Plinth
Start free
v3.1 · SOC 2 Type II · Now with rollout guards

Ship every release with a reason to roll back.

Plinth is the control plane that turns feature flags, deploys and metrics into one timeline — so a regression trips a guard and reverts in 19 seconds, not a war-room at 2am.

Start free — 2 environments See a live rollback
$ npx plinth deploy --guard p95
app.plinth.dev/timeline
Timeline Flags Guards
prod · us-east-1
checkout-v8 · rollout to 100%
guard p95 < 320ms · err < 0.5%
search-rank-2 · auto-reverted
p95 spiked 318→611ms · held 14% of traffic
billing-retry · canary 5%
+0 anomalies · 1,402 sessions
onboarding-flow-c · awaiting approval
2 of 3 reviewers · m.tobin pending
p95 latency · checkout · 24h −38ms vs Tue
Last 30 days · 142 services
live
Releases shipped
8,341
+12.4% vs Apr
Guard-caught regressions
213
+9 this week
Median rollback time
19 s
−6s vs Apr
Change failure rate
1.8 %
−2.1pp vs Apr

Every metric ties back to a single release event — no guessing which deploy moved the line.

See the timeline model

Shipped to production at

Vantage Brightwave Nimbus Lattice Halcyon Strata Quartermast Coast

Features

One timeline for everything that touches prod.

Flags, deploys, migrations and metrics collapse into a single ordered log — so cause and effect are always one row apart.

Rollout guards

Define the line. Plinth holds it.

Attach a guard to any release — p95, error rate, conversion, a custom SQL metric. If it breaches during ramp, the rollout halts and reverts before the next cohort sees it.

guard checkout_p95 {
metric p95(http.server.duration)
breach > 320ms for 90s
action rollback + page on-call
}
OpenTelemetry Datadog Prometheus +9 sources
Progressive delivery

Ramp by cohort, not by hope.

1% → 10% → 50% → 100%, each step gated on a clean window. Pin a cohort by plan, region or user trait.

100%
50%
10%
Instant revert

One key reverses any change.

Flags flip in <200ms at the edge; deploys roll to the last green SHA. The same button, whether it's a flag or a binary.

↩ reverted search-rank-2 · 19s · 0 incidents

Approvals that fit your branch

Require N reviewers per environment. Approve from Slack, the PR, or the timeline.

Signed audit log

Every flip, deploy and override is hash-chained and exportable. SOC 2 evidence in one click.

SDKs for 11 runtimes

TypeScript, Go, Rust, Python, Swift and more. Local evaluation, zero network in the hot path.

How it works

Connect once. Every deploy lands on the same map.

Point Plinth at your CI and your metrics provider. From then on, every flag flip and every release writes itself onto a shared timeline your whole team reads the same way.

  • Wire your CI — a single step appends each build to the timeline with its SHA and diff.
  • Attach guards — declarative metric thresholds that decide go / hold / revert.
  • Watch it self-drive — ramps advance on clean windows, breaches revert in seconds.
Read the integration guide
Overview Cohorts Diffs
ramping
Cohort
50%
Error rate
0.21%
p95
284ms
Conversion · control vs variant +2.7% lift
variant control
All 3 guards green — advancing to 100% in 4m

Pricing

Priced per environment, not per anxiety.

Start on two environments free. Upgrade when you outgrow them. No metered surprises on flag evaluations.

Indie

2 environments
$0
/ month · forever

For a side project or a first prod service.

  • 2 environments · 1 guard each
  • Unlimited flag evaluations
  • 14-day timeline history
  • Community Slack
Start free
Most popular

Studio

incl. audit log
$49
/ environment · monthly

For teams shipping to real customers daily.

  • Unlimited environments & guards
  • Progressive delivery + auto-revert
  • 90-day signed audit log
  • Slack + PagerDuty routing
  • SLA: revert decision < 5s
Start 14-day trial

Org

SSO · SCIM
$249
/ month · base + usage

For platform teams governing many squads.

  • Everything in Studio
  • SAML SSO, SCIM & RBAC
  • Self-hosted edge evaluators
  • Unlimited audit retention
  • 99.95% uptime SLA + named SE
Talk to sales

The teams who sleep through the on-call rotation.

"A bad search ranking change used to mean a 40-minute incident. Last week Plinth reverted it before I'd opened the laptop. The timeline already had the SHA waiting."
PA Priya AnandStaff Engineer · Vantage
"We replaced a flag tool, a deploy bot and a spreadsheet of 'who approved what' with one timeline. Change failure rate dropped from 11% to under 2% in a quarter."
YA Yusuf AbaraCTO · Brightwave
"The guards are what sold the team. Engineers ship Friday afternoons now because the worst case is a 19-second auto-revert, not a weekend."
IC Ines CalderónHead of Eng · Nimbus

FAQ

Questions engineers ask in the eval.

Can't find it? The docs go deep, or ask in our Slack.

How fast does a guard decide to revert? +

Guards evaluate on a rolling window you set (default 90s). Once a breach is confirmed, the revert decision fires in under 5 seconds and flag-based reverts propagate to the edge in <200ms. Binary rollbacks depend on your deploy target — typically 15–25s.

Is flag evaluation in my request hot path? +

No. The SDK evaluates flags locally against a ruleset it streams in the background, so a flag check is an in-memory lookup with zero network round-trip. Median overhead is 38µs.

Which metric sources can back a guard? +

Any OpenTelemetry-compatible source, plus native connectors for Datadog, Prometheus, Grafana and CloudWatch. You can also push a custom metric over our ingest API and reference it directly in a guard expression.

Can I keep evaluation inside my own VPC? +

On the Org plan, yes. Self-hosted edge evaluators run in your infrastructure and only sync ruleset deltas and aggregated guard verdicts — no per-user request data leaves your network.

How does the audit log stay tamper-evident? +

Each event is hash-chained to the previous one and the chain head is anchored hourly. Any edit or deletion breaks the chain, which surfaces immediately in the integrity view and your SOC 2 evidence export.

Your next bad deploy should fix itself.

Connect a service, attach one guard, and ship the rest of the week without a war room. Free on two environments.

Start free Book a walkthrough

No credit card · 5-minute CI integration