Govern LLM access the way you govern everything else.
LLMs are now load-bearing in sales, engineering, support, and research. Your company needs the same controls you have for AWS or GitHub: per-team budgets, audit logs, SSO, role-based access, and a single pane showing what's being spent where. modelux is that plane.
LLM usage has the shadow-IT problem, but worse.
Employees signing up for their own OpenAI plans
You can't stop it and you can't see it. There are probably twenty orphan API keys on your company's card that you don't know about.
Finance can't reconcile the LLM spend
One line item on the Anthropic invoice. No breakdown by team, department, or project. Chargeback is impossible.
No policy surface
Legal wants to block Claude for customer-support use. Security wants to block data-heavy prompts from Sales. You have no enforcement point.
Audit is a spreadsheet
Who approved GPT-4 for the research team? When did the budget change? Nobody knows. You search Slack.
Policy as code, enforced at the proxy.
The custom-rule DSL lets you route based on tags attached at the API boundary: tenant plan, team, sensitivity class, budget headroom. Write the policy once, enforce it for every request in the company.
- ▸ Branch on tenant, team, sensitivity, budget
- ▸ Block models per-team (e.g. no GPT for customer data)
- ▸ Auto-downgrade near budget caps
- ▸ Test policy changes against historical traffic
{
"strategy": "custom_rules",
"rules": [
{ "if": "tags.team == 'support'",
"then": "@support-allowed"
},
{ "if": "tags.sensitivity == 'pii'",
"then": "@pii-safe-providers"
},
{ "if": "budget.used_pct >= 0.9",
"then": "@cheap"
},
{ "else": "@production" }
]
} Controls built for how companies actually work.
Single plane for all company LLM traffic
Every app, every team, every coding-agent seat routes through modelux. One set of credentials, one audit log, one policy surface. Finance gets the breakdown they need.
Per-team projects with independent budgets
Model each team as a project. Assign budgets with auto-downgrade at the cap. Allocate spend back to business units with per-tag rollups.
RBAC with SSO / SAML
Owner / admin / member / viewer roles per organization. SSO via SAML (Enterprise). Audit every config change and API-key action.
Tenant-aware routing
Custom rules dispatch enterprise customers to @premium, internal tooling to @cheap, and research to @frontier — all based on tags attached at the API boundary.
Validate policy changes offline
Before rolling a new policy to every team, replay it against the last 7 days of real traffic in routing-only mode (free, no provider calls). See the cost, latency, and route-distribution diff per team — so "we updated the policy" comes with numbers instead of a shrug.
Enterprise controls that match your compliance bar.
SSO / SAML / SCIM
Provision users from Okta, Azure AD, Google Workspace. Deprovisioning revokes API keys automatically.
Audit log
Every management-API mutation, key creation, role change, and config update is recorded with actor, timestamp, and diff.
Access review
One-click point-in-time export of every user, management key, API key, and Person for SOC 2 recertification evidence.
Unlimited retention
Every request, every decision, kept for the life of your account. Payload retention can be disabled per-project for privacy-sensitive workloads.
Warehouse export
Scheduled Parquet exports of logs and audit events to your own S3/BigQuery/Snowflake.
Dedicated deployment
Single-tenant or VPC-peered proxy instances. DPA and BAA available on request.
Per-team budgets, hard caps.
Daily, weekly, or monthly caps per project, key, or end-user — enforced atomically in under 5ms before the call leaves the proxy.
Replay before you roll.
Test a policy change against real traffic across every team project before the rollout — surface cross-team impact before users do.
25k+ req/s per pod.
Stateless proxy fleet, in-memory hot path, async logging. Capacity is a Helm value, not a project.
99.95% uptime target.
Audit trails, decision traces, and a contractual SLA on the Enterprise tier — multi-provider failover absorbs upstream incidents.
Bring your LLM footprint into policy.
Platform engineering, finance, security, and engineering leadership get the visibility and controls they need — without getting in the way of the teams using the tools.