Audit Logs¶
Every LLM call SQLatte makes — intent detection, SQL generation, chat, insights — is recorded, independent of whether usage analytics is enabled. This is the observability trail for cost tracking, compliance, and answering "what did this AI agent actually query."
What's Logged¶
- Intent type (
intent_detection/sql_generation/chat/insights) - Input/output token counts
- The generated SQL and its risk score (0–100, informational — never blocks execution)
- Source:
ui(default chat),widget(embedded), ormcp— so you can see exactly how much traffic is coming from AI agents versus human users - Session and user identifiers, timestamp
Endpoints¶
| Endpoint | Method | Purpose |
|---|---|---|
/api/audit/logs |
GET | Paginated log entries — filter by session, intent type, date range, or user |
/api/audit/summary |
GET | Aggregated token usage and call counts |
/api/audit/daily-trend |
GET | Call volume over time |
/api/audit/top-users |
GET | Highest token/call volume by user |
/api/audit/export/csv |
GET | Download filtered logs for billing or compliance review |
All audit routes require admin authentication.
Admin Panel¶
/admin → Audit Logs, filterable by widget source — useful for answering "how much is the MCP integration costing us" separately from interactive chat usage, since both hit the same LLM billing but originate from very different traffic patterns.
Risk Score Reference¶
Risk scoring never blocks a query — is_select_only() does that, unconditionally, before the score is even computed. The score is purely a signal logged alongside every call for monitoring:
| Range | Meaning |
|---|---|
| 0–9 | Clean SELECT |
| 10–24 | Minor exposure signals (SELECT *, no LIMIT) |
| 25–44 | Multiple exposure signals (set operations, deep subqueries, cross joins) |
| 45–79 | Dangerous function detected — already blocked |
| 80–100 | Multiple dangerous factors — already blocked |
See Security Overview for how the score is computed and why blocking and scoring are deliberately separate concerns.