License Management
AxonFlow licensing is designed to let engineers start quickly on Community, validate real governed AI workflows on Evaluation, and then move to Enterprise when rollout scale, identity, governance, and retention requirements become serious.
The key operational point is simple: the runtime reads AXONFLOW_LICENSE_KEY on startup and applies the limits and features for the active tier. There is no separate code path or migration required when you upgrade.
Overview
AxonFlow uses a three-tier licensing model. Each tier controls resource limits and feature access rather than node counts.
| Tier | License Required | Cost | How to Get |
|---|---|---|---|
| Community | No | Free | Clone the repo |
| Evaluation | Yes | Free | getaxonflow.com/evaluation-license |
| Enterprise | Yes | Paid | AWS Marketplace or [email protected] |
Current Tier Limits
The following limits are the public runtime defaults reflected in the current platform code.
| Resource | Community | Evaluation | Enterprise |
|---|---|---|---|
| Tenant policies | 20 | 50 | Unlimited |
| Organization policies | 0 | 5 | Unlimited |
| Connectors with custom policies | 2 | 5 | Unlimited |
| LLM providers | 2 | 3 | Unlimited |
| Audit retention | 3 days | 14 days | 3650 days |
| Execution history | 50 | 500 | Unlimited |
| Concurrent executions | 5 | 25 | Unlimited |
| MAP plans | 25 | 100 | Unlimited |
| Versions per plan | 10 | 25 | Unlimited |
| SSE connections | 5 | 25 | Unlimited |
| Cost estimates per day | 10 | 100 | Unlimited |
| Pending approvals | 5 | 100 | Unlimited |
Evaluation and Enterprise Feature Gates
| Feature | Community | Evaluation | Enterprise |
|---|---|---|---|
| Media governance | Opt-in | Enabled | Enabled |
| Human-in-the-loop approvals | No | Yes | Yes |
| Policy simulation | No | Yes | Yes |
| Evidence export | No | Yes | Yes |
| Impact report inputs | 0 | 50 | 100 |
| Evidence export window | 0 | 14 days | Unlimited |
For the broader narrative and feature framing, see Community vs Enterprise.
Community Tier
Community requires no license key. Run AxonFlow without AXONFLOW_LICENSE_KEY and Community limits apply automatically.
git clone https://github.com/getaxonflow/axonflow.git
cd axonflow
docker compose up -d
Community is not only a toy tier. It is enough to:
- validate SDK integrations
- run real system-policy enforcement
- experiment with MCP connectors and workflow patterns
- prove out a governed AI architecture before procurement or platform rollout
The usual trigger to move beyond Community is not “we want to pay.” It is “we are hitting practical limits on policies, providers, approvals, retention, or internal rollout.”
Evaluation License
Evaluation provides elevated limits for serious pre-production validation. It is the right tier when a team has moved beyond isolated prototyping and wants to validate whether AxonFlow can serve as a real platform for governed AI usage.
Getting an Evaluation License
- Go to getaxonflow.com/evaluation-license
- Enter your name, email, and organization
- Receive the license key by email
Activating an Evaluation License
Set the AXONFLOW_LICENSE_KEY environment variable before starting AxonFlow:
export AXONFLOW_LICENSE_KEY="AXON-eyJ...<payload>.<signature>"
docker compose up -d
Or add it to .env:
echo 'AXONFLOW_LICENSE_KEY=AXON-eyJ...<payload>.<signature>' >> .env
docker compose up -d
AxonFlow validates the license on startup and applies Evaluation limits immediately.
Enterprise License
Enterprise is for teams turning AxonFlow into shared platform infrastructure across departments, products, or regulated workloads. It unlocks broader governance workflows, enterprise identity, longer retention, richer compliance modules, and effectively unbounded operational limits.
Getting an Enterprise License
AWS Marketplace
- Subscribe to AxonFlow through AWS Marketplace
- Receive the Enterprise license key
- Inject it through the supported deployment path for that package
Direct Purchase
- Contact [email protected]
- Receive an Enterprise license key and deployment guidance
Activating an Enterprise License
At runtime, Enterprise activation is still the same basic mechanism as Evaluation: the platform reads AXONFLOW_LICENSE_KEY on startup and applies the licensed limits and features. What changes is how you inject that secret into your deployment.
Self-managed or container-based deployments
export AXONFLOW_LICENSE_KEY="AXON-eyJ...<payload>.<signature>"
docker compose up -d
Managed deployments and cloud packages
If you are running a protected enterprise deployment package, inject the key through the supported secret-management path for that environment. The protected enterprise docs cover the exact flow for AWS Marketplace, CloudFormation, and customer-specific deployment models.
