Pricing
Start local. Scale the same control plane.
Choose a developer license or compare Enterprise BYOK with a fully managed judge and credential model.
Local-first safety and observability for individual developers and small teams.
Local evaluation & heuristic safety. 120-day token validity for evaluation use.
- Heuristic Rule Engine (rm -rf block)
- Text streaming with inspected tool calls
- OpenAI, Anthropic, Gemini, Bedrock, Ollama & MCP
- Local Evaluation (BYO LLM & Credentials)
- Local dashboard, error monitoring & audit stream
- 1 Concurrent Judge-Backed Operation
Pay once for v1.x. BYO judge, policy profiles, and audit persistence.
- Self-Consistency LLM Heuristics Checks
- Custom Judge Prompts & Constitution
- Tool Call Allowlists & Hard Denylists
- Safe Command & Trusted Dir Bypasses
- Persistent JSONL Crypto Audit Trails
- Priority Provider Routing & Failover
- Advanced Interactive Debug Dashboard
- 3 Concurrent Judge-Backed Operations
Annual subscription with all updates. BYO judge, policy profiles, and audit persistence.
- Self-Consistency LLM Heuristics Checks
- Custom Judge Prompts & Constitution
- Tool Call Allowlists & Hard Denylists
- Safe Command & Trusted Dir Bypasses
- Persistent JSONL Crypto Audit Trails
- Priority Provider Routing & Failover
- Advanced Interactive Debug Dashboard
- 3 Concurrent Judge-Backed Operations
Contract deployments with fleet operations, remote wrappers, and a clear choice between BYO and managed providers.
Bring your own providers and judge with fleet operations, remote wrappers, and contract-authorized offline use.
- Seat-Based Concurrent Judge Capacity
- Remote Wrapper Agent (cross-machine)
- Contract-Authorized Offline Operation
- Release Health (version adoption, crash-free rate, regression detection)
- Enterprise Custom Heuristic Tuning
- BYO Provider & Judge LLM Keys
- Tracing, Session Replay & Automatic Anomaly Detection
- Uptime Monitoring (endpoint health checks)
- SCM Integrations (commit-to-config links)
- Issue Tracking (alert-to-ticket automation)
Fully managed judge, credentials, and infrastructure. Contract-based.
- Pre-configured Fully Managed Judge LLM
- Secure Vault Managed Upstream API Keys
- Seat-Based Concurrent Judge Capacity
- Remote Wrapper Agent (cross-machine)
- Contract-Authorized Offline Operation
- Release Health (version adoption, crash-free rate, regression detection)
- Tracing, Session Replay & Automatic Anomaly Detection
- Dedicated SLA Support & Setup Guidance
- Uptime Monitoring (endpoint health checks)
- SCM Integrations (commit-to-config links)
- Issue Tracking (alert-to-ticket automation)
Compare all features
Switch between Developer and Enterprise views. Enterprise-only features are listed in the Enterprise comparison.
