Your apps disagree about access
One app thinks a user paid, another blocks them, and a third has stale plan state. Verixet gives connected apps one shared entitlement answer.
Billing, access, and entitlement authority
Billing, access, and entitlement control for serious app ecosystems.
Verixet gives every product in your ecosystem a single authority for pricing, plan access, usage checks, billing state, and audit-ready decisions. Connected products can ask one place what the user selected, what the workspace is entitled to use, and which decision record explains the outcome.
Operators get pricing clarity, checkout handoff, entitlement decisions, usage admission, and reviewable audit records without scattering billing logic across every app.
Stripe checkout governedPlan access resolvedEntitlement decisions loggedUsage tracked by appAudit trail ready
The problem solves
๐งฉ Shared access state๐ณ Billing verification๐ฆ Safer deploys
AI-built SaaS products move fast, but billing, identity, feature access, usage, and deploy safety still need one trusted system of record.
Why deployments fail even when CI is green
Billing and features drift apart
Checkout succeeds, webhooks lag, and paid features unlock too early or too late. Verixet verifies billing state before access changes.
AI-built changes ship without guardrails
Fast app generation creates real production risk. Verixet checks deploy readiness, API health, usage, and policy before release.
How it works
๐ Inspect๐งญ Planโ
Validate๐ฆ Deploy gate
Sticky product sequence: inspect the system, plan the work, validate changes, gate deploys, then verify with full telemetry.
Inspect
Plan
Validate
Deploy
Verify
Project snapshot
Structure, routes, APIs, and DB schema ground every engine response.
Implementation plan
Goal-driven steps, files, and risks before a line of code ships.
Change & deploy checks
Evidence-backed verdicts, risk scores, and missing-context signals.
Workflow gate
pre-deploy combines audit + plan + validate with safe_to_deploy.
Trace & audit
Request IDs, logs, webhooks, and workspace policy for accountability.
Proof artifact
Billing and entitlement decision proof
Verixet shows the commercial decision path customers care about: plan selection, Stripe checkout, entitlement resolution, app access, usage tracking, and the audit event that records the outcome.
Sample decision trace
request_id: req_demo_vx_21401
Plan selected
Pro workspacePlan context is resolved before a protected action starts.
02
Stripe checkout completed
checkout.session.completedCheckout events hand off billing state to Verixet instead of each app owning payment logic.
03
Verixet entitlement checked
feature: audit_exportVerixet checks whether the workspace can use the requested capability.
04
App access granted
access: grantedThe product receives a clear allow or deny decision for the workspace and feature.
05
Usage tracked
admittedUsage state is evaluated before access is granted or denied.
06
Audit event recorded
evt_demo_841The decision produces a reviewable record for support and operators.
Decision resultAccess admitted with audit event recorded
How requests flow
๐ค Shared identity๐ณ Billing state๐ Feature gates๐ฆ Deploy checks
A connected app asks Verixet who the user is, what they paid for, which features are allowed, and whether the next production change should move forward.
Connected app
User identity
Billing state
Entitlement check
Deploy signal
Connected operating layer
One ecosystem. Six specialized products.
Each app can stand alone, but together they form a connected operating layer for building, verifying, launching, monetizing, and improving digital products.
Access & billing authority
Governed access for every connected app.
Verixet checks billing state, plan access, usage limits, workspace permissions, and entitlement rules before connected apps unlock work.
Interface previewSample state
Access requestEntitlement checkBilling stateUsage limitApprovedDeniedAudit record
Security and trust built into the foundation
XFlow sign-inWorkspace scopingRequest IDsEntitlement checks
Verixet is the ecosystem authority for billing, plans, entitlements, usage admission, and policy-aware access decisions.
Centralized authentication
Users sign in through XFlow so account access, sessions, and handoffs stay consistent across the ecosystem.
Workspace boundaries
App data, user actions, and operational records are scoped to the correct workspace and product context.
Audit-ready activity
Critical actions are designed to produce traceable events, request IDs, logs, or reviewable records.
Policy-aware billing and access
Verixet controls plan access, usage admission, entitlements, and billing state.
Production monitoring
Health checks, status surfaces, error reporting, and deployment proof flows help catch issues before users do.
Verixet security angle
Verixet focuses on billing safety, entitlements, idempotency, scoped keys, and audit events.
Why builders use
Built for AI-assisted SaaS work - from solo builders wiring billing to teams that need CI gates, logs, and audit trails.
Go deeper: why AI-generated code needs deploy gates why CI alone is not enough why API validation breaks in production
Put brakes on rushed AI changes
Evidence-backed checks give teams a review point before generated changes move toward production.
Pre-deploy confidence
workflow.safe_to_deploy and risk_score land in the same response as audit + plan. One clear field to gate on.
Policy enforcement
Advisory, blocking, and strict modes match how your org tolerates risk. Per-workspace, per-engine scoped.
Request tracing
Every v1 response carries request_id. Logs enrich dashboards without leaking secrets.
AI cost visibility
Meter events track usage context by model, app, and end user so operators can review spend and limits in one place.
Commerce integrity
Purchase validation runs verify the right product, price, and plan are active before feature access is granted. Audited per run.
Connected-app readiness
App readiness returns ready, warning, or blocked with scored issues across commerce health, usage signals, and webhook state.
jq-friendly gates, idempotent retries
Hard or soft CI gates from one JSON field. Retry on network failure without double-counting.
