Archive resolved integration and plan-management issues, and track per-org disposition overrides as a deferred enhancement.
member-console
One system for memberships and the hosted services they pay for.
member-console is open-source software for offering hosted services on a paid membership. In one place it handles the pieces that otherwise get stitched together by hand — who each member is, what they're entitled to, what they pay — then turns that into the actual, metered services running on their behalf, kept in sync as members join, upgrade, and leave. New kinds of service attach through a shared contract instead of reshaping how membership or billing work, so the offering can grow on one foundation.
It has two sides: an operator panel where staff run the service, and a member panel where members sign in to manage their own plan and workspace.
Developed at the Wiki Cafe MSC, and built for any organization to run.
Status: pre-production. The engine is feature-complete for its first service tiers, but this is not yet a hardened, turnkey deployment. Expect rough edges in first-run setup and treat the test stack — not a production install — as the supported way to run it today. See
status/for the honest state of every milestone.
License: AGPL-3.0 — see LICENSE.
What it does
- Governance spine — identity (via any OIDC provider) → organization → workspace, with auto-provisioning of a default workspace for new members.
- Entitlements — grants resolve to numeric limits (e.g. FedWiki site count and storage) materialized per resource pool; plan ladders model upgrade/downgrade paths with a generic transition primitive.
- Billing — Stripe is the billing execution engine. Products, prices, customers, subscriptions, and invoices are mirrored via a webhook pipeline; the console never holds card data.
- Integrations — a provider-extension contract (manifest, namespaced resource keys, lifecycle verbs) lets a new hosted service conform without reshaping the operator panel or entitlement layer. FedWiki is the first conforming provider.
Architecture
- Go 1.23, server-rendered HTMX multi-page app — no SPA framework — under a
strict Content-Security-Policy (
script-src 'self',style-src 'self'; all JS and CSS is self-hosted, no inline<script>/style=). - PostgreSQL with per-module schema ownership (
identity,organization,entitlements,billing,fedwiki,integration,audit, …). Queries are generated with sqlc; migrations run with goose. - Temporal for durable workflows (provisioning, integration sync, billing sweeps).
- OIDC for authentication — member-console is identity-provider-agnostic and works with any OIDC-compliant IDP (the test stack ships Keycloak).
Full documentation is indexed in docs/, grouped by audience
(developer / admin / user). Highlights:
deployment architecture,
hosting,
building an integration,
database management, and Stripe.
Quickstart (local development)
Prerequisites: Docker (with Compose), Go 1.23+, and make.
The test stack brings up Postgres, Temporal, Keycloak, and a FedWiki farm in
containers, then runs the console from source against them. All commands run
from the test/ directory:
cd test
./bootstrap-stack.sh # generate a per-worktree .env with collision-free ports
docker compose up -d # Postgres, Temporal, Keycloak, FedWiki
set -a; . ./.env; set +a # load the generated host ports / secrets
go run .. start --config mc-config.yaml
bootstrap-stack.sh prints the URL table it allocated. With default ports the
console is at http://member-console.localhost:9481; sign in to the operator
panel as alice / password.
Known first-boot race: if the very first
startexits with a TemporalRequest unauthorizederror, the namespace seed is still settling — just run thego runcommand again. Tracked for a real fix instatus/(M12b, first-run friction).
See test/AGENTS.md for the full stack contract (idempotency,
Stripe webhook constraints, teardown, running multiple worktrees concurrently).
Project status & roadmap
See status/ for the development roadmap, milestones, and notes.
Substantial changes are tracked as OpenSpec proposals
under openspec/.
Contributing
Contributions are welcome — see CONTRIBUTING.md for the development workflow, building and testing, and the project conventions.
Security
To report a vulnerability, see SECURITY.md. Please do not open a public issue for security reports.
License
Licensed under the GNU Affero General Public License v3.0. See LICENSE.