Scout

log.md

Scout — Operation Log

[2026-07-03] record | Hosted admin metric scope

Files touched: scout/api/routers/billing.py, scripts/scout-vps-hosted-metrics, tests/unit/api/test_billing_admin_metrics.py, tests/unit/scripts/test_vps_admin_scripts.py, docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md.

Notes: Added metric_scope to /v1/billing/admin/metrics and the VPS metrics helper table output. Operators can now see that current totals, funnel, and economics are recent-window monitoring values, not lifetime aggregate accounting. The scope includes row limits, returned row counts, truncation flags, and an explicit totals note.

Verification: Added RED endpoint/script expectations first. Focused metrics tests reported 2 passed, 2 warnings.

[2026-07-03] record | Hosted funnel and economics monitoring

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Added and recorded derived hosted monitoring for protected billing admin metrics. /v1/billing/admin/metrics now includes funnel and economics sections, and scripts/scout-hosted-admin metrics --format table prints those sections for operator review. This makes beta signup health, paid conversion, revenue, estimated loaded cost, estimated gross profit, margin, and credit use visible without direct database inspection.

Verification: TDD red showed missing funnel in the API response and missing funnel/economics output in the VPS metrics helper. Focused green checks passed after implementation.

[2026-07-03] record | Hosted economics admin command

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Added and recorded scripts/scout-hosted-admin economics, a local operator command that prints Scout's canonical hosted package economics without reading or printing secrets. It exposes the $10 / 1,000 standard credits candidate, package rows, gross margin, break-even packages/month, and credit policy in table or JSON form. Production fallback delegates into the running scout Docker container when the VPS host Python cannot import Scout dependencies.

Verification: TDD red showed the command and script were missing. Focused green verification passed for admin-script checks after adding Dockerized production fallback.

[2026-07-03] record | Card-backed beta setup with email queue fallback

Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-07-03-card-backed-beta-with-email-queue-fallback.md

Notes: Superseded the email-first beta ADR. The current product contract is that /beta starts $0 Stripe beta setup when checkout/webhook/SMTP readiness is true and falls back to queued email registration through /v1/hosted/beta-key while checkout is paused. Raw API keys remain email-only and are never displayed in the browser.

Verification: Focused repo verification for the implementation slice reported 61 passed; Pyright reported 0 errors; Ruff check and format check passed for touched code/test files. Live readiness still reports health/package OK and SMTP/Stripe blockers.

[2026-07-03] record | Auditable pricing assumptions in hosted packages API

Files touched: log.md, wiki/dev-log.md, wiki/syntheses/unit-economics-pricing-2026-06-29.md

Notes: Recorded the pricing transparency slice. GET /v1/billing/packages now exposes unit_economics_assumptions alongside package economics, and the pricing page renders assumption cards for standard-credit cost, payment fee, and fixed monthly cost. This makes the $10 / 1,000 credits model inspectable instead of a black-box marketing price.

[2026-07-03] record | Stripe paid-package price bootstrap helper

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Recorded the production-readiness slice that adds scripts/scout-hosted-admin bootstrap-stripe-prices. The helper creates Stripe one-time price IDs from Scout's canonical hosted credit packages for standard_1000, standard_3000, and standard_15000, can dry-run without secrets, can write returned price IDs to ignored secrets/scout-production.env, and refuses to print Stripe secret-looking values. Remaining blockers are still SMTP configuration, Stripe secret, actual price creation, webhook secret, VPS env install, restart, and live E2E signup/checkout smoke.

[2026-07-03] record | Hosted pending beta key delivery drain and pricing state

Files touched: index.md, log.md, wiki/dev-log.md, wiki/syntheses/unit-economics-pricing-2026-06-29.md

Notes: Recorded commit a1ed9ec, the protected admin endpoint for draining queued pending_delivery beta registrations, the corrected current behavior of /v1/hosted/beta-key when SMTP is not configured, and the current code-backed $10 / 1,000 standard credits economics plus remaining SMTP/Stripe blockers.

[2026-07-03] record | Hosted SMTP delivery smoke-test command

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Recorded the production-readiness slice that adds scripts/scout-hosted-admin send-test-email. The command sends a smoke-test email through the hosted SMTP API-key delivery path without creating a hosted account, granting credits, issuing a real key, or printing SMTP secrets. This gives operators a concrete way to verify SMTP delivery after configuring production credentials and before inviting beta testers.

[2026-07-03] deploy | Hosted SMTP delivery smoke-test command

Files touched: wiki/dev-log.md

Notes: Deployed Scout commit 7727814 to scout.chowmes.com. Docker reports the scout container healthy and /health returns OK. Production smoke of scripts/scout-hosted-admin send-test-email --email arijit.chowdhury@gmail.com --name Arijit failed with the expected current blocker: Hosted API key delivery is not configured.

[2026-07-03] record | Hosted signup event admin listing

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Recorded the production-readiness monitoring slice that adds scripts/scout-hosted-admin list-signups. Operators can now list self-service beta API-key signup requests, delivery outcomes, duplicate attempts, and failed reasons from the hosted SQLite database without printing raw API keys or stored key hashes. This answers who requested keys and what happened while SMTP/Stripe production configuration is still pending.

[2026-07-03] deploy | Hosted signup event admin listing

Files touched: wiki/dev-log.md

Notes: Deployed Scout commit 0983cc0 to scout.chowmes.com. Docker reports the scout container healthy and /health returns OK. Live smoke of scripts/scout-hosted-admin list-signups --format json --limit 5 returned the previous failed SMTP signup event for codex-smoke+20260703102619@chowmes.com with no raw API key or key hash exposed.

[2026-06-30] record | Hosted-first quickstart and compact homepage proof

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Recorded the website correction after Arijit flagged that the homepage proof block was taking too much visual space and the hosted quickstart was leading with localhost examples. Homepage now uses a compact "Clean records with evidence attached" card. Quickstart is hosted-first with https://scout.chowmes.com examples and a visible warning not to use localhost for hosted calls; localhost appears only under local install/Docker.

[2026-07-03] record | Paid checkout top-ups for existing hosted accounts

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Recorded the hosted billing correction that paid Stripe checkouts for an email with an existing hosted tenant should top up that tenant's credits instead of attempting a duplicate account. Existing-account top-ups record the purchase against the existing tenant/key and do not email or expose a second raw API key. Local verification passed with 737 passed, 8 warnings; live Stripe/SMTP remains blocked until production credentials are configured.

[2026-07-03] deploy | Paid checkout top-up patch

Files touched: wiki/dev-log.md

Notes: Deployed Scout commit bac6eba to scout.chowmes.com. Docker reports the scout container healthy. Public /health is OK. Public Stripe status continues to show checkout, webhook, and key delivery as not configured, which is the expected remaining production blocker.

[2026-07-03] record | Prevent repeated free beta-trial credit grants

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Recorded the hosted billing abuse-prevention correction. Existing-account Stripe checkouts now add credits only for paid packages. Repeat $0 beta_trial checkout sessions are recorded for audit but do not grant another 100 free credits and do not send another raw API-key email. Verification passed with 739 passed, 8 warnings; Ruff, format, and Pyright were clean.

[2026-07-03] deploy | Prevent repeated free beta-trial credit grants

Files touched: wiki/dev-log.md

Notes: Deployed Scout commit 3bf7bb1 to scout.chowmes.com. Docker reports the scout container healthy. Public /health and /v1/billing/packages work. Public Stripe status remains false for checkout, webhook, and key delivery because production secrets are still not configured.

[2026-06-29] record | Service-first surface and old app UI removal

Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-06-29-service-first-no-app-ui.md

Notes: Recorded the product correction that Scout is a utility/service, not a dashboard app. The old /app UI, /app/live-browser page, and /api/config route were removed from the codebase; homepage copy was simplified around features, demo, use cases, pricing, and beta; the hosted deployment at https://scout.chowmes.com now serves the simplified site and returns 403 for the removed app/config surfaces. Commit pushed: d27b24e.

[2026-06-29] record | Website logo, density, and scrollspy polish

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Recorded the launch website polish slice. Added a Scout SVG mark and wordmark, reduced homepage density by roughly 10% without redesigning the site, made homepage navigation section-aware, added scrollspy active-state behavior, and verified desktop/mobile browser behavior plus website tests.

[2026-06-29] record | Unit economics pricing gate

Files touched: index.md, log.md, wiki/dev-log.md, wiki/open-questions.md, wiki/syntheses/unit-economics-pricing-2026-06-29.md

Notes: Recorded Arijit's rejection of arbitrary $22 one-time and $9/month hosted pricing. Pricing must now be derived from unit economics: hosting, LLM, firewall/security, support, maintenance, payment fees, variable usage, target margin, and break-even volume. Current hypothesis is free local plus invite-only/metered hosted beta and pay-as-you-go or prepaid credits before subscriptions.

[2026-06-29] record | Private beta launch surface and downstream relationship map

Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-06-29-private-beta-launch-surface.md, wiki/syntheses/downstream-consumers-and-project-relationships-2026-06-29.md

Notes: Recorded current Scout repo/website/private-beta state in the MyOS Scout wiki. Added relationship map for PRISM, Competitive Intelligence, Algolia Search Audit, product/catalog workflows, job workflows, and the Scout website. Public launch remains blocked; private beta is ready with limits.

