Licensing: Continue the feature

- Add license key entry dialog
- Wire it up in the top menu
- Fix the readable code / encrypted code discrepancy, and generate a new short code.
- Fix collecting organization name
- Add collection of org address and tax ID
- Add a key-value store in CloudFlare,
- Create infra creator script to create the worker and the KV store in CloudFlare without clicking around on their UI
- Update instructions to let the user find the license key UI where it actually is
- Update tests

Author: vdavid

apps/desktop/coverage-allowlist.json

@@ -23,6 +23,7 @@
         "licensing/AboutWindow.svelte": { "reason": "UI component" },
         "licensing/CommercialReminderModal.svelte": { "reason": "UI component" },
         "licensing/ExpirationModal.svelte": { "reason": "UI component" },
+        "licensing/LicenseKeyDialog.svelte": { "reason": "UI modal, depends on Tauri commands" },
         "network-store.svelte.ts": { "reason": "Depends on Tauri APIs" },
         "onboarding/FullDiskAccessPrompt.svelte": { "reason": "UI component" },
         "settings-store.ts": { "reason": "Depends on Tauri store APIs" },

apps/desktop/src-tauri/src/commands/licensing.rs

@@ -15,10 +15,11 @@ pub fn get_window_title(app: tauri::AppHandle) -> String {
     licensing::get_window_title(&status)
 }
 
-/// Activate a license key.
+/// Activate a license key or short code.
+/// If the input is a short code (CMDR-XXXX-XXXX-XXXX), it first exchanges it for the full key.
 #[tauri::command]
-pub fn activate_license(app: tauri::AppHandle, license_key: String) -> Result<licensing::LicenseInfo, String> {
-    licensing::activate_license(&app, &license_key)
+pub async fn activate_license(app: tauri::AppHandle, license_key: String) -> Result<licensing::LicenseInfo, String> {
+    licensing::activate_license_async(&app, &license_key).await
 }
 
 /// Get information about the current license (if any).

apps/desktop/src-tauri/src/lib.rs

@@ -55,9 +55,10 @@ mod settings;
 mod volumes;
 
 use menu::{
-    ABOUT_ID, COMMAND_PALETTE_ID, GO_BACK_ID, GO_FORWARD_ID, GO_PARENT_ID, MenuState, SHOW_HIDDEN_FILES_ID,
-    SORT_ASCENDING_ID, SORT_BY_CREATED_ID, SORT_BY_EXTENSION_ID, SORT_BY_MODIFIED_ID, SORT_BY_NAME_ID, SORT_BY_SIZE_ID,
-    SORT_DESCENDING_ID, SWITCH_PANE_ID, VIEW_MODE_BRIEF_ID, VIEW_MODE_FULL_ID, ViewMode,
+    ABOUT_ID, COMMAND_PALETTE_ID, ENTER_LICENSE_KEY_ID, GO_BACK_ID, GO_FORWARD_ID, GO_PARENT_ID, MenuState,
+    SHOW_HIDDEN_FILES_ID, SORT_ASCENDING_ID, SORT_BY_CREATED_ID, SORT_BY_EXTENSION_ID, SORT_BY_MODIFIED_ID,
+    SORT_BY_NAME_ID, SORT_BY_SIZE_ID, SORT_DESCENDING_ID, SWITCH_PANE_ID, VIEW_MODE_BRIEF_ID, VIEW_MODE_FULL_ID,
+    ViewMode,
 };
 use tauri::{Emitter, Manager};
 
@@ -200,6 +201,9 @@ pub fn run() {
             } else if id == ABOUT_ID {
                 // Emit event to show our custom About window
                 let _ = app.emit("show-about", ());
+            } else if id == ENTER_LICENSE_KEY_ID {
+                // Emit event to show the license key entry dialog
+                let _ = app.emit("show-license-key-dialog", ());
             } else if id == COMMAND_PALETTE_ID {
                 // Emit event to show the command palette
                 let _ = app.emit("show-command-palette", ());

apps/desktop/src-tauri/src/licensing/mod.rs

@@ -11,7 +11,7 @@ pub use app_status::{
     AppStatus, LicenseType, get_app_status, get_window_title, mark_commercial_reminder_dismissed,
     mark_expiration_modal_shown, needs_validation, reset_license, update_cached_status, validate_license_async,
 };
-pub use verification::{LicenseInfo, activate_license, get_license_info};
+pub use verification::{LicenseInfo, activate_license, activate_license_async, get_license_info};
 
 use serde::{Deserialize, Serialize};
 
