# Licensing Guide `word-editor` uses two separate license concepts: - Source license: the repository source code is AGPL-3.0-only. - Runtime authorization: production use is gated by `office-preview-license.json` and `wasm/office-parser-core.wasm`. The runtime authorization file is public deployment material. The root seal secret, registrar grants, customer grants, and issuance ledgers are private materials and must never be committed. ## Current Runtime License The canonical runtime license is root-signed: ```text licenseId: word-editor-root-pages-20260629 scope: root:word-editor holder: word-editor origin: https://docx-editor.pages.dev feature: docx ``` Local development origins are also included: ```text http://127.0.0.1:* http://localhost:* ``` This license is not derived from an enterprise customer registrar grant. It intentionally has no `parentGrantId`, no `parentHolder`, and no `issuedBy: office-preview-enterprise-registrar`. ## Reissuing The Root Runtime License The root signing secret stays outside the repository: ```text ~/.office-preview-license/office-preview-wasm-seal-2026-06.secret.json ``` Issue a new runtime license: ```bash npm run license:issue-root ``` Optional environment overrides: ```bash WORD_EDITOR_DEPLOY_ORIGIN=https://docx-editor.pages.dev \ WORD_EDITOR_LICENSE_VALID_DAYS=365 \ WORD_EDITOR_LICENSE_ID=word-editor-root-pages-20260629 \ npm run license:issue-root ``` ## Runtime Enforcement Flow 1. The page imports `auth/word-editor-license-runtime.mjs`. 2. The runtime fetches `office-preview-license.json`. 3. The runtime loads `wasm/office-parser-core.wasm`. 4. The WASM gate validates seal, origin, expiry, edition, and feature. 5. The gate installs immutable globals under `flyfish.wordEditor.licenseGate.v1`. 6. `` mounts only after `docx` authorization succeeds. ## Security Rules - Commit `office-preview-license.json` only when it is a public runtime authorization for the intended deployment. - Do not commit root seal secrets. - Do not commit enterprise registrar grants. - Do not commit customer grants or private ledgers. - Do not deploy an enterprise registrar grant as a runtime license. --- # 授权指南 `word-editor` 有两类不同的授权概念: - 源码许可证:仓库源码使用 AGPL-3.0-only。 - 运行授权:生产使用由 `office-preview-license.json` 和 `wasm/office-parser-core.wasm` 门禁控制。 运行授权文件是可公开部署材料。root seal secret、注册机 grant、客户 grant 和签发账本都是私有材料,不能提交到仓库。 ## 当前运行授权 当前标准运行授权为根签发: ```text licenseId: word-editor-root-pages-20260629 scope: root:word-editor holder: word-editor origin: https://docx-editor.pages.dev feature: docx ``` 同时允许本地开发 origin: ```text http://127.0.0.1:* http://localhost:* ``` 该授权不是从企业客户注册机 grant 派生,不包含 `parentGrantId`、`parentHolder` 或 `issuedBy: office-preview-enterprise-registrar`。 ## 重新签发根运行授权 root 签发密钥保存在仓库外: ```text ~/.office-preview-license/office-preview-wasm-seal-2026-06.secret.json ``` 签发新运行授权: ```bash npm run license:issue-root ``` 可选环境变量: ```bash WORD_EDITOR_DEPLOY_ORIGIN=https://docx-editor.pages.dev \ WORD_EDITOR_LICENSE_VALID_DAYS=365 \ WORD_EDITOR_LICENSE_ID=word-editor-root-pages-20260629 \ npm run license:issue-root ``` ## 运行时门禁流程 1. 页面导入 `auth/word-editor-license-runtime.mjs`。 2. runtime 拉取 `office-preview-license.json`。 3. runtime 加载 `wasm/office-parser-core.wasm`。 4. WASM 门禁校验封签、origin、有效期、版本和功能。 5. 门禁安装不可变的 `flyfish.wordEditor.licenseGate.v1` 全局对象。 6. `` 仅在 `docx` 授权通过后挂载。 ## 安全规则 - 只有面向目标部署的公开运行授权可以提交为 `office-preview-license.json`。 - 不提交 root seal secret。 - 不提交企业注册机 grant。 - 不提交客户 grant 或私有账本。 - 不把企业注册机 grant 当作运行授权部署。