OSS vs Ferro Labs Managed
The open-source gateway is the engine that powers both editions. Ferro Labs Managed wraps it with multi-tenancy, a management dashboard, durable billing, semantic caching, and enterprise security plugins.
Feature comparisonโ
| Feature | OSS Gateway | Ferro Labs Managed |
|---|---|---|
| Providers | 29 providers, 2,500+ models | โ Same |
| Routing strategies | 8 (single, fallback, loadbalance, conditional, least-latency, cost-optimized, content-based, ab-test) | โ Same |
| Streaming | โ SSE + full MCP agentic loop | โ Same |
| MCP tool servers | โ | โ Same |
| OSS Plugins | โ 6 plugins | โ 6 plugins |
word-filter, max-token, response-cache, request-logger, rate-limit, budget | Same | |
| Enterprise Plugins | โ | โ 5 additional plugins (Ferro Labs Managed) |
pii-redact, secret-scan, prompt-shield, schema-guard, regex-guard | ||
| Prompt templates | โ Config-file defined | โ Config-file + Dashboard UI (Ferro Labs Managed) |
| Admin REST API | โ Full read/write | โ Same + Team scoping (Ferro Labs Managed) |
| Multi-tenancy | โ | โ Isolated per-tenant gateway instances (Ferro Labs Managed) |
| Dashboard | โ | โ Usage, cost, logs, key management (Ferro Labs Managed) |
| Virtual key management | Config file | โ Dashboard + API (Ferro Labs Managed) |
| Spend tracking | In-memory (resets on restart) | โ Durable (PostgreSQL), per-key/team (Ferro Labs Managed) |
| Semantic caching | โ | โ pgvector-based similarity cache (Ferro Labs Managed) |
| Billing integration | โ | โ Stripe (Ferro Labs Managed) |
| SSO / OAuth | โ | โ Google, GitHub, SAML (Ferro Labs Managed) |
| Audit logs | request-logger plugin (SQLite/Postgres) | โ Cloud-hosted, queryable (Ferro Labs Managed) |
| Prometheus metrics | โ
/metrics endpoint | โ Pre-built Grafana dashboards (Ferro Labs Managed) |
| Alerting | Bring your own | โ Built-in (cost thresholds, error rate) (Ferro Labs Managed) |
| SLA | None (community support) | โ 99.9% uptime SLA (Ferro Labs Managed) |
| Support | GitHub Issues | โ Priority email + Slack (Ferro Labs Managed) |
| License | Apache 2.0 | Proprietary |
| Deployment | Self-hosted | Managed cloud (hosted by Ferro Labs) |
Ferro Labs Managed plansโ
The open-source AI Gateway is fully available for self-hosting today. Ferro Labs Managed plans and pricing are coming soon.
Ferro Labs Managed pricing and feature tiers will be announced when the platform exits early access. Join the waitlist โ
Security plugins (detail)โ
The five enterprise security plugins require Ferro Labs Managed because they depend on ML inference services that run server-side:
| Plugin | What it does | Requires |
|---|---|---|
pii-redact | Detects and redacts PII (names, emails, phone numbers, SSNsโฆ) using NER models | Ferro Labs Managed |
secret-scan | Detects leaked API keys, tokens, and credentials using pattern + entropy analysis | Ferro Labs Managed |
prompt-shield | Scores user messages for prompt injection attempts using a fine-tuned classifier | Ferro Labs Managed |
schema-guard | Validates model JSON output against a JSON Schema before returning to client | Ferro Labs Managed |
regex-guard | Blocks / warns on arbitrary regex rules (custom compliance patterns) | Ferro Labs Managed |
The OSS word-filter plugin provides simple keyword blocking without a cloud dependency.
When to use the OSS gatewayโ
- You need full control over infrastructure and data residency
- You are building a side project, prototype, or internal tool
- You want to self-host without per-seat licensing
- You are contributing to the open-source project
When to use Ferro Labs Managedโ
- You need multi-tenant isolation (SaaS product built on top of Ferro)
- You need PII redaction, prompt injection protection, or secret scanning
- You want a managed dashboard with spend controls and team management
- You prefer SLA-backed infrastructure without DevOps overhead
Migration path: OSS โ Ferro Labs Managedโ
Start with the open-source gateway. Upgrade to Ferro Labs Managed when you hit one of these triggers:
-
You need multi-tenant isolation. Your SaaS product has multiple customers and you need per-tenant gateway instances, usage tracking, and billing. The OSS gateway is single-tenant by design.
-
You need enterprise security plugins. Your compliance team requires PII redaction, prompt injection detection, or secret scanning. These plugins depend on ML inference services that only run in Ferro Labs Managed.
-
You need durable spend tracking. The OSS
budgetplugin tracks spend in-memory โ it resets on restart. Ferro Labs Managed stores spend data in PostgreSQL with per-key, per-team granularity and Stripe billing integration.
Your config.yaml is compatible between OSS and Ferro Labs Managed. Migration is a deployment change, not a config rewrite. Join the Ferro Labs Managed waitlist โ
Data handlingโ
Both editions process requests exclusively at runtime โ model inputs and outputs are not stored by default. Enabling the request-logger plugin (OSS) or enabling logging in Ferro Labs Managed explicitly opts you into persistence. See data handling for details.
Licensingโ
The open-source gateway is licensed under Apache 2.0. You can use it commercially, modify it, and distribute it. Ferro Labs Managed is a proprietary managed service.
Related pagesโ
- Ferro Labs Managed overview โ architecture, plans, and features
- Semantic caching โ pgvector-based response cache (Ferro Labs Managed Pro+)
- Enterprise features โ SSO, RBAC, audit logs, compliance
- Benchmarks โ performance data for the OSS gateway engine