@pcreative/license-client 1.0.0

package/LICENSE

@@ -0,0 +1,15 @@
+MIT License
+
+Copyright (c) 2026 pcreativedev
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND.

package/README.md

@@ -0,0 +1,58 @@
+# @pcreative/license-client
+
+License verification client for **pcreative.dev** templates.
+
+- 🔐 **RS256 JWT** signatures verified locally with embedded public key
+- 🌐 **Offline-capable** — once activated, no network needed
+- 💔 **Soft-kill state machine** — active → grace (7d) → degraded (30d) → invalid
+- 🔍 **Watermark tracking** — each license has a unique ID embedded in the JWT
+- 📦 **Domain binding** — JWT is bound to a specific domain at activation time
+
+## Install
+
+```bash
+npm install @pcreative/license-client
+# or
+bun add @pcreative/license-client
+```
+
+## Usage (server-side, Next.js / Express / Node)
+
+```typescript
+import { activateLicense, getLicenseState, heartbeat } from "@pcreative/license-client";
+
+// 1. First activation (e.g., in your /setup wizard)
+const result = await activateLicense({
+  licenseKey: "AURORA-XXXX-XXXX",
+  product: "aurora",
+  domain: "yoursite.com",
+});
+
+if (result.valid) {
+  // JWT now stored in .pcreative-license.json at project root
+}
+
+// 2. On every request / startup, check state
+const state = await getLicenseState("aurora");
+switch (state.status) {
+  case "missing": /* redirect to /setup */ break;
+  case "active": /* normal */ break;
+  case "grace": /* show banner: state.daysLeft */ break;
+  case "degraded": /* random failures (soft-kill phase) */ break;
+  case "invalid": /* block */ break;
+}
+
+// 3. Daily heartbeat (cron / setInterval)
+await heartbeat();
+```
+
+## Environment variables
+
+| Variable | Default | Purpose |
+|---|---|---|
+| `PCREATIVE_LICENSE_API` | `https://api.pcreative.dev` | License API base URL |
+| `PCREATIVE_LICENSE_DOMAIN` | `request.host` | Override domain detection |
+
+## License
+
+MIT — see [LICENSE](./LICENSE)

package/dist/index.d.ts

@@ -0,0 +1,89 @@
+/**
+ * @pcreative/license-client — universal license verification helper
+ *
+ * Designed to be dropped into any template (Next.js, Express, Vite+Express).
+ * Verifies JWT licenses offline with the embedded public key, with optional
+ * heartbeat-based remote re-verification (24h cadence).
+ *
+ * Storage convention:
+ *   - `.pcreative-license.json` at the project root contains the active JWT + metadata.
+ *   - The user fills it manually OR via the Setup Wizard UI.
+ *
+ * Environment variable overrides (.env):
+ *   - PCREATIVE_LICENSE_KEY       (raw license key)
+ *   - PCREATIVE_LICENSE_DOMAIN    (force a specific domain, otherwise host header)
+ *   - PCREATIVE_LICENSE_API       (default https://api.pcreative.dev)
+ */
+export declare const LICENSE_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7OtwWHOMmhJiUERABDt\nILypQ2fTNWtyoF5TNjqq6fMbSF6r9JXxkiiWZhqew0PcHg3SvU/q9HJ0o+RCoKRu\nIRnkIRys3yghwOsDXq2IHUjnxH/XycB8w3NsevKl09rHltdSAGUL4YkA2bWdIknd\nAe2GPIt4nbewK3sO6ZnsC2jaLqUvB7I4vl4zxVVoj8yIOmy+AA15r81fERquUCTH\n-----END PUBLIC KEY-----";
+export interface LicensePayload {
+    sub: string;
+    product: string;
+    domain: string;
+    type: "regular" | "extended";
+    extended: boolean;
+    watermark: string;
+    email: string;
+    iat: number;
+    exp: number;
+    iss: string;
+    aud: string;
+    jti: string;
+}
+export interface StoredLicense {
+    jwt: string;
+    payload: LicensePayload;
+    invalid_since: string | null;
+    last_heartbeat: string | null;
+}
+export declare function loadStored(): StoredLicense | null;
+export declare function saveStored(data: StoredLicense): void;
+export declare function clearStored(): void;
