Pricing

Start local. Scale the same control plane.

Choose a developer license or compare Enterprise BYOK with a fully managed judge and credential model.

Local-first safety and observability for individual developers and small teams.

Free
Free
no credit card required

Local evaluation & heuristic safety. 120-day token validity for evaluation use.

  • Heuristic Rule Engine (rm -rf block)
  • Text streaming with inspected tool calls
  • OpenAI, Anthropic, Gemini, Bedrock, Ollama & MCP
  • Local Evaluation (BYO LLM & Credentials)
  • Local dashboard, error monitoring & audit stream
  • 1 Concurrent Judge-Backed Operation
Professional Annual
EUR 20.00
per year · all updates

Annual subscription with all updates. BYO judge, policy profiles, and audit persistence.

  • Self-Consistency LLM Heuristics Checks
  • Custom Judge Prompts & Constitution
  • Tool Call Allowlists & Hard Denylists
  • Safe Command & Trusted Dir Bypasses
  • Persistent JSONL Crypto Audit Trails
  • Priority Provider Routing & Failover
  • Advanced Interactive Debug Dashboard
  • 3 Concurrent Judge-Backed Operations

Contract deployments with fleet operations, remote wrappers, and a clear choice between BYO and managed providers.

Enterprise BYOK
Custom
contract-based

Bring your own providers and judge with fleet operations, remote wrappers, and contract-authorized offline use.

  • Seat-Based Concurrent Judge Capacity
  • Remote Wrapper Agent (cross-machine)
  • Contract-Authorized Offline Operation
  • Release Health (version adoption, crash-free rate, regression detection)
  • Enterprise Custom Heuristic Tuning
  • BYO Provider & Judge LLM Keys
  • Tracing, Session Replay & Automatic Anomaly Detection
  • Uptime Monitoring (endpoint health checks)
  • SCM Integrations (commit-to-config links)
  • Issue Tracking (alert-to-ticket automation)
Enterprise Managed
Contact us
contract-based

Fully managed judge, credentials, and infrastructure. Contract-based.

  • Pre-configured Fully Managed Judge LLM
  • Secure Vault Managed Upstream API Keys
  • Seat-Based Concurrent Judge Capacity
  • Remote Wrapper Agent (cross-machine)
  • Contract-Authorized Offline Operation
  • Release Health (version adoption, crash-free rate, regression detection)
  • Tracing, Session Replay & Automatic Anomaly Detection
  • Dedicated SLA Support & Setup Guidance
  • Uptime Monitoring (endpoint health checks)
  • SCM Integrations (commit-to-config links)
  • Issue Tracking (alert-to-ticket automation)

Compare all features

Switch between Developer and Enterprise views. Enterprise-only features are listed in the Enterprise comparison.

