npm - shieldcortex - Versions diffs - 2.17.1 → 2.19.0 - Mend

shieldcortex 2.17.1 → 2.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (165) hide show

package/dist/license/store.d.ts ADDED Viewed

@@ -0,0 +1,45 @@
+/**
+ * License file I/O — reads/writes ~/.shieldcortex/license.json
+ *
+ * The Ed25519 signature on the key itself provides integrity for the tier
+ * and expiry. The validationStatus field is advisory — a tampered value
+ * only persists until the next online validation (≤24h). HMAC is not
+ * needed here because the hard security boundary is the signed key, not
+ * the JSON file.
+ *
+ * License is cached in memory after first read.
+ */
+import type { LicenseTier, LicenseInfo, LicenseFile } from './keys.js';
+/** Clear the in-memory cache (useful for testing or after activation). */
+export declare function clearLicenseCache(): void;
+/**
+ * Read and verify the stored license.
+ * Returns a LicenseInfo with tier='free' if no license exists or verification fails.
+ */
+export declare function getLicense(): LicenseInfo;
+/**
+ * Quick accessor for the current licence tier.
+ * Returns 'free' if no valid licence exists.
+ */
+export declare function getLicenseTier(): LicenseTier;
+/**
+ * Read the raw license file data (for status display).
+ * Returns null if no license file exists.
+ */
+export declare function getLicenseFile(): LicenseFile | null;
+/**
+ * Activate a license key — verify it, then store in license.json.
+ * Returns the verified LicenseInfo.
+ * Throws if the key is invalid.
+ */
+export declare function activateLicense(key: string): LicenseInfo;
+/**
+ * Remove the license file (deactivate).
+ */
+export declare function deactivateLicense(): void;
+/**
+ * Update the validation status and timestamp in the license file.
+ * Called by the online validation module.
+ */
+export declare function updateValidationStatus(status: LicenseFile['validationStatus']): void;
+//# sourceMappingURL=store.d.ts.map

package/dist/license/store.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../src/license/store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AASvE,0EAA0E;AAC1E,wBAAgB,iBAAiB,IAAI,IAAI,CAExC;AAID;;;GAGG;AACH,wBAAgB,UAAU,IAAI,WAAW,CA0CxC;AAED;;;GAGG;AACH,wBAAgB,cAAc,IAAI,WAAW,CAE5C;AAED;;;GAGG;AACH,wBAAgB,cAAc,IAAI,WAAW,GAAG,IAAI,CAOnD;AAID;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,CAmBxD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,IAAI,CASxC;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,WAAW,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAepF"}

