Update license to AGPL

[RobbieTheWagner]

Summary by CodeRabbit

• Chores
  • Project licensing changed from MIT to AGPL-3.0 for open source use, with a Commercial License option now available for commercial applications. Updated project documentation and build configuration to include new license terms and details.

[coderabbitai]

📝 Walkthrough

Walkthrough

The project's licensing model is converted from MIT to a dual-licensing scheme using AGPL-3.0 for open source/non-commercial use and a Commercial License option for commercial use. License documentation and package metadata are updated to reflect this change.

Changes

Cohort / File(s)	Summary
License Documentation LICENSE.md, README.md	LICENSE.md completely replaced with AGPL-3.0 and Commercial License header text. README.md updated with new License section detailing dual-licensing terms, options, and related links.
Build Configuration package.json	build_lib script updated to copy LICENSE.md file alongside README.md during the build process.
Package Metadata projects/shepherd/package.json	License field changed from MIT to AGPL-3.0. Files array updated to include LICENSE.md as an exported asset.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 The Warren's Tale of Licensing Change 🍀

With whiskers twitching, I hop through the source,
Where MIT once danced, AGPL charts its course!
Commercial or free, both paths now shine bright,
Our bundle now carries the license just right! 📜✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Update license to AGPL' clearly summarizes the main change in the changeset, which involves replacing the MIT license with AGPL-3.0 licensing across LICENSE.md, README.md, and package.json files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch license-updates

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@LICENSE.md`:
- Line 1: The LICENSE.md header currently reads "Shepherd.js License" which
mismatches the repository/package name; update the top-line header to reflect
this repo (e.g., change "Shepherd.js License" to "angular-shepherd License") or
add a clarifying note below the header explaining that this license is inherited
from the parent Shepherd.js project and that angular-shepherd is a derivative,
referencing the original project name for clarity.
- Around line 620-621: The LICENSE.md contains copied Intro.js text and an
incorrect attribution ("Better introductions for websites and features with a
step-by-step guide for your projects." and "Afshin Mehrabani"); replace that
snippet with the correct project description for this repo (e.g., Shepherd.js /
angular-shepherd purpose) and update the copyright line to the actual copyright
holder(s) and correct year range for this project (ensure the new text
accurately names the project and maintainers/organization and current year).

In `@projects/shepherd/package.json`:
- Line 16: The package.json license field uses the deprecated SPDX identifier
"AGPL-3.0"; update the "license" value to a non-deprecated identifier such as
"AGPL-3.0-only" (or "AGPL-3.0-or-later" if you permit later versions) so npm
stops emitting warnings—edit the "license" property in package.json to replace
"AGPL-3.0" with the chosen SPDX string.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Project name mismatch: "Shepherd.js License" vs. "angular-shepherd".

This repository is angular-shepherd, but the license header says "Shepherd.js License." Consider updating to match the actual package name, or clarifying the relationship if intentional (e.g., the license is inherited from the parent Shepherd.js project).

🤖 Prompt for AI Agents

In `@LICENSE.md` at line 1, The LICENSE.md header currently reads "Shepherd.js
License" which mismatches the repository/package name; update the top-line
header to reflect this repo (e.g., change "Shepherd.js License" to
"angular-shepherd License") or add a clarifying note below the header explaining
that this license is inherited from the parent Shepherd.js project and that
angular-shepherd is a derivative, referencing the original project name for
clarity.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Incorrect copyright notice — this appears to be copied from a different project (Intro.js).

Lines 620–621 reference "Afshin Mehrabani" with a 2012–2021 copyright range, which belongs to the Intro.js project, not Shepherd.js or angular-shepherd. Shipping an incorrect copyright attribution in your license file is a legal and compliance concern. Update these lines to reflect the actual project description and correct copyright holder(s).

