beta signup
does not require Stripe.
[2026-07-03] deploy | direct email beta key registration
Files touched: wiki/dev-log.md
Notes: Committed and pushed Scout 0b1864e, deployed it to
scout.chowmes.com, and verified /beta now uses the direct hosted key form
and /assets/hosted-keygen.js. Production correctly fails closed because SMTP
is not configured: /v1/hosted/beta-key returns 503 and does not create a
tenant for failed smoke signup attempts. Stripe and SMTP remain open launch
blockers.
[2026-07-03] record | Stripe smoke package selection and beta docs correction
Files touched: wiki/dev-log.md
Notes: Recorded the package-aware Stripe smoke update and documentation
correction. scripts/stripe_test_mode_smoke.py now supports explicit
--package-id standard_1000 for paid checkout smoke and --package-id
beta_trial for card-backed $0 beta setup smoke. The docs now separate direct
SMTP beta key registration from Stripe paid/card-backed checkout. The stale VPS
HOSTED_KEY_DELIVERY_ALLOW_RESPONSE_FALLBACK setting was removed and production
status still correctly reports SMTP/Stripe as not configured.
[2026-07-03] deploy | Stripe smoke package selection and beta docs correction
Files touched: wiki/dev-log.md
Notes: Committed, pushed, and deployed Scout 94e66ea to scout.chowmes.com.
The scout container is healthy. Public /status now shows separate direct
SMTP beta and paid Stripe readiness copy. /v1/billing/stripe/status still
correctly reports checkout, webhook, and key delivery as not configured.
[2026-07-03] record | readiness-gated checkout forms restored
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Recorded the website checkout slice. /pricing now has readiness-gated
paid hosted-credit checkout for standard packages. /beta now has optional
readiness-gated $0 beta setup checkout in addition to direct email beta key
registration. The forms remain disabled until Stripe, webhook, and SMTP key
delivery readiness flags are true.
[2026-07-03] deploy | readiness-gated checkout forms restored
Files touched: wiki/dev-log.md
Notes: Deployed Scout commit dd5dfe6 to scout.chowmes.com. Docker health
is healthy. Public /pricing contains the paid checkout form and package
options. Public /beta contains both direct hosted key registration and
optional $0 beta checkout. Public Stripe status still correctly reports
checkout, webhook, and key delivery readiness as false.
[2026-07-03] record | VPS hosted env configuration helper
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Recorded the new scout-hosted-admin configure-production-env operator
path. It installs allowlisted SMTP/Stripe settings from an ignored local env
file to /opt/prism/scout/.env, preserves unrelated server env lines, avoids
printing secret values, and can recreate the scout container. Live readiness
still shows SMTP and Stripe as missing until real values are supplied.
[2026-07-03] deploy | VPS hosted env configuration helper
Files touched: wiki/dev-log.md
Notes: Pushed Scout commit bc58ff0 and fast-forwarded the VPS repo to that
commit. Verified scripts/scout-hosted-admin --help exposes
configure-production-env, scripts/scout-vps-configure-hosted-env is
executable, and the production scout container remains healthy.
[2026-07-03] record | beta key delivery email upgraded
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Recorded the upgraded self-service beta key email. It now includes the beta credit/30-day boundary, not-unlimited warning, curl quick test, account/balance link, usage ledger link, purchase history link, docs/pricing, secret-handling warning, support reply instructions, and Arijit Chowdhury / Founder, Chowmes signature.
[2026-07-03] deploy | beta key delivery email upgraded
Files touched: wiki/dev-log.md
Notes: Committed and pushed Scout 5b42a0b, deployed it to the ChowMes VPS,
and verified the VPS repo is at 5b42a0b, the scout Docker container is
healthy, and public /health responds from https://scout.chowmes.com.
Hosted readiness remains blocked by missing SMTP and Stripe checkout/webhook
configuration.
[2026-07-03] record | hosted beta signup telemetry ledger
Files touched: docs/product/hosted-admin-operations.md, wiki/dev-log.md
Notes: Added non-secret hosted signup event tracking for direct beta key requests. Admin metrics now exposes signup event counts and recent delivered, failed, and duplicate signup outcomes without raw API keys or key hashes.
[2026-07-03] deploy | hosted beta signup telemetry ledger
Files touched: wiki/dev-log.md
Notes: Committed and pushed Scout 5a076d0, deployed it to the ChowMes VPS,
and verified the scout container is healthy. Production signup smoke with a
synthetic email returned the expected SMTP-not-configured 503 and created a
failed direct_beta_key signup event visible in admin metrics.
[2026-07-03] record | Stripe Checkout fail-closed API readiness
Files touched: docs/product/hosted-admin-operations.md, wiki/dev-log.md
Notes: Hardened the checkout API so partial Stripe configuration cannot create Checkout Sessions unless webhook verification and hosted key delivery are ready. Beta-trial setup also requires beta signup to be enabled.
[2026-07-03] deploy | Stripe Checkout fail-closed API readiness
Files touched: wiki/dev-log.md
Notes: Committed and pushed Scout ecde8d3, deployed it to the ChowMes VPS,
and verified the scout container is healthy. Production checkout smoke for
standard_1000 now returns 503 with Stripe webhook secret is not configured
instead of creating a Checkout Session in partial configuration.
[2026-07-03] build | hosted access disable lifecycle
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Added the hosted access disable path for beta operations. Operators can now disable a hosted account by email or tenant id, or disable a single API key by key id, using scripts/scout-hosted-admin disable-access ... --yes. The command preserves audit records, updates hosted tenant/key status in /data/hosted_accounts.sqlite, and avoids raw API key or key-hash output. Focused verification passed for account service, SQLite persistence, and admin script behavior.
[2026-07-03] build | hosted readiness admin command
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Added scripts/scout-hosted-admin readiness as the canonical operator command for hosted beta/paid checkout readiness checks. It wraps the existing non-secret readiness checker and supports --json, --require-beta-signup, and --require-paid-checkout, so operators no longer need to remember the Python script path.
[2026-07-03] build | hosted SMTP and Stripe config validator
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Added scripts/scout-hosted-admin validate-config, backed by scripts/scout-validate-hosted-config, to validate local SMTP/Stripe secrets files before pushing production env to the VPS. configure-production-env now runs the validator before upload and defaults to --require all, refusing partial paid-checkout config unless the operator explicitly requests --require beta.
[2026-07-03] build | hosted config template writer
Files touched: index.md, log.md, wiki/dev-log.md
Notes: Added scripts/scout-hosted-admin write-config-template, backed by
scripts/scout-write-hosted-config-template, to create a non-secret
secrets/scout-production.env starter file for hosted SMTP and Stripe
configuration. The command includes passwordless beta signup, SMTP delivery,
Stripe package/webhook, and hosted redirect placeholders; refuses overwrite
without --force; and keeps real secret collection outside the repo.