+export declare function verifyJwt(jwt: string, product: string): Promise<LicensePayload | null>;
+export interface ActivateInput {
+    licenseKey: string;
+    product: string;
+    domain: string;
+}
+export interface ActivateResult {
+    valid: boolean;
+    jwt?: string;
+    error?: string;
+}
+export declare function activateLicense(input: ActivateInput): Promise<ActivateResult>;
+export declare function heartbeat(): Promise<boolean>;
+export type LicenseState = {
+    status: "missing";
+} | {
+    status: "active";
+    payload: LicensePayload;
+} | {
+    status: "grace";
+    payload: LicensePayload;
+    daysLeft: number;
+    reason: string;
+} | {
+    status: "degraded";
+    payload: LicensePayload;
+    reason: string;
+} | {
+    status: "invalid";
+    reason: string;
+};
+export declare function getLicenseState(product: string): Promise<LicenseState>;
+export declare function isLicensed(product: string): Promise<boolean>;
+export interface SoftKillEffects {
+    /** Show a small warning banner */
+    showWarning: boolean;
+    /** Inject a watermark visible to end users */
+    showWatermark: boolean;
+    /** Randomly slow down some responses (50/50) */
+    randomLatency: boolean;
+    /** Randomly fail 30% of API calls */
+    failRandomly: boolean;
+    /** Block entirely */
+    blockAll: boolean;
+}
+export declare function softKillEffects(state: LicenseState): SoftKillEffects;
+export declare function getProductFromEnv(fallback: string): string;
+export declare function getDomainFromHost(hostHeader: string | null | undefined): string;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAUH,eAAO,MAAM,kBAAkB,iUAKN,CAAC;AAU1B,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,SAAS,GAAG,UAAU,CAAC;IAC7B,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,cAAc,CAAC;IACxB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AAKD,wBAAgB,UAAU,IAAI,aAAa,GAAG,IAAI,CAMjD;AAED,wBAAgB,UAAU,CAAC,IAAI,EAAE,aAAa,GAAG,IAAI,CAEpD;AAED,wBAAgB,WAAW,IAAI,IAAI,CAElC;AAcD,wBAAsB,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAW5F;AAKD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,OAAO,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wBAAsB,eAAe,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC,CAyBnF;AAED,wBAAsB,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC,CA2BlD;AAKD,MAAM,MAAM,YAAY,GACpB;IAAE,MAAM,EAAE,SAAS,CAAA;CAAE,GACrB;IAAE,MAAM,EAAE,QAAQ,CAAC;IAAC,OAAO,EAAE,cAAc,CAAA;CAAE,GAC7C;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,cAAc,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAC9E;IAAE,MAAM,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,cAAc,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAC/D;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAK1C,wBAAsB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAsC5E;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAGlE;AAKD,MAAM,WAAW,eAAe;IAC9B,kCAAkC;IAClC,WAAW,EAAE,OAAO,CAAC;IACrB,8CAA8C;IAC9C,aAAa,EAAE,OAAO,CAAC;IACvB,gDAAgD;IAChD,aAAa,EAAE,OAAO,CAAC;IACvB,qCAAqC;IACrC,YAAY,EAAE,OAAO,CAAC;IACtB,qBAAqB;IACrB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,YAAY,GAAG,eAAe,CAcpE;AAKD,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAE1D;AAED,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,CAI/E"}

package/dist/index.js

@@ -0,0 +1,204 @@
+/**
+ * @pcreative/license-client — universal license verification helper
+ *
+ * Designed to be dropped into any template (Next.js, Express, Vite+Express).
+ * Verifies JWT licenses offline with the embedded public key, with optional
+ * heartbeat-based remote re-verification (24h cadence).
+ *
+ * Storage convention:
+ *   - `.pcreative-license.json` at the project root contains the active JWT + metadata.
