cameleer/cameleer-saas
1
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

Epic: License & Feature Gating #7

New Issue
Open
opened 2026-03-29 23:17:24 +02:00 by claude · 1 comment
claude commented 2026-03-29 23:17:24 +02:00
Owner
Copy Link

Overview

Unified license module that enforces tier entitlements in both SaaS and air-gapped deployment modes. Same feature flags, different validation backends.

Architecture

  • License module embedded in cameleer3-server
  • Two validation modes:
    • SaaS mode: Checks entitlements against SaaS platform API (real-time, cached)
    • Air-gapped mode: Validates against signed license file (offline)
  • License defines: tier, feature flags, resource limits, expiry, tenant ID

Feature Gating Dimensions

  • MOAT features (debugger, lineage, correlation)
  • Agent count limits
  • Data retention periods
  • Environment count
  • SSO/OIDC availability
  • Concurrent debug session limits
  • Lineage capture scope limits

License Format

  • Signed JWT or similar cryptographic token
  • Ed25519 signature (consistent with existing config signing)
  • Contains: tenant ID, tier, feature entitlements, resource limits, expiry date
  • Air-gapped licenses issued through management platform, delivered as downloadable file

Enforcement

  • Server checks license on startup and periodically
  • Feature endpoints return 403 when not entitled
  • Graceful degradation (features disabled, not errors)
  • License expiry grace period before hard cutoff
## Overview Unified license module that enforces tier entitlements in both SaaS and air-gapped deployment modes. Same feature flags, different validation backends. ## Architecture - License module embedded in cameleer3-server - Two validation modes: - **SaaS mode**: Checks entitlements against SaaS platform API (real-time, cached) - **Air-gapped mode**: Validates against signed license file (offline) - License defines: tier, feature flags, resource limits, expiry, tenant ID ## Feature Gating Dimensions - MOAT features (debugger, lineage, correlation) - Agent count limits - Data retention periods - Environment count - SSO/OIDC availability - Concurrent debug session limits - Lineage capture scope limits ## License Format - Signed JWT or similar cryptographic token - Ed25519 signature (consistent with existing config signing) - Contains: tenant ID, tier, feature entitlements, resource limits, expiry date - Air-gapped licenses issued through management platform, delivered as downloadable file ## Enforcement - Server checks license on startup and periodically - Feature endpoints return 403 when not entitled - Graceful degradation (features disabled, not errors) - License expiry grace period before hard cutoff
claude added the epiclicensing labels 2026-03-29 23:18:01 +02:00
claude commented 2026-04-07 12:31:33 +02:00
Author
Owner
Copy Link

Status Update (2026-04-07)

License page complete:

  • Tier display with badge color
  • Feature flags: topology, lineage, correlation, debugger, replay
  • Limits: max_agents, retention_days, max_environments (snake_case keys, fixed in c96faa4)
  • Validity: issued/expires dates, days remaining
  • License token display with show/hide toggle
  • LicenseDefaults.java provides tier-specific defaults (LOW/MID/HIGH/ENTERPRISE)
  • BootstrapDataSeeder creates 365-day LOW tier license on first boot

Remaining:

  • License upgrade/downgrade (requires billing integration)
  • Feature gating enforcement (checking limits before creating environments/apps — partially done in AppService/EnvironmentService)
## Status Update (2026-04-07) ### License page complete: - Tier display with badge color - Feature flags: topology, lineage, correlation, debugger, replay - Limits: max_agents, retention_days, max_environments (snake_case keys, fixed in c96faa4) - Validity: issued/expires dates, days remaining - License token display with show/hide toggle - `LicenseDefaults.java` provides tier-specific defaults (LOW/MID/HIGH/ENTERPRISE) - `BootstrapDataSeeder` creates 365-day LOW tier license on first boot ### Remaining: - License upgrade/downgrade (requires billing integration) - Feature gating enforcement (checking limits before creating environments/apps — partially done in AppService/EnvironmentService)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
auth
Identity, authentication, OIDC, RBAC
 billing
Billing, metering, and Stripe integration
 day-1
Required for initial launch
 epic
Top-level epic grouping related issues
 future
Planned for future release
 infra
Infrastructure, GitOps, K8s orchestration
 licensing
License module and feature gating
 networking
Network isolation, VPN, tenant separation
 observability
Observability integration (cameleer3-server)
 ops
Platform operations and self-monitoring
 phase-1
Phase 1: Foundation + Auth
 phase-2
Phase 2: Tenants + Licensing
 phase-3
Phase 3: Runtime Orchestration + Environments
 phase-4
Phase 4: Observability Pipeline + Inbound Routing
 phase-5
Phase 5: K8s Operational Layer
 phase-6
Phase 6: Billing + Metering
 phase-7
Phase 7: Billing + Metering
 phase-8
Phase 8: Security Hardening + Self-Monitoring
 phase-9
Phase 9: Frontend (React Shell)
 platform
SaaS management platform
 runtime
Camel application runtime
 secrets
Secrets management and vault integration
 security
Security, compliance, SOC 2, audit
 task
Implementation task within a phase
No Label epic licensing
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claude
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: cameleer/cameleer-saas#7
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?