[2026-07-03] build | passwordless beta signup contract hardening
Files touched: log.md, wiki/dev-log.md
Notes: Hardened hosted beta signup so POST /v1/hosted/beta-key requires
name and email, forbids removed invite/password fields, and keeps raw API keys
out of HTTP responses. Full unit verification passed with 761 passed;
pyright, Ruff, and format checks passed. Hosted readiness still correctly
reports SMTP and Stripe configuration blockers.
[2026-07-03] build | public beta signup rate limiting
Files touched: log.md, wiki/dev-log.md
Notes: Added configurable per-client throttling for public
POST /v1/hosted/beta-key registration attempts. Defaults are three attempts
per apparent client address per hour. The guard runs before account creation
or email delivery, returns 429 with Retry-After, and is now represented in
the hosted config template, VPS env allowlist, .env.example, distribution
docs, and hosted operations runbook. Full unit verification passed with
763 passed; pyright, Ruff, and format checks passed.
[2026-07-03] build | pending beta registration capture
Files touched: log.md, wiki/dev-log.md
Notes: Changed hosted beta signup so when beta registration is enabled but
SMTP delivery is not configured, Scout records a pending_delivery signup
event and returns 202 Accepted instead of failing with 503. The pending
path creates no tenant, no API key, and no raw key exposure. Duplicate pending
requests for the same email are idempotent. The beta page now keeps the form
usable in this state and explains that API-key delivery is queued until hosted
email delivery is configured. Focused verification passed; affected
hosted/website suites reported 48 passed; pyright and Ruff passed for the
changed Python files.
[2026-07-03] ops | hosted config and monitoring checkpoint
Files touched: log.md, wiki/dev-log.md
Notes: Verified the hosted self-service blockers from both local and VPS
state without printing secret values. There is no filled local
secrets/scout-production.env; a new ignored template was generated with
scripts/scout-hosted-admin write-config-template --output
secrets/scout-production.env. VPS /opt/prism/scout/.env has
HOSTED_BETA_SIGNUP_ENABLED present but is missing SMTP delivery settings,
Stripe secret, Stripe paid package price IDs, success/cancel URL values, and
webhook secret. The production readiness command still reports health/packages
ready, beta signup blocked, and paid checkout blocked.
Monitoring snapshot: list-signups shows one pending_delivery beta request
and one older failed request; list-usage --summary shows hosted usage ledger
activity for scrape, crawl_page, and screenshot; list-purchases is empty;
process-pending-signups --dry-run reports one queued signup and makes no
mutation.
Next required external inputs: SMTP host/from/username/password or SMTP
provider details, Stripe secret key, Stripe webhook secret, and live Stripe
price IDs for standard_1000, standard_3000, and standard_15000.
[2026-07-03] correction | hosted status truthfulness
Files touched: log.md, wiki/dev-log.md, index.md
Notes: Corrected the public /status page and admin operations runbook so
they no longer claim "Current blockers: 0" or say direct beta signup fails
closed when SMTP is missing. The implemented and deployed behavior is: beta
signup is enabled, requests without SMTP are recorded as pending_delivery,
no account/key/credits are created until SMTP delivery is configured, and the
protected admin drain can process the queue after a smoke email succeeds.
Verification: Added tests/unit/website/test_hosted_status_copy.py and watched
it fail against the stale copy, then pass after the fix. Focused verification:
tests/unit/website/test_hosted_status_copy.py reported 1 passed;
tests/unit/website/test_launch_website.py reported 29 passed, 2 warnings;
hosted billing/admin/signup suites reported 53 passed, 2 warnings; pyright
and Ruff passed for changed Python test files. Commit f73475a was pushed and
deployed to the VPS; production health is green and
https://scout.chowmes.com/status now says "Current blockers: external
configuration." Follow-up docs commit 531786f clarified pending beta signup
operations and is pushed; deploy it with the next code-bearing release.
[2026-07-03] build | pending signup delivery processor
Files touched: log.md, wiki/dev-log.md
Notes: Added the operator path for queued beta requests:
scripts/scout-hosted-admin process-pending-signups --dry-run and --yes.
The processor dedupes to the newest pending request per email, skips emails
that already have accounts or non-pending final events, refuses real mutation
without SMTP delivery configured, emails the one-time key when enabled, and
records delivered/failed outcomes without printing raw keys, key hashes, or
SMTP secrets. Focused TDD verification went red with 6 expected failures and
green with 6 passed, 2 warnings. Production still needs real SMTP and Stripe
configuration before self-service hosted beta and paid checkout are fully live.
Deployment: pushed commit a4e729b to GitHub and deployed it to the VPS.
Production health is green at https://scout.chowmes.com/health. Hosted
billing status still accurately reports Stripe and SMTP blockers. Pending
signup dry-run from the Mac found one queued Codex smoke request and made no
mutations.
[2026-07-03] build | beta request status lookup
Files touched: log.md, wiki/dev-log.md
Notes: Added POST /v1/hosted/beta-key/status plus a beta-page status-check
form. Testers can now enter the registration email to see non-secret state
(pending_delivery, delivered, failed, duplicate, account_exists, or
not_found) before they have an API key. The endpoint shares public signup
rate limiting and does not expose raw API keys or key hashes. Focused TDD
verification went red with 5 expected failures and green with
5 passed, 2 warnings.
[2026-07-03] build | hosted beta key recovery
Files touched: log.md, wiki/dev-log.md
Notes: Added self-service lost-key recovery for hosted beta users. New route:
POST /v1/hosted/beta-key/reissue. The beta page now includes a "Lost your
API key?" form. If SMTP delivery is configured and the email has a hosted
account, Scout issues a replacement key, emails it to the same inbox, and
disables the previous key only after email delivery succeeds. Unknown emails
receive a non-enumerating accepted response. If SMTP delivery is not configured,
the endpoint fails closed with 503 so Scout does not create a raw key that
cannot be delivered. Focused TDD verification went red with 5 expected failures
and green with 5 passed, 2 warnings; affected suites reported
74 passed, 2 warnings. Commit 8799958 was deployed to the VPS; production
health is green, /beta contains the reissue form, and the live reissue route
returns the expected SMTP-not-configured 503 until hosted key delivery is
configured.
[2026-07-03] build | hosted payment readiness diagnostics
Files touched: log.md, wiki/dev-log.md
Notes: Expanded /v1/billing/stripe/status with non-secret
missing_configuration, blocking_reasons, and operator_next_actions
diagnostics while preserving the existing readiness booleans. The pricing page
now displays API-provided blocker reasons and setup actions instead of only
generic paused checkout copy. The response intentionally exposes only
capability names and never returns Stripe secrets, webhook secret values, SMTP
passwords, raw hosted API keys, or key hashes. Focused TDD verification went
red for the missing fields/script consumption and green with billing status
tests at 11 passed, 2 warnings plus the targeted pricing website test at
1 passed, 2 warnings. SMTP and Stripe external configuration remain the
actual production blockers.