@@ -23,4 +23,6 @@ pub struct LicenseData {
     pub issued_at: String,
     #[serde(rename = "type")]
     pub license_type: Option<String>,
+    #[serde(rename = "organizationName")]
+    pub organization_name: Option<String>,
 }

apps/desktop/src-tauri/src/licensing/validation_client.rs

@@ -30,6 +30,79 @@ struct ValidationRequest {
     transaction_id: String,
 }
 
+/// Response from the /activate endpoint.
+#[derive(Debug, Clone, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct ActivateResponse {
+    pub license_key: Option<String>,
+    /// Organization name from KV store (also embedded in license_key payload).
+    #[allow(dead_code)]
+    pub organization_name: Option<String>,
+    pub error: Option<String>,
+}
+
+/// Request body for the /activate endpoint.
+#[derive(Debug, Clone, Serialize)]
+struct ActivateRequest {
+    code: String,
+}
+
+/// Check if a string looks like a short license code (CMDR-XXXX-XXXX-XXXX).
+pub fn is_short_code(input: &str) -> bool {
+    let trimmed = input.trim().to_uppercase();
+    // Match CMDR-XXXX-XXXX-XXXX format
+    if !trimmed.starts_with("CMDR-") {
+        return false;
+    }
+    let parts: Vec<&str> = trimmed.split('-').collect();
+    if parts.len() != 4 {
+        return false;
+    }
+    // Check each segment after "CMDR" is 4 chars
+    parts[1..]
+        .iter()
+        .all(|p| p.len() == 4 && p.chars().all(|c| c.is_ascii_alphanumeric()))
+}
+
+/// Exchange a short license code for the full cryptographic key.
+///
+/// Returns the full key or an error message.
+pub async fn activate_short_code(code: &str) -> Result<String, String> {
+    // In mock mode, return a mock key
+    #[cfg(debug_assertions)]
+    if std::env::var("CMDR_MOCK_LICENSE").is_ok() {
+        return Err("Mock mode: short code activation not available".to_string());
+    }
+
+    let client = reqwest::Client::builder()
+        .timeout(std::time::Duration::from_secs(10))
+        .build()
+        .map_err(|e| format!("Failed to create HTTP client: {}", e))?;
+
+    let url = format!("{}/activate", LICENSE_SERVER_URL);
+
+    let response = client
+        .post(&url)
+        .json(&ActivateRequest {
+            code: code.trim().to_uppercase(),
+        })
+        .send()
+        .await
+        .map_err(|e| format!("Failed to connect to license server: {}", e))?;
+
+    let status = response.status();
+    let body: ActivateResponse = response
+        .json()
+        .await
+        .map_err(|e| format!("Invalid response from license server: {}", e))?;
+
+    if !status.is_success() {
+        return Err(body.error.unwrap_or_else(|| "License code not found".to_string()));
+    }
+
+    body.license_key.ok_or_else(|| "No license key in response".to_string())
+}
+
 /// Validate a license with the server.
 ///
 /// Returns the validation response or None if the request failed.
@@ -108,4 +181,46 @@ mod tests {
         assert_eq!(response.organization_name, None);
         assert_eq!(response.expires_at, None);
     }
+
+    #[test]
+    fn test_is_short_code_valid() {
+        assert!(is_short_code("CMDR-ABCD-EFGH-1234"));
+        assert!(is_short_code("cmdr-abcd-efgh-1234")); // Case insensitive
+        assert!(is_short_code("  CMDR-ABCD-EFGH-1234  ")); // Whitespace trimmed
+        assert!(is_short_code("CMDR-2345-6789-WXYZ"));
+    }
+
+    #[test]
+    fn test_is_short_code_invalid() {
+        assert!(!is_short_code("ABCD-EFGH-IJKL-MNOP")); // No CMDR prefix
+        assert!(!is_short_code("CMDR-ABC-EFGH-1234")); // Segment too short
+        assert!(!is_short_code("CMDR-ABCDE-FGHI-1234")); // Segment too long
+        assert!(!is_short_code("CMDR-ABCD-EFGH")); // Missing segment
+        assert!(!is_short_code("something.signature")); // Full key format
+        assert!(!is_short_code("")); // Empty
+        assert!(!is_short_code("CMDR")); // Just prefix
+    }
+
+    #[test]
+    fn test_activate_response_success() {
+        let json = r#"{
+            "licenseKey": "eyJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20ifQ==.c2lnbmF0dXJl",
+            "organizationName": "Acme Corp"
+        }"#;
+
+        let response: ActivateResponse = serde_json::from_str(json).unwrap();
+        assert!(response.license_key.is_some());
+        assert!(response.error.is_none());
+    }
+
+    #[test]
+    fn test_activate_response_error() {
+        let json = r#"{
+            "error": "License code not found or expired"
+        }"#;
+
+        let response: ActivateResponse = serde_json::from_str(json).unwrap();
+        assert!(response.license_key.is_none());
+        assert_eq!(response.error, Some("License code not found or expired".to_string()));
+    }
 }

