Back to Geas
Geas

Getting Started

Protect your software with cryptographic license enforcement in six steps.

1

Install the CLI

Install the Geas CLI tool. Requires Rust toolchain.

cargo install geas-cli

Or download a pre-built binary from the releases page.

2

Generate Signing Keys

Generate an Ed25519 key pair for signing packages and issuing licenses.

geas keygen -o ./keys

Keep your private key safe. You'll need it for every publish and license operation.

3

Wrap Your Crate

Add Geas protection to your Rust crate. This marks critical functions for cryptographic enforcement and generates the geas.toml config.

geas wrap ./my-crate --license perpetual

License types: perpetual, subscription, usage-based, seat-based, trial.

4

Publish to Registry

Push the wrapped crate to the Geas registry. The archive is hashed, signed, and recorded in the tamper-evident ledger.

geas publish --registry https://api.numbral.com \
  --token $GEAS_TOKEN

Each publish creates a ledger entry with the Merkle root of your package.

5

Issue Access Links

Create shareable access links with tier-based permissions. Control who can read, execute, benchmark, or redistribute your code.

geas access create my-crate \
  --tier standard \
  --note "Acme Corp evaluation"

Links are HMAC-signed and support expiry, activation limits, and revocation.

6

Consumer: Activate & Build

Your customer receives an access link, activates their license, and builds normally. License validation is transparent at compile time.

geas activate <ACCESS_TOKEN>
cargo add my-crate --registry geas
cargo build  # license validated transparently

Offline grace period allows builds without network access for a configurable window.

Key Concepts

Tamper-Evident Ledger

Every publish is recorded in an append-only hash chain. Any modification breaks the chain, making tampering detectable.

Content-Addressed Storage

Archives are stored by their SHA-256 hash. Duplicate content is automatically deduplicated. Integrity is guaranteed by hash verification.

Shape Descriptors

Each package version generates a unique visual fingerprint based on file topology, type distribution, and entropy. Like a cryptographic seal for your code.

Access Tiers

Define granular permission tiers (trial, standard, enterprise) in your geas.toml. Generate signed links with per-tier expiry and activation limits.

Browse PackagesRequest Access

Geas — from Old English, meaning a binding obligation that cannot be broken.