Licensing API

This page documents the public exports from @ngaf/licensing.

#Types

type LicenseTier = 'developer-seat' | 'app-deployment' | 'enterprise';
 
interface LicenseClaims {
  sub: string;
  tier: LicenseTier;
  iat: number;
  exp: number;
  seats: number;
}
type VerifyReason = 'malformed' | 'tampered';
 
type VerifyResult =
  | { ok: true; claims: LicenseClaims }
  | { ok: false; reason: VerifyReason };
type LicenseStatus =
  | 'licensed'
  | 'grace'
  | 'expired'
  | 'missing'
  | 'tampered'
  | 'noncommercial';

#verifyLicense()

function verifyLicense(
  token: string,
  publicKey: Uint8Array,
): Promise<VerifyResult>;

Parses and verifies the compact token against an Ed25519 public key.

It does not check iat, exp, grace windows, or commercial context. It only answers whether the token shape and signature are valid.

Failure reasons:

ReasonMeaning
malformedtoken format, base64url payload, JSON, or claim shape failed
tamperedsignature verification failed or threw

#evaluateLicense()

interface EvaluateOptions {
  nowSec: number;
  graceSec?: number;
  isNoncommercial?: boolean;
}
 
function evaluateLicense(
  verifyResult: VerifyResult | undefined,
  options: EvaluateOptions,
): EvaluateResult;

Turns a verify result into a LicenseStatus.

verifyResult can be undefined when no token exists. In that case the result is noncommercial only when isNoncommercial is true; otherwise it is missing.

graceSec defaults to 14 days.

#runLicenseCheck()

interface RunLicenseCheckOptions {
  package: string;
  token?: string;
  publicKey: Uint8Array;
  nowSec?: number;
  isNoncommercial?: boolean;
  warn?: (message: string) => void;
}
 
function runLicenseCheck(
  options: RunLicenseCheckOptions,
): Promise<LicenseStatus>;

Runs the full check:

  1. verifies the token when present;
  2. evaluates the license status;
  3. emits a warning when appropriate.

Repeated calls with the same package and token are treated as already handled and return licensed.

#emitNag()

interface EmitNagOptions {
  package: string;
  warn?: (message: string) => void;
}
 
function emitNag(
  result: Pick<EvaluateResult, 'status'>,
  options: EmitNagOptions,
): void;

Emits one warning per package/status pair. Silent statuses are licensed and noncommercial.

#inferNoncommercial()

function inferNoncommercial(): boolean;

Returns true when process.env.NODE_ENV exists and is not "production". Returns false for production and for browser-like environments without a process global.

#signLicense()

function signLicense(
  claims: LicenseClaims,
  privateKey: Uint8Array,
): Promise<string>;

Signs claims with an Ed25519 private key and returns the compact token consumed by verifyLicense().