Community vs Evaluation vs Enterprise
AxonFlow currently exposes three runtime capability tiers in the codebase:
- Community: self-hosted local/dev usage, no license required
- Evaluation: free evaluation license with elevated limits and selected approval/simulation features
- Enterprise: paid production tier for organization-wide rollout and advanced operational controls
This page focuses on what the runtime and APIs actually gate today.
Terminology note
The license/status APIs also expose paid SKU names such as Professional, Enterprise, and Plus. In the open docs, those all map to the broader Enterprise capability bucket because they share the enterprise code path and enterprise limit profile.
Quick Guidance
| If you need to... | Best fit |
|---|---|
| Run AxonFlow locally with Docker Compose | Community |
| Add governance to a dev or staging system without buying production licenses yet | Evaluation |
| Test HITL queues, policy simulation, or evidence export before procurement | Evaluation |
| Roll out org-wide policies, portal workflows, or enterprise operations in production | Enterprise |
| Use production identity, protected portal workflows, or advanced compliance operations | Enterprise |
The Runtime Differences That Matter
The tier system currently controls:
- custom tenant and organization policy limits
- maximum configured LLM providers
- execution history and concurrency limits
- SSE connection limits
- cost-estimation limits
- whether HITL approval, policy simulation, and evidence export are enabled
Capability Summary
| Capability | Community | Evaluation | Enterprise |
|---|---|---|---|
| Local self-hosted runtime | Yes | Yes | Yes |
| Proxy mode and gateway mode | Yes | Yes | Yes |
| Workflow Control Plane | Yes | Yes | Yes |
| Tenant custom policies | Limited | Higher limit | Unlimited |
| Organization-tier policies | No | Yes | Yes |
| Configured LLM providers | Limited | Higher limit | Unlimited |
| HITL approval workflows | No queue | Enabled with limits | Enabled, production-ready |
| Policy simulation | No | Enabled with limits | Enabled |
| Evidence export | No | Enabled with limits | Enabled |
| Portal, SCIM, SSO, protected enterprise docs | No | No | Yes |
Current Limit Profiles
These values come directly from the non-enterprise license tier definitions used by the runtime.
| Limit | Community | Evaluation | Enterprise |
|---|---|---|---|
| Tenant policies | 20 | 50 | Unlimited |
| Organization policies | 0 | 5 | Unlimited |
| Connectors with custom policies | 2 | 5 | Unlimited |
| LLM providers | 2 | 3 | Unlimited |
| Audit retention | 3 days | 14 days | Configurable, up to long-term retention |
| Execution history | 50 | 500 | Unlimited |
| Concurrent executions | 5 | 25 | Unlimited |
| Plans | 25 | 100 | Unlimited |
| Versions per plan | 10 | 25 | Unlimited |
| SSE connections | 5 | 25 | Unlimited |
| Cost estimates per day | 10 | 100 | Unlimited |
| Pending approvals | 5 | 25 | Unlimited |
What Evaluation Adds
Evaluation is the “try the real workflows” tier. It is the first tier where the runtime enables:
- organization-tier policies
- queue-backed approval behavior for WCP
require_approval - session overrides — create time-bounded, audit-logged policy overrides (60m default, 24h cap)
- workflow checkpoint resume — resume an interrupted workflow from its last checkpoint
- extended decision explainability retention (30 days vs 7 in Community)
- policy simulation
- evidence export
- higher limits for plans, executions, and provider configuration
In the current runtime:
- Evaluation approvals have a fixed 24-hour expiry
- Evaluation evidence export and simulation are still limited
- Evaluation keeps the same public API surface as Community, but more features actually activate
The practical evaluation case
Evaluation is what most teams need once AxonFlow is being reviewed by more than one enthusiastic engineer.
It is usually the right next step when:
- a platform team wants realistic validation, not just a local demo
- security or compliance stakeholders want to see approval or evidence workflows
- you need more headroom before committing to a production operating model
Request a license here:
What Enterprise Adds
Enterprise is about production operations, protected configuration surfaces, and organizational controls.
That includes:
- protected enterprise documentation
- enterprise portal workflows and admin surfaces
- SCIM, SSO, and enterprise identity features
- enterprise-only connector and provider operations
- advanced compliance and operational playbooks
- org-wide override administration (listing and revocation across tenants)
- auto-approval of low-risk HITL requests and SLA escalation of critical ones
- resume-from-any-checkpoint for workflow recovery, not just resume-from-last
- unlimited or effectively unbounded runtime limits in the current tier model
The practical enterprise case
Enterprise is what organizations usually need when AxonFlow moves from “useful in one workflow” to “part of how we govern AI across the company.”
