API Endpoints: The Beating Heart of Licensing
Here are the core flows, beautifully diagrammed by GPT‑5 from the actual code.
POST licence/validate
Validates licence requests. Creates new trial customers or checks existing ones. Returns licence status, model availability, expiry dates, and any skill updates, informs if an app update is required.
POST licence/retrieve
Used after reinstall or MAC address change. Requires PaidCustomerSecretHash + UserNameHash to load the customer securely. Enforces MAC‑change limits and revenue protection. Delegates to the validate flow.
POST licence/change-secret
Allows customers to rotate their secret. Uses a semaphore to enforce single‑flight behaviour and prevent brute‑force timing attacks. Associates a new secret with the customer.
And of Course… Everything May Change
All of this is subject to revision, especially if the app eventually adopts cloud LLMs like GPT, Claude, or Gemini. Licensing, flow, and update logic may evolve as the architecture does.
But for now, this is the system that keeps the lights on, the updates flowing, and the lawyers happy.
Next up, we return to the fun stuff: LLMs, adaptors, and redaction. Bring snacks.
