# Licensing -- mcp-secure

`mcp-secure` is published under the **Business Source License 1.1 (BSL 1.1)**.
This page explains what that means in plain English and how to obtain a
commercial production licence.

## At a glance

| Use case                                                          | Licence required           | Cost     |
|-------------------------------------------------------------------|----------------------------|----------|
| Read the source, learn from it, contribute back                   | None (BSL 1.1 grant)       | Free     |
| Run it on your laptop for evaluation                              | None (BSL 1.1 grant)       | Free     |
| Use it in academic research                                       | None (BSL 1.1 grant)       | Free     |
| Use it in a personal project, hobby code, or non-commercial OSS   | None (BSL 1.1 grant)       | Free     |
| Internal corporate evaluation (up to 90 days)                     | None (BSL 1.1 grant)       | Free     |
| Use it in **production at a company**, in a paid product,         |                            |          |
| in a SaaS, in a customer-facing service, or as part of any        |                            |          |
| revenue-generating system                                         | **Commercial licence**     | Paid     |
| Embed it in a redistributable commercial product                  | **Commercial licence**     | Paid     |

The Change Date is **6 May 2030**. After that date, this version of
`mcp-secure` converts automatically to Apache License 2.0 and the commercial
licence requirement falls away for that version. New versions published after
the Change Date will start their own 4-year BSL clock.

## What "production use" means

Production use is **any use of `mcp-secure` in a system that generates or
supports revenue**, that serves third parties, or that operates as part of a
business's regular operations. Specifically:

- Running it in a customer-facing SaaS or hosted service
- Embedding it in a commercial product you sell, license, or distribute
- Using it to sign or verify messages on behalf of paying customers
- Using it as part of an internal corporate system that supports
  revenue-generating activity (e.g. AI agent infrastructure inside a bank,
  fintech, payment processor, or regulated entity)
- Running it inside a downstream OSS product (Watchman, an MCP server, etc.)
  **when that downstream product is deployed for commercial use**

If you are unsure whether your use is production use, assume it is and
contact us. We will give you a straight answer in writing within 2 working
days.

## What "non-production use" means

Non-production use is **free, no licence required**, no obligation to
contact us. Specifically:

- Reading the source code
- Running tests locally
- Contributing pull requests
- Academic, research, or teaching use
- Personal hobby projects with no commercial intent
- Evaluation use inside a company for up to 90 days, after which production
  use either ceases or a commercial licence is obtained
- Use in non-commercial open-source projects

## Commercial licence pricing

| Tier                       | Starting price (GBP/year) | What's included                                  |
|----------------------------|---------------------------|--------------------------------------------------|
| Production licence (starter) | **From £25,000**         | One production deployment, one entity, email support, security updates |
| Multi-deployment            | by quotation              | Multiple production deployments, same entity     |
| Enterprise                  | by quotation              | Multi-entity, redistribution rights, SLA, custom support, on-prem      |
| OEM / embed-and-resell      | by quotation              | Right to ship inside your commercial product to your customers         |

Volume, multi-year, and design-partner discounts available.
**Full pricing & terms:** https://cybersecai.co.uk/licensing

## How to obtain a commercial licence

1. Email **contact@agentsign.dev** with:
   - Your company name and country
   - The product or service that will embed `mcp-secure`
   - Estimated number of production deployments
   - Any custom terms (FIPS, on-prem, export control, redistribution)
2. We respond within 2 working days with a written quotation and draft licence.
3. Signature, payment, and licence key issued typically within 5 working days.

## Patents

`mcp-secure` and the wider MCPS / AgentPass / ATTP protocols are covered by
United Kingdom patent applications. A commercial licence includes a
non-exclusive, royalty-free patent licence for the licensed deployments for
the term of the agreement.

The BSL 1.1 grant itself does **not** include a patent licence for production
use. The Change Date conversion to Apache 2.0 will include the Apache 2.0
patent grant for the converted version.

## Contact

- **Commercial licensing:** contact@agentsign.dev
- **Technical questions:** open a GitHub Issue on the source repository
- **Security disclosure:** contact@agentsign.dev with subject `[SECURITY]`
- **Pricing & terms:** https://cybersecai.co.uk/licensing

CyberSecAI Ltd | Registered in England and Wales | https://cybersecai.co.uk