Feature Free Pro Lifetime Pro Annual
Safety & control
Heuristic Rule EngineBlocks known destructive commands, credential exfiltration patterns, and unsafe operations before they reach a judge. Included Included Included
Command NormalizerReveals encoded commands, invisible characters, homoglyphs, and common shell obfuscation before policy evaluation. Included Included Included
LLM JudgeAdds contextual risk review for ambiguous tool calls. Bring your own judge on Free, Professional, and Enterprise BYOK. BYO BYO BYO
Self-Consistency CheckRepeats high-risk evaluations and flags inconsistent judge results before arbitration. Included Included
Arbitration EngineCombines deterministic and contextual signals into allow, ask, or deny decisions. Included Included Included
Tool Definition InspectorScans tool descriptions and schemas for instructions designed to manipulate the agent. Included Included Included
Per-Tool Stream BufferingStreams assistant text immediately while holding tool calls until the safety pipeline returns a verdict. Included Included Included
Circuit BreakerDetects repeated calls, error cascades, and runaway sessions, then halts execution at configurable limits. Included Included Included
Tool Chain DetectionRecognizes dangerous multi-call sequences even when each individual action appears harmless. Included Included Included
Kill SwitchActivates deny-all through config, SIGUSR1, a sentinel file, or the local dashboard; SIGUSR2 clears the signal state. Included Included Included
Danger Tiers & Graduated EnforcementApply different review and enforcement levels to low-, medium-, and high-risk operations. Included Included
Observability & incident response
Local Operations DashboardInspect live audit events, provider health, configuration, licenses, and system status from the proxy. Included Included Included
Error Monitoring & Log SearchSearch proxy errors and operational logs without shipping local agent traffic to a third party. Included Included Included
Distributed TracingFollow requests across routing, safety stages, providers, and downstream decisions. Included Included
Session ReplayReconstruct an agent session from recorded requests, tool calls, decisions, and timing. Included Included
Advanced Observability & CostAdds detailed latency, token, provider, and cost views for operational analysis. Included Included
Alerting & NotificationsSend threshold alerts through baseline email/webhooks or connect team channels on Professional and Enterprise. Email + webhook All channels All channels
Automatic Anomaly DetectionModels normal proxy behavior and identifies unusual activity without requiring a hand-written threshold for every signal.
Release HealthTrack version adoption, crash-free operation, and regressions across managed deployments.
Providers & routing
Multi-Provider Protocol SupportUnderstands OpenAI, Anthropic, Gemini, Bedrock, Ollama, MCP, and OpenAI-compatible request and stream formats. Included Included Included
OpenAI Responses HTTP/SSESupports custom-provider OpenAI Responses requests over HTTP and server-sent events, including tool-call inspection. Included Included Included
Provider Health MonitoringSurfaces provider availability, failures, and latency in the local dashboard. Included Included Included
Priority Routing & FailoverRoutes by configured priority and moves to the next provider when an upstream is unavailable. Included Included
Managed Provider CredentialsRefreshes encrypted upstream credentials from the portal for managed Enterprise contracts.
Managed Judge ProviderProvides a preconfigured judge service for managed Enterprise contracts; every other profile remains BYO.
Policy & configuration
Config Hot-ReloadValidates and applies JSON configuration changes atomically without restarting the proxy. Included Included Included
Config Init & TUIGenerate a starter config with --init or use the interactive terminal editor with --tui. Included Included Included
Policy ProfilesSwitch among strict, balanced, permissive, and custom policy profiles. Included Included
Custom Judge InstructionsAdd organization-specific constraints and review guidance to contextual judge requests. Included Included
Tool Allowlist & DenylistBypass known-safe tools and hard-block prohibited tools, with deny rules taking precedence. Included Included
Safe Commands & Trusted DirectoriesReduce unnecessary reviews for approved read-only commands and explicitly trusted paths. Included Included
Path Policy ResolutionResolve path-aware stage exclusions, policy overrides, and enforcement levels consistently. Included Included
Request & Judge Rate LimitsApplies separate request and judge-call budgets, with higher defaults on Professional and contract-defined Enterprise limits. Tier defaults Higher defaults Higher defaults
Concurrent Judge CapacityLimits simultaneous judge-backed operations independently from general request throughput. 1 3 3
Audit & evidence
Tamper-Evident Audit ChainHash-links audit records and adds Ed25519-signed checkpoints so retroactive changes can be detected. Included Included Included
Live Audit StreamShows tool calls, routing, policy stages, and verdicts in real time. Included Included Included
Secret RedactionMasks configured keys, tokens, and credential-shaped values before audit and operational output. Included Included Included
TimeGuardUses signed portal time to detect suspicious clock movement during license and audit operations. Included Included Included
Persistent JSONL AuditWrites redacted audit history to rotating local files for investigations and retention workflows. Included Included
Log DrainsForwards operational output to file, HTTP, or syslog destinations. Included Included
Deployment & enterprise operations
Built-in TLS & API AuthenticationProtects proxy access with TLS plus Bearer or x-api-key client authentication. Included Included Included
Non-Loopback Network BindServe trusted team clients beyond localhost when TLS or an explicit remote-HTTP override is configured. Included Included
Remote WrapperLets a centralized proxy inspect context for agents running on other machines.
Contract-Authorized Offline OperationRemoves the periodic portal heartbeat dependency for entitled contracts while token validity and upstream network requirements still apply.
Uptime MonitoringChecks configured endpoints and raises availability alerts from the local operations surface.
Cron MonitoringDetects missed or delayed background jobs and records their operational state.
ProfilingCaptures CPU profiles for diagnosing proxy hot paths and performance regressions.
Source Code Management IntegrationsLinks operational events and configuration context to GitHub or GitLab commits.
Issue Tracking IntegrationsTurns selected alerts into Jira or Linear issues for team follow-up.
