Skip to content
Plystra Plystra Docs

v1.0 Readiness

v1.0 Readiness Notes

Section titled “v1.0 Readiness Notes”

This readiness note follows PRD-v1.0-stable-self-hosted-core-complete.md.

The stable v1.0 scope is Plystra Core. Console, SDKs, deploy automation, official plugin repositories, template repositories, and plugin runtime behavior are positive enhancements when present, but they are deferred after v1.0 and do not block the Core release.

Core v1.0 Implemented

Section titled “Core v1.0 Implemented”

  • Stable account-identity separation: User -> UserMember -> Member -> Space.

  • Core entities: User, Space, Group, Member, UserMember, Role, Permission, MemberRole, RolePermission, Resource, and AuditLog.

  • Ent schemas and generated code for all required Core entities.

  • Versioned migrations through 012 with checksum verification, clean empty database application, and Ent drift checks.

  • Explicit UserMember, MemberRole, and RolePermission entities.

  • scope_anchor_group_id remains explicit on MemberRole.

  • Authorization scopes: self, group, group_tree, and space.

  • global scope remains reserved and disabled for normal Member actors.

  • Safe group_tree resolver: target_path = anchor_path OR target_path LIKE anchor_path || '.%'.

  • Union semantics across all matching permission candidates.

  • Stable deny codes for inactive actors, revoked/expired UserMember, cross-space violations, no matching permission, missing anchors, missing target groups, out-of-bounds scopes, invalid resource registry entries, and disabled global scope.

  • AuditLog writes decision-time JSONB snapshots for authorization decisions and Core management mutations.

  • AuditLog is append-only through Ent hooks and has no public update/delete API.

  • Resource Registry foundation with ResourceType, ResourceAction, and ResourceMapping registration endpoints.

  • Stable Core APIs for authz check/explain, health/ready/version, Core CRUD, Resource Registry, and AuditLog reads.

  • API responses use explicit DTO-style maps and envelopes; generated Ent structs are not exposed.

  • Structured JSON request logs with request ID, method, path, status, latency, bytes, and error code.

  • Environment-based configuration using PRD names such as SERVER_HOST, SERVER_PORT, SERVER_MODE, DATABASE_URL, LOG_FORMAT, CORS_ALLOWED_ORIGINS, PLYSTRA_SESSION_SECRET, PLYSTRA_API_KEY_SECRET, AUDIT_WRITE_MODE, and TRACE_VERSION.

  • Self-hosted baseline: Dockerfile, docker-compose.yml, .env.example, migration command, seed demo command, run command, and health check.

  • Built-in Finance Reviewer demo data and four required demo traces.

  • PostgreSQL integration tests and endpoint smoke coverage against a running Plystra Postgres container.

Positive Enhancements Kept

Section titled “Positive Enhancements Kept”
  • Static Console and sibling repositories already exist as early work.
  • Native auth/session APIs exist beyond the minimum Integration Mode.
  • Plugin manifest metadata install, plugin settings, and template install flows exist as Core metadata foundations.
  • Data Console preview mutations exist for internal resources mappings.

These do not change the v1.0 Core acceptance boundary.

Deferred After v1.0

Section titled “Deferred After v1.0”
  • Packaged production Console release.
  • Fully released JS/Go/Python SDKs.
  • Plugin SDK and official plugin repositories.
  • Template marketplace or standalone template repository.
  • One-command installer, Kubernetes operator, high-availability automation, and broader deployment repositories.