diff --git a/cmd/agent/keymem.go b/cmd/agent/keymem.go index f3f6792..ec99e99 100644 --- a/cmd/agent/keymem.go +++ b/cmd/agent/keymem.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package main import ( diff --git a/cmd/agent/main.go b/cmd/agent/main.go index 7208651..68a09b1 100644 --- a/cmd/agent/main.go +++ b/cmd/agent/main.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package main import ( diff --git a/cmd/agent/verify.go b/cmd/agent/verify.go index 2e9de41..6a3d43e 100644 --- a/cmd/agent/verify.go +++ b/cmd/agent/verify.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package main import ( diff --git a/cmd/cli/main.go b/cmd/cli/main.go index 15011ae..0596011 100644 --- a/cmd/cli/main.go +++ b/cmd/cli/main.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package main import ( diff --git a/cmd/mcp-server/main.go b/cmd/mcp-server/main.go index 0a4acf0..aadae6c 100644 --- a/cmd/mcp-server/main.go +++ b/cmd/mcp-server/main.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package main import ( diff --git a/cmd/server/auth_backfill.go b/cmd/server/auth_backfill.go index e44b53c..ef4ece2 100644 --- a/cmd/server/auth_backfill.go +++ b/cmd/server/auth_backfill.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package main import ( diff --git a/cmd/server/main.go b/cmd/server/main.go index d339990..8eb4b67 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package main import ( diff --git a/cmd/server/preflight_demo_residual.go b/cmd/server/preflight_demo_residual.go index aefc49a..e5dc135 100644 --- a/cmd/server/preflight_demo_residual.go +++ b/cmd/server/preflight_demo_residual.go @@ -1,4 +1,5 @@ -// Copyright (c) certctl-io contributors. +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 // // Audit 2026-05-11 A-8 — demo-mode residual-grants detector. Closes the // deferred Phase 2 leg of HIGH-12 (cowork/auth-bundles-fixes-2026-05-10/ diff --git a/cmd/server/tls.go b/cmd/server/tls.go index 7b2539e..ff51182 100644 --- a/cmd/server/tls.go +++ b/cmd/server/tls.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package main import ( diff --git a/internal/api/acme/account.go b/internal/api/acme/account.go index cb42af3..966d4fd 100644 --- a/internal/api/acme/account.go +++ b/internal/api/acme/account.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 package acme diff --git a/internal/api/acme/ari.go b/internal/api/acme/ari.go index c12fe20..55ab40b 100644 --- a/internal/api/acme/ari.go +++ b/internal/api/acme/ari.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 package acme diff --git a/internal/api/acme/challenge.go b/internal/api/acme/challenge.go index 810e09e..7c6e139 100644 --- a/internal/api/acme/challenge.go +++ b/internal/api/acme/challenge.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 package acme diff --git a/internal/api/acme/directory.go b/internal/api/acme/directory.go index 9663f00..191f831 100644 --- a/internal/api/acme/directory.go +++ b/internal/api/acme/directory.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 // Package acme implements the ACME server-side protocol surface (RFC 8555 // + RFC 9773 ARI). It is deliberately separate from diff --git a/internal/api/acme/errors.go b/internal/api/acme/errors.go index e2fe1ae..9fe9978 100644 --- a/internal/api/acme/errors.go +++ b/internal/api/acme/errors.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 package acme diff --git a/internal/api/acme/jws.go b/internal/api/acme/jws.go index 2399829..7363ab0 100644 --- a/internal/api/acme/jws.go +++ b/internal/api/acme/jws.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 package acme diff --git a/internal/api/acme/keychange.go b/internal/api/acme/keychange.go index 6f920ce..a3062a3 100644 --- a/internal/api/acme/keychange.go +++ b/internal/api/acme/keychange.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 package acme diff --git a/internal/api/acme/nonce.go b/internal/api/acme/nonce.go index 38c5d83..c0c6311 100644 --- a/internal/api/acme/nonce.go +++ b/internal/api/acme/nonce.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 package acme diff --git a/internal/api/acme/order.go b/internal/api/acme/order.go index 2e2706d..30b85fa 100644 --- a/internal/api/acme/order.go +++ b/internal/api/acme/order.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 package acme diff --git a/internal/api/acme/ratelimit.go b/internal/api/acme/ratelimit.go index 48881cb..dffac1b 100644 --- a/internal/api/acme/ratelimit.go +++ b/internal/api/acme/ratelimit.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 package acme diff --git a/internal/api/acme/validators.go b/internal/api/acme/validators.go index c286f71..c1e761c 100644 --- a/internal/api/acme/validators.go +++ b/internal/api/acme/validators.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 package acme diff --git a/internal/api/handler/acme.go b/internal/api/handler/acme.go index f6c3fc6..82529ad 100644 --- a/internal/api/handler/acme.go +++ b/internal/api/handler/acme.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 package handler diff --git a/internal/api/handler/admin_crl_cache.go b/internal/api/handler/admin_crl_cache.go index b42ea3e..e8f0b38 100644 --- a/internal/api/handler/admin_crl_cache.go +++ b/internal/api/handler/admin_crl_cache.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/admin_est.go b/internal/api/handler/admin_est.go index 7c008de..0ec7714 100644 --- a/internal/api/handler/admin_est.go +++ b/internal/api/handler/admin_est.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/admin_scep_intune.go b/internal/api/handler/admin_scep_intune.go index 77ec1af..b1e21ba 100644 --- a/internal/api/handler/admin_scep_intune.go +++ b/internal/api/handler/admin_scep_intune.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/agent_bootstrap.go b/internal/api/handler/agent_bootstrap.go index ad84337..688dd69 100644 --- a/internal/api/handler/agent_bootstrap.go +++ b/internal/api/handler/agent_bootstrap.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/agent_groups.go b/internal/api/handler/agent_groups.go index 21296b0..c602fec 100644 --- a/internal/api/handler/agent_groups.go +++ b/internal/api/handler/agent_groups.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/agents.go b/internal/api/handler/agents.go index 7f5a7aa..e0f8181 100644 --- a/internal/api/handler/agents.go +++ b/internal/api/handler/agents.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/approval.go b/internal/api/handler/approval.go index 7a3cd50..d0c83fd 100644 --- a/internal/api/handler/approval.go +++ b/internal/api/handler/approval.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/audit.go b/internal/api/handler/audit.go index 84674b3..b404658 100644 --- a/internal/api/handler/audit.go +++ b/internal/api/handler/audit.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/auth.go b/internal/api/handler/auth.go index 6d92a80..4d518e2 100644 --- a/internal/api/handler/auth.go +++ b/internal/api/handler/auth.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/auth_bootstrap.go b/internal/api/handler/auth_bootstrap.go index 54977e0..f0c90bd 100644 --- a/internal/api/handler/auth_bootstrap.go +++ b/internal/api/handler/auth_bootstrap.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/auth_breakglass.go b/internal/api/handler/auth_breakglass.go index c3c4446..350aea6 100644 --- a/internal/api/handler/auth_breakglass.go +++ b/internal/api/handler/auth_breakglass.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package handler — Auth Bundle 2 Phase 7.5 / break-glass admin HTTP surface. // // 4 endpoints across two access levels: diff --git a/internal/api/handler/auth_session_oidc.go b/internal/api/handler/auth_session_oidc.go index 8b80e2e..39948e1 100644 --- a/internal/api/handler/auth_session_oidc.go +++ b/internal/api/handler/auth_session_oidc.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package handler — Auth Bundle 2 Phase 5 / OIDC + session HTTP surface. // // 13 endpoints split into three logical groups: diff --git a/internal/api/handler/auth_users.go b/internal/api/handler/auth_users.go index 93365bc..734013c 100644 --- a/internal/api/handler/auth_users.go +++ b/internal/api/handler/auth_users.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler // Audit 2026-05-10 MED-11 closure — federated-user admin surface. diff --git a/internal/api/handler/bulk_reassignment.go b/internal/api/handler/bulk_reassignment.go index 49f674a..43c97a4 100644 --- a/internal/api/handler/bulk_reassignment.go +++ b/internal/api/handler/bulk_reassignment.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/bulk_renewal.go b/internal/api/handler/bulk_renewal.go index 7a1f372..5013aff 100644 --- a/internal/api/handler/bulk_renewal.go +++ b/internal/api/handler/bulk_renewal.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/bulk_revocation.go b/internal/api/handler/bulk_revocation.go index d6b54fa..fbbecd0 100644 --- a/internal/api/handler/bulk_revocation.go +++ b/internal/api/handler/bulk_revocation.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/certificates.go b/internal/api/handler/certificates.go index a7e8325..94be2b6 100644 --- a/internal/api/handler/certificates.go +++ b/internal/api/handler/certificates.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/demo_residual.go b/internal/api/handler/demo_residual.go index d22335e..041be1f 100644 --- a/internal/api/handler/demo_residual.go +++ b/internal/api/handler/demo_residual.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/digest.go b/internal/api/handler/digest.go index fb2448c..28fef42 100644 --- a/internal/api/handler/digest.go +++ b/internal/api/handler/digest.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/discovery.go b/internal/api/handler/discovery.go index da6f0c0..d52d090 100644 --- a/internal/api/handler/discovery.go +++ b/internal/api/handler/discovery.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/est.go b/internal/api/handler/est.go index 661b189..a4f8686 100644 --- a/internal/api/handler/est.go +++ b/internal/api/handler/est.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/est_clock.go b/internal/api/handler/est_clock.go index 6ff4adf..c681a29 100644 --- a/internal/api/handler/est_clock.go +++ b/internal/api/handler/est_clock.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import "time" diff --git a/internal/api/handler/export.go b/internal/api/handler/export.go index b9059b7..d6fc481 100644 --- a/internal/api/handler/export.go +++ b/internal/api/handler/export.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/health.go b/internal/api/handler/health.go index fe3166b..3b67a13 100644 --- a/internal/api/handler/health.go +++ b/internal/api/handler/health.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/health_check.go b/internal/api/handler/health_check.go index 9722827..496faa1 100644 --- a/internal/api/handler/health_check.go +++ b/internal/api/handler/health_check.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/intermediate_ca.go b/internal/api/handler/intermediate_ca.go index a1f3a7e..a662454 100644 --- a/internal/api/handler/intermediate_ca.go +++ b/internal/api/handler/intermediate_ca.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/issuers.go b/internal/api/handler/issuers.go index 8506446..b16af7c 100644 --- a/internal/api/handler/issuers.go +++ b/internal/api/handler/issuers.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/jobs.go b/internal/api/handler/jobs.go index 21d73ff..292148d 100644 --- a/internal/api/handler/jobs.go +++ b/internal/api/handler/jobs.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/metrics.go b/internal/api/handler/metrics.go index 78cce82..fb8c77f 100644 --- a/internal/api/handler/metrics.go +++ b/internal/api/handler/metrics.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/network_scan.go b/internal/api/handler/network_scan.go index 71540d4..b33f4ac 100644 --- a/internal/api/handler/network_scan.go +++ b/internal/api/handler/network_scan.