react_on_rails_pro 16.4.0.rc.4 → 16.4.0.rc.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7252b6a08a8e929c3d481444a4144b7e6045b74a7b1b54fb92bf65c186db7a2a
-  data.tar.gz: a36f6bb8ef95e1b6125cafb3b5033229ad7d6d91ffc3180f1893bd173ad07891
+  metadata.gz: 2b71e54f44331a34669c58c5f6997825fe0469a96de8520d24029605134068f2
+  data.tar.gz: ec4dd8f6d56ab2097f99dcd1c51c54002c2385595890c43fc959cb8ca2cc11ab
 SHA512:
-  metadata.gz: fa78476741398c2052be1a31af784dc70ffcea225b5bbfe7b086853753249d43982dd29133d5e381db21799040c0112e37adc12f5a8050bc5571a9782f7a98bc
-  data.tar.gz: 450f06137321fd93edccb3480bb7539d63d661c10acd1884a20069480c132742871a8dfca7a2105ddd6a54d6d42bbdc543aa775a063d08e0e6486f28dd1c9030
+  metadata.gz: 3ab4f06e700c5710649c0edf4be00398eaeddad34704325cc426c14813b5db3c2a67f2af44832d6e7830b3c4982ad4994774ca0bc24d52afb575c2c7abfd2b25
+  data.tar.gz: a2c840298e0efda608cefedc7211ff8561788aa55eabe4efc9eaf461bf85a48971eaf8247bffee247c232b1caa2689d1348e89284d95043ba039e6cbc977a016

data/CLAUDE.md

@@ -72,7 +72,7 @@ Order matters. If the base package isn't published first, the chain breaks.
 
 `ReactOnRailsPro::LicenseValidator` runs on engine startup via JWT validation.
 
-- License key: `config/react_on_rails_pro_license.key` or `REACT_ON_RAILS_PRO_LICENSE` env var
+- License key: `REACT_ON_RAILS_PRO_LICENSE` environment variable
 - Expired licenses cause startup failures in dummy app
 - License is checked in Pro engine initializer (`lib/react_on_rails_pro/engine.rb`)
 

data/Gemfile.lock

@@ -9,7 +9,7 @@ GIT
 PATH
   remote: ..
   specs:
-    react_on_rails (16.4.0.rc.4)
+    react_on_rails (16.4.0.rc.5)
       addressable
       connection_pool
       execjs (~> 2.5)
@@ -20,7 +20,7 @@ PATH
 PATH
   remote: .
   specs:
-    react_on_rails_pro (16.4.0.rc.4)
+    react_on_rails_pro (16.4.0.rc.5)
       addressable
       async (>= 2.6)
       connection_pool
@@ -29,7 +29,7 @@ PATH
       httpx (~> 1.5)
       jwt (~> 2.7)
       rainbow
-      react_on_rails (= 16.4.0.rc.4)
+      react_on_rails (= 16.4.0.rc.5)
 
 GEM
   remote: https://rubygems.org/

data/LICENSE_SETUP.md

@@ -51,7 +51,7 @@ This change allows your application to start even with license issues, giving yo
 
 ## Installation
 
-### Method 1: Environment Variable (Recommended)
+### Environment Variable (Required)
 
 Set the `REACT_ON_RAILS_PRO_LICENSE` environment variable:
 
