- No instance may be spun up for any user without prior payment via Stripe
- The provision API must verify an active Stripe subscription before creating any service
- Users on free tier get NO compute instances (dashboard access only)
- Admin accounts (defined in env var
ADMIN_EMAILS) bypass Stripe requirement - Admin instances are billed internally, not to the user
- Tester accounts must be explicitly whitelisted in
TESTER_EMAILSenv var - Admin and tester limits: max 1 agent, starter plan only
| Plan | Price | Agents | Stripe Required |
|---|---|---|---|
| solo | £29/mo | 1 | Yes |
| collective | £69/mo | 3 | Yes |
| label | £149/mo | 10 | Yes |
| network | £499/mo | Unlimited | Yes |
NO FREE TIER. Every user must pay before accessing the platform. Dashboard access requires at least a solo plan.
- User signs up → gets dashboard access (no instance)
- User selects plan → Stripe checkout
- Stripe webhook confirms payment →
subscription_active = true - User clicks "Create Agent" → provision API checks:
- Is subscription active?
- Is plan limit reached?
- If yes to both → spin up instance
- If subscription lapses → suspend instance (don't delete)
- Max 1 instance per user on starter plan
- No autoscaling for user instances
- Admin must approve any service > starter plan
- Billing alerts at $35 unbilled threshold
KILL_SWITCH=trueenv var disables ALL provisioning- Admin can set this to stop new instances immediately
- Existing instances continue running
- Every user's data is isolated via PostgreSQL Row-Level Security
- Users can ONLY see their own agents, tasks, memories, files
- Admin bypass: admin role sees all data
- RLS enforced at database level (not just application)
- Auth middleware sets user context before every query
Admin accounts are configured via the ADMIN_EMAILS environment variable (comma-separated).
See your deployment's environment configuration — do not hardcode emails in source.
ADMIN_EMAILS=your-admin@example.com
TESTER_EMAILS=
STRIPE_SECRET_KEY=sk_...
STRIPE_WEBHOOK_SECRET=whsec_...
KILL_SWITCH=false