Source-agnostic license issuance service. FastAPI app fronts a
Postgres `licenses` table; the only currently-wired source is
`manual` (operator mints via /internal/mint). Gumroad webhook
adapter lands in PR 2.
Key design points:
- Signing reuses src/license/crypto.py via a COPY into the image
(single source of truth — blobs minted server-side verify against
the same embedded pubkey on the buyer's machine).
- Source adapter Protocol (app/adapters/base.py) is the seam for
Gumroad / Lemon Squeezy / Stripe in later PRs; Mint API speaks
only SaleEvent / RefundEvent.
- (source, source_order_id) UNIQUE composite gives idempotent
webhook retries without double-mint.
- JSONB type uses with_variant(JSON, 'sqlite') so the same models
drive both Postgres prod and SQLite tests (no testcontainers dep).
- Bearer-token auth on /internal/*; the IP-loopback guard was
removed after the docker bridge made it fight legitimate prod
traffic (nginx defense + Bearer remain).
- Secrets resolved via *_FILE env vars pointing at
/run/secrets/<name>, so passwords never appear in `docker inspect`.
21 unit tests (SQLite in-memory, StaticPool) plus a real-Postgres
docker-compose smoke test in server/scripts/smoke.sh that builds the
image, runs the alembic migration, mints a license, verifies the
signature against the host dev pubkey, and checks the DB row.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>