Every plan is the full product — the same identity, enforcement, and audit trail on every node. You scale by adding nodes, not by unlocking features.
The full enforcement engine on a handful of nodes. No card, no trial clock.
For teams enforcing a production fleet from one control plane.
For platform organizations with their own boundaries — and their own racks.
A node is any host running the Riptides daemon — a VM, a bare-metal server, or a Kubernetes node. Agents, services, and pipelines on a node are not metered, on any plan.
Any host running the Riptides daemon — a VM, a bare-metal server, or a Kubernetes node. Pricing follows enforcement: one node, one unit. The agents, services, and CI/CD pipelines running on a node are never metered.
Nothing breaks. Your 3 enrolled nodes keep enforcing; additional nodes simply won't enroll until you free a slot or upgrade. There is no trial clock — Free stays free for as long as you run it.
Pro includes 20 nodes for $1,000/mo. Each node past that adds $100/mo, prorated to the days it was enrolled. Decommission a node and its billing stops with it.
How long attribution records — which workload, what credential, against which system, on whose behalf — stay queryable in the console. Free keeps 1 day, Pro keeps 3 days, and Enterprise retention is set by contract.
A trust domain is an independent identity root: its own certificate authority, its own SPIFFE namespace, its own policy boundary. One is enough for most platforms. You need more when subsidiaries, regulated environments, or acquisitions must not share an identity root — that's an Enterprise conversation.
Yes — on Enterprise. The self-hosted control plane keeps identities, policies, and event data inside your boundary. Free and Pro use the Riptides SaaS control plane; enforcement happens on your nodes either way.
Identity, access control, and a full audit trail for every agent and service — enforced on the host, with no code changes. Up and running in an afternoon.