Plans & Entitlements
Keel uses a four-tier plan system. Each plan determines dashboard limits, retention, included governed requests, and access to advanced features.
Plan tiers
| Starter | Growth | Business | Enterprise | |
|---|---|---|---|---|
| Project limit | 1 | 5 | Unlimited | Unlimited |
| Log retention * | 7 days | 30 days | 180 days | 365 days |
| Included governed requests | 1,000 | 100,000 | 1,000,000 | 5,000,000 |
| Policy authoring | Templates only | Basic custom authoring | Full custom authoring | Full custom authoring |
| Routing fallback | 1 same-provider fallback | Same-provider chains | Cross-provider available | Cross-provider available |
| Budget envelopes | 1 per project | Unlimited | Unlimited | Unlimited |
| Firewall strengthening | No | No | Yes | Yes |
| Langfuse integration | No | Yes | Yes | Yes |
| Overage billing | No | No | No | No |
| Self-serve checkout | No | Yes | Yes | No |
| Billing portal | No | Yes | Yes | No |
| Stripe metering | No | No | No | No |
| Evidence export (JSON) | No | Yes | Yes | Yes |
| Evidence export (PDF) | No | No | Yes | Yes |
| Organization dashboard | No | No | No | Yes |
| Teams | No | No | No | Yes |
| Sales-led | No | No | No | Yes |
| Manual billing | No | No | No | Yes |
* Log retention defines the dashboard visibility window and the automated pruning horizon. Records older than your plan’s retention are pruned on a scheduled cadence.
These table values reflect the current plan entitlement model in code. They do not mean every entitlement is separately enforced on every route. Treat the enforced-gates list below as the safe public contract.
Feature gating
When a route or dashboard feature requires a higher plan, Keel returns 403
and indicates the required plan in the access block. The safe route-level and
feature-level gates to rely on today are:
- Governance decision snapshots — Growth or higher.
- Project-scoped replay evidence and dashboard permit replay — Growth or higher.
- Permit evidence attachments and permit evidence listing — Growth or higher.
- Cost forecasting (
GET /v1/projects/{project_id}/cost-forecast) — Growth or higher. - Prompt analytics (
GET /v1/projects/{project_id}/prompt-analytics) — Growth or higher. - Integrity verification API (
GET /v1/audit/integrity,GET /v1/dashboard/projects/{project_id}/governance/integrity) — Growth or higher. Below tier returnsplan.upgrade_required. The hash-chain itself is present on every plan; the gate is on the verification API. See Verifying Keel Evidence § Programmatic chain verification. - Latest checkpoint surface (
GET /v1/dashboard/projects/{project_id}/integrity/latest-checkpoint) — reachable on every plan, with the response body differentiated by tier. Starter and Growth get the Anchoring status signal (timestamp of the most recent system-wide checkpoint tick, no verifiable artifact). Business unlocks the Verification artifact (checkpoint_id,chain_heads,external_anchorURL/bucket/object_key). Enterprise additionally embeds the Independent timestamp witness (tsareceipt). See Verifying Keel Evidence § Latest-checkpoint surface. - Compliance / audit exports (
/v1/compliance/exports) — Business or higher. - Langfuse integration — Growth or higher.
- Organization dashboard — Enterprise.
- Teams — Enterprise.
Important current nuance:
- Public
GET /v1/requests/{request_id}/timelineis not currently Growth-gated in code. Growth gating applies to dashboard replay and related replay-evidence surfaces instead.
Checking your plan
Keel’s authenticated dashboard and billing surfaces expose the caller’s current plan tier and core entitlements. A typical response includes:
{
"plan": "growth",
"project_limit": 5,
"log_retention_days": 30
}