Start free. Upgrade when you need more gateways, actions, or features.
Monthly and annual billing available
Get started with core policy enforcement. All features testable - no time limit.
For individuals and small teams shipping agents to production. Longer audit trail, policy history, and config portability.
Unlimited gateways, self-hosted gateway option, and batch API for teams with compliance needs.
Unlimited actions, custom SLAs, SSO/SAML (planned), and dedicated support engineer. Built for regulated industries.
Contact salesSide-by-side breakdown of every plan
| Feature | Starter | Pro | Team | Enterprise |
|---|---|---|---|---|
| Limits | ||||
| Gateways | 3 | 10 | Unlimited | Unlimited |
| Actions / month | 1,000 | 10,000 | 50,000 | Custom |
| Audit retention | 30 days | 90 days | 1 year | Custom |
| Rate limit | 120 req/min | 120 req/min | 120 req/min | Custom |
| Core enforcement | ||||
| Transparent HTTP/HTTPS proxy | ||||
| CLI proxy mode (tf run) | ||||
| Credential vault | ||||
| Per-gateway permissions | ||||
| Policy engine (14 operators) | ||||
| ES256 decision tokens | ||||
| Kill switch (global + scoped) | ||||
| Encryption at rest (credential vault always; control-plane secrets when configured) | ||||
| Connectors | ||||
| GitHub | ||||
| OpenAI | ||||
| Anthropic | ||||
| Stripe | ||||
| Slack | ||||
| Generic HTTP | ||||
| Webhook connector | ||||
| MCP (JSON-RPC tool calls) | ||||
| Dashboard & monitoring | ||||
| Traffic log | ||||
| Audit log | ||||
| Analytics charts | ||||
| Dashboard approvals | ||||
| Prometheus metrics | ||||
| Webhook callbacks | ||||
| Custom notification rules | ||||
| Slack approval notifications | ||||
| Advanced features | ||||
| Policy versioning (git-style history) | ||||
| Config export / import | ||||
| Self-hosted gateway (coming soon) | ||||
| Batch API (up to 20/call) | ||||
| SSO / SAML (planned) | ||||
| Custom SLAs | ||||
| Dedicated support engineer | ||||
| Compliance & data sovereignty | ||||
| Cloud gateway proxy | ||||
| Source-available (ELv2) | ||||
| No third-party trackers | ||||
| Full audit trail | ||||
| Compliance documentation | ||||
| Support | ||||
| Community (GitHub) | ||||
| Email support | 48h response | 4h response | 1h response | |
| Dedicated Slack channel | ||||
| Annual billing (~17% savings) | ||||
Solo developer
1-2 gateways · ~500/month
Starter (free)
Personal projects, experimentation, single-agent workflows
Small team (3-5 engineers)
3-8 gateways · ~5,000/month
Pro ($29/mo)
Multiple agents in staging/production, 90-day audit, policy versioning, config export
Platform team (10+ engineers)
10-50 gateways · ~30,000/month
Team ($79/mo)
Many agents across services, batch API, config export/import
You've validated TameFlare on Starter. Your agents work, your policies are tuned, and you're running in production. Here's when Pro ($29/mo) starts paying for itself.
90-day audit retention
Starter keeps 30 days. If you need to investigate an incident from last month, review agent behavior over time, or satisfy compliance requirements, 90 days gives you the history you need without manual exports.
Policy versioning
Git-style history for every policy change. See who changed what, when, and why. Roll back a bad policy in seconds instead of recreating it from memory. Essential when more than one person touches your gateway config.
Config export / import
Back up your gateway configuration. Share configs between staging and production. Onboard a new team member by importing a known-good setup. No more recreating connectors and rules by hand.
Custom notification rules
Filter the noise. Get notified only when a high-risk action is denied, not every time a read-only request passes through. Route different alert types to different channels.
10 gateways, 10k actions/month
Room to grow. Run separate gateways for each environment (dev, staging, production) and each agent type. 10,000 actions covers a small team running 3-5 agents daily.
Webhook callbacks + email support
Fire-and-forget webhooks on every policy decision - pipe events to your own logging, alerting, or automation. Plus 48-hour email support when you need help.
No credit card required for Starter. Upgrade from the dashboard when you're ready.
TameFlare is source-available under the Elastic License v2 (ELv2). The cloud gateway runs at proxy.tameflare.com. Credentials are encrypted at rest. External integrations (Slack, webhooks) send data only to endpoints you configure.
An action is a single HTTP request that matches a connector and is parsed into a structured action (e.g., github.pr.merge). Requests to domains without a connector are blocked but not counted. Dashboard usage, health checks, and dry-runs do not count.
A typical GitHub PR agent run uses ~40 GitHub API calls + ~10 LLM calls = ~50 actions. A daily CI pipeline running 4 times = ~200 actions/day (~6,000/month). The Starter tier (1,000 actions/month) covers most individual developers. A small team with 3-5 agents running daily fits comfortably in Pro (10,000/month).
On Managed Cloud (default), your agent traffic routes through the cloud gateway at proxy.tameflare.com and is forwarded to upstream APIs. Credentials are encrypted at rest (AES-256-GCM). For teams that need credentials and traffic to stay in their own environment, a self-hosted gateway option is coming soon for Team and Enterprise plans.
The API returns a 402 response with your current usage and a link to upgrade. Your existing actions and policies continue to work - only new action requests are blocked until the next billing period or an upgrade.
Subscribe via Stripe Checkout from the pricing page or dashboard. Your plan tier is stored in the database and updated automatically by Stripe webhooks. You can manage your subscription, update payment methods, and view invoices from the dashboard.
Total registered gateways, not concurrent. A gateway is a named proxy instance in TameFlare (e.g., 'production', 'staging'). You can deactivate and reactivate gateways without counting toward the limit.
Your instance continues to run with Starter-tier limits (3 gateways, 1,000 actions/month). No data is lost. Resubscribe from the dashboard to restore your tier.
Yes. Toggle between monthly and annual billing at the top of the pricing cards. Annual plans save approximately 17% compared to monthly billing.
There is no time-limited trial. Instead, the Starter tier includes all core features (proxy, 8 connectors, credential vault, dashboard, audit) so you can fully evaluate TameFlare before upgrading. The only differences in paid tiers are higher limits and additional features like webhooks and batch API.
Yes. The Gateway proxy intercepts all HTTP traffic, injects credentials, and enforces permissions structurally. It is the core enforcement mechanism. For bypass-resistance beyond HTTP, pair with OS-level egress restrictions. Run any process through it with a single CLI command.
Yes. The Starter tier is free forever with no credit card required. It includes the full proxy gateway, all 8 connectors (GitHub, OpenAI, Anthropic, Stripe, Slack, generic HTTP, webhook, MCP), credential vault, dashboard, and 30-day audit retention.
For unlimited actions, self-hosted gateway with deployment support, custom SLAs, and dedicated support, contact us for custom pricing. SSO/SAML is planned for the Team tier.