package/dist/license/store.js ADDED Viewed

@@ -0,0 +1,148 @@
+/**
+ * License file I/O — reads/writes ~/.shieldcortex/license.json
+ *
+ * The Ed25519 signature on the key itself provides integrity for the tier
+ * and expiry. The validationStatus field is advisory — a tampered value
+ * only persists until the next online validation (≤24h). HMAC is not
+ * needed here because the hard security boundary is the signed key, not
+ * the JSON file.
+ *
+ * License is cached in memory after first read.
+ */
+import { readFileSync, writeFileSync, existsSync, unlinkSync, mkdirSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+import { verifyLicenseKey } from './verify.js';
+const CONFIG_DIR = join(homedir(), '.shieldcortex');
+const LICENSE_FILE = join(CONFIG_DIR, 'license.json');
+// ── Cache ────────────────────────────────────────────────
+let cachedLicense = null;
+/** Clear the in-memory cache (useful for testing or after activation). */
+export function clearLicenseCache() {
+    cachedLicense = null;
+}
+// ── Read ─────────────────────────────────────────────────
+/**
+ * Read and verify the stored license.
+ * Returns a LicenseInfo with tier='free' if no license exists or verification fails.
+ */
+export function getLicense() {
+    if (cachedLicense)
+        return cachedLicense;
+    const FREE = {
+        valid: false,
+        tier: 'free',
+        email: null,
+        expiresAt: null,
+        daysUntilExpiry: null,
+        teamId: null,
+        subscriptionId: null,
+    };
+    try {
+        if (!existsSync(LICENSE_FILE)) {
+            cachedLicense = FREE;
+            return FREE;
+        }
+        const raw = JSON.parse(readFileSync(LICENSE_FILE, 'utf-8'));
+        if (!raw.key) {
+            cachedLicense = FREE;
+            return FREE;
+        }
+        // Check if previously marked as revoked or expired by online validation.
+        // Revoked = subscription cancelled (hard block).
+        // Expired = advisory; verifyLicenseKey() applies the 7-day grace period
+        // so we only hard-block on revoked here.
+        if (raw.validationStatus === 'revoked') {
+            cachedLicense = FREE;
+            return FREE;
+        }
+        // Verify the key cryptographically (checks exp + grace period)
+        const info = verifyLicenseKey(raw.key);
+        cachedLicense = info;
+        return info;
+    }
+    catch {
+        cachedLicense = FREE;
+        return FREE;
+    }
+}
+/**
+ * Quick accessor for the current licence tier.
+ * Returns 'free' if no valid licence exists.
+ */
+export function getLicenseTier() {
+    return getLicense().tier;
+}
+/**
+ * Read the raw license file data (for status display).
+ * Returns null if no license file exists.
+ */
+export function getLicenseFile() {
+    try {
+        if (!existsSync(LICENSE_FILE))
+            return null;
+        return JSON.parse(readFileSync(LICENSE_FILE, 'utf-8'));
+    }
+    catch {
+        return null;
+    }
+}
+// ── Write ────────────────────────────────────────────────
+/**
+ * Activate a license key — verify it, then store in license.json.
+ * Returns the verified LicenseInfo.
+ * Throws if the key is invalid.
+ */
+export function activateLicense(key) {
+    const info = verifyLicenseKey(key);
+    if (!info.valid) {
+        throw new Error('Invalid or expired licence key. Check the key and try again.');
+    }
+    const file = {
+        key,
+        activatedAt: new Date().toISOString(),
+        lastValidatedAt: null,
+        validationStatus: 'unvalidated',
+    };
+    mkdirSync(CONFIG_DIR, { recursive: true });
+    writeFileSync(LICENSE_FILE, JSON.stringify(file, null, 2) + '\n', { mode: 0o600 });
+    // Invalidate cache
+    cachedLicense = info;
+    return info;
+}
+/**
+ * Remove the license file (deactivate).
+ */
+export function deactivateLicense() {
+    try {
+        if (existsSync(LICENSE_FILE)) {
+            unlinkSync(LICENSE_FILE);
+        }
+    }
+    catch {
+        // Best effort
+    }
+    cachedLicense = null;
+}
+/**
+ * Update the validation status and timestamp in the license file.
+ * Called by the online validation module.
+ */
+export function updateValidationStatus(status) {
+    try {
+        if (!existsSync(LICENSE_FILE))
+            return;
+        const raw = JSON.parse(readFileSync(LICENSE_FILE, 'utf-8'));
+        raw.validationStatus = status;
+        raw.lastValidatedAt = new Date().toISOString();
+        writeFileSync(LICENSE_FILE, JSON.stringify(raw, null, 2) + '\n', { mode: 0o600 });
+        // If revoked or expired, invalidate cache so next getLicense() re-verifies
+        if (status === 'revoked' || status === 'expired') {
+            cachedLicense = null;
+        }
+    }
+    catch {
+        // Best effort
+    }
+}
+//# sourceMappingURL=store.js.map

