mintpass: per-package licenses (web AGPL-3.0-or-later, challenge GPL-3.0-or-later, contracts MIT)#23
Open
tomcasaburi wants to merge 2 commits into
Open
mintpass: per-package licenses (web AGPL-3.0-or-later, challenge GPL-3.0-or-later, contracts MIT)#23tomcasaburi wants to merge 2 commits into
tomcasaburi wants to merge 2 commits into
Conversation
challenge: MIT -> GPL-3.0-or-later. It depends on @pkcprotocol/pkc-logger (GPL-3.0-or-later) and matches every other challenge package in the org (flags/r9k/ai-moderation/evm-contract/voucher/captcha/spam-blocker), so its effective license is already GPL; MIT understated the obligations. contracts: declare MIT explicitly (was inheriting the root MIT; .sol files are already SPDX MIT). MIT maximizes auditability/integration for on-chain code. Adds per-directory LICENSE files. Authorized by cofounder / copyright holder.
📝 WalkthroughWalkthroughThe PR establishes a mixed-license monorepo by adding per-package license files and metadata fields. Root documentation is updated to explain the three-license structure, and each sub-package (web, challenge, contracts) declares its corresponding license (AGPL-3.0-or-later, GPL-3.0-or-later, MIT). ChangesMixed-License Monorepo Setup
Estimated code review effort🎯 2 (Simple) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
… root Reverses the earlier plan to privatize web/. MintPass should be fully open and forkable -- we WANT people to run their own. Its anti-sybil strength is phone-number scarcity + on-chain NFT cost, not secret code, so there's no secrecy reason to close it (unlike spam-blocker/server, whose risk-scoring heuristics genuinely are the moat and stay private). AGPL (not GPL) for the hosted web app: anyone can fork and run their own, but anyone running a MODIFIED MintPass service must publish their changes -- so the verification layer can't be privatized by a closed competitor. Bitsocial Forge still monetizes by operating the default mintpass.org. - web/LICENSE: AGPLv3; web/package.json license -> AGPL-3.0-or-later - LICENSE (root): mixed-license explainer (all open) - package.json (root): MIT -> UNLICENSED (dev-only monorepo root) - README: License section End state: web AGPL-3.0-or-later, challenge GPL-3.0-or-later, contracts MIT -- all open.
tomcasaburi
changed the title
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
LICENSE (1)
1-10:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winFix stale MIT license text in generated docs.
llms-full.txtandweb/public/llms-full.txtstill include the## Licensesection statingMIT License — see [LICENSE](LICENSE).(~line 234), which conflicts with the mixed-license model described in the rootLICENSE. Regenerate/update the generatedllms-full.txtoutputs so their embedded license section matches the new mixed-license structure.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@LICENSE` around lines 1 - 10, The generated license sections in llms-full.txt and web/public/llms-full.txt still embed a stale "MIT License — see [LICENSE](LICENSE)" blurb; regenerate or update those files so their internal "## License" section matches the monorepo's mixed-license model described in the root LICENSE (showing per-package licensing for `web` (AGPL-3.0-or-later), `challenge` (GPL-3.0-or-later), and `contracts` (MIT)), and ensure the text references the root LICENSE and the package-specific LICENSE files consistently; update the generator or regeneration command you used so future runs produce the correct license block.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Outside diff comments:
In `@LICENSE`:
- Around line 1-10: The generated license sections in llms-full.txt and
web/public/llms-full.txt still embed a stale "MIT License — see
[LICENSE](LICENSE)" blurb; regenerate or update those files so their internal
"## License" section matches the monorepo's mixed-license model described in the
root LICENSE (showing per-package licensing for `web` (AGPL-3.0-or-later),
`challenge` (GPL-3.0-or-later), and `contracts` (MIT)), and ensure the text
references the root LICENSE and the package-specific LICENSE files consistently;
update the generator or regeneration command you used so future runs produce the
correct license block.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 32a7a2d2-e74e-4785-ae48-7b7921c80820
📒 Files selected for processing (9)
LICENSEREADME.mdchallenge/LICENSEchallenge/package.jsoncontracts/LICENSEcontracts/package.jsonpackage.jsonweb/LICENSEweb/package.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sets a license per package — all open source. Supersedes #24 (we are keeping
web/public and forkable, not privatizing it).@bitsocial/mintpass-challenge)pkc-logger(GPL); matches every other challenge package in the org.@bitsocial/mintpass-contracts).solalready SPDX-MIT. Maximizes auditability/integration.Root
LICENSEbecomes a mixed-license explainer and rootpackage.json→UNLICENSED(dev-only monorepo root, mirrors spam-blocker). Adds per-directory LICENSE files.Authorized by cofounder. Licensing strategy, not legal advice.
Note
Low Risk
Documentation and package metadata only; no runtime behavior changes. Downstream compliance implications (AGPL on hosted forks, GPL on challenge) are the main review focus, not engineering risk.
Overview
Replaces the monorepo-wide MIT license with per-package licensing and documents it in the root
LICENSEand README.web/(mintpass.org site + API) is AGPL-3.0-or-later via newweb/LICENSEandweb/package.json. AGPL requires operators of modified hosted services to offer corresponding source.challenge/(@bitsocial/mintpass-challenge) moves from MIT to GPL-3.0-or-later withchallenge/LICENSEand updatedchallenge/package.json, aligning with GPL dependencies such aspkc-logger.contracts/keeps MIT with a dedicatedcontracts/LICENSEand explicitlicenseincontracts/package.json.The root workspace is
UNLICENSEDinpackage.json(dev-only monorepo root, not a redistributable package). No application or contract logic changes—only legal metadata and license text files.Reviewed by Cursor Bugbot for commit 846fcb1. Bugbot is set up for automated code reviews on this repo. Configure here.
Summary by CodeRabbit
Documentation
Chores