Open-Source Notices
Provadyne is built on the open-source components listed below. We document not only their licenses but how each is used, because the usage pattern determines what obligations apply. Every component that Provadyne links against or distributes is permissively licensed (MIT / BSD / Apache-2.0); copyleft tools are only ever invoked at arm's length and never bundled.
External analysis tools (invoked, not bundled)
These underlying analyzers are installed independently by the user and run as separate operating-system processes. Provadyne does not bundle, link against, or redistribute them; it exchanges data only over standard input/output and temporary files. An arm's-length invocation of an independent program does not create a derivative work, and because the binaries are not distributed by us, their distribution obligations are not triggered.
| Tool | License | Used for |
|---|---|---|
cppcheck (+ misra.py addon) | GPL-3.0-or-later | C — MISRA C / CERT C / CWE |
| clang-tidy (LLVM) | Apache-2.0 WITH LLVM-exception | C++ — CERT C++ / C++ Core Guidelines |
| clippy | MIT OR Apache-2.0 | Rust — clippy lints |
cppcheck / GPL-3.0. Because cppcheck is invoked rather than linked or shipped, Provadyne's own source is not a derivative work of it and is not subject to the GPL.
Daemon (Go)
The local daemon uses the Go standard library only — no third-party Go modules are vendored or linked.
| Component | License |
|---|---|
| Go standard library / toolchain | BSD-3-Clause |
Engine (Python)
Runtime dependencies (installed into your own Python environment):
| Package | License | Role |
|---|---|---|
| fastapi | MIT | HTTP framework |
| uvicorn | BSD-3-Clause | ASGI server |
| tree-sitter | MIT | parser runtime |
| tree-sitter-c | MIT | C grammar |
| tree-sitter-cpp | MIT | C++ grammar |
| httpx | BSD-3-Clause | HTTP client |
| reportlab | BSD (3-clause style) | PDF report (Pro) |
Optional AI extras (off by default, Bring-Your-Own-Key):
| Package | License |
|---|---|
| openai | Apache-2.0 |
| anthropic | MIT |
Browser extension
The extension ships no third-party runtime code. Its only build-time dependency is the bundler esbuild (MIT), which is not included in the shipped extension.
Summary
- Every linked or distributed dependency is permissively licensed (MIT / BSD / Apache-2.0).
- There is no copyleft library in Provadyne's import or link graph.
- GPL-licensed analyzers (cppcheck) are invoked at arm's length and never redistributed, so the GPL does not extend to Provadyne.
Each license requires that its copyright and permission notice be preserved; the full license texts are available from each project's repository, and a machine-readable copy of this notice ships in the source tree as NOTICE.md. Questions: [email protected].