ree 1.2.4 → 1.2.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a73f9d4ffa414ae499d87732f896c437117f65b52b7675908eb8581d482946f4
-  data.tar.gz: '0328c44c6cb7d7dddae52494fb057e1b88f84a8d2c7f28ea62c202bcb1c74125'
+  metadata.gz: c6f558ae43347082febc5e6f30be8afe0ec5340423b9e2cca23d9b412139ab4e
+  data.tar.gz: 5a1dddb63ed9e12178ff17c3150eb8910fb29b63c564d78302dddf77dcc679a0
 SHA512:
-  metadata.gz: 367764b547db08f4c975a0ea141c7563e5536612d05bf48388cf8b9100dc381573dcdb9081b6c73a6880ff9bc57fbe45cbda09c51030aa370bd032997a372cd2
-  data.tar.gz: 4177a967cc3fa694fc03b6302fc10de386dea9ec2c328d16fbe53f4a765c1b4e0d25e9817d99ea0100fca3975b470a73192bc848d77684235771524651e06657
+  metadata.gz: f0f8936853687e6facfd21ea46bea355f593b6cf570ac20c6c3406e1764463432623664c829d207bc2e1ccd241baf4e99efc0e409518e596cfcbf5a20af4488a
+  data.tar.gz: 5950203f5babaf701bd5a9c48e9e51fabda3844f9e7645f0912fcd98f1cb109c488211c39119f6af1bcb918c8c34c2e74c8d55e933cc8aabe046dd94c0013fdd

data/Gemfile.lock

@@ -1,13 +1,15 @@
 PATH
   remote: .
   specs:
-    ree (1.2.4)
+    ree (1.2.7)
+      base64
       commander (~> 5.0.0)
       logger (~> 1.6.5)
 
 GEM
   remote: https://rubygems.org/
   specs:
+    base64 (0.3.0)
     commander (5.0.0)
       highline (~> 3.0.0)
     debug (1.9.1)

data/exe/ree

@@ -223,6 +223,87 @@ class ReeCliRunner
       end
     end
 
+    command :"licensing.register_client" do |c|
+      c.syntax      = 'ree licensing.register_client --name=NAME --contact=CONTACT'
+      c.description = 'register a new licensing client'
+      c.summary     = '> ' + c.description
+      c.example     'register a client', 'ree licensing.register_client --name="Glabix" --contact="hello@glabix.com" --metadata="type=enterprise,country=RU"'
+      c.option      '--name NAME', String, 'Client name'
+      c.option      '--contact CONTACT', String, 'Client contact email'
+      c.option      '--metadata METADATA', String, 'Client metadata (key=value pairs separated by commas)'
+      c.option      '--clients_dir DIR', String, 'Directory for clients.json (default: current dir)'
+      c.action do |args, options|
+        options_hash = options.__hash__
+        options_hash.delete(:trace)
+
+        raise Ree::Error.new("--name is required") unless options_hash[:name]
+        raise Ree::Error.new("--contact is required") unless options_hash[:contact]
+
+        Ree::CLI::Licensing::RegisterClient.run(
+          name: options_hash[:name],
+          contact: options_hash[:contact],
+          metadata_str: options_hash[:metadata],
+          clients_dir: options_hash[:clients_dir] || Dir.pwd
+        )
+      end
+    end
+
+    command :"licensing.obfuscate" do |c|
+      c.syntax      = 'ree licensing.obfuscate --source_path=PATH --target_path=PATH --client_id=ID --expires_at=DATE'
+      c.description = 'obfuscate a Ree project for distribution'
+      c.summary     = '> ' + c.description
+      c.example     'obfuscate project', 'ree licensing.obfuscate --source_path=./project --target_path=./dist --client_id=client_abc123 --expires_at="2026-12-31"'
+      c.option      '--source_path PATH', String, 'Source project path'
+      c.option      '--target_path PATH', String, 'Target distribution path'
+      c.option      '--client_id ID', String, 'Client ID from clients.json'
+      c.option      '--expires_at DATE', String, 'License expiration date (YYYY-MM-DD)'
+      c.option      '--exclude_files FILES', String, 'Comma-separated list of files to exclude'
+      c.option      '--clients_dir DIR', String, 'Directory for clients.json (default: current dir)'
+      c.action do |args, options|
+        options_hash = options.__hash__
+        options_hash.delete(:trace)
+
+        raise Ree::Error.new("--source_path is required") unless options_hash[:source_path]
+        raise Ree::Error.new("--target_path is required") unless options_hash[:target_path]
+        raise Ree::Error.new("--client_id is required") unless options_hash[:client_id]
+        raise Ree::Error.new("--expires_at is required") unless options_hash[:expires_at]
+
+        Ree::CLI::Licensing::Obfuscate.run(
+          source_path: options_hash[:source_path],
+          target_path: options_hash[:target_path],
+          client_id: options_hash[:client_id],
+          expires_at: options_hash[:expires_at],
+          exclude_files: options_hash[:exclude_files] || "",
+          clients_dir: options_hash[:clients_dir] || Dir.pwd
+        )
+      end
+    end
+
+    command :"licensing.renew_license" do |c|
+      c.syntax      = 'ree licensing.renew_license --client_id=ID --expires_at=DATE'
+      c.description = 'renew a license for an existing client'
+      c.summary     = '> ' + c.description
+      c.example     'renew license', 'ree licensing.renew_license --client_id=client_abc123 --expires_at="2028-01-01"'
+      c.option      '--client_id ID', String, 'Client ID from clients.json'
+      c.option      '--expires_at DATE', String, 'New license expiration date (YYYY-MM-DD)'
+      c.option      '--output_path PATH', String, 'Output path for license.json'
+      c.option      '--clients_dir DIR', String, 'Directory for clients.json (default: current dir)'
+      c.action do |args, options|
+        options_hash = options.__hash__
+        options_hash.delete(:trace)
+
+        raise Ree::Error.new("--client_id is required") unless options_hash[:client_id]
+        raise Ree::Error.new("--expires_at is required") unless options_hash[:expires_at]
+
+        Ree::CLI::Licensing::RenewLicense.run(
+          client_id: options_hash[:client_id],
+          expires_at: options_hash[:expires_at],
+          output_path: options_hash[:output_path],
+          clients_dir: options_hash[:clients_dir] || Dir.pwd
+        )
+      end
+    end
+
     command :"gen.index_project" do |c|
       c.syntax      = 'ree gen.index_project'
       c.description = 'generate index schema of methods'

