License Activation
Where activation happens
Section titled “Where activation happens”Licenses are activated in the CodeXX DTDK manager (codexx_dtdk_manager), not in the codegen CLI. The manager owns activation for every licensed component, so individual tools no longer ship their own activation flow.
Earlier builds activated with codegen license activate <key>. That subcommand has been removed — codegen now prints a pointer to the manager and exits. See Tiers & Pricing for what each tier unlocks.
Activating a component
Section titled “Activating a component”- Launch the manager:
codexx_dtdk_manager. - Use ↑ / ↓ to select a licensed component (e.g. codegen).
- Press Enter — for an unactivated licensed component this opens the activation pane in place of the version list.
- Paste your license key and confirm.
The manager verifies the key, binds it to this machine’s fingerprint, and writes a per-product signed token to disk:
- Linux/macOS:
$XDG_CONFIG_HOME/codexx/licensing/<product>.token(default~/.config/codexx/licensing/<product>.token) - Windows:
%APPDATA%\CodeXX\licensing\<product>.token
Each licensed component caches its own token (codegen.token, …). A legacy single-file license.token from an earlier release is auto-migrated to the per-product name on first read.
Until a licensed component is activated the manager will not query its release channels; activation unlocks them.
Checking the cached licence
Section titled “Checking the cached licence”codegen keeps two read-only licence subcommands:
codegen license checkPrints the cached tier and offline status:
License valid. Tier: Professional Email: user@example.com Offline: yes (cached token) Expiry: 2026-12-31T23:59:59Z # only if the licence carries an expirycheck reads the local token, verifies the Ed25519 signature and machine fingerprint, and confirms the cache TTL has not elapsed. On TTL expiry it returns Unreachable and the codegen binary continues with Community-tier defaults rather than failing the run.
codegen license fingerprintPrints this machine’s stable 64-char hex SHA-256 fingerprint — useful when reporting an activation problem.
Token format
Section titled “Token format”License tokens are Ed25519-signed JSON, verified against the public key baked in at build time (CMake define KEYGEN_ED25519_PUBLIC_KEY); a signed key verifies locally with no server round-trip. The token carries the licensed tier, the Keygen product, an optional ISO-8601 expiry, the user email, and the machine fingerprint.
Every issued token is machine-bound — verification rejects a token whose fingerprint does not match the running host (MachineMismatch). Floating / cross-machine licences are not currently supported.
Deactivating
Section titled “Deactivating”To release a machine, select the activated component in the manager and press Shift + D (the [D] deactivate-license action in the footer). This clears the local token and releases the Keygen-side seat best-effort. Transferring a licence to another machine is deactivate-here, then activate-there.
Offline / air-gapped activation
Section titled “Offline / air-gapped activation”There is no fingerprint-exchange CLI yet. The supported air-gapped path: activate in the manager on a temporarily-connected machine, then keep it offline — the cached signed token verifies without further network access for as long as the cache TTL holds. A first-class fingerprint-exchange flow is on the roadmap.
Diagnostics
Section titled “Diagnostics”| Code | Meaning |
|---|---|
E101 | Licence invalid or not activated. Activate the component in codexx_dtdk_manager. |
E103 | Cached token failed signature, machine-fingerprint, or TTL checks (or is corrupt / suspended / expired). Re-activate the component in codexx_dtdk_manager. |
When the licence service is unreachable on a check() (no network and no cache, or TTL elapsed), the engine treats it as Unreachable and continues with Community-tier defaults — no fatal error.
- Activation lives in the
codexx_dtdk_managerTUI — select a component, press Enter, paste the key. - Verification is offline against a per-product Ed25519-signed token; no server round-trip at runtime.
- Tokens are machine-bound; transfer is deactivate (Shift + D in the manager) then re-activate.
codegenkeeps read-onlylicense checkandlicense fingerprint;activate/deactivatewere removed.