Sgraal is open core. The SDK, Proxy, and Edge mode are Apache 2.0 open source. The 87-module scoring engine, fleet vaccine corpus Beta, and per-tenant calibration stay on sgraal.com.
No ambiguity. No bait-and-switch. Self-host the open layer for free. Pay for the hosted engine when you're ready.
Every component, mapped to one side or the other. Nothing in between.
Apache 2.0 · GitHub
Canonical client library. pip install sgraal. Wraps the REST API with type-safe Python classes, circuit breaker, and graceful local fallback when the API is unavailable.
LangChain, CrewAI, Mem0, AutoGen, LlamaIndex, Haystack, Semantic Kernel, OpenAI Agents, and more. Each adapter is a thin shim that converts native framework memory objects into the Sgraal MemCube schema.
Drop-in HTTP proxy for Mem0, Zep, and Letta clients. One env var change (MEM0_URL=https://proxy.sgraal.com) and every memory call gets a Sgraal preflight in front. Early access — see /developers.
Zero-dependency, sub-millisecond p99 latency scoring. Runs entirely in your process — no numpy, no scipy, no requests. For air-gapped, classified, and ultra-low-latency deployments. Subprocess-isolated test proves zero leakage.
Full API contract published. Generate your own client in any language. The hosted engine is closed, but the wire format is public and stable.
239 adversarial test cases across Rounds 1 through 3. Run them locally, compare your own model, contribute new attack vectors. The R6–R12 corpus stays private (held back for vendor benchmarking integrity).
Claude Desktop integration via @sgraal/mcp. Drop into your claude_desktop_config.json and Claude can call Sgraal preflight on any memory state.
sgraal.com · Commercial
Full production pipeline: Weibull decay, drift ensemble, persistent homology, policy-consistency checks, attack-surface detection. The fallback SDK gives you Weibull-only scoring; the hosted engine runs all 87 modules.
Attack signatures detected on one tenant propagate (AES-256-GCM encrypted) across the fleet within seconds. Your agents get herd immunity from other customers' incidents. The corpus is held privately to prevent attackers training against it. Beta In active development — not yet production-ready. Early access: hello@sgraal.com.
Thresholds tune to your traffic. After ~20 samples, decision boundaries adapt to your domain, action types, and risk profile. Your calibration is yours — never shared, never aggregated into other tenants' models.
Production reinforcement learning. The engine adapts its action recommendations based on actual outcomes you report via /v1/outcome. Tenant-isolated Q-tables.
60 hard cases held back. We test every release against them and publish results (52/60 current). The corpus stays private to keep the benchmark honest — vendor claims of "100% on R12" must come from blind evaluation, not memorisation.
Per-tenant PASSPORT_SIGNING_KEY issues Verifiable Credentials for compliance evidence (MVMem certificate, conformity declaration, attestation receipts). Court-admissible, regulator-grade.
Apache 2.0 explicitly grants patent rights and provides a "no warranty" disclaimer. Standard, permissive, business-friendly.
The honest answer: full open source for a security product creates a perverse incentive.
If we open-sourced the 87-module scoring engine and the R12 adversarial corpus, attackers would have the same source code we use to detect them. Worse, they would have our calibration values, our fleet vaccine signatures, and the exact regex thresholds we use to flag manipulation. Every public commit would be a manual for evasion.
So we split the system. The interface is open — SDK, Proxy, Edge mode, OpenAPI spec, MCP server, R1–R3 corpus. Anyone can audit the wire format, fork the SDK, run the early benchmarks, and integrate with their stack without permission. The engine is hosted — the 87-module scoring pipeline, the R12 corpus, the fleet vaccine database, and your tenant's calibration. We run it; you call it.
This is the same pattern that works for MongoDB, Elastic, HashiCorp, Confluent, and most of the durable open-core companies in infrastructure. The OSS layer is genuinely useful on its own (you can self-host Sgraal's edge mode in an air-gapped DoD environment if you want). The commercial layer powers the things only a hosted service can do well: cross-tenant threat propagation, real-time calibration, signed compliance certificates.
You get transparency where it matters — the contract between your code and ours is public and stable. You get sustainability where it matters — we can afford to keep researching and shipping because the engine is a real business. And you get an honest middle ground that doesn't pretend to be one thing while being another.
If you want to dig deeper into the trade-offs we considered, the whitepaper has the long-form discussion. The short version: open the interface, host the intelligence.
The SDK is on GitHub. The playground is one click away. The pricing page is honest.