At that point, the differentiator is not only more headroom. It is the combination of:
- organization-wide governance controls
- protected admin and portal workflows
- identity and provisioning
- enterprise-grade connector and provider operations
- stronger audit, oversight, and compliance posture
- support and deployment expectations that fit business-critical usage
Connectors by Edition
The connector implementation split in the codebase is clearer than the current docs structure:
Core connector types available in the base/community factory
postgresmysqlmongodbcassandraredishttps3azure_blobgcs
Connector types added by enterprise build paths
amadeussalesforceslacksnowflakehubspotjiraservicenow
That means connector availability is more nuanced than “all public connector docs are community-safe.” If you are planning around SaaS-business-system connectors, verify the target deployment tier before committing.
LLM Providers by Edition
Built-in provider types in the runtime:
openaianthropicazure-openaigeminiollamacustombedrock(Enterprise only)
Practical edition guidance:
- Community and Evaluation are sufficient for most local and staging provider work
- Enterprise is the right assumption for Bedrock-centric, managed-credential, or production multi-provider operations
Approval Behavior Differences
The approval story is mode- and tier-sensitive:
- In gateway mode, Community does not provide a real HITL queue
- In WCP, Community can reach
require_approvalpolicy decisions, but queue-backed approval only activates in Evaluation or Enterprise - Evaluation enables approval queues with fixed expiry and limit enforcement
- Enterprise removes the evaluation-tier operational limits
Simple Rule Of Thumb
Use this mental model:
- Community is for getting AxonFlow into engineers’ hands quickly.
- Evaluation is for proving AxonFlow can survive the first serious production-readiness conversation.
- Enterprise is for running AxonFlow as a scalable control layer with stronger guarantees across the organization.
Recommended Upgrade Path
- Start in Community to wire AxonFlow into your app and validate the developer experience.
- Move to Evaluation when you need real approval queues, simulation, and larger plan/provider limits.
- Move to Enterprise when identity, portal workflows, compliance operations, or production operational control become requirements.
Full Feature Matrix
The matrix below is the complete reference — every governance, runtime, identity, and operations feature with its tier-by-tier availability. Use it for procurement reviews, security reviews, or anytime the headline summary above isn't specific enough. Sections are ordered from most commonly checked at the top (Governance, Runtime) to operational depth at the bottom (Compliance, Support, Roadmap).
Show / hide full matrix
1. Governance & Security
| Feature | Community | Evaluation | Enterprise |
|---|---|---|---|
| Policy Enforcement | |||
| Policy enforcement engine | ✅ | ✅ | ✅ |
| Sub-10ms inline governance | ✅ | ✅ | ✅ |
| System Policy API (list, get, CRUD) | ✅ | ✅ | ✅ |
| Tenant Policy CRUD API | ✅ | ✅ | ✅ |
| Pattern testing API | ✅ | ✅ | ✅ |
Policy risk_level + allow_override metadata | ✅ | ✅ | ✅ |
| Session overrides (time-bounded, audit-logged) | Context only | Create, 60m default / 24h cap | + org-wide listing, admin revoke |
| Decision explainability endpoint | ✅ 7-day retention | ✅ 30-day retention | ✅ 365-day, org-wide |
| Threat Detection | |||