| Feature | Free | Pro Lifetime | Pro Annual |
|---|---|---|---|
| Safety & control | |||
| Heuristic Rule EngineBlocks known destructive commands, credential exfiltration patterns, and unsafe operations before they reach a judge. | Included | Included | Included |
| Command NormalizerReveals encoded commands, invisible characters, homoglyphs, and common shell obfuscation before policy evaluation. | Included | Included | Included |
| LLM JudgeAdds contextual risk review for ambiguous tool calls. Bring your own judge on Free, Professional, and Enterprise BYOK. | BYO | BYO | BYO |
| Self-Consistency CheckRepeats high-risk evaluations and flags inconsistent judge results before arbitration. | — | Included | Included |
| Arbitration EngineCombines deterministic and contextual signals into allow, ask, or deny decisions. | Included | Included | Included |
| Tool Definition InspectorScans tool descriptions and schemas for instructions designed to manipulate the agent. | Included | Included | Included |
| Per-Tool Stream BufferingStreams assistant text immediately while holding tool calls until the safety pipeline returns a verdict. | Included | Included | Included |
| Circuit BreakerDetects repeated calls, error cascades, and runaway sessions, then halts execution at configurable limits. | Included | Included | Included |
| Tool Chain DetectionRecognizes dangerous multi-call sequences even when each individual action appears harmless. | Included | Included | Included |
| Kill SwitchActivates deny-all through config, SIGUSR1, a sentinel file, or the local dashboard; SIGUSR2 clears the signal state. | Included | Included | Included |
| Danger Tiers & Graduated EnforcementApply different review and enforcement levels to low-, medium-, and high-risk operations. | — | Included | Included |
| Observability & incident response | |||
| Local Operations DashboardInspect live audit events, provider health, configuration, licenses, and system status from the proxy. | Included | Included | Included |
| Error Monitoring & Log SearchSearch proxy errors and operational logs without shipping local agent traffic to a third party. | Included | Included | Included |
| Distributed TracingFollow requests across routing, safety stages, providers, and downstream decisions. | — | Included | Included |
| Session ReplayReconstruct an agent session from recorded requests, tool calls, decisions, and timing. | — | Included | Included |
| Advanced Observability & CostAdds detailed latency, token, provider, and cost views for operational analysis. | — | Included | Included |
| Alerting & NotificationsSend threshold alerts through baseline email/webhooks or connect team channels on Professional and Enterprise. | Email + webhook | All channels | All channels |
| Automatic Anomaly DetectionModels normal proxy behavior and identifies unusual activity without requiring a hand-written threshold for every signal. | — | — | — |
| Release HealthTrack version adoption, crash-free operation, and regressions across managed deployments. | — | — | — |
| Providers & routing | |||
| Multi-Provider Protocol SupportUnderstands OpenAI, Anthropic, Gemini, Bedrock, Ollama, MCP, and OpenAI-compatible request and stream formats. | Included | Included | Included |
| OpenAI Responses HTTP/SSESupports custom-provider OpenAI Responses requests over HTTP and server-sent events, including tool-call inspection. | Included | Included | Included |
| Provider Health MonitoringSurfaces provider availability, failures, and latency in the local dashboard. | Included | Included | Included |
| Priority Routing & FailoverRoutes by configured priority and moves to the next provider when an upstream is unavailable. | — | Included | Included |
| Managed Provider CredentialsRefreshes encrypted upstream credentials from the portal for managed Enterprise contracts. | — | — | — |
| Managed Judge ProviderProvides a preconfigured judge service for managed Enterprise contracts; every other profile remains BYO. | — | — | — |
| Policy & configuration | |||
| Config Hot-ReloadValidates and applies JSON configuration changes atomically without restarting the proxy. | Included | Included | Included |
| Config Init & TUIGenerate a starter config with --init or use the interactive terminal editor with --tui. | Included | Included | Included |
| Policy ProfilesSwitch among strict, balanced, permissive, and custom policy profiles. | — | Included | Included |
| Custom Judge InstructionsAdd organization-specific constraints and review guidance to contextual judge requests. | — | Included | Included |
| Tool Allowlist & DenylistBypass known-safe tools and hard-block prohibited tools, with deny rules taking precedence. | — | Included | Included |
| Safe Commands & Trusted DirectoriesReduce unnecessary reviews for approved read-only commands and explicitly trusted paths. | — | Included | Included |
