Zenzic Compliance: Apache-2.0 + REUSE 3.3
"Every file in Zenzic carries the cryptographic signature of its license. There are no dark corners."
1. The License
Zenzic is distributed as free and open-source software under the Apache License 2.0. This is not a policy choice — it is an engineering commitment. It permits free use, modification, and distribution in all environments, including commercial contexts. Apache-2.0 provides:
| Permission | Details |
|---|---|
| ✅ Commercial use | No restrictions |
| ✅ Modification | Fork, patch, extend |
| ✅ Distribution | Redistribute under same license |
| ✅ Patent grant | Explicit patent license from all contributors |
Conditions:
- Preserve the
LICENSEandNOTICEfiles in distributions. - State significant changes in modified versions.
Full text: LICENSE file at the root of each Zenzic repository.
2. The License Signature — SPDX + REUSE 3.3
Every source file in Zenzic carries an SPDX header — a machine-readable declaration of authorship and license:
# SPDX-FileCopyrightText: 2026 PythonWoods <[email protected]>
# SPDX-License-Identifier: Apache-2.0
This is not a comment. It is a license signature — machine-parseable by any
REUSE 3.3-compliant tool, including reuse lint.
Files without an individual header are covered by REUSE.toml bulk declarations:
[[annotations]]
path = ["docs/**", "i18n/**", "*.md"]
SPDX-License-Identifier = "Apache-2.0"
[[annotations]]
path = ["build/**", "node_modules/**", ".docusaurus/**"]
SPDX-License-Identifier = "Apache-2.0"
Coverage strategy:
| Component | Method |
|---|---|
| Python source files | Per-file SPDX header |
| Shell scripts | Per-file SPDX header |
| Configuration (TOML, YAML) | Per-file header or REUSE.toml |
Documentation (.mdx, .md) | REUSE.toml bulk declaration |
| Auto-generated files | REUSE.toml coverage |
| Binary assets (SVG, PNG) | REUSE.toml bulk declaration |
3. The Single Gate of Truth
uv run reuse lint
This is the only authorised compliance verification command. It:
- Parses every SPDX header in every file.
- Validates all
REUSE.tomlbulk declarations. - Reports any file without coverage as a compliance failure.
- Returns exit 0 only when 100% of files have a declared license.
Expected output:
Congratulations! Your project is compliant with version 3.3 of the REUSE Specification.
This gate runs in:
- The Zenzic Guard pre-commit hook (hook 8 of 8)
just verify— the full local final guard
Any PR that fails uv run reuse lint does not merge.
Operational note: if a reference endpoint times out in the final guard, keep the document content unchanged and use the local permalink instead of an external URL. For the adapter guide, link to
/developers/how-to/implement-adapterso the guard checks the real site route without depending on a remote fetch.
4. Contributor Policy — No CLA, Multi-Author Copyright
Zenzic uses the multi-author copyright model. No Contributor License Agreement (CLA) is required.
| Scenario | Action |
|---|---|
| New file (any contributor) | Add your own SPDX copyright line |
| Small change (< 10 lines) | Keep existing headers unchanged |
| Substantial contribution | Append your copyright line below existing lines |
Example of multi-author file:
# SPDX-FileCopyrightText: 2026 PythonWoods <[email protected]>
# SPDX-FileCopyrightText: 2026 Contributor Name <[email protected]>
# SPDX-License-Identifier: Apache-2.0
You retain copyright of your contribution. The Apache-2.0 license — including its patent grant — applies automatically upon submission.
5. Third-Party Dependency Policy
Zenzic may only depend on libraries with Apache-2.0-compatible licenses:
| License | Compatible | Notes |
|---|---|---|
| MIT | ✅ | Permissive |
| BSD 2/3-Clause | ✅ | Permissive |
| Apache-2.0 | ✅ | Identical |
| LGPL-3.0 | ✅ | Library use only |
| ISC | ✅ | MIT-equivalent |
| GPL-2.0 / GPL-3.0 | ❌ | Copyleft contamination |
| Proprietary | ❌ | Not open-source |
When adding a dependency:
- Verify license compatibility above.
- Add to the
NOTICEfile: name, URL, copyright holder, license identifier. - Run
uv run reuse lint— no regressions accepted.
6. Legal Disclaimer
This document provides operational guidance, not legal advice. For questions regarding Apache-2.0 compliance, patent grants, or contribution rights in your jurisdiction, consult qualified legal counsel.
References:
- Apache License 2.0
- REUSE 3.3 Specification
- SPDX License List