[2026-06-27] record | Scout 0.1.1 shared acquisition profile release

Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-06-27-shared-scrape-acquisition-profile.md

Notes: Recorded the Scout source-level release that removed /ci/scrape, kept /scrape as the shared acquisition primitive, added opt-in acquisition metadata, bumped Scout to 0.1.1, documented scout benchmark, and verified the live container with health, scrape, benchmark, and focused tests.

[2026-05-22] record | Browser Workbench recovery and current status

Files touched: index.md, log.md, wiki/dev-log.md, wiki/open-questions.md, wiki/decisions/2026-05-22-browser-workbench-session-modes.md, wiki/ux/browser-workbench-recovery-2026-05-22.md, wiki/syntheses/current-status-2026-05-22.md

Notes: Recorded latest app recovery build, technical/design decisions, architecture/session-mode change, verification status, pending work, and next build step.

[2026-05-21] record | UI interaction regression guardrail

Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-05-21-ui-interaction-contract.md

Notes: Captured the Browse/buttons/tabs regression lesson. New project rule: every visible enabled UI control must work, or it must be visibly disabled with a reason. Added regression-test expectations for native Browse, disabled unimplemented navigation, Crawl Settings restore, and fresh browser validation.

[2026-05-21] record | App-first validation checkpoint

Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-05-21-app-first-validation-gate.md, wiki/ux/workflows/, raw/assets/scout-app-first-ux-approved-mockup-2026-05-21.png, wiki/sources/legacy/

Notes: Normalized the Scout vault around the canonical wiki structure. Moved loose legacy design/spec files into wiki/sources/legacy/, mirrored app workflow specs into wiki/ux/workflows/, saved the approved mockup as an immutable asset, and recorded the validation gate that must precede GitHub checkpoints.

2026-05-21 — Architecture Home Frontend

Implemented the Generated Image 1 direction as the /app architecture home. The screen now teaches Scout's front doors, mode routing, provider ladder, evidence normalization, vertical processors, typed records, downstream consumers, and cross-cutting operational concerns.

2026-05-20 — Frontend Product Workbench

Decision recorded: Scout's standalone HTTP app now includes a self-educating frontend direction with product record preview and Algolia preparation hooks. Algolia credentials remain session-only and ingestion is deferred behind a preview/stub contract.

2026-05-20 — Workdir And Local Config

Decision recorded: Scout now has a first-class working directory and .env.local model. CLI can prompt for where to store run outputs and interim state; HTTP/skill/scheduled usage should pass an output directory or configure SCOUT_WORKDIR. Keys belong in .env.local, not the public repo.

2026-05-14 - wiki expansion

Files touched: index.md, AGENTS.md, wiki/overview.md, wiki/requirements.md, wiki/use-cases/index.md, wiki/syntheses/scout-platform-strategy.md, wiki/decisions/2026-05-14-scout-web-to-record-engine.md, wiki/open-questions.md, wiki/dev-log.md, wiki/sources/2026-05-14-scout-use-case-sources.md.

Notes: Captured the pivot from "Scout as Crawl4AI crawler" to "Scout as web-to-record intelligence engine." Added initial multi-use-case catalog, test scenarios, example websites, and strategic gaps.

2026-05-15 - validation roadmap

Files touched: index.md, log.md, wiki/use-cases/validation-roadmap.md.

Notes: Added a cross-use-case validation roadmap. Captured that products should not be the only first build target. Recommended pressure-testing three vertical slices together: product catalog extraction, careers/job monitoring, and PRISM company intelligence.

2026-05-15 - job hunter and PRISM refinements

Files touched: index.md, log.md, wiki/use-cases/validation-roadmap.md, wiki/use-cases/index.md, wiki/open-questions.md.

Notes: Added job hunter intake dialogue requirements, company discovery before job monitoring, target company approval, salary/title/location preference fields, and daily delta monitoring. Expanded PRISM source discovery to include canonical company website, company LinkedIn, official social channels, executives, executive bios, and executive LinkedIn/profile URLs.

2026-05-15 - platform build plan

Files touched: index.md, log.md, wiki/syntheses/build-plan-2026-05-15.md.

Notes: Captured the full multi-use-case build model, including UX commands, input contracts, validation expectations, output artifacts, and foundation-first execution plan.

[2026-05-16] record | Platform Architecture and Job Hunter V1

Files touched: wiki/decisions/2026-05-16-provider-agnostic-run-architecture.md, wiki/architecture/scout-platform-architecture.md, wiki/dev-log.md, index.md, log.md Notes: Captured architecture decision, architecture diagram source, provider strategy, artifact contract, and current Job Hunter V1 build status.

[2026-05-17] record | Arijit Job Hunter Profile And Seed URLs

Files touched: wiki/entities/arijit-job-hunter-profile.md, wiki/sources/2026-05-17-job-hunter-seed-links-and-resumes.md, wiki/use-cases/job-hunter/arijit-ai-transition-test-scenario.md, log.md, index.md Notes: Captured resume-derived matching profile, target roles, compensation filters, company preferences, seed job URLs, and parser/matcher acceptance criteria for Job Hunter Live V1.

[2026-05-19] record | Job Hunter URL-Seeded V1 Build Completed

Files touched: wiki/dev-log.md, log.md, index.md Notes: Captured completed URL-seeded Job Hunter build, verification evidence, CLI smoke output summary, privacy boundary, and next build slices.

2026-05-20 — Scout Platform Foundation Build

Implemented the foundation of the full Scout intelligence platform plan: execution modes, provider ladder, high-level CLI/HTTP run surface, typed vertical records for company/careers/investor/news/research/products, updated skill playbook, repo docs, architecture docs, and vault ADRs. Browser verification and final validation remain the next gate before claiming the slice complete.

2026-05-20 — Browser Verification Pass

Internal browser verification completed across Adobe about/careers/investor, Ashby/Kong job, Lacoste product category, and Estée Lauder product page. Browser evidence worked for Adobe, Ashby, and partially for Lacoste; Estée Lauder remained blocked with Access Denied. This validates browser fallback as a secondary channel, not a default or guaranteed bypass.

2026-05-20 — Verification Gate

Verification completed for the platform foundation slice: focused tests passed (17/17), unit suite passed (164/164), full suite passed (170 passed, 2 skipped), pyright passed with zero errors, ruff check passed, ruff format check passed, CLI smoke passed for company/careers/investor/products/jobs profile mode, HTTP smoke passed for /health and /run/company. Live seed job URL smoke returned blocked evidence rather than records, which is expected until live acquisition/provider adapters are expanded.

2026-05-20 — Citation-Grade Source Evidence

Implemented citation-grade provenance for Scout. Added deterministic source_id, record-level citations[], source registry output in source_pages.json, missing_citations validation warnings, and source/citation coverage summaries in extraction_report.md. Updated repo docs and skill guidance to distinguish source registry from record citations.

2026-05-20 — Citation Verification Complete

Citation-grade source evidence verification completed: focused citation suite passed (19/19), unit suite passed (169/169), full suite passed (175 passed, 2 skipped), pyright passed with zero errors, ruff check passed, ruff format check passed. CLI smoke for company and jobs confirmed record citations point to source_pages.json; HTTP smoke for /run/company confirmed the same.

2026-05-20 — Balanced Target Matrix

Implemented a balanced validation target matrix for Scout with executable registry support. Primary targets now cover private B2B SaaS, private retail commerce, public companies, hard-site retail, and travel/airline scenarios: Algolia, Constructor, L.L.Bean, Patagonia, Adobe, Home Depot, Estée Lauder, and British Airways. Secondary targets are Nike, Amplience, Salesforce, and Intuit.

[2026-06-29] record | Apache-2.0 local/core license implemented

Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-06-29-apache-2-local-core-license.md

Notes: Recorded the release-hardening checkpoint. Scout local/core is now Apache-2.0; hosted/service terms remain separate. Private beta remains ready_with_limits; public launch remains blocked with 9 blockers.

[2026-06-29] record | scout.chowmes.com redeployed

Files touched: log.md, wiki/dev-log.md

Notes: Recorded VPS redeploy from codex/scout-platform-foundation. Production now serves the 9-blocker status page, Apache-2.0 legal page, and dynamic health metadata showing Crawl4AI 0.9.0. Hosted-only route protection remains active.

[2026-07-03] record | self-service beta registration and Stripe credit packages

Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-07-03-self-service-beta-and-stripe-credit-packages.md, wiki/syntheses/unit-economics-pricing-2026-06-29.md

Notes: Captured the hosted access decision. Shared beta passwords are rejected. Beta key registration uses name/email, hosted account registration, one-time API-key email delivery, and /account lookup. Stripe checkout remains the path for $0 beta-trial payment-method verification and paid credit packages.

[2026-07-03] record | production beta readiness preflight

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Recorded production verification at Scout commit d6fc212. Hosted metering/package metadata is deployed, but SMTP delivery and Stripe settings are not configured. The beta page was patched to preflight key-delivery readiness and pause registration rather than submitting into a known email-delivery failure.

[2026-07-03] record | hosted admin usage monitoring

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Recorded the new scripts/scout-hosted-admin list-usage and list-usage --summary operations for monitoring hosted credit usage from the VPS ledger without exposing raw keys or key hashes.

[2026-07-03] record | Stripe setup-mode beta card collection hardening

Files touched: wiki/dev-log.md, log.md

Notes: Recorded the production-readiness delta that $0 hosted beta checkout now explicitly asks Stripe Checkout setup mode to collect card payment methods. SMTP and Stripe secrets remain the live blockers before hosted self-service can be called fully operational.

