Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.getovra.com/llms.txt

Use this file to discover all available pages before exploring further.

Intelligence is the observability pillar. Real-time visibility over every agent and every transaction, with append-only audit storage and optional AI insight on every signal.

What you get

Spend analytics

Daily, weekly, monthly rollups by agent, card, merchant. Recharts-powered dashboard plus a CSV export.

Anomaly engine

Statistical drift detection on spend patterns. Background loop runs at API startup; surfaces unusual deltas before they compound.

Forecaster

Naive linear projection per agent and card. Useful for budgeting, not pricing.

In-house narrative

Every anomaly and forecast is paired with a template-driven explanation generated in-process. No external LLM, no API key, deterministic.

Audit log — append-only at the DB layer

Every state change writes to audit_events. The table has PG RULES rewriting UPDATE and DELETE to NOTHING — there is no path, application or DBA, to mutate history. A runtime sanitizer scrubs values that match Luhn (PAN), Bearer/API-key patterns, or other key heuristics before persisting. Logs of card data are physically impossible to write.

Query the audit log

curl "https://api.getovra.com/audit?actorType=agent&action=card.issue&from=2026-01-01" \
  -H "Authorization: Bearer $OVRA_API_KEY"
Filter by actorType, resourceType, action (a.b or a.*), range, correlationId, free-text q. Cursor-paginated.

Export to CSV

curl "https://api.getovra.com/audit/export?from=2026-01-01" \
  -H "Authorization: Bearer $OVRA_API_KEY" \
  -o audit.csv
Streaming, 500-row batches, hard cap 50,000 rows per request.

Decision logs

Every policy and risk evaluation writes a row to decision_logs with the full input snapshot, signal scores, reason, and action. Inspect via /audit or /risk/violations. This is what auditors care about — not “what did the agent do” but “what did the system decide and why”.

Access events

Sensitive operations (card PAN reveal, GDPR delete, secret reveal) write to access_events separately. This is the surface your security team subscribes to.

Correlation across systems

Every response carries:
  • X-Request-Id — UUIDv7, also stamped on intents, transactions, transfers, ledger entries
  • X-Ovra-Run — workflow correlation across multiple agent calls
Use these to trace a customer-support ticket from the user message all the way down to the ledger entry that moved the money.

PDF reports

pdfkit-generated monthly statements with charts. Useful for finance close. Available on Business and Enterprise tiers.

Dashboard surfaces

PageWhat it shows
/dashboard/overview30-day spend, active agents, recent activity
/dashboard/analyticsDaily trend, cost-per-agent, top merchants
/dashboard/activityConsolidated spend + audit + risk + disputes with filters
/dashboard/auditProduction-grade audit log with row drawer + CSV export
/dashboard/riskDecision logs filtered to denied + review
/dashboard/access-eventsSensitive-data access trail

Plan-tier matrix

CapabilityFreeStarterBusinessEnterprise
TX history retention30 days90 days365 days5 years
Audit log
Spend intelligencebasicbasicspend-intelligencecustom
Disputes managementviewfullfull + auto
See Pricing for the full matrix.

Next

Compliance

GDPR posture, data residency, what we delete vs anonymize.

Webhooks

Push the same signals into your own observability stack.

Control

The engines that produce the decisions Intelligence records.

Disputes

Where audit history meets chargeback evidence.