IAGA Sentinel
Docs

OSS vs Enterprise

The conceptual governance kernel is the open build. Enterprise adds modules that require specialist engineering at scale, in a separate commercial repository.

Ships in the open build today

Verifiable from a clean checkout (git clone, cargo test --workspace, docker compose up -d):

  • 12-layer governance pipeline, single binary, one endpoint (POST /v1/inspect)
  • Ed25519 signed receipts + Merkle append-log per run
  • iaga-verify: offline verifier, no database, no server, no call-home
  • Dictum policy language + Hindley-Milner type checker, live overlay
  • Soft enforcement (cross-platform UserspaceKernel) with secret scrubbing on iaga run
  • MCP governance: transparent proxy + GovernedTool wrappers
  • 16 framework adapters (Python + TypeScript SDKs, Rust client crate)
  • Cost control behind --features cost-control: local pricing, budgets, response cache
  • BYOK signer (Signer trait, LocalDiskSigner)
  • SQLite + Postgres backends
  • OpenTelemetry receipt export
  • WASM plugins with offline Sigstore + SBOM attestation and signed manifests
  • Operator dashboard served from the binary
  • Published Docker image (ghcr.io) + compose deployment

What Enterprise adds

These modules live in a separate commercial repository. Some are still in development; treat them as commitments, not open-build features.

  • eIDAS qualified signatures (ETSI EN 319 132) roadmap
  • Annex IV dossier generator (Article 11 + Annex IV) roadmap
  • RoPA / DPIA / post-market monitoring roadmap
  • DPO dashboard: review queues, SLA timers, signed approvals Enterprise
  • Native SIEM connectors (Splunk, Datadog, Elastic, Sentinel) Enterprise
  • Real Aya-rs eBPF/LSM loader (hard enforcement) roadmap
  • macOS Endpoint Security + Windows ETW/WFP backends roadmap
  • Enterprise SSO (SAML / OIDC / SCIM) Enterprise
  • Air-gapped distribution Enterprise
  • Curated ML model library (intent-drift, prompt-injection) Enterprise
  • Native KMS SDK signers (AWS KMS, Azure Key Vault, Vault, PKCS#11) Enterprise
  • Governance mesh (multi-region active-active) Enterprise
  • Semantic response caching (ADR 0021) Enterprise

The open-core promise

The conceptual governance kernel is the open build: the receipt schema, the replay algorithm, the Dictum evaluator (with WASM codegen and the Hindley-Milner type checker), the reasoning framework with BYO ONNX, the UserspaceKernel soft enforcement, the BYOK signer pattern, the Sigstore plus SBOM plugin attestation primitive, drift replay, and the cost-control primitives. None of the Enterprise modules shipped in 1.0 GA, so moving them to Enterprise does not violate the never-retroactively-remove-from-the-open-build covenant. The public boundary is documented in ADR 0010.

License, in plain English

The open build is source-available under BUSL-1.1 with a Change License of Apache-2.0 baked into the license itself:

  • You can run, copy, modify, and redistribute IAGA Sentinel freely for internal use, research, evaluation, and any non-production use.
  • You can run it in production as long as your use does not consist of offering IAGA Sentinel itself to third parties as a hosted or managed service that exposes a substantial set of its features. Building your own product on top of it for your customers is fine.
  • Four years after each release is published, that release converts automatically and irrevocably to Apache-2.0. The conversion is written into the license, so it is not something that can be walked back later.

Source-available is not the same as OSI open source. The BUSL term is deliberate: it stops a third party from reselling IAGA Sentinel as a hosted service, while guaranteeing every release becomes true open source on its Change Date. You can run it air-gapped and keep it even if IAGA disappears. The full text is in LICENSE.