CI and Offline Use

License verification is offline. verifyLicense(token, publicKey) parses the compact token, checks the Ed25519 signature, and returns claims when the signature is valid.

No network call is needed to know whether a token is signed correctly.

#CI

For CI builds, treat the license token like any other secret:

NGAF_LICENSE=... npm test

Then pass it through the framework provider that owns the package you use.

provideAgent({
  apiUrl: process.env['LANGGRAPH_API_URL'],
  license: process.env['NGAF_LICENSE'],
});

If you call runLicenseCheck() directly, inject the current time only when you need deterministic tests:

await runLicenseCheck({
  package: '@ngaf/example',
  token,
  publicKey,
  nowSec: 1_735_689_600,
});

#Offline verification

Use verifyLicense() and evaluateLicense() directly when network access is unavailable or unwanted.

import { evaluateLicense, verifyLicense } from '@ngaf/licensing';
 
const verified = await verifyLicense(token, publicKey);
const result = evaluateLicense(verified, {
  nowSec: Math.floor(Date.now() / 1000),
});

This does not emit warnings. The higher-level runLicenseCheck() helper can emit warnings, but it does not make network requests.

#Signing tokens

signLicense() is exported for token minting and tests:

import { signLicense } from '@ngaf/licensing';
 
const token = await signLicense(claims, privateKey);

It signs the UTF-8 JSON payload with Ed25519 and returns the compact token format expected by verifyLicense().

Do not ship private keys in application code. Verification needs only the public key.