Crate fallow_license

Expand description

Offline Ed25519-signed license JWT verification for the fallow CLI.

This crate is the public-binary side of fallow’s paid-feature gating. It does NOT perform any network I/O; the license file is loaded from disk or environment, the signature is verified against a public key compiled in by the embedding binary, and the result is exposed as a LicenseStatus.

§Storage precedence

License material is sourced in this order (first match wins):

$FALLOW_LICENSE environment variable (full JWT string).
$FALLOW_LICENSE_PATH environment variable (path to a file containing the JWT).
~/.fallow/license.jwt (default path under the user’s home directory).

§Algorithm pinning

Only Ed25519 (EdDSA) is accepted. The JWT header’s alg claim is verified to equal "EdDSA" after base64 decoding; we never trust the header to pick the algorithm.

§Grace ladder

Matches Docker Desktop / JetBrains conventions. See grace_state.

Structs§

LicenseClaims: JWT claims emitted by api.fallow.cloud for fallow CLI licenses.

Enums§

Feature: Feature flag enum aligned with the protocol’s Feature strings.
LicenseError: Errors returned by load_and_verify when the license material is present but malformed (vs simply missing, which is reported via LicenseStatus::Missing).
LicenseStatus: Outcome of load_and_verify.

Constants§

DEFAULT_HARD_FAIL_DAYS: Default cap on the grace window before hard-fail in the public CLI.
DEFAULT_SKEW_TOLERANCE_SECONDS: Default tolerance (in seconds) for iat clock skew: 24h.
SKEW_TOLERANCE_ENV: Env var name for overriding DEFAULT_SKEW_TOLERANCE_SECONDS.
WATERMARK_DAYS: Days post-expiry after which the public output gains a visible watermark.

Functions§

current_unix_seconds: Wrapper around SystemTime::now() returning unix seconds.
default_license_path: Compute the canonical default license path (~/.fallow/license.jwt).
grace_state: Map a verified LicenseClaims to a LicenseStatus using the 7/cap/hard-fail ladder.
load_and_verify: Discover and load a license JWT according to the storage precedence rules, then verify it and apply the grace ladder.
load_raw_jwt: Resolve the JWT source according to storage precedence.
normalize_jwt: Strip whitespace and embedded line breaks from a pasted JWT.
skew_tolerance_seconds_from_env: Resolve the clock-skew tolerance (in seconds) from FALLOW_LICENSE_SKEW_TOLERANCE_SECONDS, falling back to DEFAULT_SKEW_TOLERANCE_SECONDS when the variable is unset, empty, whitespace-only, or unparsable.
user_home_dir: Resolve the user’s home directory in a cross-platform way.
verify_jwt: Verify a raw JWT string against the supplied public key and (optionally) the wall clock. The now parameter is the unix-seconds reference used to classify expiry; pass current_unix_seconds in production.
verify_jwt_with_skew: Verify a raw JWT string with an explicit clock-skew tolerance.