Feature Enterprise BYOK Enterprise Managed
Safety & control
Heuristic Rule EngineBlocks known destructive commands, credential exfiltration patterns, and unsafe operations before they reach a judge. Included Included
Command NormalizerReveals encoded commands, invisible characters, homoglyphs, and common shell obfuscation before policy evaluation. Included Included
LLM JudgeAdds contextual risk review for ambiguous tool calls. Bring your own judge on Free, Professional, and Enterprise BYOK. BYO Managed
Self-Consistency CheckRepeats high-risk evaluations and flags inconsistent judge results before arbitration. Included Included
Arbitration EngineCombines deterministic and contextual signals into allow, ask, or deny decisions. Included Included
Tool Definition InspectorScans tool descriptions and schemas for instructions designed to manipulate the agent. Included Included
Per-Tool Stream BufferingStreams assistant text immediately while holding tool calls until the safety pipeline returns a verdict. Included Included
Circuit BreakerDetects repeated calls, error cascades, and runaway sessions, then halts execution at configurable limits. Included Included
Tool Chain DetectionRecognizes dangerous multi-call sequences even when each individual action appears harmless. Included Included
Kill SwitchActivates deny-all through config, SIGUSR1, a sentinel file, or the local dashboard; SIGUSR2 clears the signal state. Included Included
Danger Tiers & Graduated EnforcementApply different review and enforcement levels to low-, medium-, and high-risk operations. Included Included
Observability & incident response
Local Operations DashboardInspect live audit events, provider health, configuration, licenses, and system status from the proxy. Included Included
Error Monitoring & Log SearchSearch proxy errors and operational logs without shipping local agent traffic to a third party. Included Included
Distributed TracingFollow requests across routing, safety stages, providers, and downstream decisions. Included Included
Session ReplayReconstruct an agent session from recorded requests, tool calls, decisions, and timing. Included Included
Advanced Observability & CostAdds detailed latency, token, provider, and cost views for operational analysis. Included Included
Alerting & NotificationsSend threshold alerts through baseline email/webhooks or connect team channels on Professional and Enterprise. All channels All channels
Automatic Anomaly DetectionModels normal proxy behavior and identifies unusual activity without requiring a hand-written threshold for every signal. Included Included
Release HealthTrack version adoption, crash-free operation, and regressions across managed deployments. Included Included
Providers & routing
Multi-Provider Protocol SupportUnderstands OpenAI, Anthropic, Gemini, Bedrock, Ollama, MCP, and OpenAI-compatible request and stream formats. Included Included
OpenAI Responses HTTP/SSESupports custom-provider OpenAI Responses requests over HTTP and server-sent events, including tool-call inspection. Included Included
Provider Health MonitoringSurfaces provider availability, failures, and latency in the local dashboard. Included Included
Priority Routing & FailoverRoutes by configured priority and moves to the next provider when an upstream is unavailable. Included Included
Managed Provider CredentialsRefreshes encrypted upstream credentials from the portal for managed Enterprise contracts. Managed
Managed Judge ProviderProvides a preconfigured judge service for managed Enterprise contracts; every other profile remains BYO. Managed
Policy & configuration
Config Hot-ReloadValidates and applies JSON configuration changes atomically without restarting the proxy. Included Included
Config Init & TUIGenerate a starter config with --init or use the interactive terminal editor with --tui. Included Included
Policy ProfilesSwitch among strict, balanced, permissive, and custom policy profiles. Included Included
Custom Judge InstructionsAdd organization-specific constraints and review guidance to contextual judge requests. Included Included
Tool Allowlist & DenylistBypass known-safe tools and hard-block prohibited tools, with deny rules taking precedence. Included Included
Safe Commands & Trusted DirectoriesReduce unnecessary reviews for approved read-only commands and explicitly trusted paths. Included Included
Path Policy ResolutionResolve path-aware stage exclusions, policy overrides, and enforcement levels consistently. Included Included
Request & Judge Rate LimitsApplies separate request and judge-call budgets, with higher defaults on Professional and contract-defined Enterprise limits. Contract Contract
Concurrent Judge CapacityLimits simultaneous judge-backed operations independently from general request throughput. Seat-based Seat-based
Audit & evidence
Tamper-Evident Audit ChainHash-links audit records and adds Ed25519-signed checkpoints so retroactive changes can be detected. Included Included
Live Audit StreamShows tool calls, routing, policy stages, and verdicts in real time. Included Included
Secret RedactionMasks configured keys, tokens, and credential-shaped values before audit and operational output. Included Included
TimeGuardUses signed portal time to detect suspicious clock movement during license and audit operations. Included Included
Persistent JSONL AuditWrites redacted audit history to rotating local files for investigations and retention workflows. Included Included
Log DrainsForwards operational output to file, HTTP, or syslog destinations. Included Included
Deployment & enterprise operations
Built-in TLS & API AuthenticationProtects proxy access with TLS plus Bearer or x-api-key client authentication. Included Included
Non-Loopback Network BindServe trusted team clients beyond localhost when TLS or an explicit remote-HTTP override is configured. Included Included
Remote WrapperLets a centralized proxy inspect context for agents running on other machines. Included Included
Contract-Authorized Offline OperationRemoves the periodic portal heartbeat dependency for entitled contracts while token validity and upstream network requirements still apply. Included Included
Uptime MonitoringChecks configured endpoints and raises availability alerts from the local operations surface. Included Included
Cron MonitoringDetects missed or delayed background jobs and records their operational state. Included Included
ProfilingCaptures CPU profiles for diagnosing proxy hot paths and performance regressions. Included Included
Source Code Management IntegrationsLinks operational events and configuration context to GitHub or GitLab commits. Included Included
Issue Tracking IntegrationsTurns selected alerts into Jira or Linear issues for team follow-up. Included Included