package/dist/license/store.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/license/store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACpF,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAG/C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,eAAe,CAAC,CAAC;AACpD,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;AAEtD,4DAA4D;AAE5D,IAAI,aAAa,GAAuB,IAAI,CAAC;AAE7C,0EAA0E;AAC1E,MAAM,UAAU,iBAAiB;IAC/B,aAAa,GAAG,IAAI,CAAC;AACvB,CAAC;AAED,4DAA4D;AAE5D;;;GAGG;AACH,MAAM,UAAU,UAAU;IACxB,IAAI,aAAa;QAAE,OAAO,aAAa,CAAC;IAExC,MAAM,IAAI,GAAgB;QACxB,KAAK,EAAE,KAAK;QACZ,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,IAAI;QACX,SAAS,EAAE,IAAI;QACf,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE,IAAI;QACZ,cAAc,EAAE,IAAI;KACrB,CAAC;IAEF,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC9B,aAAa,GAAG,IAAI,CAAC;YACrB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,GAAG,GAAgB,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;QACzE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YACb,aAAa,GAAG,IAAI,CAAC;YACrB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,yEAAyE;QACzE,iDAAiD;QACjD,wEAAwE;QACxE,yCAAyC;QACzC,IAAI,GAAG,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACvC,aAAa,GAAG,IAAI,CAAC;YACrB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,+DAA+D;QAC/D,MAAM,IAAI,GAAG,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACvC,aAAa,GAAG,IAAI,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,aAAa,GAAG,IAAI,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc;IAC5B,OAAO,UAAU,EAAE,CAAC,IAAI,CAAC;AAC3B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc;IAC5B,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;YAAE,OAAO,IAAI,CAAC;QAC3C,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,4DAA4D;AAE5D;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,MAAM,IAAI,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACnC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,IAAI,GAAgB;QACxB,GAAG;QACH,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,eAAe,EAAE,IAAI;QACrB,gBAAgB,EAAE,aAAa;KAChC,CAAC;IAEF,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3C,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAEnF,mBAAmB;IACnB,aAAa,GAAG,IAAI,CAAC;IACrB,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7B,UAAU,CAAC,YAAY,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,cAAc;IAChB,CAAC;IACD,aAAa,GAAG,IAAI,CAAC;AACvB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAuC;IAC5E,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;YAAE,OAAO;QACtC,MAAM,GAAG,GAAgB,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;QACzE,GAAG,CAAC,gBAAgB,GAAG,MAAM,CAAC;QAC9B,GAAG,CAAC,eAAe,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC/C,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAElF,2EAA2E;QAC3E,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACjD,aAAa,GAAG,IAAI,CAAC;QACvB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,cAAc;IAChB,CAAC;AACH,CAAC"}

package/dist/license/types.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/**
+ * Shared types for the license feature gating system.
+ * Used by both the backend (visualization-server) and frontend (dashboard).
+ */
+/**
+ * Structured 403 response returned when a gated feature is accessed
+ * without the required licence tier.
+ */
+export interface FeatureGatedResponse {
+    error: string;
+    code: 'FEATURE_GATED';
+    feature: string;
+    requiredTier: string;
+    upgradeUrl: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/license/types.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/license/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,eAAe,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;CACpB"}

package/dist/license/types.js ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Shared types for the license feature gating system.
+ * Used by both the backend (visualization-server) and frontend (dashboard).
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/license/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/license/types.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/dist/license/validate.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * Periodic online licence validation — catches revocations.
+ *
+ * Fire-and-forget, never blocks. Same pattern as syncToCloud() in cloud/sync.ts.
+ * If offline, the licence stays valid until its exp date.
+ */
+type ValidationStatus = 'valid' | 'revoked' | 'expired';
+/**
+ * Run online validation if enough time has passed since the last check.
+ * Non-blocking — errors are silently ignored.
+ */
+export declare function scheduleOnlineValidation(): void;
+/**
+ * Validate the stored licence key against the SaaS API.
+ * Called periodically (every 24h) and once on activation.
+ */
+export declare function validateOnline(): Promise<void>;
+/**
+ * Run a one-time validation immediately (used during activation).
+ * Returns the validation status, or 'unvalidated' if the check fails.
+ */
+export declare function validateOnceNow(): Promise<ValidationStatus | 'unvalidated'>;
+export {};
+//# sourceMappingURL=validate.d.ts.map

package/dist/license/validate.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../src/license/validate.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,KAAK,gBAAgB,GAAG,OAAO,GAAG,SAAS,GAAG,SAAS,CAAC;AAIxD;;;GAGG;AACH,wBAAgB,wBAAwB,IAAI,IAAI,CAO/C;AAmCD;;;GAGG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CAYpD;AAED;;;GAGG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,gBAAgB,GAAG,aAAa,CAAC,CAajF"}