| PII detection (SSN, credit cards, PAN, Aadhaar) | ✅ | ✅ | ✅ |
| SQLi response scanning (basic) | ✅ | ✅ | ✅ |
| Advanced SQLi detection (ML-assisted) | ❌ | ❌ | ✅ |
| Code Governance | |||
| Code artifact detection in LLM responses | ✅ | ✅ | ✅ |
| Language detection (14 languages) | ✅ | ✅ | ✅ |
| Code type categorization | ✅ | ✅ | ✅ |
| Secret pattern detection | ✅ | ✅ | ✅ |
| Unsafe code pattern detection | ✅ | ✅ | ✅ |
| Git provider integration (GitHub, GitLab, Bitbucket) | ❌ | ❌ | ✅ |
| PR creation from LLM-generated code | ❌ | ❌ | ✅ |
| Code governance dashboard | ❌ | ❌ | ✅ |
| Media Governance | |||
| Image validation (format, size, dimensions) | ✅ | ✅ | ✅ |
| OCR-based PII detection | ✅ | ✅ | ✅ |
| SHA-256 audit hashing | ✅ | ✅ | ✅ |
| System media policies (5 default rules) | When enabled | ✅ | ✅ |
| Toggle system media policies | ✅ | ✅ | ✅ |
| Modify system media policy actions/priority | ❌ | ❌ | ✅ |
| Per-tenant media governance config | ❌ | ❌ | ✅ |
| Cloud analyzers (Rekognition, Vision, Azure) | ❌ | ❌ | ✅ |
| Identity & Access | |||
| SSO/SAML integration | ❌ | ❌ | ✅ |
| SCIM 2.0 user provisioning | ❌ | ❌ | ✅ |
| SCIM group sync & role mapping | ❌ | ❌ | ✅ |
| Evaluation & Simulation | |||
| HITL Approval Gates | No queue | Max 100 pending, 24h expiry | Unlimited, configurable |
| Risk-tiered approval routing | Severity metadata only (no queue) | Severity + queue filter | + auto-approve low-risk, SLA escalation for critical |
| Policy Simulation (dry-run) | ❌ | 300/day | Unlimited |
| Impact Report | ❌ | 50 inputs/run | 100 inputs/run |
| Evidence Export Pack | ❌ | 14-day window, 5K records, 3/day, watermark | Unlimited, clean |
2. Audit & Compliance
| Feature | Community | Evaluation | Enterprise |
|---|---|---|---|
| Audit Logging | |||
| Audit logging (LLM calls) | ✅ | ✅ | ✅ |
| MCP query audit logging | ✅ | ✅ | ✅ |
| Decision chain tracing | ✅ | ✅ | ✅ |
| Transparency headers (X-AI-*) | ✅ | ✅ | ✅ |
| Audit retention | 3 days | 14 days | Configurable (up to 10 years) |
| EU AI Act | |||
| Conformity assessment workflow | ❌ | ❌ | ✅ |
| 10-year audit retention | ❌ | ❌ | ✅ |
| EU AI Act export format | ❌ | ❌ | ✅ |
| India Compliance (SEBI/RBI) | |||
| India PII detection (Aadhaar, PAN, UPI) | ✅ Pattern-based | ✅ Pattern-based | ✅ With checksum |
| SEBI compliance module (export, 10-year audit retention) | ❌ | ❌ | ✅ |
| RBI FREE-AI Framework (kill switch, board reports) | ❌ | ❌ | ✅ |
| Singapore Compliance (MAS FEAT) | |||
| Singapore PII detection (NRIC, FIN, UEN) | ✅ Pattern-based | ✅ Pattern-based | ✅ With checksum |
| FEAT assessment workflows | ❌ | ❌ | ✅ |
| MAS-compliant export format | ❌ | ❌ | ✅ |
3. Policy Management
| Feature | Community | Evaluation | Enterprise |
|---|---|---|---|
| 83 System policies (SQLi, PII, compliance, code, security) | ✅ View | ✅ View | ✅ View + Override |
| Tenant-tier policies | 20 limit | 50 limit | Unlimited |
| Organization-tier policies | ❌ | 5 limit | Unlimited |
| System policy overrides (block/warn/log) | ❌ | ❌ | ✅ |
| Policy version history | Last 5 | Last 5 | Full audit trail |
require_approval action | No queue | Queue with 24h expiry | Full HITL queue |
| Policy templates library | Core | Core | Full (EU AI Act, SEBI, RBI, MAS FEAT) |
| Customer Portal Policy UI | ❌ | ❌ | ✅ |
4. LLM Providers & Routing
| Feature | Community | Evaluation | Enterprise |
|---|---|---|---|
| Providers | |||
| OpenAI | ✅ | ✅ | ✅ |
| Azure OpenAI | ✅ | ✅ | ✅ |
| Anthropic (Claude) | ✅ | ✅ | ✅ |
