One agent, one Living Cert. Local-first.
- 1 agent · 50k traces / month
- Living Cert (signed + public)
- Firewall scanner (prompt injection, exfil, tool policy)
- Promptfoo redteam packs
- Findings inbox + repro tests
- Open-source self-host
Production agents with audit trail and RBAC.
- Up to 25 agents
- Unlimited traces
- Slack + GitHub integrations
- RBAC + audit logs
- Mutual Defense Network (opt-in corpus)
- Email + Slack support
BYOK, VPC, procurement-grade.
- Unlimited agents
- BYOK + VPC isolation
- SSO / SAML / SCIM
- Custom data retention
- Dedicated cluster + SLAs
- Security review + DPA
Common questions.
What counts as an agent?
An agent is a unique (model + prompt + tool inventory) tuple under a project. Sharing a prompt across two tenants counts as one agent.
Is there a free tier for self-hosting?
Yes. The OSS Vouch stack is Apache-2.0 and self-hostable end to end. Cloud pricing covers managed Postgres / ClickHouse / Redis and the hosted firewall.
How is data handled?
Trace bodies redact PII before storage. Pro & Enterprise can use BYOK so encryption keys never leave your KMS. Mutual Defense Network is opt-in; nothing leaves your project unless you flip it on.
Can I migrate from Helicone or Langfuse?
Yes. Vouch ingests OTel-compatible traces and the SDK can shadow your existing logger. The cert + redteam layer is additive — you don't have to rip and replace.