# Licensing & Distribution

Capyshop is free to use and self-hosted. You deploy it via Docker with no fees, no transaction cuts, and full access to every feature. The source code is available for review and modification under the CapyShop License, while production releases ship as compiled Docker images for security.

## The AI Security Problem

The rise of AI coding agents has fundamentally changed the threat landscape for open-source software — especially for e-commerce platforms that handle payments, customer data, and business logic.

**What changed:**

- AI agents can scan entire public repositories in seconds, identifying vulnerabilities that would take a human security researcher hours or days to find.
- Once a vulnerability is identified, an AI agent can generate a working exploit almost instantly — dramatically shrinking the window between discovery and attack.
- E-commerce platforms are high-value targets: they process payments, store personal data, and run business-critical operations.
- Open-source e-commerce codebases give attackers a complete blueprint of the system — authentication flows, payment processing, data validation, and API endpoints are all visible.

**The reality:** It has never been so easy to hack open repositories with AI agents. If an attacker spots something in your codebase, they can have a working exploit within minutes. This makes publicly readable source code for production e-commerce platforms simply too dangerous.

## What This Means for You

### You can still use Capyshop freely

- **Deploy via Docker** — Pull the official image from Docker Hub (`capyshop/capyshop`) and run your store.
- **No fees** — Capyshop is free to use for running your own online store. No monthly fees, no transaction cuts.
- **Full features** — Every feature is included. There are no premium tiers or paywalled functionality.

### The Docker images are hardened

- The server bundle is **minified** — variable names, function names, and code structure are obfuscated.
- **No raw source code** ships in the production image — only compiled JavaScript.
- Source maps are not included.

### The license allows modification

Under the CapyShop Source Available License, you can:

- **Use** the software for any purpose, including commercial use (running your own store).
- **Copy and modify** the software to create derivative works.
- **Distribute** the software and derivative works (with the license included).

You **cannot**:

- Sell the software or any derivative work.
- Offer it as a paid hosted service (SaaS).
- Remove the license or copyright notices.

## Why Not Fully Open Source?

Traditional open-source licenses (MIT, Apache, GPL) were designed in an era where reading and understanding a codebase required significant human effort. That natural barrier provided a degree of security through complexity.

AI agents have removed that barrier. A publicly readable codebase for an e-commerce platform now represents an unacceptable security risk for the merchants who depend on it.

By distributing compiled images while keeping the source code reviewable, we maintain:

- **Security** — Attackers cannot trivially analyze the production code for vulnerabilities.
- **Freedom** — Users can still use, modify, and self-host the platform.
- **Trust** — The license and source availability mean you can audit the code if needed.

## Getting Started

Ready to deploy? Follow the [Docker Deployment guide](/docker-deployment) to get your store running.