proxy:
· audit log:
·
· proxy boot
Live charts built from the audit log. Spend chart updates every 5 s. Threats chart reflects the selected period ().
Requests paused by a policy rule (Human-In-The-Loop / HITL) and waiting for a human operator to approve or reject them before they're forwarded to the LLM. Approve to let through; reject to block with a reason.
| request_id | agent | session | tool / reason | ||
|---|---|---|---|---|---|
A session is an end-to-end agent run, identified by
the X-LLM-Leash-Session-Id header. Zero-cost rows are
sessions that connected but didn't yet incur LLM cost.
| session_id | cost (USD) | ||
|---|---|---|---|
| killed err |
Each row aggregates audit events from one policy rule. Hover the rule name or expand the detail panel below to see what the rule detects and why each block fired.
| rule | risk | block | redact | review | warn | total |
|---|---|---|---|---|---|---|
No threat events in this period. Either traffic is clean, the policy chain hasn't fired yet, or the period is too narrow — try .
| ts | risk | rule | action | agent | session | reason |
|---|---|---|---|---|---|---|
Live model_call audit events grouped by agent. The
current cap column reflects the per-agent budget cap
in effect on the proxy right now.
| agent | calls | cost (USD) | current cap (USD) |
|---|---|---|---|
Caps apply on the next request from that agent. Cap precedence: per-agent > per-tenant > default. Default cap:
| agent | current cap (USD) | ||
|---|---|---|---|
Download filtered threat events or full audit log for offline analysis or SOC 2 evidence submission.
| ts | kind | session | agent | provider / model | cost | detail |
|---|---|---|---|---|---|---|