Identity & Security
Append-only audit
A record that can be added to but never edited or deleted, so the history of what happened is tamper-evident. It's the difference between a log an insider can quietly rewrite and one an auditor will accept as evidence.
Example
Every budget allocation and policy decision is written to an append-only audit. Six months later, an auditor asks what happened during an incident — and the record is provably unaltered, because no one, including an admin, had the ability to change it after the fact.
This is a Tokenality concept. See how it works in the product overview or the live playground.
Related terms
Audit trail
The connected, time-ordered record of who did what, when, and under what authorization — the evidence you produce when someone asks "what happened?" For AI spend, a good audit trail records intent (the budget authorized) alongside execution (what actually ran).
PII pre-flight
A check that scans a prompt for personal or sensitive data before it reaches the model provider, and blocks or redacts it if found. "Fail-closed" means a fault stops the call rather than letting it through — the safe default when a check can't complete.
Spend control plane
The layer that governs AI spend across an organization: it issues virtual keys, enforces budgets before calls, attributes every dollar, and produces the audit record. "Observability" tells you what you spent; a control plane decides whether you spend it — the enforcement happens before the call, not after. (This is Tokenality's category.)