[2026-07-03] build | structured hosted credit policy
Files touched: log.md, wiki/dev-log.md
Notes: Added structured metering metadata to /v1/billing/packages via
credit_policy, preserving the older credit_costs prose map. Each policy row
now exposes action, credit bucket, credits per unit, metered unit,
included_in_standard_1000, and customer-facing description. The pricing page
now prefers the structured policy and falls back to legacy credit strings only
if an older API response is served. This clarifies the $10 / 1,000 standard
credit package without configuring Stripe or SMTP.
[2026-07-03] build | Stripe smoke helper correctness
Files touched: log.md, wiki/dev-log.md
Notes: Fixed the real Stripe smoke helper so it matches the hosted checkout
API contract. scripts/stripe_test_mode_smoke.py now sends name, email,
and package_id to /v1/billing/stripe/checkout-session, exposes --name on
the CLI, and uses a certifi-backed TLS context for HTTPS hosted checks. Docs
examples were updated in distribution, hosted admin operations, and Stripe
readiness docs. Focused verification reported 61 passed, Pyright 0 errors,
and Ruff clean. Live smoke against https://scout.chowmes.com now reaches the
actual blockers instead of failing TLS locally: Stripe Checkout, webhook
secret, and hosted SMTP key delivery are still not configured.
Follow-up: Made the smoke helper's readiness output package-aware. The
beta_trial path now reports Stripe beta checkout is not ready, while paid
packages still report Stripe paid-key delivery is not ready. Focused tests
reported 9 passed; live checks now distinguish the $0 beta setup blocker
from paid checkout blockers.
[2026-07-03] build | hosted production smoke gate
Files touched: scripts/hosted_production_smoke.py,
scripts/scout-hosted-admin, tests/unit/scripts/test_hosted_production_smoke.py,
tests/unit/scripts/test_vps_admin_scripts.py,
docs/product/hosted-admin-operations.md, log.md, wiki/dev-log.md.
Notes: Added scripts/scout-hosted-admin production-smoke as the operator gate
for the hosted SaaS path. The gate checks hosted health, billing packages,
card-backed beta checkout readiness, paid checkout readiness, and only runs
non-mutating Stripe smoke checks when the readiness flags are already green.
It emits machine-readable JSON with ok, blocker list, and exact next
operator commands without printing Stripe secrets, webhook secrets, SMTP
passwords, raw hosted API keys, or key hashes.
Current live truth from https://scout.chowmes.com: health is green and
package metadata is green, but hosted production is not ready because SMTP
key delivery, Stripe Checkout, Stripe webhook secret, card-backed beta
checkout, and paid checkout/key delivery remain unconfigured.
Verification: TDD red failed with the missing hosted_production_smoke module.
Focused green verification reported 24 passed. Pyright reported 0 errors;
Ruff check and format check were clean for the touched script/tests. Live
production-smoke --json produced ok: false with the expected blockers and
next steps.
Deployment follow-up: Commit 94de315 fixed direct execution of the production
smoke helper on the VPS by adding a repo-root import path guard. The VPS
checkout fast-forwarded to 94de315, and
scripts/scout-hosted-admin production-smoke --json now runs on the server and
returns the expected ok: false blocker report.
[2026-07-03] build | beta signup is card-backed checkout first
Files touched: website/beta.html, website/quickstart.html,
website/README.md, website/assets/pricing.js,
website/assets/hosted-keygen.js, docs/distribution.md,
docs/product/hosted-admin-operations.md,
docs/product/public-hosted-launch-readiness-plan-2026-07-03.md,
tests/unit/website/test_launch_website.py,
tests/unit/test_hosted_pricing_docs.py.
Notes: Aligned public beta access with the production-readiness goal. The
public /beta page no longer advertises a direct "email my beta key" form.
The primary self-service path is now card-backed $0 Stripe setup through
POST /v1/billing/stripe/checkout-session with package beta_trial; signed
webhook provisioning plus SMTP key delivery emails the hosted API key. The
direct /v1/hosted/beta-key endpoint remains in the backend as a
compatibility/admin recovery path for pending delivery and existing operational
tests, but it is no longer the public website CTA.
Verification: TDD red caught the old direct hostedKeyForm. Green verification
reported 77 passed, 2 warnings across website, pricing-doc, Stripe checkout,
webhook, provisioning, smoke-helper, and production-smoke focused suites.
Pyright reported 0 errors; Ruff check and format check were clean after
formatting the updated website test.
Deployment: Commit 9a03462 was pushed and pulled on the VPS. Because the
running container serves baked-in website files, the Scout Docker image was
rebuilt and the scout container recreated. Production health returned ok.
Live https://scout.chowmes.com/beta now contains pricingCheckoutForm and
/v1/billing/stripe/checkout-session, and no longer contains hostedKeyForm
or the Email My Beta Key button.
[2026-07-03] build | beta readiness requires checkout readiness
Files touched: scripts/hosted_readiness_check.py,
scripts/hosted_production_smoke.py,
tests/unit/scripts/test_hosted_readiness_check.py,
docs/product/hosted-admin-operations.md,
docs/product/public-hosted-launch-readiness-plan-2026-07-03.md.
Notes: Tightened hosted readiness after the public beta path became
Stripe-first. scripts/scout-hosted-admin readiness --require-beta-signup
now requires ready_for_beta_checkout, not merely
ready_for_beta_key_delivery. This prevents the operator gate from saying
beta signup is ready when SMTP is configured but Stripe Checkout/webhook setup
is still missing. The blocker text now says card-backed beta checkout not
ready.
Verification: TDD red proved the old checker returned beta-ready when only
key delivery was ready. Green verification reported 17 passed; Pyright
reported 0 errors; Ruff check and format check were clean. Live
production-smoke --json now reports card-backed beta checkout not ready.
[2026-07-03] correction | public copy now matches hosted smoke truth
Files touched: website/pricing.html, website/status.html,
website/terms.html, website/legal.html,
tests/unit/website/test_launch_website.py.
Notes: Removed stale public-facing claims that implied the hosted beta was
ready or that beta key generation does not require Stripe. The current website
copy now says the hosted service is online, but self-service beta setup is
configuration-gated until SMTP key delivery, Stripe Checkout, and Stripe
webhook verification are configured and smoke-tested. The beta trial copy now
states that $0 Stripe Checkout is intentional because it verifies the payment,
webhook, account provisioning, and email key-delivery pipeline before paid
packages open.
Verification: Focused website/pricing/readiness tests reported 40 passed.
