grant/keysat-root
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f574f025a60766dc59f9e4d8ca11f074f2ae2ea2
keysat-root/docs/guides/licensing-tiers.md
T
Keysat f574f025a6 Restructure AGENTS.md into scoped guides 
Trim AGENTS.md to whole-repo, every-session facts (154 -> 110 lines) and move
subsystem guidance into docs/guides/*.md, each with paths: frontmatter and a
one-line index entry in AGENTS.md. Symlink each guide from .claude/rules/ so
Claude Code lazy-loads it by matching path; track those symlinks via a
.gitignore exception (.claude/settings.local.json stays ignored).
2026-06-12 19:39:41 -05:00

35 lines
1.5 KiB
Markdown
Raw Blame History

---
paths:
- "licensing-service-startos/licensing-service/src/license_self.rs"
- "licensing-service-startos/licensing-service/src/api/tier.rs"
- "licensing-service-startos/licensing-service/src/api/self_license.rs"
- "licensing-service-startos/licensing-service/src/upgrades.rs"
- "licensing-service-startos/licensing-service/src/api/upgrade.rs"
---
# Self-license & tier gating
The daemon licenses **itself** via its own licensing scheme — the operator runs a
master Keysat that issues the license this instance validates.
## Live entitlements
Tier gates must read **LIVE** entitlements from `licenses.entitlements` (refreshed
hourly by `refresh_self_tier_from_db` in `license_self.rs`), **not** the
entitlements baked into the signed payload at issue time. The signed payload is a
point-in-time snapshot; entitlements can change after issuance.
## Never silently widen a tier
Do **not** expand entitlements in `tier::current()` (e.g. "patron implies pro").
Tried in `0.2.0:41`, reverted in `0.2.0:42`. When an operator is stuck on an
old-scheme self-license, the correct fix is: **re-issue** the license + run the
StartOS "Activate Keysat license" action — the new key overwrites
`/data/keysat-license.txt` and `self_tier` refreshes without a daemon restart.
## Entitlements in flight
`unlimited_merchant_profiles` (Creator = 1 merchant profile, Pro/Patron =
unlimited) still needs adding to the master Keysat's Pro/Patron policies — a data
action on the keysat.xyz admin, no code. See [payments](payments.md).
Reference in New Issue View Git Blame Copy Permalink