1dc1a1a07a
Phase 1 foundation for the Stargue Publishing Engine (plan v2, BMAD
panel-reviewed 2026-04-19 — 1 APPROVE, 6 REVISE, 0 REJECT; all principles >=3).
- Governance doctrine adopted from DQMS
(.clinerules/12-foundational-principles.md,
.claude/hooks/gate-plan-exit.sh, .claude/skills/bmad-plan/SKILL.md)
- Bun workspaces + Turbo; apps/{mcp-linkedin,scheduler,admin};
packages/{schema,sanitize,linkedin-client,observability}
- Drizzle schema (content, publications, approvals, metrics,
linkedin_tokens, audit, outlet_feature_flags) with idempotency_key
UNIQUE and kill-switch table per TEA/dev panel revisions
- LinkedIn API canon: Posts API /rest/posts (not legacy UGC); OAuth
auth-code without PKCE; secretbox (not sealed-box); Community
Management API as separate approval gate from MDP
- Frontmatter Zod schema (status, language, outlets[], sanitize,
scheduled, version)
- Pino observability with PII redaction
- Expand-then-contract migration runbook
- Plan + panel verdicts mirrored to docs/plans/
- Deferred gates logged (Dokploy PaaS verification, LinkedIn Dev
Portal app registration)
bun install + bun run typecheck both exit 0 across 11 workspaces.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3.2 KiB
3.2 KiB
LinkedIn Developer Portal — Application Registry
Status tracker for Stargue's LinkedIn apps. Every row must stay current — Claude Code verifies against this file during Stage 0 DoD 0.9.
Applications
| App | Product | Purpose | Scopes granted | State | App ID | Approval date | Notes |
|---|---|---|---|---|---|---|---|
| Stargue Publishing Engine — Sign In | Sign In with LinkedIn using OpenID Connect | Identity / whoami |
openid profile email |
TODO: register | — | — | Standard — no approval required beyond Dev Portal self-service |
| Stargue Publishing Engine — Member Share | Share on LinkedIn | Personal-profile posts (Angelo) | w_member_social |
TODO: register | — | — | Standard — attached to the same app as Sign In |
| Stargue Publishing Engine — Org Share | Community Management API | Company-page posts (urn:li:organization:2605890) |
w_organization_social, r_organization_social |
TODO: apply | — | — | Requires LinkedIn partner approval; submit via Dev Portal "Request access" |
| Stargue Publishing Engine — Refresh | Marketing Developer Platform (MDP) | Programmatic refresh tokens (eliminates 60-day re-auth) | (extends above) | TODO: apply | — | — | Requires LinkedIn partner approval; multi-week review |
OAuth redirect URIs
- Production:
https://publishing.stargue.net/auth/linkedin/callback - Local dev:
http://localhost:3002/auth/linkedin/callback
Client credentials
Stored in Dokploy secrets on sg-paas-s1.stargue.net:
LINKEDIN_CLIENT_IDLINKEDIN_CLIENT_SECRETLINKEDIN_TOKEN_ENCRYPTION_KEY(32-byte key forcrypto_secretbox)
Manual setup checklist (Stage 0.9)
- Sign in to
https://www.linkedin.com/developers/as Angelo (personal account). - Create app "Stargue Publishing Engine" linked to Stargue Company Page
urn:li:organization:2605890(required for Community Management API eligibility). - Under Products, request:
- Sign In with LinkedIn using OpenID Connect (self-service; instant)
- Share on LinkedIn (self-service; instant)
- Community Management API (submit partner-access request — fill in use-case: "Programmatic posting of original content to Stargue Company Page for knowledge-management-as-a-service practice")
- Marketing Developer Platform (separate partner-access request — fill in use-case: "Automate posting and engagement-metric collection for owned content from a self-hosted publishing pipeline")
- Under Auth, add redirect URIs above.
- Copy Client ID and Client Secret to Dokploy secrets (never commit).
- Update this file with the app ID.
- Re-request Community Management API + MDP if denied initially, with more detailed use-case.