License Blacklist and Compliance Mechanism

To maintain the healthy development of the TechUI community and safeguard the rights of legitimate users, TechUI has established a strict License Blacklist Mechanism.

This mechanism relies on the anti-tampering features of the Wasm core. Once a license is listed on the blacklist, it cannot be restored by any means, and the license will permanently become invalid in all new versions of TechUI.

Technical Limitations

We are committed to maintaining technical transparency. We must acknowledge that as a Pure Frontend component library, TechUI's operating mechanism relies on 'Client Runtime' and 'Local Execution' architectural characteristics. This means our blacklist mechanism has physically "untouchable" areas.

"Untouchable" Existing Business

Because we cannot remotely control or rollback static resources you have already deployed to users' browsers, the blacklist mechanism has a lag:

• Existing Availability: Even if blacklisted, projects compiled, packaged, and deployed using older versions of TechUI remain available. We cannot remotely shut them down.
• Limited Sanctions: In a sense, the blacklist serves more as a severe "warning record".

The Real Punishment: Cutting Off the Future

Although older versions remain available, "entering the blacklist" means your project will permanently lose future possibilities. This is the real punishment of this mechanism:

• Version Stagnation: You will be unable to upgrade to any new TechUI versions containing new features, performance optimizations, or security patches.
• Technical Debt: When you attempt to upgrade dependencies, the Wasm core's meltdown mechanism will trigger, causing the project to fail to run properly. (Of course, you can rollback to the old version.)

Summary: TechUI's blacklist mechanism does not seek to "destroy the past" but aims to "blockade the future". Any team attempting to maintain the project lifecycle evolution cannot afford the cost of losing version updates.

Violations

When any of the following behaviors are monitored or confirmed via reporting, the relevant license will be immediately marked as "High Risk" or directly listed on the blacklist:

License Leakage and Misappropriation

• Due to improper custody, the License Key leaks to the public network (such as GitHub public repositories, technical forums, QQ/TG groups, etc.).
• Lending, transferring, or reselling a license restricted to own use to a third party.

Geo-Violation

• When a license is issued, it is limited to use in the registered country or region. Use on servers, domains, or business scenarios outside the restricted area is considered a violation.

Engaging in Illegal Business (Zero Tolerance Clause)

• Using this component library to develop or operate projects that violate local laws and regulations.
• Including but not limited to: Online fraud, illegal gambling, pornography industry, contraband trading, pyramid schemes, etc.

Disposal Process

Given that license violations (such as key leakage, illegal use) are usually irreversible, our blacklist mechanism adopts the principle of "Execute upon Notification" with no rectification buffer period.

Evidence Collection and Archiving

• Violation Evidence: Upon detecting an anomaly, the security team will immediately collect complete evidence of the violation scene.
• Evidence Sealing: All evidence will be archived as the original basis for subsequent disposal judgment and handling potential legal disputes, ensuring the disposal process is rigorous and fair.

Notification and Execution

• Immediate Effect: After the evidence chain is closed, the license will be immediately entered into the blacklist database.
• Notification Delivery: We will send a "License Revocation Notice" to the email address you reserved when applying for the license.
• No Rectification Period: Since the leakage is a fait accompli or the nature of the business is determined, we do not accept post-event rectification applications, and the blacklist order is issued directly.
• No Refund: License revocation due to violation of blacklist terms (such as key leakage, illegal use) constitutes a serious unilateral breach of contract by the user. All paid authorization fees (including but not limited to subscription fees, buyout fees) are non-refundable.

Limited Public Notice

• Blacklist Disclosure: To warn the community and maintain a fair environment, revoked license information will be updated to the "Blacklist Publicity" section of the official website.
• Desensitization Treatment: We use mask mixing for disclosure. This method ensures the authenticity and traceability of evidence while balancing necessary privacy compliance to a certain extent.

Core Meltdown

• Effective Timing: Takes effect with the next version update of TechUI.
• Manifestation: During the initialization phase of the new version's Wasm core, the system will automatically check the blacklist. Once matched:
• The console outputs a red warning: [TechUI Security] License Revoked.
• The Wasm core refuses to start, and all UI components dependent on core algorithms will fail to render.

Security Recommendations

How to prevent license leakage?

In frontend engineering, since the code ultimately runs in the client browser, the license key is theoretically visible after packaging. To minimize risk, TechUI provides Scope Binding functionality.

We strongly recommend applying to customer service to add extra security parameters based on your deployment environment:

Intranet Only Deployment

If you only use TechUI within an enterprise intranet, please apply for Intranet IP Binding. After binding, TechUI will only allow running under private IP address segments. Even if the key leaks to the public network, attackers cannot use it under public domains.

• Supported Intranet Segments Reference (RFC 1918):
• 10.0.0.0 - 10.255.255.255
• 172.16.0.0 - 172.31.255.255
• 192.168.0.0 - 192.168.255.255

Domain Binding Deployment

If you need to publish applications on the public network, it is strongly recommended to perform Domain Whitelist Binding when issuing the license.

• Principle: The Wasm core verifies the hostname in the current browser address bar.
• Effect:
  • The license is only valid under your specified domain (e.g., your-app.com).
  • Even if hackers extract your License Key and copy it to their own website, TechUI will trigger the meltdown mechanism due to domain mismatch.
  • This is the most effective means to prevent "innocent bans" caused by "license theft".

Unrestricted Mode

By default, standard licenses do not contain the above binding restrictions. This means users have maximum deployment flexibility, but also must bear the risk of triggering the blacklist due to leakage or theft caused by poor key custody.

Damage Control

If you discover that your license may have been leaked, or need to add domain/IP binding to an existing license, please contact your sales manager immediately.