API Events
Licensing has no asynchronous messaging surface.
Application.configureComponents()registers only a Redis cache (useCacheRedis). There is no Kafka producer/consumer, no BullMQ queue, and no WebSocket emitter. The@platformatic/kafkaandbullmqdependencies inpackage.jsonare unused.
1. Inbound — Kafka
| Topic | Producer | Handler | Idempotency Key | Failure Mode |
|---|---|---|---|---|
| None | — | — | — | — |
2. Outbound — Kafka
| Topic | Trigger | Consumers | Payload Schema |
|---|---|---|---|
| None | — | — | — |
3. Inbound — BullMQ
| Queue | Job Type | Producer | Handler | Concurrency |
|---|---|---|---|---|
| None | — | — | — | — |
4. Outbound — BullMQ
| Queue | Job Type | Trigger | Consumer Service |
|---|---|---|---|
| None | — | — | — |
5. WebSocket Emissions
| Topic | Room | Trigger | Action Enum |
|---|---|---|---|
| None | — | — | — |
6. Payload Schemas
The only cross-service payload is the license certificate written to Redis. It is not a message-bus event — it is a key the consumer pulls on demand via
@nx/core'sLicenseMiddleware.
Redis certificate channel
| Aspect | Value |
|---|---|
| Producer | LicensingBaseService.publishCertificate() — redis.client.set(key, cert, 'EX', certTtl) |
| Consumer | @nx/core LicenseProvider (a.k.a. LicenseMiddleware) — redis.client.get(key) |
| Key | lic:certs:<entityType>:<entityId> (e.g. lic:certs:Merchant:123) |
| Value | Base64 string envelope (AES-256-GCM payload + Ed25519 signature) |
| TTL | APP_ENV_LICENSING_CERT_TTL_SECONDS (default 86400) |
ts
// Decrypted certificate payload — ILicenseCertificatePayload (@nx/core)
export interface ILicenseCertificatePayload<FeaturesType = Record<string, unknown>> {
license: { id: string; key: string };
entity: { type: string; id: string };
status: string; // LicenseStatuses
tier: string; // policy.type (PolicyTypes)
features: FeaturesType; // resolved PolicyFeature map (with override merge)
activation: { limit: number } | null;
expiresAt: string | null;
issuedAt: string;
certExpiresAt: string; // independent of license.expiresAt — drives Redis EX
}ts
// On-the-wire envelope — ICertificateEnvelope (@nx/core)
export interface ICertificateEnvelope {
enc: string; // AES-256-GCM ciphertext of JSON payload
sig: string; // Ed25519 signature (base64url) over "MESSAGE_PREFIX:enc"
alg: string; // "aes-256-gcm+ed25519"
}7. Idempotency & Ordering
| Surface | Delivery | Ordering | Recovery |
|---|---|---|---|
| Redis certificate | last-write-wins (single key per entity) | n/a (latest state only) | Re-published on every lifecycle mutation; expires after TTL → consumer sees null (fail-open) until re-issued |
When the cert is missing or fails verification,
LicenseMiddlewareis fail-open: it sets the license context tonull(treated as "unknown", not "unlicensed").
8. Related Pages
- Integration — the trust seam with
@nx/core - Certificate System — signing/verification detail
- Architecture — Runtime Scenarios