Rotating or replacing a license
aws secretsmanager update-secret \
--secret-id axonflow/license-key \
--secret-string "AXON-eyJ...<payload>.<signature>"
aws ecs update-service --cluster axonflow-cluster \
--service axonflow-agent-service --force-new-deployment
aws ecs update-service --cluster axonflow-cluster \
--service axonflow-orchestrator-service --force-new-deployment
If you are not on AWS, the principle is the same:
- update the secret or environment variable that backs
AXONFLOW_LICENSE_KEY - restart the Agent and Orchestrator so they reload the license
- verify the runtime is on the expected tier before re-enabling higher-tier workflows
License Format
AxonFlow license keys are signed tokens with the format:
AXON-{BASE64URL(JSON_PAYLOAD)}.{BASE64URL(ED25519_SIGNATURE)}
AXON-is the fixed prefix- the payload encodes organization identity (
org_id), tier, and expiry - the signature protects against tampering
The license identifies your organization (entitlement scope). Your tenant identity (data isolation) comes from the clientId you use in Basic auth — not from the license. This means:
- One license can serve multiple tenants (e.g., prod, staging, dev) by using different
clientIdvalues - Upgrading licenses never changes your tenant identity — your data stays accessible
Do not attempt to create or modify license keys manually. Invalid signatures are rejected.
License Expiry and Graceful Degradation
When a license expires, AxonFlow does not stop working. It degrades gracefully to Community limits.
| After Expiry | Behavior |
|---|---|
| Tenant policies | Capped at 20 |
| Organization policies | Disabled |
| Connectors with custom policies | Capped at 2 |
| Audit retention | 3 days |
| Existing data | Preserved |
To restore elevated limits, set a valid non-expired license key and restart AxonFlow.
This behavior is important operationally. It means expired licenses usually show up first as feature-limit or entitlement problems, not as total platform outages. Teams should monitor for degraded capability, not only for process health.
Upgrading Between Tiers
Community to Evaluation
- Register for an Evaluation key
- Set
AXONFLOW_LICENSE_KEY - Restart AxonFlow
- Limits increase immediately with no migration
Evaluation to Enterprise
- Purchase or subscribe to Enterprise
- Replace the Evaluation key with the Enterprise key
- Restart AxonFlow
- Enterprise features and limits become available immediately
All upgrades are seamless with zero data loss:
- your
clientId(tenant identity) stays the same — just swap the license key - existing policies, configurations, and audit data remain accessible
- SDK integrations do not need code changes
- the same runtime and request paths continue to work
The practical upgrade triggers are usually:
- teams hit the Community or Evaluation ceiling on policies, providers, plans, or execution history
- a shared platform team needs SSO, SCIM, or stronger approval workflows
- procurement or compliance reviewers need longer retention and enterprise controls
- the platform is moving from a few engineers to company-wide governed usage
Troubleshooting
License Not Recognized
Symptoms: AxonFlow starts in Community mode even though you set AXONFLOW_LICENSE_KEY.
Check:
echo "$AXONFLOW_LICENSE_KEY"
echo "$AXONFLOW_LICENSE_KEY" | cut -c1-5
docker compose exec agent printenv AXONFLOW_LICENSE_KEY | cut -c1-5
docker compose exec orchestrator printenv AXONFLOW_LICENSE_KEY | cut -c1-5
Common causes:
- extra whitespace or newline in the key
- the key is set in your shell but not passed into the container or service definition
- typo in the variable name
License Expired
Symptoms: higher-tier features that previously worked now return tier validation errors.
Fix:
- obtain a renewed license key
- update
AXONFLOW_LICENSE_KEY - restart the runtime
Policy or Feature Limit Exceeded
Symptoms: creating policies, provider configs, plans, or approvals starts failing even though the runtime is healthy.
Fix:
- confirm the active tier
- compare the operation with the current tier limits above
- upgrade if the platform has outgrown the current tier
Security Best Practices
Storing License Keys
Recommended:
- store
AXONFLOW_LICENSE_KEYin a secret manager or encrypted environment store - use AWS Secrets Manager or the equivalent secret store on your platform
- limit access to the secret to the runtime only
Avoid:
- hardcoding the key in application code or committed compose files
- storing the key in plaintext files
- sending the key through unencrypted channels
Support
| Tier | Support Channel | Response |
|---|---|---|
| Community | GitHub Issues | Best effort |
| Evaluation | GitHub Issues | Best effort |
| Enterprise | Priority support | Per contract or SLA |
License-related issues: [email protected]