| Google Gemini | ✅ | ✅ | ✅ |
| Ollama | ✅ | ✅ | ✅ |
| AWS Bedrock | ❌ | ❌ | ✅ |
| Routing | |||
| Multi-provider failover | ✅ | ✅ | ✅ |
| Weighted routing | ✅ | ✅ | ✅ |
| Round-robin routing | ✅ | ✅ | ✅ |
| Health-based selection | ✅ | ✅ | ✅ |
| Cost-optimized routing | ❌ | ❌ | ✅ |
| Runtime weight updates | ❌ | ❌ | ✅ |
| Cost Management | |||
| Usage tracking (tokens, cost) | ✅ | ✅ | ✅ |
| Budget limits and alerts | ✅ | ✅ | ✅ |
| Pre-flight budget check | ✅ | ✅ | ✅ |
| Cost estimation | 10/day | 100/day | Unlimited |
| Usage forecast | ❌ | ❌ | ✅ |
| Cost dashboard | ❌ | ❌ | ✅ |
5. MCP Connectors & Data Access
| Feature | Community | Evaluation | Enterprise |
|---|---|---|---|
| Community Connectors | |||
| PostgreSQL, MySQL, MongoDB | ✅ | ✅ | ✅ |
| Redis, HTTP/REST, Cassandra | ✅ | ✅ | ✅ |
| S3, Azure Blob, GCS | ✅ | ✅ | ✅ |
| Enterprise Connectors | |||
| Amadeus, Salesforce, Slack | ❌ | ❌ | ✅ |
| Snowflake, HubSpot, Jira, ServiceNow | ❌ | ❌ | ✅ |
| MCP Policy Enforcement | |||
| SQL injection blocking (INPUT phase) | ✅ | ✅ | ✅ |
| PII redaction (OUTPUT phase) | ✅ | ✅ | ✅ |
| Exfiltration detection | ✅ | ✅ | ✅ |
| Connectors with custom policies | 2 | 5 | Unlimited |
What Evaluation Adds
| Feature | Community | Evaluation | Enterprise |
|---|---|---|---|
| Deployment | |||
| Docker Compose (local) | ✅ | ✅ | ✅ |
| AWS ECS/Fargate | Manual | Manual | One-click CloudFormation |
| Multi-tenant isolation | ❌ | ❌ | ✅ |
| Workflow Control Plane | |||
| Workflow registration (LangChain, LangGraph, CrewAI) | ✅ | ✅ | ✅ |
| Step gates (allow/block) | ✅ | ✅ | ✅ |
| Per-tool governance | ✅ | ✅ | ✅ |
| LangGraph adapter (Python, TypeScript, Go, Java) | ✅ | ✅ | ✅ |
| MCP tool interceptor | ✅ | ✅ | ✅ |
| SDK support (Go, Python, TypeScript, Java) | ✅ | ✅ | ✅ |
| Per-step token/cost tracking | ✅ | ✅ | ✅ |
| SSE real-time execution streaming | ✅ | ✅ | ✅ |
| Idempotent step-gate retry (execution boundary semantics) | ✅ | ✅ | ✅ |
Retry context on step gates (wire-level — gate_count, prior_completion_status, prior_output) | ✅ | ✅ | ✅ |
| Idempotency key on step gates (wire-level, same-workflow enforcement) | ✅ | ✅ | ✅ |
Retry-aware policy conditions (step.gate_count, step.prior_completion_status, step.idempotency_key, etc. as policy conditions) | ❌ | ✅ | ✅ |
| Workflow checkpoint listing | ✅ | ✅ | ✅ |
| Resume from checkpoint | ❌ | From last | From any |
| Execution Timeline UI | ❌ | ❌ | ✅ |
| Circuit Breaker | |||
| Manual trip/reset API | ✅ | ✅ | ✅ |
| Auto-trip (sliding window, error/violation counting) | ❌ | ❌ | ✅ |
| Per-tenant circuit breaker config | ❌ | ❌ | ✅ |
| Circuit breaker notifications (webhook, Slack, PagerDuty) | ❌ | ❌ | ✅ |
| HITL & Approvals | |||
| HITL Queue API | ❌ | ✅ Limited | ✅ |
| HITL Approval Dashboard UI | ❌ | ❌ | ✅ |
WCP plane-scoped approve/reject (/workflows/{id}/steps/{step_id}/approve|reject) | ❌ | ✅ | ✅ |
MAP plane-scoped approve/reject (/plans/{id}/steps/{step_id}/approve|reject) | ❌ | ✅ | ✅ |
WCP-plane pending listing (GET /api/v1/workflows/approvals/pending) | ❌ | ✅ | ✅ |
MAP-plane pending listing with plan_id + ?plan_id= filter (GET /api/v1/plans/approvals/pending) | ❌ | ✅ | ✅ |
| MAP confirm / step execution mode (plan-level HITL) | ❌ | ❌ | ✅ |
Cross-plane response parity (same retry_context, approval_id, policies_matched, plane-scoped pending endpoints) | ❌ | ✅ | ✅ |
| Support | |||
| Community support (GitHub Issues) | ✅ | ✅ | ✅ |
| Priority support & SLA | ❌ | ❌ | ✅ |
| Customer Portal UI | ❌ | ❌ | ✅ |