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/notifications.go b/internal/api/handler/notifications.go index 65009da..c02bda1 100644 --- a/internal/api/handler/notifications.go +++ b/internal/api/handler/notifications.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/owners.go b/internal/api/handler/owners.go index 3d39a09..5bcc5b5 100644 --- a/internal/api/handler/owners.go +++ b/internal/api/handler/owners.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/policies.go b/internal/api/handler/policies.go index fa02bd4..3ba10a0 100644 --- a/internal/api/handler/policies.go +++ b/internal/api/handler/policies.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/profiles.go b/internal/api/handler/profiles.go index 4b8f8dd..94d2488 100644 --- a/internal/api/handler/profiles.go +++ b/internal/api/handler/profiles.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/renewal_policy.go b/internal/api/handler/renewal_policy.go index f5deafb..54f06e7 100644 --- a/internal/api/handler/renewal_policy.go +++ b/internal/api/handler/renewal_policy.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/response.go b/internal/api/handler/response.go index f4bbc2c..3ac39db 100644 --- a/internal/api/handler/response.go +++ b/internal/api/handler/response.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/scep.go b/internal/api/handler/scep.go index f23eee2..bdbf66f 100644 --- a/internal/api/handler/scep.go +++ b/internal/api/handler/scep.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/stats.go b/internal/api/handler/stats.go index 7fc65cd..5b05815 100644 --- a/internal/api/handler/stats.go +++ b/internal/api/handler/stats.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/targets.go b/internal/api/handler/targets.go index 28966a7..73c89a5 100644 --- a/internal/api/handler/targets.go +++ b/internal/api/handler/targets.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/teams.go b/internal/api/handler/teams.go index 1d1dddf..d8714da 100644 --- a/internal/api/handler/teams.go +++ b/internal/api/handler/teams.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/test_utils.go b/internal/api/handler/test_utils.go index 0c0bcad..b686de3 100644 --- a/internal/api/handler/test_utils.go +++ b/internal/api/handler/test_utils.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/validation.go b/internal/api/handler/validation.go index d52d41a..57c64b5 100644 --- a/internal/api/handler/validation.go +++ b/internal/api/handler/validation.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/verification.go b/internal/api/handler/verification.go index 341a79d..8f9b573 100644 --- a/internal/api/handler/verification.go +++ b/internal/api/handler/verification.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/handler/version.go b/internal/api/handler/version.go index 1abb81c..a1af04a 100644 --- a/internal/api/handler/version.go +++ b/internal/api/handler/version.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package handler import ( diff --git a/internal/api/middleware/audit.go b/internal/api/middleware/audit.go index aa222de..b1bf45b 100644 --- a/internal/api/middleware/audit.go +++ b/internal/api/middleware/audit.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package middleware import ( diff --git a/internal/api/middleware/bodylimit.go b/internal/api/middleware/bodylimit.go index ad15175..3523393 100644 --- a/internal/api/middleware/bodylimit.go +++ b/internal/api/middleware/bodylimit.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package middleware import ( diff --git a/internal/api/middleware/middleware.go b/internal/api/middleware/middleware.go index 6492b2d..2d7f6dc 100644 --- a/internal/api/middleware/middleware.go +++ b/internal/api/middleware/middleware.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package middleware import ( diff --git a/internal/api/middleware/securityheaders.go b/internal/api/middleware/securityheaders.go index 5586466..bde556d 100644 --- a/internal/api/middleware/securityheaders.go +++ b/internal/api/middleware/securityheaders.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package middleware import ( diff --git a/internal/api/router/router.go b/internal/api/router/router.go index 2532661..0e03890 100644 --- a/internal/api/router/router.go +++ b/internal/api/router/router.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package router import ( diff --git a/internal/auth/apikey.go b/internal/auth/apikey.go index 76c5d94..f130bc5 100644 --- a/internal/auth/apikey.go +++ b/internal/auth/apikey.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package auth import ( diff --git a/internal/auth/bootstrap/bootstrap.go b/internal/auth/bootstrap/bootstrap.go index 1e3679c..6e10c86 100644 --- a/internal/auth/bootstrap/bootstrap.go +++ b/internal/auth/bootstrap/bootstrap.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package bootstrap ships the day-0 admin-creation primitive for Bundle 1 // Phase 6. The control plane comes up with no admin-roled actors; the // operator hands the env-var token to a single curl call; the server diff --git a/internal/auth/bootstrap/service.go b/internal/auth/bootstrap/service.go index 944d0dc..99aecb0 100644 --- a/internal/auth/bootstrap/service.go +++ b/internal/auth/bootstrap/service.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package bootstrap import ( diff --git a/internal/auth/breakglass/domain/types.go b/internal/auth/breakglass/domain/types.go index fae857d..dc5cb28 100644 --- a/internal/auth/breakglass/domain/types.go +++ b/internal/auth/breakglass/domain/types.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package domain holds the break-glass-admin persisted-shape type. // // Auth Bundle 2 Phase 1 / Phase 7.5: types only. Phase 2 ships the diff --git a/internal/auth/breakglass/service.go b/internal/auth/breakglass/service.go index 4cf9932..9bf764c 100644 --- a/internal/auth/breakglass/service.go +++ b/internal/auth/breakglass/service.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package breakglass — Auth Bundle 2 Phase 7.5 / break-glass admin service. // // Decision 4: operator-toggleable local-password admin for the SSO-broken diff --git a/internal/auth/context.go b/internal/auth/context.go index ccf146b..4ed512e 100644 --- a/internal/auth/context.go +++ b/internal/auth/context.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package auth holds the certctl auth surface: API-key validation, the // authenticated-actor context keys, and the helpers that consumers across // the codebase use to read the actor identity (rate limiter, audit diff --git a/internal/auth/keystore.go b/internal/auth/keystore.go index 27e9c76..5fc117a 100644 --- a/internal/auth/keystore.go +++ b/internal/auth/keystore.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package auth import ( diff --git a/internal/auth/middleware.go b/internal/auth/middleware.go index cfad185..c4c191f 100644 --- a/internal/auth/middleware.go +++ b/internal/auth/middleware.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package auth import ( diff --git a/internal/auth/oidc/bootstrap_hook.go b/internal/auth/oidc/bootstrap_hook.go index 7600206..4cc7780 100644 --- a/internal/auth/oidc/bootstrap_hook.go +++ b/internal/auth/oidc/bootstrap_hook.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package oidc — Auth Bundle 2 Phase 7 / OIDC bootstrap hook. // // Phase 7 ships the "first OIDC login matching CERTCTL_BOOTSTRAP_ADMIN_GROUPS diff --git a/internal/auth/oidc/doc.go b/internal/auth/oidc/doc.go index 7d23397..ed38ef5 100644 --- a/internal/auth/oidc/doc.go +++ b/internal/auth/oidc/doc.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package oidc is the Bundle 2 OpenID Connect integration: server-side // validation of ID tokens issued by an enterprise IdP (Okta / Azure AD / // Google Workspace / Keycloak / Authentik / Auth0), JWKS rotation, diff --git a/internal/auth/oidc/domain/types.go b/internal/auth/oidc/domain/types.go index 6200bea..9d4cb1d 100644 --- a/internal/auth/oidc/domain/types.go +++ b/internal/auth/oidc/domain/types.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package domain holds the OIDC integration's persisted-shape types. // // Auth Bundle 2 Phase 1: types only, no service or repository wiring. diff --git a/internal/auth/oidc/groupclaim/resolver.go b/internal/auth/oidc/groupclaim/resolver.go index 4819366..a18d395 100644 --- a/internal/auth/oidc/groupclaim/resolver.go +++ b/internal/auth/oidc/groupclaim/resolver.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package groupclaim resolves the operator-configured `groups_claim_path` // against an ID token's parsed claims, returning the user's group // membership as a `[]string`. diff --git a/internal/auth/oidc/prelogin.go b/internal/auth/oidc/prelogin.go index 669f7f0..0018bee 100644 --- a/internal/auth/oidc/prelogin.go +++ b/internal/auth/oidc/prelogin.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package oidc — Bundle 2 Phase 5 / pre-login cookie machinery. // // This file implements the production-side PreLoginStore that the diff --git a/internal/auth/oidc/service.go b/internal/auth/oidc/service.go index 755fac0..c4d922b 100644 --- a/internal/auth/oidc/service.go +++ b/internal/auth/oidc/service.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package oidc import ( diff --git a/internal/auth/oidc/test_discovery.go b/internal/auth/oidc/test_discovery.go index 454c2f2..1edb01c 100644 --- a/internal/auth/oidc/test_discovery.go +++ b/internal/auth/oidc/test_discovery.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package oidc // Audit 2026-05-10 MED-5 closure — dry-run validator for OIDC provider diff --git a/internal/auth/oidc/testfixtures/keycloak.go b/internal/auth/oidc/testfixtures/keycloak.go index 8e7d8cb..a97cfc2 100644 --- a/internal/auth/oidc/testfixtures/keycloak.go +++ b/internal/auth/oidc/testfixtures/keycloak.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + //go:build integration // Package testfixtures provides Bundle 2 Phase 10 multi-IdP integration diff --git a/internal/auth/protocol_endpoints.go b/internal/auth/protocol_endpoints.go index 4b4b2ae..7e3c84c 100644 --- a/internal/auth/protocol_endpoints.go +++ b/internal/auth/protocol_endpoints.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package auth import "strings" diff --git a/internal/auth/require_permission.go b/internal/auth/require_permission.go index 0605ae8..51cd65b 100644 --- a/internal/auth/require_permission.go +++ b/internal/auth/require_permission.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package auth import ( diff --git a/internal/auth/session/domain/types.go b/internal/auth/session/domain/types.go index 9d16477..cfe622e 100644 --- a/internal/auth/session/domain/types.go +++ b/internal/auth/session/domain/types.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package domain holds the session-management persisted-shape types. // // Auth Bundle 2 Phase 1: types only. Phase 2 ships the SQL migration; diff --git a/internal/auth/session/middleware.go b/internal/auth/session/middleware.go index 7b92c7f..6c6b9d1 100644 --- a/internal/auth/session/middleware.go +++ b/internal/auth/session/middleware.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package session — Auth Bundle 2 Phase 6 / session + CSRF middleware. // // This file ships the HTTP middleware that wires the post-login session diff --git a/internal/auth/session/service.go b/internal/auth/session/service.go index 5958e26..50d57b6 100644 --- a/internal/auth/session/service.go +++ b/internal/auth/session/service.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package session implements the post-login session lifecycle for // Auth Bundle 2 Phase 4: cookie minting + signature validation + // idle/absolute expiry + revocation + signing-key rotation + GC. diff --git a/internal/auth/testfixtures.go b/internal/auth/testfixtures.go index 7c46574..59944ba 100644 --- a/internal/auth/testfixtures.go +++ b/internal/auth/testfixtures.