Licensing and Acknowledgements¶
Pulp License¶
Pulp is released under the MIT License. You can use it for any purpose — commercial, personal, educational — with no royalties, revenue thresholds, or copyleft obligations. See LICENSE.md for the full text.
Third-Party Dependencies¶
Pulp builds on excellent open-source software. Every dependency that Pulp bundles, fetches automatically, or redistributes is compatible with MIT licensing — there is no copyleft in the shipped dependency chain.
Tables are sorted alphabetically (case-insensitive) by name. Entries here must stay in sync with DEPENDENCIES.md, NOTICE.md, and tools/deps/manifest.json (the machine-readable source of truth).
Core Dependencies (Always Used)¶
| Name | License | Purpose | Link |
|---|---|---|---|
| Catch2 | BSL-1.0 | Unit testing framework | github.com/catchorg/Catch2 |
| CHOC | ISC | JS engine, MIDI utilities, audio file I/O, WebView, networking | github.com/Tracktion/choc |
| cpp-httplib | MIT | HTTP client (GET/POST/download) used by pulp-runtime |
github.com/yhirose/cpp-httplib |
| dr_libs | Public domain (Unlicense) / MIT-0 | FLAC, MP3, WAV decode (dr_flac, dr_mp3, dr_wav) |
github.com/mackron/dr_libs |
| Highway | Apache-2.0 | Portable SIMD abstraction (SSE/NEON/AVX) | github.com/google/highway |
| Mbed TLS | Apache-2.0 (dual-licensed; Pulp uses the Apache-2.0 option) | Cryptographic primitives (SHA-256, RSA, AES) | github.com/Mbed-TLS/mbedtls |
| miniz | MIT | ZIP/GZIP compression | github.com/richgel999/miniz |
| msdfgen | MIT | Multi-channel SDF glyph generation (planned) | github.com/Chlumsky/msdfgen |
| nanosvg | zlib | SVG parsing and rasterization | github.com/memononen/nanosvg |
| pugixml | MIT | XML parsing and generation | github.com/zeux/pugixml |
| Yoga | MIT | Layout engine for Flexbox/Grid-style native UI | github.com/facebook/yoga |
Embedded Fonts¶
Embedded at build time for deterministic text rendering. Both fonts are redistributed under the SIL OFL 1.1, which explicitly permits bundling in software.
| Name | License | Purpose | Link |
|---|---|---|---|
| Inter | SIL OFL 1.1 | Embedded UI font (Inter-Regular.ttf) |
github.com/rsms/inter |
| JetBrains Mono | SIL OFL 1.1 | Embedded monospace font (JetBrainsMono-Regular.ttf) |
github.com/JetBrains/JetBrainsMono |
Plugin Format SDKs¶
| Name | License | Purpose | Link |
|---|---|---|---|
| AudioUnitSDK | Apache-2.0 | AU v2 plugin format adapter | github.com/apple/AudioUnitSDK |
| CLAP | MIT | CLAP plugin format headers | github.com/free-audio/clap |
| LV2 | ISC | LV2 plugin format headers | github.com/lv2/lv2 |
| VST3 SDK | MIT | VST3 plugin format (pluginterfaces + base) | github.com/steinbergmedia/vst3sdk |
Platform-Specific Dependencies¶
| Name | License | Purpose | Link |
|---|---|---|---|
| Oboe | Apache-2.0 | Android audio backend (AAudio/OpenSL ES abstraction) | github.com/google/oboe |
Docs Build & Site Assets¶
The public docs site (generouscorp.com/pulp/) is generated by MkDocs Material. The following Python packages and their bundled CSS/JS/SVG assets are redistributed as part of the generated site.
| Name | License | Purpose | Link |
|---|---|---|---|
| Material Design Icons | Apache-2.0 | Icon set bundled inside mkdocs-material; redistributed as SVG in the generated docs site | github.com/Templarian/MaterialDesign |
| mkdocs | BSD-2-Clause | Static site generator (transitive via mkdocs-material); theme assets redistributed in the generated docs site | github.com/mkdocs/mkdocs |
| mkdocs-awesome-pages-plugin | MIT | MkDocs plugin for navigation ordering (build-time) | github.com/lukasgeiter/mkdocs-awesome-pages-plugin |
| mkdocs-git-revision-date-localized-plugin | MIT | MkDocs plugin for git-revision dates (build-time) | github.com/timvink/mkdocs-git-revision-date-localized-plugin |
| mkdocs-material | MIT | Material theme — CSS, JS, SVG icons, and search worker redistributed in the generated docs site | github.com/squidfunk/mkdocs-material |
| Pygments | BSD-2-Clause | Syntax highlighter used by pymdownx.highlight; redistributed as inline HTML/CSS |
github.com/pygments/pygments |
| pymdown-extensions | MIT | Markdown extension bundle used by mkdocs-material (admonitions, tabs, superfences, highlight, emoji) | github.com/facelessuser/pymdown-extensions |
Optional Vendor SDK Integrations¶
Some optional integrations depend on separately licensed SDKs that Pulp does not bundle, fetch, export, or redistribute. These SDKs are outside Pulp's MIT dependency chain and are only supported through explicit opt-in local configuration.
| Name | License | Purpose | Distribution |
|---|---|---|---|
| AAX SDK | Separately licensed by Avid | Optional AAX plugin format support | Developer obtains it independently and points PULP_AAX_SDK_DIR at an out-of-tree SDK copy |
| ARA SDK | MIT-compatible (Celemony) | Optional ARA 2.x integration (pitch correction, spectral editing, clip-aware workflows) | Developer obtains it independently (https://github.com/Celemony/ARA_SDK), keeps it out-of-tree, points PULP_ARA_SDK_DIR at it, and sets PULP_ENABLE_ARA=ON. Never bundled. |
| ASIO SDK | Proprietary (Steinberg) | Optional ASIO device I/O support (planned) | Developer obtains it independently; never bundled or exported by Pulp |
Pulp's MIT license does not grant any rights to these vendor SDKs or to any related Avid/PACE tooling. See AAX Setup for the supported local workflow.
