Audit Logs & Subscriptions

Governe provides audit logging for compliance tracking and subscription management for controlling usage limits.

Audit Logs

Audit logs record all administrative actions in your organization, providing an immutable trail for security and compliance.

Accessing Audit Logs

Go to Audit in the Governe sidebar.

Event Categories

Category	Events Tracked
member	Member added, updated, removed, suspended
role	Role created, updated, deleted, assigned
org	Organization settings changed
sso	SSO provider added, updated, deleted
quota	Quota limits changed
apikey	API key created, rotated, revoked
auth	Login attempts, SSO events
subscription	Subscription changed
invite	Invite created, used, revoked
group	Group created, updated, members changed

Event Structure

Each audit event contains:

Field	Description
timestamp	When the event occurred
category	Event category (member, role, etc.)
action	Specific action (create, update, delete)
target	What was affected (user, role, etc.)
changes	Before/after values
metadata	Additional context

Example Event

{
  "timestamp": "2024-03-15T10:30:00Z",
  "category": "member",
  "action": "role_changed",
  "target": {
    "type": "user",
    "id": "user_123",
    "email": "jane@acme.com"
  },
  "changes": {
    "before": { "roleSlug": "viewer" },
    "after": { "roleSlug": "admin" }
  },
  "metadata": {
    "changedBy": "admin@acme.com"
  }
}

Filtering Logs

Filter by date range
Filter by category
Search by user email or target ID

Retention

Audit logs are retained according to your subscription tier:

Tier	Retention
Free	7 days
Starter	30 days
Pro	90 days
Enterprise	Custom (up to unlimited)

Quotas

Quotas limit resource consumption to prevent unexpected costs and ensure fair usage.

Viewing Quotas

Go to Quotas in the Governe sidebar.

Quota Types

Type	Description
Rate	Resets after time window (per minute, hour, day)
Cumulative	Accumulates until billing period resets

Common Metrics

Metric	Type	Description
`llm.requests.rpm`	Rate	Requests per minute
`llm.requests.daily`	Rate	Requests per day
`llm.tokens.monthly`	Cumulative	Tokens per month
`llm.cost.monthly`	Cumulative	Cost per month (USD)
`users`	Cumulative	Total organization members

Quota Display

Each quota shows:

Current usage: Amount consumed
Limit: Maximum allowed
Percentage: Visual progress bar
Window: Reset period (for rate limits)

Warning Thresholds

Threshold	Visual
0-79%	Normal
80-94%	Yellow warning
95%+	Red critical

Subscriptions

Subscriptions define your organization’s tier, limits, and feature access.

Viewing Subscription

Go to Subscription in the Governe sidebar.

Subscription Tiers

Tier	Description
Free	Basic access with limited quotas
Starter	Small teams with moderate usage
Pro	Growing organizations with advanced features
Enterprise	Custom limits and dedicated support
Custom	Tailored for specific needs

Subscription Status

Status	Description
Active	Full access
Trialing	Trial period
Past Due	Payment overdue
Canceled	Subscription ended
Inactive	Subscription disabled

Feature Access

Subscriptions control access to features:

Feature	Free	Starter	Pro	Enterprise
SSO	No	No	Yes	Yes
Custom Branding	No	No	Yes	Yes
API Access	Limited	Yes	Yes	Yes
Audit Logs	7 days	30 days	90 days	Custom
Priority Support	No	No	Yes	Yes

Quota Limits by Tier

Example limits (actual limits vary):

Metric	Free	Starter	Pro	Enterprise
Users	5	25	100	Unlimited
RPM	10	60	300	Custom
Tokens/month	100K	1M	10M	Custom

Managing Subscriptions (Platform Admin)

Platform administrators can manage subscriptions:

Creating Subscription Templates

Go to Platform > Subscriptions
Click Create Subscription
Configure:
- Name and slug
- Tier
- Quota limits
- Feature flags
Optionally set as default for new organizations

Assigning Subscriptions

Go to Platform > Organizations
Select an organization
Change the subscription

Modifying Quotas

Quota limits can be adjusted:

Edit the subscription template
Or override for a specific organization

Quota Exceeded Behavior

When quotas are exceeded:

Policy	Behavior
Hard Block	Request fails with `QUOTA_EXCEEDED` error
Soft Downgrade	Falls back to cheaper model
Rate Limited	Request fails with `RATE_LIMITED`, includes retry-after

See Model Governance for configuration.

Best Practices

Regular Audits

Review audit logs monthly for security

Monitor Quotas

Set alerts before hitting limits

Right-Size Tiers

Choose subscription tier matching actual usage

Plan Upgrades

Upgrade before hitting limits, not after

Compliance Scenarios

SOC 2
GDPR
HIPAA

For SOC 2 compliance:

Enable audit logging (Pro tier minimum)
Review access changes monthly
Document role assignment justifications
Export audit logs for external review

Next Steps

Identity & Access

Manage members and permissions

Observability

Monitor usage and performance

​Audit Logs

​Accessing Audit Logs

​Event Categories

​Event Structure

​Example Event

​Filtering Logs

​Retention

​Quotas

​Viewing Quotas

​Quota Types

​Common Metrics

​Quota Display

​Warning Thresholds

​Subscriptions

​Viewing Subscription

​Subscription Tiers

​Subscription Status

​Feature Access

​Quota Limits by Tier

​Managing Subscriptions (Platform Admin)

​Creating Subscription Templates

​Assigning Subscriptions

​Modifying Quotas

​Quota Exceeded Behavior

​Best Practices