Dashboard Get started

The enforcement layer runs before each API call inside the SDK wrapper. If a rule fires, the call is blocked and an error is returned to your code — the provider is never reached and you are never billed.

Configure rules at token.audit.id/app/enforcement.

Available rules

Token ceiling

Blocks calls where the input prompt exceeds a token limit. Prevents accidental context inflation from bloated prompts.

client = JournaledAnthropic(
    api_key="sk-ant-…",
    session_id="my-session",
    enforcement_config={"token_ceiling": 8000}
)

Session budget

Caps total spend per session ID. When the session crosses the threshold, further calls are blocked until a new session is started.

enforcement_config={"max_session_usd": 2.00}

Dedup guard

Hashes the prompt and blocks exact duplicate calls within a configurable TTL window. Catches retry storms and agent loops that re-submit identical requests.

enforcement_config={"dedup_ttl_seconds": 60}

Loop breaker

Counts tool calls within a session. Blocks the call if the number of tool calls exceeds the configured ceiling. Stops runaway agent loops.

enforcement_config={"max_tool_calls": 50}

Model router

Downgrades expensive model calls to a cheaper alternative when the configured cost threshold would be exceeded.

enforcement_config={"model_downgrade": {"threshold_usd": 0.01, "fallback": "claude-haiku-4-5-20251001"}}

Remote config

Rules can also be set and updated from the dashboard without redeploying. The wrapper fetches remote config on startup and caches it for the session.

Remote config overrides local config when both are set. Use the dashboard to manage rules in production.

Policy controls

Beyond per-call rules, you can set org-wide policies that flag any event that violates them — model allowlists, banned prompt patterns, prod-key-in-dev checks, and approval thresholds for costly calls. Policies are evaluated at ingest and surface as violations on the dashboard and alerts feed.

Policy type What it flags
approved_models Calls to a model not in your sanctioned allowlist
banned_patterns Prompts matching regex patterns — injection attempts, secrets, banned phrasing
key_environment_check Production API keys used outside their permitted environment
approval_required_threshold_cents Single calls whose cost exceeds a review threshold

See the Policies API for the config shape of each type and full upsert examples. Configure in the dashboard at token.audit.id/app/policies.