Apache 2.0 forever for the authorization control point
IntentGate runs on an open core. The components required to operate it as a security control stay Apache 2.0 in perpetuity. The Pro tier adds enterprise operator experience, not capability gates.
The line will not move under you
The OSS community is watching where the line gets drawn. So are prospective customers and prospective hires. When a company moves a capability that small deployments depend on into a paid tier (GitLab Premium taking CI/CD, HashiCorp's BSL relicense), they lose the community trust that took years to build.
Our commitment is encoded as a principle, not a list. Six months from now we will ship a new feature and the question will be "OSS or Pro?" The principle answers it: if a small deployment cannot operate without this capability, it is OSS. If it is an operator-experience layer on top, it is Pro.
We will never relicense the Apache 2.0 components. The
commitment lives in
GOVERNANCE.md
on the gateway repo (publishing soon). Fork freely. Run it
in air-gapped environments. Use it as a security control
for your own product. The license never changes under you.
What is free, what is paid
Everything required to run IntentGate as an authorization control point is Apache 2.0. The commercial tier wraps that control point in the operator experience enterprise teams expect. Source is freely buildable from GitHub for inspection, contribution, and evaluation. Production deployment requires a paid tier (see pricing).
- intentgate-gateway The authorization control point. Four-check pipeline, capability tokens, multi-tenant scoping, audit chain, webhook emitter, SIEM forwarders.
- intentgate-extractor Intent classifier (stub + Anthropic Haiku backends).
- intentgate-sdk-python Agent-side SDK with capability attenuation.
- intentgate-sdk-typescript Node 18+ SDK, byte-compatible attenuation with the Python SDK.
- intentgate-helm Kubernetes packaging for the gateway + extractor.
- intentgate-console Basic operator UI. Full token lifecycle: mint, use, revoke.
- OIDC SSO + viewer / operator / admin RBAC Sign-in against any OIDC provider with role-based access.
- SCIM 2.0 provisioning Push from your IdP. Off-boarding flows automatically.
- TOTP step-up authentication Destructive operations gate behind a fresh code.
- Per-tenant notification channels Slack, Teams, PagerDuty fan-out from gateway webhooks.
- JIT admin elevation lifecycle Time-bounded admin with reason, approval, and auto-expiry.
- /audit/verify dashboard + CSV/NDJSON export One-click chain verification and evidence export.
- Approvals queue with step-up gating Operator triage of high-risk tool calls.
- AI-assisted Rego authoring Draft, dry-run, promote, rollback — all in-product.
Source you can clone today
Six repositories, every one Apache 2.0, every one production-deployable on the version pinned in the README. Clone, build, run in your own environment without asking permission.
Core
-
intentgate-gateway
The authorization service. Go binary. Apache 2.0.
ghcr.io/intentgate-app/intentgate-gateway:1.7.1 -
intentgate-extractor
Intent classifier microservice. Python / FastAPI. Apache 2.0.
SDKs & packaging
-
intentgate-sdk-python
pip install intentgate. Python 3.10–3.13. -
intentgate-sdk-typescript
npm install @intentgate-app/intentgate. Node 18+, dual ESM/CJS. -
intentgate-helm
Kubernetes packaging.
oci://ghcr.io/intentgate-app/charts/intentgate -
intentgate-console
Basic operator UI. Apache 2.0. Next.js + React.
Track what changed and when
Every repository tags its own releases on GitHub. The release page for each component is the authoritative source for what changed, when, and the SHA of the commit it points at. Watch the repository you care about to get a notification on every tag.
Run it in your environment, today
Apache 2.0 means no permission needed. Clone the gateway, run it on your laptop in five minutes, wire it in front of an agent, and read the audit chain it produces.