RBAC, audit logging, cost controls, and self-hosting. Everything your security team needs to approve AI agent deployments at scale.
Everything you need to run agents in production across your organization.
Role-based access control with granular permissions. Admin, developer, and viewer roles. Scope API keys to specific teams, projects, or tool categories.
Real-time dashboards for API usage, credit consumption, and tool adoption. Per-team and per-agent breakdowns. Export to your BI tools via webhooks.
Predict monthly spend based on current usage patterns. Set alerts for budget thresholds. Model cost impact of new agent deployments before launch.
Real-time event delivery for agent actions, credit usage, rate limit hits, and errors. HMAC-signed payloads. Retry with exponential backoff.
Per-team and per-key rate limits. Burst allowances for production workloads. Priority queuing for critical agents. Rate limit headers on every response.
Hard and soft spending limits per team, project, or API key. Auto-pause agents when budgets are exceeded. Monthly and daily cap options.
Built with defense-in-depth from day one. Not bolted on after the fact.
Strict CSP headers on all responses. Script-src, style-src, and connect-src directives prevent XSS and data exfiltration vectors.
TLS 1.2+ required on all connections. HSTS headers with long max-age. Certificate transparency monitoring. No plaintext fallback.
API key validation uses constant-time comparison to prevent timing side-channel attacks. No early returns on partial matches.
Agent memory is fully isolated per API key. No cross-tenant data access. Memory namespaces prevent accidental data leakage between projects.
Every API call logged with timestamp, key hash, endpoint, response code, and latency. Tamper-evident log chains. Export to your SIEM.
Schema-validated inputs on every endpoint. Request size limits. SQL injection, XSS, and path traversal protections on all user-supplied data.
Run Slopshop on your own infrastructure. Your data never leaves your network.
Single Node.js binary. Deploy to AWS, GCP, Azure, or bare metal. Docker image available. All 1,303 compute handlers work offline with zero external dependencies.
All compute APIs work without internet access. SQLite-backed persistence requires no external database. Perfect for regulated industries and classified environments.
Environment variable configuration. No config files to manage. Set PORT, API keys, memory limits, and feature flags. Works with your existing secrets management.
Guaranteed uptime and support response times for production workloads.
Contact us for SLA details
Building trust through transparency and third-party validation.
SOC 2 Type II certification is not yet complete. We are implementing controls for security, availability, and confidentiality trust service criteria. Formal audit not yet scheduled.
DPA available on request. Data residency options for EU deployments. Self-hosting option provides full data sovereignty for organizations that require it.
Get custom pricing, dedicated support, and SLA guarantees for your team.
dev@slopshop.gg
Contact for Enterprise Pricing