Feature — Governance

Governance features let platform teams enforce spend policies, audit LLM usage, and maintain compliance across all AI workloads.

Spend caps

# .tokenistt.toml
[governance]
spend_cap_daily_usd = 50.00       # hard pause at $50/day
spend_cap_per_request_usd = 0.10  # reject requests over $0.10
alert_webhook = "https://hooks.slack.com/..."

# When cap is hit:
# → All new requests return 429 with tokenistt-cap-exceeded header
# → Webhook fires with workspace, cap type, and current spend

RBAC (Team plan)

• –Workspace owners can view and modify their own policies
• –Org admins can view all workspaces and set global caps
• –Read-only analyst role for finance/FinOps access
• –API key scoping per workspace

Audit log (Team plan)

Every token event is written to an immutable audit log with workspace, model, token counts, cost, and timestamp. Exportable as CSV or queryable via API.

SOC 2 Type II

Tokenistt's cloud backend is SOC 2 Type II certified. No prompt content is stored unless you explicitly enable content tracing. BYOK (Bring Your Own Key) is available on Enterprise to keep all data in your VPC.