keylight 0.1.0

Keylight licensing SDK — activate/validate licenses with offline Ed25519 lease verification.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

# keylight-rust

Open-source [Keylight](https://keylight.dev) licensing SDK for Rust — the
`keylight` library plus a `keylight` CLI (`keylight-cli`). Activate license
keys, verify signed leases offline, and gate features on entitlements.

Verified against the Keylight SP-0 conformance vectors (the crate passes
`tests/conformance.rs`).

## Install

```toml
[dependencies]
keylight = "0.1"
```

Not yet published to crates.io. Until then, use a git dependency:

```toml
[dependencies]
keylight = { git = "https://github.com/keylight-dev/keylight-rust" }
```

## Quickstart (library)

```rust
use keylight::{Keylight, KeylightConfig};

fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Build config. Fetch the tenant's trusted Ed25519 keyset so leases can be
    // verified offline. (Alternatively pin keys with .trusted_key(kid, pub_b64).)
    let mut cfg = KeylightConfig::builder("keylight-notes-demo", "notes")
        .key_prefix("NOTES")
        .build();
    if let Some((_, keys)) = keylight::keyset::fetch_keyset(
        &keylight::http::ureq_transport::UreqTransport::default(),
        &cfg.base_url, &cfg.tenant_id) {
        cfg.trusted_keys.extend(keys);
    }
    let kl = Keylight::new(cfg)?;

    // Activate a license key (online). The returned lease is Ed25519-verified
    // before anything is persisted.
    let res = kl.activate("NOTES-PRO0-0000-0001")?;
    println!("activated: {}", res.activated);

    // Gate features on entitlements (works offline from the cached lease).
    if kl.has_entitlement("pro") {
        println!("Pro features unlocked");
    }
    Ok(())
}
```

This example runs against the public Keylight Notes demo tenant
(`keylight-notes-demo`, product `notes`) on the default host
`https://api.keylight.dev`.

## Offline model

The signed `v3` lease is the offline artifact: once activated, it's persisted
locally and every entitlement check reads from it without a network call. Call
`refresh_if_needed()` (or `check_on_launch()`) on launch and on relevant app
events to renew the lease when it's near expiry — there are no background
threads. Leases are verified with Ed25519 against the trusted keyset, allowing
300s of clock skew.

## CLI usage

The `keylight` binary wraps the same library:

```sh
keylight --tenant keylight-notes-demo --product notes --fetch-keys activate NOTES-PRO0-0000-0001
keylight --tenant keylight-notes-demo --product notes --fetch-keys status
keylight --tenant keylight-notes-demo --product notes deactivate
```

`--fetch-keys` pulls the tenant's trusted keyset from the server. Flags also
read from environment variables: `KEYLIGHT_TENANT`, `KEYLIGHT_PRODUCT`,
`KEYLIGHT_SDK_KEY`, and `KEYLIGHT_BASE_URL` (defaults to
`https://api.keylight.dev`).

## Crates

| Crate | Description |
| --- | --- |
| `keylight` | The licensing library. |
| `keylight-cli` | The `keylight` command-line binary. |
| `demo-app` | Keylight Notes — a runnable example app. |
| `tauri-plugin-keylight` | Tauri plugin wrapping the SDK. |

## License

MIT.