/claim #20

Summary

• Adds a distinct analytics-license-seat-roster-guard/ Revenue Infrastructure slice for issue #20.
• Reconciles named analytics dashboard, viewer, and API seats against contracted entitlements before renewal or true-up billing.
• Detects unapproved dashboard overage, external-domain access, expired temporary access, inactive paid seats, API usage from non-API seats, duplicate named seats, and finance-ready remediation actions.
• Emits deterministic JSON, Markdown, SVG, and WebM review artifacts from synthetic data.

Non-overlap

This is not another generic billing ledger, usage metering, payment webhook/failover, procurement, collections, storage overage, trial/promotion, account-transfer, prepaid credit, or analytics API usage module. It focuses specifically on named-seat roster leakage before analytics-license renewal or true-up.

Validation

• npm run check -> passed
• npm test -> analytics-license-seat-roster-guard tests passed
• npm run demo -> generated reports/summary.json, reports/reviewer-packet.md, and reports/summary.svg
• npm run demo:video -> generated reports/demo.webm
• WebM artifact check -> reports/demo.webm exists, 11202 bytes, EBML signature 1a45dfa3
• git diff --check -> passed
• git diff --cached --check -> passed

Synthetic data only. No credentials, private customer data, payment processor calls, bank/ACH/wallet actions, Stripe, PayPal, ERP, SSO, SCIM, analytics provider APIs, or live billing systems are used by the module.

AI-assisted with OpenAI Codex; I reviewed and locally verified the diff before submitting.

Current status - 2026-05-30 00:15 IST

Verified after newer same-issue #20 activity: this PR remains open, non-draft, CLEAN/mergeable, and distinct from KoiosSG PR #424.

This PR covers analytics license named-seat roster leakage before renewal or true-up billing: dashboard/API entitlement checks, external-domain access, expired temporary access, inactive paid seats, duplicate named seats, and finance remediation artifacts. PR #424 covers billing receipt privacy/redaction before invoice or receipt delivery, so the scopes do not overlap.

Validation remains complete: pm run check, targeted tests, deterministic demo artifacts, WebM artifact verification, and diff hygiene checks.