data/lib/ree/benchmark_method_plugin.rb

@@ -12,66 +12,48 @@ class Ree::BenchmarkMethodPlugin
   end
 
   def call
-    return unless @method_name == :call && ree_fn?
+    return nil unless @method_name == :call && ree_fn?
 
     config = @target.instance_variable_get(:@__ree_benchmark_config)
-    
+    benchmark_name = build_benchmark_name
+
     if config
-      wrap_as_entry_point(config)
+      build_entry_point_wrapper(benchmark_name, config)
     else
-      wrap_as_collector
+      build_collector_wrapper(benchmark_name)
     end
   end
 
   private
 
-  def wrap_as_entry_point(config)
-    alias_target = @is_class_method ? eigenclass : @target
-    method_name = @method_name
-    method_alias = :"__benchmark_#{method_name}"
-
-    return if alias_target.method_defined?(method_alias)
-
-    alias_target.alias_method(method_alias, method_name)
-
-    benchmark_name = build_benchmark_name
-    output_proc = config[:output] || -> (res) { $stdout.puts(res) }
+  def build_entry_point_wrapper(benchmark_name, config)
+    output_proc = config[:output] || ->(res) { $stdout.puts(res) }
     deep = config.fetch(:deep, true)
     once = config.fetch(:once, false)
     benchmark_done = false
 
-    alias_target.define_method(method_name) do |*args, **kwargs, &block|
+    Proc.new do |instance, next_layer, *args, **kwargs, &block|
       if Ree::BenchmarkTracer.active?
         Ree::BenchmarkTracer.collect(benchmark_name) do
-          send(method_alias, *args, **kwargs, &block)
+          next_layer.call(*args, **kwargs, &block)
         end
       elsif once && benchmark_done
         Ree::BenchmarkTracer.collect(benchmark_name) do
-          send(method_alias, *args, **kwargs, &block)
+          next_layer.call(*args, **kwargs, &block)
         end
       else
         benchmark_done = true if once
         Ree::BenchmarkTracer.trace(benchmark_name, output_proc: output_proc, deep: deep) do
-          send(method_alias, *args, **kwargs, &block)
+          next_layer.call(*args, **kwargs, &block)
         end
       end
     end
   end
 
-  def wrap_as_collector
-    alias_target = @is_class_method ? eigenclass : @target
-    method_name = @method_name
-    method_alias = :"__benchmark_#{method_name}"
-
-    return if alias_target.method_defined?(method_alias)
-
-    alias_target.alias_method(method_alias, method_name)
-
-    benchmark_name = build_benchmark_name
-
-    alias_target.define_method(method_name) do |*args, **kwargs, &block|
+  def build_collector_wrapper(benchmark_name)
+    Proc.new do |instance, next_layer, *args, **kwargs, &block|
       Ree::BenchmarkTracer.collect(benchmark_name) do
-        send(method_alias, *args, **kwargs, &block)
+        next_layer.call(*args, **kwargs, &block)
       end
     end
   end
@@ -99,8 +81,4 @@ class Ree::BenchmarkMethodPlugin
 
     facade.get_object(pkg, obj).fn?
   end
-
-  def eigenclass
-    class << @target; self; end
-  end
 end

