Source-available. Cryptographically enforced. Fully offline.
License holders receive the full TypeScript source. A signed key file — verified by a closed-source WASM module — is required at runtime on every deployment. No phone-home. No internet required to validate.
The license key file
A signed payload that carries all your entitlements.
When you purchase a license, you receive a .trtc-license file. It is a compact, base64url-encoded JSON payload with a detached ECDSA signature. Drop it in your deployment and point the SDK at it — nothing else needed.
Validation
Verified at startup. No network required.
The SDK calls loadLicense() before any room or server can be created. Validation happens inside a closed-source WASM module — fully offline, no license server call needed.
The WASM module embeds the ECDSA public key at compile time. Even with the full TypeScript source, a licensee cannot produce a valid signature.
Read key file
WASM module reads .trtc-license from disk (server) or supplied string (browser). No network request.
Verify ECDSA signature
ES256 signature checked against the public key hardcoded in the WASM binary. Any modification — even a single character — fails verification.
Check expiry and domain
expiresAt compared to current time. Deployment origin checked against domains — mismatch throws immediately.
Return LicenseCapabilities
A typed capabilities object is returned. Required parameter for every SDK constructor — will not compile or run without it.
Architecture
One closed-source seam. Everything else is readable.
The TypeScript SDK source is available to license holders. The one component that is not source-available is validator.wasm. This is the seam that makes enforcement meaningful — modifying any TypeScript still hits the WASM boundary.
The capabilities object returned by the WASM module threads through the SDK as a required constructor parameter — not an optional flag. Removing the check means rewriting the TypeScript type system across every constructor.
Bypass resistance
Every attack path costs more than a license.
No enforcement is mathematically absolute when source is available. The goal is to make bypass more expensive — in effort, risk, and legal exposure — than purchasing a license.
Note
Bypass resistance · continued
Operational and lifecycle protections.
Feature unlocks
The key file encodes exactly what your tier permits.
Tier caps are enforced at the subsystem level — AI worker count by the AI supervisor, region count by the deployment router, advanced features by the feature flag in each handler. Exceeding a cap throws a typed LicenseCapabilityError, not a silent failure.
“WHIP/WHEP RTP gateway” in tier tables covers the shipped HTTP media gateway: real SDP negotiation, trickle ICE, producer/consumer wiring, and mediasoup/first-party engine coverage. Production-scale multi-tenant hardening and real-player playback validation remain deployment work — see docs-site/content/signaling.md.
Starter
- ✓ Core signaling
- ✓ Mesh topology
- ✓ SFU (mediasoup)
- ✓ First-party SFU
- ✓ TURN server
- ✓ 2 AI workers
- ✓ 1 region
- — Room recording
- — WHIP/WHEP RTP gateway
- — SIP gateway
- — Wildcard domains
Business
- ✓ Core signaling
- ✓ Mesh topology
- ✓ SFU (mediasoup)
- ✓ First-party SFU
- ✓ TURN server
- ✓ 20 AI workers
- ✓ 3 regions
- ✓ Room recording
- ✓ Wildcard domains
- — WHIP/WHEP RTP gateway
- — SIP gateway
Enterprise
- ✓ Core signaling
- ✓ Mesh topology
- ✓ SFU (mediasoup)
- ✓ First-party SFU
- ✓ TURN server
- ✓ Unlimited AI workers
- ✓ Custom regions
- ✓ Room recording
- ✓ WHIP/WHEP RTP gateway
- ✓ SIP gateway
- ✓ Wildcard domains
Eval & pilot
Try before you commit — scoped, time-boxed, non-production.
Eval and pilot licenses let you validate the SDK against your infrastructure before signing a production EULA. They carry a hard expiry, a limited domain set, and feature caps matching the scoped tier.
Eval keys expire after 14 days. Pilot keys match the agreed pilot window — typically 30–90 days.
Issued for localhost plus one staging origin. Production traffic rejected at the WASM boundary.
Pilot feature set mirrors the tier under evaluation — no artificial feature ceiling beyond the target tier.
Every eval key carries a licenseeId. Misuse is traceable. EULA §6 applies from day one.
No phone-home
Air-gapped deployments. No license server dependency.
Validation is entirely local. The WASM binary carries the public key at compile time — there is no license server URL, no heartbeat call, and no runtime network requirement. A deployment with no outbound internet access works identically to one with it.
- No license server The ECDSA public key is embedded in the WASM binary. Validation is a local cryptographic operation — no HTTP call, no DNS lookup.
- Air-gap compatible Works in VPCs, private clouds, and fully isolated environments. Meets the requirements of air-gapped government and financial deployments.
- No heartbeat There is no periodic check-in. Once a perpetual key is validated at startup, the SDK runs indefinitely with no further license calls.
- Startup-only overhead Validation runs once at process start. The capabilities object is cached in memory for the process lifetime — zero per-request overhead.
Runtime enforcement
Cap violations throw typed errors, not silent degradation.
Feature caps are enforced at the point of use — not at a single door-checker. Exceeding any cap throws a LicenseCapabilityError with a typed reason code, making violations discoverable in development and auditable in production logs.
Enforced in the AI worker supervisor on spawn(). Throws LicenseCapabilityError("ai-worker-cap-exceeded") with current and permitted counts.
Enforced in the deployment router on addRegion(). Attempting to register a fourth region on a Business license throws immediately.
WHIP/WHEP, SIP, and recording handlers check capabilities at handler registration time — not per-request — to fail fast during server boot.
Browser SDK checks window.location.origin against the key's domain list at loadLicense(). Invalid origin throws before any WebRTC object is created.
Legal framework
Technical enforcement backed by legal exposure.
Cryptographic controls are one layer. Legal controls are the other. Together they make bypass more costly than a license — not just technically, but financially and legally.
- EULA §6 Prohibits circumvention of technical protection measures. Breach constitutes immediate license termination plus statutory damages.
- 17 U.S.C. §1201 (DMCA) Circumventing a technical protection measure — including replacing validator.wasm — is a federal violation independent of the EULA.
- licenseeId watermark Every key file encodes the licenseeId in the signed payload. A leaked or redistributed key is cryptographically traceable to the original licensee.
- Key versioning Old keys are invalidated on renewal. Holding a leaked key from a prior period provides no ongoing benefit after the customer re-keys.
A signed key file and source access — issued in one business day.
- 1 Choose tier
Starter ($28k/yr), Business ($84k/yr), or Enterprise ($220k+/yr) — see pricing for full feature breakdown.
- 2 Sign the EULA
Review the EULA at the repository root, countersign, and return to Licensor.
- 3 Receive your key
A .trtc-license file and source repository access issued to your organization within one business day.