Fix licensing vulnerabilities and strengthen freemium model legal protections

LICENSE.md

@@ -12,6 +12,12 @@ This license applies to all files within this repository, with the exception of
 - `lib/react_on_rails/pro/`
 - `node_package/src/pro/`
 
+**Important:** The Pro-licensed directories contain code that is included in this package but requires a valid React on Rails Pro subscription to function. Any attempt to circumvent, bypass, modify, or disable the license validation mechanisms is strictly prohibited and constitutes a violation of this license and the React on Rails Pro License.
+
+**Critical:** The MIT-licensed code that imports or interfaces with Pro-licensed modules (including but not limited to clientStartup.ts, serverRenderReactComponent.ts, ReactOnRails.client.ts, and ReactOnRails.node.ts) is protected by this license. Any modification, patching, or circumvention of these interface modules to enable unauthorized access to Pro features is strictly prohibited and constitutes a violation of this license and the React on Rails Pro License.
+
+**Ruby License Validation Protection:** The MIT-licensed Ruby code that performs license validation and generates the `rails_context` (including but not limited to lib/react_on_rails/helper.rb, lib/react_on_rails/utils.rb, and any code that calls `ReactOnRails::Utils.react_on_rails_pro?` or generates the `rorPro` field) is protected by this license. Any modification, patching, or circumvention of these license validation mechanisms to enable unauthorized access to Pro features is strictly prohibited and constitutes a violation of this license and the React on Rails Pro License.
+
 Copyright (c) 2017, 2018 Justin Gordon and ShakaCode  
 Copyright (c) 2015–2025 ShakaCode, LLC
 

REACT-ON-RAILS-PRO-LICENSE.md

@@ -1,6 +1,6 @@
 # ShakaCode React on Rails Pro – End User License Agreement (EULA)
 
-_Version 2.0 — 2025-09-06_  
+_Version 2.1 — 2025-09-25_  
 © 2015–2025 ShakaCode, LLC. All rights reserved.
 
 ---
@@ -51,7 +51,11 @@ The Organization shall not:
 
 1. redistribute or resell the Software or derivatives;
 2. remove, obfuscate, or disable required attribution;
-3. use the Software to build a directly competing product exposing substantially similar functionality.
+3. use the Software to build a directly competing product exposing substantially similar functionality;
+4. **circumvent, bypass, modify, disable, or tamper with any license validation mechanisms, license checks, or authentication systems;**
+5. **reverse engineer, decompile, or disassemble the Software for the purpose of circumventing license restrictions;**
+6. **create, use, or distribute any tools, scripts, patches, or modifications designed to enable unauthorized use of Pro features;**
+7. **attempt to access or use Pro features without a valid, active subscription.**
 
 ---
 
@@ -85,6 +89,9 @@ While subscribed, the Organization receives software updates and reasonable supp
 
 If ShakaCode reasonably suspects non-compliance, the Organization will cooperate in good faith to verify compliance, including enabling inspection for attribution presence and providing a usage statement. ShakaCode will use commercially reasonable efforts to minimize disruption.
 
+**9.1 Detailed Audits**  
+ShakaCode or a certified auditor acting on its behalf may, upon reasonable request and at ShakaCode’s expense, audit the Organization’s use of the Software to verify compliance with this Agreement. Audits may be conducted by mail, electronically, or by in-person visits during regular business hours and shall minimize disruption to the Organization’s business. If the audit reveals a material unauthorized use, the Organization shall reimburse ShakaCode for reasonable audit costs.
+
 ---
 
 ## 10. Feedback & Contributions
@@ -118,12 +125,43 @@ Direct damages are limited to amounts paid in the 12 months preceding the claim.
 
 ---
 
-## 15. Governing Law; Venue
+## 15. Indemnification
+
+The Organization agrees to defend, indemnify, and hold harmless ShakaCode and its affiliates from any claims, losses, damages, liabilities, costs, or expenses (including legal fees) arising out of the Organization’s use of the Software or breach of this Agreement.
+
+---
+
+## 16. Export Compliance
+
+The Organization agrees to comply with all applicable export laws and regulations, including restrictions on export, re-export, or redistribution of the Software.
+
+---
+
+## 17. Attorneys’ Fees and Costs
+
+In any enforcement or legal action arising under this Agreement, the prevailing party shall be entitled to recover reasonable attorneys’ fees and costs.
+
+---
+
+## 18. Governing Law; Venue
+
+This Agreement is governed by the laws of the **State of Hawaii**, USA. Exclusive jurisdiction and venue lie in the courts located therein.
+
+---
+
+## 19. Miscellaneous
+
+- **19.1 Severability**  
+  If any provision is held invalid or unenforceable, the remainder shall continue in full force.
+
+- **19.2 Waiver**  
+  Failure to enforce any provision is not a waiver of rights.
 
-Choose one: **State of Hawaii**, USA. Exclusive jurisdiction and venue lie in the courts located therein.
+- **19.3 Assignment**  
+  The Organization may not assign this Agreement without prior written consent.
 
 ---
 
-## 16. Entire Agreement; Order of Precedence
+## 20. Entire Agreement; Order of Precedence
 
 This EULA and any order (pricing/term) are the entire agreement. If there is a conflict, the order controls.

docs/DIRECTORY_LICENSING.md

@@ -12,14 +12,14 @@ All directories in the `react_on_rails` repository are MIT licensed:
 react_on_rails/
 ├── lib/react_on_rails/           # Core Ruby code (MIT)
 ├── node_package/src/             # Core JS/TS code (MIT)
-│   └── pro/                      # Pro features placeholder (MIT but references pro)
+│   └── pro/                      # Pro features with license validation (Pro licensed)
 ├── spec/                         # Core tests (MIT)
 ├── docs/                         # Documentation (MIT)
 ├── .github/                      # GitHub workflows (MIT)
 └── [all other directories]       # MIT
 ```
 
-**Exception:** The `node_package/src/pro/` directory contains placeholder code that references Pro features, but the actual Pro implementation is in the separate `react_on_rails_pro` repository.
+**Exception:** The `node_package/src/pro/` directory contains actual Pro implementation code with license validation. The code is included in the package but requires a valid Pro license to function.
 
 ### react_on_rails_pro Repository - Pro Licensed
 

docs/LICENSING_FAQ.md

@@ -95,7 +95,7 @@ react_on_rails/ (monorepo root)
 
 **A:** We maintain two separate repositories:
 
-- **react_on_rails** (MIT) - Core functionality, completely free except pro directories as stated in LICENSE.md
+- **react_on_rails** (MIT) - Core functionality, completely free. Pro features are included but gated behind license validation as stated in LICENSE.md
 - **react_on_rails_pro** (Pro License) - Advanced features, subscription required for production
 
 ### Q: What requires a Pro subscription?

package.json

@@ -118,7 +118,7 @@
     "Rails"
   ],
   "author": "[email protected]",
-  "license": "MIT",
+  "license": "(MIT AND Proprietary)",
   "bugs": {
     "url": "https://github.com/shakacode/react_on_rails/issues"
   },