@@ -72,22 +72,8 @@ heroku config:set REACT_ON_RAILS_PRO_LICENSE="your_token"
 # Add to your CI environment variables if needed
 ```
 
-### Method 2: Configuration File
-
-Create `config/react_on_rails_pro_license.key` in your Rails root:
-
-```bash
-echo "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..." > config/react_on_rails_pro_license.key
-```
-
-**Important**: Add this file to your `.gitignore` to avoid committing your license:
-
-```bash
-# Add to .gitignore
-echo "config/react_on_rails_pro_license.key" >> .gitignore
-```
-
-**Never commit your license to version control.**
+Configure your license token via the `REACT_ON_RAILS_PRO_LICENSE` environment variable.
+Never commit license tokens to version control.
 
 ## License Validation
 
@@ -105,7 +91,10 @@ When no license is present, the application runs in **unlicensed mode**. This is
 
 No license setup is needed for development. Developers can install and use React on Rails Pro immediately.
 
-For production deployments, share a paid license via environment variable or configuration file.
+For production deployments, configure a paid license via the `REACT_ON_RAILS_PRO_LICENSE` environment variable.
+
+> Migration note: `config/react_on_rails_pro_license.key` is no longer read.
+> If you used that file previously, move the token to `REACT_ON_RAILS_PRO_LICENSE`.
 
 ### For CI/CD
 
@@ -339,7 +328,7 @@ Need help?
 
 ## Security Best Practices
 
-1. ✅ **Never commit licenses to Git** — Add `config/react_on_rails_pro_license.key` to `.gitignore`
+1. ✅ **Never commit licenses to Git** — Keep license tokens in environment variables or secret managers
 2. ✅ **Use environment variables in production**
 3. ✅ **Use CI secrets for production deployment pipelines**
 4. ✅ **Don't share licenses publicly**

data/docs/installation.md

@@ -111,13 +111,7 @@ React on Rails Pro uses a license-optional model to simplify evaluation and deve
 export REACT_ON_RAILS_PRO_LICENSE="your-license-token-here"
 ```
 
-Or create a config file at `config/react_on_rails_pro_license.key`:
-
-```bash
-echo "your-license-token-here" > config/react_on_rails_pro_license.key
-```
-
-⚠️ **Security Warning**: Never commit your license token to version control. Add `config/react_on_rails_pro_license.key` to your `.gitignore`. For production, use environment variables or secure secret management systems (Rails credentials, Heroku config vars, AWS Secrets Manager, etc.).
+⚠️ **Security Warning**: Never commit your license token to version control. For production, use environment variables or secure secret management systems (Rails credentials, Heroku config vars, AWS Secrets Manager, etc.).
 
 For complete license setup instructions, see [LICENSE_SETUP.md](https://github.com/shakacode/react_on_rails/blob/master/react_on_rails_pro/LICENSE_SETUP.md).
 

data/docs/updating.md

@@ -30,6 +30,15 @@ Package names have changed:
 
 **Important:** Pro users should now import from `react-on-rails-pro` instead of `react-on-rails`. The Pro package includes all core features plus Pro-exclusive functionality.
 
+## Breaking Changes and Deprecation Policy
+
+To reduce upgrade risk, React on Rails Pro follows this policy:
+
+1. **Deprecate first when practical** (docs/changelog + clear replacement).
+2. **Warn at runtime when practical** if a deprecated setup is detected.
+3. **Remove in a later release** with a short migration note in this guide.
+4. **Exception:** security/legal fixes may be removed immediately, but must include an explicit upgrade note.
+
 ### Your Current Setup (GitHub Packages)
 