data/lib/ree/cli/licensing/obfuscate.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Ree
+  module CLI
+    module Licensing
+      class Obfuscate
+        class << self
+          def run(source_path:, target_path:, client_id:, expires_at:, exclude_files: "", clients_dir: Dir.pwd, stdout: $stdout)
+            exclude_list = exclude_files.to_s.split(',').map(&:strip).reject(&:empty?)
+
+            Ree::Licensing::Obfuscator.run(
+              source_path: source_path,
+              target_path: target_path,
+              client_id: client_id,
+              expires_at: expires_at,
+              clients_dir: clients_dir,
+              exclude_files: exclude_list,
+              stdout: stdout
+            )
+          rescue Ree::Error => e
+            stdout.puts "Error: #{e.message}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ree/cli/licensing/register_client.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Ree
+  module CLI
+    module Licensing
+      class RegisterClient
+        class << self
+          def run(name:, contact:, metadata_str: nil, clients_dir: Dir.pwd, stdout: $stdout)
+            metadata = parse_metadata(metadata_str)
+
+            store = Ree::Licensing::ClientStore.new(clients_dir)
+            client = store.register_client(
+              name: name,
+              contact: contact,
+              metadata: metadata
+            )
+
+            stdout.puts "Client registered successfully:"
+            stdout.puts "  Client ID: #{client['client_id']}"
+            stdout.puts "  Name: #{client['name']}"
+            stdout.puts "  Contact: #{client['contact']}"
+            stdout.puts "  Saved to: #{File.join(clients_dir, 'clients.json')}"
+
+            client
+          rescue Ree::Error => e
+            stdout.puts "Error: #{e.message}"
+          end
+
+          private
+
+          def parse_metadata(metadata_str)
+            return {} if metadata_str.nil? || metadata_str.empty?
+
+            metadata_str.split(',').each_with_object({}) do |pair, hash|
+              key, value = pair.split('=', 2)
+              hash[key.strip] = value&.strip
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ree/cli/licensing/renew_license.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module Ree
+  module CLI
+    module Licensing
+      class RenewLicense
+        class << self
+          def run(client_id:, expires_at:, output_path: nil, clients_dir: Dir.pwd, stdout: $stdout)
+            store = Ree::Licensing::ClientStore.new(clients_dir)
+            client = store.find_client(client_id)
+            raise Ree::Error.new("Client #{client_id} not found") unless client
+
+            last_license = store.last_license(client_id)
+            raise Ree::Error.new("No existing license found for #{client_id}") unless last_license
+
+            result = Ree::Licensing::LicenseGenerator.generate(
+              client_id: client_id,
+              private_key_pem: client['private_key_pem'],
+              public_key_pem: client['public_key_pem'],
+              aes_key_hex: last_license['aes_key_hex'],
+              iv_hex: last_license['iv_hex'],
+              expires_at: expires_at
+            )
+
+            store.add_license(client_id, result[:license_record])
+
+            output = output_path || File.join(clients_dir, "license_#{client_id}.json")
+            File.write(output, JSON.pretty_generate(result[:license_file]))
+
+            stdout.puts "License renewed successfully:"
+            stdout.puts "  Client ID: #{client_id}"
+            stdout.puts "  Expires at: #{expires_at}"
+            stdout.puts "  License file: #{output}"
+
+            result
+          rescue Ree::Error => e
+            stdout.puts "Error: #{e.message}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ree/cli.rb

@@ -8,5 +8,11 @@ module Ree
     autoload :GenerateTemplate, 'ree/cli/generate_template'
     autoload :Indexing, 'ree/cli/indexing'
     autoload :SpecRunner, 'ree/cli/spec_runner'
+
+    module Licensing
+      autoload :RegisterClient, 'ree/cli/licensing/register_client'
+      autoload :Obfuscate, 'ree/cli/licensing/obfuscate'
+      autoload :RenewLicense, 'ree/cli/licensing/renew_license'
+    end
   end
 end

data/lib/ree/contracts/contractable.rb

@@ -7,14 +7,14 @@ require_relative 'engine_proxy'
 module Ree::Contracts
   module Contractable
     def method_added(name)
-      return if _ree_method_added_hook_active?
-      MethodDecorator.new(name, false, self).call
+      return super if _ree_method_added_hook_active?
+      MethodDecorator.new(name, false, self).call(plugin_mode: false)
       super
     end
 
     def singleton_method_added(name)
-      return if _ree_method_added_hook_active?
-      MethodDecorator.new(name, true, self).call
+      return super if _ree_method_added_hook_active?
+      MethodDecorator.new(name, true, self).call(plugin_mode: false)
       super
     end
 

data/lib/ree/contracts/method_decorator.rb

@@ -51,21 +51,18 @@ module Ree::Contracts
       @doc = engine.fetch_doc
     end
 
-    def call
-      return if Ree::Contracts.no_contracts?
-      return unless contract_definition
+    def call(plugin_mode: true)
+      return nil if Ree::Contracts.no_contracts?
+      return nil unless contract_definition
 
