Setting limits is free
Configuring per-run caps, daily limits, model allowlists, and approval thresholds in Control Plane is a plan entitlement. No charge for setup.
⚡Private Beta — Advanced Controls not yet live in production
Advanced Controls
Two runtime authority models for governed agent workflows.
Attestify lets you choose how much friction governance adds to your agent's execution path. The zero-friction builder flow uses cached authority envelopes so most actions never touch the control plane at runtime. The high-assurance enterprise flow enforces a fresh policy check before every consequential action — adding intentional friction exactly where the risk is.
These controls are currently in private beta.The architecture described below reflects what's being built — existing Builder ($59/mo) and Team ($399/mo) plans will gain access when each feature activates on their tier. Express interest below to be notified first and shape the rollout.
Runtime authority models
Choose the right governance mode for your workflow.
Both flows use the same Control Plane policy configuration. The difference is how often the agent checks in at runtime — and how that shapes latency, assurance, and billing.
Builder & Team tiers
Zero-friction builder flow
Cached authority envelopes
Optimised for low latency and self-serve integration. Most actions proceed under a locally cached envelope — the control plane is only consulted when the envelope is exhausted or a high-risk action triggers a fresh check.
1
Builder sets limits once
Inside Control Plane, configure per-run, daily, and monthly spend limits, allowed models, and approval thresholds for an agent or tenant. This is a plan entitlement — not a billable event.
2
Agent requests an authority envelope
The SDK calls authorize(intent) with a batchable intent type, max spend, risk class, and expiry window. One call covers many downstream actions.
3
Attestify returns a signed envelope
Attestify verifies current policy, budget state, and thresholds then returns a short-lived signed envelope. The agent caches it locally for the defined window or action count.
4
Agent executes multiple actions without rechecking
Low-risk actions proceed under the cached envelope until the spend amount, action count, or time window is exhausted. No additional round-trips to Attestify.
5
Attestify logs evidence and usage
Every envelope issue, spend decrement, and expiry event is written into the evidence trail automatically. Billing and audit happen without agent involvement.
Agent friction
Low
Mostly invisible at runtime.
Auth pattern
Batch envelope
One check, many actions.
Billing
Per envelope
Builder & Team tiers.
Enterprise tier
High-assurance enterprise flow
Per-action live checks
Optimised for regulated workflows, finance operations, and compliance-sensitive agent actions. Every consequential step requests fresh authority — adding intentional friction precisely where the risk exists.
1
Team configures strict policies
Ops or finance defines lower per-run limits, vendor allowlists, model allowlists, approval thresholds, revocation rules, and policy versions in Control Plane.
2
Each high-stakes action requests fresh authority
The agent calls authorize(intent) for every payout, refund, settlement, or sensitive API mutation. Long-lived envelopes are disabled or scoped to a single action.
3
Policy, budget, and revocation checks run live
Attestify evaluates current spend, approval status, revocation epoch, and current policy version before issuing a scoped execution certificate for that action.
4
Out-of-policy actions escalate for human approval
If the action breaches amount, vendor, model, or timing rules the flow pauses. A human approver in Control Plane reviews and approves or rejects before execution continues.
5
Receipts become compliance evidence
Every decision includes policy version, approval trail, authority timestamp, and revocation state. Suitable for audit, dispute resolution, and regulated review.
Agent friction
Intentional
Only on risky actions.
Auth pattern
Per-action check
Fresh authority each time.
Billing
Platform + per-action
Enterprise tier.
Side-by-side
Builder vs enterprise — at a glance.
Same control plane configuration, two very different runtime contracts.
| Zero-friction builder | High-assurance enterprise | |
|---|---|---|
| Primary use | Fast self-serve integration, discovery, experimentation | Regulated workflows, finance, compliance-sensitive actions |
| Authorization model | Batch envelope — one check covers many actions | Per-action check — fresh authority before each consequential step |
| Latency impact | Minimal — agent acts locally under cached envelope | Intentional — each check adds a small round-trip for assurance |
| Human approvals | Optional — only if policy threshold is breached | Built-in — approval gate for actions outside defined policy |
| Revocation | Envelope expires by time or count | Revocation checked on every authorize call |
| Evidence depth | Envelope-level — issue, spend decrement, expiry | Action-level — policy version, approval trail, timestamp, revocation state |
| Billing model | Bill per envelope issued or per high-stakes intent | Monthly platform fee + governed-action pricing per check |
| Best for | Builder, Team tiers | Enterprise tier |
Pricing model
Charge when policies govern live activity — not when you set them.
Governed actions are billed
Every time an agent calls authorize(intent) against a live policy — checking budget state, risk class, and thresholds — that is a billable governed action.
Approvals and compliance are premium
Multi-approver flows, signed delegation artifacts, policy history, revocation evidence, and audit exports are Team and Enterprise tier capabilities.
Indicative governed-action pricing by tier (private beta — subject to change):
Builder
100 governed actions/mo included free
$0.02 per action after
Envelope mode only
Team
500 governed actions/mo included
$0.015 per action after
Envelope + per-action mode · + monthly platform fee
Enterprise
Custom volume
Governed-action rate negotiated
Per-action + approvals + revocation + SLA add-ons
What this costs in practice
A procurement agent running 50 approval checks per day at ~$200 avg. intent value.
Monthly governed actions
~1,500
Team tier action fee
~$15.00/mo
Total incl. platform fee
well under $100/mo
Fully governed, auditable finance automation — with a complete policy trail, approval history, and on-chain receipts — for less than the cost of a single engineer-hour per month.
The rule
Don't charge when they set policies. Charge when those policies actually govern live agent activity.
See full plan pricing →Ready to configure?
Set your policy in Control Plane, then choose your flow.
Control Plane lets you configure limits and policies in your browser in under a minute. Advanced controls — envelope mode, per-action mode, approval escalation — are currently in private beta and will activate based on your plan tier when released.
What each plan will receive
⚡ Private beta — features activating per tier on release
Builder
Envelope mode (coming soon)
100 governed actions/mo free · $0.02 per action after
Team
Envelope + per-action mode (coming soon)
500 included · $0.015 per action · + monthly platform fee
Enterprise
Per-action + approvals + revocation
Custom volume · governed-action rate negotiated · SLA add-ons