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package auth import "context" diff --git a/internal/auth/user/domain/types.go b/internal/auth/user/domain/types.go index 7255545..eff2f87 100644 --- a/internal/auth/user/domain/types.go +++ b/internal/auth/user/domain/types.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package domain holds the federated-human user persisted-shape type. // // Auth Bundle 2 Phase 1: types only. Phase 2 ships the SQL migration; diff --git a/internal/ciparity/doc.go b/internal/ciparity/doc.go index 1defc39..b039fdd 100644 --- a/internal/ciparity/doc.go +++ b/internal/ciparity/doc.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package ciparity hosts cross-surface contract-parity tests. // // Per post-v2.1.0 anti-rot item 2 (Auditable Codebase Bundle), this diff --git a/internal/cli/auth.go b/internal/cli/auth.go index e60b42f..085a084 100644 --- a/internal/cli/auth.go +++ b/internal/cli/auth.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package cli import ( diff --git a/internal/cli/auth_scope_down.go b/internal/cli/auth_scope_down.go index 7c16623..b80a63a 100644 --- a/internal/cli/auth_scope_down.go +++ b/internal/cli/auth_scope_down.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package cli import ( diff --git a/internal/cli/client.go b/internal/cli/client.go index 338bbc6..aa989d8 100644 --- a/internal/cli/client.go +++ b/internal/cli/client.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package cli import ( diff --git a/internal/cli/est.go b/internal/cli/est.go index 14e1669..fdbbb24 100644 --- a/internal/cli/est.go +++ b/internal/cli/est.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package cli // EST RFC 7030 hardening master bundle Phase 9.1 — CLI subcommands. diff --git a/internal/cms/channelbinding.go b/internal/cms/channelbinding.go index 5adc8b7..9337fbb 100644 --- a/internal/cms/channelbinding.go +++ b/internal/cms/channelbinding.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package cms implements the small subset of CMS / RFC 7030 / RFC 9266 // helpers that the EST handler needs at request-time: extracting the // RFC 9266 tls-exporter from a *tls.ConnectionState, and pulling the diff --git a/internal/config/config.go b/internal/config/config.go index ee70787..a3aecf7 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package config import ( diff --git a/internal/connector/discovery/awssm/awssm.go b/internal/connector/discovery/awssm/awssm.go index 26512d9..3ca5d8b 100644 --- a/internal/connector/discovery/awssm/awssm.go +++ b/internal/connector/discovery/awssm/awssm.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package awssm implements the domain.DiscoverySource interface for AWS Secrets Manager. // // AWS Secrets Manager is a managed service for storing and managing secrets including diff --git a/internal/connector/discovery/azurekv/azurekv.go b/internal/connector/discovery/azurekv/azurekv.go index bd5d2e6..3705c7d 100644 --- a/internal/connector/discovery/azurekv/azurekv.go +++ b/internal/connector/discovery/azurekv/azurekv.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package azurekv implements the domain.DiscoverySource interface for // Azure Key Vault certificate discovery. // diff --git a/internal/connector/discovery/gcpsm/gcpsm.go b/internal/connector/discovery/gcpsm/gcpsm.go index e464c4d..5579885 100644 --- a/internal/connector/discovery/gcpsm/gcpsm.go +++ b/internal/connector/discovery/gcpsm/gcpsm.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package gcpsm implements the domain.DiscoverySource interface for GCP Secret Manager. // // GCP Secret Manager is a Google Cloud service for securely storing and managing secrets, diff --git a/internal/connector/issuer/acme/acme.go b/internal/connector/issuer/acme/acme.go index 32ee809..99e0001 100644 --- a/internal/connector/issuer/acme/acme.go +++ b/internal/connector/issuer/acme/acme.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package acme import ( diff --git a/internal/connector/issuer/acme/ari.go b/internal/connector/issuer/acme/ari.go index 27c65b1..e091e18 100644 --- a/internal/connector/issuer/acme/ari.go +++ b/internal/connector/issuer/acme/ari.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package acme import ( diff --git a/internal/connector/issuer/acme/dns.go b/internal/connector/issuer/acme/dns.go index 18cd00b..3f9c8c8 100644 --- a/internal/connector/issuer/acme/dns.go +++ b/internal/connector/issuer/acme/dns.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package acme import ( diff --git a/internal/connector/issuer/acme/profile.go b/internal/connector/issuer/acme/profile.go index 1cdab8f..c812d54 100644 --- a/internal/connector/issuer/acme/profile.go +++ b/internal/connector/issuer/acme/profile.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package acme import ( diff --git a/internal/connector/issuer/asyncpoll/asyncpoll.go b/internal/connector/issuer/asyncpoll/asyncpoll.go index a81fab7..92dd4bb 100644 --- a/internal/connector/issuer/asyncpoll/asyncpoll.go +++ b/internal/connector/issuer/asyncpoll/asyncpoll.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 // Package asyncpoll provides bounded polling for async-CA issuer // connectors (DigiCert, Sectigo, Entrust, GlobalSign). diff --git a/internal/connector/issuer/awsacmpca/awsacmpca.go b/internal/connector/issuer/awsacmpca/awsacmpca.go index 30b741f..ea52dc3 100644 --- a/internal/connector/issuer/awsacmpca/awsacmpca.go +++ b/internal/connector/issuer/awsacmpca/awsacmpca.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package awsacmpca implements the issuer.Connector interface for AWS Certificate Manager Private CA (ACM PCA). // // AWS ACM Private CA provides a fully managed private certificate authority diff --git a/internal/connector/issuer/digicert/digicert.go b/internal/connector/issuer/digicert/digicert.go index 082f114..69e05c6 100644 --- a/internal/connector/issuer/digicert/digicert.go +++ b/internal/connector/issuer/digicert/digicert.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package digicert implements the issuer.Connector interface for DigiCert CertCentral. // // DigiCert CertCentral is an enterprise certificate authority offering DV, OV, and EV diff --git a/internal/connector/issuer/ejbca/ejbca.go b/internal/connector/issuer/ejbca/ejbca.go index cfbbd73..82b8a10 100644 --- a/internal/connector/issuer/ejbca/ejbca.go +++ b/internal/connector/issuer/ejbca/ejbca.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package ejbca implements the issuer.Connector interface for EJBCA (Keyfactor). // // EJBCA is an open-source and enterprise certificate authority platform. diff --git a/internal/connector/issuer/entrust/entrust.go b/internal/connector/issuer/entrust/entrust.go index 15513fd..a76b809 100644 --- a/internal/connector/issuer/entrust/entrust.go +++ b/internal/connector/issuer/entrust/entrust.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package entrust implements the issuer.Connector interface for Entrust Certificate Services. // // Entrust Certificate Services provides enterprise certificate authority offerings via diff --git a/internal/connector/issuer/factory.go b/internal/connector/issuer/factory.go index a14d401..ae09d90 100644 --- a/internal/connector/issuer/factory.go +++ b/internal/connector/issuer/factory.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package issuer // Factory has been moved to internal/connector/issuerfactory to avoid import cycles. diff --git a/internal/connector/issuer/globalsign/globalsign.go b/internal/connector/issuer/globalsign/globalsign.go index a7c9d54..08c9664 100644 --- a/internal/connector/issuer/globalsign/globalsign.go +++ b/internal/connector/issuer/globalsign/globalsign.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package globalsign implements the issuer.Connector interface for GlobalSign Atlas HVCA. // // GlobalSign Atlas HVCA (Hosted Validation CA) is an enterprise certificate authority diff --git a/internal/connector/issuer/googlecas/googlecas.go b/internal/connector/issuer/googlecas/googlecas.go index f2062cf..46333e1 100644 --- a/internal/connector/issuer/googlecas/googlecas.go +++ b/internal/connector/issuer/googlecas/googlecas.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package googlecas implements the issuer.Connector interface for // Google Cloud Certificate Authority Service (CAS). // diff --git a/internal/connector/issuer/interface.go b/internal/connector/issuer/interface.go index 55e7208..a999d25 100644 --- a/internal/connector/issuer/interface.go +++ b/internal/connector/issuer/interface.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package issuer import ( diff --git a/internal/connector/issuer/lifecycle.go b/internal/connector/issuer/lifecycle.go index cf35d66..a8d2842 100644 --- a/internal/connector/issuer/lifecycle.go +++ b/internal/connector/issuer/lifecycle.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package issuer import "context" diff --git a/internal/connector/issuer/local/keymem.go b/internal/connector/issuer/local/keymem.go index eca3c0e..020d9d2 100644 --- a/internal/connector/issuer/local/keymem.go +++ b/internal/connector/issuer/local/keymem.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package local import ( diff --git a/internal/connector/issuer/local/keystore.go b/internal/connector/issuer/local/keystore.go index e6dcc90..480fc30 100644 --- a/internal/connector/issuer/local/keystore.go +++ b/internal/connector/issuer/local/keystore.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package local import ( diff --git a/internal/connector/issuer/local/local.go b/internal/connector/issuer/local/local.go index 770e546..b6a44c6 100644 --- a/internal/connector/issuer/local/local.go +++ b/internal/connector/issuer/local/local.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Bundle-9 / Audit L-014 (Document the CA-key-in-process threat model): // // The local CA holds its private key in this process's heap (c.caSigner diff --git a/internal/connector/issuer/local/ocsp_responder.go b/internal/connector/issuer/local/ocsp_responder.go index fd27099..db735a7 100644 --- a/internal/connector/issuer/local/ocsp_responder.go +++ b/internal/connector/issuer/local/ocsp_responder.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package local import ( diff --git a/internal/connector/issuer/mtlscache/cache.go b/internal/connector/issuer/mtlscache/cache.go index 75b8aed..219efef 100644 --- a/internal/connector/issuer/mtlscache/cache.go +++ b/internal/connector/issuer/mtlscache/cache.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package mtlscache caches a parsed mTLS keypair plus a precomputed // *http.Transport across API calls in connectors that authenticate via // client certificates. RefreshIfStale stats the cert file on the diff --git a/internal/connector/issuer/openssl/openssl.go b/internal/connector/issuer/openssl/openssl.go index c5401d1..7de8627 100644 --- a/internal/connector/issuer/openssl/openssl.go +++ b/internal/connector/issuer/openssl/openssl.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package openssl implements the issuer.Connector interface for custom CA integrations. // // This connector delegates certificate signing to user-provided scripts/commands. diff --git a/internal/connector/issuer/sectigo/sectigo.go b/internal/connector/issuer/sectigo/sectigo.go index 27f61ce..e74e581 100644 --- a/internal/connector/issuer/sectigo/sectigo.go +++ b/internal/connector/issuer/sectigo/sectigo.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package sectigo implements the issuer.Connector interface for Sectigo Certificate Manager (SCM). // // Sectigo Certificate Manager is an enterprise certificate authority offering DV, OV, and EV diff --git a/internal/connector/issuer/stepca/jwe.go b/internal/connector/issuer/stepca/jwe.go index 6b6baff..8dbec90 100644 --- a/internal/connector/issuer/stepca/jwe.go +++ b/internal/connector/issuer/stepca/jwe.