The open-source core is Apache 2.0 and covers the Hook Engine, Model Abstraction Layer (MAL), Budget Manager, Self-Audit Engine base, Logic Skills, State Machine, Eval & Regression Harness, KB Grounding, Security Engine, Tool Governance base classes, Agent Trust + KillSwitch reference implementation, I/O Schema Validation, Spec Conformance & Drift Engine, Error Recovery, Context Manager, and Immutable Audit Log base. The compliance adapters for HIPAA, FINRA, SOC 2, SEC, and GDPR live under src/ironframe/compliance/adapters/ as PolyForm Noncommercial — free for research, education, nonprofits, and personal projects; commercial license required for production deployment. The (Commercial tier) post-v0.1 components (Session Methodology Registry, Dependency Scanner, Tool Risk Tier System, MRM Decision Log, Supervisory Audit Export, Capability Fence, Topology Visibility, Append-Only Audit Collector) ship under a separate commercial license and are not included in the public pip package.