Enterprise Tier¶
Unlimited limits and organization-grade governance. All 23 tools remain available with no limits on depth, nodes, files, or paths, plus advanced governance features.
Overview¶
| Aspect | Details |
|---|---|
| Price | Contact sales |
| License | Organization JWT license |
| Support | Priority support, dedicated contact |
| All 23 Tools | ✅ Available with unlimited limits |
All Pro Tools Unlimited¶
Enterprise provides the same tools as Pro and Community, but with no limits and advanced governance:
Compliance & Policy (Unlimited + Enhanced)¶
Same tools as Pro, unlimited with enterprise governance: - code_policy_check - Full compliance verification (now all standards) - verify_policy_integrity - Policy verification (now organization-wide)
What Enterprise enables: - Verify SOC 2, ISO 27001, HIPAA, PCI-DSS, GDPR compliance - Custom organization-specific policy rules - Organization-wide policy verification - Complete audit trail - Unlimited compliance checks
Custom Rules¶
Define organization-specific policies:
- Coding standards enforcement
- Architecture rules
- Security requirements
- Documentation requirements
- Naming conventions
All Limits Removed¶
All 23 tools available with no limits:
| Limit Type | Community | Pro | Enterprise |
|---|---|---|---|
| Graph depth | 3 | 50 | Unlimited |
| Graph nodes | 50 | 500 | Unlimited |
| Files analyzed | 100 | 1,000 | Unlimited |
| Symbolic paths | 10 | 100 | Unlimited |
| Symbolic depth | 3 | 10 | Unlimited |
| Cross-file analysis | Single file | 100 files | Unlimited |
| Security scan paths | 10 | 100 | Unlimited |
Enterprise removes ALL limits from ALL tools.
Audit Logging¶
Complete audit trail for compliance:
- Every tool invocation logged
- User attribution
- Timestamp tracking
- Result capture
- Export to SIEM systems
Enterprise Features in Detail¶
Compliance Standards¶
Built-in support for major compliance frameworks:
| Standard | Coverage |
|---|---|
| SOC 2 | Security, availability, confidentiality controls |
| ISO 27001 | Information security management |
| HIPAA | Healthcare data protection |
| PCI-DSS | Payment card data security |
| GDPR | Data privacy and protection |
Example check:
{
"tool": "code_policy_check",
"parameters": {
"paths": ["src/"],
"compliance_standards": ["SOC2", "HIPAA"],
"generate_report": true
}
}
Custom Rule Engine¶
Define your organization's rules:
# .code-scalpel/custom-rules.yaml
rules:
- id: require-error-codes
description: All exceptions must have error codes
pattern: "raise.*Exception\\([^E]"
severity: error
- id: no-print-in-production
description: Use logging instead of print
pattern: "print\\("
severity: warning
exclude: ["tests/", "scripts/"]
- id: require-docstrings
description: Public functions need docstrings
check: function_has_docstring
scope: public_functions
severity: error
Audit Export¶
Export audit logs to your SIEM:
{
"audit_config": {
"enabled": true,
"format": "json",
"destinations": [
{"type": "file", "path": "/var/log/code-scalpel/audit.json"},
{"type": "syslog", "host": "siem.internal", "port": 514},
{"type": "webhook", "url": "https://audit.internal/events"}
],
"include_results": true,
"retention_days": 90
}
}
Organization Binding¶
Enterprise licenses are bound to your organization:
- User limits per license
- Domain verification
- Single sign-on integration
- License usage reporting
Enterprise Limits¶
Unlimited everything:
| Feature | Limit |
|---|---|
| Graph depth | Unlimited |
| Graph nodes | Unlimited |
| Files per analysis | Unlimited |
| Symbolic paths | Unlimited |
| Custom rules | Unlimited |
| Compliance checks | All standards |
| Audit retention | Configurable |
Installation¶
Organization License¶
- Contact sales for enterprise evaluation
- Complete organization verification
- Receive organization
.jwtlicense - Deploy to your infrastructure
Deployment Options¶
Managed deployment options available:
- AWS private deployment
- Azure private deployment
- GCP private deployment
Contact sales for details.
Combine on-premises analysis with cloud reporting:
- Analysis runs locally (air-gapped compatible)
- Reports sync to cloud dashboard
- License validation cached for offline use
Verify Enterprise¶
# Check your tier
code-scalpel --version
# Output: Code Scalpel v1.4.0 (Enterprise)
# Check license details
code-scalpel license info
# Output: Organization: Acme Corp
# Users: 50/unlimited
# Features: All
# Expires: 2025-12-31
Example: Enterprise Workflow¶
Compliance Audit¶
1. verify_policy_integrity()
→ Ensure policies haven't been tampered with
2. code_policy_check(
paths=["src/"],
compliance_standards=["SOC2", "HIPAA"],
generate_report=true
)
→ Full compliance report
3. [Export report for auditors]
Pre-Deployment Gate¶
1. cross_file_security_scan(project_root=".")
→ No critical vulnerabilities
2. code_policy_check(paths=["src/"], rules=["all"])
→ Meets all coding standards
3. scan_dependencies(scan_vulnerabilities=true)
→ No vulnerable packages
4. [Deploy only if all gates pass]
Custom Policy Enforcement¶
1. Define rules in .code-scalpel/custom-rules.yaml
2. code_policy_check(paths=["src/"], rules=["custom"])
→ Check organization rules
3. [Integrate into CI/CD pipeline]
Support¶
- Priority support: Response within 4 hours
- Dedicated contact: Named support engineer
- Onboarding assistance: Help setting up policies
- Training: Team training sessions available
- Custom development: Feature requests prioritized
Security & Compliance¶
Data Handling¶
- All analysis runs locally
- No code sent to external servers
- Results stored only where you configure
- Air-gapped deployment supported
License Security¶
- RSA-signed license files
- Cryptographic verification
- Tamper detection
- Revocation support
Audit Features¶
- Full operation logging
- User attribution
- Compliance reporting
- SIEM integration
Getting Started¶
Next Steps¶
- Policy Tools - Compliance checking tools
- Configuration Guide - Enterprise configuration
- Security Guide - Security best practices