chore: license pnpr and pnpm-agent under PolyForm Shield 1.0.0#12082
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (15)
📜 Recent review details⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
🧰 Additional context used📓 Path-based instructions (1)pnpr/**/pnpr/**/Cargo.toml📄 CodeRabbit inference engine (pnpr/AGENTS.md)
Files:
🧠 Learnings (2)📚 Learning: 2026-05-26T21:01:06.666ZApplied to files:
📚 Learning: 2026-05-05T23:03:04.286ZApplied to files:
🪛 LanguageToolpnpr/npm/pnpr/LICENSE.md[style] ~8-~8: Consider a more concise word here. (IN_ORDER_TO_PREMIUM) [grammar] ~85-~85: Ensure spelling is correct (QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1) pnpr/LICENSE.md[style] ~8-~8: Consider a more concise word here. (IN_ORDER_TO_PREMIUM) [grammar] ~85-~85: Ensure spelling is correct (QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1) agent/server/LICENSE.md[style] ~8-~8: Consider a more concise word here. (IN_ORDER_TO_PREMIUM) [grammar] ~85-~85: Ensure spelling is correct (QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1) 🔇 Additional comments (16)
📝 WalkthroughWalkthroughThis PR adopts the PolyForm Shield License 1.0.0 for pnpm-agent and pnpr components while keeping the main monorepo MIT-licensed. It updates the meta-updater to conditionally emit license fields, adds license documents and contribution guides to both components, and updates package metadata across Rust and npm packages. ChangesPolyForm Shield License adoption for pnpm-agent and pnpr
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 ESLint
ESLint install failed. For unrecoverable errors, disable the tool in CodeRabbit configuration. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Relicense the pnpr/ subtree (the pnpm-compatible registry server) from MIT to the source-available PolyForm Shield License 1.0.0. The rest of the monorepo stays MIT. pnpr may be run, modified, and self-hosted for any purpose except providing a product that competes with it. - Add pnpr/LICENSE.md (PolyForm Shield 1.0.0). - Override the inherited workspace MIT in the pnpr crates via license-file. - Point the @pnpm/pnpr npm wrapper at the bundled LICENSE.md. - Note the carve-out in the root README (the root LICENSE stays pristine MIT so license detection keeps recognizing it).
90d252d to
bc83964
Compare
Relicense the pnpm-agent server (agent/server) from MIT to the source-available PolyForm Shield License 1.0.0, matching pnpr. The @pnpm/agent.client package stays MIT so the agent protocol remains openly implementable. - Add agent/server/LICENSE.md (PolyForm Shield 1.0.0). - Set the package license to "SEE LICENSE IN LICENSE.md". - Exempt pnpm-agent from meta-updater's MIT normalization via a SOURCE_AVAILABLE_PKGS set, so lint:meta stays green. - Note the carve-out in the agent/server README + add a changeset. pnpm-agent is only a devDependency of the pnpm CLI, so no source- available code ships in the MIT-licensed CLI artifact.
… and pnpm-agent Contributions to the source-available trees (pnpr/, agent/server) are accepted under the same PolyForm Shield License plus a grant letting the licensor relicense them under other terms. This preserves the option to later relax to a more permissive source-available license or offer a separate commercial license without per-contributor consent. - Add pnpr/CONTRIBUTING.md and agent/server/CONTRIBUTING.md. - Point to them from each tree's README license section.
…npm-agent State that pnpr and pnpm-agent are not affiliated with or endorsed by npm, Inc., GitHub, or Microsoft, and that "npm" is used only to describe registry-protocol compatibility. Also add a License section to the published @pnpm/pnpr npm wrapper README.