+      # Store decorator for runtime lookups (still needed)
       self.class.add_decorator(self)
 
-      original_alias = :"__ree_original_#{method_name}"
-      param_source = if alias_target.method_defined?(original_alias)
-        original_alias
-      else
-        method_name
-      end
-
+      # Get method parameters from the method (before aliasing)
+      # Note: We get params from the current method, not __ree_original_#{method_name}
+      # because the alias hasn't been created yet when plugins are called
       @method_parameters = alias_target
-        .instance_method(param_source)
+        .instance_method(method_name)
         .parameters
         .freeze
 
@@ -77,21 +74,13 @@ module Ree::Contracts
 
       @return_validator = Validators.fetch_for(contract_definition.return_contract)
 
-      make_alias
-      make_definition
-    end
-
-    def execute_on(target, args, kwargs, &blk)
-      @args.call(args, kwargs, blk)
-      result = target.send(method_alias, *args, **kwargs, &blk)
-
-      if !return_validator.call(result)
-        raise ReturnContractError, "Invalid return value for #{printed_name}\n  #{
-          return_validator.message(result, 'returns', 0).strip
-        }"
+      if plugin_mode
+        # Plugin mode: Return wrapper lambda for composition
+        build_contract_wrapper
+      else
+        # Legacy mode: Apply wrapper directly (for Contractable standalone usage)
+        apply_contract_wrapper_directly
       end
-
-      result
     end
 
     # Unique ID of this Method Decorator
@@ -99,11 +88,6 @@ module Ree::Contracts
       @id ||= self.class.decorator_id(target, method_name, is_class_method)
     end
 
-    # Alias name for original method
-    def method_alias
-      @method_alias ||= :"__original_#{method_name}_#{SecureRandom.hex}"
-    end
-
     # Target class to be used for alias method definition
     def alias_target
       @alias_target ||= begin
@@ -112,54 +96,90 @@ module Ree::Contracts
       end
     end
 
+    # Public method used by legacy contract wrapper (called from class_eval'd method)
+    def validate_and_call(instance, method_alias, args, kwargs, &blk)
+      @args.call(args, kwargs, blk)
+      result = instance.send(method_alias, *args, **kwargs, &blk)
+
+      unless @return_validator.call(result)
+        raise ReturnContractError, "Invalid return value for #{printed_name}\n  #{
+          @return_validator.message(result, 'returns', 0).strip
+        }"
+      end
+
+      result
+    end
+
     private
 
-    def make_alias
-      alias_target.alias_method(method_alias, method_name)
+    def build_contract_wrapper
+      args_validator = @args
+      return_validator = @return_validator
+      decorator_printed_name = printed_name
+
+      Proc.new do |instance, next_layer, *args, **kwargs, &block|
+        # Validate arguments
+        args_validator.call(args, kwargs, block)
+
+        # Call next layer
+        result = next_layer.call(*args, **kwargs, &block)
+
+        # Validate return value
+        unless return_validator.call(result)
+          raise ReturnContractError, "Invalid return value for #{decorator_printed_name}\n  #{
+            return_validator.message(result, 'returns', 0).strip
+          }"
+        end
+
+        result
+      end
     end
 
-    def make_definition
+    def apply_contract_wrapper_directly
+      # Legacy mode for Contractable standalone usage
+      # Detect visibility BEFORE creating alias
+      visibility = if alias_target.private_instance_methods.include?(method_name)
+        :private
+      elsif alias_target.protected_instance_methods.include?(method_name)
+        :protected
+      else
+        :public
+      end
+
+      # Create our own alias and wrapper
+      method_alias = :"__original_#{method_name}_#{SecureRandom.hex}"
+      alias_target.alias_method(method_alias, method_name)
+
+      args_validator = @args
+      return_validator = @return_validator
+      decorator_printed_name = printed_name
+
       file, line = alias_target.instance_method(method_alias).source_location
 
       alias_target.class_eval(%Q(
         def #{method_name}(*args, **kwargs, &blk)
           decorator = Ree::Contracts::MethodDecorator.get_decorator('#{id}')
-          decorator.execute_on(self, args, kwargs, &blk)
+          decorator.validate_and_call(self, #{method_alias.inspect}, args, kwargs, &blk)
         end
       ), file, line - 3)
 
