Framework partner workflow
How partner-specific registrar repos connect to the Partner API while keeping secrets, billing, and registry backend controls protected.
Hosted Starter partners request changes through support. Framework Partner and Custom/Enterprise partners may receive repo access under agreement.
Access can be read-only, contribution-based pull requests, or maintain access when contract and support terms allow.
Do not put Partner API keys, GFAVIP wallet keys, SkyInclude credentials, database credentials, admin secrets, or customer exports in GitHub.
Server-side env vars belong in Railway or the partner's hosting environment.
Partner AI agents can work in downstream frontend repos only when repo permissions allow. They should open pull requests, keep API secrets server-side, preserve payment-success callback patterns, and avoid changing billing or Gems ledger behavior.
When the upstream white-label framework improves, HeadlessDomains opens downstream PRs, keeps partner overrides intact, checks env var changes, runs tests/previews, and merges only after branding and checkout still work.