[2026-07-03] record | hosted beta Stripe setup deployed

Files touched: log.md, wiki/dev-log.md

Notes: Production scout.chowmes.com is now deployed at Scout commit ea9b1d8. Stripe setup-mode beta checkout explicitly collects card payment methods, while direct beta registration remains email-delivery-only and paused until SMTP is configured. Stripe status still reports checkout, webhook, and key-delivery readiness as false.

[2026-07-03] record | Stripe Customer creation for hosted beta and credit packs

Files touched: log.md, wiki/dev-log.md

Notes: Recorded the checkout hardening step that forces Stripe Checkout to create Customer records for setup-mode beta trials and paid credit packs. This keeps card/payment-method custody in Stripe while Scout stores only customer/session references, tenants, credit balances, and usage ledger entries.

[2026-07-03] record | hosted deploy and PRISM API key provisioning

Files touched: log.md, wiki/dev-log.md

Notes: Deployed Scout commit 291655f to scout.chowmes.com and verified the container health/public health endpoint. Hosted self-service remains blocked by missing SMTP and Stripe secrets, so /beta stays paused. Generated a live operator-provisioned PRISM hosted beta key, validated it through /v1/hosted/me, and kept the one-time raw key in an ignored local secrets/ file.

[2026-07-03] record | hosted screenshot endpoint and async queue correction

Files touched: log.md, wiki/dev-log.md

Notes: Added/deployed /v1/hosted/screenshot, found production async-first was enabled with zero workers, switched production back to inline hosted execution, and verified the screenshot endpoint through scout.chowmes.com with the PRISM hosted key. The smoke returned 200, charged 3 standard credits, produced screenshot evidence, and did not echo the raw API key.

[2026-07-03] record | self-service beta key contract tightened

Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-07-03-self-service-beta-and-stripe-credit-packages.md

Notes: Recorded the safety correction that public beta registration is email-delivery-only. /v1/hosted/beta-key now fails closed when SMTP delivery is not configured, does not create an account in that state, and does not advertise raw_api_key in its OpenAPI response schema. Admin CLI provisioning remains the only approved one-time raw-key display path.

[2026-07-03] record | hosted readiness checker and email-only enforcement

Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-07-03-self-service-beta-and-stripe-credit-packages.md

Notes: Recorded the hosted SaaS readiness slice. The public self-service path remains email-only and fails closed without SMTP; scripts/hosted_readiness_check.py now verifies live health, package metadata, beta signup readiness, and paid checkout readiness without exposing secrets. Live production currently has health/packages ready and SMTP/Stripe blockers still open.

[2026-07-03] record | hosted billing admin metrics API

Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-07-03-service-key-billing-admin-metrics.md

Notes: Recorded the new service-key protected /v1/billing/admin/metrics operator endpoint. It summarizes hosted account, credit, usage, purchase, and revenue state without exposing raw API keys, key hashes, Stripe secrets, SMTP secrets, or payment details.

[2026-07-03] deploy | hosted billing admin metrics API

Files touched: wiki/dev-log.md

Notes: Deployed Scout commit ac80f29 to scout.chowmes.com and verified the new admin metrics endpoint. Missing-key requests return 403; service-key requests work through the public domain and returned live non-secret totals: 100 accounts, 442 usage events, and 0 purchases. Stripe and SMTP readiness blockers remain unchanged.

[2026-07-03] record | direct email beta key registration

Files touched: index.md, log.md, wiki/dev-log.md, wiki/decisions/2026-07-03-direct-email-beta-key-registration.md

Notes: Recorded the product decision that /beta should collect name/email and post to /v1/hosted/beta-key, with SMTP email delivery of the generated API key. Stripe remains separate for paid/card-backed checkout; direct beta signup does not require Stripe.

[2026-07-03] deploy | direct email beta key registration

Files touched: wiki/dev-log.md

Notes: Committed and pushed Scout 0b1864e, deployed it to scout.chowmes.com, and verified /beta now uses the direct hosted key form and /assets/hosted-keygen.js. Production correctly fails closed because SMTP is not configured: /v1/hosted/beta-key returns 503 and does not create a tenant for failed smoke signup attempts. Stripe and SMTP remain open launch blockers.

[2026-07-03] record | Stripe smoke package selection and beta docs correction

Files touched: wiki/dev-log.md

Notes: Recorded the package-aware Stripe smoke update and documentation correction. scripts/stripe_test_mode_smoke.py now supports explicit --package-id standard_1000 for paid checkout smoke and --package-id beta_trial for card-backed $0 beta setup smoke. The docs now separate direct SMTP beta key registration from Stripe paid/card-backed checkout. The stale VPS HOSTED_KEY_DELIVERY_ALLOW_RESPONSE_FALLBACK setting was removed and production status still correctly reports SMTP/Stripe as not configured.

[2026-07-03] deploy | Stripe smoke package selection and beta docs correction

Files touched: wiki/dev-log.md

Notes: Committed, pushed, and deployed Scout 94e66ea to scout.chowmes.com. The scout container is healthy. Public /status now shows separate direct SMTP beta and paid Stripe readiness copy. /v1/billing/stripe/status still correctly reports checkout, webhook, and key delivery as not configured.

[2026-07-03] record | readiness-gated checkout forms restored

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Recorded the website checkout slice. /pricing now has readiness-gated paid hosted-credit checkout for standard packages. /beta now has optional readiness-gated $0 beta setup checkout in addition to direct email beta key registration. The forms remain disabled until Stripe, webhook, and SMTP key delivery readiness flags are true.

[2026-07-03] deploy | readiness-gated checkout forms restored

Files touched: wiki/dev-log.md

Notes: Deployed Scout commit dd5dfe6 to scout.chowmes.com. Docker health is healthy. Public /pricing contains the paid checkout form and package options. Public /beta contains both direct hosted key registration and optional $0 beta checkout. Public Stripe status still correctly reports checkout, webhook, and key delivery readiness as false.

[2026-07-03] record | VPS hosted env configuration helper

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Recorded the new scout-hosted-admin configure-production-env operator path. It installs allowlisted SMTP/Stripe settings from an ignored local env file to /opt/prism/scout/.env, preserves unrelated server env lines, avoids printing secret values, and can recreate the scout container. Live readiness still shows SMTP and Stripe as missing until real values are supplied.

[2026-07-03] deploy | VPS hosted env configuration helper

Files touched: wiki/dev-log.md

Notes: Pushed Scout commit bc58ff0 and fast-forwarded the VPS repo to that commit. Verified scripts/scout-hosted-admin --help exposes configure-production-env, scripts/scout-vps-configure-hosted-env is executable, and the production scout container remains healthy.

[2026-07-03] record | beta key delivery email upgraded

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Recorded the upgraded self-service beta key email. It now includes the beta credit/30-day boundary, not-unlimited warning, curl quick test, account/balance link, usage ledger link, purchase history link, docs/pricing, secret-handling warning, support reply instructions, and Arijit Chowdhury / Founder, Chowmes signature.

[2026-07-03] deploy | beta key delivery email upgraded

Files touched: wiki/dev-log.md

Notes: Committed and pushed Scout 5b42a0b, deployed it to the ChowMes VPS, and verified the VPS repo is at 5b42a0b, the scout Docker container is healthy, and public /health responds from https://scout.chowmes.com. Hosted readiness remains blocked by missing SMTP and Stripe checkout/webhook configuration.

[2026-07-03] record | hosted beta signup telemetry ledger

Files touched: docs/product/hosted-admin-operations.md, wiki/dev-log.md

Notes: Added non-secret hosted signup event tracking for direct beta key requests. Admin metrics now exposes signup event counts and recent delivered, failed, and duplicate signup outcomes without raw API keys or key hashes.

[2026-07-03] deploy | hosted beta signup telemetry ledger

Files touched: wiki/dev-log.md

Notes: Committed and pushed Scout 5a076d0, deployed it to the ChowMes VPS, and verified the scout container is healthy. Production signup smoke with a synthetic email returned the expected SMTP-not-configured 503 and created a failed direct_beta_key signup event visible in admin metrics.

[2026-07-03] record | Stripe Checkout fail-closed API readiness

Files touched: docs/product/hosted-admin-operations.md, wiki/dev-log.md

Notes: Hardened the checkout API so partial Stripe configuration cannot create Checkout Sessions unless webhook verification and hosted key delivery are ready. Beta-trial setup also requires beta signup to be enabled.

[2026-07-03] deploy | Stripe Checkout fail-closed API readiness

Files touched: wiki/dev-log.md

Notes: Committed and pushed Scout ecde8d3, deployed it to the ChowMes VPS, and verified the scout container is healthy. Production checkout smoke for standard_1000 now returns 503 with Stripe webhook secret is not configured instead of creating a Checkout Session in partial configuration.

[2026-07-03] build | hosted access disable lifecycle

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Added the hosted access disable path for beta operations. Operators can now disable a hosted account by email or tenant id, or disable a single API key by key id, using scripts/scout-hosted-admin disable-access ... --yes. The command preserves audit records, updates hosted tenant/key status in /data/hosted_accounts.sqlite, and avoids raw API key or key-hash output. Focused verification passed for account service, SQLite persistence, and admin script behavior.