-      make_private if private_method?
-      make_protected if protected_method?
+      # Restore visibility
+      case visibility
+      when :private
+        alias_target.send(:private, method_name, method_alias)
+      when :protected
+        alias_target.send(:protected, method_name, method_alias)
+      end
     end
 
     def private_method?
-      return target.private_methods.include?(method_alias) if is_class_method
-      target.private_instance_methods.include?(method_alias)
+      return target.private_methods.include?(method_name) if is_class_method
+      target.private_instance_methods.include?(method_name)
     end
 
     def protected_method?
-      return target.protected_methods.include?(method_alias) if is_class_method
-      target.protected_instance_methods.include?(method_alias)
-    end
-
-    def make_private
-      _method_name = method_name
-      _method_alias = method_alias
-
-      alias_target.class_eval do
-        private _method_name
-        private _method_alias
-      end
-    end
-
-    def make_protected
-      _method_name = method_name
-      _method_alias = method_alias
-
-      alias_target.class_eval do
-        protected _method_name
-        protected _method_alias
-      end
+      return target.protected_methods.include?(method_name) if is_class_method
+      target.protected_instance_methods.include?(method_name)
     end
 
     def printed_name

data/lib/ree/core/package_loader.rb

@@ -95,7 +95,22 @@ class Ree::PackageLoader
 
     Ree.logger.debug("load_file(:#{package_name}, '#{path}')")
 
-    Kernel.require(path)
+    if Ree.obfuscated?
+      load_encrypted_file(path)
+    else
+      Kernel.require(path)
+    end
+  end
+
+  private
+
+  def load_encrypted_file(path)
+    license = Ree.license
+    full_path = path.end_with?('.rb') ? path : "#{path}.rb"
+    encrypted_data = File.binread(full_path)
+    bytecode = license.decrypt_file(encrypted_data)
+    iseq = RubyVM::InstructionSequence.load_from_binary(bytecode)
+    iseq.eval
   end
 end
 

data/lib/ree/licensing/bytecode_compiler.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Ree
+  module Licensing
+    class BytecodeCompiler
+      def self.compile_file(path)
+        iseq = RubyVM::InstructionSequence.compile_file(path)
+        iseq.to_binary
+      end
+
+      def self.compile_string(source, path = "(eval)")
+        iseq = RubyVM::InstructionSequence.compile(source, path)
+        iseq.to_binary
+      end
+
+      def self.load_from_binary(binary)
+        RubyVM::InstructionSequence.load_from_binary(binary)
+      end
+    end
+  end
+end

data/lib/ree/licensing/client_store.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'securerandom'
+require 'openssl'
+
+module Ree
+  module Licensing
+    class ClientStore
+      CLIENTS_FILE = 'clients.json'
+
+      def initialize(dir)
+        @dir = dir
+        @file_path = File.join(dir, CLIENTS_FILE)
+      end
+
+      def register_client(name:, contact:, metadata: {})
+        data = load_data
+        client_id = "client_#{SecureRandom.hex(8)}"
+        rsa_key = OpenSSL::PKey::RSA.new(4096)
+
+        client = {
+          'client_id' => client_id,
+          'name' => name,
+          'contact' => contact,
+          'metadata' => metadata,
+          'created_at' => Date.today.to_s,
+          'private_key_pem' => rsa_key.to_pem,
+          'public_key_pem' => rsa_key.public_key.to_pem,
+          'licenses' => []
+        }
+
+        data['clients'] << client
+        save_data(data)
+
+        client
+      end
+
+      def find_client(client_id)
+        data = load_data
+        data['clients'].detect { |c| c['client_id'] == client_id }
+      end
+
+      def add_license(client_id, license)
+        data = load_data
+        client = data['clients'].detect { |c| c['client_id'] == client_id }
+        raise Ree::Error.new("Client #{client_id} not found") unless client
+
+        client['licenses'] << license
+        save_data(data)
+      end
+
+      def last_license(client_id)
+        client = find_client(client_id)
+        raise Ree::Error.new("Client #{client_id} not found") unless client
+
+        client['licenses'].last
+      end
+
+      def load_data
+        if File.exist?(@file_path)
+          JSON.parse(File.read(@file_path))
+        else
+          { 'clients' => [] }
+        end
+      end
+
+      private
+
+      def save_data(data)
+        File.write(@file_path, JSON.pretty_generate(data))
+      end
+    end
+  end
+end

data/lib/ree/licensing/decryptor.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'base64'
+require 'openssl'
+require 'date'
+
+module Ree
+  module Licensing
+    class Decryptor
+      attr_reader :aes_key, :iv, :expires_at, :client_id
+
+      def initialize(aes_key:, iv:, expires_at:, client_id:)
+        @aes_key = aes_key
+        @iv = iv
+        @expires_at = expires_at
+        @client_id = client_id
+      end
+
+      def self.load_license(license_path)
+        unless File.exist?(license_path)
+          raise Ree::Error.new("License file not found: #{license_path}")
+        end
+
+        license_data = JSON.parse(File.read(license_path))
+        public_key_pem = license_data['public_key_pem']
+        encrypted_payload = Base64.strict_decode64(license_data['encrypted_payload'])
+
+        payload_json = Encryptor.rsa_public_decrypt(encrypted_payload, public_key_pem)
+        payload = JSON.parse(payload_json)
+
+        expires_at = Date.parse(payload['expires_at'])
+
+        if expires_at < Date.today
+          raise Ree::Error.new("License expired on #{payload['expires_at']}")
+        end
+
+        aes_key = [payload['aes_key_hex']].pack('H*')
+        iv = [payload['iv_hex']].pack('H*')
+
+        new(
+          aes_key: aes_key,
+          iv: iv,
+          expires_at: expires_at,
+          client_id: payload['client_id']
+        )
+      end
+
+      def decrypt_file(encrypted_data)
+        Encryptor.aes_decrypt(encrypted_data, @aes_key, @iv)
+      end
+    end
+  end
+end

