OSS vs Enterprise
The OSS package gives you the full governance pipeline for your agents — same PolicyGate, same Rego semantics, same audit log shape, same 11 framework adapters. Enterprise is governance at organisational scale — centralized enforcement across many agent fleets, dashboards, RBAC, Postgres-backed storage, and compliance export packs.
| Feature | OSS | Enterprise |
|---|---|---|
| Governance pipeline | ||
| OPA policy engine (Tether) | ✓ | ✓ |
| Regorus in-process Rego engine (experimental) | ✓ | ✓ |
YAML policy frontend (kitelogik compile) | ✓ | ✓ |
| 2-tier policy hierarchy (global + project) | ✓ | ✓ |
| Tool call governance | ✓ | ✓ |
| Agent lifecycle governance (spawn, delegate, plan) | ✓ | ✓ |
| Resource budget enforcement | ✓ | ✓ |
| Data classification labels | ✓ | ✓ |
| Compliance CLI with OWASP ASI mapping | ✓ | ✓ |
| Cross-agent governance (org-wide budgets) | ✓ | |
| Runtime | ||
| Docker sandbox (network isolation, resource limits) | ✓ | |
| Firecracker MicroVM | ✓ | |
| Credentials & access | ||
| Session-scoped credentials with delegation | ✓ | ✓ |
| SSO (SAML / OIDC) | ✓ | |
| RBAC (Admin, Author, Operator, Viewer) | ✓ | |
| Storage | ||
| SQLite backends (HITL, credentials, audit, memory) | ✓ | ✓ |
| PostgreSQL backends (HA, connection pooling) | ✓ | |
| Observability | ||
| OpenTelemetry tracing | ✓ | ✓ |
Prometheus /metrics endpoint | ✓ | |
| Real-time governance dashboard | ✓ | |
| SIEM webhook (Splunk, Datadog, Elastic) | ✓ | |
| Policy intelligence dashboard (analytics) | ✓ | |
| Operations | ||
| Starter policy library | ✓ | ✓ |
| Governance Gateway (centralized HTTP API) | ✓ | |
| Orchestrator (multi-agent delegation coordination) | ✓ | |
| Compliance export packs (SOC 2, HIPAA, FedRAMP) | ✓ | |
| Agent fleet management | ✓ | |
| Multi-tenant policy isolation | ✓ | |
| Policy simulation / what-if analysis | ✓ | |
| Governance marketplace (compliance packs) | ✓ | |
| Framework adapters | ||
| OpenAI, LangChain, CrewAI, OpenAI Agents SDK, LangGraph | ✓ | ✓ |
| Google ADK, PydanticAI, LlamaIndex, Semantic Kernel, Haystack, Dify | ✓ | ✓ |
| HITL | ||
| HITL queue (high-stakes escalation) | ✓ | ✓ |
| Anchor API (REST endpoints for HITL approval) | ✓ | |
| HITL SLA tracking | ✓ |
What this means in practice
- Single agent on one developer's laptop — OSS, SQLite, done.
- A small team running a handful of agents in production — OSS still. The governance pipeline is the same. SQLite handles thousands of decisions per second on a single host.
- Multiple teams, fleet-wide policy, central audit, compliance reports — Enterprise. The OSS pipeline doesn't scale to fleet enforcement out of the box; the Governance Gateway is the missing piece.
- Regulated industries with formal HITL SLA requirements — Enterprise. The Anchor REST API + SLA tracking is the auditable approval surface most compliance frameworks expect.
Migration path
Policies, adapters, and audit log shape are identical between OSS and Enterprise. The migration from OSS to Enterprise is essentially:
- Switch storage backends from SQLite to Postgres
- Point your agents at the Governance Gateway instead of an embedded
PolicyGate - Wire SSO / RBAC for human reviewers and policy authors
No policy rewrite. No event-shape change. No audit-log re-keying.
Licensing
OSS is Apache 2.0 — pip install kitelogik, no account, no phone-home. Enterprise is a commercial license; contact licensing@kitelogik.com.