The SHA-256 hash chain and mftctl audit verify are in the Starter tier. $150/month. Not Pro, not Enterprise.
That's a deliberate decision, and it's worth explaining — because the default move in SaaS pricing is to put anything with "cryptographic" in its description at the top of the tier list.
Here's the full audit feature breakdown, and the reasoning behind where each feature lands.
The tier breakdown
| Feature | Community | Starter ($150) | Pro ($499) | Enterprise |
|---|---|---|---|---|
| Basic operational audit log | Yes | Yes | Yes | Yes |
SHA-256 hash chain + mftctl audit verify |
— | Yes | Yes | Yes |
| HMAC-SHA256 keyed hashing | — | — | Yes | Yes |
| Signed daily snapshots | — | — | Yes | Yes |
| OpenTimestamps (Bitcoin anchoring) | — | — | — | Yes |
| Agent Ed25519 non-repudiation | — | — | — | Yes |
Why Starter gets the hash chain
A basic database-backed audit log is table stakes. Every MFT product ships one. If that's all Starter offered, there'd be little reason to pay $150/month instead of staying on Community.
The SHA-256 hash chain with local CLI verification is the feature that changes the value proposition. It's what separates "we have logs" from "we have verifiable evidence." Putting it at Starter makes Starter worth the price. Putting it at Pro or Enterprise would make it a feature for buyers who already have compliance requirements sophisticated enough to demand it — which is the wrong audience for where cryptographic tamper detection is most useful.
The hash chain is also cheap to run. The compute cost is negligible: one SHA-256 call per audit entry, serialization of a few fields. The tier reflects customer segment, not infrastructure cost.
Why Pro gets HMAC and snapshots
Pro customers typically have internal or external compliance auditors who want two things the basic chain doesn't provide: keyed integrity and filed attestations.
HMAC-SHA256 keyed hashing uses a shared secret between the customer and MFTPlus. It proves not just that the chain is intact, but that specific entries were written by a party that held the key. Signed daily snapshots are audit artifacts — documents that attest the chain state at a point in time, signable and fileable for compliance records.
Both require key management infrastructure on our end. That's the cost that justifies the tier jump from Starter to Pro, not the compute overhead.
Why Enterprise gets OpenTimestamps and Ed25519
Enterprise customers face a question that keyed hashing doesn't fully answer: can you prove the vendor didn't tamper with the log? HMAC proves the chain's integrity but requires trusting that the vendor holds the key honestly.
OpenTimestamps anchors the chain state to the Bitcoin blockchain. The timestamp proof is independent of MFTPlus entirely — it exists on a public ledger that neither party controls. An Enterprise customer can prove to a regulator that their chain existed in a specific state at a specific point in time, without requiring trust in the vendor.
Agent Ed25519 non-repudiation adds sender signatures: the initiating agent signs each transfer event with a private key, and the signature is stored in the chain entry. The agent cannot deny having initiated the transfer. This matters in regulated industries where audit trails need to prove not just that a transfer occurred, but who initiated it.
Both features require significant infrastructure and compliance support. OpenTimestamps anchoring involves ongoing Bitcoin transaction management. Ed25519 key management for agents adds a meaningful operational burden. The Enterprise tier reflects that complexity, not the cryptography itself.
The gating principle
The audit feature tiers follow a single rule: the gating reflects verification infrastructure and support complexity, not compute cost. The hash chain is cheap to provide and we give it at Starter. The expensive parts — key management, snapshot infrastructure, Bitcoin anchoring, Ed25519 agent key distribution — are what the higher tiers are actually paying for.
FAQ
Why is the SHA-256 hash chain not available on Community?
Community is designed for individual developers and small teams evaluating MFTPlus. It includes a basic operational audit log for visibility into transfer history. The cryptographic chain with CLI verification is a Starter feature — it's part of what makes a paid plan worth $150/month over the free tier.
What's the difference between HMAC hashing (Pro) and the basic hash chain (Starter)?
The basic chain uses SHA-256 without a key — anyone can verify it, which is the point. HMAC-SHA256 uses a shared secret between customer and MFTPlus, which proves not just integrity but that specific entries were written by a party holding the key. Pro customers use this for compliance auditors who require keyed attestation.
What is OpenTimestamps and why is it Enterprise-only?
OpenTimestamps anchors the chain state to the Bitcoin blockchain, creating a timestamp proof that exists independently of MFTPlus. It answers the question "can you prove the vendor didn't tamper with the log?" — because the proof lives on a public ledger neither party controls. It's Enterprise-only because the ongoing Bitcoin transaction management and compliance support are operationally expensive.
What does Ed25519 non-repudiation add?
Each transfer event is signed by the initiating agent's Ed25519 private key. The signature is stored in the chain entry. The agent cannot later deny having initiated the transfer. This provides sender non-repudiation, which is required in some regulated industries for audit trails to be legally admissible.
See the full pricing breakdown
Pricing →