Outcomes & pricing

Pay for the audit trail,
not the chatbot.

Every line of AI-merged code traces back to a versioned PRD, ERD, ADR, and the Confluence / Google Docs the AI actually read. The artifacts you already produce map directly to SOC 2, ISO 27001, SOX, and HIPAA change-management controls — see the table below.

See plans → Test-drive in 5 min
The headline metric

Doc coverage — your audit-sample pass rate

When an auditor samples a merged change, they want to see documented authorization, design, testing, and approval — the language SOC 2 CC8.1 actually uses. Doc coverage is the share of merged PRs that have all four: PRD (authorization), ERD (design), watch card (testing + approval signoff), and ≥1 external reference (upstream context). Computable from git alone — nothing for an auditor to take on faith. Run fastpace audit-coverage anytime; the dashboard plots it weekly. See exactly which controls it satisfies →

78% doc coverage · last 30 days
has PRD89%
has ERD82%
has refs74%

↑ illustrative dashboard tile. Baseline depends on your existing repo state.

1

Domain-context score

leading indicator The 6-dimension grade we measure against the score-pause guarantee. As your repo's architecture, decisions, and patterns get richer, the score climbs.

2

Doc coverage %

auditable A richer context produces richer artifacts — PRDs, ERDs, watch cards link more refs. Doc coverage rises as a direct consequence. Computable from git alone.

3

Standards satisfied

auditor-ready High doc coverage means SOC 2 CC8.1 / ISO A.8.32 / SOX ITGC / HIPAA §164.308 sampling lands on a well-evidenced PR every time. The audit pack writes itself.

That's the through-line. The score-pause guarantee commits to step 1; step 2 follows; step 3 is the buyer outcome.

Score-pause guarantee

Your domain-context score moves ≥1.0 in 60 days,
or we pause billing until it does.

Billing pauses, the dashboard stays live, support stays on. Score has to actually move; engagement is the unlock. The score is yours: /fp-discover, /fp-teach, /fp-remember all push it up. And as the score climbs, so does the doc-coverage rate — which is what an auditor will actually sample. See the mapping →

measured by you no surveys no churn dance already shipping
What auditors actually ask for

Where fastpace fits in the change-management evidence pack

Auditors don't ask for "the PRD linked to this PR" by name — they ask for documented change management. Here's how the artifacts fastpace already produces map to the controls a SOC 2 / ISO / SOX / HIPAA audit will sample.

Not legal advice. Specific requirements vary by audit firm, scope, and jurisdiction — this maps the standards' language to fastpace's outputs so your audit prep starts from "here's where the evidence lives" instead of "let me grep Slack."

Standard
What auditors actually request
What fastpace Teamduces
SOC 2 CC8.1 change management
"Show me documented authorization, design, testing, and approval for sampled changes."
PRD + ERD + watch card + PR linkage produces an unusually clean evidence package — sampled by slug, not screenshotted.
ISO 27001 A.8.32 change management
"Documented change management procedures and evidence of execution."
Same — every merged PR traces to its originating PRD/ERD and the approvals captured in the watch card.
SOX ITGC regulated financial systems
Stricter — separation of duties, written approvals per change, deployment logs.
Same, plus the audit log fastpace writes (every phase transition, every approval, signed by user + timestamp).
HIPAA Security Rule §164.308(a)(1)
"Documented risk-management process for system changes."
Same, with ADRs as the risk doc — every architectural decision has a numbered, dated, superseded-by lineage.
Audit posture by tier

Pick the tier that matches your auditor's actual ask

Every tier produces the underlying evidence — PRDs, ERDs, watch cards, ADRs. The escalation is in retention, exportability, and vendor-side documentation — i.e. the things SOC 2 / ISO / SOX actually require from a tool you're using.

Capability
community
Team
enterprise
Generate evidence (PRD · ERD · watch card · ADR)
Local audit log + hash-chain verify (fastpace verify)
Per-AI-call signed run manifests
Org-wide rollup dashboard (multi-repo, multi-dev)
SSO + SCIM + RBAC
Compliance push (Drata / Vanta / Secureframe)
Audit-log replication across machines
Customer-facing trust portal
NIST AI RMF / ISO 42001 / EU AI Act mappings
standard mapping
custom per auditor
Air-gapped install bundle
Q3 2026
fastpace's own SOC 2 Type II report (vendor-side)
available on request
included in MSA
Support response
GitHub issues
1 business day · email
named CSM · Slack Connect
Tier-selection rule of thumb

Regulated teams start at Team — the org rollup, compliance-push, and trust portal are what make a SOC 2 / ISO 42001 / EU AI Act sampling fast.
Pre-revenue start-ups stay on community until their first audit is scheduled or their team grows past 5 developers — Team's first 5 seats are free.

Plans

Three tiers, sorted by audit posture

fastpace Community is the foundation, forever free. Team adds the org-level machinery — fleet aggregator, SSO, compliance push, redteam, eval — that an auditor of your scale will actually require. Enterprise is custom — air-gapped + bespoke compliance mappings.

