Answers.

Yes. The Community Edition is source-available under BSL 1.1, published as a public Docker image, and contains the full feature set described on this site. No license key, no telemetry, no phone-home. After 4 years the same code automatically converts to Apache 2.0.

BSL 1.1 lets us fund the project sustainably while keeping it source-available. You can run it for any commercial or non-commercial purpose at your own infrastructure — what is prohibited is wrapping it in a competing managed-service offering. After 4 years the same code automatically converts to Apache 2.0.

Absolutely. The repo is public, contributions are welcome, and the Cloud Edition will be built from the same source tree. The license restricts productizing-as-a-service-against-us, not contributing-to-the-project.

A reverse proxy forwards bytes. PromptGate understands request semantics — model names, token counts, tool calls, SSE streams — so it can route, meter, cache, redact PII, scan for secrets, and apply policies per request. You also get a UI to manage all of it.

Same engine. The Agent Proxy is a project type framed for coding agents as the clients: it ships the Anthropic Messages and OpenAI Responses endpoints alongside Chat Completions, has a Setup page that prints copy-pasteable env-var snippets per tool, and the Guardrails admin enables Reversible Redaction + Secret Scanner by default-opt-in. AI Wrapper is the same passthrough without the agent framing.

SQLite (default, perfect for try-out), PostgreSQL (recommended for production), and MySQL. All driver-aware SQL is tested across the three.

Yes — the Docker image runs anywhere a container does. We do not ship a Helm chart yet (planned), but the deployment is one stateless container plus your database; rolling updates work like any other web app.

OpenAI, Anthropic, Google Gemini, Cohere, Mistral, Groq, Together AI, and Ollama (local). Any OpenAI-compatible endpoint can be added via a custom provider configuration. AWS Bedrock, Vertex AI, Azure OpenAI, DeepSeek, and Replicate are on the roadmap.

In your database. Credentials are encrypted at rest with the Laravel APP_KEY you supply via environment variable. Keys never leave your perimeter — requests are proxied from your instance directly to each provider.

Yes — that is the point. Wrapper / Agent Proxy projects let you toggle providers per project, then route by provider:model at request time. AI Gateway endpoints pin one provider each, but you can have N endpoints in the same project pointing at different providers.

A private beta is targeted for later this year. Get in touch to be among the first invited. Until then, the Community Edition runs the same engine — Cloud only adds the multi-tenant control plane and managed hosting on top.

Cloud will charge for the managed control plane and hosted infrastructure (per-user / per-workspace pricing), not for token usage. You still pay your providers directly with your own keys; PromptGate does not mark up tokens.

No. The Community Edition contains no telemetry, no analytics calls, no licence checks. It is verifiably so — the source is open and the gateway has no outbound calls except to the provider URLs you configure.

Inbound: matches of email / IBAN / credit_card / SSN / phone / IPv4 / custom regex are replaced with stable opaque tokens like [[EMAIL_001]]. The mapping lives only in the request lifecycle. Outbound: assistant content AND tool-call arguments get re-substituted with the original values. The LLM never saw the real data; the user gets their input back unchanged.

AWS access keys, GCP API keys, GitHub PATs / OAuth / App / User / Refresh tokens, Slack tokens, OpenAI / Anthropic keys, Stripe live + test keys, JWTs, private-key blocks, npm + PyPI tokens, Twilio SIDs, SendGrid keys. Block-mode rejects with 422 listing only the kind (never the matched value, so the secret never re-leaks via error logs); redact-mode tokenizes via Reversible Redaction.

Sessions: encrypted via SESSION_ENCRYPT=true (default in our shipped .env.example). Audit logs: stored as plain JSON in audit_logs — they are an audit surface, not a secret store. Everything sensitive (provider keys, OAuth tokens, MCP server tokens, webhook signing secrets) is encrypted at rest with your APP_KEY.

Live Logs streams every request with filters (status:429 model:"gpt-4o"). The Cost dashboard shows $ spend per provider / endpoint / token. Anomaly Alerts fire a webhook on error-rate / latency / spend spikes. The Audit Log records every admin action.

No — the Community Edition is single-admin by design. Cloud is the multi-tenant story (RBAC, SSO, SCIM, multiple workspaces). You can run multiple Community instances with different APP_KEYs if you need hard tenant isolation today.

Pull the new image, restart. Migrations run on boot. The Community Edition follows semver — minor versions are non-breaking, majors come with a written upgrade guide.