The control kit
๐ Entitlements๐ณ Billing access๐ Usage tracking๐งพ Operator evidence
Verixet centralizes the repeated SaaS controls that get fragile when every AI-built app implements them differently: access, plans, limits, usage, deploy gates, and operator evidence.
Deployment gate
Block risky releases before production with a CI-ready safe_to_deploy decision.
Billing verification
Confirm the product, price, plan, and workspace before granting paid access.
Entitlement layer
Give every connected app the same answer to who paid and what they can use.
Policy modes
Run checks in advisory, blocking, or strict mode based on the workspace risk posture.
Usage tracking
Track usage by app, model, and end user so billing and access decisions are grounded.
Command center - one place to review access
๐งพ Request tracing๐ Usage review๐ฆ Guard signals๐ Session-scoped
Keys, logs, meter, guard checks, billing, and a playground live behind your session. The preview below is example state, not customer data.
Interface preview using sample operator state. Real workspace data appears only after sign-in.
/dashboard/logs - Request log
OverviewCommand center
OperationsRequest logMeterXFlowWebhooksAudit log
ConfigurationAPI keysWorkspaceConnect appOnboardingBilling
BuildPlaygroundAPI explorer
AssistantVera Copilot
Request health
review
example state
Deploy gate
ready
sample signal
Policy mode
blocking
example workspace
Meter
tracked
sample ledger
| Time | Endpoint | Outcome | ms |
|---|---|---|---|
| example | /api/v1/workflow/pre-deploy | success | ok |
| example | /api/v1/validate/change | success | ok |
| example | /api/v1/audit/project | error | review |
Usage ledger
on
Limit state
ok
Scope
workspace
| Provider | Model | Events | Cost |
|---|---|---|---|
provider | model | tracked | sample |
app | feature | tracked | sample |
commerce: okmeter: okstripe_webhooks: ok
| Run | Status | Findings | Time |
|---|---|---|---|
| latest | blocked | 1 critical | example |
| prev | ready | 0 | example |
Playground - pre-deploysafe_to_deploy
Vera reflects engine outcomes - same signals your CI reads from the API.
Developer proof
๐ OpenAPI 3.1๐งฐ Typed SDKsโ
Predictable errors๐ Idempotency-Key
OpenAPI-first contract, typed SDKs, GitHub Actions, and predictable errors - no hand-wavy integrations.
10
typed error codes
5
verify-self checks
7d
key rotation overlap
1
field to gate on (safe_to_deploy)
Workflow response (truncated)
What POST /api/v1/workflow/pre-deploy returns inside the v1 success envelope - this is what your gate should assert on.
{
"success": true,
"request_id": "550e8400-e29b-41d4-a716-446655440000",
"data": {
"workflow": {
"safe_to_deploy": true,
"risk_score": 0.18,
"recommended_next_step": "execute",
"policy_mode": "blocking",
"policy_pack": "github_pr_flow"
}
}
}CI gate (jq)
JSON=$(curl -sS -X POST "$VG_URL/api/v1/workflow/pre-deploy" \ -H "Authorization: Bearer $VG_API_KEY" \ -H "Content-Type: application/json" \ -d @snapshot.json) echo "$JSON" | jq -e '.data.workflow.safe_to_deploy == true'
Idempotency header
curl -X POST "$VG_URL/api/v1/validate/change" \
-H "Authorization: Bearer $VG_API_KEY" \
-H "Idempotency-Key: deploy-2025-03-26T12-00-00Z" \
-H "Content-Type: application/json" \
-d '{"change":"...","context":{}}'๐ณ Billing access checks๐ Entitlement enforcement๐ Usage and cost tracking๐ฆ Deployment safety gates๐๏ธ API key governance๐ OpenAPI 3.1 + typed SDKs
Frequently asked questions
Common questions about the API contract, dashboard, Meter, and XFlowx integration.
What is workflow.safe_to_deploy?
It is a boolean on POST /api/v1/workflow/pre-deploy that combines audit health, plan quality, and validation risk. CI can treat it as a hard gate; advisory workspaces may still return 200 with safe_to_deploy false.
Do you store my API key in the browser?
Dashboard sign-in accepts a key once to mint an HTTP-only session cookie. The playground uses your server session, not a pasted key in client storage.
Which policy mode should I use?
Start with advisory while tuning snapshots, move to blocking for PR gates, and strict when policy packs must never allow risky merges.
Where is the OpenAPI document?
GET /api/v1/openapi returns the machine-readable contract; the marketing /docs page links to explorer-friendly entry points.
What does Verixet Meter track?
Token cost per model, app, and end user. Meter ingests events via POST /api/v1/meter/usage/events and produces daily timeseries, MTD forecast, anomaly detection vs. prior month, and threshold alerts visible in the dashboard without extra instrumentation.
What does XFlow do beyond policy modes?
Fleet-level deploy validation returning ready, warning, or blocked with scored issues. Configurable guard rules with dry_run mode let you preview impact before enforcing. Audited overrides (deploy_unblock, runtime_allow_feature) can be created from the dashboard or API. The issue inbox surfaces recurring findings across runs.
How does API key rotation work?
POST /api/v1/keys/{id}/rotate creates a new key and sets sunset_at 7 days out on the old one. During the overlap window both keys authenticate. After sunset_at the old key stops working automatically no manual revocation required.
Give every app one source of truth.
Connect an app, verify billing and entitlement state, then use the same governance layer to track usage and block unsafe releases.