The admin surface every posture ships with.
Audit log, keys, policies, budgets — four surfaces, one substrate. Owned, Controlled, or Governed: the controls are the same, the boundary is yours to choose.
Audit Log
Append-only, signed, queryable. Every prompt, completion, routing decision, and policy outcome is tagged with workload, user, and authority chain. Native exports to SIEM, DMS, and EHR audit feeds.
Keys & Secrets
BYO-KMS in Controlled and Governed postures. Hardware-rooted keys in Owned. Per-workload key scoping; rotation is a first-class event in the audit log.
Policies
Per-workload routing, redaction, retention, and BYO-key burst rules. Policies are versioned and reviewable; every inference records which policy applied.
Budgets
Hard caps per workload, per team, per matter, per program — enforced before inference, not after the bill. No more surprise hyperscaler invoices.