# Anti-Counterfeit Strategy

The platform should avoid destructive anti-piracy behavior. If tampering is detected, protect premium cloud value and preserve customer data.

## Layers

| Layer | Purpose |
|---|---|
| Signed local license certificate | Offline validation |
| License control plane | Authoritative activation, fraud scoring, and revocation |
| Domain binding | Prevent copied installs |
| Installation UUID | Detect cloned deployments |
| Server fingerprint | Detect suspicious duplication |
| Signed updates | Prevent malicious update injection |
| File integrity manifest | Detect modified core files |
| Cloud-gated AI | Preserve premium intelligence |
| Watermarked exports | Trace leaked installs |
| API trace headers | Trace API traffic to installation/license |
| Tamper evidence records | Preserve evidence without destructive action |

## Tamper Response

When tampering is detected:

- Disable AI cloud access.
- Disable marketplace access.
- Disable signed updates.
- Disable premium modules.
- Keep core data accessible.
- Show warning only to system administrators.
- Log a security event.
- Send fraud evidence to the license control plane.

## Offline Grace

Self-hosted customers need resilience. Allow a configurable grace period, normally 7 days, for temporary license-server outages.