Aerostack
Aerostack
Enterprise

The enterprise AI platform
built for engineering teams.

One workspace URL for your engineering team. MCP servers with zero-trust secrets, per-user analytics, and instant access revocation. No API keys on developer machines. Full audit trail on every tool call.

Contact Sales See Standard Pricing
// Platform

Four pillars. Zero boilerplate.

AI Gateway

Multi-model routing to OpenAI, Anthropic, Gemini, Azure OpenAI, and Cloudflare AI from a single endpoint. BYOK, fallback chains, per-consumer token wallets, and metered billing built in.

MCP Workspace

Aggregate N MCP servers behind one authenticated URL. Auto-namespace tools, inject team secrets, and expose your private registry to Claude, ChatGPT, Cursor, or any MCP-compatible client.

Real-Time Infrastructure

WebSocket pub/sub, presence tracking, and database change streaming — all on Cloudflare's edge. Enterprise plans include 25K concurrent connections with automatic hibernation and scaling.

Developer Auth

Email OTP, magic link, BYO-JWT (connect your existing IdP), refresh token rotation, Turnstile CAPTCHA, and per-project end-user lifecycle management — all configurable without writing auth code.

AI Gateway

Route any model.
Bill any way.

One endpoint. Any LLM. Your keys. Enterprise teams deploy AI APIs with multi-provider fallback chains, per-consumer rate limits, and metered billing — all without touching infrastructure.

Multi-provider fallbackBYOK secretsSSE streamingToken walletsMetered billingIP filtering

Works with

OpenAIAnthropicGeminiAzure OpenAICloudflare AI
gateway-stream · node.ts
import Aerostack from '@aerostack/node';

const client = new Aerostack({
  projectSlug: 'my-project',
  apiKey: process.env.AEROSTACK_API_KEY,
});

const stream = await client.gateway.chat({
  gatewaySlug: 'my-ai-api',
  consumerKey: 'ask_live_xxxxxxxxxxxx',
  messages: [{ role: 'user', content: 'Hello!' }],
  stream: true,
});

for await (const chunk of stream) {
  process.stdout.write(chunk.content ?? '');
}
// MCP Workspace

One gateway. Every tool.

AI Clients

ClaudeChatGPTCursorGemini

MCP Workspace

gateway.aerostack.dev/ws/{workspace-slug}

Single authenticated URL · Tool namespacing · BYOK secrets

Your Internal Tools

CRM API
Docs MCP
DB Search
Analytics
Alerts
Custom

Your team's private tool registry — aggregate any number of MCP servers behind a single authenticated endpoint. Every AI model your team uses can reach the same unified toolset.

  • Private by default — invisible to the public marketplace
  • BYOK secret injection — your internal API keys never leave your config
  • Automatic tool namespacing — prevent conflicts across servers
  • Fan-out tools/list in parallel — fast cold start across N servers
  • Works with Claude, ChatGPT, Cursor, and any MCP-compatible client
// MCP Governance

MCP Governance — control every tool call by policy.

MCP governance is the control layer that decides which AI tools a team, agent, or token can call. Aerostack's policy engine enforces it directly at the workspace gateway — allow and deny rules, IP restrictions, and rate caps applied to every tool call before it reaches your servers.

  • Tool allow / deny lists with wildcard globs (e.g. github__*)
  • IP allowlists enforced at the CIDR level
  • Per-day rate caps at the workspace or token level
  • Per-token tool scoping — a token can only call the tools it was issued for
  • Priority-ordered enforcement — the most specific rule wins

Five built-in policy templates

Safe Agent

Glob-deny destructive verbs — delete, drop, destroy, truncate, wipe, purge, revoke.

Production Guardrails

Block critical operations and restrict high-risk deploy, publish, and execute tools.

Read-Only Observer

Glob-allow read-only verbs only — get, list, read, search, fetch, describe.

Communication Safe

Deny outbound messaging tools — email, Slack, SMS, and webhooks.

Developer Sandbox

Block destructive ops with a hard rate cap of 1,000 calls per day.

// Team Access & RBAC

The right people. The right tools.

Admin

Manage MCP servers, secrets, and tokens. Invite and remove members, assign roles, and set policies.

Member

Call tools and create their own tokens. Cannot manage servers, secrets, or other members.

Viewer

List available tools only. No tool calls, no token creation, no configuration access.

Admins invite teammates by email with a pre-assigned role and track pending invites with resend and cancel. Per-member analytics — tool call count, token count, and last active time — are visible to workspace admins. Removing a member instantly revokes every token they hold.

// Security

Security is not a feature. It's the foundation.

PBKDF2 600k iterations
AES-256 encryption at rest
TLS 1.3 in transit
BYO-JWT (connect your IdP)
HMAC-SHA256 signed webhooks
Mandatory refresh token rotation
Per-tenant state isolation
5-attempt lockout (60 min)
Data residency control
5-tier audit logging
// Identity & SSO

Single sign-on. Your IdP, your rules.