package/dist/license/validate.js ADDED Viewed

@@ -0,0 +1,86 @@
+/**
+ * Periodic online licence validation — catches revocations.
+ *
+ * Fire-and-forget, never blocks. Same pattern as syncToCloud() in cloud/sync.ts.
+ * If offline, the licence stays valid until its exp date.
+ */
+import { getLicenseFile, updateValidationStatus } from './store.js';
+import { parseLicensePayload } from './verify.js';
+import { ONLINE_VALIDATION_INTERVAL_MS } from './keys.js';
+import { getCloudConfig } from '../cloud/config.js';
+let lastValidationAttempt = 0;
+/**
+ * Run online validation if enough time has passed since the last check.
+ * Non-blocking — errors are silently ignored.
+ */
+export function scheduleOnlineValidation() {
+    const now = Date.now();
+    if (now - lastValidationAttempt < ONLINE_VALIDATION_INTERVAL_MS)
+        return;
+    lastValidationAttempt = now;
+    // Fire-and-forget
+    validateOnline().catch(() => { });
+}
+// ── Shared HTTP helper ──────────────────────────────────
+/**
+ * Fetch the validation status from the SaaS API.
+ * Returns null on network error, timeout, or server error.
+ */
+async function fetchValidationStatus(sid) {
+    const config = getCloudConfig();
+    const baseUrl = config.cloudBaseUrl || 'https://api.shieldcortex.ai';
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 10_000);
+    try {
+        const res = await fetch(`${baseUrl}/v1/license/validate?sid=${encodeURIComponent(sid)}`, { signal: controller.signal });
+        if (!res.ok)
+            return null;
+        const data = await res.json();
+        if (data.status === 'unknown')
+            return null; // Subscription not found — treat as network error
+        return data.status === 'active' ? 'valid' : data.status;
+    }
+    catch {
+        return null;
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+// ── Public API ──────────────────────────────────────────
+/**
+ * Validate the stored licence key against the SaaS API.
+ * Called periodically (every 24h) and once on activation.
+ */
+export async function validateOnline() {
+    const file = getLicenseFile();
+    if (!file?.key)
+        return;
+    const payload = parseLicensePayload(file.key);
+    if (!payload?.sid)
+        return;
+    const status = await fetchValidationStatus(payload.sid);
+    if (status) {
+        updateValidationStatus(status);
+    }
+    // If null (network error), leave status unchanged — licence stays valid
+}
+/**
+ * Run a one-time validation immediately (used during activation).
+ * Returns the validation status, or 'unvalidated' if the check fails.
+ */
+export async function validateOnceNow() {
+    const file = getLicenseFile();
+    if (!file?.key)
+        return 'unvalidated';
+    const payload = parseLicensePayload(file.key);
+    if (!payload?.sid)
+        return 'unvalidated';
+    const status = await fetchValidationStatus(payload.sid);
+    if (status) {
+        updateValidationStatus(status);
+        return status;
+    }
+    return 'unvalidated';
+}
+//# sourceMappingURL=validate.js.map

package/dist/license/validate.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"validate.js","sourceRoot":"","sources":["../../src/license/validate.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,6BAA6B,EAAE,MAAM,WAAW,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAIpD,IAAI,qBAAqB,GAAG,CAAC,CAAC;AAE9B;;;GAGG;AACH,MAAM,UAAU,wBAAwB;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,GAAG,GAAG,qBAAqB,GAAG,6BAA6B;QAAE,OAAO;IACxE,qBAAqB,GAAG,GAAG,CAAC;IAE5B,kBAAkB;IAClB,cAAc,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,2DAA2D;AAE3D;;;GAGG;AACH,KAAK,UAAU,qBAAqB,CAAC,GAAW;IAC9C,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAChC,MAAM,OAAO,GAAG,MAAM,CAAC,YAAY,IAAI,6BAA6B,CAAC;IAErE,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,MAAM,CAAC,CAAC;IAE7D,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CACrB,GAAG,OAAO,4BAA4B,kBAAkB,CAAC,GAAG,CAAC,EAAE,EAC/D,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAC9B,CAAC;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAEzB,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAA8D,CAAC;QAC1F,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC,CAAC,kDAAkD;QAC9F,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;AACH,CAAC;AAED,2DAA2D;AAE3D;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,IAAI,GAAG,cAAc,EAAE,CAAC;IAC9B,IAAI,CAAC,IAAI,EAAE,GAAG;QAAE,OAAO;IAEvB,MAAM,OAAO,GAAG,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC9C,IAAI,CAAC,OAAO,EAAE,GAAG;QAAE,OAAO;IAE1B,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACxD,IAAI,MAAM,EAAE,CAAC;QACX,sBAAsB,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IACD,wEAAwE;AAC1E,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,IAAI,GAAG,cAAc,EAAE,CAAC;IAC9B,IAAI,CAAC,IAAI,EAAE,GAAG;QAAE,OAAO,aAAa,CAAC;IAErC,MAAM,OAAO,GAAG,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC9C,IAAI,CAAC,OAAO,EAAE,GAAG;QAAE,OAAO,aAAa,CAAC;IAExC,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACxD,IAAI,MAAM,EAAE,CAAC;QACX,sBAAsB,CAAC,MAAM,CAAC,CAAC;QAC/B,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,OAAO,aAAa,CAAC;AACvB,CAAC"}