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package stepca — JWE decryption for step-ca provisioner keys. // // step-ca stores provisioner private keys as JWE-encrypted JSON files using: diff --git a/internal/connector/issuer/stepca/stepca.go b/internal/connector/issuer/stepca/stepca.go index ee7ab25..6fd4370 100644 --- a/internal/connector/issuer/stepca/stepca.go +++ b/internal/connector/issuer/stepca/stepca.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package stepca implements the issuer.Connector interface for Smallstep step-ca // private certificate authority. // diff --git a/internal/connector/issuer/vault/vault.go b/internal/connector/issuer/vault/vault.go index 9576f5b..d99aae1 100644 --- a/internal/connector/issuer/vault/vault.go +++ b/internal/connector/issuer/vault/vault.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package vault implements the issuer.Connector interface for HashiCorp Vault PKI // secrets engine. // diff --git a/internal/connector/issuer/vault/vault_renew.go b/internal/connector/issuer/vault/vault_renew.go index 017f911..91d7955 100644 --- a/internal/connector/issuer/vault/vault_renew.go +++ b/internal/connector/issuer/vault/vault_renew.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package vault // Top-10 fix #5 of the 2026-05-03 issuer-coverage audit. Pre-fix, diff --git a/internal/connector/issuerfactory/factory.go b/internal/connector/issuerfactory/factory.go index b8136d6..852048f 100644 --- a/internal/connector/issuerfactory/factory.go +++ b/internal/connector/issuerfactory/factory.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package issuerfactory import ( diff --git a/internal/connector/notifier/email/adapter.go b/internal/connector/notifier/email/adapter.go index 2dd4a0c..0f19294 100644 --- a/internal/connector/notifier/email/adapter.go +++ b/internal/connector/notifier/email/adapter.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package email import ( diff --git a/internal/connector/notifier/email/email.go b/internal/connector/notifier/email/email.go index dab350e..05aade3 100644 --- a/internal/connector/notifier/email/email.go +++ b/internal/connector/notifier/email/email.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package email import ( diff --git a/internal/connector/notifier/interface.go b/internal/connector/notifier/interface.go index 9855f55..ac2d74e 100644 --- a/internal/connector/notifier/interface.go +++ b/internal/connector/notifier/interface.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package notifier import ( diff --git a/internal/connector/notifier/opsgenie/opsgenie.go b/internal/connector/notifier/opsgenie/opsgenie.go index 232f3f8..a1f5754 100644 --- a/internal/connector/notifier/opsgenie/opsgenie.go +++ b/internal/connector/notifier/opsgenie/opsgenie.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package opsgenie import ( diff --git a/internal/connector/notifier/pagerduty/pagerduty.go b/internal/connector/notifier/pagerduty/pagerduty.go index 728ed30..fae53d1 100644 --- a/internal/connector/notifier/pagerduty/pagerduty.go +++ b/internal/connector/notifier/pagerduty/pagerduty.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package pagerduty import ( diff --git a/internal/connector/notifier/slack/slack.go b/internal/connector/notifier/slack/slack.go index be69a28..bcfa1f9 100644 --- a/internal/connector/notifier/slack/slack.go +++ b/internal/connector/notifier/slack/slack.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package slack import ( diff --git a/internal/connector/notifier/teams/teams.go b/internal/connector/notifier/teams/teams.go index a784bc8..e38df3a 100644 --- a/internal/connector/notifier/teams/teams.go +++ b/internal/connector/notifier/teams/teams.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package teams import ( diff --git a/internal/connector/notifier/webhook/webhook.go b/internal/connector/notifier/webhook/webhook.go index 08c42fa..17c8b01 100644 --- a/internal/connector/notifier/webhook/webhook.go +++ b/internal/connector/notifier/webhook/webhook.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package webhook import ( diff --git a/internal/connector/target/apache/apache.go b/internal/connector/target/apache/apache.go index d66326d..8fee46d 100644 --- a/internal/connector/target/apache/apache.go +++ b/internal/connector/target/apache/apache.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package apache implements the Apache httpd target connector. // As of the deploy-hardening I master bundle Phase 5, Apache // follows the canonical pattern established by NGINX (Phase 4): diff --git a/internal/connector/target/awsacm/awsacm.go b/internal/connector/target/awsacm/awsacm.go index 3c55261..ad070ed 100644 --- a/internal/connector/target/awsacm/awsacm.go +++ b/internal/connector/target/awsacm/awsacm.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package awsacm implements a target.Connector for deploying certificates to // AWS Certificate Manager (ACM). ACM is the public AWS service for storing // TLS certificates that AWS-managed TLS-termination endpoints (Application diff --git a/internal/connector/target/azurekv/azurekv.go b/internal/connector/target/azurekv/azurekv.go index 4edd6a6..ce8d992 100644 --- a/internal/connector/target/azurekv/azurekv.go +++ b/internal/connector/target/azurekv/azurekv.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package azurekv implements a target.Connector for deploying certificates // to Azure Key Vault. Key Vault is the Azure-managed secret/certificate // store that App Service / Application Gateway / Front Door / Container diff --git a/internal/connector/target/azurekv/sdk_client.go b/internal/connector/target/azurekv/sdk_client.go index 660c508..2606b5f 100644 --- a/internal/connector/target/azurekv/sdk_client.go +++ b/internal/connector/target/azurekv/sdk_client.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package azurekv // sdk_client.go isolates the imports of github.com/Azure/azure-sdk-for-go/ diff --git a/internal/connector/target/caddy/caddy.go b/internal/connector/target/caddy/caddy.go index 56385f5..279e4a3 100644 --- a/internal/connector/target/caddy/caddy.go +++ b/internal/connector/target/caddy/caddy.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package caddy import ( diff --git a/internal/connector/target/caddy/validate_only.go b/internal/connector/target/caddy/validate_only.go index e2dd169..33e041d 100644 --- a/internal/connector/target/caddy/validate_only.go +++ b/internal/connector/target/caddy/validate_only.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package caddy import ( diff --git a/internal/connector/target/certutil/certutil.go b/internal/connector/target/certutil/certutil.go index 41ce5af..bdd8be8 100644 --- a/internal/connector/target/certutil/certutil.go +++ b/internal/connector/target/certutil/certutil.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package certutil provides shared certificate utility functions for target connectors. // These functions handle PEM/PFX conversion, key parsing, thumbprint computation, // and random password generation. Extracted from the IIS connector (M39) to enable diff --git a/internal/connector/target/configcheck/configcheck.go b/internal/connector/target/configcheck/configcheck.go index 1959d46..f341bf2 100644 --- a/internal/connector/target/configcheck/configcheck.go +++ b/internal/connector/target/configcheck/configcheck.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package configcheck provides server-side syntactic validation of target // connector configurations. // diff --git a/internal/connector/target/envoy/envoy.go b/internal/connector/target/envoy/envoy.go index 140f2be..8ca2dff 100644 --- a/internal/connector/target/envoy/envoy.go +++ b/internal/connector/target/envoy/envoy.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package envoy import ( diff --git a/internal/connector/target/envoy/validate_only.go b/internal/connector/target/envoy/validate_only.go index be13ae0..d8bd1a5 100644 --- a/internal/connector/target/envoy/validate_only.go +++ b/internal/connector/target/envoy/validate_only.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package envoy import ( diff --git a/internal/connector/target/f5/f5.go b/internal/connector/target/f5/f5.go index cd8f3fa..304bb22 100644 --- a/internal/connector/target/f5/f5.go +++ b/internal/connector/target/f5/f5.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package f5 import ( diff --git a/internal/connector/target/f5/validate_only.go b/internal/connector/target/f5/validate_only.go index b710365..b5e4304 100644 --- a/internal/connector/target/f5/validate_only.go +++ b/internal/connector/target/f5/validate_only.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package f5 import ( diff --git a/internal/connector/target/haproxy/haproxy.go b/internal/connector/target/haproxy/haproxy.go index 7b74604..38f7c3b 100644 --- a/internal/connector/target/haproxy/haproxy.go +++ b/internal/connector/target/haproxy/haproxy.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package haproxy implements the HAProxy target connector. // // HAProxy expects all TLS material concatenated in a single PEM diff --git a/internal/connector/target/iis/iis.go b/internal/connector/target/iis/iis.go index 60c5bb2..3cb4586 100644 --- a/internal/connector/target/iis/iis.go +++ b/internal/connector/target/iis/iis.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package iis import ( diff --git a/internal/connector/target/iis/validate_only.go b/internal/connector/target/iis/validate_only.go index 787ed5b..eb82766 100644 --- a/internal/connector/target/iis/validate_only.go +++ b/internal/connector/target/iis/validate_only.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package iis import ( diff --git a/internal/connector/target/iis/winrm.go b/internal/connector/target/iis/winrm.go index 73345fc..1b133f3 100644 --- a/internal/connector/target/iis/winrm.go +++ b/internal/connector/target/iis/winrm.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package iis import ( diff --git a/internal/connector/target/interface.go b/internal/connector/target/interface.go index 13d3baa..3afabad 100644 --- a/internal/connector/target/interface.go +++ b/internal/connector/target/interface.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package target import ( diff --git a/internal/connector/target/javakeystore/javakeystore.go b/internal/connector/target/javakeystore/javakeystore.go index 39e0f9b..1693658 100644 --- a/internal/connector/target/javakeystore/javakeystore.go +++ b/internal/connector/target/javakeystore/javakeystore.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package javakeystore implements a target connector for deploying certificates // to Java KeyStores (JKS/PKCS#12) via the keytool CLI. This enables TLS cert // deployment for Tomcat, Jetty, Kafka, Elasticsearch, and any JVM-based service diff --git a/internal/connector/target/javakeystore/validate_only.go b/internal/connector/target/javakeystore/validate_only.go index 7b36bc3..8a9345c 100644 --- a/internal/connector/target/javakeystore/validate_only.go +++ b/internal/connector/target/javakeystore/validate_only.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package javakeystore import ( diff --git a/internal/connector/target/k8ssecret/k8ssecret.go b/internal/connector/target/k8ssecret/k8ssecret.go index b9a39ba..0e93b6f 100644 --- a/internal/connector/target/k8ssecret/k8ssecret.go +++ b/internal/connector/target/k8ssecret/k8ssecret.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package k8ssecret implements a target.Connector for deploying certificates to Kubernetes Secrets. // This enables the "proxy agent" pattern — a certctl agent running in a Kubernetes cluster // (or outside with kubeconfig access) can deploy certificates as kubernetes.io/tls Secrets. diff --git a/internal/connector/target/k8ssecret/validate_only.go b/internal/connector/target/k8ssecret/validate_only.go index cc820ea..3d41357 100644 --- a/internal/connector/target/k8ssecret/validate_only.go +++ b/internal/connector/target/k8ssecret/validate_only.