@pmcollab/coworkstream-license
v0.2.0
Published
License-key verification for @pmcollab/coworkstream-* commercial packages. Ed25519-signed tokens, offline verification, no phone-home.
Maintainers
Readme
@pmcollab/coworkstream-license
License-key verification for @pmcollab/coworkstream-* commercial packages.
Ed25519-signed tokens, offline verification, no phone-home.
Consumer usage
Register the key once at app startup, before rendering any @pmcollab/coworkstream-*
component:
import { setLicenseKey } from '@pmcollab/coworkstream-license'
setLicenseKey(import.meta.env.VITE_MISSIONCONTROL_LICENSE)In development builds the components render normally regardless — design
partners and trial users can evaluate without a key. In production builds
(NODE_ENV === 'production'), gated components refuse to render until a valid
key is registered.
Manual gating
import { LicenseGate } from '@pmcollab/coworkstream-license/react'
;<LicenseGate>
<PaidFeature />
</LicenseGate>Reading status
import { getLicenseStatus } from '@pmcollab/coworkstream-license'
const s = getLicenseStatus()
// { valid: true, payload: { c, p, iat, exp, f? } }
// or
// { valid: false, reason: 'missing' | 'invalid_format' | 'bad_signature' | 'expired' | 'no_public_key' }Issuing keys (vendor-side)
One-time setup
Generate the signing keypair and embed the public key in the package:
node scripts/sign-license.js initThis writes packages/license/src/public-key.js and prints the private key
to stdout. Save it in a secret store (1Password, AWS Secrets Manager, etc.) —
it must never be committed. Replacing the keypair invalidates every
previously-issued license, so do it deliberately.
Sign a customer license
$env:MISSIONCONTROL_LICENSE_PRIVATE_KEY="<hex>"
node scripts/sign-license.js sign --customer=acme-corp --plan=pro --expires=2027-01-01Optional --features=foo,bar adds a feature-flag list (payload.f) you can
read from getLicenseStatus() to gate individual features.
Token format
Compact, two-part: <base64url(payload_json)>.<base64url(signature)>
where signature = Ed25519.sign(payload_json, privateKey).
Conventional payload fields:
| Field | Meaning |
| ----- | -------------------------------- |
| c | Customer id |
| p | Plan tier (trial, pro, …) |
| iat | Issued-at (Unix seconds) |
| exp | Expiry (Unix seconds) |
| f | Optional feature flags (string[]) |