🤖 Prompt for AI Agents

In `@LICENSE.md` around lines 620 - 621, The LICENSE.md contains copied Intro.js
text and an incorrect attribution ("Better introductions for websites and
features with a step-by-step guide for your projects." and "Afshin Mehrabani");
replace that snippet with the correct project description for this repo (e.g.,
Shepherd.js / angular-shepherd purpose) and update the copyright line to the
actual copyright holder(s) and correct year range for this project (ensure the
new text accurately names the project and maintainers/organization and current
year).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

SPDX AGPL-3.0 deprecated identifier AGPL-3.0-only current standard

💡 Result:

In SPDX, the identifier AGPL-3.0 is deprecated (deprecated since SPDX License List v3.0) and should no longer be used in new SPDX license expressions. [1][2]

Current / preferred SPDX identifiers:

• Use AGPL-3.0-only when the code is licensed only under GNU AGPL version 3.0. [3]
• Use AGPL-3.0-or-later when the code is licensed under AGPL v3.0 or any later version. [4]

Why the change: SPDX License List v3.0 replaced older GNU license identifiers with explicit “-only” vs “-or-later” forms, and deprecated the previous identifiers accordingly. [1]

Sources

1. SPDX License List – Deprecated License Identifiers (notes on v3.0 change): https://spdx.org/licenses/ [1]
2. SPDX license page showing AGPL-3.0 is deprecated since License List v3.0: https://spdx.org/licenses/AGPL-3.0.html [2]
3. SPDX AGPL-3.0-only: https://spdx.org/licenses/AGPL-3.0-only.html [3]
4. SPDX AGPL-3.0-or-later: https://spdx.org/licenses/AGPL-3.0-or-later.html [4]

---

🌐 Web query:

npm license field AGPL-3.0 warning validation

💡 Result:

npm validates package.json’s "license" using SPDX license expressions (via validate-npm-package-license), and it will warn when the value isn’t considered a valid/acceptable SPDX expression. The typical warning is along the lines of “license should be a valid SPDX license expression.” [1]

For AGPL, the key gotcha is that the SPDX identifier AGPL-3.0 is deprecated on the SPDX license list. [2] Many tooling stacks therefore warn on "license": "AGPL-3.0" even though it looks reasonable.

Fix

Pick the explicit SPDX identifier you mean:

• If you mean “AGPL v3 only”:

  { "license": "AGPL-3.0-only" }

• If you mean “AGPL v3 or any later version”:

  { "license": "AGPL-3.0-or-later" }

  (This is the SPDX identifier specifically for the “or later” option.) [3]

Those two identifiers are the replacements SPDX introduced for GNU-family licenses. [4]

If you need something else

• Multi-license is fine as an SPDX expression (e.g. "(MIT OR AGPL-3.0-or-later)"). [1]
• If you’re not publishing under an open-source license, npm also supports non-SPDX strings like UNLICENSED / SEE LICENSE IN <file> (tooling-dependent), but the cleanest way to remove the AGPL warning is to switch to -only or -or-later. [1]

Sources: validate-npm-package-license (npm’s license-field validator example/warning text) [1]; SPDX license list showing AGPL-3.0 is deprecated [2]; SPDX pages for AGPL-3.0-or-later [3] and the v3.0 list entries for AGPL-3.0-only / AGPL-3.0-or-later [4].

---

Use the non-deprecated SPDX identifier AGPL-3.0-only (or AGPL-3.0-or-later).

The SPDX identifier AGPL-3.0 has been deprecated since SPDX License List v3.0. npm will emit a warning during npm install and npm publish. Use AGPL-3.0-only if the code is licensed only under AGPL v3.0, or AGPL-3.0-or-later if it permits later versions.

Proposed fix

-  "license": "AGPL-3.0",
+  "license": "AGPL-3.0-only",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"license": "AGPL-3.0",
	"license": "AGPL-3.0-only",

🤖 Prompt for AI Agents

In `@projects/shepherd/package.json` at line 16, The package.json license field
uses the deprecated SPDX identifier "AGPL-3.0"; update the "license" value to a
non-deprecated identifier such as "AGPL-3.0-only" (or "AGPL-3.0-or-later" if you
permit later versions) so npm stops emitting warnings—edit the "license"
property in package.json to replace "AGPL-3.0" with the chosen SPDX string.