Live scripts/scout-hosted-admin production-smoke --json still reports
ok: false with blockers for SMTP key delivery, Stripe Checkout, Stripe
webhook secret, card-backed beta checkout, and paid checkout/key delivery.
[2026-07-03] fix | Stripe setup-mode beta payload corrected
Files touched: scout/core/platform/stripe_checkout.py,
tests/unit/api/test_billing_stripe_checkout.py,
docs/product/hosted-admin-operations.md.
Notes: Corrected the $0 beta Checkout payload so beta_trial uses Stripe
Checkout mode=setup without sending payment-mode-only
customer_creation=always. Paid credit packages continue using
mode=payment, Stripe price line items, and customer_creation=always.
This makes the beta setup path more likely to work once real Stripe secrets and
webhook settings are installed.
Verification: Added a transport-level regression test that failed before the
fix because the setup-mode payload contained customer_creation. Focused
Stripe checkout/webhook/payment tests reported 40 passed; Pyright reported
0 errors; Ruff check and format check were clean.
[2026-07-03] correction | deployed beta path is email-first
Files touched: index.md, wiki/dev-log.md, wiki/decisions/2026-07-03-email-first-beta-registration-supersedes-stripe-first.md, wiki/decisions/2026-07-03-self-service-beta-and-stripe-credit-packages.md, wiki/syntheses/unit-economics-pricing-2026-06-29.md
Notes: Corrected conflicting Scout vault state. Live https://scout.chowmes.com/beta uses hostedKeyForm and /v1/hosted/beta-key; it does not use pricingCheckoutForm or /v1/billing/stripe/checkout-session. Production status reports public_self_service_path=email_beta_registration, beta_signup_enabled=true, and SMTP/Stripe blockers still open. Older Stripe-first public beta notes are superseded by the new ADR.
[2026-07-03] deploy | hosted beta docs and public status copy aligned
Files touched: index.md, wiki/dev-log.md, log.md
Notes: Repo commit 7900997 Align hosted beta docs with email registration was pushed and deployed to https://scout.chowmes.com. Production is healthy. Public /status now says beta registration queues API-key delivery while SMTP is missing and no longer claims account/key/credit provisioning happens immediately.
[2026-07-03] fix + deploy | Docker license packaging blocker closed
Files touched: .dockerignore, docker/Dockerfile, tests/unit/test_docker_distribution.py, index.md, wiki/dev-log.md, log.md
Notes: Repo commit eca3ee2 Include license in Docker distribution was pushed and deployed to https://scout.chowmes.com. The Docker image now copies the root LICENSE file into /app before pip install ., and .dockerignore preserves LICENSE in the build context. This closes the container-only license-file-missing readiness mismatch.
Verification: TDD red reproduced the Docker metadata miss, then green verification reported tests/unit/test_docker_distribution.py: 4 passed; focused launch/website/CLI/Docker verification reported 99 passed, 8 warnings; Pyright reported 0 errors; Ruff check and format check were clean. Local docker build -f docker/Dockerfile -t scout:license-smoke . succeeded, and docker run --rm scout:license-smoke python -m scout.cli launch-readiness --require-hosted-saas reported Public launch: ready and Hosted SaaS: blocked. Production VPS git HEAD is eca3ee2; the scout container is healthy; public /health returns ok; in-container production readiness reports the same five hosted SaaS blockers only.
Remaining blockers: SMTP key delivery configuration, Stripe Checkout configuration, Stripe webhook secret, hosted beta email smoke, and paid checkout/key-delivery smoke.
[2026-07-03] fix | beta Stripe checkout returns to beta page
Files touched: scout/core/platform/stripe_checkout.py, scout/api/config.py,
scout/api/main.py, scripts/scout-vps-configure-hosted-env,
scripts/scout-validate-hosted-config, .env.example,
scripts/scout-write-hosted-config-template, product/distribution docs, and
focused tests.
Notes: Added STRIPE_BETA_SUCCESS_URL and STRIPE_BETA_CANCEL_URL so the
beta_trial setup-mode Checkout Session returns to /beta?checkout=... instead
of the paid /pricing?checkout=... page. The VPS env installer now allowlists
the beta return URL settings, and config preflight validates beta URLs as HTTPS
when present.
Verification: Regression tests first failed on missing allowlist/docs, then
passed after the fix. Focused checks reported 27 passed, then 38 passed;
Pyright reported 0 errors; Ruff check and format check were clean.
Remaining blockers: production still needs real Stripe secret, price IDs,
webhook secret, SMTP credentials, and live test-mode checkout/email smoke.
[2026-07-03] ops | production Stripe return URLs installed
Files touched: VPS /opt/prism/scout/.env only.
Notes: Installed non-secret public redirect settings:
STRIPE_SUCCESS_URL, STRIPE_CANCEL_URL, STRIPE_BETA_SUCCESS_URL, and
STRIPE_BETA_CANCEL_URL. Recreated the scout container.
Verification: https://scout.chowmes.com/health returned OK. Stripe status and
hosted readiness no longer list missing generic success/cancel URLs. Remaining
production blockers are now Stripe secret, Stripe webhook secret, paid package
price IDs, and SMTP delivery credentials/smoke.
[2026-07-03] fix | SMTP delivery readiness now requires credentials
Files touched: scout/core/platform/key_delivery.py,
tests/unit/core/platform/test_key_delivery.py.
Notes: Runtime SMTP delivery readiness now matches hosted config preflight:
Scout does not consider API-key email delivery enabled unless SMTP host,
from-email, username, and password are all configured. This prevents a partial
host/from-only SMTP config from making /v1/billing/stripe/status look ready
while delivery would fail during the actual beta key email.
Verification: Added a failing regression test for missing SMTP username/password
and fixed it. Focused checks reported 5 passed, then 52 passed; Pyright
reported 0 errors; Ruff check and format check were clean.
[2026-07-03] docs/tooling | SMTP smoke scripts require full credentials
Files touched: scripts/scout-vps-send-hosted-test-email,
scripts/scout-vps-process-pending-beta-signups,
tests/unit/scripts/test_vps_admin_scripts.py.
Notes: Tightened operator help text for SMTP smoke testing and pending beta
signup delivery. Both scripts now state the same runtime contract as the code:
host, from-email, username, and password are all required before hosted key
delivery is considered configured.
Verification: Added tests that fail if the stale "production also requires"
wording returns. Admin-script tests reported 24 passed; combined key-delivery,
admin-script, and readiness checks reported 34 passed.
[2026-07-03] correction | beta signup copy is email-first with checkout hook
Files touched: website/beta.html, scout/api/routers/billing.py,
docs/distribution.md, docs/product/hosted-admin-operations.md,
tests/unit/website/test_launch_website.py,
tests/unit/api/test_billing_stripe_checkout.py, index.md,
wiki/dev-log.md,
wiki/decisions/2026-07-03-email-first-beta-registration-supersedes-stripe-first.md.
