TruOptim Industrial AI Gateway
Industrial Digital Twins
Third Party Notices
# Third-Party Software Notices and Information

Copyright © 2025-present TruOptim Solutions Ltd. All rights reserved.

**Document Version:** 1.0  
**Last Updated:** December 2025

---

## About This Document

This document contains notices and information required by the licenses of third-party open source software components incorporated into the TruOptim Industrial AI Gateway. TruOptim is committed to compliance with all open source software licenses and to providing proper attribution to the open source community.

The open source components listed below are used in:
- **TruOptim Cloud Backend** - The cloud-hosted component deployed in Azure
- **TruOptim Edge Gateway** - The customer-deployed container for industrial network connectivity
- **TruOptim OPC UA Demo Servers** - Optional demonstration servers for evaluation

---

## Table of Contents

1. [LGPL-3.0 Licensed Components (Weak Copyleft)](#lgpl-30-licensed-components)
2. [Apache-2.0 Licensed Components](#apache-20-licensed-components)
3. [MIT Licensed Components](#mit-licensed-components)
4. [BSD Licensed Components](#bsd-licensed-components)
5. [Python Software Foundation License](#python-software-foundation-license)
6. [Docker Base Image Components](#docker-base-image-components)
7. [Your Rights](#your-rights)
8. [Obtaining Source Code](#obtaining-source-code)
9. [Full License Texts](#full-license-texts)

---

## LGPL-3.0 Licensed Components

The following components are licensed under the GNU Lesser General Public License v3.0 (LGPL-3.0). This is a "weak copyleft" license that permits use in proprietary software while preserving your rights to the LGPL-licensed library itself.

### asyncua (opcua-asyncio)

| Property | Value |
|----------|-------|
| **Package Name** | asyncua |
| **Version** | >=1.1.6,<2 |
| **License** | LGPL-3.0-only |
| **Project URL** | https://github.com/FreeOpcUa/opcua-asyncio |
| **PyPI** | https://pypi.org/project/asyncua/ |
| **Used In** | Edge Gateway, OPC UA Demo Servers |
| **Purpose** | OPC UA client and server implementation for industrial automation |

**Copyright Notice:**
```
Copyright (c) 2015-2024 FreeOpcUa Contributors
```

**Your Rights Under LGPL-3.0:**

In accordance with the GNU Lesser General Public License v3.0, you have the following rights with respect to the asyncua library:

1. **Source Code Access**: The complete source code for asyncua is available at:
   - GitHub: https://github.com/FreeOpcUa/opcua-asyncio
   - PyPI: https://pypi.org/project/asyncua/

2. **Library Replacement**: You may replace the asyncua library used in TruOptim with a modified version or a compatible alternative. Since asyncua is dynamically linked as a Python package, you can:
   - Install a modified version via pip
   - Build and deploy a custom Docker image with your preferred version
   
3. **Modifications**: If you modify the asyncua library, you must make your modifications available under LGPL-3.0 terms.

4. **No Restriction on Proprietary Code**: Your use of TruOptim does not require you to open-source your own proprietary code, configurations, or extensions, as asyncua is used via dynamic linking.

**TruOptim Statement:**

TruOptim Solutions Ltd. does NOT modify the asyncua library. We use it unmodified as distributed via PyPI. The library is imported as a standard Python module.

---

## Apache-2.0 Licensed Components

The following components are licensed under the Apache License, Version 2.0. This is a permissive license that allows commercial use with attribution.

### aiofiles

| Property | Value |
|----------|-------|
| **Package Name** | aiofiles |
| **Version** | 23.1.0 |
| **License** | Apache-2.0 |
| **Project URL** | https://github.com/Tinche/aiofiles |
| **Purpose** | Asynchronous file I/O operations |

**Copyright Notice:**
```
Copyright (c) 2015 Tin Tvrtković
```

---

### cryptography

| Property | Value |
|----------|-------|
| **Package Name** | cryptography |
| **Version** | >=44.0.1 |
| **License** | Apache-2.0 OR BSD-3-Clause (dual licensed) |
| **Project URL** | https://github.com/pyca/cryptography |
| **Purpose** | Cryptographic primitives (TLS, AES, X.509 certificates) |

**Copyright Notice:**
```
Copyright (c) Individual contributors.
All rights reserved.
```

---

### python-multipart

| Property | Value |
|----------|-------|
| **Package Name** | python-multipart |
| **Version** | >=0.0.6 |
| **License** | Apache-2.0 |
| **Project URL** | https://github.com/andrew-d/python-multipart |
| **Purpose** | Multipart form data parsing for HTTP file uploads |

---

### coverage

| Property | Value |
|----------|-------|
| **Package Name** | coverage |
| **Version** | >=7.5.0 |
| **License** | Apache-2.0 |
| **Project URL** | https://github.com/nedbat/coveragepy |
| **Purpose** | Code coverage measurement (development dependency) |

**Copyright Notice:**
```
Copyright (c) 2004-2024 Ned Batchelder
```

---

### diff-cover

| Property | Value |
|----------|-------|
| **Package Name** | diff-cover |
| **Version** | >=9.2.0 |
| **License** | Apache-2.0 |
| **Project URL** | https://github.com/Bachmann1234/diff_cover |
| **Purpose** | Coverage reporting for changed lines (development dependency) |

---

### pytest-asyncio

| Property | Value |
|----------|-------|
| **Package Name** | pytest-asyncio |
| **Version** | 0.23.7 |
| **License** | Apache-2.0 |
| **Project URL** | https://github.com/pytest-dev/pytest-asyncio |
| **Purpose** | Async test support (development dependency) |

---

## MIT Licensed Components

The following components are licensed under the MIT License. This is a permissive license that allows commercial use with minimal restrictions.

### FastAPI

| Property | Value |
|----------|-------|
| **Package Name** | fastapi |
| **Version** | Latest / 0.121.2 (edge) |
| **License** | MIT |
| **Project URL** | https://github.com/tiangolo/fastapi |
| **Purpose** | Web framework for building APIs |

**Copyright Notice:**
```
Copyright (c) 2018 Sebastián Ramírez
```

**MIT License Text:**

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

---

### Pydantic

| Property | Value |
|----------|-------|
| **Package Name** | pydantic |
| **Version** | >=2.12.0 |
| **License** | MIT |
| **Project URL** | https://github.com/pydantic/pydantic |
| **Purpose** | Data validation and settings management |

**Copyright Notice:**
```
Copyright (c) 2017 Samuel Colvin and other contributors
```

---

### PyJWT

| Property | Value |
|----------|-------|
| **Package Name** | PyJWT |
| **Version** | >=2.8.0 |
| **License** | MIT |
| **Project URL** | https://github.com/jpadilla/pyjwt |
| **Purpose** | JSON Web Token encoding/decoding |

**Copyright Notice:**
```
Copyright (c) 2015-2022 José Padilla
```

---

### pytest

| Property | Value |
|----------|-------|
| **Package Name** | pytest |
| **Version** | 7.4.3 |
| **License** | MIT |
| **Project URL** | https://github.com/pytest-dev/pytest |
| **Purpose** | Testing framework (development dependency) |

---

### pytest-cov

| Property | Value |
|----------|-------|
| **Package Name** | pytest-cov |
| **Version** | >=4.1.0 |
| **License** | MIT |
| **Project URL** | https://github.com/pytest-dev/pytest-cov |
| **Purpose** | Coverage plugin for pytest (development dependency) |

---

### slowapi

| Property | Value |
|----------|-------|
| **Package Name** | slowapi |
| **Version** | >=0.1.9 |
| **License** | MIT |
| **Project URL** | https://github.com/laurentS/slowapi |
| **Purpose** | Rate limiting for FastAPI/Starlette |

---

### fastmcp

| Property | Value |
|----------|-------|
| **Package Name** | fastmcp |
| **Version** | 2.13.0.2 |
| **License** | MIT |
| **Project URL** | https://github.com/jlowin/fastmcp |
| **Purpose** | Model Context Protocol (MCP) server framework |

---

### itsdangerous

| Property | Value |
|----------|-------|
| **Package Name** | itsdangerous |
| **Version** | >=2.2.0 |
| **License** | BSD-3-Clause |
| **Project URL** | https://github.com/pallets/itsdangerous |
| **Used In** | Control Plane |
| **Purpose** | Session signing for Control Plane UI authentication (ADR 196) |

**Copyright Notice:**
```
Copyright 2011 Pallets
```

---

### Azure SDK Components

The following Azure SDK packages are used for Control Plane integration with Azure services (ADR 162):

#### azure-identity

| Property | Value |
|----------|-------|
| **Package Name** | azure-identity |
| **Version** | >=1.15.0 |
| **License** | MIT |
| **Project URL** | https://github.com/Azure/azure-sdk-for-python |
| **Used In** | Control Plane |
| **Purpose** | Azure authentication and credential management |

**Copyright Notice:**
```
Copyright (c) Microsoft Corporation
```

---

#### azure-mgmt-containerregistry

| Property | Value |
|----------|-------|
| **Package Name** | azure-mgmt-containerregistry |
| **Version** | >=10.0.0 |
| **License** | MIT |
| **Project URL** | https://github.com/Azure/azure-sdk-for-python |
| **Used In** | Control Plane |
| **Purpose** | ACR token generation for BYOL secure lifecycle |

**Copyright Notice:**
```
Copyright (c) Microsoft Corporation
```

---

#### azure-mgmt-appcontainers

| Property | Value |
|----------|-------|
| **Package Name** | azure-mgmt-appcontainers |
| **Version** | >=3.0.0 |
| **License** | MIT |
| **Project URL** | https://github.com/Azure/azure-sdk-for-python |
| **Used In** | Control Plane |
| **Purpose** | Container Apps management |

**Copyright Notice:**
```
Copyright (c) Microsoft Corporation
```

---

#### azure-mgmt-resource

| Property | Value |
|----------|-------|
| **Package Name** | azure-mgmt-resource |
| **Version** | >=23.0.0 |
| **License** | MIT |
| **Project URL** | https://github.com/Azure/azure-sdk-for-python |
| **Used In** | Control Plane |
| **Purpose** | Azure resource management |

**Copyright Notice:**
```
Copyright (c) Microsoft Corporation
```

---

## BSD Licensed Components

The following components are licensed under BSD-style licenses. These are permissive licenses that allow commercial use with attribution.

### uvicorn

| Property | Value |
|----------|-------|
| **Package Name** | uvicorn |
| **Version** | >=0.31.1 |
| **License** | BSD-3-Clause |
| **Project URL** | https://github.com/encode/uvicorn |
| **Purpose** | ASGI server for running FastAPI applications |

**Copyright Notice:**
```
Copyright © 2017-present, Encode OSS Ltd.
All rights reserved.
```

---

### websockets

| Property | Value |
|----------|-------|
| **Package Name** | websockets |
| **Version** | >=15.0.1 / 12.0 (edge) |
| **License** | BSD-3-Clause |
| **Project URL** | https://github.com/python-websockets/websockets |
| **Purpose** | WebSocket client and server library |

**Copyright Notice:**
```
Copyright (c) 2013-2024 Aymeric Augustin and contributors
```

---

### Jinja2

| Property | Value |
|----------|-------|
| **Package Name** | Jinja2 |
| **Version** | 3.1.6 |
| **License** | BSD-3-Clause |
| **Project URL** | https://github.com/pallets/jinja |
| **Purpose** | HTML templating engine |

**Copyright Notice:**
```
Copyright 2007 Pallets
```

---

### httpx

| Property | Value |
|----------|-------|
| **Package Name** | httpx |
| **Version** | >=0.28.1 / 0.25.2 (edge) |
| **License** | BSD-3-Clause |
| **Project URL** | https://github.com/encode/httpx |
| **Purpose** | HTTP client with async support |

**Copyright Notice:**
```
Copyright © 2019, Tom Christie
All rights reserved.
```

---

### passlib

| Property | Value |
|----------|-------|
| **Package Name** | passlib |
| **Version** | >=1.7.4 |
| **License** | BSD-2-Clause |
| **Project URL** | https://foss.heptapod.net/python-libs/passlib |
| **Purpose** | Password hashing library |

**Copyright Notice:**
```
Copyright (c) 2008-2020 Assurance Technologies, LLC
```

---

### Authlib

| Property | Value |
|----------|-------|
| **Package Name** | Authlib |
| **Version** | >=1.3.0 |
| **License** | BSD-3-Clause |
| **Project URL** | https://github.com/lepture/authlib |
| **Purpose** | OAuth 2.0 / OpenID Connect library |

**Copyright Notice:**
```
Copyright (c) 2017, Hsiaoming Yang
```

---

### markdown

| Property | Value |
|----------|-------|
| **Package Name** | markdown |
| **Version** | >=3.5.0 |
| **License** | BSD-3-Clause |
| **Project URL** | https://github.com/Python-Markdown/markdown |
| **Purpose** | Markdown to HTML conversion for EULA display (ADR 066) |

**Copyright Notice:**
```
Copyright 2007, 2008 The Python Markdown Project
```

---

### reportlab

| Property | Value |
|----------|-------|
| **Package Name** | reportlab |
| **Version** | >=4.0.0 |
| **License** | BSD-3-Clause |
| **Project URL** | https://www.reportlab.com/opensource/ |
| **Purpose** | PDF generation for ROI Calculator business case (ADR 070) |

**Copyright Notice:**
```
Copyright (c) 2000-2024, ReportLab Inc.
```

---

## Python Software Foundation License

### Python Runtime

| Property | Value |
|----------|-------|
| **Component** | Python Interpreter |
| **Version** | 3.10 |
| **License** | PSF License |
| **Project URL** | https://www.python.org/ |
| **Purpose** | Core programming language runtime |

**Copyright Notice:**
```
Copyright (c) 2001-2024 Python Software Foundation
All rights reserved.
```

The Python runtime is redistributed as part of the official `python:3.10-slim` Docker image from Docker Hub.

---

## Docker Base Image Components

TruOptim containers are built on the official `python:3.10-slim` Docker image, which is based on Debian GNU/Linux. This base image includes various system libraries and utilities under different open source licenses.

### Base Image Details

| Property | Value |
|----------|-------|
| **Image** | python:3.10-slim |
| **Base OS** | Debian (slim variant) |
| **Registry** | Docker Hub (docker.io) |
| **License Mix** | Various (GPL, LGPL, BSD, MIT) |

### Notable System Components

| Component | License | Purpose |
|-----------|---------|---------|
| glibc | LGPL-2.1 | C standard library |
| OpenSSL | Apache-2.0 | TLS/SSL library |
| zlib | Zlib | Compression library |
| bash | GPL-3.0 | Shell (not used at runtime) |
| coreutils | GPL-3.0 | System utilities (build only) |

**Source Code Availability:**

Source code for all Debian components is available through:
- Debian Package Archive: https://www.debian.org/distrib/packages
- Debian Source Archive: https://sources.debian.org/

---

## Your Rights

### Summary of Rights by License Type

| License | Commercial Use | Modification | Distribution | Patent Grant | Copyleft |
|---------|---------------|--------------|--------------|--------------|----------|
| MIT |  Yes |  Yes |  Yes |  No |  No |
| BSD-2/3-Clause |  Yes |  Yes |  Yes |  No |  No |
| Apache-2.0 |  Yes |  Yes |  Yes |  Yes |  No |
| LGPL-3.0 |  Yes |  Yes |  Yes |  Yes |  Library only |
| PSF |  Yes |  Yes |  Yes |  No |  No |

### Your Rights Under Each License

**MIT / BSD Licenses:**
- Use the software for any purpose, including commercial
- Modify the software as needed
- Distribute copies with attribution

**Apache-2.0 License:**
- All MIT/BSD rights plus
- Explicit patent grant from contributors
- Must include NOTICE file if present

**LGPL-3.0 License:**
- Use the library in proprietary software
- Modify the library (must share modifications under LGPL)
- Replace the library with a modified version
- Access to library source code

**Important:** Your use of TruOptim Industrial AI Gateway does NOT require you to:
- Open-source your configurations, customizations, or proprietary code
- Share your Customer Data or business logic
- Provide any rights to TruOptim beyond those specified in your subscription

---

## Obtaining Source Code

### For LGPL-Licensed Components (asyncua)

The source code for asyncua is freely available at:
- **GitHub**: https://github.com/FreeOpcUa/opcua-asyncio
- **PyPI**: https://pypi.org/project/asyncua/

To download the source code:

```bash
# Clone the repository
git clone https://github.com/FreeOpcUa/opcua-asyncio.git

# Or download source distribution from PyPI
pip download asyncua --no-binary :all:
```

### For Debian Base Image Components

Source code for GPL/LGPL components in the Debian base image:
- **Debian Sources**: https://sources.debian.org/
- **Package Search**: https://www.debian.org/distrib/packages

To obtain specific package sources:

```bash
# Install source tools
apt-get install dpkg-dev

# Download source for a specific package
apt-get source <package-name>
```

### Written Offer (LGPL Compliance)

In accordance with LGPL-3.0 Section 6, TruOptim Solutions Ltd. provides this written offer:

Upon written request to **legal@truoptim.com**, we will provide, for a period of three (3) years from the date of your last purchase or subscription, a complete machine-readable copy of the source code for any LGPL-licensed component incorporated into TruOptim Industrial AI Gateway, at a cost not exceeding the cost of physically performing source distribution.

As all LGPL-licensed source code is freely available online (see links above), this written offer serves as a backup compliance measure.

---

## Full License Texts

Complete license texts for all licenses referenced in this document are available in the `docs/legal/licenses/` directory:

- [LGPL-3.0](licenses/LGPL-3.0.txt)
- [Apache-2.0](licenses/Apache-2.0.txt)
- [MIT](licenses/MIT.txt)
- [BSD-3-Clause](licenses/BSD-3-Clause.txt)
- [BSD-2-Clause](licenses/BSD-2-Clause.txt)
- [PSF](licenses/PSF.txt)

The full license texts are also available at:
- **LGPL-3.0**: https://www.gnu.org/licenses/lgpl-3.0.html
- **Apache-2.0**: https://www.apache.org/licenses/LICENSE-2.0
- **MIT**: https://opensource.org/licenses/MIT
- **BSD-3-Clause**: https://opensource.org/licenses/BSD-3-Clause
- **BSD-2-Clause**: https://opensource.org/licenses/BSD-2-Clause
- **PSF**: https://docs.python.org/3/license.html

---

## Contact Information

For questions regarding open source compliance or to exercise your rights under any open source license:

**TruOptim Solutions Ltd.**  
Company Registration No. 16742261  
205 Regent Street, 4th Floor  
London, England, W1B 4HB

Email: legal@truoptim.com  
Subject: Open Source Compliance Inquiry

---

*This document is provided for informational purposes and to comply with the attribution and notice requirements of the open source licenses listed herein. This document does not constitute legal advice.*

**Copyright © 2025-present TruOptim Solutions Ltd. All rights reserved.**