+ *   - The user fills it manually OR via the Setup Wizard UI.
+ *
+ * Environment variable overrides (.env):
+ *   - PCREATIVE_LICENSE_KEY       (raw license key)
+ *   - PCREATIVE_LICENSE_DOMAIN    (force a specific domain, otherwise host header)
+ *   - PCREATIVE_LICENSE_API       (default https://api.pcreative.dev)
+ */
+import fs from "node:fs";
+import path from "node:path";
+import { jwtVerify, importSPKI } from "jose";
+// =============================================================================
+// EMBEDDED PUBLIC KEY — generated from /api/license/pubkey on 2026-05-22.
+// This is the ONLY thing the template needs to verify JWTs offline.
+// =============================================================================
+export const LICENSE_PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7OtwWHOMmhJiUERABDt
+ILypQ2fTNWtyoF5TNjqq6fMbSF6r9JXxkiiWZhqew0PcHg3SvU/q9HJ0o+RCoKRu
+IRnkIRys3yghwOsDXq2IHUjnxH/XycB8w3NsevKl09rHltdSAGUL4YkA2bWdIknd
+Ae2GPIt4nbewK3sO6ZnsC2jaLqUvB7I4vl4zxVVoj8yIOmy+AA15r81fERquUCTH
+-----END PUBLIC KEY-----`;
+// NOTE: replace this constant with the actual pubkey from your account
+// (curl https://api.pcreative.dev/api/license/pubkey). The template ships
+// with the pcreative.dev pubkey embedded so no network call is needed to verify.
+const API_BASE = process.env.PCREATIVE_LICENSE_API || "https://api.pcreative.dev";
+const STORAGE_FILE = ".pcreative-license.json";
+const STORAGE_PATH = path.resolve(process.cwd(), STORAGE_FILE);
+// =============================================================================
+// Storage
+// =============================================================================
+export function loadStored() {
+    try {
+        return JSON.parse(fs.readFileSync(STORAGE_PATH, "utf-8"));
+    }
+    catch {
+        return null;
+    }
+}
+export function saveStored(data) {
+    fs.writeFileSync(STORAGE_PATH, JSON.stringify(data, null, 2), { mode: 0o600 });
+}
+export function clearStored() {
+    try {
+        fs.unlinkSync(STORAGE_PATH);
+    }
+    catch { }
+}
+// =============================================================================
+// JWT verification (offline, with embedded public key)
+// =============================================================================
+let cachedPublicKey = null;
+async function getPublicKey() {
+    if (!cachedPublicKey) {
+        cachedPublicKey = await importSPKI(LICENSE_PUBLIC_KEY, "RS256");
+    }
+    return cachedPublicKey;
+}
+export async function verifyJwt(jwt, product) {
+    try {
+        const pubKey = await getPublicKey();
+        const { payload } = await jwtVerify(jwt, pubKey, {
+            issuer: "pcreative.dev",
+            audience: product,
+        });
+        return payload;
+    }
+    catch {
+        return null;
+    }
+}
+export async function activateLicense(input) {
+    try {
+        const res = await fetch(`${API_BASE}/api/license/activate`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+                license_key: input.licenseKey,
+                product: input.product,
+                domain: input.domain,
+            }),
+        });
+        const data = await res.json().catch(() => ({}));
+        if (data?.valid && data?.jwt) {
+            const payload = await verifyJwt(data.jwt, input.product);
+            if (!payload) {
+                return { valid: false, error: "Received JWT failed signature verification" };
+            }
+            saveStored({ jwt: data.jwt, payload, invalid_since: null, last_heartbeat: new Date().toISOString() });
+            return { valid: true, jwt: data.jwt };
+        }
+        return { valid: false, error: data?.error || "Activation failed" };
+    }
+    catch (err) {
+        return { valid: false, error: err instanceof Error ? err.message : "Network error" };
+    }
+}
+export async function heartbeat() {
+    const stored = loadStored();
+    if (!stored)
+        return false;
+    try {
