improvement(byok): make available for all plans

apps/docs/content/docs/en/enterprise/index.mdx

@@ -31,33 +31,6 @@ Define permission groups to control what features and integrations team members
 
 ---
 
-## Bring Your Own Key (BYOK)
-
-Use your own API keys for AI model providers instead of Sim Studio's hosted keys.
-
-### Supported Providers
-
-| Provider | Usage |
-|----------|-------|
-| OpenAI | Knowledge Base embeddings, Agent block |
-| Anthropic | Agent block |
-| Google | Agent block |
-| Mistral | Knowledge Base OCR |
-
-### Setup
-
-1. Navigate to **Settings** → **BYOK** in your workspace
-2. Click **Add Key** for your provider
-3. Enter your API key and save
-
-<Callout type="warn">
-  BYOK keys are encrypted at rest. Only organization admins and owners can manage keys.
-</Callout>
-
-When configured, workflows use your key instead of Sim Studio's hosted keys. If removed, workflows automatically fall back to hosted keys.
-
----
-
 ## Single Sign-On (SSO)
 
 Enterprise authentication with SAML 2.0 and OIDC support for centralized identity management.

apps/docs/content/docs/en/execution/costs.mdx

@@ -106,7 +106,28 @@ The model breakdown shows:
 
 ## Bring Your Own Key (BYOK)
 
-You can use your own API keys for hosted models (OpenAI, Anthropic, Google, Mistral) in **Settings → BYOK** to pay base prices. Keys are encrypted and apply workspace-wide.
+Use your own API keys for AI model providers instead of Sim Studio's hosted keys to pay base prices with no markup.
+
+### Supported Providers
+
+| Provider | Usage |
+|----------|-------|
+| OpenAI | Knowledge Base embeddings, Agent block |
+| Anthropic | Agent block |
+| Google | Agent block |
+| Mistral | Knowledge Base OCR |
+
+### Setup
+
+1. Navigate to **Settings** → **BYOK** in your workspace
+2. Click **Add Key** for your provider
+3. Enter your API key and save
+
+<Callout type="info">
+  BYOK keys are encrypted at rest. Only workspace admins can manage keys.
+</Callout>
+
+When configured, workflows use your key instead of Sim Studio's hosted keys. If removed, workflows automatically fall back to hosted keys with the multiplier.
 
 ## Cost Optimization Strategies
 

apps/sim/app/api/v1/admin/index.ts

@@ -53,10 +53,6 @@
  *   GET    /api/v1/admin/subscriptions/:id                  - Get subscription details
  *   DELETE /api/v1/admin/subscriptions/:id                  - Cancel subscription (?atPeriodEnd=true for scheduled)
  *
- *   BYOK Keys:
- *   GET    /api/v1/admin/byok                               - List BYOK keys (?organizationId=X or ?workspaceId=X)
- *   DELETE /api/v1/admin/byok                               - Delete BYOK keys for org/workspace
- *
  *   Access Control (Permission Groups):
  *   GET    /api/v1/admin/access-control                     - List permission groups (?organizationId=X)
  *   DELETE /api/v1/admin/access-control                     - Delete permission groups for org (?organizationId=X)

apps/sim/app/api/workspaces/[id]/byok-keys/route.ts

@@ -6,8 +6,6 @@ import { nanoid } from 'nanoid'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
-import { isEnterpriseOrgAdminOrOwner } from '@/lib/billing/core/subscription'
-import { isHosted } from '@/lib/core/config/feature-flags'
 import { decryptSecret, encryptSecret } from '@/lib/core/security/encryption'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'
@@ -58,15 +56,6 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
     }
 