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package k8ssecret import ( diff --git a/internal/connector/target/nginx/internals.go b/internal/connector/target/nginx/internals.go index 7eeafb3..02fe158 100644 --- a/internal/connector/target/nginx/internals.go +++ b/internal/connector/target/nginx/internals.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package nginx import ( diff --git a/internal/connector/target/nginx/nginx.go b/internal/connector/target/nginx/nginx.go index 98c4cc0..056af13 100644 --- a/internal/connector/target/nginx/nginx.go +++ b/internal/connector/target/nginx/nginx.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package nginx implements the NGINX target connector. As of the // deploy-hardening I master bundle Phase 4 (the canonical // implementation that Phases 5-9 model on), NGINX is the first diff --git a/internal/connector/target/postfix/postfix.go b/internal/connector/target/postfix/postfix.go index 43e1eb5..7c3b049 100644 --- a/internal/connector/target/postfix/postfix.go +++ b/internal/connector/target/postfix/postfix.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package postfix implements the Postfix + Dovecot mail-server // target connector. As of the deploy-hardening I master bundle // Phase 7, both modes follow the canonical NGINX template: diff --git a/internal/connector/target/ssh/ssh.go b/internal/connector/target/ssh/ssh.go index 20d16ab..1044b48 100644 --- a/internal/connector/target/ssh/ssh.go +++ b/internal/connector/target/ssh/ssh.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package ssh implements a target.Connector for agentless certificate deployment // via SSH/SFTP. This enables the "proxy agent" pattern — a certctl agent in the // same network zone deploys certificates to remote servers without requiring the diff --git a/internal/connector/target/ssh/validate_only.go b/internal/connector/target/ssh/validate_only.go index 47d4057..ce8e54e 100644 --- a/internal/connector/target/ssh/validate_only.go +++ b/internal/connector/target/ssh/validate_only.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package ssh import ( diff --git a/internal/connector/target/traefik/traefik.go b/internal/connector/target/traefik/traefik.go index b99c23c..bc1830f 100644 --- a/internal/connector/target/traefik/traefik.go +++ b/internal/connector/target/traefik/traefik.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package traefik implements the Traefik file-provider target // connector. Bundle 4 of the 2026-05-02 deployment-target audit: // upgraded from two separate deploy.AtomicWriteFile calls (cert, diff --git a/internal/connector/target/wincertstore/validate_only.go b/internal/connector/target/wincertstore/validate_only.go index 5127c51..1036e80 100644 --- a/internal/connector/target/wincertstore/validate_only.go +++ b/internal/connector/target/wincertstore/validate_only.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package wincertstore import ( diff --git a/internal/connector/target/wincertstore/wincertstore.go b/internal/connector/target/wincertstore/wincertstore.go index d173b79..989d97a 100644 --- a/internal/connector/target/wincertstore/wincertstore.go +++ b/internal/connector/target/wincertstore/wincertstore.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package wincertstore implements a target connector for deploying certificates // to the Windows Certificate Store via PowerShell. Unlike the IIS connector, // this connector only imports certificates into the store — it does not manage diff --git a/internal/crypto/encryption.go b/internal/crypto/encryption.go index 3517567..9be12a7 100644 --- a/internal/crypto/encryption.go +++ b/internal/crypto/encryption.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package crypto provides AES-256-GCM encryption for sensitive configuration data. // // The on-disk format for blobs produced by [EncryptIfKeySet] is versioned. diff --git a/internal/crypto/signer/doc.go b/internal/crypto/signer/doc.go index cf7d36c..10311a9 100644 --- a/internal/crypto/signer/doc.go +++ b/internal/crypto/signer/doc.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package signer abstracts the act of producing cryptographic signatures // over digests on behalf of a certificate authority. It exists so that // downstream code (leaf-cert issuance, CRL generation, OCSP response diff --git a/internal/crypto/signer/driver.go b/internal/crypto/signer/driver.go index f5c4a7b..f8c2c89 100644 --- a/internal/crypto/signer/driver.go +++ b/internal/crypto/signer/driver.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package signer import "context" diff --git a/internal/crypto/signer/file_driver.go b/internal/crypto/signer/file_driver.go index dfe013b..4bdf2b1 100644 --- a/internal/crypto/signer/file_driver.go +++ b/internal/crypto/signer/file_driver.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package signer import ( diff --git a/internal/crypto/signer/memory_driver.go b/internal/crypto/signer/memory_driver.go index ccd248a..3fb4d1f 100644 --- a/internal/crypto/signer/memory_driver.go +++ b/internal/crypto/signer/memory_driver.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package signer import ( diff --git a/internal/crypto/signer/parse.go b/internal/crypto/signer/parse.go index 293413a..7b797c5 100644 --- a/internal/crypto/signer/parse.go +++ b/internal/crypto/signer/parse.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package signer import ( diff --git a/internal/crypto/signer/signer.go b/internal/crypto/signer/signer.go index e7c0fd2..60d4bfc 100644 --- a/internal/crypto/signer/signer.go +++ b/internal/crypto/signer/signer.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package signer import ( diff --git a/internal/deploy/apply.go b/internal/deploy/apply.go index c66df30..1105dd9 100644 --- a/internal/deploy/apply.go +++ b/internal/deploy/apply.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package deploy import ( diff --git a/internal/deploy/atomic.go b/internal/deploy/atomic.go index 27befd1..ed4d1a2 100644 --- a/internal/deploy/atomic.go +++ b/internal/deploy/atomic.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package deploy import ( diff --git a/internal/deploy/doc.go b/internal/deploy/doc.go index 8dc48c7..236bc22 100644 --- a/internal/deploy/doc.go +++ b/internal/deploy/doc.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package deploy provides the shared atomic-write + validate + rollback // primitive consumed by every target connector under // internal/connector/target/*. diff --git a/internal/deploy/ownership.go b/internal/deploy/ownership.go index 491d1f3..f54e218 100644 --- a/internal/deploy/ownership.go +++ b/internal/deploy/ownership.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package deploy import ( diff --git a/internal/deploy/types.go b/internal/deploy/types.go index ba6451b..94d7ea5 100644 --- a/internal/deploy/types.go +++ b/internal/deploy/types.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package deploy import ( diff --git a/internal/domain/acme.go b/internal/domain/acme.go index 6c1e99f..e3722e8 100644 --- a/internal/domain/acme.go +++ b/internal/domain/acme.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 package domain diff --git a/internal/domain/agent_group.go b/internal/domain/agent_group.go index fd1d860..2942ecc 100644 --- a/internal/domain/agent_group.go +++ b/internal/domain/agent_group.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import ( diff --git a/internal/domain/approval.go b/internal/domain/approval.go index b1a1b63..743dbd8 100644 --- a/internal/domain/approval.go +++ b/internal/domain/approval.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import "time" diff --git a/internal/domain/ari.go b/internal/domain/ari.go index a6a8921..a3fe4a2 100644 --- a/internal/domain/ari.go +++ b/internal/domain/ari.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import "time" diff --git a/internal/domain/audit.go b/internal/domain/audit.go index aae3e1a..963c6fe 100644 --- a/internal/domain/audit.go +++ b/internal/domain/audit.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import ( diff --git a/internal/domain/auth/apikey.go b/internal/domain/auth/apikey.go index a215e44..7e4e7c8 100644 --- a/internal/domain/auth/apikey.go +++ b/internal/domain/auth/apikey.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package auth import "time" diff --git a/internal/domain/auth/types.go b/internal/domain/auth/types.go index 5a92610..af5394a 100644 --- a/internal/domain/auth/types.go +++ b/internal/domain/auth/types.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package auth holds the RBAC domain types: tenants, roles, permissions, // role-permission grants, and actor-role assignments. Bundle 1 Phase 1 // ships these as the schema primitive; Phase 2 wires the service layer, diff --git a/internal/domain/auth/validate.go b/internal/domain/auth/validate.go index aff793d..ab0f563 100644 --- a/internal/domain/auth/validate.go +++ b/internal/domain/auth/validate.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package auth // Seed identifiers and constants used by the Phase 1 migration and the diff --git a/internal/domain/bulk_reassignment.go b/internal/domain/bulk_reassignment.go index 7f3a6f5..101e795 100644 --- a/internal/domain/bulk_reassignment.go +++ b/internal/domain/bulk_reassignment.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain // BulkReassignmentRequest is the input to POST /api/v1/certificates/bulk-reassign. diff --git a/internal/domain/bulk_renewal.go b/internal/domain/bulk_renewal.go index 71db4d3..7235acd 100644 --- a/internal/domain/bulk_renewal.go +++ b/internal/domain/bulk_renewal.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain // BulkRenewalCriteria selects a set of managed certificates to renew. At diff --git a/internal/domain/certificate.go b/internal/domain/certificate.go index 7c47248..bfc51ab 100644 --- a/internal/domain/certificate.go +++ b/internal/domain/certificate.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import ( diff --git a/internal/domain/connector.go b/internal/domain/connector.go index 6742e69..a62ac51 100644 --- a/internal/domain/connector.go +++ b/internal/domain/connector.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import ( diff --git a/internal/domain/crl_cache.go b/internal/domain/crl_cache.go index 37047b8..527a874 100644 --- a/internal/domain/crl_cache.go +++ b/internal/domain/crl_cache.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import "time" diff --git a/internal/domain/discovery.go b/internal/domain/discovery.go index b64fcc1..497cc90 100644 --- a/internal/domain/discovery.go +++ b/internal/domain/discovery.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import ( diff --git a/internal/domain/errors.go b/internal/domain/errors.go index 21b80a7..cd68bc3 100644 --- a/internal/domain/errors.go +++ b/internal/domain/errors.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package domain — error sentinels. // // S-2 closure (cat-s6-efc7f6f6bd50): pre-S-2 every handler-side diff --git a/internal/domain/est.go b/internal/domain/est.go index bbd3531..c39428c 100644 --- a/internal/domain/est.go +++ b/internal/domain/est.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain // ESTEnrollResult holds the result of an EST (RFC 7030) enrollment operation. diff --git a/internal/domain/health_check.go b/internal/domain/health_check.go index 1805794..9e6864c 100644 --- a/internal/domain/health_check.go +++ b/internal/domain/health_check.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import "time" diff --git a/internal/domain/intermediate_ca.go b/internal/domain/intermediate_ca.go index feb42c9..817a3ac 100644 --- a/internal/domain/intermediate_ca.go +++ b/internal/domain/intermediate_ca.