+        const res = await fetch(`${API_BASE}/api/license/heartbeat`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ jwt: stored.jwt }),
+        });
+        const data = await res.json().catch(() => ({}));
+        if (data?.valid && data?.jwt) {
+            const payload = await verifyJwt(data.jwt, stored.payload.product);
+            if (payload) {
+                saveStored({ jwt: data.jwt, payload, invalid_since: null, last_heartbeat: new Date().toISOString() });
+                return true;
+            }
+        }
+        // Invalid response — mark as failing
+        if (!stored.invalid_since) {
+            saveStored({ ...stored, invalid_since: new Date().toISOString() });
+        }
+        return false;
+    }
+    catch {
+        // Network error — don't penalize immediately, just update heartbeat
+        return false;
+    }
+}
+const GRACE_PERIOD_DAYS = 7; // After invalid_since, this many days of full features
+const SOFT_KILL_DAYS = 30; // After this many days from invalid_since → fully blocked
+export async function getLicenseState(product) {
+    const stored = loadStored();
+    if (!stored)
+        return { status: "missing" };
+    // Verify JWT signature
+    const payload = await verifyJwt(stored.jwt, product);
+    if (!payload) {
+        return { status: "invalid", reason: "JWT signature invalid or expired" };
+    }
+    // Check exp
+    if (payload.exp * 1000 < Date.now()) {
+        return { status: "invalid", reason: "JWT expired" };
+    }
+    // Check if marked as failing on previous heartbeats
+    if (stored.invalid_since) {
+        const since = new Date(stored.invalid_since).getTime();
+        const elapsed = (Date.now() - since) / (1000 * 60 * 60 * 24);
+        if (elapsed < GRACE_PERIOD_DAYS) {
+            return {
+                status: "grace",
+                payload,
+                daysLeft: Math.ceil(GRACE_PERIOD_DAYS - elapsed),
+                reason: "License verification has been failing — re-check your subscription"
+            };
+        }
+        if (elapsed < SOFT_KILL_DAYS) {
+            return {
+                status: "degraded",
+                payload,
+                reason: `License has been invalid for ${Math.ceil(elapsed)} days — features will progressively degrade`
+            };
+        }
+        return { status: "invalid", reason: "Soft-kill period exhausted" };
+    }
+    return { status: "active", payload };
+}
+export async function isLicensed(product) {
+    const state = await getLicenseState(product);
+    return state.status === "active" || state.status === "grace";
+}
+export function softKillEffects(state) {
+    switch (state.status) {
+        case "missing":
+            return { showWarning: false, showWatermark: false, randomLatency: false, failRandomly: false, blockAll: true };
+        case "active":
+            return { showWarning: false, showWatermark: false, randomLatency: false, failRandomly: false, blockAll: false };
+        case "grace":
+            return { showWarning: true, showWatermark: false, randomLatency: false, failRandomly: false, blockAll: false };
+        case "degraded":
+            // Effects scale with elapsed time — caller can be smarter
+            return { showWarning: true, showWatermark: true, randomLatency: true, failRandomly: true, blockAll: false };
+        case "invalid":
+            return { showWarning: true, showWatermark: true, randomLatency: false, failRandomly: false, blockAll: true };
+    }
+}
+// =============================================================================
+// Convenience wrappers
+// =============================================================================
+export function getProductFromEnv(fallback) {
+    return process.env.PCREATIVE_LICENSE_PRODUCT || fallback;
+}
+export function getDomainFromHost(hostHeader) {
+    if (process.env.PCREATIVE_LICENSE_DOMAIN)
+        return process.env.PCREATIVE_LICENSE_DOMAIN;
+    if (!hostHeader)
+        return "localhost";
+    return String(hostHeader).toLowerCase().replace(/^https?:\/\//, "").replace(/\/.*$/, "").split(":")[0];