[2026-07-03] build | hosted readiness admin command

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Added scripts/scout-hosted-admin readiness as the canonical operator command for hosted beta/paid checkout readiness checks. It wraps the existing non-secret readiness checker and supports --json, --require-beta-signup, and --require-paid-checkout, so operators no longer need to remember the Python script path.

[2026-07-03] build | hosted SMTP and Stripe config validator

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Added scripts/scout-hosted-admin validate-config, backed by scripts/scout-validate-hosted-config, to validate local SMTP/Stripe secrets files before pushing production env to the VPS. configure-production-env now runs the validator before upload and defaults to --require all, refusing partial paid-checkout config unless the operator explicitly requests --require beta.

[2026-07-03] build | hosted config template writer

Files touched: index.md, log.md, wiki/dev-log.md

Notes: Added scripts/scout-hosted-admin write-config-template, backed by scripts/scout-write-hosted-config-template, to create a non-secret secrets/scout-production.env starter file for hosted SMTP and Stripe configuration. The command includes passwordless beta signup, SMTP delivery, Stripe package/webhook, and hosted redirect placeholders; refuses overwrite without --force; and keeps real secret collection outside the repo.

[2026-07-03] build | passwordless beta signup contract hardening

Files touched: log.md, wiki/dev-log.md

Notes: Hardened hosted beta signup so POST /v1/hosted/beta-key requires name and email, forbids removed invite/password fields, and keeps raw API keys out of HTTP responses. Full unit verification passed with 761 passed; pyright, Ruff, and format checks passed. Hosted readiness still correctly reports SMTP and Stripe configuration blockers.

[2026-07-03] build | public beta signup rate limiting

Files touched: log.md, wiki/dev-log.md

Notes: Added configurable per-client throttling for public POST /v1/hosted/beta-key registration attempts. Defaults are three attempts per apparent client address per hour. The guard runs before account creation or email delivery, returns 429 with Retry-After, and is now represented in the hosted config template, VPS env allowlist, .env.example, distribution docs, and hosted operations runbook. Full unit verification passed with 763 passed; pyright, Ruff, and format checks passed.

[2026-07-03] build | pending beta registration capture

Files touched: log.md, wiki/dev-log.md

Notes: Changed hosted beta signup so when beta registration is enabled but SMTP delivery is not configured, Scout records a pending_delivery signup event and returns 202 Accepted instead of failing with 503. The pending path creates no tenant, no API key, and no raw key exposure. Duplicate pending requests for the same email are idempotent. The beta page now keeps the form usable in this state and explains that API-key delivery is queued until hosted email delivery is configured. Focused verification passed; affected hosted/website suites reported 48 passed; pyright and Ruff passed for the changed Python files.

[2026-07-03] ops | hosted config and monitoring checkpoint

Files touched: log.md, wiki/dev-log.md

Notes: Verified the hosted self-service blockers from both local and VPS state without printing secret values. There is no filled local secrets/scout-production.env; a new ignored template was generated with scripts/scout-hosted-admin write-config-template --output secrets/scout-production.env. VPS /opt/prism/scout/.env has HOSTED_BETA_SIGNUP_ENABLED present but is missing SMTP delivery settings, Stripe secret, Stripe paid package price IDs, success/cancel URL values, and webhook secret. The production readiness command still reports health/packages ready, beta signup blocked, and paid checkout blocked.

Monitoring snapshot: list-signups shows one pending_delivery beta request and one older failed request; list-usage --summary shows hosted usage ledger activity for scrape, crawl_page, and screenshot; list-purchases is empty; process-pending-signups --dry-run reports one queued signup and makes no mutation.

Next required external inputs: SMTP host/from/username/password or SMTP provider details, Stripe secret key, Stripe webhook secret, and live Stripe price IDs for standard_1000, standard_3000, and standard_15000.

[2026-07-03] correction | hosted status truthfulness

Files touched: log.md, wiki/dev-log.md, index.md

Notes: Corrected the public /status page and admin operations runbook so they no longer claim "Current blockers: 0" or say direct beta signup fails closed when SMTP is missing. The implemented and deployed behavior is: beta signup is enabled, requests without SMTP are recorded as pending_delivery, no account/key/credits are created until SMTP delivery is configured, and the protected admin drain can process the queue after a smoke email succeeds.

Verification: Added tests/unit/website/test_hosted_status_copy.py and watched it fail against the stale copy, then pass after the fix. Focused verification: tests/unit/website/test_hosted_status_copy.py reported 1 passed; tests/unit/website/test_launch_website.py reported 29 passed, 2 warnings; hosted billing/admin/signup suites reported 53 passed, 2 warnings; pyright and Ruff passed for changed Python test files. Commit f73475a was pushed and deployed to the VPS; production health is green and https://scout.chowmes.com/status now says "Current blockers: external configuration." Follow-up docs commit 531786f clarified pending beta signup operations and is pushed; deploy it with the next code-bearing release.

[2026-07-03] build | pending signup delivery processor

Files touched: log.md, wiki/dev-log.md

Notes: Added the operator path for queued beta requests: scripts/scout-hosted-admin process-pending-signups --dry-run and --yes. The processor dedupes to the newest pending request per email, skips emails that already have accounts or non-pending final events, refuses real mutation without SMTP delivery configured, emails the one-time key when enabled, and records delivered/failed outcomes without printing raw keys, key hashes, or SMTP secrets. Focused TDD verification went red with 6 expected failures and green with 6 passed, 2 warnings. Production still needs real SMTP and Stripe configuration before self-service hosted beta and paid checkout are fully live.

Deployment: pushed commit a4e729b to GitHub and deployed it to the VPS. Production health is green at https://scout.chowmes.com/health. Hosted billing status still accurately reports Stripe and SMTP blockers. Pending signup dry-run from the Mac found one queued Codex smoke request and made no mutations.

[2026-07-03] build | beta request status lookup

Files touched: log.md, wiki/dev-log.md

Notes: Added POST /v1/hosted/beta-key/status plus a beta-page status-check form. Testers can now enter the registration email to see non-secret state (pending_delivery, delivered, failed, duplicate, account_exists, or not_found) before they have an API key. The endpoint shares public signup rate limiting and does not expose raw API keys or key hashes. Focused TDD verification went red with 5 expected failures and green with 5 passed, 2 warnings.

[2026-07-03] build | hosted beta key recovery

Files touched: log.md, wiki/dev-log.md

Notes: Added self-service lost-key recovery for hosted beta users. New route: POST /v1/hosted/beta-key/reissue. The beta page now includes a "Lost your API key?" form. If SMTP delivery is configured and the email has a hosted account, Scout issues a replacement key, emails it to the same inbox, and disables the previous key only after email delivery succeeds. Unknown emails receive a non-enumerating accepted response. If SMTP delivery is not configured, the endpoint fails closed with 503 so Scout does not create a raw key that cannot be delivered. Focused TDD verification went red with 5 expected failures and green with 5 passed, 2 warnings; affected suites reported 74 passed, 2 warnings. Commit 8799958 was deployed to the VPS; production health is green, /beta contains the reissue form, and the live reissue route returns the expected SMTP-not-configured 503 until hosted key delivery is configured.

[2026-07-03] build | hosted payment readiness diagnostics

Files touched: log.md, wiki/dev-log.md

Notes: Expanded /v1/billing/stripe/status with non-secret missing_configuration, blocking_reasons, and operator_next_actions diagnostics while preserving the existing readiness booleans. The pricing page now displays API-provided blocker reasons and setup actions instead of only generic paused checkout copy. The response intentionally exposes only capability names and never returns Stripe secrets, webhook secret values, SMTP passwords, raw hosted API keys, or key hashes. Focused TDD verification went red for the missing fields/script consumption and green with billing status tests at 11 passed, 2 warnings plus the targeted pricing website test at 1 passed, 2 warnings. SMTP and Stripe external configuration remain the actual production blockers.

[2026-07-03] build | structured hosted credit policy

Files touched: log.md, wiki/dev-log.md

Notes: Added structured metering metadata to /v1/billing/packages via credit_policy, preserving the older credit_costs prose map. Each policy row now exposes action, credit bucket, credits per unit, metered unit, included_in_standard_1000, and customer-facing description. The pricing page now prefers the structured policy and falls back to legacy credit strings only if an older API response is served. This clarifies the $10 / 1,000 standard credit package without configuring Stripe or SMTP.

[2026-07-03] build | Stripe smoke helper correctness

Files touched: log.md, wiki/dev-log.md

Notes: Fixed the real Stripe smoke helper so it matches the hosted checkout API contract. scripts/stripe_test_mode_smoke.py now sends name, email, and package_id to /v1/billing/stripe/checkout-session, exposes --name on the CLI, and uses a certifi-backed TLS context for HTTPS hosted checks. Docs examples were updated in distribution, hosted admin operations, and Stripe readiness docs. Focused verification reported 61 passed, Pyright 0 errors, and Ruff clean. Live smoke against https://scout.chowmes.com now reaches the actual blockers instead of failing TLS locally: Stripe Checkout, webhook secret, and hosted SMTP key delivery are still not configured.

Follow-up: Made the smoke helper's readiness output package-aware. The beta_trial path now reports Stripe beta checkout is not ready, while paid packages still report Stripe paid-key delivery is not ready. Focused tests reported 9 passed; live checks now distinguish the $0 beta setup blocker from paid checkout blockers.

