License¶

PerfShop is distributed under a dual license: AGPL-3.0-or-later for open source use, and a commercial license for use cases that cannot satisfy the AGPL obligations. This page summarizes the conditions in plain language; refer to the license files in the repository for the official legal text.

License files

LICENSE — full AGPL-3.0-or-later text
LICENSE-COMMERCIAL.fr — French summary of the commercial license
LICENSE-COMMERCIAL.en — English summary
THIRD-PARTY-LICENSES — third-party dependency licenses

AGPL-3.0-or-later (open source use)¶

The AGPL (GNU Affero General Public License) is a strong copyleft license. You can use, study, modify and redistribute PerfShop freely, provided you meet certain obligations.

What the AGPL allows¶

✅ Use PerfShop in any private, academic or in-house context
✅ Study the source code — everything is open, nothing is hidden
✅ Modify the code to adapt it to your needs
✅ Redistribute modified versions, under the same AGPL license
✅ Run it on your own servers for use within your organization
✅ Integrate PerfShop into academic research and publish work based on it

What the AGPL requires¶

📄 Publish your modifications under AGPL-3.0-or-later if you redistribute modified code
🌐 Make the source code accessible to users of a modified version exposed on a network — this is the key difference from the classic GPL: if you host a modified version of PerfShop on a server accessible via the Internet or an intranet, you must allow users of that instance to download the corresponding source code
📎 Preserve copyright notices and SPDX headers in all modified files
⚖️ Use the same license for derivative works — you cannot relicense under another open source license nor under proprietary terms

Typical use cases¶

The AGPL is a perfect fit if you:

Want to use PerfShop free of charge for in-house training — no requirement as long as you do not expose a modified version
Contribute to PerfShop — modifications submitted as a Pull Request remain under AGPL
Fork PerfShop for a public academic project — this is exactly the use case the license was designed for
Integrate PerfShop into a research lab

What is problematic under AGPL¶

The AGPL becomes binding if you want to:

Sell PerfShop training to external clients — making PerfShop available to clients over a network (even private) makes them "users" in the AGPL sense, which triggers the obligation to give them access to the source code of your version. If you have modified PerfShop (for example added your branding, custom enigmas, a proprietary backend), you must publish those modifications under AGPL.
Integrate PerfShop into a proprietary product — the AGPL is strong copyleft, meaning a significant integration contaminates the host product.
Provide PerfShop as a multi-tenant SaaS — same constraints as selling training.

In these three cases, the commercial license is the solution.

Commercial license¶

The PerfShop commercial license is issued by perfshop.io for use cases incompatible with AGPL. It is dual with AGPL: you choose which one to apply based on your use case, but you cannot combine the benefits of both.

What the commercial license brings¶

✅ Right to use in training sold to third parties with no obligation to publish modifications
✅ Right to integrate into a proprietary product (SaaS, custom training, white-label platform)
✅ Access to the lab library turnkey, hosted on the perfshop.io portal (this library is not included in the source code distributed under AGPL)
✅ Technical support under negotiated terms
✅ Right to modify without publishing — your modified version stays private

The three plans¶

Plan	Target	Access
functional	Functional testing teams, chaos engineering excluding load	chaos-admin, admin, monitoring, scripts-ui
performance	Performance engineering teams	All of `functional` + jmeter-ui
enterprise	Large organizations, multi-team usage	Full access (all current and future features)

See License system for the technical details of these plans.

Pricing and terms¶

Pricing and terms (duration, number of instances, support) are negotiated directly. No price is published in this documentation because they vary depending on the context (academic use, enterprise, region, volume). Contact contact@perfshop.io for a quote.

Lab library¶

Purchasing a commercial license includes access to a library of turnkey hands-on labs, covering all chaos families and BAC1-BAC5 levels. This library is not distributed with the PerfShop source code — it is hosted on a dedicated portal (perfshop.io) and the labs become accessible after license activation.

This technical documentation does not describe the labs themselves: it describes the platform that hosts them. The labs are a separate commercial product.

