# Fork Divergence Registry This document tracks all functional differences from upstream. --- ## D-0002: Letro-specific release pipeline and versioning Type: - CI/CD divergence Upstream: - Version is sourced from `Cargo.toml` via `cargo metadata` - Git tags follow the `v*` format - Release artifacts include compiled binaries (`mas-cli-*.tar.gz`) Fork: - Version is sourced from a dedicated `LETRO_VERSION` file, decoupling the fork release cycle from Rust crate versions - Git tags follow the `letro-v*` format to namespace fork releases - Release artifacts include a `fork-changes.diff` (diff from upstream commit recorded in `UPSTREAM_VERSION`), `FORK_DIVERGENCE.md`, and two SBOM files (`sbom-repo.json` for repository scan, `sbom-image.json` for Docker image scan) instead of binaries - SBOM files generated using Trivy in CycloneDX format for supply chain security and vulnerability tracking - Rust toolchain installation removed from release workflows (no longer needed) - `BOT_GITHUB_TOKEN` used for checkout steps that require write access - 30-second delay added before enabling auto-merge on release PRs to allow GitHub to register pending checks COMMIT_REFS: - d63a55ec5cd834fee0f2058f75ae1853255533c3 - 9c3ff1a3371bb0bc0634663daa29c5f484c4e4ef - 7c79a1e7eab935ef8bff1d275ac6cfd2a2c6d006 - 71c6c8320576f84590f05bc972895ce8b5eb445b - 6231550007ab050ea43b5ddc77ecf3bc85ec7109 - 494c4267c354bcc85d54fe4ffb6615bf50d56928 - 8bfc965b0f72f8f8624e83c084353f9c0eacc72f Impact: - Fork versioning is fully independent of upstream Cargo crate versions - Release artifacts reflect fork divergence rather than distributable binaries - Tag namespace prevents conflicts with upstream `v*` tags --- ## D-0001: Authentication flow postnumber validation Type: - Behavioral divergence Upstream: - MAS handles registration by allowing user to enter its own username Fork: - Added integration with an external postnumber microservice via HTTP RPC during account creation; utilizes Letro logic for data validation. COMMIT_REFS: - 12d0be9d7cbc837bfe1780e12d88f47e5bbd9fb6 Impact: - Alters auth data validation pipelines - Introduces external optional dependency (postnumber service)