> ## Documentation Index
> Fetch the complete documentation index at: https://docs.prisme.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Audit Logs & Subscriptions

> Track administrative actions and manage usage quotas

Governe provides audit logging for compliance tracking and subscription management for controlling usage limits.

## Audit Logs

Audit logs record all administrative actions in your organization, providing an immutable trail for security and compliance.

### Accessing Audit Logs

Go to **Audit** in the Governe sidebar.

### Event Categories

| Category         | Events Tracked                            |
| ---------------- | ----------------------------------------- |
| **member**       | Member added, updated, removed, suspended |
| **role**         | Role created, updated, deleted, assigned  |
| **org**          | Organization settings changed             |
| **sso**          | SSO provider added, updated, deleted      |
| **quota**        | Quota limits changed                      |
| **apikey**       | API key created, rotated, revoked         |
| **auth**         | Login attempts, SSO events                |
| **subscription** | Subscription changed                      |
| **invite**       | Invite created, used, revoked             |
| **group**        | Group created, updated, members changed   |

### Event Structure

Each audit event contains:

| Field         | Description                              |
| ------------- | ---------------------------------------- |
| **timestamp** | When the event occurred                  |
| **category**  | Event category (member, role, etc.)      |
| **action**    | Specific action (create, update, delete) |
| **target**    | What was affected (user, role, etc.)     |
| **changes**   | Before/after values                      |
| **metadata**  | Additional context                       |

### Example Event

```json theme={null}
{
  "timestamp": "2024-03-15T10:30:00Z",
  "category": "member",
  "action": "role_changed",
  "target": {
    "type": "user",
    "id": "user_123",
    "email": "jane@acme.com"
  },
  "changes": {
    "before": { "roleSlug": "viewer" },
    "after": { "roleSlug": "admin" }
  },
  "metadata": {
    "changedBy": "admin@acme.com"
  }
}
```

### Filtering Logs

* Filter by **date range**
* Filter by **category**
* Search by **user email** or **target ID**

### Retention

Audit logs are retained according to your subscription tier:

| Tier       | Retention                |
| ---------- | ------------------------ |
| Free       | 7 days                   |
| Starter    | 30 days                  |
| Pro        | 90 days                  |
| Enterprise | Custom (up to unlimited) |

## Quotas

Quotas limit resource consumption to prevent unexpected costs and ensure fair usage.

### Viewing Quotas

Go to **Quotas** in the Governe sidebar.

### Quota Types

| Type           | Description                                      |
| -------------- | ------------------------------------------------ |
| **Rate**       | Resets after time window (per minute, hour, day) |
| **Cumulative** | Accumulates until billing period resets          |

### Common Metrics

| Metric               | Type       | Description                |
| -------------------- | ---------- | -------------------------- |
| `llm.requests.rpm`   | Rate       | Requests per minute        |
| `llm.requests.daily` | Rate       | Requests per day           |
| `llm.tokens.monthly` | Cumulative | Tokens per month           |
| `llm.cost.monthly`   | Cumulative | Cost per month (USD)       |
| `users`              | Cumulative | Total organization members |

### Quota Display

Each quota shows:

* **Current usage**: Amount consumed
* **Limit**: Maximum allowed
* **Percentage**: Visual progress bar
* **Window**: Reset period (for rate limits)

### Warning Thresholds

| Threshold | Visual         |
| --------- | -------------- |
| 0-79%     | Normal         |
| 80-94%    | Yellow warning |
| 95%+      | Red critical   |

## Subscriptions

Subscriptions define your organization's tier, limits, and feature access.

### Viewing Subscription

Go to **Subscription** in the Governe sidebar.

### Subscription Tiers

| Tier           | Description                                  |
| -------------- | -------------------------------------------- |
| **Free**       | Basic access with limited quotas             |
| **Starter**    | Small teams with moderate usage              |
| **Pro**        | Growing organizations with advanced features |
| **Enterprise** | Custom limits and dedicated support          |
| **Custom**     | Tailored for specific needs                  |

### Subscription Status

| Status       | Description           |
| ------------ | --------------------- |
| **Active**   | Full access           |
| **Trialing** | Trial period          |
| **Past Due** | Payment overdue       |
| **Canceled** | Subscription ended    |
| **Inactive** | Subscription disabled |

### Feature Access

Subscriptions control access to features:

| Feature          | Free    | Starter | Pro     | Enterprise |
| ---------------- | ------- | ------- | ------- | ---------- |
| SSO              | No      | No      | Yes     | Yes        |
| Custom Branding  | No      | No      | Yes     | Yes        |
| API Access       | Limited | Yes     | Yes     | Yes        |
| Audit Logs       | 7 days  | 30 days | 90 days | Custom     |
| Priority Support | No      | No      | Yes     | Yes        |

### Quota Limits by Tier

Example limits (actual limits vary):

| Metric       | Free | Starter | Pro | Enterprise |
| ------------ | ---- | ------- | --- | ---------- |
| Users        | 5    | 25      | 100 | Unlimited  |
| RPM          | 10   | 60      | 300 | Custom     |
| Tokens/month | 100K | 1M      | 10M | Custom     |

## Managing Subscriptions (Platform Admin)

Platform administrators can manage subscriptions:

### Creating Subscription Templates

1. Go to **Platform > Subscriptions**
2. Click **Create Subscription**
3. Configure:
   * Name and slug
   * Tier
   * Quota limits
   * Feature flags
4. Optionally set as default for new organizations

### Assigning Subscriptions

1. Go to **Platform > Organizations**
2. Select an organization
3. Change the subscription

### Modifying Quotas

Quota limits can be adjusted:

1. Edit the subscription template
2. Or override for a specific organization

## Quota Exceeded Behavior

When quotas are exceeded:

| Policy             | Behavior                                                |
| ------------------ | ------------------------------------------------------- |
| **Hard Block**     | Request fails with `QUOTA_EXCEEDED` error               |
| **Soft Downgrade** | Falls back to cheaper model                             |
| **Rate Limited**   | Request fails with `RATE_LIMITED`, includes retry-after |

See [Model Governance](./model-governance#quota-policy) for configuration.

## Best Practices

<CardGroup cols={2}>
  <Card title="Regular Audits" icon="clipboard-check">
    Review audit logs monthly for security
  </Card>

  <Card title="Monitor Quotas" icon="gauge">
    Set alerts before hitting limits
  </Card>

  <Card title="Right-Size Tiers" icon="sliders">
    Choose subscription tier matching actual usage
  </Card>

  <Card title="Plan Upgrades" icon="arrow-up">
    Upgrade before hitting limits, not after
  </Card>
</CardGroup>

## Compliance Scenarios

<Tabs>
  <Tab title="SOC 2">
    For SOC 2 compliance:

    1. Enable audit logging (Pro tier minimum)
    2. Review access changes monthly
    3. Document role assignment justifications
    4. Export audit logs for external review
  </Tab>

  <Tab title="GDPR">
    For GDPR compliance:

    1. Track member data access in audit logs
    2. Document data processing activities
    3. Enable SSO for centralized identity
    4. Review API key usage patterns
  </Tab>

  <Tab title="HIPAA">
    For HIPAA compliance (Enterprise tier):

    1. Extended audit log retention
    2. Encryption at rest and in transit
    3. Access control audit trails
    4. Business Associate Agreement (BAA)
  </Tab>
</Tabs>

## Next Steps

<CardGroup cols={2}>
  <Card title="Identity & Access" icon="users-gear" href="./identity-access">
    Manage members and permissions
  </Card>

  <Card title="Observability" icon="chart-line" href="./observability">
    Monitor usage and performance
  </Card>
</CardGroup>