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAE7C,gFAAgF;AAChF,0EAA0E;AAC1E,oEAAoE;AACpE,gFAAgF;AAChF,MAAM,CAAC,MAAM,kBAAkB,GAAG;;;;;yBAKT,CAAC;AAE1B,uEAAuE;AACvE,0EAA0E;AAC1E,iFAAiF;AAEjF,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,2BAA2B,CAAC;AAClF,MAAM,YAAY,GAAG,yBAAyB,CAAC;AAC/C,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC,CAAC;AAwB/D,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAChF,MAAM,UAAU,UAAU;IACxB,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;IAC5D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAmB;IAC5C,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACjF,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,IAAI,CAAC;QAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;AAC/C,CAAC;AAED,gFAAgF;AAChF,uDAAuD;AACvD,gFAAgF;AAChF,IAAI,eAAe,GAAkD,IAAI,CAAC;AAE1E,KAAK,UAAU,YAAY;IACzB,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,eAAe,GAAG,MAAM,UAAU,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC;IAClE,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,GAAW,EAAE,OAAe;IAC1D,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,YAAY,EAAE,CAAC;QACpC,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE;YAC/C,MAAM,EAAE,eAAe;YACvB,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;QACH,OAAO,OAAoC,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAiBD,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,KAAoB;IACxD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,QAAQ,uBAAuB,EAAE;YAC1D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,WAAW,EAAE,KAAK,CAAC,UAAU;gBAC7B,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,MAAM,EAAE,KAAK,CAAC,MAAM;aACrB,CAAC;SACH,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAsD,CAAC;QACrG,IAAI,IAAI,EAAE,KAAK,IAAI,IAAI,EAAE,GAAG,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YACzD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC;YAC/E,CAAC;YACD,UAAU,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YACtG,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;QACxC,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,IAAI,mBAAmB,EAAE,CAAC;IACrE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC;IACvF,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAE1B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,QAAQ,wBAAwB,EAAE;YAC3D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC;SAC1C,CAAC,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAsD,CAAC;QACrG,IAAI,IAAI,EAAE,KAAK,IAAI,IAAI,EAAE,GAAG,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAClE,IAAI,OAAO,EAAE,CAAC;gBACZ,UAAU,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;gBACtG,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,qCAAqC;QACrC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAC1B,UAAU,CAAC,EAAE,GAAG,MAAM,EAAE,aAAa,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACrE,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,oEAAoE;QACpE,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAYD,MAAM,iBAAiB,GAAG,CAAC,CAAC,CAAG,uDAAuD;AACtF,MAAM,cAAc,GAAG,EAAE,CAAC,CAAK,0DAA0D;AAEzF,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAAe;IACnD,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAE1C,uBAAuB;IACvB,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACrD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,kCAAkC,EAAE,CAAC;IAC3E,CAAC;IAED,YAAY;IACZ,IAAI,OAAO,CAAC,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QACpC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;IACtD,CAAC;IAED,oDAAoD;IACpD,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE,CAAC;QACvD,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;QAC7D,IAAI,OAAO,GAAG,iBAAiB,EAAE,CAAC;YAChC,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,OAAO;gBACP,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC;gBAChD,MAAM,EAAE,oEAAoE;aAC7E,CAAC;QACJ,CAAC;QACD,IAAI,OAAO,GAAG,cAAc,EAAE,CAAC;YAC7B,OAAO;gBACL,MAAM,EAAE,UAAU;gBAClB,OAAO;gBACP,MAAM,EAAE,gCAAgC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,6CAA