lee/pentagi
1
0
Fork 0
mirror of https://github.com/vxcontrol/pentagi.git synced 2026-05-03 21:40:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
v2.0.0
pentagi/CONTRIBUTING.md
T
Dmitry Ng 600419bed3 feat: add license compliance documentation and reporting tools 
- Introduce CONTRIBUTING.md for license compliance guidelines for developers.
- Update Dockerfile to generate license reports for frontend and backend dependencies.
- Add scripts for generating license reports and include them in the Docker build process.
- Create README.md and .gitignore files in the licenses directory for better organization.
- Update go.mod and go.sum to use the latest versions of vxcontrol dependencies.

This enhances the project's compliance with licensing requirements and improves dependency management.
2026-03-29 18:48:06 +03:00

2.0 KiB
Raw Permalink Blame History

License Compliance Guide

Overview

PentAGI is MIT licensed and all dependencies use MIT-compatible licenses.

For Developers

Adding New Dependencies

When adding new dependencies, ensure they use compatible licenses:

Approved Licenses

  • MIT
  • Apache-2.0
  • BSD-2-Clause, BSD-3-Clause
  • ISC
  • MPL-2.0 (if used without modification)
  • 0BSD (public domain)

Incompatible Licenses

  • GPL, LGPL, AGPL (without special exception)
  • CC-BY-SA (for code, OK for data)
  • Proprietary/Commercial licenses

Before Merging PR

  1. Update dependencies:

    cd backend && go mod tidy
cd ../frontend && npm install

  2. Generate license reports:

    ./scripts/generate-licenses.sh

    This script automatically collects license information from all dependencies and saves them to the licenses/ directory. See licenses/README.md for details.

  3. Scan for issues:

    osv-scanner scan --experimental-licenses="MIT,Apache-2.0,BSD-2-Clause,BSD-3-Clause,ISC,MPL-2.0" backend
osv-scanner scan --experimental-licenses="MIT,Apache-2.0,BSD-2-Clause,BSD-3-Clause,ISC,MPL-2.0" frontend

License Verification Tools

  • osv-scanner - Security and license scanning (recommended)
  • license-checker - npm license verification
  • go-licenses - Go module license extraction (install: go install github.com/google/go-licenses@latest)
  • go list - Go module inspection

For Docker Builds

License reports are automatically generated during Docker builds:

  • Backend reports in /opt/pentagi/licenses/backend/
    • dependencies.txt - List of all Go modules
    • licenses.csv - Detailed license information (generated by go-licenses)
  • Frontend reports in /opt/pentagi/licenses/frontend/
    • dependencies.json - Complete npm dependency tree
    • licenses.json - Detailed license data
    • licenses.csv - License summary

Questions?

Contact: info@pentagi.com or info@vxcontrol.com

Reference in New Issue View Git Blame Copy Permalink