agents-orchestrator/agent-orchestrator
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add agor-pro commercial plugin crate and dual-repo infrastructure

Browse source 
agor-pro Tauri 2.x plugin (feature-gated via --features pro),
commercial Tauri config overlay, asymmetric test setup,
CI workflows (leak-check, commercial-build, PAT health),
pre-push hook, Makefile, CONTRIBUTING/MAINTENANCE/LICENSE-COMMERCIAL.
This commit is contained in:
Hibryda 2026-03-17 01:12:25 +01:00
parent a63e6711ac
commit 5fadd1c022
14 changed files with 682 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

128
MAINTENANCE.md Normal file
View file

@ -0,0 +1,128 @@
# Maintenance Guide
Operational procedures for the commercial edition of Agent Orchestrator.
## PAT Rotation
The `COMMUNITY_PAT` personal access token is used by CI to sync with the
community repository. Rotate it every 90 days.
### Rotation Procedure
1. Generate a new fine-grained PAT on GitHub with scope:
- Repository: `DexterFromLab/agent-orchestrator`
- Permissions: `Contents: Read-only`
2. Update the secret in this repo's GitHub Settings > Secrets > Actions:
- Name: `COMMUNITY_PAT`
- Value: the new token
3. Run the sync workflow manually to verify: Actions > Community Sync > Run workflow.
4. Record the rotation date. Next rotation due in 90 days.
### Token Audit
Check token expiry dates monthly. Set a calendar reminder.
## Community Sync
### Automated
```bash
make sync
```
This fetches `community/main`, merges it into `origin/main`, and runs the test
suite. Conflicts must be resolved manually.
### Manual
```bash
git remote add community https://github.com/DexterFromLab/agent-orchestrator.git 2>/dev/null
git fetch community main
git checkout main
git merge community/main --no-edit
npm run test:all
```
If tests fail after sync, fix before pushing.
## Pre-Release Checklist: Community Edition
Before publishing a community release from `main`:
- [ ] `git diff main..commercial/main -- agor-pro/ src/lib/commercial/` shows no commercial code on `main`
- [ ] Run `grep -r "LicenseRef-Commercial" --include="*.ts" --include="*.rs" --include="*.svelte" src/ src-tauri/` on `main` returns nothing
- [ ] Run `npm run test:all` passes
- [ ] Run `cargo test --workspace` passes
- [ ] CHANGELOG.md updated with release notes
- [ ] Tag follows semver: `v{major}.{minor}.{patch}`
- [ ] No secrets, API keys, or internal URLs in the diff since last release
## Pre-Release Checklist: Commercial Edition
Before publishing a commercial release:
- [ ] All commercial branches merged into the release branch
- [ ] `npm run test:all:commercial` passes
- [ ] `cargo test --workspace` passes
- [ ] License headers present on all commercial files (`grep -rL "SPDX-License-Identifier" agor-pro/ src/lib/commercial/` returns nothing)
- [ ] No hardcoded credentials or internal endpoints
- [ ] Database migrations tested against fresh install and upgrade from previous version
- [ ] Release notes written for commercial changelog
## Database Migration Notes
The commercial edition uses a separate data directory to avoid conflicts:
| Edition | Data Directory |
|---------|---------------|
| Community | `~/.local/share/bterminal/` |
| Commercial | `~/.local/share/agor/` |
### Migration Rules
- Schema migrations run automatically on startup (WAL mode SQLite).
- Never modify existing migration SQL. Add new migrations with incrementing version numbers.
- Test migrations against: (a) fresh install, (b) upgrade from N-1, (c) upgrade from N-2.
- Back up `~/.local/share/agor/` before testing destructive migrations locally.
### Edition Switching in Development
When switching between community and commercial editions locally:
```bash
make clean
```
This clears build artifacts and resets configuration to avoid cross-contamination.
The two editions use separate data directories, so user data is not affected.
Rebuild after switching:
```bash
npm install && npm run tauri dev
```
## Quarterly Maintenance
Perform these tasks every quarter:
### Security
- [ ] Rotate `COMMUNITY_PAT` (if due within the quarter)
- [ ] Run `npm audit` and `cargo audit` on both editions
- [ ] Review GitHub Dependabot alerts
- [ ] Verify no secrets in git history: `git log --all --diff-filter=A -- '*.env' '*.pem' '*.key'`
### Dependencies
- [ ] Update Rust toolchain (`rustup update`)
- [ ] Update Node.js to latest LTS if applicable
- [ ] Review and update pinned dependency versions
- [ ] Run full test suite after updates
### Repository Health
- [ ] Prune stale branches (`git branch --merged main | grep -v main`)
- [ ] Verify CI workflows are green on main
- [ ] Review and close stale issues/PRs
- [ ] Sync community changes if not done recently
- [ ] Verify backup procedures for commercial data