package/dist/license/verify.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+/**
+ * Offline Ed25519 licence key verification.
+ *
+ * Uses Node.js built-in crypto (available since Node 18).
+ * Zero external dependencies.
+ */
+import { type LicensePayload, type LicenseInfo } from './keys.js';
+/**
+ * Parse the payload JSON from a license key without verifying the signature.
+ * Returns null if parsing fails.
+ */
+export declare function parseLicensePayload(key: string): LicensePayload | null;
+/**
+ * Verify a license key's Ed25519 signature and check expiry.
+ * This is completely offline — no network calls.
+ */
+export declare function verifyLicenseKey(key: string): LicenseInfo;
+//# sourceMappingURL=verify.d.ts.map

package/dist/license/verify.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/license/verify.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAKL,KAAK,cAAc,EACnB,KAAK,WAAW,EACjB,MAAM,WAAW,CAAC;AA4CnB;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI,CAiBtE;AAID;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,CAuDzD"}

package/dist/license/verify.js ADDED Viewed

@@ -0,0 +1,126 @@
+/**
+ * Offline Ed25519 licence key verification.
+ *
+ * Uses Node.js built-in crypto (available since Node 18).
+ * Zero external dependencies.
+ */
+import { verify, createPublicKey } from 'crypto';
+import { LICENSE_PUBLIC_KEY_HEX, KEY_PREFIXES, EXPIRY_GRACE_DAYS, } from './keys.js';
+// ── Base64url helpers ────────────────────────────────────
+function base64urlDecode(str) {
+    // Restore padding and convert base64url → base64
+    const padded = str + '='.repeat((4 - (str.length % 4)) % 4);
+    return Buffer.from(padded.replace(/-/g, '+').replace(/_/g, '/'), 'base64');
+}
+// ── Public key (parsed once, cached) ─────────────────────
+let cachedPublicKey = null;
+function getPublicKey() {
+    if (cachedPublicKey)
+        return cachedPublicKey;
+    const derBuffer = Buffer.from(LICENSE_PUBLIC_KEY_HEX, 'hex');
+    cachedPublicKey = createPublicKey({ key: derBuffer, format: 'der', type: 'spki' });
+    return cachedPublicKey;
+}
+// ── Key parsing ──────────────────────────────────────────
+/**
+ * Strip the sc_{tier}_ prefix and split into payload + signature.
+ * Returns null if the key format is invalid.
+ */
+function splitKey(key) {
+    // Find which prefix matches
+    for (const [tier, prefix] of Object.entries(KEY_PREFIXES)) {
+        if (key.startsWith(prefix)) {
+            const rest = key.slice(prefix.length);
+            const dotIndex = rest.lastIndexOf('.');
+            if (dotIndex === -1)
+                return null;
+            return {
+                payloadB64: rest.slice(0, dotIndex),
+                signatureB64: rest.slice(dotIndex + 1),
+                prefixTier: tier,
+            };
+        }
+    }
+    return null;
+}
+/**
+ * Parse the payload JSON from a license key without verifying the signature.
+ * Returns null if parsing fails.
+ */
+export function parseLicensePayload(key) {
+    const parts = splitKey(key);
+    if (!parts)
+        return null;
+    try {
+        const json = base64urlDecode(parts.payloadB64).toString('utf-8');
+        const payload = JSON.parse(json);
+        // Basic shape validation
+        if (!payload.tier || !payload.teamId || !payload.exp || !payload.sid) {
+            return null;
+        }
+        return payload;
+    }
+    catch {
+        return null;
+    }
+}
+// ── Signature verification ───────────────────────────────
+/**
+ * Verify a license key's Ed25519 signature and check expiry.
+ * This is completely offline — no network calls.
+ */
+export function verifyLicenseKey(key) {
+    const FREE = {
+        valid: false,
+        tier: 'free',
+        email: null,
+        expiresAt: null,
+        daysUntilExpiry: null,
+        teamId: null,
+        subscriptionId: null,
+    };
+    const parts = splitKey(key);
+    if (!parts)
+        return FREE;
+    // Decode payload and signature
+    let payload;
+    let signatureBuffer;
+    try {
+        const json = base64urlDecode(parts.payloadB64).toString('utf-8');
+        payload = JSON.parse(json);
+        signatureBuffer = base64urlDecode(parts.signatureB64);
+    }
+    catch {
+        return FREE;
+    }
+    // Verify Ed25519 signature over the raw payload bytes
+    const payloadBuffer = base64urlDecode(parts.payloadB64);
+    try {
+        const isValid = verify(null, payloadBuffer, getPublicKey(), signatureBuffer);
+        if (!isValid)
+            return FREE;
+    }
+    catch {
+        return FREE;
+    }
+    // Check that the prefix tier matches the payload tier
+    if (parts.prefixTier !== payload.tier)
+        return FREE;
+    // Check expiry (with grace period)
+    const nowSec = Math.floor(Date.now() / 1000);
+    const graceSeconds = EXPIRY_GRACE_DAYS * 24 * 60 * 60;
+    const effectiveExpiry = payload.exp + graceSeconds;
+    const expired = nowSec > effectiveExpiry;
+    const expiresAt = new Date(payload.exp * 1000);
+    const daysUntilExpiry = Math.ceil((payload.exp - nowSec) / (24 * 60 * 60));
+    return {
+        valid: !expired,
+        tier: expired ? 'free' : payload.tier,
+        email: payload.email,
+        expiresAt,
+        daysUntilExpiry,
+        teamId: payload.teamId,
+        subscriptionId: payload.sid,
+    };
+}
+//# sourceMappingURL=verify.js.map

