Every LLM request is logged with governance decision details. Use audit logs to demonstrate compliance, investigate incidents, and generate reports for your GRC team.
Audit Log Schema interface GovernanceAuditLog { id : string ; // "audit_xxx" orgId : string ; // Organization ID apiKeyId ? : string ; // API key used (if applicable) requestId : string ; // Correlation ID for tracing // Request details model : string ; // Requested model provider ? : string ; // Actual provider used (null if blocked) // Policy evaluation policyId : string ; // Policy ID applied policyName : string ; // Policy name policySlot ? : number ; // Tag slot (1-12 or null) // Decision allowed : boolean ; // Was request allowed? enforcement : "hard_block" | "soft_block" | "warn" ; violationReasons ? : string []; // If blocked/warned, why? // Metadata ipAddress ? : string ; // Client IP userAgent ? : string ; // Client user agent timestamp : string ; // ISO timestamp }
Query Audit Logs TypeScript
C#
Java
PHP
cURL
CLI
const logs = await client . governance . auditLogs . list ({ limit : 100 , });
{ "logs" : [ { "id" : "audit_abc123" , "requestId" : "req_xyz789" , "timestamp" : "2025-01-10T14:30:00Z" , "model" : "claude-sonnet-4-20250514" , "provider" : "anthropic" , "policyId" : "gpol_xxx" , "policyName" : "Production - HIPAA" , "policySlot" : 1 , "allowed" : true , "enforcement" : "hard_block" }, { "id" : "audit_def456" , "requestId" : "req_uvw123" , "timestamp" : "2025-01-10T14:31:00Z" , "model" : "deepseek-chat" , "provider" : null , "policyId" : "gpol_xxx" , "policyName" : "Production - HIPAA" , "policySlot" : 1 , "allowed" : false , "enforcement" : "hard_block" , "violationReasons" : [ "Provider 'deepseek' is China-based and blocked by policy" , "Provider 'deepseek' does not meet minimum trust tier 'most_trusted'" ] } ], "pagination" : { "total" : 15420 , "limit" : 100 , "offset" : 0 , "hasMore" : true } }
Filter Audit Logs By Policy cURL
TypeScript
C#
Java
PHP
CLI
curl "https://api.case.dev/governance/audit-logs?policyId=gpol_xxx" \ -H "Authorization: Bearer sk_case_xxx"
Blocked Requests Only cURL
TypeScript
C#
Java
PHP
CLI
curl "https://api.case.dev/governance/audit-logs?allowed=false" \ -H "Authorization: Bearer sk_case_xxx"
By Date Range cURL
TypeScript
C#
Java
PHP
CLI
curl "https://api.case.dev/governance/audit-logs?startDate=2025-01-01&endDate=2025-01-31" \ -H "Authorization: Bearer sk_case_xxx"
By Provider cURL
TypeScript
C#
Java
PHP
CLI
curl "https://api.case.dev/governance/audit-logs?provider=anthropic" \ -H "Authorization: Bearer sk_case_xxx"
Compliance Reports Generate summary reports for compliance documentation.
TypeScript
C#
Java
PHP
cURL
CLI
const report = await client . governance . reports . generate ({ period : "2025-01" , policyId : "gpol_xxx" , });
{ "report" : { "id" : "rpt_xxx" , "generatedAt" : "2025-02-01T00:00:00Z" , "period" : { "start" : "2025-01-01T00:00:00Z" , "end" : "2025-01-31T23:59:59Z" }, "policy" : { "id" : "gpol_xxx" , "name" : "Production - HIPAA" }, "summary" : { "totalRequests" : 15420 , "allowedRequests" : 15419 , "blockedRequests" : 1 , "warnedRequests" : 0 , "complianceRate" : 99.99 }, "providerBreakdown" : { "anthropic" : { "requests" : 10250 , "allowed" : 10250 , "blocked" : 0 }, "openai" : { "requests" : 5169 , "allowed" : 5169 , "blocked" : 0 }, "deepseek" : { "requests" : 1 , "allowed" : 0 , "blocked" : 1 } }, "blockedRequests" : [ { "timestamp" : "2025-01-10T14:31:00Z" , "requestId" : "req_uvw123" , "model" : "deepseek-chat" , "reasons" : [ "China-based provider blocked" ], "ipAddress" : "203.0.113.42" } ], "complianceStatus" : "COMPLIANT" } }
CSV Export TypeScript
C#
Java
PHP
cURL
CLI
const csv = await client . governance . auditLogs . export ({ format : "csv" , startDate : "2025-01-01" , endDate : "2025-01-31" , });
id, timestamp, request_id, model, provider, policy_name, allowed, enforcement, violations audit_abc123, 2025-01-10T14:30:00Z, req_xyz789, claude-sonnet-4-20250514, anthropic, Production - HIPAA, true, hard_block, audit_def456, 2025-01-10T14:31:00Z, req_uvw123, deepseek-chat, , Production - HIPAA, false, hard_block, "China-based provider blocked"
JSON Export TypeScript
C#
Java
PHP
cURL
CLI
const json = await client . governance . auditLogs . export ({ format : "json" , startDate : "2025-01-01" , endDate : "2025-01-31" , });
Log Retention Tier Retention Period Free 7 days Pro 30 days Enterprise 90 days (or custom)
Extended Retention: Export logs to your own systems for longer retention. We recommend integrating with your SIEM or GRC platform.
GRC Integrations Integrate audit logs with your existing compliance tools.
Webhook Events Configure webhooks to receive real-time governance events:
TypeScript
C#
Java
PHP
cURL
CLI
const webhook = await client . webhooks . create ({ url : "https://your-siem.example.com/webhooks/case" , events : [ "governance.request.blocked" , "governance.request.warned" ], secret : "whsec_xxx" , });
Webhook Payload governance.request.blocked Event
{ "id" : "evt_xxx" , "type" : "governance.request.blocked" , "timestamp" : "2025-01-10T14:31:00Z" , "data" : { "requestId" : "req_uvw123" , "model" : "deepseek-chat" , "provider" : "deepseek" , "policyId" : "gpol_xxx" , "policyName" : "Production - HIPAA" , "violations" : [ "China-based provider blocked" ], "ipAddress" : "203.0.113.42" } }
Common Integrations Platform Integration Method Drata Webhooks + API export Vanta Webhooks + API export OneTrust API export Splunk Webhooks (HTTP Event Collector) Datadog Webhooks + Log forwarding AWS CloudTrail API export to S3
Sample Queries Find All Blocked Requests This Month cURL
TypeScript
C#
Java
PHP
CLI
curl "https://api.case.dev/governance/audit-logs?allowed=false&startDate=$( date -v-1m +%Y-%m-01)" \ -H "Authorization: Bearer sk_case_xxx"
Provider Usage by Policy cURL
TypeScript
C#
Java
PHP
CLI
curl "https://api.case.dev/governance/reports?groupBy=provider&policyId=gpol_xxx" \ -H "Authorization: Bearer sk_case_xxx"
Daily Compliance Summary cURL
TypeScript
C#
Java
PHP
CLI
curl "https://api.case.dev/governance/reports?period=2025-01-10&granularity=daily" \ -H "Authorization: Bearer sk_case_xxx"
Next Steps
Provider Registry View provider compliance data.
Policy Configuration Create and manage policies.
