Every Cyberun deployment runs against a license issued by Cyberun. A License Server component, deployed alongside the rest of the stack, validates the license and issues short-lived leases to the API server and gateway. The license determines which features the deployment exposes and what capacity limits apply. This page covers the lifecycle — what the license carries, what happens when it expires, how renewals work, how air-gapped deployments handle it. The full enumeration of what’s gated lives in Feature catalog.Documentation Index
Fetch the complete documentation index at: https://docs.cyberun.cloud/llms.txt
Use this file to discover all available pages before exploring further.
What the license carries
Two payloads inside the signed license file:- Features — a set of boolean entitlements. Each flag enables a capability (MCP server, webhooks, container services, Nerfstudio, OIDC provider, custom models, …). See Feature catalog for the complete list with default values per deployment template.
- Quotas — numeric caps. Counts of users, teams, agents,
concurrent tasks, members per team, integration credentials per
team, and several others.
-1means unlimited,0means disabled,>0is a hard cap. Enforcement is per-team and per-deployment depending on the key namespace.
How validation works
Validation is not a one-time local file check. It runs through the License Server, a component you deploy as part of every Cyberun installation:- The License Server reads the license file, verifies its signature against the embedded public key, and binds the license to the host or cluster.
- At startup the API server and gateway connect to the License Server over HTTP through a challenge-response handshake, then request an initial lease — a short-lived, signed snapshot of the feature and quota payloads.
- A background refresh renews the lease on a schedule, so a revoked or changed license takes effect within minutes without a restart.
CYBERUN_LICENSE_SERVER_ADDRESSES (default
http://localhost:9400). You can list more than one address for
failover; each is tried in order until one answers. The License
Server must be deployed and reachable for the deployment to start
and to keep running.
If the License Server becomes unreachable, the API server and
gateway keep serving on the last good lease for a grace window
(currently 24 hours). Past that window, managed operations are
blocked until the License Server is reachable again. Core
administrative paths stay available so you can recover.
A valid license carries an expiry date in addition to the feature
and quota payloads. When the expiry date passes, validation
starts returning expired-license errors. Renewal is a license
re-issuance — Cyberun signs a new file with updated dates and
delivers it through the agreed channel.
What happens when a license expires or fails to validate
Gated operations start rejecting requests with503 (service
unavailable). A feature that’s simply turned off in a still-valid
license returns 403 instead. The error response identifies the
condition so the dashboard can render an explanatory page rather
than an empty shell.
Operations marked core continue to work — sign-in, list teams,
basic read paths, license re-load. The intent is for
administrators to be able to renew without locking themselves out.
The unreachability grace window described above does not apply to
expiry: once the license’s own expiry date passes, there is no
grace period. Plan renewal ahead of expiry. Cyberun’s
renewal-reminder cadence
and the partner-side reminder tooling are in development; today
renewals are scheduled with Cyberun ahead of the expiry date.
Renewal
For Cyberun’s managed service, license renewal is handled automatically by the platform team — no operator action. For self-hosted partner deployments:- Cyberun signs a new license file with updated expiry and any feature changes negotiated.
- The signed file is delivered through the agreed channel (secure file transfer, key custodian, etc.).
- The operator places the file at the path the License Server reads from (deployment-specific) and restarts the License Server so it re-reads and re-verifies the file.
- The API server and gateway pick up the new feature and quota payloads on their next lease refresh — no restart of those components required.
Air-gapped deployments
Air-gapped deployments work the same way as connected ones. The License Server runs locally inside the air-gapped environment, so the challenge-response handshake and lease refresh between the API server, gateway, and License Server need no outbound connectivity. Nothing in the validation path reaches the public internet. What does require a manual step is re-issuance of the license file, since Cyberun signs it outside the air-gapped boundary:- Cyberun signs the renewed license file offline.
- The partner administrator brings it into the air-gapped environment through their existing media-control procedure and installs it for the local License Server.
- The local License Server re-reads the new file, and the API server and gateway pick up the change on their next lease refresh.
Backups and key custody
The license file is part of the deployment’s persistent state. Back it up alongside the database. Cyberun retains its own copy of every signed license; if a partner’s copy is lost, contact us and we’ll re-issue the same entitlement. The license’s public key embeds at build time in the platform binaries — the operator does not custody any signing keys.See also
- Feature catalog — every flag and quota the license can carry, with default values per deployment template.
- Upgrades — how license refreshes interact with the major-version boundary.
- Self-host — broader context for partner deployments.