package/dist/license/verify.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/license/verify.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACjD,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,iBAAiB,GAIlB,MAAM,WAAW,CAAC;AAEnB,4DAA4D;AAE5D,SAAS,eAAe,CAAC,GAAW;IAClC,iDAAiD;IACjD,MAAM,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;AAC7E,CAAC;AAED,4DAA4D;AAE5D,IAAI,eAAe,GAA8C,IAAI,CAAC;AAEtE,SAAS,YAAY;IACnB,IAAI,eAAe;QAAE,OAAO,eAAe,CAAC;IAC5C,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE,KAAK,CAAC,CAAC;IAC7D,eAAe,GAAG,eAAe,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;IACnF,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,4DAA4D;AAE5D;;;GAGG;AACH,SAAS,QAAQ,CAAC,GAAW;IAC3B,4BAA4B;IAC5B,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;QAC1D,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,QAAQ,KAAK,CAAC,CAAC;gBAAE,OAAO,IAAI,CAAC;YACjC,OAAO;gBACL,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC;gBACnC,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC;gBACtC,UAAU,EAAE,IAAI;aACjB,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,GAAW;IAC7C,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC5B,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACjE,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB,CAAC;QAEnD,yBAAyB;QACzB,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACrE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,4DAA4D;AAE5D;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAW;IAC1C,MAAM,IAAI,GAAgB;QACxB,KAAK,EAAE,KAAK;QACZ,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,IAAI;QACX,SAAS,EAAE,IAAI;QACf,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE,IAAI;QACZ,cAAc,EAAE,IAAI;KACrB,CAAC;IAEF,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC5B,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,+BAA+B;IAC/B,IAAI,OAAuB,CAAC;IAC5B,IAAI,eAAuB,CAAC;IAC5B,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACjE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,eAAe,GAAG,eAAe,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sDAAsD;IACtD,MAAM,aAAa,GAAG,eAAe,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IACxD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,aAAa,EAAE,YAAY,EAAE,EAAE,eAAe,CAAC,CAAC;QAC7E,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sDAAsD;IACtD,IAAI,KAAK,CAAC,UAAU,KAAK,OAAO,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEnD,mCAAmC;IACnC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,MAAM,YAAY,GAAG,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;IACtD,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,GAAG,YAAY,CAAC;IACnD,MAAM,OAAO,GAAG,MAAM,GAAG,eAAe,CAAC;IAEzC,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;IAC/C,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;IAE3E,OAAO;QACL,KAAK,EAAE,CAAC,OAAO;QACf,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,IAAmB;QACpD,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,SAAS;QACT,eAAe;QACf,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,cAAc,EAAE,OAAO,CAAC,GAAG;KAC5B,CAAC;AACJ,CAAC"}

