RockyGuard

Why RockyGuard

What teams tell us makes them pick it.

Six things our customers consistently call out. None of them is "it has the most features." All of them are about substance and trust.

01

Signed file format you can audit

RockyGuard licenses are signed JSON. The payload is plain text — your security team can read it, diff it, and verify it with any standard Ed25519 / RSA-SHA256 implementation. No proprietary blob format, no opaque binary container, no need to trust a vendor tool just to inspect what is inside a license.

02

Public threat model

We publish the nine-row threat model on the public website verbatim from the customer docs. Every concrete attack named, every defense mapped, every residual risk acknowledged — including the "memory dumping is out of scope" row. Most products in this category bury this material; transparency is the differentiator.

03

No SaaS dependency, no phone-home

License verification runs entirely offline against a static public key. The optional floating server runs on your customer's LAN — RockyGuard never sees it, never logs it, never knows you have a customer at all. The only outbound network call the library makes is anonymous HTTPS time-anchor verification to a rotating pool of public hosts; no telemetry, no activity beacons.

04

Lightweight integration

A small C++17 library and a handful of CLI tools. No agent to install on customer machines. No daemon to manage. No SDK to register. The Quick Start integration is five lines of C++. Static or shared library, your choice. Windows and Linux today, macOS in v1.3.

05

Honest scope

RockyGuard is C++17 desktop and server applications, Windows and Linux x64, glibc 2.34 or newer. We list this on the landing page deliberately. Buying licensing infrastructure and discovering a platform gap two weeks in is the worst possible experience for both sides; we would rather lose a sale at the door than ship a customer into a corner.

06

Customer-onboarding transparency

The Phase 4.1 customer-onboarding dry-run report — three sub-agent runs against the shipped customer zip with every gap they found, every fix made in-session, and every gap deferred — is shipped in the docs and published openly. You can read what a fresh evaluator hit before you ever start your own evaluation, and what we changed because they hit it.

At a glance

Quick checklist of properties that often matter to a security or procurement review.

License format

Signed JSON (Ed25519 / RSA-SHA256)

Verification

Offline, public-key only

Activation step

None — no online activation flow

Customer-machine agent

None

Outbound network

Anonymous time-anchor HTTPS only

Telemetry

None

Documentation source

Hand-curated, shipped as PDF + plain text

Threat model

Published verbatim on /security

Onboarding dry-run

Published as the Phase 4.1 Report

Read what a fresh evaluator found

The full Phase 4.1 customer-onboarding dry-run report — every gap surfaced and every fix made in-session — ships in the docs.

Read the threat model → Browse docs