data/lib/ree/licensing/encryptor.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require 'openssl'
+require 'securerandom'
+require 'json'
+require 'base64'
+
+module Ree
+  module Licensing
+    class Encryptor
+      def self.generate_aes_key
+        cipher = OpenSSL::Cipher::AES256.new(:CBC)
+        cipher.encrypt
+        {
+          key: cipher.random_key,
+          iv: cipher.random_iv
+        }
+      end
+
+      def self.aes_encrypt(data, key, iv)
+        cipher = OpenSSL::Cipher::AES256.new(:CBC)
+        cipher.encrypt
+        cipher.key = key
+        cipher.iv = iv
+        cipher.update(data) + cipher.final
+      end
+
+      def self.aes_decrypt(encrypted_data, key, iv)
+        cipher = OpenSSL::Cipher::AES256.new(:CBC)
+        cipher.decrypt
+        cipher.key = key
+        cipher.iv = iv
+        cipher.update(encrypted_data) + cipher.final
+      end
+
+      def self.rsa_private_encrypt(payload_json, private_key_pem)
+        rsa = OpenSSL::PKey::RSA.new(private_key_pem)
+        rsa.private_encrypt(payload_json)
+      end
+
+      def self.rsa_public_decrypt(encrypted_payload, public_key_pem)
+        rsa = OpenSSL::PKey::RSA.new(public_key_pem)
+        rsa.public_decrypt(encrypted_payload)
+      end
+    end
+  end
+end

data/lib/ree/licensing/license_generator.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'base64'
+require 'securerandom'
+
+module Ree
+  module Licensing
+    class LicenseGenerator
+      def self.generate(client_id:, private_key_pem:, public_key_pem:, aes_key_hex:, iv_hex:, expires_at:)
+        payload = {
+          'aes_key_hex' => aes_key_hex,
+          'iv_hex' => iv_hex,
+          'expires_at' => expires_at,
+          'client_id' => client_id
+        }
+
+        payload_json = JSON.generate(payload)
+        encrypted_payload = Encryptor.rsa_private_encrypt(payload_json, private_key_pem)
+
+        license_file = {
+          'version' => 1,
+          'client_id' => client_id,
+          'public_key_pem' => public_key_pem,
+          'encrypted_payload' => Base64.strict_encode64(encrypted_payload)
+        }
+
+        license_record = {
+          'license_id' => "lic_#{SecureRandom.hex(6)}",
+          'expires_at' => expires_at,
+          'aes_key_hex' => aes_key_hex,
+          'iv_hex' => iv_hex,
+          'created_at' => Date.today.to_s
+        }
+
+        { license_file: license_file, license_record: license_record }
+      end
+    end
+  end
+end