apps/desktop/src-tauri/src/licensing/verification.rs

@@ -1,6 +1,7 @@
 //! License key verification using Ed25519 signatures.
 
 use crate::licensing::LicenseData;
+use crate::licensing::validation_client::{activate_short_code, is_short_code};
 use base64::{Engine, engine::general_purpose::STANDARD as BASE64};
 use ed25519_dalek::{Signature, Verifier, VerifyingKey};
 use serde::{Deserialize, Serialize};
@@ -21,6 +22,7 @@ pub struct LicenseInfo {
     pub email: String,
     pub transaction_id: String,
     pub issued_at: String,
+    pub organization_name: Option<String>,
 }
 
 /// Activate a license key. Returns the license info if valid.
@@ -39,9 +41,25 @@ pub fn activate_license(app: &tauri::AppHandle, license_key: &str) -> Result<Lic
         email: data.email,
         transaction_id: data.transaction_id,
         issued_at: data.issued_at,
+        organization_name: data.organization_name,
     })
 }
 
+/// Activate a license key or short code (async version).
+/// If the input is a short code (CMDR-XXXX-XXXX-XXXX), it first exchanges it for the full key.
+pub async fn activate_license_async(app: &tauri::AppHandle, input: &str) -> Result<LicenseInfo, String> {
+    let full_key = if is_short_code(input) {
+        // Exchange short code for full key via server
+        activate_short_code(input).await?
+    } else {
+        // Already a full key
+        input.to_string()
+    };
+
+    // Now activate with the full key
+    activate_license(app, &full_key)
+}
+
 /// Get stored license info, if any.
 pub fn get_license_info(app: &tauri::AppHandle) -> Option<LicenseInfo> {
     let store = app.store("license.json").ok()?;
@@ -51,6 +69,7 @@ pub fn get_license_info(app: &tauri::AppHandle) -> Option<LicenseInfo> {
         email: data.email,
         transaction_id: data.transaction_id,
         issued_at: data.issued_at,
+        organization_name: data.organization_name,
     })
 }
 
@@ -188,6 +207,7 @@ mod tests {
             transaction_id: "txn_test_123".to_string(),
             issued_at: "2026-01-08T12:00:00Z".to_string(),
             license_type: None,
+            organization_name: Some("Test Corp".to_string()),
         };
 
         // Serialize payload (same as server)
@@ -210,6 +230,7 @@ mod tests {
         assert_eq!(data.email, "test@example.com");
         assert_eq!(data.transaction_id, "txn_test_123");
         assert_eq!(data.issued_at, "2026-01-08T12:00:00Z");
+        assert_eq!(data.organization_name, Some("Test Corp".to_string()));
     }
 
     /// Test that tampering with license key is detected
@@ -228,6 +249,7 @@ mod tests {
             transaction_id: "txn_original".to_string(),
             issued_at: "2026-01-08T12:00:00Z".to_string(),
             license_type: None,
+            organization_name: Some("Original Corp".to_string()),
         };
         let original_json = serde_json::to_string(&original_data).unwrap();
         let signature = signing_key.sign(original_json.as_bytes());
@@ -239,6 +261,7 @@ mod tests {
             transaction_id: "txn_original".to_string(),
             issued_at: "2026-01-08T12:00:00Z".to_string(),
             license_type: None,
+            organization_name: Some("Original Corp".to_string()),
         };
         let tampered_json = serde_json::to_string(&tampered_data).unwrap();
         let tampered_payload_base64 = BASE64.encode(tampered_json.as_bytes());
@@ -273,6 +296,7 @@ mod tests {
             transaction_id: "txn_test".to_string(),
             issued_at: "2026-01-08T12:00:00Z".to_string(),
             license_type: None,
+            organization_name: None,
         };
         let payload_json = serde_json::to_string(&license_data).unwrap();
         let signature = signing_key.sign(payload_json.as_bytes());

