IP & licensing

This document outlines Frontier’s intellectual property (IP) posture, including proprietary code ownership, the management of open-source software (OSS) dependencies, and the presence of key legal and security documentation within the repository. It is intended to provide an overview for a technical reviewer.

Open-Source Dependencies and Licensing

Frontier currently does not employ automated tooling for scanning or verifying the licenses of its open-source dependencies. While the bun.lock file captures the specific versions of all direct and transitive dependencies, there are no configured checks or dedicated processes to analyze these for license compatibility or to generate a Software Bill of Materials (SBOM).

Proprietary Code Ownership

The licensing metadata across the Frontier monorepo exhibits inconsistencies, reflecting an early-stage posture rather than a fully formalized IP strategy. The root package.json for the monorepo is marked as private: true and lacks a specific license declaration, which is typical for proprietary projects. However, individual package declarations vary:

• The apps/desktop package’s package.json specifies "license": "Copyright 2022".
• The packages/db package’s package.json declares "license": "ISC". The ISC license is a permissive open-source license, and its presence for a proprietary code package is likely an unintended default carried over from scaffolding, which could be misinterpreted as offering the database package’s code under an open-source license.
• Most other internal packages within the monorepo omit the license field entirely.

This inconsistency indicates that a unified, authoritative statement of proprietary license intent for the entire codebase is not yet formally captured across all package.json files.

Core Repository Documentation

Frontier’s repository currently lacks two key top-level documentation files that are standard for asserting IP ownership and managing security disclosures:

• There is no LICENSE file at the root of the repository to explicitly state the terms under which Frontier’s proprietary code is licensed. The only LICENSE file found within the codebase is a vendored text file bundled with an agent skill, which does not apply to the main Frontier codebase.
• There is no SECURITY.md file at the root of the repository. This means there is no publicly documented vulnerability disclosure channel or security contact information, which is a common practice for projects handling sensitive data like real-time call audio and transcripts.

Formal Audit and IP Assignment

GAP — founder supplies

A formal license audit across all dependencies, confirmation of IP assignment from all contributors, and a definitive, unified statement of proprietary license intent across the entire codebase are not yet completed or documented. This information must be supplied by the founder.