How to choose¶

Your situation	Suitable license
I use PerfShop in-house in my company, with no modifications	AGPL (free)
I contribute to PerfShop via Pull Requests	AGPL (free)
I fork PerfShop for a public university project	AGPL (free)
I teach PerfShop to my students at a public university	AGPL (free, academic use)
I sell PerfShop training to external clients	Commercial
I modify PerfShop and expose it to my clients	Commercial
I want to use the turnkey labs from `perfshop.io`	Commercial
I integrate PerfShop into my proprietary SaaS	Commercial

Privacy and data¶

PerfShop is designed to strictly respect the privacy of its users and the confidentiality of the environments in which it is deployed. This is a strong commitment of both the AGPL distribution and the commercial license.

No collection, no outgoing calls¶

Zero telemetry — the instance you deploy sends no usage data to perfshop.io or to any third-party server.
No phone-home — no startup ping, no periodic reporting, no remote health probe, no automatic error reporting.
No analytics — no trackers, no pixels, no advertising cookies, no analytics SDKs embedded in the shipped interfaces.
Offline operation is possible — after the initial deployment, PerfShop runs entirely locally (or on your own infrastructure) without requiring outbound Internet access.

Information that never leaves the instance¶

None of the information below is transmitted outside:

Deployed PerfShop version
Host machine hostname
Public or private IP address
Instance UUID
List of enabled services or license plans
Usage statistics (number of students, exercises, orders)
Database contents (users, orders, products, enigmas)
Application logs or metrics

Data collected by Prometheus, Grafana, Loki, Tempo, Pyroscope and OpenSearch stays entirely within your Docker stack. No external reporting is configured.

The only outbound network traffic¶

PerfShop generates outbound calls only in three clearly identified cases, all triggered by an explicit user action:

Opening the official documentation (https://perfshop-docs.perfshop.io) — only if you click a link to the online docs from your browser. The docs are also available locally on your instance (port DOCS_HTTP_PORT).
Activating a commercial license — the PFSH-xxx.yyy key is verified offline using RSA-PSS 2048 cryptography. The verification public key is embedded in the backend; no network call is made to validate a license.
License purchase links — the PERFSHOP_IO_URL variable (default https://perfshop.io) is used only to display clickable links in the admin interfaces. No automatic request is ever sent to it.

Practical consequences¶

Deployment in sensitive environments (banking, healthcare, defense, classified research) — PerfShop introduces no uncontrolled outbound flow. Only the inbound ports you expose are reachable.
GDPR compliance — as the host of your own instance, you are the sole data controller. No personal data leaves your scope of responsibility toward perfshop.io or toward any third party.
Network audit — you can capture all outbound traffic from an idle PerfShop instance: it must be strictly zero after the initial startup (excluding explicit updates).

This commitment applies to all publicly distributed versions, AGPL and commercial alike. Any future change that would introduce data collection would be the subject of transparent communication and an explicit opt-in mechanism.

SPDX headers¶

All PerfShop source files carry the SPDX header:

SPDX-License-Identifier: AGPL-3.0-or-later
Copyright (C) 2024-2026 Philippe Naveau — contact@perfshop.io
PerfShop — Pedagogical Chaos Engineering Platform
https://perfshop.io | https://www.gnu.org/licenses/agpl-3.0.html

This convention makes automated audits easier and respects industry standards for license identification. If you modify a file, keep this header and optionally add your own copyright line below.

Third-party licenses¶

PerfShop uses dependencies under various licenses (Apache 2.0, MIT, BSD, EPL). All are compatible with AGPL. The THIRD-PARTY-LICENSES file at the root of the repository exhaustively lists these dependencies with their respective licenses.

The main categories:

Backend frameworks — Spring Boot (Apache 2.0), Hibernate (LGPL), Flyway (Apache 2.0)
Frontend frameworks — React (MIT), Vite (MIT), React Router (MIT)
Observability — Prometheus (Apache 2.0), Grafana (AGPL-3.0 subject to conditions), Loki (AGPL-3.0), Tempo (AGPL-3.0), Pyroscope (Apache 2.0), OpenSearch (Apache 2.0)
QA stack — Squash TM (LGPL-3.0), Selenium (Apache 2.0), JMeter (Apache 2.0), Robot Framework (Apache 2.0)
Infrastructure — Docker, Nginx, MySQL (GPL), PostgreSQL (BSD-like), Forgejo (MIT)

The choice of all these dependencies respects AGPL compatibility and allows PerfShop to remain fully open source for AGPL use cases.

Contact¶

For any question about the license, contact contact@perfshop.io. For the official legal text, always refer to the LICENSE, LICENSE-COMMERCIAL.fr and LICENSE-COMMERCIAL.en files in the repository.