Documentation Index
Fetch the complete documentation index at: https://docs.llmgrid.ai/llms.txt
Use this file to discover all available pages before exploring further.
Overview
LLMGrid is designed with security and compliance as first‑class concerns. The platform provides a layered security model that combines access control, data protection, policy enforcement, and auditability to support enterprise and regulated environments. Security and compliance controls are centrally managed through the UI and enforced consistently across models, agents, tools, and workflows.Identity & Access Control
Virtual Keys (API Keys)
LLMGrid uses Virtual Keys to authenticate and authorize API access. Key capabilities:- Secure API authentication using bearer tokens
- Fine‑grained scoping by models, routes, teams, and quotas
- Key rotation and revocation without application downtime
Internal Users & Roles
The Internal Users section allows administrators to manage console access. Features include:- Role‑based access control (admin, operator, viewer)
- Scoped permissions across teams and organizations
- Separation between internal users and end‑user identities
Network & Transport Security
- All traffic is secured using HTTPS
- API keys are never exposed in plaintext after creation
- Sensitive connection details (keys, secrets) are masked and securely stored
Data Protection & Privacy
Guardrails
Guardrails enforce safety, privacy, and compliance policies across requests. Supported capabilities:- Input and output inspection
- Policy‑based blocking or enforcement
- PII detection and redaction
- Tool and MCP safety validation
- Before model calls
- After responses
- During execution
- Tool invocation (
pre_mcp_call) - Logging‑only auditing mode
Prompt & Output Controls
- Prompts can be standardized and versioned
- Guardrails ensure outputs comply with organizational policies
- Unsafe or disallowed content can be blocked or logged automatically
Usage Controls & Abuse Prevention
Rate Limits
LLMGrid enforces request and token limits through:- Virtual Keys
- Teams and organizations
- Budgets and routing controls
Budgets & Spend Controls
Budgets allow administrators to:- Set maximum usage thresholds
- Apply limits per user, key, or tag
- Prevent unbounded usage
Observability & Auditability
Logs
LLMGrid provides detailed logs for:- Request and response metadata
- Model usage and routing decisions
- Guardrail enforcement events
- Tool and vector store usage
Usage & Cost Tracking
Usage metrics include:- Request counts
- Token consumption
- Cost attribution
- Key
- Team
- Organization
- Tag
- Model
Compliance‑Oriented Features
LLMGrid is designed to support common compliance requirements through configuration rather than custom code.Key Compliance Capabilities
- Centralized policy enforcement via Guardrails
- Least‑privilege access through scoped keys and roles
- Full audit trails through logs and usage data
- Controlled data access using vector stores and tools
- No hard dependency on a single provider
Secure Tool & Integration Management
MCP Servers & Search Tools
- Tools are registered and authenticated centrally
- Access can be restricted by key, team, or guardrail
- Tool calls are logged and auditable
- Pre‑execution guardrails prevent unsafe tool usage
Vector Stores
- Vector stores are referenced by ID only
- Credentials are managed securely
- Access is controlled through workflows and agents
- Testing tools validate connectivity without exposing data
Operational Security Best Practices
- Rotate API keys regularly
- Minimize always‑on guardrails to well‑tested policies
- Use scoped guardrails and budgets for experimentation
- Limit tool and vector store access to trusted workflows
- Review logs and usage metrics regularly
- Separate non‑production and production environments
Shared Responsibility Model
LLMGrid provides the tooling required to build secure systems, while customers remain responsible for:- Application‑level data handling
- Regulatory assessments
- Prompt design and usage patterns
Related Sections
- Guardrails – Enforce safety and compliance policies
- Virtual Keys – Control access and authentication
- Internal Users – Manage admin and operator access
- Budgets – Enforce usage limits
- Usage & Logs – Audit activity and behavior
- Router Settings – Apply controlled routing and fallback