Aroha for Enterprise

Bounded authority for your
agent fleet — inside your boundary

The Aroha protocol and SDKs are open source and free forever. Enterprise adds the three things a production agent program needs and shouldn't build itself: managed infrastructure, governed identity, and the compliance envelope your procurement team requires — deployable inside your own cloud.

The problem we solve

When your agents act autonomously — spending, sending, deleting, delegating to sub-agents and to other companies' agents — nothing in OAuth, API keys, or rate limits was built to bound them. Aroha gives every action a cryptographically enforced ceiling and a signed receipt, so a runaway loop or a prompt injection exhausts a bounded allowance instead of your credit card, and every action traces to a human authorization.

What an Enterprise agreement includes

Available now ships today·Roadmap committed roadmap, available to design-partner customers

Managed infrastructure

We run the operational surface so your team doesn't have to. Everything here is self-hostable under MIT if you prefer — you're paying us to operate it, not to unlock it.

  • Available nowHosted Agent Registry with an SLA (discovery, keys, reputation)
  • Available nowHosted agents — deploy from Studio, we serve them
  • Available nowContent-addressed manifest hosting (IPFS gateway)
  • Available nowElevated rate & usage limits above the community tier
  • RoadmapPrivate, single-tenant registry instance

Identity & access governance

API keys are free for everyone. What enterprise buys is governed, accountable, org-scoped access.

  • Available nowOrg-scoped API key issuance, rotation, and revocation
  • Available nowPer-key and per-agent audit of every action
  • RoadmapSAML SSO
  • RoadmapSCIM directory sync (auto-provision / deprovision)
  • RoadmapRole-based access control across team members

The compliance & trust envelope

The part free users can't replicate — and the reason most enterprises engage.

  • Available nowTamper-evident audit trail: every mandate, delegation, and action carries a signed receipt
  • Available nowGDPR data-processing guidance (published)
  • Available nowFinancial-regulation guidance for agent spending (published)
  • Roadmap30 / 90-day audit-log retention tiers
  • RoadmapSOC 2 Type I — controls underway, audit targeted H1 2027
  • RoadmapConformance certification for your own agents

Deployment inside your boundary

For regulated buyers who cannot use shared infrastructure at all.

  • Available nowShared managed cloud (default)
  • RoadmapPrivate cloud / dedicated VPC deployment
  • RoadmapOn-premise deployment of the full open-source stack
  • RoadmapCustom SLA up to 99.99%, dedicated support channel, named onboarding

How engagement works

1

Scoping call

We map your agent architecture to the three chokepoints Aroha governs, and identify which of the above you actually need — most teams need less than they expect.

2

Design-partner pilot

A scoped pilot on a real workload, with hands-on integration support. Early enterprise customers help set the roadmap and the pricing.

3

Agreement

Custom terms, SLA, deployment model, and retention — invoiced directly. Security questionnaire responses and architecture docs available on request.

Start a conversation

Tell us what your agents do and where they act. We'll tell you honestly which parts of Aroha you need today and which can wait.

contact@aroha-labs.com