Connect your existing identity provider and let your team sign in through the directory you already manage. Enterprise supports SAML 2.0 single sign-on with Okta, Azure AD, and other providers, plus BYO-JWT to wire in your own IdP directly. Sign-in runs through a secure code-exchange flow with mandatory refresh token rotation.

SAML 2.0OktaAzure ADBYO-JWT (connect your IdP)Secure code-exchange flowMandatory refresh token rotation

One identity, every workspace

Provision and deprovision through your IdP — access follows your directory, not a separate password list.

300+
Edge locations
<50ms
P95 latency
25K
Realtime connections
10M
API req / month
9
SDK languages
// Observability

Know exactly what's happening.

17 Usage Metrics

API requests, database queries, cache ops, storage, AI tokens, realtime connections — all tracked automatically, per project.

Anomaly Detection

Automatic abuse scoring (0–100). Score above 80 triggers burst throttle. Score above 100 flags for review.

Full Audit Trail

Tiered retention — up to 1 year on Business and Enterprise — on every user action. Entity creation, updates, and deletions, each with actor, timestamp, and diff.

5-Tier Logging

Edge logs → platform errors → developer traces → analytics events → usage rollups. Five levels, all automatic.

Per-Request Latency

P50 / P95 / P99 tracked per route and gateway API. Error rates broken down by status code.

Webhook Execution Logs

Full request/response bodies logged for every hook call. Status, latency, retry history all visible in dashboard.

Developer Experience

Same DX.
Any scale.

Enterprise teams get the same CLI, SDKs, and type-safe RPC client as the rest of the platform. No new tooling to learn, no lock-in. Just higher limits.

SDK Languages

JS / NodeReactPythonGoFlutterDartPHP

CLI

npx aerostack create
npx aerostack deploy
npx aerostack add <slug>
sdk-example · python.py
import aerostack

client = aerostack.Client(
    project_slug="my-project",
    api_key=os.environ["AEROSTACK_API_KEY"],
)

# Streaming response — works across all model providers
with client.gateway.chat(
    gateway_slug="my-ai-api",
    consumer_key="ask_live_xxxxxxxxxxxx",
    messages=[{"role": "user", "content": "Hello!"}],
    stream=True,
) as stream:
    for chunk in stream:
        print(chunk.content or "", end="", flush=True)
// Comparison

Enterprise vs Business

Feature
Aerostack Enterprise
Business ($149/mo)
API requests / mo
Custom
10M
Projects
Custom
50
Realtime connections
Custom
25K
AI tokens / mo
Custom
100M
MCP workspaces
Unlimited
10
Support
Dedicated CSM
Email only
SLA
99.99%
Best effort
Onboarding
Dedicated setup
Self-serve
Billing
Custom invoice
Stripe portal
// Process

How Enterprise works.

1

Talk to Us

Tell us your team size, AI stack, and compliance requirements.

2

Custom Setup

We configure your private MCP workspace, limits, and dedicated support.

3

Ship in Days

Same CLI, same SDKs — enterprise-grade from day one.

Ready to deploy your
AI infrastructure?

Talk to our team about custom limits, private MCP workspaces, and dedicated support.

Custom pricing starting from Business tier ($149/mo). Volume discounts and annual invoicing available.