Notes: Corrected the public beta posture so /beta no longer advertises
Start $0 Beta Checkout as the live primary CTA while Stripe/SMTP remain
externally blocked. The public copy is now email-first: testers register with
name/email and receive the API key by email when delivery is configured. The
Stripe beta checkout endpoint remains wired as a readiness-gated hook. The
non-secret Stripe status contract now reports
public_self_service_path=email_beta_registration_with_checkout_hook.
[2026-07-03] fix | beta readiness checker follows email key delivery
Files touched: scripts/hosted_readiness_check.py,
tests/unit/scripts/test_hosted_readiness_check.py,
tests/unit/test_hosted_pricing_docs.py, docs/distribution.md,
docs/product/hosted-admin-operations.md, index.md, wiki/dev-log.md,
wiki/decisions/2026-07-03-beta-readiness-follows-email-key-delivery.md.
Notes: Corrected the hosted readiness checker so --require-beta-signup means
email-first beta key delivery readiness (ready_for_beta_key_delivery), not
Stripe checkout readiness (ready_for_beta_checkout). This prevents the
operator gate from staying blocked after SMTP works but before paid/card-backed
Stripe checkout is enabled.
Verification: TDD red test reproduced the stale checker behavior, then passed
after the patch. Focused readiness/admin/docs/API verification reported
54 passed, 2 warnings; Pyright reported 0 errors; Ruff check and format
check were clean. Live scripts/scout-hosted-admin readiness --json against
https://scout.chowmes.com now reports beta blocked by
hosted beta key delivery not ready, with health/packages ready.
[2026-07-03] fix | beta page submits email registration instead of checkout gate
Files touched: website/beta.html, website/assets/hosted-keygen.js,
tests/unit/website/test_launch_website.py, index.md, wiki/dev-log.md.
Notes: Corrected the public beta form so the readiness flag and submit path
follow ready_for_beta_key_delivery. The form no longer presents card-backed
Stripe checkout as the primary beta gate and no longer says it is falling back
to an email queue. It submits the email-first /v1/hosted/beta-key path and
shows pending-delivery copy when SMTP is not configured.
Verification: Regression tests first failed against the stale
ready_for_beta_checkout beta page contract. After the patch,
tests/unit/website/test_launch_website.py reported 30 passed, and the
adjacent website/billing/readiness/hosted signup set reported
82 passed, 2 warnings. Ruff check and format check were clean for the touched
Python test.
[2026-07-03] fix | pricing and quickstart align to email-first beta
Files touched: website/pricing.html, website/quickstart.html,
website/assets/pricing.js,
docs/product/unit-economics-and-pricing-model-2026-06-29.md,
docs/product/hosted-admin-operations.md,
docs/product/public-hosted-launch-readiness-plan-2026-07-03.md,
tests/unit/website/test_launch_website.py,
tests/unit/test_hosted_pricing_docs.py, index.md, wiki/dev-log.md.
Notes: Removed stale public copy that said beta setup uses $0 Stripe Checkout
or falls back to queued email registration while checkout is paused. Pricing,
quickstart, and launch-readiness docs now say beta access starts with
email-first registration; paid Stripe checkout is a separate hosted-credit
package path.
Verification: Website/docs tests first failed on the stale checkout-first copy.
After the patch, website/pricing docs verification reported 34 passed,
2 warnings, and the adjacent website/pricing/billing/readiness set reported
57 passed, 2 warnings. Ruff check and format check were clean.
[2026-07-03] feature | hosted billing portal self-service
Files touched: scout/core/platform/stripe_checkout.py,
scout/api/routers/billing.py, scout/api/routers/hosted.py,
scout/api/deps.py, scout/api/main.py, scout/api/config.py,
website/account.html, website/assets/account.js, hosted env scripts,
distribution/admin/readiness docs, and portal/account tests.
Notes: Added authenticated Customer Portal creation at
POST /v1/billing/stripe/customer-portal-session. The endpoint uses the
hosted Bearer API key, infers the Stripe customer from the tenant's persisted
checkout records, fails closed when no customer is linked, and never accepts or
returns raw Stripe customer IDs or secret keys through the browser. /account
now exposes a Manage billing action after account lookup.
Verification: RED tests failed on missing portal symbols/dependency first.
After implementation, focused tests reported 61 passed, 2 warnings;
script/docs tests reported 57 passed; full unit suite reported 789 passed,
8 warnings; Pyright reported 0 errors; Ruff check and format check were
clean.
Follow-up: /v1/billing/stripe/status now exposes customer portal readiness
and includes STRIPE_PORTAL_RETURN_URL in missing hosted paid self-service
configuration when absent.
Verification: TDD red tests failed against the checkout-first copy/status, then
passed after the patch. Focused hosted billing/key/pricing/site verification
reported 91 passed, 2 warnings; Pyright reported 0 errors; Ruff check and
format check were clean. Repo commit ccd940b Make beta signup email-first was
pushed and deployed. VPS remote HEAD is ccd940b, the scout container is
healthy, https://scout.chowmes.com/health returns OK, and live
/v1/billing/stripe/status returns
public_self_service_path=email_beta_registration_with_checkout_hook.
[2026-07-03] fix | beta readiness now requires card-backed setup
Files touched: website/beta.html, website/assets/hosted-keygen.js,
website/quickstart.html, website/pricing.html,
scout/api/routers/billing.py, scripts/hosted_readiness_check.py,
distribution/admin docs, website/billing/readiness tests, index.md, and
wiki/dev-log.md.
Notes: Re-aligned the beta flow with the production-readiness goal. The beta
form now uses ready_for_beta_checkout; if true, it creates a $0 Stripe
setup session, and if false but signup is open, it records the name/email
request for later delivery. The readiness checker now treats email-only
delivery as insufficient for full beta readiness.
Verification: TDD tests first failed on stale email-first assertions. After the
patch, the focused site/billing/signup/readiness/docs set reported 88 passed,
2 warnings; full unit reported 789 passed, 8 warnings; Pyright reported
0 errors; Ruff check and format check were clean.
[2026-07-03] fix | hosted docs aligned to card-backed beta setup
Files touched: docs/product/unit-economics-and-pricing-model-2026-06-29.md,
docs/product/hosted-admin-operations.md, docs/distribution.md,
tests/unit/test_hosted_pricing_docs.py, and wiki/dev-log.md.
Notes: Replaced stale email-first/invite-controlled beta wording with the
current production contract: card-backed $0 beta setup when Stripe Checkout,
signed webhook, and SMTP key delivery are configured; name/email capture is a
fallback request queue while live settings are missing.