[2026-07-03] build | hosted production smoke gate

Files touched: scripts/hosted_production_smoke.py, scripts/scout-hosted-admin, tests/unit/scripts/test_hosted_production_smoke.py, tests/unit/scripts/test_vps_admin_scripts.py, docs/product/hosted-admin-operations.md, log.md, wiki/dev-log.md.

Notes: Added scripts/scout-hosted-admin production-smoke as the operator gate for the hosted SaaS path. The gate checks hosted health, billing packages, card-backed beta checkout readiness, paid checkout readiness, and only runs non-mutating Stripe smoke checks when the readiness flags are already green. It emits machine-readable JSON with ok, blocker list, and exact next operator commands without printing Stripe secrets, webhook secrets, SMTP passwords, raw hosted API keys, or key hashes.

Current live truth from https://scout.chowmes.com: health is green and package metadata is green, but hosted production is not ready because SMTP key delivery, Stripe Checkout, Stripe webhook secret, card-backed beta checkout, and paid checkout/key delivery remain unconfigured.

Verification: TDD red failed with the missing hosted_production_smoke module. Focused green verification reported 24 passed. Pyright reported 0 errors; Ruff check and format check were clean for the touched script/tests. Live production-smoke --json produced ok: false with the expected blockers and next steps.

Deployment follow-up: Commit 94de315 fixed direct execution of the production smoke helper on the VPS by adding a repo-root import path guard. The VPS checkout fast-forwarded to 94de315, and scripts/scout-hosted-admin production-smoke --json now runs on the server and returns the expected ok: false blocker report.

[2026-07-03] build | beta signup is card-backed checkout first

Files touched: website/beta.html, website/quickstart.html, website/README.md, website/assets/pricing.js, website/assets/hosted-keygen.js, docs/distribution.md, docs/product/hosted-admin-operations.md, docs/product/public-hosted-launch-readiness-plan-2026-07-03.md, tests/unit/website/test_launch_website.py, tests/unit/test_hosted_pricing_docs.py.

Notes: Aligned public beta access with the production-readiness goal. The public /beta page no longer advertises a direct "email my beta key" form. The primary self-service path is now card-backed $0 Stripe setup through POST /v1/billing/stripe/checkout-session with package beta_trial; signed webhook provisioning plus SMTP key delivery emails the hosted API key. The direct /v1/hosted/beta-key endpoint remains in the backend as a compatibility/admin recovery path for pending delivery and existing operational tests, but it is no longer the public website CTA.

Verification: TDD red caught the old direct hostedKeyForm. Green verification reported 77 passed, 2 warnings across website, pricing-doc, Stripe checkout, webhook, provisioning, smoke-helper, and production-smoke focused suites. Pyright reported 0 errors; Ruff check and format check were clean after formatting the updated website test.

Deployment: Commit 9a03462 was pushed and pulled on the VPS. Because the running container serves baked-in website files, the Scout Docker image was rebuilt and the scout container recreated. Production health returned ok. Live https://scout.chowmes.com/beta now contains pricingCheckoutForm and /v1/billing/stripe/checkout-session, and no longer contains hostedKeyForm or the Email My Beta Key button.

[2026-07-03] build | beta readiness requires checkout readiness

Files touched: scripts/hosted_readiness_check.py, scripts/hosted_production_smoke.py, tests/unit/scripts/test_hosted_readiness_check.py, docs/product/hosted-admin-operations.md, docs/product/public-hosted-launch-readiness-plan-2026-07-03.md.

Notes: Tightened hosted readiness after the public beta path became Stripe-first. scripts/scout-hosted-admin readiness --require-beta-signup now requires ready_for_beta_checkout, not merely ready_for_beta_key_delivery. This prevents the operator gate from saying beta signup is ready when SMTP is configured but Stripe Checkout/webhook setup is still missing. The blocker text now says card-backed beta checkout not ready.

Verification: TDD red proved the old checker returned beta-ready when only key delivery was ready. Green verification reported 17 passed; Pyright reported 0 errors; Ruff check and format check were clean. Live production-smoke --json now reports card-backed beta checkout not ready.

[2026-07-03] correction | public copy now matches hosted smoke truth

Files touched: website/pricing.html, website/status.html, website/terms.html, website/legal.html, tests/unit/website/test_launch_website.py.

Notes: Removed stale public-facing claims that implied the hosted beta was ready or that beta key generation does not require Stripe. The current website copy now says the hosted service is online, but self-service beta setup is configuration-gated until SMTP key delivery, Stripe Checkout, and Stripe webhook verification are configured and smoke-tested. The beta trial copy now states that $0 Stripe Checkout is intentional because it verifies the payment, webhook, account provisioning, and email key-delivery pipeline before paid packages open.

Verification: Focused website/pricing/readiness tests reported 40 passed. Live scripts/scout-hosted-admin production-smoke --json still reports ok: false with blockers for SMTP key delivery, Stripe Checkout, Stripe webhook secret, card-backed beta checkout, and paid checkout/key delivery.

[2026-07-03] fix | Stripe setup-mode beta payload corrected

Files touched: scout/core/platform/stripe_checkout.py, tests/unit/api/test_billing_stripe_checkout.py, docs/product/hosted-admin-operations.md.

Notes: Corrected the $0 beta Checkout payload so beta_trial uses Stripe Checkout mode=setup without sending payment-mode-only customer_creation=always. Paid credit packages continue using mode=payment, Stripe price line items, and customer_creation=always. This makes the beta setup path more likely to work once real Stripe secrets and webhook settings are installed.

Verification: Added a transport-level regression test that failed before the fix because the setup-mode payload contained customer_creation. Focused Stripe checkout/webhook/payment tests reported 40 passed; Pyright reported 0 errors; Ruff check and format check were clean.

[2026-07-03] correction | deployed beta path is email-first

Files touched: index.md, wiki/dev-log.md, wiki/decisions/2026-07-03-email-first-beta-registration-supersedes-stripe-first.md, wiki/decisions/2026-07-03-self-service-beta-and-stripe-credit-packages.md, wiki/syntheses/unit-economics-pricing-2026-06-29.md Notes: Corrected conflicting Scout vault state. Live https://scout.chowmes.com/beta uses hostedKeyForm and /v1/hosted/beta-key; it does not use pricingCheckoutForm or /v1/billing/stripe/checkout-session. Production status reports public_self_service_path=email_beta_registration, beta_signup_enabled=true, and SMTP/Stripe blockers still open. Older Stripe-first public beta notes are superseded by the new ADR.

[2026-07-03] deploy | hosted beta docs and public status copy aligned

Files touched: index.md, wiki/dev-log.md, log.md Notes: Repo commit 7900997 Align hosted beta docs with email registration was pushed and deployed to https://scout.chowmes.com. Production is healthy. Public /status now says beta registration queues API-key delivery while SMTP is missing and no longer claims account/key/credit provisioning happens immediately.

[2026-07-03] fix + deploy | Docker license packaging blocker closed

Files touched: .dockerignore, docker/Dockerfile, tests/unit/test_docker_distribution.py, index.md, wiki/dev-log.md, log.md Notes: Repo commit eca3ee2 Include license in Docker distribution was pushed and deployed to https://scout.chowmes.com. The Docker image now copies the root LICENSE file into /app before pip install ., and .dockerignore preserves LICENSE in the build context. This closes the container-only license-file-missing readiness mismatch. Verification: TDD red reproduced the Docker metadata miss, then green verification reported tests/unit/test_docker_distribution.py: 4 passed; focused launch/website/CLI/Docker verification reported 99 passed, 8 warnings; Pyright reported 0 errors; Ruff check and format check were clean. Local docker build -f docker/Dockerfile -t scout:license-smoke . succeeded, and docker run --rm scout:license-smoke python -m scout.cli launch-readiness --require-hosted-saas reported Public launch: ready and Hosted SaaS: blocked. Production VPS git HEAD is eca3ee2; the scout container is healthy; public /health returns ok; in-container production readiness reports the same five hosted SaaS blockers only. Remaining blockers: SMTP key delivery configuration, Stripe Checkout configuration, Stripe webhook secret, hosted beta email smoke, and paid checkout/key-delivery smoke.

[2026-07-03] fix | beta Stripe checkout returns to beta page

Files touched: scout/core/platform/stripe_checkout.py, scout/api/config.py, scout/api/main.py, scripts/scout-vps-configure-hosted-env, scripts/scout-validate-hosted-config, .env.example, scripts/scout-write-hosted-config-template, product/distribution docs, and focused tests. Notes: Added STRIPE_BETA_SUCCESS_URL and STRIPE_BETA_CANCEL_URL so the beta_trial setup-mode Checkout Session returns to /beta?checkout=... instead of the paid /pricing?checkout=... page. The VPS env installer now allowlists the beta return URL settings, and config preflight validates beta URLs as HTTPS when present. Verification: Regression tests first failed on missing allowlist/docs, then passed after the fix. Focused checks reported 27 passed, then 38 passed; Pyright reported 0 errors; Ruff check and format check were clean. Remaining blockers: production still needs real Stripe secret, price IDs, webhook secret, SMTP credentials, and live test-mode checkout/email smoke.