apps/desktop/src-tauri/src/menu.rs

@@ -83,6 +83,9 @@ pub enum ViewMode {
 /// Menu item ID for About window.
 pub const ABOUT_ID: &str = "about";
 
+/// Menu item ID for Enter License Key.
+pub const ENTER_LICENSE_KEY_ID: &str = "enter_license_key";
+
 /// Builds the application menu with default macOS items plus a custom View and File submenu enhancements.
 pub fn build_menu<R: Runtime>(
     app: &AppHandle<R>,
@@ -109,6 +112,16 @@ pub fn build_menu<R: Runtime>(
                         if i == 0 {
                             submenu.remove(pred)?;
                             submenu.insert(&about_item, 0)?;
+
+                            // Add "Enter License Key..." after About
+                            let enter_license_key_item = tauri::menu::MenuItem::with_id(
+                                app,
+                                ENTER_LICENSE_KEY_ID,
+                                "Enter license key...",
+                                true,
+                                None::<&str>,
+                            )?;
+                            submenu.insert(&enter_license_key_item, 1)?;
                             break;
                         }
                     }

apps/desktop/src/lib/file-explorer/ShareBrowser.svelte

@@ -239,6 +239,24 @@
         }
     }
 
+    function handleArrowKey(key: string): boolean {
+        const lastIndex = sortedShares.length - 1
+        const newIndex =
+            key === 'ArrowDown'
+                ? Math.min(cursorIndex + 1, lastIndex)
+                : key === 'ArrowUp'
+                  ? Math.max(cursorIndex - 1, 0)
+                  : key === 'ArrowLeft'
+                    ? 0
+                    : key === 'ArrowRight'
+                      ? lastIndex
+                      : null
+        if (newIndex === null) return false
+        cursorIndex = newIndex
+        scrollToIndex(cursorIndex)
+        return true
+    }
+
     export function handleKeyDown(e: KeyboardEvent): boolean {
         if (showLoginForm) {
             // Login form handles its own keyboard events
@@ -265,39 +283,27 @@
             return true
         }
 
-        switch (e.key) {
-            case 'ArrowDown':
-                e.preventDefault()
-                cursorIndex = Math.min(cursorIndex + 1, sortedShares.length - 1)
-                scrollToIndex(cursorIndex)
-                return true
-            case 'ArrowUp':
-                e.preventDefault()
-                cursorIndex = Math.max(cursorIndex - 1, 0)
-                scrollToIndex(cursorIndex)
-                return true
-            case 'ArrowLeft':
-                e.preventDefault()
-                cursorIndex = 0
-                scrollToIndex(cursorIndex)
-                return true
-            case 'ArrowRight':
-                e.preventDefault()
-                cursorIndex = sortedShares.length - 1
-                scrollToIndex(cursorIndex)
-                return true
-            case 'Enter':
-                e.preventDefault()
-                if (cursorIndex >= 0 && cursorIndex < sortedShares.length) {
-                    onShareSelect?.(sortedShares[cursorIndex], authenticatedCredentials)
-                }
-                return true
-            case 'Escape':
-            case 'Backspace':
-                e.preventDefault()
-                onBack?.()
-                return true
+        // Handle arrow keys
+        if (['ArrowDown', 'ArrowUp', 'ArrowLeft', 'ArrowRight'].includes(e.key)) {
+            e.preventDefault()
+            return handleArrowKey(e.key)
         }
+
+        // Handle action keys
+        if (e.key === 'Enter') {
+            e.preventDefault()
+            if (cursorIndex >= 0 && cursorIndex < sortedShares.length) {
+                onShareSelect?.(sortedShares[cursorIndex], authenticatedCredentials)
+            }
+            return true
+        }
+
+        if (e.key === 'Escape' || e.key === 'Backspace') {
+            e.preventDefault()
+            onBack?.()
+            return true
+        }
+
         return false
     }