Verification: Added failing assertions first. They failed against the stale
docs, then passed after the docs were patched. Focused hosted
billing/signup/admin/doc tests reported 89 passed, 2 warnings.
[2026-07-03] fix | public beta route cannot bypass card-backed setup
Files touched: scout/api/routers/hosted.py,
tests/unit/api/test_hosted_scrape.py, website/beta.html,
website/assets/hosted-keygen.js, website/README.md,
docs/distribution.md, docs/product/hosted-admin-operations.md, and
wiki/dev-log.md.
Notes: POST /v1/hosted/beta-key now records pending beta requests only. It
does not provision a tenant, send SMTP key delivery, or issue a usable API key
from the public route. Public key issuance is reserved for signed Stripe
webhook provisioning after card-backed $0 beta setup, or protected admin
delivery of queued requests.
Verification: Tests were changed first and failed against the old direct
provisioning behavior. After the route and copy patch, affected hosted/site/doc
tests reported 63 passed, 2 warnings; full unit reported 789 passed,
8 warnings; Pyright reported 0 errors; Ruff check and format check were
clean.
[2026-07-03] fix | hosted VPS restart rebuilds Scout image
Files touched: scripts/scout-vps-configure-hosted-env,
tests/unit/scripts/test_vps_admin_scripts.py, docs/distribution.md,
docs/product/hosted-admin-operations.md, and wiki/dev-log.md.
Notes: configure-production-env --restart now runs Docker Compose with
--build --force-recreate before health inspection. This records and fixes the
deployment trap where GitHub/VPS HEAD moved forward but the live container kept
serving an old image.
Verification: Added a failing assertion first, then patched the script.
python3 -m pytest tests/unit/scripts/test_vps_admin_scripts.py -q reported
25 passed; bash -n scripts/scout-vps-configure-hosted-env passed.
[2026-07-03] fix | API-key delivery email copy matches package type
Files touched: scout/core/platform/key_delivery.py,
scout/api/routers/billing.py, tests/unit/core/platform/test_key_delivery.py,
tests/unit/api/test_billing_stripe_webhook.py, docs/distribution.md,
docs/product/hosted-admin-operations.md, and wiki/dev-log.md.
Notes: Hosted key-delivery requests now carry package ID and credit counts.
Beta-trial emails keep the beta tester subject and 100-credit/30-day boundary;
first-time paid package emails use paid hosted API-key copy with the purchased
package ID and actual standard/browser credits. Stripe webhook delivery passes
the canonical package metadata into SMTP delivery.
Verification: Added a failing standard_1000 delivery-email test first. After
the patch, tests/unit/core/platform/test_key_delivery.py -q reported
6 passed, and tests/unit/api/test_billing_stripe_webhook.py -q reported
9 passed.
[2026-07-03] fix | paid packages map to hosted plan limits
Files touched: scout/core/platform/pricing.py,
scout/core/platform/payment_provisioning.py,
scout/core/platform/account_service.py,
scout/core/platform/account_sqlite_store.py,
tests/unit/core/platform/test_pricing.py,
tests/unit/core/platform/test_payment_provisioning.py,
docs/product/unit-economics-and-pricing-model-2026-06-29.md,
docs/product/hosted-admin-operations.md, and wiki/dev-log.md.
Notes: standard_1000 and standard_3000 now map to hosted_starter, while
standard_15000 maps to hosted_pro. First-time paid checkout provisions the
package's hosted plan. Existing beta tenants are upgraded when buying a higher
package and are never downgraded by a lower package.
Verification: Added failing package/provisioning tests first. After the patch,
pricing/payment provisioning tests reported 17 passed, and adjacent
Stripe/hosted API tests reported 58 passed.
[2026-07-03] change | beta registration directly emails API keys
Files touched: scout/api/routers/hosted.py, scout/api/routers/billing.py,
scripts/hosted_readiness_check.py, beta/pricing/quickstart website files,
hosted distribution docs, and focused API/site/readiness tests.
Notes: Public beta signup no longer depends on card-backed Stripe setup.
POST /v1/hosted/beta-key provisions a finite-credit beta tenant and emails
the API key when SMTP delivery is configured. If SMTP is missing, it records a
pending request without creating an account/key. Stripe remains the paid
credit-package checkout path.
Verification: Focused tests reported 88 passed; full unit reported
794 passed; Pyright and Ruff were clean.
[2026-07-03] change | public beta signup smoke added
Files touched: scripts/hosted_beta_signup_smoke.py,
scripts/scout-hosted-admin, tests/unit/scripts/test_hosted_beta_signup_smoke.py,
tests/unit/scripts/test_vps_admin_scripts.py,
docs/product/hosted-admin-operations.md, index.md, wiki/dev-log.md, and
log.md.
Notes: Added a non-secret operator smoke command for public beta self-service:
scripts/scout-hosted-admin beta-signup-smoke --email tester@example.com --name
"Tester Name". It verifies /v1/hosted/beta-key plus
/v1/hosted/beta-key/status and never prints raw API keys.
Verification: Focused script/admin tests reported 38 passed; full unit
reported 798 passed; Pyright/Ruff/shell syntax checks passed for the changed
files.
[2026-07-03] change | production smoke beta gate corrected
Files touched: scripts/hosted_production_smoke.py,
tests/unit/scripts/test_hosted_production_smoke.py, wiki/dev-log.md, and
log.md.
Notes: Renamed the smoke result from beta checkout to beta key delivery and
stopped running Stripe smoke for the current direct-email beta path. Paid
checkout smoke remains Stripe-based.
Verification: Focused hosted smoke/readiness tests reported 12 passed; full
unit reported 798 passed; Pyright and Ruff passed for the changed script and
test.
[2026-07-03] change | hosted config rejects obsolete beta price id
Files touched: scripts/scout-validate-hosted-config,
tests/unit/scripts/test_vps_admin_scripts.py, wiki/dev-log.md, and
log.md.
Notes: STRIPE_BETA_PRICE_ID is now treated as obsolete configuration because
beta API keys are delivered by email and the paid checkout path uses standard
package price IDs.
Verification: Added failing validator test first; script/admin tests reported
38 passed; full unit reported 799 passed; Ruff and Python compile checks
passed.
[2026-07-03] change | beta signup adds optional Stripe setup
Files touched: website/beta.html, website/assets/hosted-keygen.js,
scout/api/routers/billing.py, hosted readiness/smoke scripts, focused tests,
distribution docs, hosted-admin docs, wiki/dev-log.md, and log.md.
Notes: /beta now supports direct email key registration and optional $0
Stripe setup-mode checkout. Readiness and production smoke distinguish beta key
delivery, beta Stripe setup, and paid checkout.
Verification: Focused billing/website/readiness tests reported 58 passed;
full unit reported 799 passed; Pyright, Ruff, and node --check passed.