package/dist/memory/store.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../src/memory/store.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EACL,MAAM,EACN,WAAW,EACX,UAAU,EAEV,aAAa,EACb,YAAY,EACZ,YAAY,EAEb,MAAM,YAAY,CAAC;~~AA+BpB~~,OAAO,KAAK,EAAE,aAAa,EAAyB,MAAM,qBAAqB,CAAC;AAyChF;;GAEG;AACH,wBAAgB,qBAAqB;kBAnCG,OAAO;oBAAkB,MAAM;qBAAmB,MAAM;SAqC/F;AAyCD;;GAEG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAmBhE;AA0GD;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,KAAK;;CAK3C;AAED;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,MAAM,EAAE,MAAM;CAI3B;AAqBD;;GAEG;AACH,wBAAgB,SAAS,CACvB,KAAK,EAAE,WAAW,EAClB,MAAM,GAAE,YAA6B,EACrC,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,CA0NR;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,aAAa,GAAG,MAAM,GAAG,IAAI,CAmB/E;AAED;;GAEG;AACH,wBAAgB,YAAY,CAC1B,EAAE,EAAE,MAAM,EACV,OAAO,EAAE,OAAO,CAAC,WAAW,CAAC,GAC5B,MAAM,GAAG,IAAI,CAsDf;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,aAAa,GAAG,OAAO,CAgCxE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAC1B,EAAE,EAAE,MAAM,EACV,MAAM,GAAE,YAA6B,EACrC,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,GAAG,IAAI,CA8Df;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAgB1D;AAyBD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,EAClB,WAAW,GAAE,QAAQ,GAAG,QAAQ,GAAG,SAAoB,GACtD,gBAAgB,CA0DlB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAE9D;AAED;;GAEG;AACH,wBAAgB,2BAA2B,CAAC,QAAQ,EAAE,MAAM,GAAG;IAC7D,UAAU,EAAE,OAAO,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB,CAcA;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CAsB1C;AAkJD,wBAAsB,cAAc,CAClC,OAAO,EAAE,aAAa,EACtB,MAAM,GAAE,YAA6B,EACrC,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,YAAY,EAAE,CAAC,CAsOzB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,EACf,MAAM,GAAE,YAA6B,GACpC,MAAM,EAAE,CAaV;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,GAAE,MAAW,EAClB,OAAO,CAAC,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,EAAE,CAgBV;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,UAAU,EAChB,KAAK,GAAE,MAAW,GACjB,MAAM,EAAE,CAUV;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,KAAK,GAAE,MAAW,EAClB,OAAO,CAAC,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,EAAE,CAmBV;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CASvD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,GAAE,YAA6B,GACpC,MAAM,CAoBR;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG;IAChD,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,eAAe,EAAE,MAAM,CAAC;CACzB,CAyCA;AAMD,MAAM,MAAM,gBAAgB,GAAG,YAAY,GAAG,SAAS,GAAG,aAAa,GAAG,SAAS,CAAC;AAEpF,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,gBAAgB,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,gBAAgB,EAC9B,QAAQ,GAAE,MAAY,GACrB,UAAU,GAAG,IAAI,CA6BnB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG;IACpD,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,gBAAgB,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,UAAU,GAAG,UAAU,CAAC;CACpC,EAAE,CA6CF;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAM5E;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,UAAU,EAAE,CAYhD;AAiHD;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,MAAM,EACd,UAAU,GAAE,MAAU,GACrB;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,gBAAgB,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,EAAE,CA6B1E"}
1	+ {"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../src/memory/store.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EACL,MAAM,EACN,WAAW,EACX,UAAU,EAEV,aAAa,EACb,YAAY,EACZ,YAAY,EAEb,MAAM,YAAY,CAAC;AAgCpB,OAAO,KAAK,EAAE,aAAa,EAAyB,MAAM,qBAAqB,CAAC;AAyChF;;GAEG;AACH,wBAAgB,qBAAqB;kBAnCG,OAAO;oBAAkB,MAAM;qBAAmB,MAAM;SAqC/F;AAyCD;;GAEG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAmBhE;AA0GD;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,KAAK;;CAK3C;AAED;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,MAAM,EAAE,MAAM;CAI3B;AAqBD;;GAEG;AACH,wBAAgB,SAAS,CACvB,KAAK,EAAE,WAAW,EAClB,MAAM,GAAE,YAA6B,EACrC,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,CA0NR;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,aAAa,GAAG,MAAM,GAAG,IAAI,CAmB/E;AAED;;GAEG;AACH,wBAAgB,YAAY,CAC1B,EAAE,EAAE,MAAM,EACV,OAAO,EAAE,OAAO,CAAC,WAAW,CAAC,GAC5B,MAAM,GAAG,IAAI,CAsDf;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,aAAa,GAAG,OAAO,CAgCxE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAC1B,EAAE,EAAE,MAAM,EACV,MAAM,GAAE,YAA6B,EACrC,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,GAAG,IAAI,CA8Df;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAgB1D;AAyBD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,EAClB,WAAW,GAAE,QAAQ,GAAG,QAAQ,GAAG,SAAoB,GACtD,gBAAgB,CA0DlB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAE9D;AAED;;GAEG;AACH,wBAAgB,2BAA2B,CAAC,QAAQ,EAAE,MAAM,GAAG;IAC7D,UAAU,EAAE,OAAO,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB,CAcA;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CAsB1C;AAkJD,wBAAsB,cAAc,CAClC,OAAO,EAAE,aAAa,EACtB,MAAM,GAAE,YAA6B,EACrC,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,YAAY,EAAE,CAAC,CAsOzB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,EACf,MAAM,GAAE,YAA6B,GACpC,MAAM,EAAE,CAaV;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,GAAE,MAAW,EAClB,OAAO,CAAC,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,EAAE,CAgBV;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,UAAU,EAChB,KAAK,GAAE,MAAW,GACjB,MAAM,EAAE,CAUV;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,KAAK,GAAE,MAAW,EAClB,OAAO,CAAC,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,EAAE,CAmBV;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CASvD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,GAAE,YAA6B,GACpC,MAAM,CAoBR;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG;IAChD,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,eAAe,EAAE,MAAM,CAAC;CACzB,CAyCA;AAMD,MAAM,MAAM,gBAAgB,GAAG,YAAY,GAAG,SAAS,GAAG,aAAa,GAAG,SAAS,CAAC;AAEpF,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,gBAAgB,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,gBAAgB,EAC9B,QAAQ,GAAE,MAAY,GACrB,UAAU,GAAG,IAAI,CA6BnB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG;IACpD,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,gBAAgB,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,UAAU,GAAG,UAAU,CAAC;CACpC,EAAE,CA6CF;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAM5E;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,UAAU,EAAE,CAYhD;AAiHD;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,MAAM,EACd,UAAU,GAAE,MAAU,GACrB;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,gBAAgB,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,EAAE,CA6B1E"}