First 5 seats free for 12 months Auditors free · unlimited seats OSS maintainers + educators free Public-sector + academic discount available

fastpace Community

$0 free, source-available (Elastic License 2.0)

Every trust primitive a single developer needs. Identity keypair, audit chain, run manifests, provenance trailers, AI BOM — open source, fully auditable.

npm install -g @fastpace-ai/fp
  • Per-install Ed25519 identity keypair
  • Hash-chained, signed audit log + fastpace verify
  • Per-AI-call run manifests (signed receipts)
  • Provenance trailers on git commits + verify-provenance
  • Per-release AI Bill of Materials (CycloneDX-AI envelope)
  • All 7 bundled agents · 25+ slash commands · 16 hooks
  • Local dashboard via fastpace ui
  • Works with Claude Code, Codex, Gemini CLI, Open Claude, Bedrock, Azure OpenAI, Vertex
  • Single repo · single developer
First 5 seats free for 12 months

fastpace Team

$29 per seat / month, billed annually · $36 monthly

Everything in fastpace Community plus the organization-level machinery: fleet aggregator, SSO + SCIM, compliance push, redteam harness, model-eval, and the customer-facing trust portal.

Start with 5 free seats
  • Everything in fastpace Community
  • Org dashboard / fleet aggregator (fastpace org)
  • SSO + SCIM + RBAC (fastpace users)
  • Compliance push to Drata / Vanta / Secureframe
  • NHI registry export (Astrix / Oasis / Entro / Clutch)
  • Red-team harness · model-eval harness · control monitoring
  • Evidence-request tracker · customer-facing trust portal
  • Webhooks bus · audit-log replication
  • Priority email support, 1 business-day response

fastpace Enterprise

From $99 per seat / month or $25K/yr floor · sales-led with MSA + DPA

Team feature set delivered as a managed deployment with the contract surface enterprise procurement expects. Framework mappings included; air-gap, customer-managed keys, and bespoke compliance mappings available as add-ons. For regulated workloads.

Book an Enterprise briefing
  • Everything in Team
  • Air-gapped install bundle (Q3 2026)
  • Custom NIST AI RMF / ISO 42001 / EU AI Act / FedRAMP mappings
  • SOC 2 Type II documentation pack
  • Named CSM + dedicated Slack Connect channel
  • White-glove onboarding (first 4 weeks)
  • Custom hooks engineering (open scope)
  • MSA + DPA, custom contract terms
  • Customer-managed encryption keys (Bedrock CMK / Azure CMK / GCP CMEK)
How it works in 60 days

From install to score check

The score-pause clock starts when you sign up for Team. Here's the path most teams walk.

  1. 1 Day 1

    Install + test-drive

    fastpace init --sample. Five minutes in a sandbox repo. No commitments, nothing touched outside fastpace-sandbox/.

  2. 2 Week 1

    Point it at one real repo

    /fp-discover seeds context. /fp-write-prd authors your first real PRD. Your audit-coverage gauge starts populating from zero.

  3. 3 Week 2–3

    Wire integrations (optional)

    Jira or Linear sync. Confluence / Google Docs at Layer 2. Auto-discovery off by default — flip when ready.

  4. 4 Week 4

    Measure baseline

    Doc coverage, domain-context score, time-to-first-PR — recorded so you can compare to day 60.

  5. 5 Day 60

    Score check

    If your domain-context score didn't move ≥1.0 since baseline, billing pauses until it does. No questions, no churn dance.

FAQ

Common questions before procurement

How is "doc coverage" measured?

It's computable from git history alone — no surveys, no instrumentation. fastpace counts merged PRs in the last 30 days that link to a PRD, ERD, and ≥1 external reference. Run fastpace audit-coverage --since 30d to see the number anytime.

What's the domain-context score?

A 6-dimension grade of how well-grounded your repo is for AI-assisted dev — coverage, freshness, vocabulary, decisions, patterns, learnings. The same number that the score-pause guarantee runs against. fastpace context-score in any repo.

What does "score-pause" mean exactly?

If your context score doesn't improve by ≥1.0 in 60 days, we pause your subscription billing until it does. We keep working with you. We don't auto-cancel, we don't bill in the meantime. Score has to actually move — engagement is the unlock.

Does my code leave my machine?

Never. The CLI is local-only on every tier — Community and Team alike. The Team org dashboard is self-hosted on your VPC; only the audit summaries you explicitly push (PRDs, ERDs, watch cards) cross machines. Body cache for Confluence / Google Docs is local-only and gitignored.

Which audit standards does fastpace help with?

Change-management controls in SOC 2 (CC8.1), ISO 27001 (A.8.32), SOX ITGC, and HIPAA (§164.308(a)(1)). The audit table above maps each standard's actual request to the artifacts fastpace already produces — so when sampling happens, the evidence is in git, not in Slack.

When does the score actually start moving?

Day 1 baseline gets recorded the moment you sign up. Most teams see meaningful score lift within 2–3 weeks once /fp-discover has indexed the repo and devs have authored 3–4 PRDs. The 60-day window for the guarantee is intentionally generous; aggressive teams clear the ≥1.0 bar in under 30 days.

Which tier should I pick if I have a SOC 2 audit coming?

fastpace Team — every signed receipt and audit-chain entry the Community tier produces is auditor-ready, and Team adds the org rollup, evidence requests, and compliance push (Drata / Vanta / Secureframe) that turn raw evidence into the framework-shaped pack your auditor wants. fastpace Community is enough if you're building toward an audit but don't have one scheduled.

Can I see a real customer using this?

Reach out — sales@fastpace.net. Reference customers are by request only and under NDA. We don't maintain a public logo wall — we're in design-partner phase and prefer earned credibility over a customer race.

The change-management evidence your next audit will ask for

Auditors don't ask for fastpace by name — they ask for documented change management, and they'll find a clean answer in your git history when fastpace has been running. Test-drive in a sandbox first; once you like the flow, point it at your real repo and the score-pause clock starts.

Test-drive in 5 min → Email sales