[2026-07-03] ops | production Stripe return URLs installed

Files touched: VPS /opt/prism/scout/.env only. Notes: Installed non-secret public redirect settings: STRIPE_SUCCESS_URL, STRIPE_CANCEL_URL, STRIPE_BETA_SUCCESS_URL, and STRIPE_BETA_CANCEL_URL. Recreated the scout container. Verification: https://scout.chowmes.com/health returned OK. Stripe status and hosted readiness no longer list missing generic success/cancel URLs. Remaining production blockers are now Stripe secret, Stripe webhook secret, paid package price IDs, and SMTP delivery credentials/smoke.

[2026-07-03] fix | SMTP delivery readiness now requires credentials

Files touched: scout/core/platform/key_delivery.py, tests/unit/core/platform/test_key_delivery.py. Notes: Runtime SMTP delivery readiness now matches hosted config preflight: Scout does not consider API-key email delivery enabled unless SMTP host, from-email, username, and password are all configured. This prevents a partial host/from-only SMTP config from making /v1/billing/stripe/status look ready while delivery would fail during the actual beta key email. Verification: Added a failing regression test for missing SMTP username/password and fixed it. Focused checks reported 5 passed, then 52 passed; Pyright reported 0 errors; Ruff check and format check were clean.

[2026-07-03] docs/tooling | SMTP smoke scripts require full credentials

Files touched: scripts/scout-vps-send-hosted-test-email, scripts/scout-vps-process-pending-beta-signups, tests/unit/scripts/test_vps_admin_scripts.py. Notes: Tightened operator help text for SMTP smoke testing and pending beta signup delivery. Both scripts now state the same runtime contract as the code: host, from-email, username, and password are all required before hosted key delivery is considered configured. Verification: Added tests that fail if the stale "production also requires" wording returns. Admin-script tests reported 24 passed; combined key-delivery, admin-script, and readiness checks reported 34 passed.

[2026-07-03] correction | beta signup copy is email-first with checkout hook

Files touched: website/beta.html, scout/api/routers/billing.py, docs/distribution.md, docs/product/hosted-admin-operations.md, tests/unit/website/test_launch_website.py, tests/unit/api/test_billing_stripe_checkout.py, index.md, wiki/dev-log.md, wiki/decisions/2026-07-03-email-first-beta-registration-supersedes-stripe-first.md. Notes: Corrected the public beta posture so /beta no longer advertises Start $0 Beta Checkout as the live primary CTA while Stripe/SMTP remain externally blocked. The public copy is now email-first: testers register with name/email and receive the API key by email when delivery is configured. The Stripe beta checkout endpoint remains wired as a readiness-gated hook. The non-secret Stripe status contract now reports public_self_service_path=email_beta_registration_with_checkout_hook.

[2026-07-03] fix | beta readiness checker follows email key delivery

Files touched: scripts/hosted_readiness_check.py, tests/unit/scripts/test_hosted_readiness_check.py, tests/unit/test_hosted_pricing_docs.py, docs/distribution.md, docs/product/hosted-admin-operations.md, index.md, wiki/dev-log.md, wiki/decisions/2026-07-03-beta-readiness-follows-email-key-delivery.md. Notes: Corrected the hosted readiness checker so --require-beta-signup means email-first beta key delivery readiness (ready_for_beta_key_delivery), not Stripe checkout readiness (ready_for_beta_checkout). This prevents the operator gate from staying blocked after SMTP works but before paid/card-backed Stripe checkout is enabled. Verification: TDD red test reproduced the stale checker behavior, then passed after the patch. Focused readiness/admin/docs/API verification reported 54 passed, 2 warnings; Pyright reported 0 errors; Ruff check and format check were clean. Live scripts/scout-hosted-admin readiness --json against https://scout.chowmes.com now reports beta blocked by hosted beta key delivery not ready, with health/packages ready.

[2026-07-03] fix | beta page submits email registration instead of checkout gate

Files touched: website/beta.html, website/assets/hosted-keygen.js, tests/unit/website/test_launch_website.py, index.md, wiki/dev-log.md. Notes: Corrected the public beta form so the readiness flag and submit path follow ready_for_beta_key_delivery. The form no longer presents card-backed Stripe checkout as the primary beta gate and no longer says it is falling back to an email queue. It submits the email-first /v1/hosted/beta-key path and shows pending-delivery copy when SMTP is not configured. Verification: Regression tests first failed against the stale ready_for_beta_checkout beta page contract. After the patch, tests/unit/website/test_launch_website.py reported 30 passed, and the adjacent website/billing/readiness/hosted signup set reported 82 passed, 2 warnings. Ruff check and format check were clean for the touched Python test.

[2026-07-03] fix | pricing and quickstart align to email-first beta

Files touched: website/pricing.html, website/quickstart.html, website/assets/pricing.js, docs/product/unit-economics-and-pricing-model-2026-06-29.md, docs/product/hosted-admin-operations.md, docs/product/public-hosted-launch-readiness-plan-2026-07-03.md, tests/unit/website/test_launch_website.py, tests/unit/test_hosted_pricing_docs.py, index.md, wiki/dev-log.md. Notes: Removed stale public copy that said beta setup uses $0 Stripe Checkout or falls back to queued email registration while checkout is paused. Pricing, quickstart, and launch-readiness docs now say beta access starts with email-first registration; paid Stripe checkout is a separate hosted-credit package path. Verification: Website/docs tests first failed on the stale checkout-first copy. After the patch, website/pricing docs verification reported 34 passed, 2 warnings, and the adjacent website/pricing/billing/readiness set reported 57 passed, 2 warnings. Ruff check and format check were clean.

[2026-07-03] feature | hosted billing portal self-service

Files touched: scout/core/platform/stripe_checkout.py, scout/api/routers/billing.py, scout/api/routers/hosted.py, scout/api/deps.py, scout/api/main.py, scout/api/config.py, website/account.html, website/assets/account.js, hosted env scripts, distribution/admin/readiness docs, and portal/account tests. Notes: Added authenticated Customer Portal creation at POST /v1/billing/stripe/customer-portal-session. The endpoint uses the hosted Bearer API key, infers the Stripe customer from the tenant's persisted checkout records, fails closed when no customer is linked, and never accepts or returns raw Stripe customer IDs or secret keys through the browser. /account now exposes a Manage billing action after account lookup. Verification: RED tests failed on missing portal symbols/dependency first. After implementation, focused tests reported 61 passed, 2 warnings; script/docs tests reported 57 passed; full unit suite reported 789 passed, 8 warnings; Pyright reported 0 errors; Ruff check and format check were clean. Follow-up: /v1/billing/stripe/status now exposes customer portal readiness and includes STRIPE_PORTAL_RETURN_URL in missing hosted paid self-service configuration when absent. Verification: TDD red tests failed against the checkout-first copy/status, then passed after the patch. Focused hosted billing/key/pricing/site verification reported 91 passed, 2 warnings; Pyright reported 0 errors; Ruff check and format check were clean. Repo commit ccd940b Make beta signup email-first was pushed and deployed. VPS remote HEAD is ccd940b, the scout container is healthy, https://scout.chowmes.com/health returns OK, and live /v1/billing/stripe/status returns public_self_service_path=email_beta_registration_with_checkout_hook.

[2026-07-03] fix | beta readiness now requires card-backed setup

Files touched: website/beta.html, website/assets/hosted-keygen.js, website/quickstart.html, website/pricing.html, scout/api/routers/billing.py, scripts/hosted_readiness_check.py, distribution/admin docs, website/billing/readiness tests, index.md, and wiki/dev-log.md. Notes: Re-aligned the beta flow with the production-readiness goal. The beta form now uses ready_for_beta_checkout; if true, it creates a $0 Stripe setup session, and if false but signup is open, it records the name/email request for later delivery. The readiness checker now treats email-only delivery as insufficient for full beta readiness. Verification: TDD tests first failed on stale email-first assertions. After the patch, the focused site/billing/signup/readiness/docs set reported 88 passed, 2 warnings; full unit reported 789 passed, 8 warnings; Pyright reported 0 errors; Ruff check and format check were clean.

[2026-07-03] fix | hosted docs aligned to card-backed beta setup

Files touched: docs/product/unit-economics-and-pricing-model-2026-06-29.md, docs/product/hosted-admin-operations.md, docs/distribution.md, tests/unit/test_hosted_pricing_docs.py, and wiki/dev-log.md. Notes: Replaced stale email-first/invite-controlled beta wording with the current production contract: card-backed $0 beta setup when Stripe Checkout, signed webhook, and SMTP key delivery are configured; name/email capture is a fallback request queue while live settings are missing. Verification: Added failing assertions first. They failed against the stale docs, then passed after the docs were patched. Focused hosted billing/signup/admin/doc tests reported 89 passed, 2 warnings.

[2026-07-03] fix | public beta route cannot bypass card-backed setup

Files touched: scout/api/routers/hosted.py, tests/unit/api/test_hosted_scrape.py, website/beta.html, website/assets/hosted-keygen.js, website/README.md, docs/distribution.md, docs/product/hosted-admin-operations.md, and wiki/dev-log.md. Notes: POST /v1/hosted/beta-key now records pending beta requests only. It does not provision a tenant, send SMTP key delivery, or issue a usable API key from the public route. Public key issuance is reserved for signed Stripe webhook provisioning after card-backed $0 beta setup, or protected admin delivery of queued requests. Verification: Tests were changed first and failed against the old direct provisioning behavior. After the route and copy patch, affected hosted/site/doc tests reported 63 passed, 2 warnings; full unit reported 789 passed, 8 warnings; Pyright reported 0 errors; Ruff check and format check were clean.