GPU and Windowing¶
| Name | License | Purpose | Link |
|---|---|---|---|
| Dawn | BSD-3-Clause | WebGPU implementation (Metal, D3D12, Vulkan) | dawn.googlesource.com |
| SDL3 | zlib | Cross-platform windowing and input | github.com/libsdl-org/SDL |
| Skia | BSD-3-Clause | 2D GPU rendering engine (Graphite backend) | skia.org |
| WebGPU-distribution | MIT | WebGPU C API wrapper for Dawn | github.com/eliemichel/WebGPU-distribution |
Optional Dependencies¶
Fetched only when the corresponding CMake option or platform gate is enabled.
| Name | License | Purpose | Link |
|---|---|---|---|
| DRACO | Apache-2.0 | Optional glTF mesh decompression; fetched only when PULP_ENABLE_DRACO=ON |
github.com/google/draco |
| Emscripten | MIT | C++ to WebAssembly compiler (for WAMv2/WebCLAP) | emscripten.org |
| node-addon-api | MIT | Node.js bindings via Node-API | github.com/nodejs/node-addon-api |
| pybind11 | BSD-3-Clause | Python bindings for HeadlessHost | github.com/pybind/pybind11 |
| three.js | MIT | Native WebGPU bridge demos and tests; fetched only when PULP_BUILD_TESTS and PULP_ENABLE_GPU are ON |
github.com/mrdoob/three.js |
Standards and Specifications¶
Pulp implements or builds on these open standards:
| Standard | Organization | Purpose |
|---|---|---|
| Audio Unit | Apple | Plugin format specification |
| CLAP | Clever Audio | Plugin format specification |
| LV2 | LV2 Community | Plugin format specification |
| MIDI 2.0 UMP | MIDI Association | Universal MIDI Packet format |
| OSC 1.0 | CNMAT | Open Sound Control messaging |
| VST3 | Steinberg | Plugin format specification |
| WAMv2 | Web Audio Modules | Web plugin standard |
| WASI | WebAssembly CG | System interface for WebAssembly |
| Web Audio API | W3C | Browser audio processing |
| Web MIDI API | W3C | Browser MIDI access |
| WebCLAP | WebCLAP | Portable CLAP plugins via WebAssembly |
| WebGPU | W3C | GPU rendering API |
Projects That Inspired Pulp¶
| Project | License | What We Learned |
|---|---|---|
| Astral (uv, Ruff, ty) | Apache-2.0 / MIT | CI/CD security baseline, supply chain hardening, and release process discipline. Pulp adopts several practices from their open-source security post. Already in place: branch protection on main, tag protection on v*, default read-only workflow tokens, immutable release identity via tag protection. In progress / planned: action SHA pinning via Renovate, immutable release artifacts (UI checkbox), Sigstore release attestations, zizmor workflow lint in CI. Tracked in the private pulp-planning submodule. |
| AudioKit | MIT | Swift audio patterns, Apple platform integration |
| iPlug2 | zlib-like | Multi-format adapter architecture, graphics abstraction |
| SignalKit | MIT | Real-time DSP patterns in Swift |
| signalsmith-clap-cpp | MIT | WCLAP build pipeline, webview extension patterns |
| Visage | MIT | SDF-first rendering, dirty region tracking, shape batching, and a high bar for visual quality in audio plugin interfaces |
Discipline¶
Pulp follows strict rules. Implementation is from specs, SDK documentation, and original design — never from studying proprietary or restrictively-licensed source code. For optional AAX support, that means no Avid SDK files or example sources in the repo and no copied implementation text from the SDK examples. See CLAUDE.md for the full policy.
License Policy¶
Before adding any bundled dependency to Pulp:
- Check the license — must be MIT, BSD, Apache 2.0, ISC, zlib, BSL-1.0, SIL OFL 1.1 (fonts), or public domain
- Add to DEPENDENCIES.md — alphabetical order, with version, license, and purpose
- Add to NOTICE.md — full license text, alphabetical order
- Add to docs/reference/licensing.md — same table row, matching license string
- Update tools/deps/manifest.json — machine-readable inventory consumed by
tools/deps/audit.py - No copyleft — GPL, LGPL, AGPL, SSPL are not allowed
- MPL-2.0 — requires case-by-case review (weak copyleft)
- Vendor SDKs stay separate — optional AAX/ASIO-style SDKs must remain developer-supplied, out-of-tree, and excluded from
NOTICE.md
Dependency update workflow is tracked in tools/deps/manifest.json and audited by tools/deps/audit.py. Run python3 tools/deps/audit.py --strict before proposing a dependency change; the audit script will also run in CI (tracked alongside the skill-sync and version-bump gates).