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import "time" diff --git a/internal/domain/job.go b/internal/domain/job.go index 302c13a..6b773aa 100644 --- a/internal/domain/job.go +++ b/internal/domain/job.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import ( diff --git a/internal/domain/network_scan.go b/internal/domain/network_scan.go index 538a809..7203c21 100644 --- a/internal/domain/network_scan.go +++ b/internal/domain/network_scan.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import "time" diff --git a/internal/domain/notification.go b/internal/domain/notification.go index d520f2f..70e24d0 100644 --- a/internal/domain/notification.go +++ b/internal/domain/notification.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import ( diff --git a/internal/domain/ocsp_responder.go b/internal/domain/ocsp_responder.go index 80f2906..e853240 100644 --- a/internal/domain/ocsp_responder.go +++ b/internal/domain/ocsp_responder.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import "time" diff --git a/internal/domain/ocsp_response_cache.go b/internal/domain/ocsp_response_cache.go index 34f3066..b9ead7e 100644 --- a/internal/domain/ocsp_response_cache.go +++ b/internal/domain/ocsp_response_cache.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import "time" diff --git a/internal/domain/policy.go b/internal/domain/policy.go index 770d9bf..daa3305 100644 --- a/internal/domain/policy.go +++ b/internal/domain/policy.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import ( diff --git a/internal/domain/profile.go b/internal/domain/profile.go index 53b657e..39b4d44 100644 --- a/internal/domain/profile.go +++ b/internal/domain/profile.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import ( diff --git a/internal/domain/revocation.go b/internal/domain/revocation.go index 8779c44..8715d91 100644 --- a/internal/domain/revocation.go +++ b/internal/domain/revocation.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import "time" diff --git a/internal/domain/scep.go b/internal/domain/scep.go index ddeecc4..157870c 100644 --- a/internal/domain/scep.go +++ b/internal/domain/scep.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain // SCEPEnrollResult holds the result of a SCEP (RFC 8894) enrollment operation. diff --git a/internal/domain/team.go b/internal/domain/team.go index 767e5bd..d31c10a 100644 --- a/internal/domain/team.go +++ b/internal/domain/team.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import ( diff --git a/internal/domain/verification.go b/internal/domain/verification.go index 988c4b6..274ef69 100644 --- a/internal/domain/verification.go +++ b/internal/domain/verification.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package domain import "time" diff --git a/internal/mcp/client.go b/internal/mcp/client.go index 0a8a414..64d8599 100644 --- a/internal/mcp/client.go +++ b/internal/mcp/client.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package mcp import ( diff --git a/internal/mcp/fence.go b/internal/mcp/fence.go index a44bebc..51510ad 100644 --- a/internal/mcp/fence.go +++ b/internal/mcp/fence.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package mcp import ( diff --git a/internal/mcp/tools.go b/internal/mcp/tools.go index afec74a..11ebf37 100644 --- a/internal/mcp/tools.go +++ b/internal/mcp/tools.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package mcp import ( diff --git a/internal/mcp/tools_audit_fix.go b/internal/mcp/tools_audit_fix.go index 27377b5..f4a3b8d 100644 --- a/internal/mcp/tools_audit_fix.go +++ b/internal/mcp/tools_audit_fix.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package mcp // Audit 2026-05-10 MED-13 closure — 11 new MCP tools that round out diff --git a/internal/mcp/tools_auth.go b/internal/mcp/tools_auth.go index 24c0aa0..18853a1 100644 --- a/internal/mcp/tools_auth.go +++ b/internal/mcp/tools_auth.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package mcp import ( diff --git a/internal/mcp/tools_auth_bundle2.go b/internal/mcp/tools_auth_bundle2.go index 66587f2..04582e3 100644 --- a/internal/mcp/tools_auth_bundle2.go +++ b/internal/mcp/tools_auth_bundle2.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package mcp import ( diff --git a/internal/mcp/tools_est.go b/internal/mcp/tools_est.go index ef43bfe..47143e8 100644 --- a/internal/mcp/tools_est.go +++ b/internal/mcp/tools_est.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package mcp // EST RFC 7030 hardening master bundle Phase 9.2 — MCP tools. diff --git a/internal/mcp/types.go b/internal/mcp/types.go index e186a30..211c337 100644 --- a/internal/mcp/types.go +++ b/internal/mcp/types.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package mcp // Input types for MCP tool arguments. diff --git a/internal/pkcs7/certrep.go b/internal/pkcs7/certrep.go index 74a501d..80f1196 100644 --- a/internal/pkcs7/certrep.go +++ b/internal/pkcs7/certrep.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // CertRep PKIMessage response builder for SCEP. // // RFC 8894 §3.3.2 (Certificate Response Message Format) + diff --git a/internal/pkcs7/envelopeddata.go b/internal/pkcs7/envelopeddata.go index 8f05d04..d2a1414 100644 --- a/internal/pkcs7/envelopeddata.go +++ b/internal/pkcs7/envelopeddata.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // EnvelopedData parser + decryptor for SCEP PKIMessage. // // RFC 5652 §6 (Cryptographic Message Syntax — EnvelopedData) + diff --git a/internal/pkcs7/envelopeddata_builder.go b/internal/pkcs7/envelopeddata_builder.go index a897485..cfdb23f 100644 --- a/internal/pkcs7/envelopeddata_builder.go +++ b/internal/pkcs7/envelopeddata_builder.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // EnvelopedData BUILDER (inverse of envelopeddata.go's parser+decryptor). // // EST RFC 7030 hardening master bundle Phase 5.2. diff --git a/internal/pkcs7/pkcs7.go b/internal/pkcs7/pkcs7.go index 35fefd0..3baa939 100644 --- a/internal/pkcs7/pkcs7.go +++ b/internal/pkcs7/pkcs7.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package pkcs7 provides ASN.1 helpers for building PKCS#7 structures. // Used by EST (RFC 7030) and SCEP (RFC 8894) protocol handlers. // No external dependencies — hand-rolled ASN.1 encoding only. diff --git a/internal/pkcs7/signedinfo.go b/internal/pkcs7/signedinfo.go index 25407eb..d99c694 100644 --- a/internal/pkcs7/signedinfo.go +++ b/internal/pkcs7/signedinfo.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // SignerInfo parser + signature verifier for SCEP PKIMessage. // // RFC 5652 §5 (SignedData) + RFC 8894 §3.2.1 (SCEP authenticatedAttributes). diff --git a/internal/ratelimit/sliding_window.go b/internal/ratelimit/sliding_window.go index 3a146fc..2aa3d4d 100644 --- a/internal/ratelimit/sliding_window.go +++ b/internal/ratelimit/sliding_window.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package ratelimit provides shared rate-limit primitives used by // authenticated-but-shared-credential code paths (SCEP/Intune // per-device challenge enrollment, EST per-principal CSR enrollment, diff --git a/internal/repository/auth.go b/internal/repository/auth.go index 33e1401..754706f 100644 --- a/internal/repository/auth.go +++ b/internal/repository/auth.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package repository import ( diff --git a/internal/repository/breakglass.go b/internal/repository/breakglass.go index ea9e783..15ba33e 100644 --- a/internal/repository/breakglass.go +++ b/internal/repository/breakglass.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package repository import ( diff --git a/internal/repository/errors.go b/internal/repository/errors.go index bb8d861..6c1e137 100644 --- a/internal/repository/errors.go +++ b/internal/repository/errors.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package repository defines the repository-layer error sentinels that // handlers map to HTTP status codes via errors.Is. // diff --git a/internal/repository/filters.go b/internal/repository/filters.go index ebf237b..7bc3308 100644 --- a/internal/repository/filters.go +++ b/internal/repository/filters.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package repository import "time" diff --git a/internal/repository/interfaces.go b/internal/repository/interfaces.go index b63ce13..30480c3 100644 --- a/internal/repository/interfaces.go +++ b/internal/repository/interfaces.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package repository import ( diff --git a/internal/repository/oidc.go b/internal/repository/oidc.go index 35db30d..5485c7a 100644 --- a/internal/repository/oidc.go +++ b/internal/repository/oidc.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package repository import ( diff --git a/internal/repository/oidc_bcl.go b/internal/repository/oidc_bcl.go index e3f3aa3..81565c2 100644 --- a/internal/repository/oidc_bcl.go +++ b/internal/repository/oidc_bcl.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package repository import ( diff --git a/internal/repository/postgres/acme.go b/internal/repository/postgres/acme.go index b421817..45664aa 100644 --- a/internal/repository/postgres/acme.go +++ b/internal/repository/postgres/acme.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 package postgres diff --git a/internal/repository/postgres/agent.go b/internal/repository/postgres/agent.go index 0d50b5a..2463e0d 100644 --- a/internal/repository/postgres/agent.go +++ b/internal/repository/postgres/agent.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/agent_group.go b/internal/repository/postgres/agent_group.go index 34b583a..0b922ad 100644 --- a/internal/repository/postgres/agent_group.go +++ b/internal/repository/postgres/agent_group.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/approval.go b/internal/repository/postgres/approval.go index 02fca6a..a15eeda 100644 --- a/internal/repository/postgres/approval.go +++ b/internal/repository/postgres/approval.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/audit.go b/internal/repository/postgres/audit.go index d9c934c..3106501 100644 --- a/internal/repository/postgres/audit.go +++ b/internal/repository/postgres/audit.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/auth.go b/internal/repository/postgres/auth.go index ad24b3f..1e86a24 100644 --- a/internal/repository/postgres/auth.go +++ b/internal/repository/postgres/auth.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/breakglass.go b/internal/repository/postgres/breakglass.go index 6eefd24..cf5de66 100644 --- a/internal/repository/postgres/breakglass.go +++ b/internal/repository/postgres/breakglass.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/certificate.go b/internal/repository/postgres/certificate.go index c999153..19b6390 100644 --- a/internal/repository/postgres/certificate.go +++ b/internal/repository/postgres/certificate.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/crl_cache.go b/internal/repository/postgres/crl_cache.go index 5191b45..208923a 100644 --- a/internal/repository/postgres/crl_cache.go +++ b/internal/repository/postgres/crl_cache.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/db.go b/internal/repository/postgres/db.go index 56b9789..35b676c 100644 --- a/internal/repository/postgres/db.go +++ b/internal/repository/postgres/db.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/discovery.go b/internal/repository/postgres/discovery.go index 94035bd..7391cd1 100644 --- a/internal/repository/postgres/discovery.go +++ b/internal/repository/postgres/discovery.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/health_check.go b/internal/repository/postgres/health_check.go index 20740fe..139f1b3 100644 --- a/internal/repository/postgres/health_check.go +++ b/internal/repository/postgres/health_check.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/intermediate_ca.go b/internal/repository/postgres/intermediate_ca.go index 053254e..88970b0 100644 --- a/internal/repository/postgres/intermediate_ca.go +++ b/internal/repository/postgres/intermediate_ca.