[2026-07-03] fix | hosted VPS restart rebuilds Scout image

Files touched: scripts/scout-vps-configure-hosted-env, tests/unit/scripts/test_vps_admin_scripts.py, docs/distribution.md, docs/product/hosted-admin-operations.md, and wiki/dev-log.md. Notes: configure-production-env --restart now runs Docker Compose with --build --force-recreate before health inspection. This records and fixes the deployment trap where GitHub/VPS HEAD moved forward but the live container kept serving an old image. Verification: Added a failing assertion first, then patched the script. python3 -m pytest tests/unit/scripts/test_vps_admin_scripts.py -q reported 25 passed; bash -n scripts/scout-vps-configure-hosted-env passed.

[2026-07-03] fix | API-key delivery email copy matches package type

Files touched: scout/core/platform/key_delivery.py, scout/api/routers/billing.py, tests/unit/core/platform/test_key_delivery.py, tests/unit/api/test_billing_stripe_webhook.py, docs/distribution.md, docs/product/hosted-admin-operations.md, and wiki/dev-log.md. Notes: Hosted key-delivery requests now carry package ID and credit counts. Beta-trial emails keep the beta tester subject and 100-credit/30-day boundary; first-time paid package emails use paid hosted API-key copy with the purchased package ID and actual standard/browser credits. Stripe webhook delivery passes the canonical package metadata into SMTP delivery. Verification: Added a failing standard_1000 delivery-email test first. After the patch, tests/unit/core/platform/test_key_delivery.py -q reported 6 passed, and tests/unit/api/test_billing_stripe_webhook.py -q reported 9 passed.

[2026-07-03] fix | paid packages map to hosted plan limits

Files touched: scout/core/platform/pricing.py, scout/core/platform/payment_provisioning.py, scout/core/platform/account_service.py, scout/core/platform/account_sqlite_store.py, tests/unit/core/platform/test_pricing.py, tests/unit/core/platform/test_payment_provisioning.py, docs/product/unit-economics-and-pricing-model-2026-06-29.md, docs/product/hosted-admin-operations.md, and wiki/dev-log.md. Notes: standard_1000 and standard_3000 now map to hosted_starter, while standard_15000 maps to hosted_pro. First-time paid checkout provisions the package's hosted plan. Existing beta tenants are upgraded when buying a higher package and are never downgraded by a lower package. Verification: Added failing package/provisioning tests first. After the patch, pricing/payment provisioning tests reported 17 passed, and adjacent Stripe/hosted API tests reported 58 passed.

[2026-07-03] change | beta registration directly emails API keys

Files touched: scout/api/routers/hosted.py, scout/api/routers/billing.py, scripts/hosted_readiness_check.py, beta/pricing/quickstart website files, hosted distribution docs, and focused API/site/readiness tests. Notes: Public beta signup no longer depends on card-backed Stripe setup. POST /v1/hosted/beta-key provisions a finite-credit beta tenant and emails the API key when SMTP delivery is configured. If SMTP is missing, it records a pending request without creating an account/key. Stripe remains the paid credit-package checkout path. Verification: Focused tests reported 88 passed; full unit reported 794 passed; Pyright and Ruff were clean.

[2026-07-03] change | public beta signup smoke added

Files touched: scripts/hosted_beta_signup_smoke.py, scripts/scout-hosted-admin, tests/unit/scripts/test_hosted_beta_signup_smoke.py, tests/unit/scripts/test_vps_admin_scripts.py, docs/product/hosted-admin-operations.md, index.md, wiki/dev-log.md, and log.md. Notes: Added a non-secret operator smoke command for public beta self-service: scripts/scout-hosted-admin beta-signup-smoke --email tester@example.com --name "Tester Name". It verifies /v1/hosted/beta-key plus /v1/hosted/beta-key/status and never prints raw API keys. Verification: Focused script/admin tests reported 38 passed; full unit reported 798 passed; Pyright/Ruff/shell syntax checks passed for the changed files.

[2026-07-03] change | production smoke beta gate corrected

Files touched: scripts/hosted_production_smoke.py, tests/unit/scripts/test_hosted_production_smoke.py, wiki/dev-log.md, and log.md. Notes: Renamed the smoke result from beta checkout to beta key delivery and stopped running Stripe smoke for the current direct-email beta path. Paid checkout smoke remains Stripe-based. Verification: Focused hosted smoke/readiness tests reported 12 passed; full unit reported 798 passed; Pyright and Ruff passed for the changed script and test.

[2026-07-03] change | hosted config rejects obsolete beta price id

Files touched: scripts/scout-validate-hosted-config, tests/unit/scripts/test_vps_admin_scripts.py, wiki/dev-log.md, and log.md. Notes: STRIPE_BETA_PRICE_ID is now treated as obsolete configuration because beta API keys are delivered by email and the paid checkout path uses standard package price IDs. Verification: Added failing validator test first; script/admin tests reported 38 passed; full unit reported 799 passed; Ruff and Python compile checks passed.

[2026-07-03] change | beta signup adds optional Stripe setup

Files touched: website/beta.html, website/assets/hosted-keygen.js, scout/api/routers/billing.py, hosted readiness/smoke scripts, focused tests, distribution docs, hosted-admin docs, wiki/dev-log.md, and log.md. Notes: /beta now supports direct email key registration and optional $0 Stripe setup-mode checkout. Readiness and production smoke distinguish beta key delivery, beta Stripe setup, and paid checkout. Verification: Focused billing/website/readiness tests reported 58 passed; full unit reported 799 passed; Pyright, Ruff, and node --check passed.

[2026-07-03] fix | public beta copy matches passwordless self-service

Files touched: README.md, website/index.html, website/beta.html, tests/unit/website/test_launch_website.py, wiki/dev-log.md, and log.md. Notes: Removed stale invite-only/manual-provisioning/raw-browser-key copy from public-facing Scout materials. The visible beta story now matches the actual API contract: name/email registration, database signup event, one-time API-key email delivery, and no raw key in browser responses. Verification: Added failing website regression first; focused website/pricing and hosted beta API tests reported 37 passed, 2 warnings; frontend JS syntax checks passed.

[2026-07-03] fix | beta Stripe setup creates customer

Files touched: scout/core/platform/stripe_checkout.py, tests/unit/core/platform/test_stripe_checkout.py, tests/unit/api/test_billing_stripe_checkout.py, tests/unit/test_hosted_pricing_docs.py, docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md. Notes: beta_trial Checkout setup sessions now send customer_creation=always, so the $0 card-backed beta flow is designed to create a Stripe Customer/payment-method setup record before webhook provisioning emails the beta API key. Verification: Added failing Stripe payload tests first; focused Stripe/payment/docs tests reported 49 passed, 2 warnings; Pyright and Ruff passed.

[2026-07-03] fix | hosted readiness shows operator actions

Files touched: scripts/hosted_readiness_check.py, tests/unit/scripts/test_hosted_readiness_check.py, docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md. Notes: The readiness helper now carries operator_next_actions from /v1/billing/stripe/status, so production blockers include exact setup categories instead of only missing flags. Verification: Added failing readiness-script coverage first; focused test reported 5 passed; Ruff passed; production readiness output showed the current Stripe/SMTP blockers and operator next actions.

[2026-07-03] change | status page shows live hosted readiness

Files touched: website/status.html, website/assets/status.js, tests/unit/website/test_hosted_status_copy.py, docs/workspace/status-live-readiness/, wiki/dev-log.md, and log.md. Notes: /status now fetches /v1/billing/stripe/status and renders live non-secret beta key delivery, beta Stripe setup, paid checkout, missing config, and operator next-action state. Verification: Added failing website regressions first, including the public asset allowlist check after production showed /assets/status.js returning 403. Focused website/status tests reported 5 passed, 2 warnings; JS syntax, Pyright, and Ruff checks passed.

[2026-07-03] fix | current docs align to self-service beta

Files touched: docs/product/private-beta-launch-plan.md, docs/product/launch-decision-dashboard-2026-06-29.md, docs/product/launch-gate-burndown-2026-06-29.md, docs/product/hosted-economics-and-usage-limits.md, tests/unit/test_hosted_pricing_docs.py, wiki/dev-log.md, and log.md. Notes: Current operating docs now describe self-service name/email beta registration through /beta#beta-key and /v1/hosted/beta-key, finite metered credits, email API-key delivery, and the $10 / 1,000 standard credits pricing candidate. Stale invite-only/approved-tester/manual framing is now guarded by tests. Verification: Added failing docs regression first; focused hosted signup, billing, pricing, website, status, and readiness tests reported 117 passed, 2 warnings; JS syntax, Pyright, Ruff, and Ruff format checks passed.

[2026-07-03] fix | remove invite-only drift from public/current beta copy

Files touched: website/beta.html, tests/unit/website/test_launch_website.py, tests/unit/test_hosted_pricing_docs.py, current launch/evidence/security/ distribution docs, wiki/dev-log.md, log.md, and the latest beta ADR. Notes: Public site and current docs now describe self-service beta access: name/email registration at /beta#beta-key and /v1/hosted/beta-key, finite metered credits, rate limits, SMTP delivery, and optional $0 card-backed setup when Stripe/webhook/SMTP are configured. Stale "invited beta testers," "approved testers," and "invite-only" current copy is guarded by tests. Verification: Added failing public/current copy regressions first; focused website, docs, hosted signup, billing, key delivery, pricing, readiness, JS, Pyright, Ruff, and format checks passed with 111 passed, 2 warnings.