data/lib/ree/licensing/obfuscator.rb

@@ -0,0 +1,109 @@
+# frozen_string_literal: true
+
+require 'fileutils'
+require 'json'
+require 'date'
+
+module Ree
+  module Licensing
+    class Obfuscator
+      def self.run(source_path:, target_path:, client_id:, expires_at:, clients_dir:, exclude_files: [], stdout: $stdout)
+        new(
+          source_path: source_path,
+          target_path: target_path,
+          client_id: client_id,
+          expires_at: expires_at,
+          clients_dir: clients_dir,
+          exclude_files: exclude_files,
+          stdout: stdout
+        ).run
+      end
+
+      def initialize(source_path:, target_path:, client_id:, expires_at:, clients_dir:, exclude_files: [], stdout: $stdout)
+        @source_path = File.expand_path(source_path)
+        @target_path = File.expand_path(target_path)
+        @client_id = client_id
+        @expires_at = expires_at
+        @clients_dir = clients_dir
+        @exclude_files = exclude_files
+        @stdout = stdout
+      end
+
+      def run
+        start_time = Time.now
+
+        store = ClientStore.new(@clients_dir)
+        client = store.find_client(@client_id)
+        raise Ree::Error.new("Client #{@client_id} not found in clients.json") unless client
+
+        copy_project
+        remove_spec_dirs
+
+        aes_data = Encryptor.generate_aes_key
+        aes_key = aes_data[:key]
+        iv = aes_data[:iv]
+        aes_key_hex = aes_key.unpack1('H*')
+        iv_hex = iv.unpack1('H*')
+
+        encrypted_count = encrypt_ruby_files(aes_key, iv)
+
+        result = LicenseGenerator.generate(
+          client_id: @client_id,
+          private_key_pem: client['private_key_pem'],
+          public_key_pem: client['public_key_pem'],
+          aes_key_hex: aes_key_hex,
+          iv_hex: iv_hex,
+          expires_at: @expires_at
+        )
+
+        license_path = File.join(@target_path, 'license.json')
+        File.write(license_path, JSON.pretty_generate(result[:license_file]))
+
+        store.add_license(@client_id, result[:license_record])
+
+        elapsed = (Time.now - start_time).round(2)
+        @stdout.puts "Obfuscation complete:"
+        @stdout.puts "  Files encrypted: #{encrypted_count}"
+        @stdout.puts "  License file: #{license_path}"
+        @stdout.puts "  Time: #{elapsed}s"
+
+        { encrypted_count: encrypted_count, license_path: license_path }
+      end
+
+      private
+
+      def copy_project
+        FileUtils.rm_rf(@target_path) if Dir.exist?(@target_path)
+        FileUtils.cp_r(@source_path, @target_path)
+      end
+
+      def remove_spec_dirs
+        Dir.glob(File.join(@target_path, '**/spec')).each do |spec_dir|
+          FileUtils.rm_rf(spec_dir) if File.directory?(spec_dir)
+        end
+      end
+
+      def encrypt_ruby_files(aes_key, iv)
+        count = 0
+        pattern = File.join(@target_path, '**/package/**/*.rb')
+
+        Dir.glob(pattern).each do |file_path|
+          basename = File.basename(file_path)
+          next if @exclude_files.include?(basename)
+
+          source = File.read(file_path)
+          if source.include?('require_relative')
+            raise Ree::Error.new("File contains require_relative: #{file_path}")
+          end
+
+          bytecode = BytecodeCompiler.compile_file(file_path)
+          encrypted = Encryptor.aes_encrypt(bytecode, aes_key, iv)
+          File.binwrite(file_path, encrypted)
+          count += 1
+        end
+
+        count
+      end
+    end
+  end
+end

data/lib/ree/method_added_hook.rb

@@ -8,14 +8,22 @@ module Ree::MethodAddedHook
 
     @__ree_plugin_running = true
 
-    original_alias = :"__ree_original_#{name}"
-    remove_method(original_alias) if method_defined?(original_alias)
-    alias_method(original_alias, name)
-
     begin
-      plugins.each do |plugin_class|
-        plugin_class.new(name, false, self).call
+      # Collect wrapper lambdas from plugins (some may return nil)
+      wrappers = plugins.map { |plugin_class| plugin_class.new(name, false, self).call }.compact
+
+      if wrappers.empty?
+        @__ree_plugin_running = false
+        return super
       end
+
+      # Create single alias for original implementation
+      original_alias = :"__ree_original_#{name}"
+      remove_method(original_alias) if method_defined?(original_alias)
+      alias_method(original_alias, name)
+
+      # Compose all wrappers into a single method
+      compose_method(name, original_alias, wrappers)
     ensure
       @__ree_plugin_running = false
     end
@@ -30,22 +38,106 @@ module Ree::MethodAddedHook
 
     @__ree_singleton_plugin_running = true
 
-    original_alias = :"__ree_original_#{name}"
     eigenclass = class << self; self; end
 
-    if eigenclass.method_defined?(original_alias)
-      eigenclass.remove_method(original_alias)
-    end
-    eigenclass.alias_method(original_alias, name)
-
     begin
-      plugins.each do |plugin_class|
-        plugin_class.new(name, true, self).call
+      # Collect wrapper lambdas from plugins (some may return nil)
+      wrappers = plugins.map { |plugin_class| plugin_class.new(name, true, self).call }.compact
+
+      if wrappers.empty?
+        @__ree_singleton_plugin_running = false
+        return super
       end
+
+      # Create single alias for original implementation
+      original_alias = :"__ree_original_#{name}"
+      eigenclass.remove_method(original_alias) if eigenclass.method_defined?(original_alias)
+      eigenclass.alias_method(original_alias, name)
+
+      # Compose all wrappers into a single method
+      compose_singleton_method(eigenclass, name, original_alias, wrappers)
     ensure
       @__ree_singleton_plugin_running = false
     end
 