6C;aACxG,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,4BAA4B,EAAE,CAAC;IACrE,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;AACvC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,OAAe;IAC9C,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC;IAC7C,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,OAAO,CAAC;AAC/D,CAAC;AAkBD,MAAM,UAAU,eAAe,CAAC,KAAmB;IACjD,QAAQ,KAAK,CAAC,MAAM,EAAE,CAAC;QACrB,KAAK,SAAS;YACZ,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QACjH,KAAK,QAAQ;YACX,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAClH,KAAK,OAAO;YACV,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QACjH,KAAK,UAAU;YACb,0DAA0D;YAC1D,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC9G,KAAK,SAAS;YACZ,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IACjH,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,uBAAuB;AACvB,gFAAgF;AAChF,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAChD,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,IAAI,QAAQ,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,UAAqC;IACrE,IAAI,OAAO,CAAC,GAAG,CAAC,wBAAwB;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;IACtF,IAAI,CAAC,UAAU;QAAE,OAAO,WAAW,CAAC;IACpC,OAAO,MAAM,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AACzG,CAAC"}

package/package.json

@@ -0,0 +1,52 @@
+{
+  "name": "@pcreative/license-client",
+  "version": "1.0.0",
+  "description": "License verification client for pcreative.dev templates \u2014 RS256 JWT, offline verification, soft-kill state machine",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist",
+    "src",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc"
+  },
+  "keywords": [
+    "license",
+    "drm",
+    "jwt",
+    "rs256",
+    "pcreative",
+    "template",
+    "anti-piracy"
+  ],
+  "author": "pcreativedev <contact@differentxperience.com>",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/pcreativedev/license-client.git"
+  },
+  "homepage": "https://github.com/pcreativedev/license-client",
+  "bugs": {
+    "url": "https://github.com/pcreativedev/license-client/issues"
+  },
+  "dependencies": {
+    "jose": "^6.2.3"
+  },
+  "devDependencies": {
+    "typescript": "^5.0.0",
+    "@types/node": "^20.0.0"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}

package/src/index.ts

@@ -0,0 +1,279 @@
+/**
+ * @pcreative/license-client — universal license verification helper
+ *
+ * Designed to be dropped into any template (Next.js, Express, Vite+Express).
+ * Verifies JWT licenses offline with the embedded public key, with optional
+ * heartbeat-based remote re-verification (24h cadence).
+ *
+ * Storage convention:
+ *   - `.pcreative-license.json` at the project root contains the active JWT + metadata.
+ *   - The user fills it manually OR via the Setup Wizard UI.
+ *
+ * Environment variable overrides (.env):
+ *   - PCREATIVE_LICENSE_KEY       (raw license key)
+ *   - PCREATIVE_LICENSE_DOMAIN    (force a specific domain, otherwise host header)
+ *   - PCREATIVE_LICENSE_API       (default https://api.pcreative.dev)
+ */
+
+import fs from "node:fs";
+import path from "node:path";
+import { jwtVerify, importSPKI } from "jose";
+
+// =============================================================================
+// EMBEDDED PUBLIC KEY — generated from /api/license/pubkey on 2026-05-22.
+// This is the ONLY thing the template needs to verify JWTs offline.
+// =============================================================================
+export const LICENSE_PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7OtwWHOMmhJiUERABDt
+ILypQ2fTNWtyoF5TNjqq6fMbSF6r9JXxkiiWZhqew0PcHg3SvU/q9HJ0o+RCoKRu
+IRnkIRys3yghwOsDXq2IHUjnxH/XycB8w3NsevKl09rHltdSAGUL4YkA2bWdIknd
+Ae2GPIt4nbewK3sO6ZnsC2jaLqUvB7I4vl4zxVVoj8yIOmy+AA15r81fERquUCTH
+-----END PUBLIC KEY-----`;
+
+// NOTE: replace this constant with the actual pubkey from your account
+// (curl https://api.pcreative.dev/api/license/pubkey). The template ships
+// with the pcreative.dev pubkey embedded so no network call is needed to verify.