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/issuer.go b/internal/repository/postgres/issuer.go index 4693ac4..3eec090 100644 --- a/internal/repository/postgres/issuer.go +++ b/internal/repository/postgres/issuer.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/job.go b/internal/repository/postgres/job.go index 030e309..72b8141 100644 --- a/internal/repository/postgres/job.go +++ b/internal/repository/postgres/job.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/network_scan.go b/internal/repository/postgres/network_scan.go index 70f920c..878a1db 100644 --- a/internal/repository/postgres/network_scan.go +++ b/internal/repository/postgres/network_scan.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/notification.go b/internal/repository/postgres/notification.go index 2f4245f..8d68f68 100644 --- a/internal/repository/postgres/notification.go +++ b/internal/repository/postgres/notification.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/ocsp_responder.go b/internal/repository/postgres/ocsp_responder.go index 68a110c..065237a 100644 --- a/internal/repository/postgres/ocsp_responder.go +++ b/internal/repository/postgres/ocsp_responder.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/ocsp_response_cache.go b/internal/repository/postgres/ocsp_response_cache.go index 3332df3..04d47f5 100644 --- a/internal/repository/postgres/ocsp_response_cache.go +++ b/internal/repository/postgres/ocsp_response_cache.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/oidc.go b/internal/repository/postgres/oidc.go index a0ec971..33175d0 100644 --- a/internal/repository/postgres/oidc.go +++ b/internal/repository/postgres/oidc.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/oidc_bcl.go b/internal/repository/postgres/oidc_bcl.go index 8849366..5e81f04 100644 --- a/internal/repository/postgres/oidc_bcl.go +++ b/internal/repository/postgres/oidc_bcl.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/oidc_prelogin.go b/internal/repository/postgres/oidc_prelogin.go index bbb0c75..ca247ca 100644 --- a/internal/repository/postgres/oidc_prelogin.go +++ b/internal/repository/postgres/oidc_prelogin.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/owner.go b/internal/repository/postgres/owner.go index 60648e2..40ed70e 100644 --- a/internal/repository/postgres/owner.go +++ b/internal/repository/postgres/owner.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/policy.go b/internal/repository/postgres/policy.go index b72ae3c..b4b2c52 100644 --- a/internal/repository/postgres/policy.go +++ b/internal/repository/postgres/policy.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/profile.go b/internal/repository/postgres/profile.go index 49705d0..e3e5e80 100644 --- a/internal/repository/postgres/profile.go +++ b/internal/repository/postgres/profile.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/renewal_policy.go b/internal/repository/postgres/renewal_policy.go index add2d14..2504990 100644 --- a/internal/repository/postgres/renewal_policy.go +++ b/internal/repository/postgres/renewal_policy.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/revocation.go b/internal/repository/postgres/revocation.go index e24d1ef..6e6e590 100644 --- a/internal/repository/postgres/revocation.go +++ b/internal/repository/postgres/revocation.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/scep_probe_results.go b/internal/repository/postgres/scep_probe_results.go index b53f5e9..e4a459a 100644 --- a/internal/repository/postgres/scep_probe_results.go +++ b/internal/repository/postgres/scep_probe_results.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/session.go b/internal/repository/postgres/session.go index a6710ef..a9e276d 100644 --- a/internal/repository/postgres/session.go +++ b/internal/repository/postgres/session.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/target.go b/internal/repository/postgres/target.go index b85b041..0c44648 100644 --- a/internal/repository/postgres/target.go +++ b/internal/repository/postgres/target.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/team.go b/internal/repository/postgres/team.go index 9dc3aab..e3e3586 100644 --- a/internal/repository/postgres/team.go +++ b/internal/repository/postgres/team.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/postgres/tx.go b/internal/repository/postgres/tx.go index 2d654fd..98348ee 100644 --- a/internal/repository/postgres/tx.go +++ b/internal/repository/postgres/tx.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 // WithinTx is the transactional spine for any service-layer operation // whose audit row must be atomic with the underlying state change. diff --git a/internal/repository/postgres/user.go b/internal/repository/postgres/user.go index ec3358f..34da837 100644 --- a/internal/repository/postgres/user.go +++ b/internal/repository/postgres/user.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package postgres import ( diff --git a/internal/repository/querier.go b/internal/repository/querier.go index 177c09b..011fd60 100644 --- a/internal/repository/querier.go +++ b/internal/repository/querier.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 package repository diff --git a/internal/repository/session.go b/internal/repository/session.go index 5fb97f1..63094e6 100644 --- a/internal/repository/session.go +++ b/internal/repository/session.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package repository import ( diff --git a/internal/repository/user.go b/internal/repository/user.go index f40b923..89c2646 100644 --- a/internal/repository/user.go +++ b/internal/repository/user.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package repository import ( diff --git a/internal/scep/intune/challenge.go b/internal/scep/intune/challenge.go index 109a290..b24e6ec 100644 --- a/internal/scep/intune/challenge.go +++ b/internal/scep/intune/challenge.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package intune import ( diff --git a/internal/scep/intune/claim.go b/internal/scep/intune/claim.go index cbb3f99..3776adc 100644 --- a/internal/scep/intune/claim.go +++ b/internal/scep/intune/claim.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package intune import ( diff --git a/internal/scep/intune/doc.go b/internal/scep/intune/doc.go index 6bf1654..14bb05e 100644 --- a/internal/scep/intune/doc.go +++ b/internal/scep/intune/doc.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package intune handles the Microsoft Intune dynamic-challenge format // embedded in SCEP CSR challengePassword attributes when the SCEP server // is sitting behind the Microsoft Intune Certificate Connector. diff --git a/internal/scep/intune/rate_limit.go b/internal/scep/intune/rate_limit.go index 6e39205..9640d8e 100644 --- a/internal/scep/intune/rate_limit.go +++ b/internal/scep/intune/rate_limit.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package intune import ( diff --git a/internal/scep/intune/replay.go b/internal/scep/intune/replay.go index 45f7488..2f99fe1 100644 --- a/internal/scep/intune/replay.go +++ b/internal/scep/intune/replay.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package intune import ( diff --git a/internal/scep/intune/trust_anchor.go b/internal/scep/intune/trust_anchor.go index 9ce9835..8c134bc 100644 --- a/internal/scep/intune/trust_anchor.go +++ b/internal/scep/intune/trust_anchor.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package intune // SCEP RFC 8894 + Intune master bundle Phase 7.2 (originally) + diff --git a/internal/scep/intune/trust_anchor_holder.go b/internal/scep/intune/trust_anchor_holder.go index 06fd38f..185b36e 100644 --- a/internal/scep/intune/trust_anchor_holder.go +++ b/internal/scep/intune/trust_anchor_holder.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package intune // SCEP RFC 8894 + Intune master bundle Phase 8.5 (originally) + diff --git a/internal/scheduler/scheduler.go b/internal/scheduler/scheduler.go index a61dba1..ae6362e 100644 --- a/internal/scheduler/scheduler.go +++ b/internal/scheduler/scheduler.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package scheduler import ( diff --git a/internal/secret/secret.go b/internal/secret/secret.go index aea6156..cba5136 100644 --- a/internal/secret/secret.go +++ b/internal/secret/secret.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 // Package secret provides Ref, an opaque handle to a credential. // diff --git a/internal/service/acme.go b/internal/service/acme.go index 00d948e..f4cb3b6 100644 --- a/internal/service/acme.go +++ b/internal/service/acme.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 package service diff --git a/internal/service/agent.go b/internal/service/agent.go index 59342bf..9fb2635 100644 --- a/internal/service/agent.go +++ b/internal/service/agent.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/agent_group.go b/internal/service/agent_group.go index 1138661..52f8bde 100644 --- a/internal/service/agent_group.go +++ b/internal/service/agent_group.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/agent_retire.go b/internal/service/agent_retire.go index 84fc598..ab5974b 100644 --- a/internal/service/agent_retire.go +++ b/internal/service/agent_retire.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/approval.go b/internal/service/approval.go index f36d6d6..2d30d6c 100644 --- a/internal/service/approval.go +++ b/internal/service/approval.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/approval_metrics.go b/internal/service/approval_metrics.go index e1f4fb2..8c5fb2b 100644 --- a/internal/service/approval_metrics.go +++ b/internal/service/approval_metrics.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/audit.go b/internal/service/audit.go index 94614b2..1a3846e 100644 --- a/internal/service/audit.go +++ b/internal/service/audit.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/audit_redact.go b/internal/service/audit_redact.go index 127fb0b..ab65ca5 100644 --- a/internal/service/audit_redact.go +++ b/internal/service/audit_redact.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/auth/actor_role_service.go b/internal/service/auth/actor_role_service.go index 7b9d7c7..43d3e96 100644 --- a/internal/service/auth/actor_role_service.go +++ b/internal/service/auth/actor_role_service.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package auth import ( diff --git a/internal/service/auth/auth.go b/internal/service/auth/auth.go index 4a1723d..ed4c6ef 100644 --- a/internal/service/auth/auth.go +++ b/internal/service/auth/auth.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package auth holds the RBAC service layer: PermissionService, // RoleService, ActorRoleService, and the Authorizer primitive that // Phase 3 middleware (auth.RequirePermission) calls on every gated diff --git a/internal/service/auth/authorizer.go b/internal/service/auth/authorizer.go index 7f5bf4f..3ae821a 100644 --- a/internal/service/auth/authorizer.go +++ b/internal/service/auth/authorizer.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package auth import ( diff --git a/internal/service/auth/permission_service.go b/internal/service/auth/permission_service.go index 485d791..2d73d78 100644 --- a/internal/service/auth/permission_service.go +++ b/internal/service/auth/permission_service.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package auth import ( diff --git a/internal/service/auth/role_service.go b/internal/service/auth/role_service.go index fe6dca8..ced345e 100644 --- a/internal/service/auth/role_service.go +++ b/internal/service/auth/role_service.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package auth import ( diff --git a/internal/service/bulk_reassignment.go b/internal/service/bulk_reassignment.go index 6b6926f..4410e18 100644 --- a/internal/service/bulk_reassignment.go +++ b/internal/service/bulk_reassignment.