     super
   end
+
+  private
+
+  def compose_method(method_name, original_alias, wrappers)
+    # Detect original method visibility
+    visibility = if private_method_defined?(original_alias)
+      :private
+    elsif protected_method_defined?(original_alias)
+      :protected
+    else
+      :public
+    end
+
+    # Build executor chain from inside out
+    define_method(method_name) do |*args, **kwargs, &block|
+      # Innermost layer: call the original method
+      # Note: next_layer signature is: ->(){ ... } to be called with .call(*args, **kwargs, &block)
+      executor = ->(*a, **kw, &b) { send(original_alias, *a, **kw, &b) }
+
+      # Wrap from inside out (reverse to make first plugin outermost)
+      wrappers.reverse_each do |wrapper|
+        current_executor = executor
+        # Wrapper receives: (instance, next_layer, *args, **kwargs, &block)
+        # We need to create a next_layer that calls current_executor
+        next_layer = ->(*a, **kw, &b) { current_executor.call(*a, **kw, &b) }
+        executor = ->(*a, **kw, &b) { wrapper.call(self, next_layer, *a, **kw, &b) }
+      end
+
+      # Execute the composed chain
+      executor.call(*args, **kwargs, &block)
+    end
+
+    # Restore original visibility
+    case visibility
+    when :private
+      private method_name
+    when :protected
+      protected method_name
+    end
+  end
+
+  def compose_singleton_method(eigenclass, method_name, original_alias, wrappers)
+    # Detect original method visibility
+    visibility = if eigenclass.private_method_defined?(original_alias)
+      :private
+    elsif eigenclass.protected_method_defined?(original_alias)
+      :protected
+    else
+      :public
+    end
+
+    # Build executor chain from inside out
+    eigenclass.define_method(method_name) do |*args, **kwargs, &block|
+      # Innermost layer: call the original method
+      # Note: next_layer signature is: ->(){ ... } to be called with .call(*args, **kwargs, &block)
+      executor = ->(*a, **kw, &b) { send(original_alias, *a, **kw, &b) }
+
+      # Wrap from inside out (reverse to make first plugin outermost)
+      wrappers.reverse_each do |wrapper|
+        current_executor = executor
+        # Wrapper receives: (instance, next_layer, *args, **kwargs, &block)
+        # We need to create a next_layer that calls current_executor
+        next_layer = ->(*a, **kw, &b) { current_executor.call(*a, **kw, &b) }
+        executor = ->(*a, **kw, &b) { wrapper.call(self, next_layer, *a, **kw, &b) }
+      end
+
+      # Execute the composed chain
+      executor.call(*args, **kwargs, &block)
+    end
+
+    # Restore original visibility
+    case visibility
+    when :private
+      eigenclass.send(:private, method_name)
+    when :protected
+      eigenclass.send(:protected, method_name)
+    end
+  end
 end

data/lib/ree/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Ree
-  VERSION = "1.2.4"
+  VERSION = "1.2.7"
 end

data/lib/ree.rb

@@ -53,6 +53,15 @@ module Ree
   autoload :TemplateHandler, 'ree/handlers/template_handler'
   autoload :TemplateRenderer, 'ree/templates/template_renderer'
 
+  module Licensing
+    autoload :ClientStore, 'ree/licensing/client_store'
+    autoload :Encryptor, 'ree/licensing/encryptor'
+    autoload :Decryptor, 'ree/licensing/decryptor'
+    autoload :BytecodeCompiler, 'ree/licensing/bytecode_compiler'
+    autoload :LicenseGenerator, 'ree/licensing/license_generator'
+    autoload :Obfuscator, 'ree/licensing/obfuscator'
+  end
+
   PACKAGE = 'package'
   SCHEMAS = 'schemas'
   SCHEMA = 'schema'
@@ -124,6 +133,20 @@ module Ree
       !!@benchmark_mode
     end
 
+    def obfuscated?
+      ENV.has_key?('REE_LICENSE_KEY')
+    end
+
+    def license
+      @license ||= if obfuscated?
+        Ree::Licensing::Decryptor.load_license(ENV['REE_LICENSE_KEY'])
+      end
+    end
+
+    def reset_license
+      @license = nil
+    end
+
     def method_added_plugins
       @method_added_plugins ||= []
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ree
 version: !ruby/object:Gem::Version
-  version: 1.2.4
+  version: 1.2.7
 platform: ruby
 authors:
 - Ruslan Gatiyatov
@@ -37,6 +37,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.6.5
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -86,6 +100,9 @@ files:
 - lib/ree/cli/indexing/index_package.rb
 - lib/ree/cli/indexing/index_project.rb
 - lib/ree/cli/init.rb
+- lib/ree/cli/licensing/obfuscate.rb
+- lib/ree/cli/licensing/register_client.rb
+- lib/ree/cli/licensing/renew_license.rb
 - lib/ree/cli/spec_runner.rb
 - lib/ree/container.rb
 - lib/ree/contracts.rb
@@ -166,6 +183,12 @@ files:
 - lib/ree/gen/package.rb
 - lib/ree/handlers/template_handler.rb
 - lib/ree/inspectable.rb
+- lib/ree/licensing/bytecode_compiler.rb
+- lib/ree/licensing/client_store.rb
+- lib/ree/licensing/decryptor.rb
+- lib/ree/licensing/encryptor.rb
+- lib/ree/licensing/license_generator.rb
+- lib/ree/licensing/obfuscator.rb
 - lib/ree/link_dsl.rb
 - lib/ree/method_added_hook.rb
 - lib/ree/object_compiler.rb