AgentSkillsCN

licensing

强制性要求——在导入依赖之前务必检查其许可证。请自行编写代码,切勿照搬他人。

SKILL.md
--- frontmatter
name: licensing
description: MANDATORY - Check dependency licenses before importing. Write original code, don't copy.

Licensing

This project is MIT licensed. This skill covers dependency license compatibility and ethical code practices.


MIT: What It Means

AllowedRequiredProhibited
Commercial useInclude copyright noticeNone
ModificationInclude license text
Distribution
Private use

Key point: MIT is maximally permissive. Users can do almost anything with the code as long as they include the copyright and license notice.


Compatible Dependency Licenses

Before adding a dependency, check its license. These are compatible with MIT:

LicenseCompatibleNotes
MITYesSame license, no issues
BSD-2-ClauseYesPermissive
BSD-3-ClauseYesPermissive
ISCYesPermissive (like MIT)
Apache-2.0YesPermissive + patent grant
0BSDYesPublic domain equivalent
UnlicenseYesPublic domain
CC0YesPublic domain
MPL-2.0YesWeak copyleft, file-level (compatible but adds obligations)

Use With Caution

LicenseNotes
LGPL-2.1/3.0Technically compatible for Go (static linking debate), but prefer alternatives
GPL-3.0 / AGPL-3.0Technically compatible (you can use GPL code in an MIT project, but the combined work's distribution terms get complicated). Prefer MIT/Apache/BSD alternatives to keep things simple.

Incompatible (DO NOT USE)

LicenseWhy
SSPLNot OSI-approved, incompatible
BSLBusiness Source License, time-delayed open source
ProprietaryObviously incompatible
CC-BY-NCNon-commercial restriction
Commons ClauseCommercial restriction
No licenseTreat as proprietary — do not use

Checking Dependency Licenses

Go Dependencies

bash
# List all dependencies with licenses
go-licenses report ./... 2>/dev/null

# Or manually check go.mod imports
go list -m -json all | jq -r '.Path'
# Then check each on pkg.go.dev or GitHub

Before Adding a Dependency

  1. Check the LICENSE file in the repo
  2. Verify it's in the compatible list above
  3. If unclear, check SPDX identifier: https://spdx.org/licenses/

Planned Dependencies

Key dependencies and their licenses:

  • github.com/yuin/goldmark — MIT ✓
  • github.com/yuin/goldmark-highlighting — MIT ✓
  • go.abhg.dev/goldmark/mermaid — MIT ✓
  • github.com/alecthomas/chroma/v2 — MIT ✓

Writing Original Code

The Rule

Learn from other projects. Write your own code.

When studying how another project implements something:

  1. Understand the concept — What problem does it solve? What's the approach?
  2. Close the source — Don't have it open while writing
  3. Write from understanding — Implement based on your mental model
  4. Make it better — Your version should be at least as good, preferably superior

What's NOT Allowed

go
// WRONG: Copied from github.com/other/project
func ParseConfig(data []byte) (*Config, error) {
    // [copied code]
}

// WRONG: "Adapted" (minor variable renames)
func ParseConfiguration(input []byte) (*Configuration, error) {
    // [same logic, different names]
}

What IS Allowed

go
// RIGHT: Studied how X project handles URL rewriting,
// implemented our own version with better error messages
// and support for relative path resolution.
func RewriteRelativeURLs(doc []byte, baseURL string) []byte {
    // [original implementation]
}

Gray Areas

SituationGuidance
Standard patterns (middleware, handlers)OK — these are universal idioms
Algorithm from a paper/specOK — implement the spec, not someone's code
Small utility (max, min, clamp)OK — too simple to be copyrightable
Copied struct layoutRisky — restructure based on your needs
Copied test casesRisky — write your own test scenarios

When In Doubt

  1. Can you explain it without looking at the source?
  2. Would your implementation differ if you'd never seen theirs?
  3. Are you copying structure or just learning a concept?

If yes to all three, you're probably fine.


Bundled Assets

Static assets embedded in the binary must have compatible licenses AND be documented:

Location: embed/LICENSES.md

Current bundled assets:

  • mermaid.js — MIT ✓
  • github-markdown-css — MIT ✓

When adding bundled assets:

  1. Verify license compatibility
  2. Add license text to embed/LICENSES.md
  3. Note version in Makefile (pinned versions)

License Headers

Go files don't require license headers (the root LICENSE file covers everything).

If you want to add headers for clarity in key files:

go
// Copyright 2026 air-gapped
// SPDX-License-Identifier: MIT

Quick Reference

code
Adding a dependency?
  → Check license is in compatible list
  → If not listed, investigate before using
  → Prefer MIT/Apache/BSD — avoid copyleft

Learning from another project?
  → Understand the concept
  → Write your own implementation
  → Make it better

Bundling static assets?
  → Check license compatibility
  → Document in embed/LICENSES.md