[2026-07-03] fix | public beta copy matches passwordless self-service
Files touched: README.md, website/index.html, website/beta.html,
tests/unit/website/test_launch_website.py, wiki/dev-log.md, and log.md.
Notes: Removed stale invite-only/manual-provisioning/raw-browser-key copy from
public-facing Scout materials. The visible beta story now matches the actual
API contract: name/email registration, database signup event, one-time API-key
email delivery, and no raw key in browser responses.
Verification: Added failing website regression first; focused website/pricing
and hosted beta API tests reported 37 passed, 2 warnings; frontend JS syntax
checks passed.
[2026-07-03] fix | beta Stripe setup creates customer
Files touched: scout/core/platform/stripe_checkout.py,
tests/unit/core/platform/test_stripe_checkout.py,
tests/unit/api/test_billing_stripe_checkout.py,
tests/unit/test_hosted_pricing_docs.py,
docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md.
Notes: beta_trial Checkout setup sessions now send
customer_creation=always, so the $0 card-backed beta flow is designed to
create a Stripe Customer/payment-method setup record before webhook
provisioning emails the beta API key.
Verification: Added failing Stripe payload tests first; focused
Stripe/payment/docs tests reported 49 passed, 2 warnings; Pyright and Ruff
passed.
[2026-07-03] fix | hosted readiness shows operator actions
Files touched: scripts/hosted_readiness_check.py,
tests/unit/scripts/test_hosted_readiness_check.py,
docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md.
Notes: The readiness helper now carries operator_next_actions from
/v1/billing/stripe/status, so production blockers include exact setup
categories instead of only missing flags.
Verification: Added failing readiness-script coverage first; focused test
reported 5 passed; Ruff passed; production readiness output showed the
current Stripe/SMTP blockers and operator next actions.
[2026-07-03] change | status page shows live hosted readiness
Files touched: website/status.html, website/assets/status.js,
tests/unit/website/test_hosted_status_copy.py,
docs/workspace/status-live-readiness/, wiki/dev-log.md, and log.md.
Notes: /status now fetches /v1/billing/stripe/status and renders live
non-secret beta key delivery, beta Stripe setup, paid checkout, missing config,
and operator next-action state.
Verification: Added failing website regressions first, including the public
asset allowlist check after production showed /assets/status.js returning
403. Focused website/status tests reported 5 passed, 2 warnings; JS syntax,
Pyright, and Ruff checks passed.
[2026-07-03] fix | current docs align to self-service beta
Files touched: docs/product/private-beta-launch-plan.md,
docs/product/launch-decision-dashboard-2026-06-29.md,
docs/product/launch-gate-burndown-2026-06-29.md,
docs/product/hosted-economics-and-usage-limits.md,
tests/unit/test_hosted_pricing_docs.py, wiki/dev-log.md, and log.md.
Notes: Current operating docs now describe self-service name/email beta
registration through /beta#beta-key and /v1/hosted/beta-key, finite
metered credits, email API-key delivery, and the $10 / 1,000 standard credits
pricing candidate. Stale invite-only/approved-tester/manual framing is now
guarded by tests.
Verification: Added failing docs regression first; focused hosted signup,
billing, pricing, website, status, and readiness tests reported 117 passed,
2 warnings; JS syntax, Pyright, Ruff, and Ruff format checks passed.
[2026-07-03] fix | remove invite-only drift from public/current beta copy
Files touched: website/beta.html, tests/unit/website/test_launch_website.py,
tests/unit/test_hosted_pricing_docs.py, current launch/evidence/security/
distribution docs, wiki/dev-log.md, log.md, and the latest beta ADR.
Notes: Public site and current docs now describe self-service beta access:
name/email registration at /beta#beta-key and /v1/hosted/beta-key, finite
metered credits, rate limits, SMTP delivery, and optional $0 card-backed
setup when Stripe/webhook/SMTP are configured. Stale "invited beta testers,"
"approved testers," and "invite-only" current copy is guarded by tests.
Verification: Added failing public/current copy regressions first; focused
website, docs, hosted signup, billing, key delivery, pricing, readiness, JS,
Pyright, Ruff, and format checks passed with 111 passed, 2 warnings.
[2026-07-03] change | hosted setup report groups production blockers
Files touched: scripts/scout-hosted-setup-report,
scripts/scout-hosted-admin, tests/unit/scripts/test_vps_admin_scripts.py,
docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md.
Notes: Added scripts/scout-hosted-admin setup-report --secrets-file
secrets/scout-production.env so hosted operators can see beta_email_delivery,
beta_stripe_setup, and paid_checkout readiness from one non-secret report.
The report prints missing environment variable names and exact next commands,
but never prints Stripe keys, webhook secrets, SMTP passwords, raw API keys, or
key hashes.
Verification: Added failing admin-script tests first; focused admin script
suite reported 29 passed.
[2026-07-03] fix | beta key email uses actual credit limits
Files touched: scout/core/platform/key_delivery.py,
tests/unit/core/platform/test_key_delivery.py,
docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md.
Notes: Beta API-key delivery email no longer hardcodes 100 credits / 30 days;
it uses the actual provisioned standard credits, browser credits, and trial
days. The signed email also includes a first hosted scrape cURL example so a
new beta tester can immediately validate their key.
Verification: Added failing key-delivery regressions first; focused delivery
suite reported 7 passed, 2 warnings.
[2026-07-03] fix | account page shows balance-after metering
Files touched: website/assets/account.js, website/account.html tests,
scout/core/platform/pricing.py, tests/unit/api/test_hosted_purchases.py,
tests/unit/website/test_launch_website.py,
docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md.
Notes: The customer /account surface now renders per-event credits charged
and remaining balance after each usage event from /v1/hosted/usage. The beta
package summary now says registered beta testers instead of stale approved
tester copy.
Verification: Added failing API and website regressions first; focused
metering checks reported 6 passed, 2 warnings, and node --check
website/assets/account.js passed.
[2026-07-03] fix | beta page explains readiness blockers
Files touched: website/assets/hosted-keygen.js,
tests/unit/website/test_launch_website.py,
docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md.
Notes: The public /beta script now surfaces non-secret
blocking_reasons, operator_next_actions, and
ready_for_beta_key_delivery from /v1/billing/stripe/status. Email
registration can still record beta requests while SMTP delivery is missing;
card-backed $0 beta setup remains disabled with exact readiness blockers.
Verification: Added failing beta page regressions first; focused beta tests
reported 2 passed, broader website/pricing checks reported 36 passed,
2 warnings, and JS syntax, Pyright, Ruff, and Ruff format checks passed.
[2026-07-03] change | hosted metrics admin command
Files touched: scripts/scout-hosted-admin,
scripts/scout-vps-hosted-metrics,
tests/unit/scripts/test_vps_admin_scripts.py,
docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md.
