Spendra models AI spend as governed provider traffic tied to explicit organizational scopes.Documentation Index
Fetch the complete documentation index at: https://docs.cynsta.com/llms.txt
Use this file to discover all available pages before exploring further.
Organization hierarchy
Spendra supports these governance scopes:- Organization.
- Branch.
- Team.
- Project.
- Employee.
- Agent.
- Subagent.
Scoped keys
Scoped keys bind gateway traffic to an actor and permission set. A key can include:- Allowed providers.
- Allowed models or tools.
- Optional project binding.
- Optional max per-request reservation.
- Optional policy or budget binding.
- Environment label such as production, staging, or development.
- Expiration and revocation state.
Roles and capabilities
Dashboard access is role-based. The API returns the active user’s capabilities with management responses, and the dashboard hides navigation and actions the user cannot perform. Built-in roles:| Role | Primary responsibilities |
|---|---|
org_admin | Full organization administration, governance, platform setup, finance operations, audit, and system jobs. |
iam_admin | Organization profile, domain verification, member administration, and non-elevated role assignment. |
platform_admin | Provider accounts, provider and tool allowlists, notification channels, platform setup, and operational jobs. |
finance_manager | Policies, budgets, finance views, ledger, exports, and notification subscription rules. |
manager | Scoped hierarchy, policy, key, and ledger management for assigned areas. |
employee | Self-service scoped key and ledger access for the employee’s own work. |
auditor | Read-only governance, ledger, export, and audit access. |
- Each membership has one active role assignment.
- Only organization admins can grant, revoke, or modify elevated roles:
org_admin,iam_admin,platform_admin, andfinance_manager. - IAM admins can assign only non-elevated roles:
manager,employee, andauditor. - Members without an explicit assignment default to
employee.
Policies and budgets
Policies can be scoped to organization, branch, team, project, employee, agent, or subagent. Supported policy behavior includes:- Hard caps that block spend before provider traffic.
- Soft caps and alerts.
- Review-required states.
- Hourly, daily, weekly, monthly, yearly, and lifetime periods.
- Effective dates and version history.
Reservations
Budget reservations prevent concurrent requests from overspending a cap. Before a provider call, Spendra estimates request cost and atomically reserves budget against each applicable hard-cap policy. After the provider call, Spendra settles the reservation against final or estimated usage. Settlement is idempotent and must not duplicate spend or ledger records.Allowlists
Provider, model, vendor, and tool access is controlled by allowlists and key scopes. Use allowlists to define what can be called. Use policies and budgets to define how much can be spent. Use audit and ledger views to prove what happened.Ledger and audit
The ledger is the finance-facing system of record for booked governed spend. It is designed for reporting, reconciliation, and exports. The audit log records changes to keys, budgets, policies, roles, organization settings, provider accounts, and governance state. Audit entries should be organization-scoped and permission-checked before display.Coverage limits
V1 coverage isgateway_governed. Spendra can enforce spend only when traffic passes through the Spendra gateway. Provider traffic sent directly to upstream vendors is outside enforcement unless it is imported or reconciled by a future connector.