 If you're upgrading, you currently have:
@@ -179,13 +188,11 @@ Configure your React on Rails Pro license token as an environment variable:
 export REACT_ON_RAILS_PRO_LICENSE="your-license-token-here"
 ```
 
-Or create a config file at `config/react_on_rails_pro_license.key`:
-
-```bash
-echo "your-license-token-here" > config/react_on_rails_pro_license.key
-```
+> **Migration note (legacy key-file setup):**
+> `config/react_on_rails_pro_license.key` is no longer read by React on Rails Pro.
+> If you previously used that file, move the token into `REACT_ON_RAILS_PRO_LICENSE`.
 
-⚠️ **Security Warning**: Never commit your license token to version control. Add `config/react_on_rails_pro_license.key` to your `.gitignore`. For production, use environment variables or secure secret management systems (Rails credentials, Heroku config vars, AWS Secrets Manager, etc.).
+⚠️ **Security Warning**: Never commit your license token to version control. For production, use environment variables or secure secret management systems (Rails credentials, Heroku config vars, AWS Secrets Manager, etc.).
 
 **Where to get your license token:** Contact [justin@shakacode.com](mailto:justin@shakacode.com) if you don't have your license token.
 

data/lib/react_on_rails_pro/engine.rb

@@ -5,7 +5,10 @@ require "rails/railtie"
 module ReactOnRailsPro
   class Engine < Rails::Engine
     LICENSE_URL = "https://www.shakacode.com/react-on-rails-pro/"
+    # TODO: Remove this legacy migration warning path after 16.5.0 stable release (target: 2026-05-31).
+    LEGACY_LICENSE_FILE = "config/react_on_rails_pro_license.key"
     private_constant :LICENSE_URL
+    private_constant :LEGACY_LICENSE_FILE
 
     initializer "react_on_rails_pro.routes" do
       ActionDispatch::Routing::Mapper.include ReactOnRailsPro::Routes
@@ -23,8 +26,10 @@ module ReactOnRailsPro
 
         case status
         when :valid
+          log_legacy_file_cleanup_notice if legacy_license_file_present?
           log_valid_license
         when :missing
+          log_legacy_license_migration_notice if legacy_license_file_present?
           log_license_issue("No license found", "Get a license at #{LICENSE_URL}")
         when :expired
           expiration = ReactOnRailsPro::LicenseValidator.license_expiration
@@ -79,6 +84,27 @@ module ReactOnRailsPro
           Rails.logger.info "#{prefix} No license required for development/test environments."
         end
       end
+
+      def legacy_license_file_present?
+        Rails.root.join(LEGACY_LICENSE_FILE).exist?
+      end
+
+      def log_legacy_file_cleanup_notice
+        Rails.logger.info "[React on Rails Pro] Legacy license file at #{LEGACY_LICENSE_FILE} " \
+                          "is no longer read and can be safely deleted."
+      end
+
+      def log_legacy_license_migration_notice
+        message = "[React on Rails Pro] Detected legacy license file at #{LEGACY_LICENSE_FILE}, " \
+                  "but this file is no longer read. " \
+                  "Move your token to REACT_ON_RAILS_PRO_LICENSE."
+
+        if Rails.env.production?
+          Rails.logger.warn message
+        else
+          Rails.logger.info message
+        end
+      end
     end
   end
 end

data/lib/react_on_rails_pro/license_task_formatter.rb

@@ -42,7 +42,6 @@ module ReactOnRailsPro
 
       puts ""
       puts "No license found. Set REACT_ON_RAILS_PRO_LICENSE"
-      puts "or place a key file at config/react_on_rails_pro_license.key"
     end
 
     def print_details(result, info)

data/lib/react_on_rails_pro/license_validator.rb

@@ -232,25 +232,10 @@ module ReactOnRailsPro
         ATTRIBUTION_REQUIRED_PLANS.include?(plan.strip)
       end
 
-      # Loads license string from env var or file
+      # Loads license string from environment variable
       # @return [String, nil] License string or nil if not found
       def load_license_string
-        # First try environment variable
-        license = ENV.fetch("REACT_ON_RAILS_PRO_LICENSE", nil)
-        return license if license && !license.strip.empty?
-
-        # Then try config file
-        config_path = Rails.root.join("config", "react_on_rails_pro_license.key")
-        return unless config_path.exist?
-
-        begin
-          content = File.read(config_path).strip
-          return nil if content.empty?
-
-          content
-        rescue StandardError
-          nil
-        end
+        ENV.fetch("REACT_ON_RAILS_PRO_LICENSE", nil)&.strip.presence
       end
 
       # Decodes and verifies the JWT license

data/lib/react_on_rails_pro/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
 module ReactOnRailsPro
-  VERSION = "16.4.0.rc.4"
+  VERSION = "16.4.0.rc.5"
   PROTOCOL_VERSION = "2.0.0"
 end

data/lib/react_on_rails_pro.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "rails"
+require "react_on_rails"
 
 require "react_on_rails_pro/request"
 require "react_on_rails_pro/version"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: react_on_rails_pro
 version: !ruby/object:Gem::Version
-  version: 16.4.0.rc.4
+  version: 16.4.0.rc.5
 platform: ruby
 authors:
 - Justin Gordon
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2026-02-23 00:00:00.000000000 Z
+date: 2026-02-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -128,14 +128,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 16.4.0.rc.4
+        version: 16.4.0.rc.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 16.4.0.rc.4
+        version: 16.4.0.rc.5
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement