Golang : How to protect your source code from client, hosting company or hacker?

My friend is bidding for a project and was asked by his client to let them host his program on a local machine. The client wanted to try out his software for 2 weeks before deciding to award the contract to him. He was afraid that the client might copy his source code or reverse engineer it.

He tries to reason with them to use the hosted solution from outside, but the client insist on hosting it on local machine at their place.

He asked what can he do to protect his source code?

After some brain crunching, I can think of :

1. Obfuscate his code with off the shelf obfuscator program.

2. Install a time-bomb that will lock the software after 2 weeks.

3. He plans to re-write his software in Golang. I think it is good just to give his client the binary instead of the source code. If the software is hosted with hosting company, just upload the binary to the server but keep the source code in house.... but this depends on whether the software is written in interpreted or compiled language.

4. It will be good idea to strip the binary of debugging information. In this way, the binary will be smaller and make the reverse engineering process twice harder. It will be cheaper for the client to buy the software from him.

Items 3 and 4 are applicable too if you don't trust your hosting company or worry that hacker might gain access to your source code sitting inside a host outsourced to hosting company. However, that is depends on whether you write your code in interpreted or compiled language.