-    let byokEnabled = true
-    if (isHosted) {
-      byokEnabled = await isEnterpriseOrgAdminOrOwner(userId)
-    }
-
-    if (!byokEnabled) {
-      return NextResponse.json({ keys: [], byokEnabled: false })
-    }
-
     const byokKeys = await db
       .select({
         id: workspaceBYOKKeys.id,
@@ -131,20 +120,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
 
     const userId = session.user.id
 
-    if (isHosted) {
-      const canManageBYOK = await isEnterpriseOrgAdminOrOwner(userId)
-      if (!canManageBYOK) {
-        logger.warn(`[${requestId}] User not authorized to manage BYOK keys`, { userId })
-        return NextResponse.json(
-          {
-            error:
-              'BYOK is an Enterprise-only feature. Only organization admins and owners can manage API keys.',
-          },
-          { status: 403 }
-        )
-      }
-    }
-
     const permission = await getUserEntityPermissions(userId, 'workspace', workspaceId)
     if (permission !== 'admin') {
       return NextResponse.json(
@@ -245,20 +220,6 @@ export async function DELETE(
 
     const userId = session.user.id
 
-    if (isHosted) {
-      const canManageBYOK = await isEnterpriseOrgAdminOrOwner(userId)
-      if (!canManageBYOK) {
-        logger.warn(`[${requestId}] User not authorized to manage BYOK keys`, { userId })
-        return NextResponse.json(
-          {
-            error:
-              'BYOK is an Enterprise-only feature. Only organization admins and owners can manage API keys.',
-          },
-          { status: 403 }
-        )
-      }
-    }
-
     const permission = await getUserEntityPermissions(userId, 'workspace', workspaceId)
     if (permission !== 'admin') {
       return NextResponse.json(

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/byok/byok.tsx

@@ -2,7 +2,7 @@
 
 import { useState } from 'react'
 import { createLogger } from '@sim/logger'
-import { Crown, Eye, EyeOff } from 'lucide-react'
+import { Eye, EyeOff } from 'lucide-react'
 import { useParams } from 'next/navigation'
 import {
   Button,
@@ -83,7 +83,6 @@ export function BYOK() {
 
   const { data, isLoading } = useBYOKKeys(workspaceId)
   const keys = data?.keys ?? []
-  const byokEnabled = data?.byokEnabled ?? true
   const upsertKey = useUpsertBYOKKey()
   const deleteKey = useDeleteBYOKKey()
 
@@ -98,31 +97,6 @@ export function BYOK() {
     return keys.find((k) => k.providerId === providerId)
   }
 
-  // Show enterprise-only gate if BYOK is not enabled
-  if (!isLoading && !byokEnabled) {
-    return (
-      <div className='flex h-full flex-col items-center justify-center gap-[16px] py-[32px]'>
-        <div className='flex h-[48px] w-[48px] items-center justify-center rounded-full bg-[var(--surface-6)]'>
-          <Crown className='h-[24px] w-[24px] text-[var(--amber-9)]' />
-        </div>
-        <div className='flex flex-col items-center gap-[8px] text-center'>
-          <h3 className='font-medium text-[15px] text-[var(--text-primary)]'>Enterprise Feature</h3>
-          <p className='max-w-[320px] text-[13px] text-[var(--text-secondary)]'>
-            Bring Your Own Key (BYOK) is available exclusively on the Enterprise plan. Upgrade to
-            use your own API keys and eliminate the 2x cost multiplier.
-          </p>
-        </div>
-        <Button
-          variant='primary'
-          className='!bg-[var(--brand-tertiary-2)] !text-[var(--text-inverse)] hover:!bg-[var(--brand-tertiary-2)]/90'
-          onClick={() => window.open('https://sim.ai/enterprise', '_blank')}
-        >
-          Contact Sales
-        </Button>
-      </div>
-    )
-  }
-
   const handleSave = async () => {
     if (!editingProvider || !apiKeyInput.trim()) return
 
@@ -340,7 +314,7 @@ export function BYOK() {
               <span className='font-medium text-[var(--text-primary)]'>
                 {PROVIDERS.find((p) => p.id === deleteConfirmProvider)?.name}
               </span>{' '}
-              API key? This workspace will revert to using platform keys with the 2x multiplier.
+              API key? This workspace will revert to using platform hosted keys.
             </p>
           </ModalBody>
           <ModalFooter>