Install Espada

00 · Pricing

A binary you run yourself
is not a tenant.

Espada is self-hosted. One binary, in your network, under your change-management. The embeddable Agent Action Firewall ships as Elastic-2.0 OSS so any agent runtime can wrap it around its tool layer. The full Espada runtime — gateway, Studio shell, policy decision API, hash-chained audit trail, cross-cloud knowledge graph — ships under a commercial license. What a regulated team pays for is the relationship around the gate: a support SLA, identity integration, the compliance evidence your auditor will ask for, and — for the strictest deployments — the engineering engagement behind an air-gapped or multi-region operation. We price the relationship, never per-seat access.

01 · Four tiers

Community

Elastic-2.0 OSS · self-hosted

$0 free forever

The embeddable Agent Action Firewall — the same in-process gate the full runtime composes — published as @espadalabs/action-firewall under the Elastic License 2.0. Wrap it around any agent runtime (OpenAI SDK, LangChain, custom loops). Three hooks, zero runtime dependencies, fail-closed by default. No telemetry, no call-home.

Install the firewall
  • @espadalabs/action-firewall — the embeddable in-process gate
  • Capability classifier · taint store · external-origin tracker
  • Fail-closed by default · monotonic untrusted-flag semantics
  • Community support — GitHub issues, public docs
  • Design-partner access to the full self-hosted runtime Design engagement

Team

annual support agreement

$2,500 / month (~$30K/yr)

The self-hosted Espada runtime sized for a mid-market platform team — gateway, Agent Action Firewall, Postgres-backed audit trail, Slack/Teams approval cards, and the Policy Studio app. One framework SDK included. The floor under Enterprise — for teams running agents in production who don't yet need SSO, SOC 2 evidence, or a named SLA.

Start a Team trial
  • Full self-hosted gateway + firewall (commercial license)
  • Postgres-backed hash-chained audit trail
  • Slack + Microsoft Teams approval cards
  • Policy Studio app Design engagement
  • One framework SDK of choice (LangGraph, CrewAI, OpenAI Agents SDK, MS Agent Framework, Anthropic Computer Use, or Bedrock Agents) Design engagement
  • Community + email support — 25 agents max

Enterprise

annual support agreement

Quoted against your deployment

The full self-hosted Espada runtime — the gateway, the Studio shell, the policy decision API, the hash-chained audit trail, the cross-cloud knowledge graph — under a commercial license, plus the relationship a regulated team needs to put the gate in front of production: an SLA, identity integration, and the compliance evidence tooling your auditor will ask for.

Talk to us
  • Full self-hosted Espada runtime (commercial license)
  • SSO + SCIM user provisioning
  • SOC 2 evidence packs — Type I and Type II evidence over an observation period
  • Priority security advisories + coordinated disclosure
  • Named support contact, business-hours SLA
  • Multi-region active/standby readiness primitives

Enterprise Plus

air-gapped · regulated

Custom scoped engagement

For air-gapped, classified, or multi-region workloads. A support agreement that includes architecture engagement: custom policy authoring, offline operations, and the HA design work behind a cross-region SLA.

Talk to us
  • Everything in Enterprise
  • Air-gapped / offline operations support
  • Custom policy authoring + review
  • Multi-region HA — design + failover runbook engagement Design engagement
  • 24/7 follow-the-sun support Roadmap

02 · What the labels mean

We mark what isn't shipping yet.

Most pricing pages list a feature the moment it is on a roadmap. We mark it. A line tagged Available now is in the binary today and named in the source. A line tagged Design engagement means the primitives ship but the live operation is a scoped piece of work we do with you — multi-region failover is the honest example: the readiness and promotion decisions ship and are unit-tested, but cross-region cutover is a runbook we build against your infrastructure, not a switch you flip. A line tagged Roadmap is not available at any price yet — 24/7 follow-the-sun support is a real plan with no ship date, and we will not invoice you for it until it exists.

If a vendor will not tell you which line is real, assume the line is not real. We would rather lose the deal than the audit.