+
+const API_BASE = process.env.PCREATIVE_LICENSE_API || "https://api.pcreative.dev";
+const STORAGE_FILE = ".pcreative-license.json";
+const STORAGE_PATH = path.resolve(process.cwd(), STORAGE_FILE);
+
+export interface LicensePayload {
+  sub: string;          // license key
+  product: string;      // product slug (e.g., "aurora")
+  domain: string;       // bound domain
+  type: "regular" | "extended";
+  extended: boolean;
+  watermark: string;    // unique tracking id
+  email: string;
+  iat: number;
+  exp: number;
+  iss: string;          // "pcreative.dev"
+  aud: string;
+  jti: string;
+}
+
+export interface StoredLicense {
+  jwt: string;
+  payload: LicensePayload;
+  invalid_since: string | null; // ISO timestamp set when verification starts failing
+  last_heartbeat: string | null;
+}
+
+// =============================================================================
+// Storage
+// =============================================================================
+export function loadStored(): StoredLicense | null {
+  try {
+    return JSON.parse(fs.readFileSync(STORAGE_PATH, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+
+export function saveStored(data: StoredLicense): void {
+  fs.writeFileSync(STORAGE_PATH, JSON.stringify(data, null, 2), { mode: 0o600 });
+}
+
+export function clearStored(): void {
+  try { fs.unlinkSync(STORAGE_PATH); } catch {}
+}
+
+// =============================================================================
+// JWT verification (offline, with embedded public key)
+// =============================================================================
+let cachedPublicKey: Awaited<ReturnType<typeof importSPKI>> | null = null;
+
+async function getPublicKey() {
+  if (!cachedPublicKey) {
+    cachedPublicKey = await importSPKI(LICENSE_PUBLIC_KEY, "RS256");
+  }
+  return cachedPublicKey;
+}
+
+export async function verifyJwt(jwt: string, product: string): Promise<LicensePayload | null> {
+  try {
+    const pubKey = await getPublicKey();
+    const { payload } = await jwtVerify(jwt, pubKey, {
+      issuer: "pcreative.dev",
+      audience: product,
+    });
+    return payload as unknown as LicensePayload;
+  } catch {
+    return null;
+  }
+}
+
+// =============================================================================
+// Remote activation + heartbeat
+// =============================================================================
+export interface ActivateInput {
+  licenseKey: string;
+  product: string;
+  domain: string;
+}
+
+export interface ActivateResult {
+  valid: boolean;
+  jwt?: string;
+  error?: string;
+}
+
+export async function activateLicense(input: ActivateInput): Promise<ActivateResult> {
+  try {
+    const res = await fetch(`${API_BASE}/api/license/activate`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        license_key: input.licenseKey,
+        product: input.product,
+        domain: input.domain,
+      }),
+    });
+
+    const data = await res.json().catch(() => ({})) as { valid?: boolean; jwt?: string; error?: string };
+    if (data?.valid && data?.jwt) {
+      const payload = await verifyJwt(data.jwt, input.product);
+      if (!payload) {
+        return { valid: false, error: "Received JWT failed signature verification" };
+      }
+      saveStored({ jwt: data.jwt, payload, invalid_since: null, last_heartbeat: new Date().toISOString() });
+      return { valid: true, jwt: data.jwt };
+    }
+    return { valid: false, error: data?.error || "Activation failed" };
+  } catch (err) {
+    return { valid: false, error: err instanceof Error ? err.message : "Network error" };
+  }
+}
+
+export async function heartbeat(): Promise<boolean> {
+  const stored = loadStored();
+  if (!stored) return false;
+
+  try {
+    const res = await fetch(`${API_BASE}/api/license/heartbeat`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ jwt: stored.jwt }),
+    });
+    const data = await res.json().catch(() => ({})) as { valid?: boolean; jwt?: string; error?: string };
+    if (data?.valid && data?.jwt) {
+      const payload = await verifyJwt(data.jwt, stored.payload.product);
+      if (payload) {
+        saveStored({ jwt: data.jwt, payload, invalid_since: null, last_heartbeat: new Date().toISOString() });
+        return true;
+      }
+    }
+    // Invalid response — mark as failing
+    if (!stored.invalid_since) {
+      saveStored({ ...stored, invalid_since: new Date().toISOString() });
+    }
+    return false;
+  } catch {
+    // Network error — don't penalize immediately, just update heartbeat
