smart-social-contracts · deucalioncodes · Apr 18, 2026 · Apr 18, 2026 · Apr 18, 2026 · Apr 19, 2026
diff --git a/deployments/local-mundus.yml b/deployments/local-mundus.yml
@@ -83,9 +83,23 @@ mundus:
     codices: []
 
 # --- Stage 3: verification ---------------------------------------------------
+#
+# `integration_tests` is consumed by .github/workflows/_verify-mundus.yml
+# (run as part of ci-main.yml after install-mundus). The local PR
+# pipeline (ci-pr.yml) calls scripts/ci_install_mundus.py which does
+# NOT execute these tests today — they're kept here as the canonical
+# manifest of which tests cover the layered local install, and they
+# will start running automatically when ci-pr.yml is wired through
+# _verify-mundus.yml. Until then, these doubly serve as the recommended
+# `pytest` command for anyone bringing up a local realm by hand.
 verify:
   e2e_specs:
     - src/realm_frontend/tests/e2e/specs/layered-parity.spec.ts
   integration_tests:
-    - tests/backend/test_status_api.py
-    - tests/backend/test_extensions_api.py
+    - tests/integration/test_status_api.py
+    - tests/integration/test_extensions_api.py
+    # End-to-end coverage for the invitation-link → join_realm_with_invite
+    # flow. Skips itself when admin_dashboard is not installed (see
+    # the test's _has_admin_dashboard_installed guard), so it is safe
+    # to keep in the list even on minimal mundus installs.
+    - tests/integration/test_invitations_join.py
diff --git a/extensions b/extensions
diff --git a/src/realm_backend/ggg/governance/realm.py b/src/realm_backend/ggg/governance/realm.py
@@ -42,3 +42,13 @@ class Realm(Entity, TimestampedMixin):
     # Comma-separated canister principal IDs trusted for inter-canister calls
     # (DAO controllers, AI agents, parent realms). These bypass User-based access checks.
     trusted_principals = String(max_length=2048, default="")
+    # Principal of the human that triggered this realm's creation. Set once
+    # at deploy time by the canister controller (typically the
+    # canister-management service deploying on the human's behalf, or
+    # the dfx identity for manual deploys) via set_creator_principal.
+    # Used to authorize the bootstrap-admin path in join_realm: the
+    # creator principal is allowed to claim the first 'admin' profile
+    # on a fresh realm, even when they are not themselves a canister
+    # controller. After that first admin exists, every subsequent
+    # admin claim requires a valid invitation code.
+    creator_principal = String(max_length=64, default="")
+320 −43		extensions/admin_dashboard/backend/entry.py
+186 −42		extensions/admin_dashboard/backend/models.py
+22 −0		extensions/admin_dashboard/frontend/lib/extensions/admin_dashboard/AdminDashboard.svelte
+256 −80		extensions/admin_dashboard/frontend/lib/extensions/admin_dashboard/RegistrationUrlManager.svelte
+35 −421		extensions/admin_dashboard/frontend/lib/extensions/admin_dashboard/UserRegistration.svelte
+5 −0		extensions/admin_dashboard/frontend/routes/(sidebar)/admin/invitations/+page.svelte
+5 −0		extensions/admin_dashboard/frontend/routes/(sidebar)/extensions/admin_dashboard/invitations/+page.svelte
+1 −1		extensions/admin_dashboard/manifest.json
+290 −1		extensions/admin_dashboard/tests/test_registration_codes.py