package/dist/memory/store.js CHANGED Viewed

@@ -17,6 +17,7 @@ import { extractFromMemory } from '../graph/extract.js';
 import { processExtractionResult } from '../graph/resolve.js';
 import { runDefencePipeline, storeFragmentationData } from '../defence/index.js';
 import { syncQuarantineToCloud } from '../cloud/quarantine-sync.js';
+import { isFeatureEnabled } from '../license/gate.js';
 import { checkAccess } from '../defence/trust/access-control.js';
 import { scoreSource } from '../defence/trust/source-scorer.js';
 import { logAudit } from '../defence/audit/logger.js';
@@ -287,22 +288,23 @@ export function addMemory(input, config = DEFAULT_CONFIG, source) {
             defenceResult.firewall.reason = `Sub-agent write (trust=${trust.toFixed(3)}) requires parent approval`;
             // Pipeline returned ALLOW so pipeline.ts didn't sync quarantine content.
             // Sync it now since we've overridden to QUARANTINE post-pipeline.
-            try {
-                const indicators = defenceResult.firewall.threatIndicators.map(t => typeof t === 'string' ? t : t.pattern ?? String(t));
-                syncQuarantineToCloud({
-                    original_content: input.content,
-                    original_title: input.title,
-                    source_type: source.type,
-                    source_identifier: source.identifier,
-                    reason: defenceResult.firewall.reason,
-                    threat_indicators: indicators,
-                    anomaly_score: defenceResult.firewall.anomalyScore,
-                    firewall_result: defenceResult.firewall.result,
-                });
-            }
-            catch {
-                // Cloud sync must never affect local quarantine flow
-            }
+            if (isFeatureEnabled('cloud_sync'))
+                try {
+                    const indicators = defenceResult.firewall.threatIndicators.map(t => typeof t === 'string' ? t : t.pattern ?? String(t));
+                    syncQuarantineToCloud({
+                        original_content: input.content,
+                        original_title: input.title,
+                        source_type: source.type,
+                        source_identifier: source.identifier,
+                        reason: defenceResult.firewall.reason,
+                        threat_indicators: indicators,
+                        anomaly_score: defenceResult.firewall.anomalyScore,
+                        firewall_result: defenceResult.firewall.result,
+                    });
+                }
+                catch {
+                    // Cloud sync must never affect local quarantine flow
+                }
         }
         if (!defenceResult.allowed) {
             // Store in quarantine instead of memory