| Path Policy ResolutionResolve path-aware stage exclusions, policy overrides, and enforcement levels consistently. | — | Included | Included |
| Request & Judge Rate LimitsApplies separate request and judge-call budgets, with higher defaults on Professional and contract-defined Enterprise limits. | Tier defaults | Higher defaults | Higher defaults |
| Concurrent Judge CapacityLimits simultaneous judge-backed operations independently from general request throughput. | 1 | 3 | 3 |
| Audit & evidence | |||
| Tamper-Evident Audit ChainHash-links audit records and adds Ed25519-signed checkpoints so retroactive changes can be detected. | Included | Included | Included |
| Live Audit StreamShows tool calls, routing, policy stages, and verdicts in real time. | Included | Included | Included |
| Secret RedactionMasks configured keys, tokens, and credential-shaped values before audit and operational output. | Included | Included | Included |
| TimeGuardUses signed portal time to detect suspicious clock movement during license and audit operations. | Included | Included | Included |
| Persistent JSONL AuditWrites redacted audit history to rotating local files for investigations and retention workflows. | — | Included | Included |
| Log DrainsForwards operational output to file, HTTP, or syslog destinations. | — | Included | Included |
| Deployment & enterprise operations | |||
| Built-in TLS & API AuthenticationProtects proxy access with TLS plus Bearer or x-api-key client authentication. | Included | Included | Included |
| Non-Loopback Network BindServe trusted team clients beyond localhost when TLS or an explicit remote-HTTP override is configured. | — | Included | Included |
| Remote WrapperLets a centralized proxy inspect context for agents running on other machines. | — | — | — |
| Contract-Authorized Offline OperationRemoves the periodic portal heartbeat dependency for entitled contracts while token validity and upstream network requirements still apply. | — | — | — |
| Uptime MonitoringChecks configured endpoints and raises availability alerts from the local operations surface. | — | — | — |
| Cron MonitoringDetects missed or delayed background jobs and records their operational state. | — | — | — |
| ProfilingCaptures CPU profiles for diagnosing proxy hot paths and performance regressions. | — | — | — |
| Source Code Management IntegrationsLinks operational events and configuration context to GitHub or GitLab commits. | — | — | — |
| Issue Tracking IntegrationsTurns selected alerts into Jira or Linear issues for team follow-up. | — | — | — |
| Feature | Enterprise BYOK | Enterprise Managed |
|---|---|---|
| Safety & control | ||
| Heuristic Rule EngineBlocks known destructive commands, credential exfiltration patterns, and unsafe operations before they reach a judge. | Included | Included |
| Command NormalizerReveals encoded commands, invisible characters, homoglyphs, and common shell obfuscation before policy evaluation. | Included | Included |
| LLM JudgeAdds contextual risk review for ambiguous tool calls. Bring your own judge on Free, Professional, and Enterprise BYOK. | BYO | Managed |
| Self-Consistency CheckRepeats high-risk evaluations and flags inconsistent judge results before arbitration. | Included | Included |
| Arbitration EngineCombines deterministic and contextual signals into allow, ask, or deny decisions. | Included | Included |
| Tool Definition InspectorScans tool descriptions and schemas for instructions designed to manipulate the agent. | Included | Included |
| Per-Tool Stream BufferingStreams assistant text immediately while holding tool calls until the safety pipeline returns a verdict. | Included | Included |
| Circuit BreakerDetects repeated calls, error cascades, and runaway sessions, then halts execution at configurable limits. | Included | Included |
| Tool Chain DetectionRecognizes dangerous multi-call sequences even when each individual action appears harmless. | Included | Included |
| Kill SwitchActivates deny-all through config, SIGUSR1, a sentinel file, or the local dashboard; SIGUSR2 clears the signal state. | Included | Included |
| Danger Tiers & Graduated EnforcementApply different review and enforcement levels to low-, medium-, and high-risk operations. | Included | Included |
| Observability & incident response | ||
| Local Operations DashboardInspect live audit events, provider health, configuration, licenses, and system status from the proxy. | Included | Included |
| Error Monitoring & Log SearchSearch proxy errors and operational logs without shipping local agent traffic to a third party. | Included | Included |
| Distributed TracingFollow requests across routing, safety stages, providers, and downstream decisions. | Included | Included |
| Session ReplayReconstruct an agent session from recorded requests, tool calls, decisions, and timing. | Included | Included |