hello@aerostack.dev
Contact Sales See Standard Pricing

Related features

Agent Security Private MCP MCP Workspaces LLM Gateway
// FAQ

Common questions

What does Aerostack Enterprise include beyond the Business plan?
Aerostack Enterprise is the full enterprise AI platform for engineering teams that have outgrown fixed limits. On top of Business, Enterprise adds unlimited MCP workspaces (Business caps at 10), custom API request and AI token quotas, a dedicated Customer Success Manager, a 99.99% uptime SLA with sub-4-hour support response, dedicated onboarding setup, and custom invoice billing. The MCP governance layer — workspace policies, RBAC roles, per-token tool scoping, IP allowlists, and audit retention up to one year — is live on both plans, but Enterprise removes every quota ceiling so you can grow your workspace footprint without hitting a wall. Contact sales to get a proposal scoped to your team size and production AI workload.
What is MCP governance and how does Aerostack implement it?
MCP governance is the control layer that decides which AI tools a team, agent, or token is permitted to call — and enforces that decision before the request reaches your servers. Aerostack implements MCP governance at the workspace gateway with a priority-ordered policy engine. Policies use wildcard glob patterns: a tool allow list (github__* to permit only GitHub tools), a tool deny list (*delete* *drop* *destroy* to block destructive verbs), CIDR IP allowlists, and per-day rate caps per workspace or token. Five ready-made policy templates ship out of the box: Safe Agent, Production Guardrails, Read-Only Observer, Communication Safe, and Developer Sandbox. Policies toggle on and off without deletion, and the lower priority number wins when rules overlap. This is a capability specific to enterprise MCP; no comparable governance layer exists on generic AI platforms.
What RBAC roles does Aerostack Enterprise support and how does member management work?
Aerostack workspace RBAC enforces three roles. Admins manage MCP servers, secrets, and tokens, invite and remove members, assign roles, and configure policies. Members call tools and create up to two personal tokens, but cannot manage servers, secrets, or other members. Viewers can list available tools only — no calls, no tokens, no config access. Workspace owners hold an implicit super-admin level above all three. Invitations are email-based with a role pre-assigned; pending invites show expiry and can be resent or cancelled. Workspace admins see per-member analytics: 30-day tool call count, token count, and last active timestamp. Removing a member immediately revokes every token they hold — no grace period. This is the enterprise ai platform RBAC model: explicit roles, live analytics, and instant revocation.
How does per-token tool scoping work in the enterprise MCP workspace?
Every workspace token can carry a specific tool allow list that narrows what that token can call, independent of the workspace policy. When issuing a token from the dashboard, you choose a label, an expiry (30 days, 90 days, 1 year, or never), and an optional scoped tool list. A scoped token can only call the tools it was issued for, even if the workspace policy would otherwise permit more. Scope is editable after issuance inline — no revoke-and-reissue needed. The tokens dashboard shows per-token stats: total calls, last used, and scoped status. Aerostack generates ready-to-paste MCP config blocks for Claude Desktop, Cursor, Windsurf, and VS Code so developers get a working connection in under a minute. With workspace-level MCP governance policies plus per-token scoping, enterprise teams have two independent enforcement layers on every tool call.
Does Aerostack Enterprise support SSO, and which identity providers are compatible?
Yes. Enterprise plans support SAML 2.0 single sign-on, which covers Okta, Azure AD, and most enterprise identity providers. Aerostack also ships a BYO-JWT option: if your organization already issues JWTs from an internal IdP, you can wire it in directly without a full SAML setup. Sign-in uses a secure code-exchange flow — the IdP redirects back with a short-lived code, Aerostack exchanges it for a bearer token, and mandatory refresh token rotation keeps sessions valid. For enterprise AI platform buyers, SSO is a procurement hard requirement, not a nice-to-have. Provisioning and deprovisioning go through your existing directory: remove someone from your IdP and their Aerostack access ends immediately. Combined with RBAC and instant token revocation on member removal, identity management integrates with your directory rather than adding a separate credential list.
How does Aerostack handle secret management for enterprise MCP workspaces?
Aerostack provides an encrypted credential store at the workspace level for the API keys your MCP servers need at runtime. Secret values are write-only: after creation the plaintext is never shown again — not in the dashboard, API responses, or logs. Secrets are end-to-end encrypted and injected at tool-call time, so internal API keys never live on developer machines or in MCP config files. OAuth-managed secrets — auto-created for OAuth servers following the MCP_<hash>_ACCESS_TOKEN pattern — are UI-locked so humans cannot delete or overwrite them, protecting tokens that a background rotation cron depends on. A server inference heuristic auto-labels secrets from key names: GITHUB_TOKEN is labelled GitHub, and so on for 30-plus providers. Purpose-built for enterprise MCP workspaces where a single workspace may hold dozens of server credentials.
How long does Aerostack retain audit logs and what events are captured?
Audit log retention is tiered by plan: 30 days on Free, 90 days on Starter, 6 months on Pro, and up to 1 year on Business and Enterprise. Every administrative and security-sensitive event is recorded: API key usage, permission changes, member invites and removals, role reassignments, secret creation and deletion, policy changes, and rate limit hits. Each entry captures the actor, a timestamp, and a diff of what changed — the exact before and after state, not just that something happened. Aerostack runs five platform-wide logging tiers: edge logs, platform errors, developer traces, analytics events, and usage rollups. The observability dashboard shows anomaly scoring (0 to 100, burst throttle above 80) and P50, P95, P99 latency per route. On Business and Enterprise, one year of tamper-evident history covers compliance and security team audit needs.
What SLA and infrastructure does Aerostack Enterprise run on?
Enterprise plans include a 99.99% uptime SLA with dedicated support response under four hours. The platform runs on Cloudflare's global edge network across 300-plus locations, which keeps P95 tool-call latency under 50 milliseconds wherever the request originates. There are no servers to provision or scale: edge workers spin up at the location closest to the caller and hibernate when idle. Enterprise contracts include a dedicated setup session — Aerostack configures your private MCP workspace, policy templates, SSO connection, and migrates any existing workspace config. Private deployment options are available for contracts with data-residency requirements. Billing is via custom invoice, not Stripe, so procurement teams can issue a PO on net-30 or net-60 terms. Contact sales for a proposal.