+    return false;
+  }
+}
+
+// =============================================================================
+// High-level state machine
+// =============================================================================
+export type LicenseState =
+  | { status: "missing" }                              // no license yet — show setup wizard
+  | { status: "active"; payload: LicensePayload }       // all good
+  | { status: "grace"; payload: LicensePayload; daysLeft: number; reason: string }  // failing but in grace period
+  | { status: "degraded"; payload: LicensePayload; reason: string }  // grace expired, soft-kill in progress
+  | { status: "invalid"; reason: string };              // fully invalid, hard kill
+
+const GRACE_PERIOD_DAYS = 7;   // After invalid_since, this many days of full features
+const SOFT_KILL_DAYS = 30;     // After this many days from invalid_since → fully blocked
+
+export async function getLicenseState(product: string): Promise<LicenseState> {
+  const stored = loadStored();
+  if (!stored) return { status: "missing" };
+
+  // Verify JWT signature
+  const payload = await verifyJwt(stored.jwt, product);
+  if (!payload) {
+    return { status: "invalid", reason: "JWT signature invalid or expired" };
+  }
+
+  // Check exp
+  if (payload.exp * 1000 < Date.now()) {
+    return { status: "invalid", reason: "JWT expired" };
+  }
+
+  // Check if marked as failing on previous heartbeats
+  if (stored.invalid_since) {
+    const since = new Date(stored.invalid_since).getTime();
+    const elapsed = (Date.now() - since) / (1000 * 60 * 60 * 24);
+    if (elapsed < GRACE_PERIOD_DAYS) {
+      return {
+        status: "grace",
+        payload,
+        daysLeft: Math.ceil(GRACE_PERIOD_DAYS - elapsed),
+        reason: "License verification has been failing — re-check your subscription"
+      };
+    }
+    if (elapsed < SOFT_KILL_DAYS) {
+      return {
+        status: "degraded",
+        payload,
+        reason: `License has been invalid for ${Math.ceil(elapsed)} days — features will progressively degrade`
+      };
+    }
+    return { status: "invalid", reason: "Soft-kill period exhausted" };
+  }
+
+  return { status: "active", payload };
+}
+
+export async function isLicensed(product: string): Promise<boolean> {
+  const state = await getLicenseState(product);
+  return state.status === "active" || state.status === "grace";
+}
+
+// =============================================================================
+// Soft-kill effects (templates can wire these into UI as desired)
+// =============================================================================
+export interface SoftKillEffects {
+  /** Show a small warning banner */
+  showWarning: boolean;
+  /** Inject a watermark visible to end users */
+  showWatermark: boolean;
+  /** Randomly slow down some responses (50/50) */
+  randomLatency: boolean;
+  /** Randomly fail 30% of API calls */
+  failRandomly: boolean;
+  /** Block entirely */
+  blockAll: boolean;
+}
+
+export function softKillEffects(state: LicenseState): SoftKillEffects {
+  switch (state.status) {
+    case "missing":
+      return { showWarning: false, showWatermark: false, randomLatency: false, failRandomly: false, blockAll: true };
+    case "active":
+      return { showWarning: false, showWatermark: false, randomLatency: false, failRandomly: false, blockAll: false };
+    case "grace":
+      return { showWarning: true, showWatermark: false, randomLatency: false, failRandomly: false, blockAll: false };
+    case "degraded":
+      // Effects scale with elapsed time — caller can be smarter
+      return { showWarning: true, showWatermark: true, randomLatency: true, failRandomly: true, blockAll: false };
+    case "invalid":
+      return { showWarning: true, showWatermark: true, randomLatency: false, failRandomly: false, blockAll: true };
+  }
+}
+
+// =============================================================================
+// Convenience wrappers
+// =============================================================================
+export function getProductFromEnv(fallback: string): string {
+  return process.env.PCREATIVE_LICENSE_PRODUCT || fallback;
+}
+
+export function getDomainFromHost(hostHeader: string | null | undefined): string {
+  if (process.env.PCREATIVE_LICENSE_DOMAIN) return process.env.PCREATIVE_LICENSE_DOMAIN;
+  if (!hostHeader) return "localhost";
+  return String(hostHeader).toLowerCase().replace(/^https?:\/\//, "").replace(/\/.*$/, "").split(":")[0];
+}