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/bulk_renewal.go b/internal/service/bulk_renewal.go index 9793056..90b0e16 100644 --- a/internal/service/bulk_renewal.go +++ b/internal/service/bulk_renewal.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/bulk_revocation.go b/internal/service/bulk_revocation.go index f76ad68..cbb8f8e 100644 --- a/internal/service/bulk_revocation.go +++ b/internal/service/bulk_revocation.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/ca_operations.go b/internal/service/ca_operations.go index 3109ba8..dc77a7e 100644 --- a/internal/service/ca_operations.go +++ b/internal/service/ca_operations.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/certificate.go b/internal/service/certificate.go index fc15909..bc8c39b 100644 --- a/internal/service/certificate.go +++ b/internal/service/certificate.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/cloud_discovery.go b/internal/service/cloud_discovery.go index 05c044f..888f879 100644 --- a/internal/service/cloud_discovery.go +++ b/internal/service/cloud_discovery.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/config_helpers.go b/internal/service/config_helpers.go index 56565fa..b9a761a 100644 --- a/internal/service/config_helpers.go +++ b/internal/service/config_helpers.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/crl_cache.go b/internal/service/crl_cache.go index c5c2824..21a1450 100644 --- a/internal/service/crl_cache.go +++ b/internal/service/crl_cache.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/crypto_validation.go b/internal/service/crypto_validation.go index dcdbf4f..d396a91 100644 --- a/internal/service/crypto_validation.go +++ b/internal/service/crypto_validation.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/deploy_counters.go b/internal/service/deploy_counters.go index ad86959..dbb651b 100644 --- a/internal/service/deploy_counters.go +++ b/internal/service/deploy_counters.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/deployment.go b/internal/service/deployment.go index 57d8297..41a2859 100644 --- a/internal/service/deployment.go +++ b/internal/service/deployment.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/digest.go b/internal/service/digest.go index 7f77f2c..d5f1838 100644 --- a/internal/service/digest.go +++ b/internal/service/digest.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/discovery.go b/internal/service/discovery.go index 93731df..a232d9c 100644 --- a/internal/service/discovery.go +++ b/internal/service/discovery.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/est.go b/internal/service/est.go index 0fb5ffb..aac1350 100644 --- a/internal/service/est.go +++ b/internal/service/est.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/est_audit_actions.go b/internal/service/est_audit_actions.go index 4a44df4..5bcc8c8 100644 --- a/internal/service/est_audit_actions.go +++ b/internal/service/est_audit_actions.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service // EST RFC 7030 hardening master bundle Phase 11.3 — typed audit action diff --git a/internal/service/est_counters.go b/internal/service/est_counters.go index e2d406e..adb6e30 100644 --- a/internal/service/est_counters.go +++ b/internal/service/est_counters.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/expiry_alert_metrics.go b/internal/service/expiry_alert_metrics.go index 0e8306e..1ba6c6f 100644 --- a/internal/service/expiry_alert_metrics.go +++ b/internal/service/expiry_alert_metrics.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/export.go b/internal/service/export.go index ffa8545..68ec910 100644 --- a/internal/service/export.go +++ b/internal/service/export.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/export_audit_actions.go b/internal/service/export_audit_actions.go index 2a2ec33..251c4ed 100644 --- a/internal/service/export_audit_actions.go +++ b/internal/service/export_audit_actions.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service // Production hardening II Phase 7 — typed audit-action codes for the diff --git a/internal/service/health_check.go b/internal/service/health_check.go index 77754a7..5d7e384 100644 --- a/internal/service/health_check.go +++ b/internal/service/health_check.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/intermediate_ca.go b/internal/service/intermediate_ca.go index 59c8078..ea98a0e 100644 --- a/internal/service/intermediate_ca.go +++ b/internal/service/intermediate_ca.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/intermediate_ca_metrics.go b/internal/service/intermediate_ca_metrics.go index 5eb2960..5674393 100644 --- a/internal/service/intermediate_ca_metrics.go +++ b/internal/service/intermediate_ca_metrics.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/issuance_metrics.go b/internal/service/issuance_metrics.go index 63c0590..2629aea 100644 --- a/internal/service/issuance_metrics.go +++ b/internal/service/issuance_metrics.go @@ -1,5 +1,5 @@ -// Copyright (c) certctl -// SPDX-License-Identifier: BSL-1.1 +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 package service diff --git a/internal/service/issuer.go b/internal/service/issuer.go index bba6569..0670de3 100644 --- a/internal/service/issuer.go +++ b/internal/service/issuer.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/issuer_adapter.go b/internal/service/issuer_adapter.go index 3af5611..64b2259 100644 --- a/internal/service/issuer_adapter.go +++ b/internal/service/issuer_adapter.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/issuer_registry.go b/internal/service/issuer_registry.go index c7aec3b..c89ba81 100644 --- a/internal/service/issuer_registry.go +++ b/internal/service/issuer_registry.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/job.go b/internal/service/job.go index 93a6f80..21ac164 100644 --- a/internal/service/job.go +++ b/internal/service/job.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/network_scan.go b/internal/service/network_scan.go index 2a1ee45..e37b015 100644 --- a/internal/service/network_scan.go +++ b/internal/service/network_scan.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/notification.go b/internal/service/notification.go index 54b6d0a..c08d4d0 100644 --- a/internal/service/notification.go +++ b/internal/service/notification.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/ocsp_counters.go b/internal/service/ocsp_counters.go index 4b3f5c2..ad73a6f 100644 --- a/internal/service/ocsp_counters.go +++ b/internal/service/ocsp_counters.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import "sync/atomic" diff --git a/internal/service/ocsp_nonce.go b/internal/service/ocsp_nonce.go index 5065c5d..71b7876 100644 --- a/internal/service/ocsp_nonce.go +++ b/internal/service/ocsp_nonce.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/ocsp_response_cache.go b/internal/service/ocsp_response_cache.go index 8dc29d2..8012ee1 100644 --- a/internal/service/ocsp_response_cache.go +++ b/internal/service/ocsp_response_cache.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/owner.go b/internal/service/owner.go index dee65f9..b8cc77d 100644 --- a/internal/service/owner.go +++ b/internal/service/owner.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/policy.go b/internal/service/policy.go index f75da8b..6ed7063 100644 --- a/internal/service/policy.go +++ b/internal/service/policy.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/profile.go b/internal/service/profile.go index ed54a67..6c549c1 100644 --- a/internal/service/profile.go +++ b/internal/service/profile.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/renewal.go b/internal/service/renewal.go index 737004c..6f2a509 100644 --- a/internal/service/renewal.go +++ b/internal/service/renewal.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/renewal_policy.go b/internal/service/renewal_policy.go index d77a4e1..77d5cc6 100644 --- a/internal/service/renewal_policy.go +++ b/internal/service/renewal_policy.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/revocation_svc.go b/internal/service/revocation_svc.go index 2e4baa9..5f787cc 100644 --- a/internal/service/revocation_svc.go +++ b/internal/service/revocation_svc.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/scep.go b/internal/service/scep.go index a5991ab..9c9d9e6 100644 --- a/internal/service/scep.go +++ b/internal/service/scep.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/scep_probe.go b/internal/service/scep_probe.go index c78995b..00b64a2 100644 --- a/internal/service/scep_probe.go +++ b/internal/service/scep_probe.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/stats.go b/internal/service/stats.go index 305b634..9760dc5 100644 --- a/internal/service/stats.go +++ b/internal/service/stats.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/target.go b/internal/service/target.go index 5d189d6..dea2ef5 100644 --- a/internal/service/target.go +++ b/internal/service/target.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/team.go b/internal/service/team.go index 9cde258..515e98c 100644 --- a/internal/service/team.go +++ b/internal/service/team.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/service/vault_renewal_metrics.go b/internal/service/vault_renewal_metrics.go index 90856f1..f7019a7 100644 --- a/internal/service/vault_renewal_metrics.go +++ b/internal/service/vault_renewal_metrics.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import "sync/atomic" diff --git a/internal/service/verification.go b/internal/service/verification.go index ebaedd5..1906f7b 100644 --- a/internal/service/verification.go +++ b/internal/service/verification.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package service import ( diff --git a/internal/tlsprobe/probe.go b/internal/tlsprobe/probe.go index 340e9cd..f8e641b 100644 --- a/internal/tlsprobe/probe.go +++ b/internal/tlsprobe/probe.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package tlsprobe import ( diff --git a/internal/tlsprobe/retry.go b/internal/tlsprobe/retry.go index df1be4d..fec9af7 100644 --- a/internal/tlsprobe/retry.go +++ b/internal/tlsprobe/retry.go @@ -1,7 +1,5 @@ -// Copyright (c) 2025 Certctl Contributors -// -// SPDX-License-Identifier: BSL-1.1 -// See COPYING for license details. +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 package tlsprobe diff --git a/internal/trustanchor/holder.go b/internal/trustanchor/holder.go index b12fbea..e71616a 100644 --- a/internal/trustanchor/holder.go +++ b/internal/trustanchor/holder.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package trustanchor provides a SIGHUP-reloadable PEM-bundle trust pool // shared by the SCEP/Intune dispatcher (per-profile Microsoft Intune // Connector signing-cert anchor), the EST mTLS sibling route (per-profile diff --git a/internal/validation/command.go b/internal/validation/command.go index 127e314..9d1924f 100644 --- a/internal/validation/command.go +++ b/internal/validation/command.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + // Package validation provides security-focused input validation functions for certctl. // // This package enforces strict input validation to prevent injection attacks, diff --git a/internal/validation/headers.go b/internal/validation/headers.go index de6127d..76daa50 100644 --- a/internal/validation/headers.go +++ b/internal/validation/headers.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package validation import ( diff --git a/internal/validation/ssrf.go b/internal/validation/ssrf.go index 65b7f14..1dc86ae 100644 --- a/internal/validation/ssrf.go +++ b/internal/validation/ssrf.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package validation import ( diff --git a/internal/validation/unicode.go b/internal/validation/unicode.go index 8ff3e8b..2d3584a 100644 --- a/internal/validation/unicode.go +++ b/internal/validation/unicode.go @@ -1,3 +1,6 @@ +// Copyright 2026 certctl LLC. All rights reserved. +// SPDX-License-Identifier: BUSL-1.1 + package validation import (