Keysat
c3a57a043e
Two additions, both responding to a real-world ask from the Recap
team building an in-app tier picker against the same Keysat
instance.
1. StartPurchaseOptions gains `policySlug?: string`. The daemon's
/v1/purchase has accepted policy_slug since v0.1.0:27 (tiered
pricing); the SDK was the only thing missing the field. With
it set, the licensing service prices the invoice at the
chosen policy's price_sats_override and remembers the policy
on the invoice so the issued license carries that policy's
entitlements / duration / max_machines / trial flag.
2. New `Client.listPublicPolicies(productSlug)` returns the
buyer-visible tier list for a product (slug, name, price,
entitlements, recurring + trial flags, "Most popular" flag).
Same data the /buy/<slug> page renders server-side. Public
endpoint — no auth. Lets in-app tier pickers render
dynamically and stay in sync with admin-side tier setup.
Usage:
```ts
const tiers = await client.listPublicPolicies('recap')
// render tiers.policies in your UI; user clicks "Pro"
const session = await client.startPurchase('recap', {
policySlug: 'pro',
buyerEmail: 'buyer@example.com',
redirectUrl: 'https://recap.app/thank-you',
})
window.location.href = session.checkoutUrl
```
15/15 existing crosscheck tests still pass — wire-format coverage
is unchanged. Bumps to 0.2.0 on minor since the API is purely
additive.
@keysat/licensing-client
TypeScript / JavaScript client for Keysat — a self-hosted Bitcoin-paid software licensing server that runs on Start9.
Works in modern browsers and Node 18+. No native dependencies; signature verification is done in pure JS via @noble/ed25519.
What you get
- Offline verification: check a license key with just the issuing server's public key. No network.
- Online validation: live revocation check and fingerprint binding via the service's
/v1/validateendpoint. - Purchase flow: kick off a BTCPay checkout and poll for the issued key.
Install
npm install @keysat/licensing-client
5-line offline check
import { Verifier, PublicKey } from '@keysat/licensing-client'
const verifier = new Verifier(PublicKey.fromPem(ISSUER_PUBKEY_PEM))
const ok = verifier.verify(keyFromUser)
console.log('licensed for product', ok.productId)
That's the whole integration. Embed your public key as a string at build time (e.g. Vite's ?raw import, webpack raw-loader, or just a const). If the verifier returns without throwing, the key is real and was issued by you.
10-line online check (with revocation + fingerprint)
import { Client } from '@keysat/licensing-client'
const client = new Client('https://license.example.com')
const result = await client.validate(keyFromUser, 'my-product', machineFingerprint)
if (!result.ok) {
console.error('rejected:', result.reason)
process.exit(1)
}
The server enforces revocation live and does trust-on-first-use fingerprint binding, so the same key used from a second machine gets rejected.
Purchase flow
const session = await client.startPurchase('my-product')
console.log('pay at:', session.checkoutUrl)
const key = await client.waitForLicense(session.invoiceId)
console.log('got license:', key)
waitForLicense polls until the BTCPay invoice settles and the service issues a key. It throws if the invoice expires or becomes invalid.
Browser usage
Everything here works in the browser too. Drop the library into your React/Svelte/Vue app and run offline verification client-side — no server call needed for the common case.
// Vite: import the PEM as a raw string at build time
import issuerPem from './issuer.pub?raw'
import { Verifier, PublicKey } from '@keysat/licensing-client'
const verifier = new Verifier(PublicKey.fromPem(issuerPem))
License
MIT.