--- paths: - "licensing-service-startos/licensing-service/src/license_self.rs" - "licensing-service-startos/licensing-service/src/api/tier.rs" - "licensing-service-startos/licensing-service/src/api/self_license.rs" - "licensing-service-startos/licensing-service/src/upgrades.rs" - "licensing-service-startos/licensing-service/src/api/upgrade.rs" --- # Self-license & tier gating The daemon licenses **itself** via its own licensing scheme — the operator runs a master Keysat that issues the license this instance validates. ## Always boots — no enforce mode Enforce mode was **retired**: there is no `KEYSAT_LICENSE_ENFORCE` build flag and `check_at_boot` (`license_self.rs`) always returns `Ok`. A missing/invalid self-license logs a warning and the daemon runs at the free **Creator** tier (`Tier::Unlicensed`, surfaced as "Creator" in the admin UI) with Creator caps — **5 products, 5 policies per product, 10 active discount codes**. Activating a license lifts those caps and unlocks `recurring_billing` + `zaprite_payments`. Treat any "marketplace build refuses to start without a license" wording in code comments or copy as stale. ## Live entitlements Tier gates must read **LIVE** entitlements from `licenses.entitlements` (refreshed hourly by `refresh_self_tier_from_db` in `license_self.rs`), **not** the entitlements baked into the signed payload at issue time. The signed payload is a point-in-time snapshot; entitlements can change after issuance. ## Never silently widen a tier Do **not** expand entitlements in `tier::current()` (e.g. "patron implies pro"). Tried in `0.2.0:41`, reverted in `0.2.0:42`. When an operator is stuck on an old-scheme self-license, the correct fix is: **re-issue** the license + run the StartOS "Activate Keysat license" action — the new key overwrites `/data/keysat-license.txt` and `self_tier` refreshes without a daemon restart. ## Entitlements in flight `unlimited_merchant_profiles` (Creator = 1 merchant profile, Pro/Patron = unlimited) still needs adding to the master Keysat's Pro/Patron policies — a data action on the keysat.xyz admin, no code. See [payments](payments.md).