Notes: Added scripts/scout-hosted-admin metrics --format table|json so the
operator can inspect protected hosted billing/admin metrics through the running
Scout container without printing the service API key, raw hosted keys, or key
hashes.
Verification: Added failing admin-script regressions first; full admin-script
suite reported 30 passed.
[2026-07-03] change | hosted overview command
Files touched: scripts/scout-hosted-admin, scripts/scout-hosted-overview,
tests/unit/scripts/test_vps_admin_scripts.py,
docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md.
Notes: Added scripts/scout-hosted-admin overview to combine public hosted
readiness and protected live metrics in one operator command.
Verification: Added failing admin-script regressions first; admin-script suite
reported 31 passed; shell syntax, Pyright, Ruff, and format checks passed;
live overview printed readiness blockers plus account/signup/usage/purchase
metrics.
[2026-07-03] change | hosted metrics helper reliability
Files touched: scripts/scout-vps-hosted-metrics,
tests/unit/scripts/test_vps_admin_scripts.py,
docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md.
Notes: Replaced the heredoc-based protected metrics helper with a safer
docker exec ... python3 -c invocation controlled by
SCOUT_ADMIN_METRICS_FORMAT. This keeps the service key inside the container
and avoids SSH heredoc quoting failures.
Verification: Added RED regression for no heredoc; focused tests passed; live
scripts/scout-hosted-admin metrics --format table printed totals, funnel,
economics, and recent row counts from production.
[2026-07-03] change | card-backed beta primary UX
Files touched: website/beta.html, website/quickstart.html,
website/pricing.html, docs/distribution.md,
docs/product/hosted-admin-operations.md,
docs/product/unit-economics-and-pricing-model-2026-06-29.md,
docs/product/private-beta-launch-plan.md,
docs/product/hosted-economics-and-usage-limits.md,
docs/product/public-hosted-launch-readiness-plan-2026-07-03.md,
tests/unit/website/test_launch_website.py,
tests/unit/test_hosted_pricing_docs.py, wiki/dev-log.md, and log.md.
Notes: Made $0 card-backed beta setup the primary public beta path and
reframed email-only registration as a fallback request queue. This aligns the
site with the production goal of verifying Stripe setup-mode checkout, signed
webhook provisioning, and SMTP API-key delivery before paid launch.
Verification: Added RED website regression first; docs/website suite reported
39 passed, 2 warnings.
[2026-07-03] change | card-backed beta status contract
Files touched: scout/api/routers/billing.py,
tests/unit/api/test_billing_stripe_checkout.py, wiki/dev-log.md, and
log.md.
Notes: Updated /v1/billing/stripe/status so
public_self_service_path=card_backed_beta_setup_with_email_fallback and
customer next actions put $0 Stripe setup-mode beta before email-only
fallback.
Verification: Added RED status-contract test first; affected route/docs/site
suite reported 59 passed, 2 warnings; Pyright and Ruff checks passed.
[2026-07-03] change | failed beta delivery retry path
Files touched: scout/core/platform/account_service.py,
scout/api/routers/billing.py, scripts/scout-hosted-admin,
scripts/scout-vps-retry-failed-beta-signups,
tests/unit/core/platform/test_account_service.py,
tests/unit/api/test_billing_admin_metrics.py,
tests/unit/scripts/test_vps_admin_scripts.py,
docs/product/hosted-admin-operations.md, index.md, wiki/dev-log.md, and
log.md.
Notes: Added a service/API/admin-command recovery path for retrying failed beta
API-key email deliveries after SMTP is fixed. The retry path selects newest
failed events per email, skips existing tenants, records
admin_failed_beta_delivery_retry, and never prints or returns raw API keys.
Verification: Added RED service/API/script tests first; focused affected suite
reported 54 passed, 2 warnings, and Pyright, Ruff, and format checks passed.
[2026-07-03] change | hosted admin Stripe smoke wrapper
Files touched: scripts/scout-hosted-admin, scripts/stripe_test_mode_smoke.py,
tests/unit/scripts/test_vps_admin_scripts.py, docs/product/hosted-admin-operations.md,
docs/distribution.md, index.md, wiki/dev-log.md, and log.md.
Notes: Promoted the Stripe test-mode smoke helper into the primary
scripts/scout-hosted-admin stripe-smoke command surface. The helper verifies
non-secret readiness for beta_trial and paid packages and can create Checkout
Sessions with --create-checkout once Stripe/SMTP are configured.
Verification: Added RED admin-script regressions first; focused admin/docs
tests reported 37 passed; Pyright, Ruff, and format checks passed. Live
production smoke currently fails cleanly because Stripe Checkout, webhook, and
SMTP key delivery remain unconfigured.
[2026-07-03] change | self-service beta signup default
Files touched: scout/api/config.py, scout/api/routers/billing.py,
scripts/scout-validate-hosted-config, scripts/scout-hosted-setup-report,
scripts/scout-write-hosted-config-template,
tests/unit/api/test_hosted_scrape.py,
tests/unit/api/test_billing_stripe_checkout.py,
tests/unit/scripts/test_vps_admin_scripts.py, docs/distribution.md,
docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md.
Notes: Changed hosted beta signup from opt-in to open-by-default. The
HOSTED_BETA_SIGNUP_ENABLED env var now acts only as an optional pause switch
when set to false; normal self-service name/email API-key registration no
longer needs an enable flag or password gate.
Verification: RED tests first showed default beta signup was incorrectly
disabled. After implementation, focused behavior checks reported 5 passed;
the broader impacted suite reported 132 passed, 2 warnings; Pyright, Ruff,
script syntax, and diff checks passed.
Deploy: Commit d88776a was pushed and deployed to the VPS. The Scout Docker
container reported healthy, public /health returned OK, billing status
reported beta_signup_enabled=true, and a live beta registration smoke returned
delivery_status=pending_delivery without leaking the raw API key.
[2026-07-03] record | hosted pay-as-you-go pricing posture
Files touched: index.md, wiki/dev-log.md,
wiki/syntheses/unit-economics-pricing-2026-06-29.md, and log.md.
Notes: Recorded the current approved beta pricing posture: local free,
self-service hosted beta registration, $10 / 1,000, $25 / 3,000, and
$100 / 15,000 standard-credit packages, with browser-heavy work separate.
The $10 / 1,000 package is modeled at $2.59 loaded cost, 74.1% gross
margin, and 17 packs/month break-even under current assumptions.
Verification: Focused governance/pricing/API suite reported
70 passed, 2 warnings; broader impacted suite reported 106 passed,
2 warnings; full unit suite reported 819 passed, 8 warnings; Pyright,
Ruff check, and Ruff format check passed for touched Python files.
Open: SMTP and Stripe live configuration/smoke still block production-complete
hosted SaaS.