Review Summary by QodoLicense pnpr and pnpm-agent under PolyForm Shield 1.0.0
WalkthroughsDescription• Relicense pnpr/ and pnpm-agent from MIT to PolyForm Shield 1.0.0 • Add PolyForm Shield LICENSE.md files to both source-available components • Establish contribution terms with relicensing grant for future flexibility • Update package manifests and meta-updater to reflect new license declarations • Document license carve-outs in README files and contribution guidelines Diagramflowchart LR
MIT["MIT Monorepo"] -->|"Carve-out"| Shield["PolyForm Shield 1.0.0"]
Shield -->|"pnpr/"| Registry["pnpr Registry Server"]
Shield -->|"agent/server"| Agent["pnpm-agent Server"]
MIT -->|"Stays MIT"| Client["@pnpm/agent.client"]
MIT -->|"Stays MIT"| CLI["pnpm CLI"]
ContribTerms["Contribution Terms + Relicensing Grant"] -->|"Enables"| FutureRelicense["Future License Changes"]
File Changes2. pnpr/CONTRIBUTING.md
|
What
Relicenses the two source-available server components of the monorepo from MIT to the PolyForm Shield License 1.0.0:
pnpr/— the pnpm-compatible npm registry server (Rust).pnpm-agent(agent/server) — the pnpm agent server for server-side resolution + store-aware downloads (TypeScript).Everything else in the monorepo stays MIT.
Under Shield, both may be run, modified, and self-hosted on-premise for any purpose, free of charge — including internal business use. The only thing forbidden is providing a product that competes with them (e.g. reselling or offering them as a hosted service). This reserves the commercial/competing rights to the copyright holder while keeping the software free for everyone else to use. Shield has no forced conversion to open source, so control is retained indefinitely.
Open-core split (clients stay MIT)
The agent protocol's client halves stay MIT so the protocol remains openly implementable:
@pnpm/agent.client(agent/client, TypeScript) — MIT.pacquet/crates/agent-client(Rust) — MIT.Only the servers are Shield.
Changes
pnpr (Rust):
pnpr/LICENSE.md— PolyForm Shield 1.0.0 text with aRequired Notice:copyright line.pnpr/crates/{pnpr,pnpr-fixtures}/Cargo.toml— stop inheriting the workspace MIT (license.workspace = true→license-file = "../../LICENSE.md"). Not published to crates.io.pnpr/npm/pnpr/— the@pnpm/pnprwrapper now declares"SEE LICENSE IN LICENSE.md"and ships a bundledLICENSE.md.pnpm-agent (TypeScript):
agent/server/LICENSE.md— PolyForm Shield 1.0.0.agent/server/package.json—"license": "SEE LICENSE IN LICENSE.md"..meta-updater/src/index.ts— exemptpnpm-agentfrom meta-updater's MIT normalization via aSOURCE_AVAILABLE_PKGSset, solint:metastays green. (Verified:meta-updater --testand eslint both pass.)Shared:
README.mdnotes the carve-out. The rootLICENSEis left pristine MIT so GitHub/SPDX detection keeps recognizing the project as MIT.No source-available code ships in the MIT CLI
pnpm-agentis only a devDependency of thepnpmCLI (used in tests), not a runtime dependency — so no Shield-licensed code is bundled into the MIT-licensedpnpmartifact.How it relies on MIT's sublicense right
The existing
pnpr/andagent/servercode (including other contributors' commits) was MIT. MIT permits sublicensing, so the combined work can be redistributed under Shield while the MIT attribution is retained — no clawback of already-published MIT versions.Notes / review asks
pnpmCLI dev-depend on the Shield servers for tests. Dev-deps don't ship, so the distributed MIT artifacts are unaffected — flagging it for a conscious "yes, fine."Required Notice:line currently readsCopyright 2026 Zoltan Kochan (https://kochan.io)in all three LICENSE.md copies — adjust if you'd prefer a company/different URL.Contribution terms (relicensing flexibility)
Added
pnpr/CONTRIBUTING.mdandagent/server/CONTRIBUTING.md. Contributions to those source-available trees are accepted under the same PolyForm Shield License plus a grant letting the licensor relicense them under other terms. This keeps the option open to later relax to a more permissive source-available license (e.g. Elastic License v2) or offer a separate commercial license without per-contributor consent — important because Shield (unlike MIT) doesn't give the project owner sublicensing rights over inbound contributions by default.Written by an agent (Claude Code, claude-opus-4-8).
Summary by CodeRabbit
Documentation
Chores