grant/keysat-root
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1cecc885b3949579c8d4363ad39e0cfb6d8aec38
keysat-root/docs/guides/licensing-tiers.md
T

2.5 KiB
Raw Blame History

paths
paths
licensing-service-startos/licensing-service/src/license_self.rs
licensing-service-startos/licensing-service/src/api/tier.rs
licensing-service-startos/licensing-service/src/api/self_license.rs
licensing-service-startos/licensing-service/src/upgrades.rs
licensing-service-startos/licensing-service/src/api/upgrade.rs

Self-license & tier gating

The daemon licenses itself via its own licensing scheme — the operator runs a master Keysat that issues the license this instance validates.

Always boots — no enforce mode

Enforce mode was retired: there is no KEYSAT_LICENSE_ENFORCE build flag and check_at_boot (license_self.rs) always returns Ok. A missing/invalid self-license logs a warning and the daemon runs at the free Creator tier (Tier::Unlicensed, surfaced as "Creator" in the admin UI) with Creator caps — 5 products, 5 policies per product, 10 active discount codes. Activating a license lifts those caps and unlocks recurring_billing + zaprite_payments. Treat any "marketplace build refuses to start without a license" wording in code comments or copy as stale.

Live entitlements, clamped to the signed key

Tier gates read live entitlements from licenses.entitlements, refreshed hourly by refresh_self_tier_from_db in license_self.rs, so issuer-applied downgrades, suspensions, and revocations — plus the key's own expiry (the refresh re-verifies the on-disk key, demoting an expired one) — reach a running daemon without a restart. The signed self-license key is the ceiling: the live DB row may narrow the tier but never widen it past what the signature grants (clamp_to_signed_ceiling). A genuine upgrade therefore comes from a re-issued key — re-run the StartOS "Activate Keysat license" action — not from editing the DB row.

Never silently widen a tier

Do not expand entitlements in tier::current() (e.g. "patron implies pro"). Tried in 0.2.0:41, reverted in 0.2.0:42. When an operator is stuck on an old-scheme self-license, the correct fix is: re-issue the license + run the StartOS "Activate Keysat license" action — the new key overwrites /data/keysat-license.txt and self_tier refreshes without a daemon restart.

Entitlements in flight

unlimited_merchant_profiles (Creator = 1 merchant profile, Pro/Patron = unlimited) still needs adding to the master Keysat's Pro/Patron policies — a data action on the keysat.xyz admin, no code. See payments.

Reference in New Issue View Git Blame Copy Permalink