Querycop Entitlements Community
The canonical Community / Pro / Enterprise boundary for Querycop.
Querycop is open-core. The Community tier is this repository (Apache License 2.0) and builds from source. Pro and Enterprise features are unlocked at runtime by an Ed25519-signed license token; their implementation ships only in the official binaries from querycop.com. This page lists every tier’s features and limits so the boundary is explicit — the dashboard shows locked features with an upgrade prompt rather than hiding them.
This matrix is the source of truth referenced by the README Pricing section.
1. Tiers
Section titled “1. Tiers”| Tier | Price | For |
|---|---|---|
| Community | Free, forever | Local development, product evaluation, single-instance guardrails |
| Pro | $50 / month per team | Teams protecting a production database (includes 5 proxy instances + 10 developer seats) |
| Enterprise | Contact sales | Organizations needing SSO, HA, compliance export, or offline licensing |
2. Features vs Limits
Section titled “2. Features vs Limits”Querycop has two kinds of tier boundary:
- Feature — a capability that is on or off (boolean), e.g. Slack approval, data masking, OIDC SSO, Redis HA.
- Limit — a numeric cap, e.g. proxy instances, developer seats, AI requests per day, audit retention days.
3. Feature Matrix
Section titled “3. Feature Matrix”3.1 Core (every tier — always on)
Section titled “3.1 Core (every tier — always on)”These build from the Community source in this repository.
| Feature | Community | Pro | Enterprise |
|---|---|---|---|
| PostgreSQL Wire Protocol proxy | ✅ | ✅ | ✅ |
| Local dashboard | ✅ | ✅ | ✅ |
| Manual query approval (dashboard) | ✅ | ✅ | ✅ |
| RBAC policy / risk rules (default ruleset) | ✅ | ✅ | ✅ |
| In-memory audit log | ✅ | ✅ | ✅ |
| AI risk scoring (BYOK + Ollama, basic) | ✅ | ✅ | ✅ |
| Rate limiting (TCP + HTTP) | ✅ | ✅ | ✅ |
| Ed25519 license validation | ✅ | ✅ | ✅ |
3.2 Pro features
Section titled “3.2 Pro features”| Feature | Community | Pro | Enterprise |
|---|---|---|---|
| Slack approval workflow (webhook + interactive) | — | ✅ | ✅ |
| Webhook integrations (PagerDuty / Jira / Zapier) | — | ✅ | ✅ |
| Persistent audit (file/JSONL + HMAC chain, search) | — | ✅ | ✅ |
| Session recording | — | ✅ | ✅ |
| Dynamic data masking | — | ✅ | ✅ |
| JIT access management | — | ✅ | ✅ |
| Break-glass emergency access | — | ✅ | ✅ |
| MySQL wire protocol (text protocol) | — | ✅ | ✅ |
| Custom AI prompt | — | ✅ | ✅ |
| Advanced AI provider config (custom model) | — | ✅ | ✅ |
| Prometheus metrics export | — | ✅ | ✅ |
CI/CD migration gate (querycop-cli) | — | ✅ | ✅ |
| GitOps policy file | — | ✅ | ✅ |
3.3 Enterprise features
Section titled “3.3 Enterprise features”| Feature | Community | Pro | Enterprise |
|---|---|---|---|
| OIDC / SSO | — | — | ✅ |
| Redis HA clustering | — | — | ✅ |
| SIEM / S3 / Datadog audit export | — | — | ✅ |
| Advanced RBAC + group mapping | — | — | ✅ |
| Offline license (no phone-home) | — | — | ✅ |
| Audit retention controls (configurable window) | — | — | ✅ |
| Compliance docs (SOC 2 / ISO questionnaire) | — | — | ✅ |
| Compliance policy packs (PCI / HIPAA / SOC 2) | — | — | ✅ |
| AI compliance review (audit-ready signed reports) | — | — | ✅ |
| Managed AI safety controls | — | — | ✅ |
| Multi-tenant | — | — | ✅ |
| Plugin SDK | — | — | ✅ |
| Priority / contracted support | — | — | ✅ |
Multi-provider / fallback AI routing is on the roadmap; the
advanced_ai_providerkey already gates custom-model selection today.
4. Limit Matrix
Section titled “4. Limit Matrix”| Limit | Community | Pro | Enterprise |
|---|---|---|---|
Proxy instances (max_instances) | 1 | 5 | Unlimited |
Dashboard developer seats (dev_seats) | 1 | 10 | Unlimited |
Audit retention days (audit_retention_days) | n/a (in-memory only) | 30 | Configurable (default unlimited) |
AI requests / day (ai_requests_per_day, per instance) | 100 | 5,000 | Unlimited |
Policy rules (max_policy_rules) | 20 | Unlimited | Unlimited |
Unlimited is represented as 0 (no cap) in license tokens; only a positive
integer acts as a hard cap.
5. Enforcement: the proxy never blocks on a limit
Section titled “5. Enforcement: the proxy never blocks on a limit”Querycop is a security product, so exceeding a license limit never takes down the production-protection path. Over-limit behavior is degrade-not-deny:
- AI request quota — when the daily AI cap is reached, the risk scorer falls back to a deterministic static rule scorer. Traffic keeps flowing; the proxy does not block on quota.
- Instances / seats / policy rules — over-limit only blocks new additions (registering another proxy instance, adding another dashboard user, adding a new policy rule). Existing proxy traffic, existing sessions, and audit logging continue uninterrupted.
- Detection — the
/licenseAPI and dashboard surface an over-limit warning with an upgrade prompt; the proxy keeps protecting the database.
See also
Section titled “See also”- docs/configuration.md — full environment-variable reference
- pkg/license/license.go — license validation implementation