| Advanced Observability & CostAdds detailed latency, token, provider, and cost views for operational analysis. | Included | Included |
| Alerting & NotificationsSend threshold alerts through baseline email/webhooks or connect team channels on Professional and Enterprise. | All channels | All channels |
| Automatic Anomaly DetectionModels normal proxy behavior and identifies unusual activity without requiring a hand-written threshold for every signal. | Included | Included |
| Release HealthTrack version adoption, crash-free operation, and regressions across managed deployments. | Included | Included |
| Providers & routing | ||
| Multi-Provider Protocol SupportUnderstands OpenAI, Anthropic, Gemini, Bedrock, Ollama, MCP, and OpenAI-compatible request and stream formats. | Included | Included |
| OpenAI Responses HTTP/SSESupports custom-provider OpenAI Responses requests over HTTP and server-sent events, including tool-call inspection. | Included | Included |
| Provider Health MonitoringSurfaces provider availability, failures, and latency in the local dashboard. | Included | Included |
| Priority Routing & FailoverRoutes by configured priority and moves to the next provider when an upstream is unavailable. | Included | Included |
| Managed Provider CredentialsRefreshes encrypted upstream credentials from the portal for managed Enterprise contracts. | — | Managed |
| Managed Judge ProviderProvides a preconfigured judge service for managed Enterprise contracts; every other profile remains BYO. | — | Managed |
| Policy & configuration | ||
| Config Hot-ReloadValidates and applies JSON configuration changes atomically without restarting the proxy. | Included | Included |
| Config Init & TUIGenerate a starter config with --init or use the interactive terminal editor with --tui. | Included | Included |
| Policy ProfilesSwitch among strict, balanced, permissive, and custom policy profiles. | Included | Included |
| Custom Judge InstructionsAdd organization-specific constraints and review guidance to contextual judge requests. | Included | Included |
| Tool Allowlist & DenylistBypass known-safe tools and hard-block prohibited tools, with deny rules taking precedence. | Included | Included |
| Safe Commands & Trusted DirectoriesReduce unnecessary reviews for approved read-only commands and explicitly trusted paths. | Included | Included |
| Path Policy ResolutionResolve path-aware stage exclusions, policy overrides, and enforcement levels consistently. | Included | Included |
| Request & Judge Rate LimitsApplies separate request and judge-call budgets, with higher defaults on Professional and contract-defined Enterprise limits. | Contract | Contract |
| Concurrent Judge CapacityLimits simultaneous judge-backed operations independently from general request throughput. | Seat-based | Seat-based |
| Audit & evidence | ||
| Tamper-Evident Audit ChainHash-links audit records and adds Ed25519-signed checkpoints so retroactive changes can be detected. | Included | Included |
| Live Audit StreamShows tool calls, routing, policy stages, and verdicts in real time. | Included | Included |
| Secret RedactionMasks configured keys, tokens, and credential-shaped values before audit and operational output. | Included | Included |
| TimeGuardUses signed portal time to detect suspicious clock movement during license and audit operations. | Included | Included |
| Persistent JSONL AuditWrites redacted audit history to rotating local files for investigations and retention workflows. | Included | Included |
| Log DrainsForwards operational output to file, HTTP, or syslog destinations. | Included | Included |
| Deployment & enterprise operations | ||
| Built-in TLS & API AuthenticationProtects proxy access with TLS plus Bearer or x-api-key client authentication. | Included | Included |
| Non-Loopback Network BindServe trusted team clients beyond localhost when TLS or an explicit remote-HTTP override is configured. | Included | Included |
| Remote WrapperLets a centralized proxy inspect context for agents running on other machines. | Included | Included |
| Contract-Authorized Offline OperationRemoves the periodic portal heartbeat dependency for entitled contracts while token validity and upstream network requirements still apply. | Included | Included |
| Uptime MonitoringChecks configured endpoints and raises availability alerts from the local operations surface. | Included | Included |
| Cron MonitoringDetects missed or delayed background jobs and records their operational state. | Included | Included |
| ProfilingCaptures CPU profiles for diagnosing proxy hot paths and performance regressions. | Included | Included |
| Source Code Management IntegrationsLinks operational events and configuration context to GitHub or GitLab commits. | Included | Included |
| Issue Tracking IntegrationsTurns selected alerts into Jira or Linear issues for team follow-up. | Included | Included |