Enterprise capability

Enterprise Audit Logs

Every action, attributed and immutable

Enterprise Audit Logs sit underneath every privileged action in LLM Gateway. When an admin rotates a provider key, removes a teammate, changes routing config, or downloads logs — it lands in an append-only audit stream with the actor, timestamp, IP, user-agent, and a structured diff of before/after state. Logs are filterable by user, resource, action, or time, exportable as CSV/JSON, and forwardable to your SIEM (Splunk, Datadog, Elastic) via webhook. Retention defaults to forever for enterprise plans.

Why teams turn it on

Append-only by design

Audit rows can't be edited or deleted from the dashboard — even by org owners. Cryptographic chaining detects tampering at the storage layer.

Actor + resource + diff

Every event records who, what, when, where, and a structured before/after diff — not just an action name.

SIEM forwarding

Stream audit events to Splunk, Datadog, Elastic, or any HTTPS endpoint. Replay any window on demand.

Compliance-ready exports

One-click CSV/JSON exports scoped to a date range, user, or resource — formatted for SOC 2 and HIPAA auditors.

How it works

From decision to deployed in three short steps

  1. 01

    Enable on your org

    Audit logging is enabled on every enterprise org by default. No code changes — every privileged route is already instrumented.

  2. 02

    Query in the dashboard

    Filter by user, action, resource, or time range. Each row expands into the full structured diff.

  3. 03

    Forward to your SIEM

    Add a webhook URL in org settings. Events are POSTed in real time with retries and signed payloads.

Real-world use cases

Why customers actually adopt this

01

Security investigations

A key was rotated at 3:14 UTC. Who did it, from which IP, and what did the request look like? One query.

02

SOC 2 / HIPAA evidence

Hand your auditor a scoped export with full attribution — no screenshots, no reconstruction.

03

Insider-risk monitoring

Alert when admins access prod keys outside working hours or from unfamiliar geographies.

Frequently asked

How long are audit logs retained?
Enterprise plans get unlimited retention by default. We do not auto-prune. You can export and delete on your own schedule if needed for data-residency.
Can audit logs be deleted?
No — not by org owners, not by admins, not by support. Logs are append-only in storage. The only way to remove an entry is a full org-data deletion under our DPA.
Do audit logs include LLM request bodies?
Audit logs capture privileged-action metadata, not user prompts. Prompt/response logging is a separate setting under Activity Logs, which you control independently.

More enterprise capabilities

The rest of the enterprise stack

Organization-Wide Analytics

Cost, requests, and tokens totaled across every project, with breakdowns by model, project, API key, and member. Built on pre-aggregated rollups, so any date range stays fast.

Per-Member Budgets & Developer Role

Per-member spend caps enforced at request time, org-wide default developer limits, and a project-scoped Developer role. An over-budget request is rejected before it ever reaches a provider.

Per-Project Routing Overrides

Override global routing rules at the project level — region, provider order, fallback chain, and cost ceilings. Production stays pinned; experimental teams stay flexible.

Enterprise Guardrails

Server-side detection for prompt injection, PII, secrets, and policy violations. Configured centrally, enforced at the gateway, auditable per-request.

Discord & Slack Alerts

Native webhook integrations for Discord and Slack. Get the enterprise contact-sales form, billing events, guardrail trips, and SLA breaches in the channels your team already monitors.

Single Sign-On (SAML / OIDC)

SAML 2.0 and OIDC SSO with SCIM provisioning, group-based role mapping, and enforced-only access. No local credentials, no shared passkeys, no off-boarding gaps.

White-Label Chat & Playground

Embed or stand up a fully white-labeled chat app and playground under your own domain. Customize branding, default models, system prompts, and feature toggles.

Provider Compliance Policies

Define the certifications and data policies your providers must meet — SOC 2, ISO 27001, GDPR, no prompt training, no prompt logging — and the gateway refuses to route to anything that doesn't qualify.

See enterprise audit logs on your real workloads

Bring a sample workload to a 30-minute call. We'll wire it up live and show you the actual experience your team will get.