Watermark contract
The watermark contract makes every delivered ZIP traceable. A release ships with placeholder strings; CodeOn replaces those placeholders with the per-download audit UUID before serving the ZIP.
Release ZIP requirements
- Every watermarked plugin must include placeholder tokens in the files registered on codeon.ge.
- Targets normally include the main plugin file, the license gate fingerprint, and an admin JS asset.
- The watermarker pre-flights all targets before rewriting anything.
- If a target file or placeholder is missing, the download fails instead of serving an untraceable ZIP.
Placeholder strategy
Payment plugins use the shared placeholder __CODEON_BUILD_ID__ in their release ZIPs, while some standalone plugins use plugin-specific placeholders such as __BALANCE_SYNC_BUILD_ID__ or __QUICKSHIPPER_DELIVERY_BUILD_ID__. The runtime constant name can be plugin-specific even when the seed placeholder is shared.
Download behavior
- Open the GitHub release ZIP in memory.
- Verify every configured target file exists.
- Verify each target contains the expected placeholder enough times.
- Substitute the audit UUID into every target.
- Serve the rewritten ZIP and record which files were modified.
Plugin-side expectation
The plugin should validate its build stamp locally. If verification fails, it should enter recovery mode, disable sensitive paid behavior, and send a quiet daily tamper report. The License tab must remain reachable so the merchant can install a fresh ZIP or contact support.