[2026-07-03] change | hosted setup report groups production blockers

Files touched: scripts/scout-hosted-setup-report, scripts/scout-hosted-admin, tests/unit/scripts/test_vps_admin_scripts.py, docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md. Notes: Added scripts/scout-hosted-admin setup-report --secrets-file secrets/scout-production.env so hosted operators can see beta_email_delivery, beta_stripe_setup, and paid_checkout readiness from one non-secret report. The report prints missing environment variable names and exact next commands, but never prints Stripe keys, webhook secrets, SMTP passwords, raw API keys, or key hashes. Verification: Added failing admin-script tests first; focused admin script suite reported 29 passed.

[2026-07-03] fix | beta key email uses actual credit limits

Files touched: scout/core/platform/key_delivery.py, tests/unit/core/platform/test_key_delivery.py, docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md. Notes: Beta API-key delivery email no longer hardcodes 100 credits / 30 days; it uses the actual provisioned standard credits, browser credits, and trial days. The signed email also includes a first hosted scrape cURL example so a new beta tester can immediately validate their key. Verification: Added failing key-delivery regressions first; focused delivery suite reported 7 passed, 2 warnings.

[2026-07-03] fix | account page shows balance-after metering

Files touched: website/assets/account.js, website/account.html tests, scout/core/platform/pricing.py, tests/unit/api/test_hosted_purchases.py, tests/unit/website/test_launch_website.py, docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md. Notes: The customer /account surface now renders per-event credits charged and remaining balance after each usage event from /v1/hosted/usage. The beta package summary now says registered beta testers instead of stale approved tester copy. Verification: Added failing API and website regressions first; focused metering checks reported 6 passed, 2 warnings, and node --check website/assets/account.js passed.

[2026-07-03] fix | beta page explains readiness blockers

Files touched: website/assets/hosted-keygen.js, tests/unit/website/test_launch_website.py, docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md. Notes: The public /beta script now surfaces non-secret blocking_reasons, operator_next_actions, and ready_for_beta_key_delivery from /v1/billing/stripe/status. Email registration can still record beta requests while SMTP delivery is missing; card-backed $0 beta setup remains disabled with exact readiness blockers. Verification: Added failing beta page regressions first; focused beta tests reported 2 passed, broader website/pricing checks reported 36 passed, 2 warnings, and JS syntax, Pyright, Ruff, and Ruff format checks passed.

[2026-07-03] change | hosted metrics admin command

Files touched: scripts/scout-hosted-admin, scripts/scout-vps-hosted-metrics, tests/unit/scripts/test_vps_admin_scripts.py, docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md. Notes: Added scripts/scout-hosted-admin metrics --format table|json so the operator can inspect protected hosted billing/admin metrics through the running Scout container without printing the service API key, raw hosted keys, or key hashes. Verification: Added failing admin-script regressions first; full admin-script suite reported 30 passed.

[2026-07-03] change | hosted overview command

Files touched: scripts/scout-hosted-admin, scripts/scout-hosted-overview, tests/unit/scripts/test_vps_admin_scripts.py, docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md. Notes: Added scripts/scout-hosted-admin overview to combine public hosted readiness and protected live metrics in one operator command. Verification: Added failing admin-script regressions first; admin-script suite reported 31 passed; shell syntax, Pyright, Ruff, and format checks passed; live overview printed readiness blockers plus account/signup/usage/purchase metrics.

[2026-07-03] change | hosted metrics helper reliability

Files touched: scripts/scout-vps-hosted-metrics, tests/unit/scripts/test_vps_admin_scripts.py, docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md. Notes: Replaced the heredoc-based protected metrics helper with a safer docker exec ... python3 -c invocation controlled by SCOUT_ADMIN_METRICS_FORMAT. This keeps the service key inside the container and avoids SSH heredoc quoting failures. Verification: Added RED regression for no heredoc; focused tests passed; live scripts/scout-hosted-admin metrics --format table printed totals, funnel, economics, and recent row counts from production.

[2026-07-03] change | card-backed beta primary UX

Files touched: website/beta.html, website/quickstart.html, website/pricing.html, docs/distribution.md, docs/product/hosted-admin-operations.md, docs/product/unit-economics-and-pricing-model-2026-06-29.md, docs/product/private-beta-launch-plan.md, docs/product/hosted-economics-and-usage-limits.md, docs/product/public-hosted-launch-readiness-plan-2026-07-03.md, tests/unit/website/test_launch_website.py, tests/unit/test_hosted_pricing_docs.py, wiki/dev-log.md, and log.md. Notes: Made $0 card-backed beta setup the primary public beta path and reframed email-only registration as a fallback request queue. This aligns the site with the production goal of verifying Stripe setup-mode checkout, signed webhook provisioning, and SMTP API-key delivery before paid launch. Verification: Added RED website regression first; docs/website suite reported 39 passed, 2 warnings.

[2026-07-03] change | card-backed beta status contract

Files touched: scout/api/routers/billing.py, tests/unit/api/test_billing_stripe_checkout.py, wiki/dev-log.md, and log.md. Notes: Updated /v1/billing/stripe/status so public_self_service_path=card_backed_beta_setup_with_email_fallback and customer next actions put $0 Stripe setup-mode beta before email-only fallback. Verification: Added RED status-contract test first; affected route/docs/site suite reported 59 passed, 2 warnings; Pyright and Ruff checks passed.

[2026-07-03] change | failed beta delivery retry path

Files touched: scout/core/platform/account_service.py, scout/api/routers/billing.py, scripts/scout-hosted-admin, scripts/scout-vps-retry-failed-beta-signups, tests/unit/core/platform/test_account_service.py, tests/unit/api/test_billing_admin_metrics.py, tests/unit/scripts/test_vps_admin_scripts.py, docs/product/hosted-admin-operations.md, index.md, wiki/dev-log.md, and log.md. Notes: Added a service/API/admin-command recovery path for retrying failed beta API-key email deliveries after SMTP is fixed. The retry path selects newest failed events per email, skips existing tenants, records admin_failed_beta_delivery_retry, and never prints or returns raw API keys. Verification: Added RED service/API/script tests first; focused affected suite reported 54 passed, 2 warnings, and Pyright, Ruff, and format checks passed.

[2026-07-03] change | hosted admin Stripe smoke wrapper

Files touched: scripts/scout-hosted-admin, scripts/stripe_test_mode_smoke.py, tests/unit/scripts/test_vps_admin_scripts.py, docs/product/hosted-admin-operations.md, docs/distribution.md, index.md, wiki/dev-log.md, and log.md. Notes: Promoted the Stripe test-mode smoke helper into the primary scripts/scout-hosted-admin stripe-smoke command surface. The helper verifies non-secret readiness for beta_trial and paid packages and can create Checkout Sessions with --create-checkout once Stripe/SMTP are configured. Verification: Added RED admin-script regressions first; focused admin/docs tests reported 37 passed; Pyright, Ruff, and format checks passed. Live production smoke currently fails cleanly because Stripe Checkout, webhook, and SMTP key delivery remain unconfigured.

[2026-07-03] change | self-service beta signup default

Files touched: scout/api/config.py, scout/api/routers/billing.py, scripts/scout-validate-hosted-config, scripts/scout-hosted-setup-report, scripts/scout-write-hosted-config-template, tests/unit/api/test_hosted_scrape.py, tests/unit/api/test_billing_stripe_checkout.py, tests/unit/scripts/test_vps_admin_scripts.py, docs/distribution.md, docs/product/hosted-admin-operations.md, wiki/dev-log.md, and log.md. Notes: Changed hosted beta signup from opt-in to open-by-default. The HOSTED_BETA_SIGNUP_ENABLED env var now acts only as an optional pause switch when set to false; normal self-service name/email API-key registration no longer needs an enable flag or password gate. Verification: RED tests first showed default beta signup was incorrectly disabled. After implementation, focused behavior checks reported 5 passed; the broader impacted suite reported 132 passed, 2 warnings; Pyright, Ruff, script syntax, and diff checks passed. Deploy: Commit d88776a was pushed and deployed to the VPS. The Scout Docker container reported healthy, public /health returned OK, billing status reported beta_signup_enabled=true, and a live beta registration smoke returned delivery_status=pending_delivery without leaking the raw API key.

[2026-07-03] record | hosted pay-as-you-go pricing posture

Files touched: index.md, wiki/dev-log.md, wiki/syntheses/unit-economics-pricing-2026-06-29.md, and log.md. Notes: Recorded the current approved beta pricing posture: local free, self-service hosted beta registration, $10 / 1,000, $25 / 3,000, and $100 / 15,000 standard-credit packages, with browser-heavy work separate. The $10 / 1,000 package is modeled at $2.59 loaded cost, 74.1% gross margin, and 17 packs/month break-even under current assumptions. Verification: Focused governance/pricing/API suite reported 70 passed, 2 warnings; broader impacted suite reported 106 passed, 2 warnings; full unit suite reported 819 passed, 8 warnings; Pyright, Ruff check, and Ruff format check passed for touched Python files. Open: SMTP and Stripe live configuration/smoke still block production-complete hosted SaaS.