mirror of
https://github.com/samvallad33/vestige.git
synced 2026-07-02 22:01:01 +02:00
Vestige Cloud is split: the public client (a thin HTTP sync backend that only moves encrypted bytes) belongs here, but the hosted service — billing, sync-key->namespace mapping, per-user isolation, Lemon Squeezy webhooks, transactional email — must live only in the private repo. Add scripts/check-no-private-cloud.sh, which git-greps tracked files for distinctive private-service signatures (service crate identity, module headers, billing/provider internals, server-side sync-key mapping SQL). The patterns are chosen so the legitimate public client — including its VESTIGE_CLOUD_* client env vars — does not match. Wired into CI via guard-no-private-cloud.yml on push/PR. Verified both directions: passes on the clean repo, fails (naming the markers) when real private webhook.rs/keys.rs are introduced. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| ci.yml | ||
| guard-no-private-cloud.yml | ||
| pages.yml | ||
| release.yml | ||
| test.yml | ||